--- /dev/null
+#!/bin/bash
+
+set -ex
+
+PACKAGES=(
+ git make autoconf automake autopoint pkg-config libtool libtool-bin
+ gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
+ libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
+ sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
+ asciidoctor
+)
+
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION:?}"
+RELEASE="$(lsb_release -cs)"
+
+bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list"
+
+# Latest gcc stack deb packages provided by
+# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
+add-apt-repository -y ppa:ubuntu-toolchain-r/test
+PACKAGES+=(gcc-$COMPILER_VERSION)
+
+# scsi_debug, gost crypto
+PACKAGES+=(dkms linux-headers-$(uname -r) linux-modules-extra-$(uname -r) gost-crypto-dkms)
+
+apt-get -y update --fix-missing
+apt-get -y install "${PACKAGES[@]}"
+apt-get -y build-dep cryptsetup
--- /dev/null
+#!/bin/bash
+
+PHASES=(${@:-CONFIGURE MAKE CHECK})
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION}"
+CFLAGS=(-O1 -g)
+CXXFLAGS=(-O1 -g)
+
+CC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}"
+CXX="g++${COMPILER_VERSION:+-$COMPILER_VERSION}"
+
+set -ex
+
+for phase in "${PHASES[@]}"; do
+ case $phase in
+ CONFIGURE)
+ opts=(
+ --enable-libargon2
+ )
+
+ sudo -E git clean -xdf
+
+ ./autogen.sh
+ CC="$CC" CXX="$CXX" CFLAGS="${CFLAGS[@]}" CXXFLAGS="${CXXFLAGS[@]}" ./configure "${opts[@]}"
+ ;;
+ MAKE)
+ make -j
+ make -j -C tests check-programs
+ ;;
+ CHECK)
+ make check
+ ;;
+
+ *)
+ echo >&2 "Unknown phase '$phase'"
+ exit 1
+ esac
+done
--- /dev/null
+name: Build test
+on:
+ push:
+ branches:
+ - 'main'
+ - 'wip-luks2'
+ - 'v2.3.x'
+ - 'v2.4.x'
+ paths-ignore:
+ - 'docs/**'
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ if: github.repository == 'mbroz/cryptsetup'
+ strategy:
+ fail-fast: false
+ matrix:
+ env:
+ - { COMPILER: "gcc", COMPILER_VERSION: "11", RUN_SSH_PLUGIN_TEST: "1" }
+ env: ${{ matrix.env }}
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v1
+ - name: Ubuntu setup
+ run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
+ - name: Configure & Make
+ run: .github/workflows/cibuild.sh CONFIGURE MAKE
+ - name: Check
+ run: sudo -E .github/workflows/cibuild.sh CHECK
--- /dev/null
+name: Coverity test
+on:
+ push:
+ branches:
+ - 'coverity_scan'
+ paths-ignore:
+ - 'docs/**'
+
+jobs:
+ latest:
+ runs-on: ubuntu-latest
+ if: github.repository == 'mbroz/cryptsetup'
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v1
+ - name: Ubuntu setup
+ run: sudo -E .github/workflows/cibuild-setup-ubuntu.sh
+ env:
+ COMPILER: "gcc"
+ COMPILER_VERSION: "11"
+ - name: Install Coverity
+ run: |
+ wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=mbroz/cryptsetup" -O cov-analysis-linux64.tar.gz
+ mkdir cov-analysis-linux64
+ tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+ env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ - name: Run autoconf & configure
+ run: |
+ ./autogen.sh
+ ./configure
+ - name: Run cov-build
+ run: |
+ export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+ cov-build --dir cov-int make
+ - name: Submit to Coverity Scan
+ run: |
+ tar czvf cryptsetup.tgz cov-int
+ curl \
+ --form project=mbroz/cryptsetup \
+ --form token=$TOKEN \
+ --form email=gmazyland@gmail.com \
+ --form file=@cryptsetup.tgz \
+ --form version=trunk \
+ --form description="`./cryptsetup --version`" \
+ https://scan.coverity.com/builds?project=mbroz/cryptsetup
+ env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
--- /dev/null
+po/*gmo
+*~
+Makefile
+Makefile.in
+Makefile.in.in
+*.lo
+*.la
+*.o
+*.so
+*.8
+**/*.dirstamp
+.deps/
+.libs/
+src/cryptsetup
+src/veritysetup
+ABOUT-NLS
+aclocal.m4
+autom4te.cache/
+compile
+config.guess
+config.h
+config.h.in
+config.log
+config.rpath
+config.status
+config.sub
+configure
+cryptsetup
+cryptsetup-reencrypt
+cryptsetup-ssh
+depcomp
+install-sh
+integritysetup
+lib/libcryptsetup.pc
+libtool
+ltmain.sh
+m4/
+missing
+po/Makevars.template
+po/POTFILES
+po/Rules-quot
+po/*.header
+po/*.sed
+po/*.sin
+po/stamp-po
+scripts/cryptsetup.conf
+stamp-h1
+veritysetup
+tests/valglog.*
+*/*.dirstamp
+*-debug-luks2-backup*
+tests/api-test
+tests/api-test-2
+tests/differ
+tests/luks1-images
+tests/tcrypt-images
+tests/unit-utils-io
+tests/vectors-test
+tests/test-symbols-list.h
+tests/all-symbols-test
+tests/fuzz/LUKS2.pb*
--- /dev/null
+stages:
+ - test
+
+.dump_kernel_log:
+ after_script:
+ - sudo dmesg > /mnt/artifacts/dmesg.log
+ - sudo journalctl > /mnt/artifacts/journalctl.log
+ - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
+
+include:
+ - local: .gitlab/ci/debian.yml
+ - local: .gitlab/ci/fedora.yml
+ - local: .gitlab/ci/rhel.yml
+ - local: .gitlab/ci/centos.yml
+ - local: .gitlab/ci/annocheck.yml
+ - local: .gitlab/ci/csmock.yml
+ - local: .gitlab/ci/gitlab-shared-docker.yml
+ - local: .gitlab/ci/compilation-various-disables.yml
+ - local: .gitlab/ci/compilation-gcc.gitlab-ci.yml
+ - local: .gitlab/ci/compilation-clang.gitlab-ci.yml
+ - local: .gitlab/ci/alpinelinux.yml
+ - local: .gitlab/ci/ubuntu-32bit.yml
+ - local: .gitlab/ci/cifuzz.yml
--- /dev/null
+.alpinelinux-dependencies:
+ after_script:
+ - sudo dmesg > /mnt/artifacts/dmesg.log
+ - sudo cp /var/log/messages /mnt/artifacts/
+ - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
+ before_script:
+ - >
+ sudo apk add
+ lvm2-dev openssl1.1-compat-dev popt-dev util-linux-dev json-c-dev
+ argon2-dev device-mapper which sharutils gettext gettext-dev automake
+ autoconf libtool build-base keyutils tar jq expect git asciidoctor
+ - ./autogen.sh
+ - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc
+
+test-main-commit-job-alpinelinux:
+ extends:
+ - .alpinelinux-dependencies
+ tags:
+ - libvirt
+ - alpinelinux
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "0"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-job-alpinelinux:
+ extends:
+ - .alpinelinux-dependencies
+ tags:
+ - libvirt
+ - alpinelinux
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "0"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+test-main-commit-job-annocheck:
+ extends:
+ - .dump_kernel_log
+ tags:
+ - libvirt
+ - rhel9-annocheck
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - /opt/build-rpm-script.sh > /dev/null 2>&1
+ - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9
+ - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8
--- /dev/null
+.centos-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ sudo dnf -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
+ libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
+ pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
+ expect gettext git jq keyutils openssl-devel openssl gem
+ - sudo gem install asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
+
+# non-FIPS jobs
+
+test-main-commit-centos-stream9:
+ extends:
+ - .centos-openssl-backend
+ tags:
+ - libvirt
+ - centos-stream9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-centos-stream9:
+ extends:
+ - .centos-openssl-backend
+ tags:
+ - libvirt
+ - centos-stream9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+#!/bin/bash
+
+set -ex
+
+PACKAGES=(
+ git make autoconf automake autopoint pkg-config libtool libtool-bin
+ gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
+ libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
+ sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
+ asciidoctor
+)
+
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION:?}"
+
+grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~
+sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~
+cat /etc/apt/sources.list~ >> /etc/apt/sources.list
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release
+RELEASE="$(lsb_release -cs)"
+
+if [[ $COMPILER == "gcc" ]]; then
+ # Latest gcc stack deb packages provided by
+ # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
+ add-apt-repository -y ppa:ubuntu-toolchain-r/test
+ PACKAGES+=(gcc-$COMPILER_VERSION)
+elif [[ $COMPILER == "clang" ]]; then
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+ add-apt-repository "deb http://apt.llvm.org/${RELEASE}/ llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main"
+
+ # scan-build
+ PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
+ PACKAGES+=(perl)
+else
+ exit 1
+fi
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}"
+apt-get -y build-dep cryptsetup
+
+echo "====================== VERSIONS ==================="
+if [[ $COMPILER == "clang" ]]; then
+ echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}"
+fi
+
+${COMPILER}-$COMPILER_VERSION -v
+echo "====================== END VERSIONS ==================="
--- /dev/null
+cifuzz:
+ variables:
+ OSS_FUZZ_PROJECT_NAME: cryptsetup
+ CFL_PLATFORM: gitlab
+ CIFUZZ_DEBUG: "True"
+ FUZZ_SECONDS: 300 # 5 minutes per fuzzer
+ ARCHITECTURE: "x86_64"
+ DRY_RUN: "False"
+ LOW_DISK_SPACE: "True"
+ BAD_BUILD_CHECK: "True"
+ LANGUAGE: "c"
+ DOCKER_HOST: "tcp://docker:2375"
+ DOCKER_IN_DOCKER: "true"
+ DOCKER_DRIVER: overlay2
+ DOCKER_TLS_CERTDIR: ""
+ image:
+ name: gcr.io/oss-fuzz-base/cifuzz-base
+ entrypoint: [""]
+ services:
+ - docker:dind
+
+ stage: test
+ parallel:
+ matrix:
+ - SANITIZER: [address, undefined, memory]
+ rules:
+ # Default code change.
+ # - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ # variables:
+ # MODE: "code-change"
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $BUILD_AND_RUN_FUZZERS != null
+ before_script:
+ # Get gitlab's container id.
+ - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
+ script:
+ # Will build and run the fuzzers.
+ # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
+ # in GitLab CI environment
+ - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+ artifacts:
+ # Upload artifacts when a crash makes the job fail.
+ when: always
+ paths:
+ - artifacts/
--- /dev/null
+#!/bin/bash
+# clang -Wall plus other important warnings not included in -Wall
+
+for arg in "$@"
+do
+ case $arg in
+ -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O'
+ esac
+done
+
+CLANG="clang${COMPILER_VERSION:+-$COMPILER_VERSION}"
+
+#PEDANTIC="-std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
+#CONVERSION="-Wconversion"
+
+EXTRA="\
+ -Wextra \
+ -Wsign-compare \
+ -Wcast-align
+ -Werror-implicit-function-declaration \
+ -Wpointer-arith \
+ -Wwrite-strings \
+ -Wswitch \
+ -Wmissing-format-attribute \
+ -Winit-self \
+ -Wdeclaration-after-statement \
+ -Wold-style-definition \
+ -Wno-missing-field-initializers \
+ -Wno-unused-parameter \
+ -Wno-long-long"
+
+exec $CLANG $PEDANTIC $CONVERSION \
+ -Wall $Wuninitialized \
+ -Wno-switch \
+ -Wdisabled-optimization \
+ -Wwrite-strings \
+ -Wpointer-arith \
+ -Wbad-function-cast \
+ -Wmissing-prototypes \
+ -Wmissing-declarations \
+ -Wstrict-prototypes \
+ -Wnested-externs \
+ -Wcomment \
+ -Winline \
+ -Wcast-qual \
+ -Wredundant-decls $EXTRA \
+ "$@"
--- /dev/null
+test-clang-compilation:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure
+ - make -j
+ - make -j check-programs
+
+test-clang-Wall-script:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - export CFLAGS="-g -O0"
+ - export CC="$CI_PROJECT_DIR/.gitlab/ci/clang-Wall"
+ - ./configure
+ - make -j CFLAGS="-g -O0 -Werror"
+ - make -j CFLAGS="-g -O0 -Werror" check-programs
+
+test-scan-build:
+ extends:
+ - .gitlab-shared-clang
+ script:
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} -V ./configure CFLAGS="-g -O0"
+ - make clean
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j
+ - scan-build${COMPILER_VERSION:+-$COMPILER_VERSION} --status-bugs -maxloop 10 make -j check-programs
--- /dev/null
+test-gcc-compilation:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure
+ - make -j
+ - make -j check-programs
+
+test-gcc-Wall-script:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-g -O0"
+ - export CC="$CI_PROJECT_DIR/.gitlab/ci/gcc-Wall"
+ - ./configure
+ - make -j CFLAGS="-g -O0 -Werror"
+ - make -j CFLAGS="-g -O0 -Werror" check-programs
+
+test-gcc-fanalyzer:
+ extends:
+ - .gitlab-shared-gcc
+ script:
+ - export CFLAGS="-Wall -Werror -g -O0 -fanalyzer -fdiagnostics-path-format=separate-events"
+ - ./configure
+ - make -j
+ - make -j check-programs
--- /dev/null
+test-gcc-disable-compiles:
+ extends:
+ - .gitlab-shared-gcc
+ parallel:
+ matrix:
+ - DISABLE_FLAGS: [
+ "--disable-keyring",
+ "--disable-external-tokens --disable-ssh-token",
+ "--disable-luks2-reencryption",
+ "--disable-cryptsetup --disable-veritysetup --disable-integritysetup",
+ "--disable-kernel_crypto",
+ "--disable-selinux",
+ "--disable-udev",
+ "--disable-internal-argon2",
+ "--disable-blkid"
+ ]
+ script:
+ - export CFLAGS="-Wall -Werror"
+ - ./configure $DISABLE_FLAGS
+ - make -j
+ - make -j check-programs
--- /dev/null
+test-commit-job-csmock:
+ extends:
+ - .dump_kernel_log
+ tags:
+ - libvirt
+ - rhel7-csmock
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/ || $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - /opt/csmock-run-script.sh
--- /dev/null
+.debian-prep:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
+ sudo apt-get -y install -y -qq swtpm meson ninja-build python3-jinja2
+ gperf libcap-dev tpm2-tss-engine-dev libmount-dev swtpm-tools
+ - >
+ sudo apt-get -y install -y -qq git gcc make autoconf automake autopoint
+ pkgconf libtool libtool-bin gettext libssl-dev libdevmapper-dev
+ libpopt-dev uuid-dev libsepol-dev libjson-c-dev libssh-dev libblkid-dev
+ tar libargon2-0-dev libpwquality-dev sharutils dmsetup jq xxd expect
+ keyutils netcat passwd openssh-client sshpass asciidoctor
+ - sudo apt-get -y build-dep cryptsetup
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-libargon2 --enable-asciidoc
+
+test-mergerq-job-debian:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - debian11
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-job-debian:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - debian11
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+.dnf-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ [ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] ||
+ sudo dnf -y -q install
+ swtpm meson ninja-build python3-jinja2 gperf libcap-devel tpm2-tss-devel
+ libmount-devel swtpm-tools
+ - >
+ sudo dnf -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libargon2-devel libblkid-devel libpwquality-devel libselinux-devel
+ libssh-devel libtool libuuid-devel make popt-devel
+ libsepol-devel.x86_64 netcat openssh-clients passwd pkgconfig sharutils
+ sshpass tar uuid-devel vim-common device-mapper expect gettext git jq
+ keyutils openssl-devel openssl asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --enable-libargon2 --with-crypto_backend=openssl --enable-asciidoc
+
+test-main-commit-job-rawhide:
+ extends:
+ - .dnf-openssl-backend
+ tags:
+ - libvirt
+ - fedora-rawhide
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-mergerq-job-rawhide:
+ extends:
+ - .dnf-openssl-backend
+ tags:
+ - libvirt
+ - fedora-rawhide
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+#!/bin/bash
+# gcc -Wall plus other important warnings not included in -Wall
+
+for arg in "$@"
+do
+ case $arg in
+ -O*) Wuninitialized=-Wuninitialized;; # only makes sense with `-O'
+ esac
+done
+
+GCC="gcc${COMPILER_VERSION:+-$COMPILER_VERSION}"
+
+#PEDANTIC="-std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99"
+#PEDANTIC="-pedantic -std=gnu99 -Wno-variadic-macros"
+#CONVERSION="-Wconversion"
+# -Wpacked \
+
+# This does more than expected for gcc (mixed code with declarations)
+# -Wdeclaration-after-statement \
+
+EXTRA="-Wextra \
+ -Wsign-compare \
+ -Werror-implicit-function-declaration \
+ -Wpointer-arith \
+ -Wwrite-strings \
+ -Wswitch \
+ -Wmissing-format-attribute \
+ -Wstrict-aliasing=3 \
+ -Winit-self \
+ -Wunsafe-loop-optimizations \
+ -Wold-style-definition \
+ -Wno-missing-field-initializers \
+ -Wno-unused-parameter \
+ -Wno-long-long \
+ -Wmaybe-uninitialized \
+ -Wvla \
+ -Wformat-overflow \
+ -Wformat-truncation"
+
+exec $GCC $PEDANTIC $CONVERSION \
+ -Wall $Wuninitialized \
+ -Wno-switch \
+ -Wdisabled-optimization \
+ -Wwrite-strings \
+ -Wpointer-arith \
+ -Wbad-function-cast \
+ -Wmissing-prototypes \
+ -Wmissing-declarations \
+ -Wstrict-prototypes \
+ -Wnested-externs \
+ -Wcomment \
+ -Winline \
+ -Wcast-align=strict \
+ -Wcast-qual \
+ -Wredundant-decls $EXTRA \
+ "$@"
--- /dev/null
+.gitlab-shared-docker:
+ image: ubuntu:focal
+ tags:
+ - gitlab-org-docker
+ stage: test
+ interruptible: true
+ rules:
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ before_script:
+ - .gitlab/ci/cibuild-setup-ubuntu.sh
+ - export CC="${COMPILER}${COMPILER_VERSION:+-$COMPILER_VERSION}"
+ - export CXX="${COMPILER}++${COMPILER_VERSION:+-$COMPILER_VERSION}"
+ - ./autogen.sh
+
+.gitlab-shared-gcc:
+ extends:
+ - .gitlab-shared-docker
+ variables:
+ COMPILER: "gcc"
+ COMPILER_VERSION: "11"
+ RUN_SSH_PLUGIN_TEST: "1"
+
+.gitlab-shared-clang:
+ extends:
+ - .gitlab-shared-docker
+ variables:
+ COMPILER: "clang"
+ COMPILER_VERSION: "13"
+ RUN_SSH_PLUGIN_TEST: "1"
--- /dev/null
+.rhel-openssl-backend:
+ extends:
+ - .dump_kernel_log
+ before_script:
+ - >
+ sudo yum -y -q install
+ autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+ libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
+ libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
+ pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
+ expect gettext git jq keyutils openssl-devel openssl gem > /dev/null 2>&1
+ - sudo gem install asciidoctor
+ - sudo -E git clean -xdf
+ - ./autogen.sh
+ - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
+
+# non-FIPS jobs
+
+test-main-commit-rhel8:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel8
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-rhel9:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel9
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+# FIPS jobs
+
+test-main-commit-rhel8-fips:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel8-fips
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - fips-mode-setup --check || exit 1
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-rhel9-fips:
+ extends:
+ - .rhel-openssl-backend
+ tags:
+ - libvirt
+ - rhel9-fips
+ stage: test
+ interruptible: true
+ allow_failure: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - fips-mode-setup --check || exit 1
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+test-mergerq-job-ubuntu-32bit:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - ubuntu-bionic-32bit
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
+
+test-main-commit-job-ubuntu-32bit:
+ extends:
+ - .debian-prep
+ tags:
+ - libvirt
+ - ubuntu-bionic-32bit
+ stage: test
+ interruptible: true
+ variables:
+ RUN_SSH_PLUGIN_TEST: "1"
+ rules:
+ - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+ when: never
+ - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+ when: never
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+ script:
+ - make -j
+ - make -j -C tests check-programs
+ - sudo -E make check
--- /dev/null
+### Issue description
+<!-- Please, shortly describe the issue here. -->
+
+### Steps for reproducing the issue
+<!-- How it can be reproduced? Include all important steps. -->
+
+### Additional info
+<!-- Please mention what distribution you are using. -->
+
+### Debug log
+<!-- Paste a debug log of the failing command (add --debug option) between the markers below (to keep raw debug format).-->
+```
+Output with --debug option:
+
+```
--- /dev/null
+### Documentation issue
+<!-- Please, shortly describe the issue in documentation here. -->
+
+### Additional info
+<!-- Please mention what cryptsetup version you are using. -->
--- /dev/null
+### New feature description
+<!-- Please, shortly describe the requested feature here. -->
+
+### Additional info
+<!-- Please mention what distribution and cryptsetup version you are using. -->
--- /dev/null
+queries:
+ - exclude: cpp/fixme-comment
+ - exclude: cpp/empty-block
+# symver attribute detection cannot be used, disable it for lgtm
+extraction:
+ cpp:
+ configure:
+ command:
+ - "./autogen.sh"
+ - "./configure --enable-external-tokens --enable-ssh-token"
+ - "echo \"#undef HAVE_ATTRIBUTE_SYMVER\" >> config.h"
+++ /dev/null
-1 Notes on the Free Translation Project
-***************************************
-
-Free software is going international! The Free Translation Project is
-a way to get maintainers of free software, translators, and users all
-together, so that free software will gradually become able to speak many
-languages. A few packages already provide translations for their
-messages.
-
- If you found this `ABOUT-NLS' file inside a distribution, you may
-assume that the distributed package does use GNU `gettext' internally,
-itself available at your nearest GNU archive site. But you do _not_
-need to install GNU `gettext' prior to configuring, installing or using
-this package with messages translated.
-
- Installers will find here some useful hints. These notes also
-explain how users should proceed for getting the programs to use the
-available translations. They tell how people wanting to contribute and
-work on translations can contact the appropriate team.
-
-1.1 INSTALL Matters
-===================
-
-Some packages are "localizable" when properly installed; the programs
-they contain can be made to speak your own native language. Most such
-packages use GNU `gettext'. Other packages have their own ways to
-internationalization, predating GNU `gettext'.
-
- By default, this package will be installed to allow translation of
-messages. It will automatically detect whether the system already
-provides the GNU `gettext' functions. Installers may use special
-options at configuration time for changing the default behaviour. The
-command:
-
- ./configure --disable-nls
-
-will _totally_ disable translation of messages.
-
- When you already have GNU `gettext' installed on your system and run
-configure without an option for your new package, `configure' will
-probably detect the previously built and installed `libintl' library
-and will decide to use it. If not, you may have to to use the
-`--with-libintl-prefix' option to tell `configure' where to look for it.
-
- Internationalized packages usually have many `po/LL.po' files, where
-LL gives an ISO 639 two-letter code identifying the language. Unless
-translations have been forbidden at `configure' time by using the
-`--disable-nls' switch, all available translations are installed
-together with the package. However, the environment variable `LINGUAS'
-may be set, prior to configuration, to limit the installed set.
-`LINGUAS' should then contain a space separated list of two-letter
-codes, stating which languages are allowed.
-
-1.2 Using This Package
-======================
-
-As a user, if your language has been installed for this package, you
-only have to set the `LANG' environment variable to the appropriate
-`LL_CC' combination. If you happen to have the `LC_ALL' or some other
-`LC_xxx' environment variables set, you should unset them before
-setting `LANG', otherwise the setting of `LANG' will not have the
-desired effect. Here `LL' is an ISO 639 two-letter language code, and
-`CC' is an ISO 3166 two-letter country code. For example, let's
-suppose that you speak German and live in Germany. At the shell
-prompt, merely execute `setenv LANG de_DE' (in `csh'),
-`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash').
-This can be done from your `.login' or `.profile' file, once and for
-all.
-
- You might think that the country code specification is redundant.
-But in fact, some languages have dialects in different countries. For
-example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The
-country code serves to distinguish the dialects.
-
- The locale naming convention of `LL_CC', with `LL' denoting the
-language and `CC' denoting the country, is the one use on systems based
-on GNU libc. On other systems, some variations of this scheme are
-used, such as `LL' or `LL_CC.ENCODING'. You can get the list of
-locales supported by your system for your language by running the
-command `locale -a | grep '^LL''.
-
- Not all programs have translations for all languages. By default, an
-English message is shown in place of a nonexistent translation. If you
-understand other languages, you can set up a priority list of languages.
-This is done through a different environment variable, called
-`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG'
-for the purpose of message handling, but you still need to have `LANG'
-set to the primary language; this is required by other parts of the
-system libraries. For example, some Swedish users who would rather
-read translations in German than English for when Swedish is not
-available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'.
-
- Special advice for Norwegian users: The language code for Norwegian
-bokma*l changed from `no' to `nb' recently (in 2003). During the
-transition period, while some message catalogs for this language are
-installed under `nb' and some older ones under `no', it's recommended
-for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and
-older translations are used.
-
- In the `LANGUAGE' environment variable, but not in the `LANG'
-environment variable, `LL_CC' combinations can be abbreviated as `LL'
-to denote the language's main dialect. For example, `de' is equivalent
-to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT'
-(Portuguese as spoken in Portugal) in this context.
-
-1.3 Translating Teams
-=====================
-
-For the Free Translation Project to be a success, we need interested
-people who like their own language and write it well, and who are also
-able to synergize with other translators speaking the same language.
-Each translation team has its own mailing list. The up-to-date list of
-teams can be found at the Free Translation Project's homepage,
-`http://translationproject.org/', in the "Teams" area.
-
- If you'd like to volunteer to _work_ at translating messages, you
-should become a member of the translating team for your own language.
-The subscribing address is _not_ the same as the list itself, it has
-`-request' appended. For example, speakers of Swedish can send a
-message to `sv-request@li.org', having this message body:
-
- subscribe
-
- Keep in mind that team members are expected to participate
-_actively_ in translations, or at solving translational difficulties,
-rather than merely lurking around. If your team does not exist yet and
-you want to start one, or if you are unsure about what to do or how to
-get started, please write to `coordinator@translationproject.org' to
-reach the coordinator for all translator teams.
-
- The English team is special. It works at improving and uniformizing
-the terminology in use. Proven linguistic skills are praised more than
-programming skills, here.
-
-1.4 Available Packages
-======================
-
-Languages are not equally supported in all packages. The following
-matrix shows the current state of internationalization, as of June
-2010. The matrix shows, in regard of each package, for which languages
-PO files have been submitted to translation coordination, with a
-translation percentage of at least 50%.
-
- Ready PO files af am an ar as ast az be be@latin bg bn_IN bs ca
- +--------------------------------------------------+
- a2ps | [] [] |
- aegis | |
- ant-phone | |
- anubis | |
- aspell | [] [] |
- bash | |
- bfd | |
- bibshelf | [] |
- binutils | |
- bison | |
- bison-runtime | [] |
- bluez-pin | [] [] |
- bombono-dvd | |
- buzztard | |
- cflow | |
- clisp | |
- coreutils | [] [] |
- cpio | |
- cppi | |
- cpplib | [] |
- cryptsetup | |
- dfarc | |
- dialog | [] [] |
- dico | |
- diffutils | [] |
- dink | |
- doodle | |
- e2fsprogs | [] |
- enscript | [] |
- exif | |
- fetchmail | [] |
- findutils | [] |
- flex | [] |
- freedink | |
- gas | |
- gawk | [] [] |
- gcal | [] |
- gcc | |
- gettext-examples | [] [] [] [] |
- gettext-runtime | [] [] |
- gettext-tools | [] [] |
- gip | [] |
- gjay | |
- gliv | [] |
- glunarclock | [] [] |
- gnubiff | |
- gnucash | [] |
- gnuedu | |
- gnulib | |
- gnunet | |
- gnunet-gtk | |
- gnutls | |
- gold | |
- gpe-aerial | |
- gpe-beam | |
- gpe-bluetooth | |
- gpe-calendar | |
- gpe-clock | [] |
- gpe-conf | |
- gpe-contacts | |
- gpe-edit | |
- gpe-filemanager | |
- gpe-go | |
- gpe-login | |
- gpe-ownerinfo | [] |
- gpe-package | |
- gpe-sketchbook | |
- gpe-su | [] |
- gpe-taskmanager | [] |
- gpe-timesheet | [] |
- gpe-today | [] |
- gpe-todo | |
- gphoto2 | |
- gprof | [] |
- gpsdrive | |
- gramadoir | |
- grep | |
- grub | [] [] |
- gsasl | |
- gss | |
- gst-plugins-bad | [] |
- gst-plugins-base | [] |
- gst-plugins-good | [] |
- gst-plugins-ugly | [] |
- gstreamer | [] [] [] |
- gtick | |
- gtkam | [] |
- gtkorphan | [] |
- gtkspell | [] [] [] |
- gutenprint | |
- hello | [] |
- help2man | |
- hylafax | |
- idutils | |
- indent | [] [] |
- iso_15924 | |
- iso_3166 | [] [] [] [] [] [] [] |
- iso_3166_2 | |
- iso_4217 | |
- iso_639 | [] [] [] [] |
- iso_639_3 | |
- jwhois | |
- kbd | |
- keytouch | [] |
- keytouch-editor | |
- keytouch-keyboa... | [] |
- klavaro | [] |
- latrine | |
- ld | [] |
- leafpad | [] [] |
- libc | [] [] |
- libexif | () |
- libextractor | |
- libgnutls | |
- libgpewidget | |
- libgpg-error | |
- libgphoto2 | |
- libgphoto2_port | |
- libgsasl | |
- libiconv | [] |
- libidn | |
- lifelines | |
- liferea | [] [] |
- lilypond | |
- linkdr | [] |
- lordsawar | |
- lprng | |
- lynx | [] |
- m4 | |
- mailfromd | |
- mailutils | |
- make | |
- man-db | |
- man-db-manpages | |
- minicom | |
- mkisofs | |
- myserver | |
- nano | [] [] |
- opcodes | |
- parted | |
- pies | |
- popt | |
- psmisc | |
- pspp | [] |
- pwdutils | |
- radius | [] |
- recode | [] [] |
- rosegarden | |
- rpm | |
- rush | |
- sarg | |
- screem | |
- scrollkeeper | [] [] [] |
- sed | [] [] |
- sharutils | [] [] |
- shishi | |
- skencil | |
- solfege | |
- solfege-manual | |
- soundtracker | |
- sp | |
- sysstat | |
- tar | [] |
- texinfo | |
- tin | |
- unicode-han-tra... | |
- unicode-transla... | |
- util-linux-ng | [] |
- vice | |
- vmm | |
- vorbis-tools | |
- wastesedge | |
- wdiff | |
- wget | [] [] |
- wyslij-po | |
- xchat | [] [] [] [] |
- xdg-user-dirs | [] [] [] [] [] [] [] [] [] |
- xkeyboard-config | [] [] |
- +--------------------------------------------------+
- af am an ar as ast az be be@latin bg bn_IN bs ca
- 6 0 1 2 3 19 1 10 3 28 3 1 38
-
- crh cs da de el en en_GB en_ZA eo es et eu fa
- +-------------------------------------------------+
- a2ps | [] [] [] [] [] [] [] |
- aegis | [] [] [] |
- ant-phone | [] () |
- anubis | [] [] |
- aspell | [] [] [] [] [] |
- bash | [] [] [] |
- bfd | [] |
- bibshelf | [] [] [] |
- binutils | [] |
- bison | [] [] |
- bison-runtime | [] [] [] [] |
- bluez-pin | [] [] [] [] [] [] |
- bombono-dvd | [] |
- buzztard | [] [] [] |
- cflow | [] [] |
- clisp | [] [] [] [] |
- coreutils | [] [] [] [] |
- cpio | |
- cppi | |
- cpplib | [] [] [] |
- cryptsetup | [] |
- dfarc | [] [] [] |
- dialog | [] [] [] [] [] |
- dico | |
- diffutils | [] [] [] [] [] [] |
- dink | [] [] [] |
- doodle | [] |
- e2fsprogs | [] [] [] |
- enscript | [] [] [] |
- exif | () [] [] |
- fetchmail | [] [] () [] [] [] |
- findutils | [] [] [] |
- flex | [] [] |
- freedink | [] [] [] |
- gas | [] |
- gawk | [] [] [] |
- gcal | [] |
- gcc | [] [] |
- gettext-examples | [] [] [] [] |
- gettext-runtime | [] [] [] [] |
- gettext-tools | [] [] [] |
- gip | [] [] [] [] |
- gjay | [] |
- gliv | [] [] [] |
- glunarclock | [] [] |
- gnubiff | () |
- gnucash | [] () () () () |
- gnuedu | [] [] |
- gnulib | [] [] |
- gnunet | |
- gnunet-gtk | [] |
- gnutls | [] [] |
- gold | [] |
- gpe-aerial | [] [] [] [] |
- gpe-beam | [] [] [] [] |
- gpe-bluetooth | [] [] |
- gpe-calendar | [] |
- gpe-clock | [] [] [] [] |
- gpe-conf | [] [] [] |
- gpe-contacts | [] [] [] |
- gpe-edit | [] [] |
- gpe-filemanager | [] [] [] |
- gpe-go | [] [] [] [] |
- gpe-login | [] [] |
- gpe-ownerinfo | [] [] [] [] |
- gpe-package | [] [] [] |
- gpe-sketchbook | [] [] [] [] |
- gpe-su | [] [] [] [] |
- gpe-taskmanager | [] [] [] [] |
- gpe-timesheet | [] [] [] [] |
- gpe-today | [] [] [] [] |
- gpe-todo | [] [] [] |
- gphoto2 | [] [] () [] [] [] |
- gprof | [] [] [] |
- gpsdrive | [] [] [] |
- gramadoir | [] [] [] |
- grep | [] |
- grub | [] [] |
- gsasl | [] |
- gss | |
- gst-plugins-bad | [] [] [] [] [] |
- gst-plugins-base | [] [] [] [] [] |
- gst-plugins-good | [] [] [] [] [] [] |
- gst-plugins-ugly | [] [] [] [] [] [] |
- gstreamer | [] [] [] [] [] |
- gtick | [] () [] |
- gtkam | [] [] () [] [] |
- gtkorphan | [] [] [] [] |
- gtkspell | [] [] [] [] [] [] [] |
- gutenprint | [] [] [] |
- hello | [] [] [] [] |
- help2man | [] |
- hylafax | [] [] |
- idutils | [] [] |
- indent | [] [] [] [] [] [] [] |
- iso_15924 | [] () [] [] |
- iso_3166 | [] [] [] [] () [] [] [] () |
- iso_3166_2 | () |
- iso_4217 | [] [] [] () [] [] |
- iso_639 | [] [] [] [] () [] [] |
- iso_639_3 | [] |
- jwhois | [] |
- kbd | [] [] [] [] [] |
- keytouch | [] [] |
- keytouch-editor | [] [] |
- keytouch-keyboa... | [] |
- klavaro | [] [] [] [] |
- latrine | [] () |
- ld | [] [] |
- leafpad | [] [] [] [] [] [] |
- libc | [] [] [] [] |
- libexif | [] [] () |
- libextractor | |
- libgnutls | [] |
- libgpewidget | [] [] |
- libgpg-error | [] [] |
- libgphoto2 | [] () |
- libgphoto2_port | [] () [] |
- libgsasl | |
- libiconv | [] [] [] [] [] |
- libidn | [] [] [] |
- lifelines | [] () |
- liferea | [] [] [] [] [] |
- lilypond | [] [] [] |
- linkdr | [] [] [] |
- lordsawar | [] |
- lprng | |
- lynx | [] [] [] [] |
- m4 | [] [] [] [] |
- mailfromd | |
- mailutils | [] |
- make | [] [] [] |
- man-db | |
- man-db-manpages | |
- minicom | [] [] [] [] |
- mkisofs | |
- myserver | |
- nano | [] [] [] |
- opcodes | [] [] |
- parted | [] [] |
- pies | |
- popt | [] [] [] [] [] |
- psmisc | [] [] [] |
- pspp | [] |
- pwdutils | [] |
- radius | [] |
- recode | [] [] [] [] [] [] |
- rosegarden | () () () |
- rpm | [] [] [] |
- rush | |
- sarg | |
- screem | |
- scrollkeeper | [] [] [] [] [] |
- sed | [] [] [] [] [] [] |
- sharutils | [] [] [] [] |
- shishi | |
- skencil | [] () [] |
- solfege | [] [] [] |
- solfege-manual | [] [] |
- soundtracker | [] [] [] |
- sp | [] |
- sysstat | [] [] [] |
- tar | [] [] [] [] |
- texinfo | [] [] [] |
- tin | [] [] |
- unicode-han-tra... | |
- unicode-transla... | |
- util-linux-ng | [] [] [] [] |
- vice | () () |
- vmm | [] |
- vorbis-tools | [] [] |
- wastesedge | [] |
- wdiff | [] [] |
- wget | [] [] [] |
- wyslij-po | |
- xchat | [] [] [] [] [] |
- xdg-user-dirs | [] [] [] [] [] [] [] [] [] |
- xkeyboard-config | [] [] [] [] [] [] |
- +-------------------------------------------------+
- crh cs da de el en en_GB en_ZA eo es et eu fa
- 5 64 105 117 18 1 8 0 28 89 18 19 0
-
- fi fr ga gl gu he hi hr hu hy id is it ja ka kn
- +----------------------------------------------------+
- a2ps | [] [] [] [] |
- aegis | [] [] |
- ant-phone | [] [] |
- anubis | [] [] [] [] |
- aspell | [] [] [] [] |
- bash | [] [] [] [] |
- bfd | [] [] [] |
- bibshelf | [] [] [] [] [] |
- binutils | [] [] [] |
- bison | [] [] [] [] |
- bison-runtime | [] [] [] [] [] [] |
- bluez-pin | [] [] [] [] [] [] [] [] |
- bombono-dvd | [] |
- buzztard | [] |
- cflow | [] [] [] |
- clisp | [] |
- coreutils | [] [] [] [] [] |
- cpio | [] [] [] [] |
- cppi | [] [] |
- cpplib | [] [] [] |
- cryptsetup | [] [] [] |
- dfarc | [] [] [] |
- dialog | [] [] [] [] [] [] [] |
- dico | |
- diffutils | [] [] [] [] [] [] [] [] [] |
- dink | [] |
- doodle | [] [] |
- e2fsprogs | [] [] |
- enscript | [] [] [] [] |
- exif | [] [] [] [] [] [] |
- fetchmail | [] [] [] [] |
- findutils | [] [] [] [] [] [] |
- flex | [] [] [] |
- freedink | [] [] [] |
- gas | [] [] |
- gawk | [] [] [] [] () [] |
- gcal | [] |
- gcc | [] |
- gettext-examples | [] [] [] [] [] [] [] |
- gettext-runtime | [] [] [] [] [] [] |
- gettext-tools | [] [] [] [] |
- gip | [] [] [] [] [] [] |
- gjay | [] |
- gliv | [] () |
- glunarclock | [] [] [] [] |
- gnubiff | () [] () |
- gnucash | () () () () () [] |
- gnuedu | [] [] |
- gnulib | [] [] [] [] [] [] |
- gnunet | |
- gnunet-gtk | [] |
- gnutls | [] [] |
- gold | [] [] |
- gpe-aerial | [] [] [] |
- gpe-beam | [] [] [] [] |
- gpe-bluetooth | [] [] [] [] |
- gpe-calendar | [] [] |
- gpe-clock | [] [] [] [] [] |
- gpe-conf | [] [] [] [] |
- gpe-contacts | [] [] [] [] |
- gpe-edit | [] [] [] |
- gpe-filemanager | [] [] [] [] |
- gpe-go | [] [] [] [] [] |
- gpe-login | [] [] [] |
- gpe-ownerinfo | [] [] [] [] [] |
- gpe-package | [] [] [] |
- gpe-sketchbook | [] [] [] [] |
- gpe-su | [] [] [] [] [] [] |
- gpe-taskmanager | [] [] [] [] [] |
- gpe-timesheet | [] [] [] [] [] |
- gpe-today | [] [] [] [] [] [] [] |
- gpe-todo | [] [] [] |
- gphoto2 | [] [] [] [] [] [] |
- gprof | [] [] [] [] |
- gpsdrive | [] [] [] |
- gramadoir | [] [] [] |
- grep | [] [] |
- grub | [] [] [] [] |
- gsasl | [] [] [] [] [] |
- gss | [] [] [] [] [] |
- gst-plugins-bad | [] [] [] [] [] [] |
- gst-plugins-base | [] [] [] [] [] [] |
- gst-plugins-good | [] [] [] [] [] [] |
- gst-plugins-ugly | [] [] [] [] [] [] |
- gstreamer | [] [] [] [] [] |
- gtick | [] [] [] [] [] |
- gtkam | [] [] [] [] [] |
- gtkorphan | [] [] [] |
- gtkspell | [] [] [] [] [] [] [] [] [] |
- gutenprint | [] [] [] [] |
- hello | [] [] [] |
- help2man | [] [] |
- hylafax | [] |
- idutils | [] [] [] [] [] [] |
- indent | [] [] [] [] [] [] [] [] |
- iso_15924 | [] () [] [] |
- iso_3166 | [] () [] [] [] [] [] [] [] [] [] [] |
- iso_3166_2 | () [] [] [] |
- iso_4217 | [] () [] [] [] [] |
- iso_639 | [] () [] [] [] [] [] [] [] |
- iso_639_3 | () [] [] |
- jwhois | [] [] [] [] [] |
- kbd | [] [] |
- keytouch | [] [] [] [] [] [] |
- keytouch-editor | [] [] [] [] [] |
- keytouch-keyboa... | [] [] [] [] [] |
- klavaro | [] [] |
- latrine | [] [] [] |
- ld | [] [] [] [] |
- leafpad | [] [] [] [] [] [] [] () |
- libc | [] [] [] [] [] |
- libexif | [] |
- libextractor | |
- libgnutls | [] [] |
- libgpewidget | [] [] [] [] |
- libgpg-error | [] [] |
- libgphoto2 | [] [] [] |
- libgphoto2_port | [] [] [] |
- libgsasl | [] [] [] [] [] |
- libiconv | [] [] [] [] [] [] |
- libidn | [] [] [] [] |
- lifelines | () |
- liferea | [] [] [] [] |
- lilypond | [] [] |
- linkdr | [] [] [] [] [] |
- lordsawar | |
- lprng | [] |
- lynx | [] [] [] [] [] |
- m4 | [] [] [] [] [] [] |
- mailfromd | |
- mailutils | [] [] |
- make | [] [] [] [] [] [] [] [] [] |
- man-db | [] [] |
- man-db-manpages | [] |
- minicom | [] [] [] [] [] |
- mkisofs | [] [] [] [] |
- myserver | |
- nano | [] [] [] [] [] [] |
- opcodes | [] [] [] [] |
- parted | [] [] [] [] |
- pies | |
- popt | [] [] [] [] [] [] [] [] [] |
- psmisc | [] [] [] |
- pspp | |
- pwdutils | [] [] |
- radius | [] [] |
- recode | [] [] [] [] [] [] [] [] |
- rosegarden | () () () () () |
- rpm | [] [] |
- rush | |
- sarg | [] |
- screem | [] [] |
- scrollkeeper | [] [] [] [] |
- sed | [] [] [] [] [] [] [] [] |
- sharutils | [] [] [] [] [] [] [] |
- shishi | [] |
- skencil | [] |
- solfege | [] [] [] [] |
- solfege-manual | [] [] |
- soundtracker | [] [] |
- sp | [] () |
- sysstat | [] [] [] [] [] |
- tar | [] [] [] [] [] [] [] |
- texinfo | [] [] [] [] |
- tin | [] |
- unicode-han-tra... | |
- unicode-transla... | [] [] |
- util-linux-ng | [] [] [] [] [] [] |
- vice | () () () |
- vmm | [] |
- vorbis-tools | [] |
- wastesedge | () () |
- wdiff | [] |
- wget | [] [] [] [] [] [] [] [] |
- wyslij-po | [] [] [] |
- xchat | [] [] [] [] [] [] [] [] [] |
- xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] |
- xkeyboard-config | [] [] [] [] [] |
- +----------------------------------------------------+
- fi fr ga gl gu he hi hr hu hy id is it ja ka kn
- 105 121 53 20 4 8 3 5 53 2 120 5 84 67 0 4
-
- ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne
- +-----------------------------------------------+
- a2ps | [] |
- aegis | |
- ant-phone | |
- anubis | [] [] |
- aspell | [] |
- bash | |
- bfd | |
- bibshelf | [] [] |
- binutils | |
- bison | [] |
- bison-runtime | [] [] [] [] [] |
- bluez-pin | [] [] [] [] [] |
- bombono-dvd | |
- buzztard | |
- cflow | |
- clisp | |
- coreutils | [] |
- cpio | |
- cppi | |
- cpplib | |
- cryptsetup | |
- dfarc | [] |
- dialog | [] [] [] [] [] |
- dico | |
- diffutils | [] [] |
- dink | |
- doodle | |
- e2fsprogs | |
- enscript | |
- exif | [] |
- fetchmail | |
- findutils | |
- flex | |
- freedink | [] |
- gas | |
- gawk | |
- gcal | |
- gcc | |
- gettext-examples | [] [] [] [] |
- gettext-runtime | [] |
- gettext-tools | [] |
- gip | [] [] |
- gjay | |
- gliv | |
- glunarclock | [] |
- gnubiff | |
- gnucash | () () () () |
- gnuedu | |
- gnulib | |
- gnunet | |
- gnunet-gtk | |
- gnutls | [] |
- gold | |
- gpe-aerial | [] |
- gpe-beam | [] |
- gpe-bluetooth | [] [] |
- gpe-calendar | [] |
- gpe-clock | [] [] [] [] [] |
- gpe-conf | [] [] |
- gpe-contacts | [] [] |
- gpe-edit | [] |
- gpe-filemanager | [] [] |
- gpe-go | [] [] [] |
- gpe-login | [] |
- gpe-ownerinfo | [] [] |
- gpe-package | [] [] |
- gpe-sketchbook | [] [] |
- gpe-su | [] [] [] [] [] [] |
- gpe-taskmanager | [] [] [] [] [] [] |
- gpe-timesheet | [] [] |
- gpe-today | [] [] [] [] |
- gpe-todo | [] [] |
- gphoto2 | |
- gprof | [] |
- gpsdrive | |
- gramadoir | |
- grep | |
- grub | |
- gsasl | |
- gss | |
- gst-plugins-bad | [] [] [] [] |
- gst-plugins-base | [] [] |
- gst-plugins-good | [] [] |
- gst-plugins-ugly | [] [] [] [] [] |
- gstreamer | |
- gtick | |
- gtkam | [] |
- gtkorphan | [] [] |
- gtkspell | [] [] [] [] [] [] [] |
- gutenprint | |
- hello | [] [] [] |
- help2man | |
- hylafax | |
- idutils | |
- indent | |
- iso_15924 | [] [] |
- iso_3166 | [] [] () [] [] [] [] [] |
- iso_3166_2 | |
- iso_4217 | [] [] |
- iso_639 | [] [] |
- iso_639_3 | [] |
- jwhois | [] |
- kbd | |
- keytouch | [] |
- keytouch-editor | [] |
- keytouch-keyboa... | [] |
- klavaro | [] |
- latrine | [] |
- ld | |
- leafpad | [] [] [] |
- libc | [] |
- libexif | |
- libextractor | |
- libgnutls | [] |
- libgpewidget | [] [] |
- libgpg-error | |
- libgphoto2 | |
- libgphoto2_port | |
- libgsasl | |
- libiconv | |
- libidn | |
- lifelines | |
- liferea | |
- lilypond | |
- linkdr | |
- lordsawar | |
- lprng | |
- lynx | |
- m4 | |
- mailfromd | |
- mailutils | |
- make | [] |
- man-db | |
- man-db-manpages | |
- minicom | [] |
- mkisofs | |
- myserver | |
- nano | [] [] |
- opcodes | |
- parted | |
- pies | |
- popt | [] [] [] |
- psmisc | |
- pspp | |
- pwdutils | |
- radius | |
- recode | |
- rosegarden | |
- rpm | |
- rush | |
- sarg | |
- screem | |
- scrollkeeper | [] [] |
- sed | |
- sharutils | |
- shishi | |
- skencil | |
- solfege | [] |
- solfege-manual | |
- soundtracker | |
- sp | |
- sysstat | [] |
- tar | [] |
- texinfo | [] |
- tin | |
- unicode-han-tra... | |
- unicode-transla... | |
- util-linux-ng | |
- vice | |
- vmm | |
- vorbis-tools | |
- wastesedge | |
- wdiff | |
- wget | [] |
- wyslij-po | |
- xchat | [] [] [] |
- xdg-user-dirs | [] [] [] [] [] [] [] [] |
- xkeyboard-config | [] [] [] |
- +-----------------------------------------------+
- ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne
- 20 5 10 1 13 48 4 2 2 4 24 10 20 3 1
-
- nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr
- +---------------------------------------------------+
- a2ps | [] [] [] [] [] [] [] [] |
- aegis | [] [] [] |
- ant-phone | [] [] |
- anubis | [] [] [] |
- aspell | [] [] [] [] [] |
- bash | [] [] |
- bfd | [] |
- bibshelf | [] [] |
- binutils | [] [] |
- bison | [] [] [] |
- bison-runtime | [] [] [] [] [] [] [] |
- bluez-pin | [] [] [] [] [] [] [] [] |
- bombono-dvd | [] () |
- buzztard | [] [] |
- cflow | [] |
- clisp | [] [] |
- coreutils | [] [] [] [] [] [] |
- cpio | [] [] [] |
- cppi | [] |
- cpplib | [] |
- cryptsetup | [] |
- dfarc | [] |
- dialog | [] [] [] [] |
- dico | [] |
- diffutils | [] [] [] [] [] [] |
- dink | () |
- doodle | [] [] |
- e2fsprogs | [] [] |
- enscript | [] [] [] [] [] |
- exif | [] [] [] () [] |
- fetchmail | [] [] [] [] |
- findutils | [] [] [] [] [] |
- flex | [] [] [] [] [] |
- freedink | [] [] |
- gas | |
- gawk | [] [] [] [] |
- gcal | |
- gcc | [] |
- gettext-examples | [] [] [] [] [] [] [] [] |
- gettext-runtime | [] [] [] [] [] [] [] [] [] |
- gettext-tools | [] [] [] [] [] [] |
- gip | [] [] [] [] [] |
- gjay | |
- gliv | [] [] [] [] [] [] |
- glunarclock | [] [] [] [] [] |
- gnubiff | [] () |
- gnucash | [] () () () |
- gnuedu | [] |
- gnulib | [] [] [] [] |
- gnunet | |
- gnunet-gtk | |
- gnutls | [] [] |
- gold | |
- gpe-aerial | [] [] [] [] [] [] [] |
- gpe-beam | [] [] [] [] [] [] [] |
- gpe-bluetooth | [] [] |
- gpe-calendar | [] [] [] [] |
- gpe-clock | [] [] [] [] [] [] [] [] |
- gpe-conf | [] [] [] [] [] [] [] |
- gpe-contacts | [] [] [] [] [] |
- gpe-edit | [] [] [] |
- gpe-filemanager | [] [] [] |
- gpe-go | [] [] [] [] [] [] [] [] |
- gpe-login | [] [] |
- gpe-ownerinfo | [] [] [] [] [] [] [] [] |
- gpe-package | [] [] |
- gpe-sketchbook | [] [] [] [] [] [] [] |
- gpe-su | [] [] [] [] [] [] [] [] |
- gpe-taskmanager | [] [] [] [] [] [] [] [] |
- gpe-timesheet | [] [] [] [] [] [] [] [] |
- gpe-today | [] [] [] [] [] [] [] [] |
- gpe-todo | [] [] [] [] [] |
- gphoto2 | [] [] [] [] [] [] [] [] |
- gprof | [] [] [] |
- gpsdrive | [] [] |
- gramadoir | [] [] |
- grep | [] [] [] [] |
- grub | [] [] [] |
- gsasl | [] [] [] [] |
- gss | [] [] [] |
- gst-plugins-bad | [] [] [] [] [] [] |
- gst-plugins-base | [] [] [] [] [] |
- gst-plugins-good | [] [] [] [] [] |
- gst-plugins-ugly | [] [] [] [] [] [] |
- gstreamer | [] [] [] [] [] |
- gtick | [] [] [] |
- gtkam | [] [] [] [] [] [] |
- gtkorphan | [] |
- gtkspell | [] [] [] [] [] [] [] [] [] [] |
- gutenprint | [] [] |
- hello | [] [] [] [] |
- help2man | [] [] |
- hylafax | [] |
- idutils | [] [] [] [] [] |
- indent | [] [] [] [] [] [] [] |
- iso_15924 | [] [] [] [] |
- iso_3166 | [] [] [] [] [] () [] [] [] [] [] [] [] [] |
- iso_3166_2 | [] [] [] |
- iso_4217 | [] [] [] [] [] [] [] [] |
- iso_639 | [] [] [] [] [] [] [] [] [] |
- iso_639_3 | [] [] |
- jwhois | [] [] [] [] |
- kbd | [] [] [] |
- keytouch | [] [] [] |
- keytouch-editor | [] [] [] |
- keytouch-keyboa... | [] [] [] |
- klavaro | [] [] |
- latrine | [] [] |
- ld | |
- leafpad | [] [] [] [] [] [] [] [] [] |
- libc | [] [] [] [] |
- libexif | [] [] () [] |
- libextractor | |
- libgnutls | [] [] |
- libgpewidget | [] [] [] |
- libgpg-error | [] [] |
- libgphoto2 | [] [] |
- libgphoto2_port | [] [] [] [] [] |
- libgsasl | [] [] [] [] [] |
- libiconv | [] [] [] [] [] |
- libidn | [] [] |
- lifelines | [] [] |
- liferea | [] [] [] [] [] () () [] |
- lilypond | [] |
- linkdr | [] [] [] |
- lordsawar | |
- lprng | [] |
- lynx | [] [] [] |
- m4 | [] [] [] [] [] |
- mailfromd | [] |
- mailutils | [] |
- make | [] [] [] [] |
- man-db | [] [] [] |
- man-db-manpages | [] [] [] |
- minicom | [] [] [] [] |
- mkisofs | [] [] [] |
- myserver | |
- nano | [] [] [] [] |
- opcodes | [] [] |
- parted | [] [] [] [] |
- pies | [] |
- popt | [] [] [] [] |
- psmisc | [] [] [] |
- pspp | [] [] |
- pwdutils | [] |
- radius | [] [] [] |
- recode | [] [] [] [] [] [] [] [] |
- rosegarden | () () |
- rpm | [] [] [] |
- rush | [] [] |
- sarg | |
- screem | |
- scrollkeeper | [] [] [] [] [] [] [] [] |
- sed | [] [] [] [] [] [] [] [] [] |
- sharutils | [] [] [] [] |
- shishi | [] |
- skencil | [] [] |
- solfege | [] [] [] [] |
- solfege-manual | [] [] [] |
- soundtracker | [] |
- sp | |
- sysstat | [] [] [] [] |
- tar | [] [] [] [] |
- texinfo | [] [] [] [] |
- tin | [] |
- unicode-han-tra... | |
- unicode-transla... | |
- util-linux-ng | [] [] [] [] [] |
- vice | [] |
- vmm | [] |
- vorbis-tools | [] [] |
- wastesedge | [] |
- wdiff | [] [] |
- wget | [] [] [] [] [] [] [] |
- wyslij-po | [] [] [] |
- xchat | [] [] [] [] [] [] [] [] [] |
- xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] |
- xkeyboard-config | [] [] [] |
- +---------------------------------------------------+
- nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr
- 135 10 4 7 105 1 29 62 47 91 3 54 46 9 37
-
- sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW
- +---------------------------------------------------+
- a2ps | [] [] [] [] [] | 27
- aegis | [] | 9
- ant-phone | [] [] [] [] | 9
- anubis | [] [] [] [] | 15
- aspell | [] [] [] | 20
- bash | [] [] [] | 12
- bfd | [] | 6
- bibshelf | [] [] [] | 16
- binutils | [] [] | 8
- bison | [] [] | 12
- bison-runtime | [] [] [] [] [] [] | 29
- bluez-pin | [] [] [] [] [] [] [] [] | 37
- bombono-dvd | [] | 4
- buzztard | [] | 7
- cflow | [] [] [] | 9
- clisp | | 10
- coreutils | [] [] [] [] | 22
- cpio | [] [] [] [] [] [] | 13
- cppi | [] [] | 5
- cpplib | [] [] [] [] [] [] | 14
- cryptsetup | [] [] | 7
- dfarc | [] | 9
- dialog | [] [] [] [] [] [] [] | 30
- dico | [] | 2
- diffutils | [] [] [] [] [] [] | 30
- dink | | 4
- doodle | [] [] | 7
- e2fsprogs | [] [] [] | 11
- enscript | [] [] [] [] | 17
- exif | [] [] [] | 16
- fetchmail | [] [] [] | 17
- findutils | [] [] [] [] [] | 20
- flex | [] [] [] [] | 15
- freedink | [] | 10
- gas | [] | 4
- gawk | [] [] [] [] | 18
- gcal | [] [] | 5
- gcc | [] [] [] | 7
- gettext-examples | [] [] [] [] [] [] [] | 34
- gettext-runtime | [] [] [] [] [] [] [] | 29
- gettext-tools | [] [] [] [] [] [] | 22
- gip | [] [] [] [] | 22
- gjay | [] | 3
- gliv | [] [] [] | 14
- glunarclock | [] [] [] [] [] | 19
- gnubiff | [] [] | 4
- gnucash | () [] () [] () | 10
- gnuedu | [] [] | 7
- gnulib | [] [] [] [] | 16
- gnunet | [] | 1
- gnunet-gtk | [] [] [] | 5
- gnutls | [] [] [] | 10
- gold | [] | 4
- gpe-aerial | [] [] [] | 18
- gpe-beam | [] [] [] | 19
- gpe-bluetooth | [] [] [] | 13
- gpe-calendar | [] [] [] [] | 12
- gpe-clock | [] [] [] [] [] | 28
- gpe-conf | [] [] [] [] | 20
- gpe-contacts | [] [] [] | 17
- gpe-edit | [] [] [] | 12
- gpe-filemanager | [] [] [] [] | 16
- gpe-go | [] [] [] [] [] | 25
- gpe-login | [] [] [] | 11
- gpe-ownerinfo | [] [] [] [] [] | 25
- gpe-package | [] [] [] | 13
- gpe-sketchbook | [] [] [] | 20
- gpe-su | [] [] [] [] [] | 30
- gpe-taskmanager | [] [] [] [] [] | 29
- gpe-timesheet | [] [] [] [] [] | 25
- gpe-today | [] [] [] [] [] [] | 30
- gpe-todo | [] [] [] [] | 17
- gphoto2 | [] [] [] [] [] | 24
- gprof | [] [] [] | 15
- gpsdrive | [] [] [] | 11
- gramadoir | [] [] [] | 11
- grep | [] [] [] | 10
- grub | [] [] [] | 14
- gsasl | [] [] [] [] | 14
- gss | [] [] [] | 11
- gst-plugins-bad | [] [] [] [] | 26
- gst-plugins-base | [] [] [] [] [] | 24
- gst-plugins-good | [] [] [] [] | 24
- gst-plugins-ugly | [] [] [] [] [] | 29
- gstreamer | [] [] [] [] | 22
- gtick | [] [] [] | 13
- gtkam | [] [] [] | 20
- gtkorphan | [] [] [] | 14
- gtkspell | [] [] [] [] [] [] [] [] [] | 45
- gutenprint | [] | 10
- hello | [] [] [] [] [] [] | 21
- help2man | [] [] | 7
- hylafax | [] | 5
- idutils | [] [] [] [] | 17
- indent | [] [] [] [] [] [] | 30
- iso_15924 | () [] () [] [] | 16
- iso_3166 | [] [] () [] [] () [] [] [] () | 53
- iso_3166_2 | () [] () [] | 9
- iso_4217 | [] () [] [] () [] [] | 26
- iso_639 | [] [] [] () [] () [] [] [] [] | 38
- iso_639_3 | [] () | 8
- jwhois | [] [] [] [] [] | 16
- kbd | [] [] [] [] [] | 15
- keytouch | [] [] [] | 16
- keytouch-editor | [] [] [] | 14
- keytouch-keyboa... | [] [] [] | 14
- klavaro | [] | 11
- latrine | [] [] [] | 10
- ld | [] [] [] [] | 11
- leafpad | [] [] [] [] [] [] | 33
- libc | [] [] [] [] [] | 21
- libexif | [] () | 7
- libextractor | [] | 1
- libgnutls | [] [] [] | 9
- libgpewidget | [] [] [] | 14
- libgpg-error | [] [] [] | 9
- libgphoto2 | [] [] | 8
- libgphoto2_port | [] [] [] [] | 14
- libgsasl | [] [] [] | 13
- libiconv | [] [] [] [] | 21
- libidn | () [] [] | 11
- lifelines | [] | 4
- liferea | [] [] [] | 21
- lilypond | [] | 7
- linkdr | [] [] [] [] [] | 17
- lordsawar | | 1
- lprng | [] | 3
- lynx | [] [] [] [] | 17
- m4 | [] [] [] [] | 19
- mailfromd | [] [] | 3
- mailutils | [] | 5
- make | [] [] [] [] | 21
- man-db | [] [] [] | 8
- man-db-manpages | | 4
- minicom | [] [] | 16
- mkisofs | [] [] | 9
- myserver | | 0
- nano | [] [] [] [] | 21
- opcodes | [] [] [] | 11
- parted | [] [] [] [] [] | 15
- pies | [] [] | 3
- popt | [] [] [] [] [] [] | 27
- psmisc | [] [] | 11
- pspp | | 4
- pwdutils | [] [] | 6
- radius | [] [] | 9
- recode | [] [] [] [] | 28
- rosegarden | () | 0
- rpm | [] [] [] | 11
- rush | [] [] | 4
- sarg | | 1
- screem | [] | 3
- scrollkeeper | [] [] [] [] [] | 27
- sed | [] [] [] [] [] | 30
- sharutils | [] [] [] [] [] | 22
- shishi | [] | 3
- skencil | [] [] | 7
- solfege | [] [] [] [] | 16
- solfege-manual | [] | 8
- soundtracker | [] [] [] | 9
- sp | [] | 3
- sysstat | [] [] | 15
- tar | [] [] [] [] [] [] | 23
- texinfo | [] [] [] [] [] | 17
- tin | | 4
- unicode-han-tra... | | 0
- unicode-transla... | | 2
- util-linux-ng | [] [] [] [] | 20
- vice | () () | 1
- vmm | [] | 4
- vorbis-tools | [] | 6
- wastesedge | | 2
- wdiff | [] [] | 7
- wget | [] [] [] [] [] | 26
- wyslij-po | [] [] | 8
- xchat | [] [] [] [] [] [] | 36
- xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | 63
- xkeyboard-config | [] [] [] | 22
- +---------------------------------------------------+
- 85 teams sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW
- 178 domains 119 1 3 3 0 10 65 51 155 17 98 7 41 2618
-
- Some counters in the preceding matrix are higher than the number of
-visible blocks let us expect. This is because a few extra PO files are
-used for implementing regional variants of languages, or language
-dialects.
-
- For a PO file in the matrix above to be effective, the package to
-which it applies should also have been internationalized and
-distributed as such by its maintainer. There might be an observable
-lag between the mere existence a PO file and its wide availability in a
-distribution.
-
- If June 2010 seems to be old, you may fetch a more recent copy of
-this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date
-matrix with full percentage details can be found at
-`http://translationproject.org/extra/matrix.html'.
-
-1.5 Using `gettext' in new packages
-===================================
-
-If you are writing a freely available program and want to
-internationalize it you are welcome to use GNU `gettext' in your
-package. Of course you have to respect the GNU Library General Public
-License which covers the use of the GNU `gettext' library. This means
-in particular that even non-free programs can use `libintl' as a shared
-library, whereas only free software can use `libintl' as a static
-library or use modified versions of `libintl'.
-
- Once the sources are changed appropriately and the setup can handle
-the use of `gettext' the only thing missing are the translations. The
-Free Translation Project is also available for packages which are not
-developed inside the GNU project. Therefore the information given above
-applies also for every other Free Software Project. Contact
-`coordinator@translationproject.org' to make the `.pot' files available
-to the translation teams.
-
+++ /dev/null
-Since version 1.6 this file is no longer maintained.
-
-See docs/*ReleaseNotes for release changes documentation.
-
-See version control history for full commit messages.
- https://gitlab.com/cryptsetup/cryptsetup/commits/master
-Frequently Asked Questions Cryptsetup/LUKS
+# Frequently Asked Questions Cryptsetup/LUKS
-Sections
-1. General Questions
-2. Setup
-3. Common Problems
-4. Troubleshooting
-5. Security Aspects
-6. Backup and Data Recovery
-7. Interoperability with other Disk Encryption Tools
-8. Issues with Specific Versions of cryptsetup
-9. The Initrd question
-10. LUKS2 Questions
-11. References and Further Reading
-A. Contributors
+# Sections
+[1. General Questions](#1-general-questions)
+[2. Setup](#2-setup)
+[3. Common Problems](#3-common-problems)
+[4. Troubleshooting](#4-troubleshooting)
+[5. Security Aspects](#5-security-aspects)
+[6. Backup and Data Recovery](#6-backup-and-data-recovery)
+[7. Interoperability with other Disk Encryption Tools](#7-interoperability-with-other-disk-encryption-tools)
+[8. Issues with Specific Versions of cryptsetup](#8-issues-with-specific-versions-of-cryptsetup)
+[9. The Initrd question](#9-the-initrd-question)
+[10. LUKS2 Questions](#10-luks2-questions)
+[11. References and Further Reading](#11-references-and-further-reading)
+[A. Contributors](#a-contributors)
-1. General Questions
+# 1. General Questions
- * 1.1 What is this?
+ * **1.1 What is this?**
This is the FAQ (Frequently Asked Questions) for cryptsetup. It covers
Linux disk encryption with plain dm-crypt (one passphrase, no
management, no metadata on disk) and LUKS (multiple user keys with one
- master key, anti-forensic features, metadata block at start of device,
+ volume key, anti-forensic features, metadata block at start of device,
...). The latest version of this FAQ should usually be available at
https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
- * 1.2 WARNINGS
+ * **1.2 WARNINGS**
LUKS2 COMPATIBILITY: This FAQ was originally written for LUKS1, not
LUKS2. Hence regarding LUKS2, some of the answers found here may not
doing encrypted backup.
CLONING/IMAGING: If you clone or image a LUKS container, you make a copy
- of the LUKS header and the master key will stay the same! That means
- that if you distribute an image to several machines, the same master key
+ of the LUKS header and the volume key will stay the same! That means
+ that if you distribute an image to several machines, the same volume key
will be used on all of them, regardless of whether you change the
passphrases. Do NOT do this! If you do, a root-user on any of the
machines with a mapped (decrypted) container or a passphrase on that
checking for an existing LUKS header is shifted to the script. This is
a more general form of the previous item.
- LUKS PASSPHRASE IS NOT THE MASTER KEY: The LUKS passphrase is not used
- in deriving the master key. It is used in decrypting a master key that
+ LUKS PASSPHRASE IS NOT THE VOLUME KEY: The LUKS passphrase is not used
+ in deriving the volume key. It is used in decrypting a volume key that
is randomly selected on header creation. This means that if you create
a new LUKS header on top of an old one with exactly the same parameters
and exactly the same passphrase as the old one, it will still have a
- different master key and your data will be permanently lost.
+ different volume key and your data will be permanently lost.
PASSPHRASE CHARACTER SET: Some people have had difficulties with this
when upgrading distributions. It is highly advisable to only use the 95
device in pre-boot, try entering the digits over the regular digit keys.
- * 1.3 System specific warnings
+ * **1.3 System specific warnings**
- The Ubuntu Natty uinstaller has a "won't fix" defect that may destroy
LUKS containers. This is quite old an not relevant for most people.
https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/420080
- * 1.4 My LUKS-device is broken! Help!
+ * **1.4 My LUKS-device is broken! Help!**
First: Do not panic! In many cases the data is still recoverable.
Do not do anything hasty! Steps:
- Ask on the mailing-list if you need more help.
- * 1.5 Who wrote this?
+ * **1.5 Who wrote this?**
Current FAQ maintainer is Arno Wagner <arno@wagner.name>. If you want
to send me encrypted email, my current PGP key is DSA key CB5D9718,
problems.
- * 1.6 Where is the project website?
+ * **1.6 Where is the project website?**
There is the project website at
https://gitlab.com/cryptsetup/cryptsetup/ Please do not post
instead.
- * 1.7 Is there a mailing-list?
+ * **1.7 Is there a mailing-list?**
Instructions on how to subscribe to the mailing-list are on the
project website. People are generally helpful and friendly on the
list.
The question of how to unsubscribe from the list does crop up sometimes.
- For this you need your list management URL, which is sent to you
- initially and once at the start of each month. Go to the URL mentioned
- in the email and select "unsubscribe". This page also allows you to
- request a password reminder.
+ For this you need your list management URL
+ https://subspace.kernel.org/lists.linux.dev.html. Go to the URL mentioned
+ in the email and select "unsubscribe".
- Alternatively, you can send an Email to dm-crypt-request@saout.de with
- just the word "help" in the subject or message body. Make sure to send
- it from your list address.
+ Alternatively, you can send an empty Email to cryptsetup+help@lists.linux.dev.
+ Make sure to send it from your list address.
The mailing list archive is here:
- https://marc.info/?l=dm-crypt
+ https://lore.kernel.org/cryptsetup/
+ The legacy dm-crypt mailing list archive is here:
+ https://lore.kernel.org/dm-crypt/
- * 1.8 Unsubscribe from the mailing-list
- Send mail to dm-crypt-unsubscribe@saout.de from the subscribed account.
+ * **1.8 Unsubscribe from the mailing-list**
+
+ Send mail to cryptsetup+unsubscribe@lists.linux.dev from the subscribed account.
You will get an email with instructions.
Basically, you just have to respond to it unmodified to get
your email account and it had to be answered before the subscription
went active. The confirmation emails from the listserver have subjects
like these (with other numbers):
-
- Subject: confirm 9964cf10.....
-
- and are sent from dm-crypt-request@saout.de. You should check whether
+```
+ Subject: Confirm subscription to cryptsetup@lists.linux.dev
+```
+ and are sent from cryptsetup+help@lists.linux.dev. You should check whether
you have anything like it in your sent email folder. If you find
nothing and are sure you did not confirm, then you should look into a
possible compromise of your email account.
+ * **1.9 What can I do if cryptsetup is running out of memory?**
+
+ Memory issues are generally related to the key derivation function. You may
+ be able to tune usage with the options --pbkdf-memory or --pbkdf pbkdf2.
+
+
+ * **1.10 Can cryptsetup be run without root access?**
+
+ Elevated privileges are required to use cryptsetup and LUKS. Some operations
+ require root access. There are a few features which will work without root
+ access with the right switches but there are caveats.
+
+
+ * **1.11 What are the problems with running as non root?**
+
+ The first issue is one of permissions to devices. Generally, root or a group
+ such as disk has ownership of the storage devices. The non root user will
+ need write access to the block device used for LUKS.
+
+ Next, file locking is managed in /run/cryptsetup. You may use
+ --disable-locks but cryptsetup will no longer protect you from race
+ conditions and problems with concurrent access to the same devices.
+
+ Also, device mapper requires root access. cryptsetup uses device mapper to
+ manage the decrypted container.
+
+ * **1.12 How can I report an issue in the cryptsetup project?**
-2. Setup
+ Before reporting any issue, please be sure you are using the latest
+ upstream version and that you read the documentation (and this FAQ).
- * 2.1 LUKS Container Setup mini-HOWTO
+ If you think you have discovered an issue, please report it through
+ the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues).
+ For a possible security issue, please use the confidential checkbox.
+
+ Please fill in all information requested in the report template
+ (specifically add debug output with all run environment data).
+ Do not trim the output; debug output does not include private data.
+
+
+# 2. Setup
+
+ * **2.1 LUKS Container Setup mini-HOWTO**
This item tries to give you a very brief list of all the steps you
should go through when creating a new LUKS encrypted container, i.e.
container.
To just quickly wipe file systems (old data may remain), use
-
+```
wipefs -a <target device>
-
+```
To wipe file system and data, use something like
-
+```
cat /dev/zero > <target device>
-
+```
This can take a while. To get a progress indicator, you can use the
tool dd_rescue (->google) instead or use my stream meter "wcs" (source
here: https://www.tansi.org/tools/index.html) in the following fashion:
-
+```
cat /dev/zero | wcs > <target device>
-
+```
Plain "dd" also gives you the progress on a SIGUSR1, see its man-page.
+ The GNU "dd" command supports the "status=progress" operand that gives you
+ the progress without having to send it any signal.
Be very sure you have the right target, all data will be lost!
04) Create the LUKS container.
LUKS1:
-
+```
cryptsetup luksFormat --type luks1 <target device>
-
+```
LUKS2:
-
+```
cryptsetup luksFormat --type luks2 <target device>
-
+```
Just follow the on-screen instructions.
much lower than 100000, i.e. 100MB, but don't take my word for it.
05) Map the container. Here it will be mapped to /dev/mapper/c1:
-
+```
cryptsetup luksOpen <target device> c1
-
+```
06) (Optionally) wipe the container (make sure you have the right
target!):
-
+```
cat /dev/zero > /dev/mapper/c1
-
+```
This will take a while. Note that this creates a small information
leak, as an attacker can determine whether a 512 byte block is zero if
the attacker has access to the encrypted container multiple times.
07) Create a file system in the mapped container, for example an
ext3 file system (any other file system is possible):
-
+```
mke2fs -j /dev/mapper/c1
-
+```
08) Mount your encrypted file system, here on /mnt:
-
+```
mount /dev/mapper/c1 /mnt
-
+```
09) Make a LUKS header backup and plan for a container backup.
See Section 6 for details.
will compromise your security.
- * 2.2 LUKS on partitions or raw disks? What about RAID?
+ * **2.2 LUKS on partitions or raw disks? What about RAID?**
Also see Item 2.8.
This is a complicated question, and made more so by the availability of
it in some other way. The PC is just not set-up for a really secure
boot-chain (whatever some people may claim).
+ That said, if you want an encrypted root partition, you have to store
+ an initrd with cryptsetup somewhere else. The traditional approach is
+ to have a separate partition under /boot for that. You can also put that
+ initrd on a bootable memory stick, bootable CD or bootable external
+ drive as well. The kernel and Grub typically go to the same location
+ as that initrd. A minimal example what such an initrd can look like is
+ given in Section 9.
+
(2) Fully encrypted raw block device: For this, put LUKS on the raw
device (e.g. /dev/sdb) and put a filesystem into the LUKS container, no
partitioning whatsoever involved. This is very suitable for things like
CPU that does hardware AES as most do today.
- * 2.3 How do I set up encrypted swap?
+ * **2.3 How do I set up encrypted swap?**
As things that are confidential can end up in swap (keys, passphrases,
etc. are usually protected against being swapped to disk, but other
01) Add the swap partition to /etc/crypttab. A line like the
following should do it:
-
+```
swap /dev/<partition> /dev/urandom swap,noearly
-
+```
Warning: While Debian refuses to overwrite partitions with a filesystem
or RAID signature on it, as your disk IDs may change (adding or removing
disks, failure of disk during boot, etc.), you may want to take
02) Add the swap partition to /etc/fstab. A line like the following
should do it:
-
+```
/dev/mapper/swap none swap sw 0 0
-
+```
That is it. Reboot or start it manually to activate encrypted swap.
Manual start would look like this:
-
+```
/etc/init.d/cryptdisks start
swapon /dev/mapper/swap
+```
-
- * 2.4 What is the difference between "plain" and LUKS format?
+ * **2.4 What is the difference between "plain" and LUKS format?**
First, unless you happen to understand the cryptographic background
well, you should use LUKS. It does protect the user from a lot of
common mistakes. Plain dm-crypt is for experts.
Plain format is just that: It has no metadata on disk, reads all
- parameters from the commandline (or the defaults), derives a master-key
+ parameters from the commandline (or the defaults), derives a volume-key
from the passphrase and then uses that to de-/encrypt the sectors of the
device, with a direct 1:1 mapping between encrypted and decrypted
sectors.
LUKS format uses a metadata header and 8 key-slot areas that are being
placed at the beginning of the disk, see below under "What does the LUKS
on-disk format looks like?". The passphrases are used to decrypt a
- single master key that is stored in the anti-forensic stripes. LUKS2
+ single volume key that is stored in the anti-forensic stripes. LUKS2
adds some more flexibility.
Advantages are a higher usability, automatic configuration of
use LUKS2.
- * 2.5 Can I encrypt an existing, non-empty partition to use LUKS?
+ * **2.5 Can I encrypt an existing, non-empty partition to use LUKS?**
There is no converter, and it is not really needed. The way to do this
is to make a backup of the device in question, securely wipe the device
in a filesystem.
- * 2.6 How do I use LUKS with a loop-device?
+ * **2.6 How do I use LUKS with a loop-device?**
This can be very handy for experiments. Setup is just the same as with
any block device. If you want, for example, to use a 100MiB file as
LUKS container, do something like this:
-
+```
head -c 100M /dev/zero > luksfile # create empty file
losetup /dev/loop0 luksfile # map file to /dev/loop0
cryptsetup luksFormat --type luks2 /dev/loop0 # create LUKS2 container
-
+```
Afterwards just use /dev/loop0 as a you would use a LUKS partition.
To unmap the file when done, use "losetup -d /dev/loop0".
- * 2.7 When I add a new key-slot to LUKS, it asks for a passphrase
- but then complains about there not being a key-slot with that
- passphrase?
+ * **2.7 When I add a new key-slot to LUKS, it asks for a passphrase but then complains about there not being a key-slot with that passphrase?**
That is as intended. You are asked a passphrase of an existing key-slot
first, before you can enter the passphrase for the new key-slot.
configured key-slots in order to be able to configure a new key-slot.
- * 2.8 Encryption on top of RAID or the other way round?
+ * **2.8 Encryption on top of RAID or the other way round?**
Also see Item 2.2.
Unless you have special needs, place encryption between RAID and
/dev/dm0 .
This means that the typical layering looks like this:
-
+```
Filesystem <- top
|
Encryption (LUKS)
Raw partitions (optional)
|
Raw disks <- bottom
-
+```
The big advantage of this is that you can manage the RAID container just
like any other regular RAID container, it does not care that its content
is encrypted. This strongly cuts down on complexity, something very
valuable with storage encryption.
+ Try to avoid so-called fake RAID (RAID configured from BIOS but handled
+ by proprietary drivers). Note that some fake RAID firmware automatically
+ writes signature on disks if enabled. This causes corruption of LUKS
+ metadata. Be sure to switch the RAID option off in BIOS if you do not
+ use it.
- * 2.9 How do I read a dm-crypt key from file?
+ Another data corruption can happen if you resize (enlarge) the underlying
+ device and some remnant metadata appear near the end of the resized device
+ (like a secondary copy of the GPT table). You can use wipefs command to
+ detect and wipe such signatures.
- Use the --key-file option, like this:
- cryptsetup create --key-file keyfile e1 /dev/loop0
+ * **2.9 How do I read a dm-crypt key from file?**
+ Use the --key-file option, like this:
+```
+ cryptsetup create --key-file keyfile e1 /dev/loop0
+```
This will read the binary key from file, i.e. no hashing or
transformation will be applied to the keyfile before its bits are used
as key. Extra bits (beyond the length of the key) at the end are
sections "NOTES ON PASSPHRASE PROCESSING..." for more detail.
- * 2.10 How do I read a LUKS slot key from file?
+ * **2.10 How do I read a LUKS slot key from file?**
What you really do here is to read a passphrase from file, just as you
would with manual entry of a passphrase for a key-slot. You can add a
To add a new passphrase to a free key slot from file, use something
like this:
-
+```
cryptsetup luksAddKey /dev/loop0 keyfile
-
+```
To add a new passphrase to a specific key-slot, use something
like this:
-
+```
cryptsetup luksAddKey --key-slot 7 /dev/loop0 keyfile
-
+```
To supply a key from file to any LUKS command, use the --key-file
option, e.g. like this:
-
+```
cryptsetup luksOpen --key-file keyfile /dev/loop0 e1
+```
-
- * 2.11 How do I read the LUKS master key from file?
+ * **2.11 How do I read the LUKS volume key from file?**
The question you should ask yourself first is why you would want to do
this. The only legitimate reason I can think of is if you want to have
- two LUKS devices with the same master key. Even then, I think it would
+ two LUKS devices with the same volume key. Even then, I think it would
be preferable to just use key-slots with the same passphrase, or to use
plain dm-crypt instead. If you really have a good reason, please tell
me. If I am convinced, I will add how to do this here.
- * 2.12 What are the security requirements for a key read from file?
+ * **2.12 What are the security requirements for a key read from file?**
A file-stored key or passphrase has the same security requirements as
one entered interactively, however you can use random bytes and thereby
like as key file, for example a plain text file with a human readable
passphrase. To generate a file with random bytes, use something like
this:
-
+```
head -c 256 /dev/random > keyfile
+```
-
- * 2.13 If I map a journaled file system using dm-crypt/LUKS, does
- it still provide its usual transactional guarantees?
+ * **2.13 If I map a journaled file system using dm-crypt/LUKS, does it still provide its usual transactional guarantees?**
Yes, it does, unless a very old kernel is used. The required flags come
from the filesystem layer and are processed and passed onward by
go away.
- * 2.14 Can I use LUKS or cryptsetup with a more secure (external)
- medium for key storage, e.g. TPM or a smartcard?
+ * **2.14 Can I use LUKS or cryptsetup with a more secure (external) medium for key storage, e.g. TPM or a smartcard?**
Yes, see the answers on using a file-supplied key. You do have to write
the glue-logic yourself though. Basically you can have cryptsetup read
gets the key from the more secure key storage.
- * 2.15 Can I resize a dm-crypt or LUKS container?
+ * **2.15 Can I resize a dm-crypt or LUKS container?**
Yes, you can, as neither dm-crypt nor LUKS1 stores partition size and
LUKS2 uses a generic "whole device" size as default. Note that LUKS2
container sizes larger than 2TiB. Use aes-xts-plain64 for that.
- * 2.16 How do I Benchmark the Ciphers, Hashes and Modes?
+ * **2.16 How do I Benchmark the Ciphers, Hashes and Modes?**
Since version 1.60 cryptsetup supports the "benchmark" command.
Simply run as root:
-
+```
cryptsetup benchmark
-
+```
You can get more than the default benchmarks, see the man-page for the
relevant parameters. Note that XTS mode takes two keys, hence the
listed key sizes are double that for other modes and half of it is the
cipher key, the other half is the XTS key.
- * 2.17 How do I Verify I have an Authentic cryptsetup Source Package?
+ * **2.17 How do I Verify I have an Authentic cryptsetup Source Package?**
Current maintainer is Milan Broz and he signs the release packages with
his PGP key. The key he currently uses is the "RSA key ID D93E98FC",
That said, as cryptsetup is under good version control and a malicious
change should be noticed sooner or later, but it may take a while.
Also, the attacker model makes compromising the sources in a non-obvious
- way pretty hard. Sure, you could put the master-key somewhere on disk,
+ way pretty hard. Sure, you could put the volume-key somewhere on disk,
but that is rather obvious as soon as somebody looks as there would be
data in an empty LUKS container in a place it should not be. Doing this
- in a more nefarious way, for example hiding the master-key in the salts,
+ in a more nefarious way, for example hiding the volume-key in the salts,
would need a look at the sources to be discovered, but I think that
somebody would find that sooner or later as well.
as an FAQ can sustain. If in doubt, ask on the mailing list.
- * 2.18 Is there a concern with 4k Sectors?
+ * **2.18 Is there a concern with 4k Sectors?**
Not from dm-crypt itself. Encryption will be done in 512B blocks, but
if the partition and filesystem are aligned correctly and the filesystem
blocks internally (e.g. 128kB or even larger).
- * 2.19 How can I wipe a device with crypto-grade randomness?
+ * **2.19 How can I wipe a device with crypto-grade randomness?**
The conventional recommendation if you want to do more than just a
zero-wipe is to use something like
-
+```
cat /dev/urandom > <target-device>
-
+```
That used to very slow and painful at 10-20MB/s on a fast computer, but
newer kernels can give you > 200MB/s (depending on hardware). An
alternative is using cryptsetup and a plain dm-crypt device with a
defaults are quite enough.
For device set-up, do the following:
-
+```
cryptsetup open --type plain -d /dev/urandom /dev/<device> target
-
+```
This maps the container as plain under /dev/mapper/target with a random
password. For the actual wipe you have several options. Basically, you
pipe zeroes into the opened container that then get encrypted. Simple
wipe without progress-indicator:
-
+```
cat /dev/zero > /dev/mapper/to_be_wiped
-
+```
Progress-indicator by dd_rescue:
-
+```
dd_rescue -w /dev/zero /dev/mapper/to_be_wiped
-
+```
Progress-indicator by my "wcs" stream meter (available from
https://www.tansi.org/tools/index.html ):
-
+```
cat /dev/zero | wcs > /dev/mapper/to_be_wiped
-
+```
Or use plain "dd", which gives you the progress when sent a SIGUSR1, see
- the dd man page.
+ the dd man page. The GNU "dd" command supports the "status=progress"
+ operand that gives you the progress without having to send it any signal.
Remove the mapping at the end and you are done.
- * 2.20 How do I wipe only the LUKS header?
-
+ * **2.20 How do I wipe only the LUKS header?**
+
This does _not_ describe an emergency wipe procedure, see Item 5.4 for
that. This procedure here is intended to be used when the data should
stay intact, e.g. when you change your LUKS container to use a detached
LUKS1:
01) Determine header size in 512 Byte sectors with luksDump:
-
+```
cryptsetup luksDump <device with LUKS container>
-> ...
- Payload offset: <number>
+ Payload offset: <number> [of 512 byte sectors]
...
-
+```
02) Take the result number, multiply by 512 zeros and write to
- the start of the device, e.g. like this:
-
+ the start of the device, e.g. using one of the following alternatives:
+```
dd bs=512 count=<number> if=/dev/zero of=<device>
+```
+```
+ head -c <number * 512> /dev/zero > /dev/<device>
+```
-
- LUKS2: (warning, untested! Remember that backup?) This assumes the
+ LUKS2:
+ (warning, untested! Remember that backup?) This assumes the
LUKS2 container uses the defaults, in particular there is only one data
- segment. 01) Determine the data-segment offset using luksDump, same
+ segment.
+ 01) Determine the data-segment offset using luksDump, same
as above for LUKS1:
-
+```
+ cryptsetup luksDump <device with LUKS container>
-> ...
Data segments:
0: crypt
offset: <number> [bytes]
...
-
+```
02) Overwrite the stated number of bytes from the start of the device.
Just to give yet another way to get a defined number of zeros:
+```
+ head -c <number> /dev/zero > /dev/<device>
+```
- head -c /dev/zero > /dev/<device>
-
+# 3. Common Problems
-3. Common Problems
-
- * 3.1 My dm-crypt/LUKS mapping does not work! What general steps
- are there to investigate the problem?
+ * **3.1 My dm-crypt/LUKS mapping does not work! What general steps are there to investigate the problem?**
If you get a specific error message, investigate what it claims first.
If not, you may want to check the following things.
kernel. The output of "cat /proc/crypto" needs to list them.
- * 3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup.
+ * **3.2 My dm-crypt mapping suddenly stopped when upgrading cryptsetup.**
The default cipher, hash or mode may have changed (the mode changed from
1.0.x to 1.1.x). See under "Issues With Specific Versions of
cryptsetup".
- * 3.3 When I call cryptsetup from cron/CGI, I get errors about
- unknown features?
+ * **3.3 When I call cryptsetup from cron/CGI, I get errors about unknown features?**
If you get errors about unknown parameters or the like that are not
present when cryptsetup is called from the shell, make sure you have no
non-shell mechanism to be sure the right version gets called.
- * 3.4 Unlocking a LUKS device takes very long. Why?
+ * **3.4 Unlocking a LUKS device takes very long. Why?**
The unlock time for a key-slot (see Section 5 for an explanation what
iteration does) is calculated when setting a passphrase. By default it
relevant.
- * 3.5 "blkid" sees a LUKS UUID and an ext2/swap UUID on the same
- device. What is wrong?
+ * **3.5 "blkid" sees a LUKS UUID and an ext2/swap UUID on the same device. What is wrong?**
Some old versions of cryptsetup have a bug where the header does not get
completely wiped during LUKS format and an older ext2/swap signature
Fix: Wipe the unused header areas by doing a backup and restore of
the header with cryptsetup 1.1.x or later:
-
+```
cryptsetup luksHeaderBackup --header-backup-file <file> <device>
cryptsetup luksHeaderRestore --header-backup-file <file> <device>
+```
+
+ * **3.6 I see a data corruption with the Intel QAT kernel driver; why?**
+ Intel QAT crypto API drivers have severe bugs that are not fixed for years.
+ If you see data corruption, please disable the QAT in the BIOS or avoid loading
+ kernel Intel QAT drivers (switch to software crypto implementation or AES-NI).
-4. Troubleshooting
+ For more info, see posts in dm-devel list https://lore.kernel.org/dm-devel/?q=intel+qat
- * 4.1 I get the error "LUKS keyslot x is invalid." What does that mean?
+# 4. Troubleshooting
+
+
+ * **4.1 I get the error "LUKS keyslot x is invalid." What does that mean?**
For LUKS1, this means that the given keyslot has an offset that points
outside the valid keyslot area. Typically, the reason is a corrupted
trouble diagnosing and (if still possible) repairing this.
- * 4.2 I cannot unlock my LUKS container! What could be the problem?
+ * **4.2 I cannot unlock my LUKS container! What could be the problem?**
First, make sure you have a correct passphrase. Then make sure you have
the correct key-map and correct keyboard. And then make sure you have
from cryptsetup >= 1.6.0 again to fix this.
- * 4.3 Can a bad RAM module cause problems?
+ * **4.3 Can a bad RAM module cause problems?**
LUKS and dm-crypt can give the RAM quite a workout, especially when
combined with software RAID. In particular the combination RAID5 +
Note: One thing you should always do on large data copying or movements
is to run a verify, for example with the "-d" option of "tar" or by
doing a set of MD5 checksums on the source or target with
-
+```
find . -type f -exec md5sum \{\} \; > checksum-file
-
+```
and then a "md5sum -c checksum-file" on the other side. If you get
mismatches here, RAM is the primary suspect. A lesser suspect is an
overclocked CPU. I have found countless hardware problems in verify
and copied data to be suspect, unless you did a verify.
- * 4.4 How do I test RAM?
+ * **4.4 How do I test RAM?**
First you should know that overclocking often makes memory problems
worse. So if you overclock (which I strongly recommend against in a
settings to the most conservative ones available and try with that.
- * 4.5 Is there a risk using debugging tools like strace?
+ * **4.5 Is there a risk using debugging tools like strace?**
There most definitely is. A dump from strace and friends can contain
all data entered, including the full passphrase. Example with strace
and passphrase "test":
-
+```
> strace cryptsetup luksOpen /dev/sda10 c1
...
read(6, "test\n", 512) = 5
...
-
+```
Depending on different factors and the tool used, the passphrase may
also be encoded and not plainly visible. Hence it is never a good idea
to give such a trace from a live container to anybody. Recreate the
others.
-5. Security Aspects
+# 5. Security Aspects
- * 5.1 How long is a secure passphrase?
+ * **5.1 How long is a secure passphrase?**
This is just the short answer. For more info and explanation of some of
the terms used in this item, read the rest of Section 5. The actual
That said, it does not matter too much what scheme you use, but it does
matter how much entropy your passphrase contains, because an attacker
has to try on average
-
+```
1/2 * 2^(bits of entropy in passphrase)
-
+```
different passphrases to guess correctly.
Historically, estimations tended to use computing time estimates, but
More references can be found at the end of this document. Note that
these are estimates from the defender side, so assuming something is
- easier than it actually is is fine. An attacker may still have
+ easier than it actually is fine. An attacker may still have
significantly higher cost than estimated here.
LUKS1 used SHA1 (since version 1.7.0 it uses SHA256) for hashing per
a key-slot. I will assume a useful lifetime of the hardware of 2 years.
(This is on the low side.) Disregarding downtime, the machine can then
break
-
+```
N = 68*10^9 * 3600 * 24 * 365 * 2 ~ 4*10^18
-
+```
passphrases for EUR/USD 23k. That is one 62 bit passphrase hashed once
with SHA1 for EUR/USD 23k. This can be parallelized, it can be done
faster than 2 years with several of these machines.
For plain dm-crypt (no hash iteration) this is it. This gives (with
SHA1, plain dm-crypt default is ripemd160 which seems to be slightly
slower than SHA1):
-
+```
Passphrase entropy Cost to break
60 bit EUR/USD 6k
65 bit EUR/USD 200K
80 bit EUR/USD 6B
85 bit EUR/USD 200B
... ...
-
+```
For LUKS1, you have to take into account hash iteration in PBKDF2.
For a current CPU, there are about 100k iterations (as can be queried
with ''cryptsetup luksDump''.
The table above then becomes:
-
+```
Passphrase entropy Cost to break
50 bit EUR/USD 600k
55 bit EUR/USD 20M
70 bit EUR/USD 600B
75 bit EUR/USD 20T
... ...
-
+```
Recommendation:
random English sentence.
- * 5.2 Is LUKS insecure? Everybody can see I have encrypted data!
+ * **5.2 Is LUKS insecure? Everybody can see I have encrypted data!**
In practice it does not really matter. In most civilized countries you
can just refuse to hand over the keys, no harm done. In some countries
countries like the US or the UK are not civilized and do not have fair
laws.
+ As a side-note, standards for biometrics (fingerprint, retina,
+ vein-pattern, etc.) are often different and much lower. If you put
+ your LUKS passphrase into a device that can be unlocked using biometrics,
+ they may force a biometric sample in many countries where they could not
+ force you to give them a passphrase you solely have in your memory and
+ can claim to have forgotten if needed (it happens). If you need protection
+ on this level, make sure you know what the respective legal situation is,
+ also while traveling, and make sure you decide beforehand what you
+ will do if push comes to shove as they will definitely put you under
+ as much pressure as they can legally apply.
+
This means that if you have a large set of random-looking data, they can
already lock you up. Hidden containers (encryption hidden within
encryption), as possible with Truecrypt, do not help either. They will
between "plain" and LUKS format?"
- * 5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition?
+ * **5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition?**
If you just create a filesystem on it, most of the old data will still
be there. If the old data is sensitive, you should overwrite it before
determine how much and where on the partition data was written. If you
think this is a risk, you can prevent this by overwriting the encrypted
device (here assumed to be named "e1") with zeros like this:
-
+```
dd_rescue -w /dev/zero /dev/mapper/e1
-
+```
or alternatively with one of the following more standard commands:
-
+```
cat /dev/zero > /dev/mapper/e1
dd if=/dev/zero of=/dev/mapper/e1
+```
-
- * 5.4 How do I securely erase a LUKS container?
+ * **5.4 How do I securely erase a LUKS container?**
For LUKS, if you are in a desperate hurry, overwrite the LUKS header and
key-slot area. For LUKS1 and LUKS2, just be generous and overwrite the
first 100MB. A single overwrite with zeros should be enough. If you
anticipate being in a desperate hurry, prepare the command beforehand.
Example with /dev/sde1 as the LUKS partition and default parameters:
-
+```
head -c 100000000 /dev/zero > /dev/sde1; sync
-
+```
A LUKS header backup or full backup will still grant access to most or
all data, so make sure that an attacker does not have access to backups
or destroy them as well.
Example for a random-overwrite erase of partition sde1 done with
dd_rescue:
-
+```
dd_rescue -w /dev/urandom /dev/sde1
+```
-
- * 5.5 How do I securely erase a backup of a LUKS partition or header?
+ * **5.5 How do I securely erase a backup of a LUKS partition or header?**
That depends on the medium it is stored on. For HDD and SSD, use
overwrite with random data. For an SSD, FLASH drive (USB stick) hybrid
ashes to a fine powder. A blender and water also works nicely.
- * 5.6 What about backup? Does it compromise security?
+ * **5.6 What about backup? Does it compromise security?**
That depends. See item 6.7.
- * 5.7 Why is all my data permanently gone if I overwrite the LUKS header?
+ * **5.7 Why is all my data permanently gone if I overwrite the LUKS header?**
Overwriting the LUKS header in part or in full is the most common reason
why access to LUKS containers is lost permanently. Overwriting can be
If your header does not contain an intact key-slot salt, best go
directly to the last stage ("Acceptance") and think about what to do
now. There is one exception that I know of: If your LUKS1 container is
- still open, then it may be possible to extract the master key from the
- running system. See Item "How do I recover the master key from a mapped
+ still open, then it may be possible to extract the volume key from the
+ running system. See Item "How do I recover the volume key from a mapped
LUKS1 container?" in Section "Backup and Data Recovery".
For LUKS2, things are both better and worse. First, the salts are in a
how much effort that needs.
- * 5.8 What is a "salt"?
+ * **5.8 What is a "salt"?**
A salt is a random key-grade value added to the passphrase before it is
processed. It is not kept secret. The reason for using salts is as
value (256 bit, e.g.) this is quite infeasible.
- * 5.9 Is LUKS secure with a low-entropy (bad) passphrase?
+ * **5.9 Is LUKS secure with a low-entropy (bad) passphrase?**
Short answer: yes. Do not use a low-entropy passphrase.
Now, if n is the number of bits of entropy in your passphrase and t
is the time it takes to process a passphrase in order to open the
LUKS container, then an attacker has to spend at maximum
-
+```
attack_time_max = 2^n * t
-
+```
time for a successful attack and on average half that. There is no way
getting around that relationship. However, there is one thing that does
help, namely increasing t, the time it takes to use a passphrase, see
passphrase material.
- * 5.10 What is "iteration count" and why is decreasing it a bad idea?
+ * **5.10 What is "iteration count" and why is decreasing it a bad idea?**
LUKS1:
Iteration count is the number of PBKDF2 iterations a passphrase is put
is the only main difference.
- * 5.11 Some people say PBKDF2 is insecure?
+ * **5.11 Some people say PBKDF2 is insecure?**
There is some discussion that a hash-function should have a "large
memory" property, i.e. that it should require a lot of memory to be
and massively reduces the advantages of GPUs and FPGAs.
- * 5.12 What about iteration count with plain dm-crypt?
+ * **5.12 What about iteration count with plain dm-crypt?**
Simple: There is none. There is also no salting. If you use plain
dm-crypt, the only way to be secure is to use a high entropy passphrase.
If in doubt, use LUKS instead.
- * 5.13 Is LUKS with default parameters less secure on a slow CPU?
+ * **5.13 Is LUKS with default parameters less secure on a slow CPU?**
Unfortunately, yes. However the only aspect affected is the protection
- for low-entropy passphrase or master-key. All other security aspects
+ for low-entropy passphrase or volume-key. All other security aspects
are independent of CPU speed.
- The master key is less critical, as you really have to work at it to
+ The volume key is less critical, as you really have to work at it to
give it low entropy. One possibility to mess this up is to supply the
- master key yourself. If that key is low-entropy, then you get what you
+ volume key yourself. If that key is low-entropy, then you get what you
deserve. The other known possibility to create a LUKS container with a
- bad master key is to use /dev/urandom for key generation in an
+ bad volume key is to use /dev/urandom for key generation in an
entropy-starved situation (e.g. automatic installation on an embedded
device without network and other entropy sources or installation in a VM
under certain circumstances).
times at the expected values though at this CPU speed.
- * 5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv?
+ * **5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv?**
Note: This item applies both to plain dm-crypt and to LUKS
and the watermarking attack fails.
- * 5.15 Are there any problems with "plain" IV? What is "plain64"?
+ * **5.15 Are there any problems with "plain" IV? What is "plain64"?**
First, "plain" and "plain64" are both not secure to use with CBC, see
previous FAQ item.
performance penalty compared to "plain".
- * 5.16 What about XTS mode?
+ * **5.16 What about XTS mode?**
XTS mode is potentially even more secure than cbc-essiv (but only if
cbc-essiv is insecure in your scenario). It is a NIST standard and
aes-xts-plain64 is the default for LUKS. If you want to use it with a
cryptsetup before version 1.6.0 or with plain dm-crypt, you have to
specify it manually as "aes-xts-plain", i.e.
-
+```
cryptsetup -c aes-xts-plain luksFormat <device>
-
+```
For volumes >2TiB and kernels >= 2.6.33 use "plain64" (see FAQ item
on "plain" and "plain64"):
-
+```
cryptsetup -c aes-xts-plain64 luksFormat <device>
+```
+ There is a potential security issue with XTS mode and large blocks.
+ LUKS and dm-crypt always use 512B blocks and the issue does not apply.
- There is a potential security issue with XTS mode and blocks larger
- than 2^20 bytes or so. LUKS and dm-crypt always use smaller blocks
- and the issue does not apply.
-
- * 5.17 Is LUKS FIPS-140-2 certified?
+ * **5.17 Is LUKS FIPS-140-2 certified?**
No. But that is more a problem of FIPS-140-2 than of LUKS. From a
technical point-of-view, LUKS with the right parameters would be
From the aspect of actual security, LUKS with default parameters should
be as good as most things that are FIPS-140-2 certified, although you
may want to make sure to use /dev/random (by specifying --use-random on
- luksFormat) as randomness source for the master key to avoid being
+ luksFormat) as randomness source for the volume key to avoid being
potentially insecure in an entropy-starved situation.
- * 5.18 What about Plausible Deniability?
+ * **5.18 What about Plausible Deniability?**
First let me attempt a definition for the case of encrypted filesystems:
Plausible deniability is when you store data inside an encrypted
can figure out how to do it yourself.
- * 5.19 What about SSDs, Flash, Hybrid and SMR Drives?
+ * **5.19 What about SSDs, Flash, Hybrid and SMR Drives?**
The problem is that you cannot reliably erase parts of these devices,
mainly due to wear-leveling and possibly defect management and delayed
does a targeted laptop theft to get at your data, you should be fine.
- * 5.20 LUKS1 is broken! It uses SHA-1!
+ * **5.20 LUKS1 is broken! It uses SHA-1!**
No, it is not. SHA-1 is (academically) broken for finding collisions,
but not for using it in a key-derivation function. And that collision
This basically means that if you already have a slot-key, and you have
set the PBKDF2 iteration count to 1 (it is > 10'000 normally), you could
- (maybe) derive a different passphrase that gives you the the same
- slot-key. But if you have the slot-key, you can already unlock the
- key-slot and get the master key, breaking everything. So basically,
- this SHA-1 vulnerability allows you to open a LUKS1 container with high
- effort when you already have it open.
+ (maybe) derive a different passphrase that gives you the same slot-key.
+ But if you have the slot-key, you can already unlock the key-slot and
+ get the volume key, breaking everything. So basically, this SHA-1
+ vulnerability allows you to open a LUKS1 container with high effort when
+ you already have it open.
The real problem here is people that do not understand crypto and claim
things are broken just because some mechanism is used that has been
where SHA-1 is completely phased out or disabled by a security policy.
- * 5.21 Why is there no "Nuke-Option"?
+ * **5.21 Why is there no "Nuke-Option"?**
A "Nuke-Option" or "Kill-switch" is a password that when entered upon
unlocking instead wipes the header and all passwords. So when somebody
me know.
- * 5.22 Does cryptsetup open network connections to websites, etc. ?
+ * **5.22 Does cryptsetup open network connections to websites, etc. ?**
This question seems not to make much sense at first glance, but here is
an example form the real world: The TrueCrypt GUI has a "Donation"
connection by the user and cryptsetup will stay true to that principle.
-6. Backup and Data Recovery
+ * **5.23 What is cryptsetup CVE-2021-4122?**
+
+ CVE-2021-4122 describes a possible attack against data confidentiality
+ through LUKS2 online reencryption extension crash recovery.
+
+ An attacker can modify on-disk metadata to simulate decryption in
+ progress with crashed (unfinished) reencryption step and persistently
+ decrypt part of the LUKS device.
+ This attack requires repeated physical access to the LUKS device but
+ no knowledge of user passphrases.
- * 6.1 Why do I need Backup?
+ The decryption step is performed after a valid user activates
+ the device with a correct passphrase and modified metadata.
+ There are no visible warnings for the user that such recovery happened
+ (except using the luksDump command). The attack can also be reversed
+ afterward (simulating crashed encryption from a plaintext) with
+ possible modification of revealed plaintext.
+
+ The problem was fixed in cryptsetup version 2.4.3 and 2.3.7.
+
+ For more info, please see the report here:
+ https://seclists.org/oss-sec/2022/q1/34
+
+
+# 6. Backup and Data Recovery
+
+
+ * **6.1 Why do I need Backup?**
First, disks die. The rate for well-treated (!) disk is about 5% per
year, which is high enough to worry about. There is some indication
an update if you change passphrases.
- * 6.2 How do I backup a LUKS header?
+ * **6.2 How do I backup a LUKS header?**
While you could just copy the appropriate number of bytes from the start
of the LUKS partition, the best way is to use command option
"luksHeaderBackup" of cryptsetup. This protects also against errors
when non-standard parameters have been used in LUKS partition creation.
Example:
-
+```
cryptsetup luksHeaderBackup --header-backup-file <file> <device>
-
+```
To restore, use the inverse command, i.e.
-
+```
cryptsetup luksHeaderRestore --header-backup-file <file> <device>
-
+```
If you are unsure about a header to be restored, make a backup of the
current one first! You can also test the header-file without restoring
it by using the --header option for a detached header like this:
-
+```
cryptsetup --header <file> luksOpen <device> </dev/mapper/name>
-
+```
If that unlocks your key-slot, you are good. Do not forget to close
the device again.
Under some circumstances (damaged header), this fails. Then use the
following steps in case it is LUKS1:
- First determine the master-key size:
-
+ First determine the volume (volume) key size:
+```
cryptsetup luksDump <device>
-
+```
gives a line of the form
-
+```
MK bits: <bits>
-
+```
with bits equal to 256 for the old defaults and 512 for the new
defaults. 256 bits equals a total header size of 1'052'672 Bytes and
512 bits one of 2MiB. (See also Item 6.12) If luksDump fails, assume
Second, dump the header to file. There are many ways to do it, I
prefer the following:
-
+```
head -c 1052672 <device> > header_backup.dmp
-
+```
or
-
+```
head -c 2M <device> > header_backup.dmp
-
+```
for a 2MiB header. Verify the size of the dump-file to be sure.
To restore such a backup, you can try luksHeaderRestore or do a more
basic
-
+```
cat header_backup.dmp > <device>
+```
-
- * 6.3 How do I test for a LUKS header?
+ * **6.3 How do I test for a LUKS header?**
Use
-
+```
cryptsetup -v isLuks <device>
-
+```
on the device. Without the "-v" it just signals its result via
exit-status. You can also use the more general test
-
+```
blkid -p <device>
-
+```
which will also detect other types and give some more info. Omit
"-p" for old versions of blkid that do not support it.
- * 6.4 How do I backup a LUKS or dm-crypt partition?
+ * **6.4 How do I backup a LUKS or dm-crypt partition?**
There are two options, a sector-image and a plain file or filesystem
backup of the contents of the partition. The sector image is already
LUKS the LUKS header, the keys-slots and the data area. It can be done
under Linux e.g. with dd_rescue (for a direct image copy) and with
"cat" or "dd". Examples:
-
+```
cat /dev/sda10 > sda10.img
dd_rescue /dev/sda10 sda10.img
-
+```
You can also use any other backup software that is capable of making a
sector image of a partition. Note that compression is ineffective for
encrypted data, hence it does not make sense to use it.
and back it up as you would a normal filesystem. In this case the
backup is not encrypted, unless your encryption method does that. For
example you can encrypt a backup with "tar" as follows with GnuPG:
-
+```
tar cjf - <path> | gpg --cipher-algo AES -c - > backup.tbz2.gpg
-
+```
And verify the backup like this if you are at "path":
-
+```
cat backup.tbz2.gpg | gpg - | tar djf -
-
+```
Note: Always verify backups, especially encrypted ones!
There is one problem with verifying like this: The kernel may still have
some files cached and in fact verify them against RAM or may even verify
RAM against RAM, which defeats the purpose of the exercise. The
following command empties the kernel caches:
-
+```
echo 3 > /proc/sys/vm/drop_caches
-
+```
Run it after backup and before verify.
In both cases GnuPG will ask you interactively for your symmetric key.
mounted containers. Also see next item.
- * 6.5 Do I need a backup of the full partition? Would the header
- and key-slots not be enough?
+ * **6.5 Do I need a backup of the full partition? Would the header and key-slots not be enough?**
Backup protects you against two things: Disk loss or corruption and user
error. By far the most questions on the dm-crypt mailing list about how
against this case.
- * 6.6 What do I need to backup if I use "decrypt_derived"?
+ * **6.6 What do I need to backup if I use "decrypt_derived"?**
This is a script in Debian, intended for mounting /tmp or swap with a
- key derived from the master key of an already decrypted device. If you
+ key derived from the volume key of an already decrypted device. If you
use this for an device with data that should be persistent, you need to
- make sure you either do not lose access to that master key or have a
+ make sure you either do not lose access to that volume key or have a
backup of the data. If you derive from a LUKS device, a header backup
- of that device would cover backing up the master key. Keep in mind that
+ of that device would cover backing up the volume key. Keep in mind that
this does not protect against disk loss.
Note: If you recreate the LUKS header of the device you derive from
- (using luksFormat), the master key changes even if you use the same
+ (using luksFormat), the volume key changes even if you use the same
passphrase(s) and you will not be able to decrypt the derived device
with the new LUKS header.
- * 6.7 Does a backup compromise security?
+ * **6.7 Does a backup compromise security?**
Depends on how you do it. However if you do not have one, you are going
to eventually lose your encrypted data.
control...)
- * 6.8 What happens if I overwrite the start of a LUKS partition or
- damage the LUKS header or key-slots?
+ * **6.8 What happens if I overwrite the start of a LUKS partition or damage the LUKS header or key-slots?**
There are two critical components for decryption: The salt values in the
key-slot descriptors of the header and the key-slots. For LUKS2 they
locations of its 128kiB size is quite enough.
- * 6.9 What happens if I (quick) format a LUKS partition?
+ * **6.9 What happens if I (quick) format a LUKS partition?**
I have not tried the different ways to do this, but very likely you will
have written a new boot-sector, which in turn overwrites the LUKS
also damage the key-slots in part or in full. See also last item.
- * 6.10 How do I recover the master key from a mapped LUKS1 container?
+ * **6.10 How do I recover the volume key from a mapped LUKS1 container?**
Note: LUKS2 uses the kernel keyring to store keys and hence this
procedure does not work unless you have explicitly disabled the use of
WARNING: Things go wrong, do a full backup before trying this!
- WARNING: This exposes the master key of the LUKS1 container. Note that
- both ways to recreate a LUKS header with the old master key described
- below will write the master key to disk. Unless you are sure you have
+ WARNING: This exposes the volume key of the LUKS1 container. Note that
+ both ways to recreate a LUKS header with the old volume key described
+ below will write the volume key to disk. Unless you are sure you have
securely erased it afterwards, e.g. by writing it to an encrypted
partition, RAM disk or by erasing the filesystem you wrote it to by a
- complete overwrite, you should change the master key afterwards.
- Changing the master key requires a full data backup, luksFormat and then
+ complete overwrite, you should change the volume key afterwards.
+ Changing the volume key requires a full data backup, luksFormat and then
restore of the backup. Alternatively the tool cryptsetup-reencrypt from
- the cryptsetup package can be used to change the master key (see its
+ the cryptsetup package can be used to change the volume key (see its
man-page), but a full backup is still highly recommended.
First, there is a script by Milan that automates the whole process,
- except generating a new LUKS1 header with the old master key (it prints
+ except generating a new LUKS1 header with the old volume key (it prints
the command for that though):
- https://gitlab.com/cryptsetup/cryptsetup/blob/master/misc/luks-header-from-active
+ https://gitlab.com/cryptsetup/cryptsetup/blob/main/misc/luks-header-from-active
You can also do this manually. Here is how:
- - Get the master key from the device mapper. This is done by the
+ - Get the volume key from the device mapper. This is done by the
following command. Substitute c5 for whatever you mapped to:
-
+```
# dmsetup table --target crypt --showkey /dev/mapper/c5
Result:
0 200704 crypt aes-cbc-essiv:sha256
a1704d9715f73a1bb4db581dcacadaf405e700d591e93e2eaade13ba653d0d09
0 7:0 4096
-
+```
The result is actually one line, wrapped here for clarity. The long
- hex string is the master key.
+ hex string is the volume key.
- - Convert the master key to a binary file representation. You can do
+ - Convert the volume key to a binary file representation. You can do
this manually, e.g. with hexedit. You can also use the tool "xxd"
from vim like this:
-
- echo "a1704d9....53d0d09" | xxd -r -p > <master-key-file>
-
+```
+ echo "a1704d9....53d0d09" | xxd -r -p > <volume-key-file>
+```
- Do a luksFormat to create a new LUKS1 header.
you can just set a new passphrase, see next sub-item.
Unmap the device before you do that (luksClose). Then do
-
- cryptsetup luksFormat --master-key-file=<master-key-file> <luks device>
-
+```
+ cryptsetup luksFormat --volume-key-file=<volume-key-file> <luks device>
+```
Note that if the container was created with other than the default
settings of the cryptsetup version you are using, you need to give
additional parameters specifying the deviations. If in doubt, try the
script by Milan. It does recover the other parameters as well.
- Side note: This is the way the decrypt_derived script gets at the master
- key. It just omits the conversion and hashes the master key string.
+ Side note: This is the way the decrypt_derived script gets at the volume
+ key. It just omits the conversion and hashes the volume key string.
- If the header is intact and you just forgot the passphrase, just
set a new passphrase like this:
-
- cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device>
-
+```
+ cryptsetup luksAddKey --volume-key-file=<volume-key-file> <luks device>
+```
You may want to disable the old one afterwards.
- * 6.11 What does the on-disk structure of dm-crypt look like?
+ * **6.11 What does the on-disk structure of dm-crypt look like?**
There is none. dm-crypt takes a block device and gives encrypted access
to each of its blocks with a key derived from the passphrase given. If
limited to the area you overwrote.
- * 6.12 What does the on-disk structure of LUKS1 look like?
+ * **6.12 What does the on-disk structure of LUKS1 look like?**
Note: For LUKS2, refer to the LUKS2 document referenced in Item 1.2
Header and key-slot descriptors fill the first 592 bytes. The key-slot
size depends on the creation parameters, namely on the number of
- anti-forensic stripes, key material offset and master key size.
+ anti-forensic stripes, key material offset and volume key size.
With the default parameters, each key-slot is a bit less than 128kiB in
size. Due to sector alignment of the key-slot start, that means the key
The spec counts key-slots from 1 to 8, but the cryptsetup tool counts
from 0 to 7. The numbers here refer to the cryptsetup numbers.
-
+```
Refers to LUKS1 On-Disk Format Specification Version 1.2.3
LUKS1 header:
104 4 (512 bytes per sector)
0x006c 0x04 key-bytes uint32_t number of bytes in key
108 4
-0x0070 0x14 mk-digest byte[] master key checksum
+0x0070 0x14 mk-digest byte[] volume key checksum
112 20 calculated with PBKDF2
0x0084 0x20 mk-digest-salt byte[] salt for PBKDF2 when
132 32 calculating mk-digest
40 4 (512 bytes/sector)
0x002c 0x04 stripes uint32_t number of anti-forensic
44 4 stripes
+```
-
- * 6.13 What is the smallest possible LUKS1 container?
+ * **6.13 What is the smallest possible LUKS1 container?**
Note: From cryptsetup 1.3 onwards, alignment is set to 1MB. With modern
Linux partitioning tools that also align to 1MB, this will result in
has to be considered insecure today.
Example 1 - AES 128 bit with CBC:
-
+```
cryptsetup luksFormat -s 128 --align-payload=8 <device>
-
+```
This results in a data offset of 0x81000, i.e. 516KiB or 528384
bytes. Add one 512 byte sector and the smallest LUKS container size
with these parameters is 516KiB + 512B or 528896 bytes.
Example 2 - Blowfish 64 bit with CBC (WARNING: insecure):
-
+```
cryptsetup luksFormat -c blowfish -s 64 --align-payload=8 /dev/loop0
-
+```
This results in a data offset of 0x41000, i.e. 260kiB or 266240
bytes, with a minimal LUKS1 container size of 260kiB + 512B or 266752
bytes.
- * 6.14 I think this is overly complicated. Is there an alternative?
+ * **6.14 I think this is overly complicated. Is there an alternative?**
Not really. Encryption comes at a price. You can use plain dm-crypt to
simplify things a bit. It does not allow multiple passphrases, but on
part of a plain dm-crypt partition, exactly the overwritten parts are
lost (rounded up to full sectors).
- * 6.15 Can I clone a LUKS container?
+ * **6.15 Can I clone a LUKS container?**
You can, but it breaks security, because the cloned container has the
- same header and hence the same master key. Even if you change the
- passphrase(s), the master key stays the same. That means whoever has
+ same header and hence the same volume key. Even if you change the
+ passphrase(s), the volume key stays the same. That means whoever has
access to one of the clones can decrypt them all, completely bypassing
the passphrases.
- While you can use cryptsetup-reencrypt to change the master key,
+ While you can use cryptsetup-reencrypt to change the volume key,
this is probably more effort than to create separate LUKS containers
in the first place.
Note that if you need to ship (e.g.) cloned LUKS containers with a
default passphrase, that is fine as long as each container was
- individually created (and hence has its own master key). In this case,
+ individually created (and hence has its own volume key). In this case,
changing the default passphrase will make it secure again.
+ * **6.16 How to convert the printed volume key to a raw one?**
+ A volume key printed via something like:
+```
+ cryptsetup --dump-volume-key luksDump /dev/<device> >volume-key
+```
+(i.e. without using `--volume-key-file`), which gives something like:
+```
+LUKS header information for /dev/<device>
+Cipher name: aes
+Cipher mode: xts-plain64
+Payload offset: 32768
+UUID: 6e914442-e8b5-4eb5-98c4-5bf0cf17ecad
+MK bits: 512
+MK dump: e0 3f 15 c2 0f e5 80 ab 35 b4 10 03 ae 30 b9 5d
+ 4c 0d 28 9e 1b 0f e3 b0 50 57 ef d4 4d 53 a0 12
+ b7 4e 43 a1 20 7e c5 02 1f f1 f5 08 04 3c f5 20
+ a6 0b 23 f6 7b 53 55 aa 22 d8 aa 02 e0 2f d5 04
+```
+can be converted to the raw volume key for example via:
+```
+ sed -E -n '/^MK dump:\t/,/^[^\t]/{0,/^MK dump:\t/s/^MK dump://; /^([^\t].*)?$/q; s/\t+//p;};' volume-key | xxd -r -p
+```
+
+
+
-7. Interoperability with other Disk Encryption Tools
+# 7. Interoperability with other Disk Encryption Tools
- * 7.1 What is this section about?
+ * **7.1 What is this section about?**
Cryptsetup for plain dm-crypt can be used to access a number of on-disk
formats created by tools like loop-aes patched into losetup. This
be interested, please email the FAQ maintainer.
- * 7.2 loop-aes: General observations.
+ * **7.2 loop-aes: General observations.**
One problem is that there are different versions of losetup around.
loop-aes is a patch for losetup. Possible problems and deviations
that worked for somebody.
- * 7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32
+ * **7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32**
In this case, the main problem seems to be that this variant of
losetup takes the offset (-o option) in bytes, while cryptsetup takes
it in sectors of 512 bytes each.
Example: The losetup command
-
+```
losetup -e twofish -o 2560 /dev/loop0 /dev/sdb1
mount /dev/loop0 mount-point
-
+```
translates to
-
+```
cryptsetup create -c twofish -o 5 --skip 5 e1 /dev/sdb1
mount /dev/mapper/e1 mount-point
+```
-
- * 7.4 loop-aes with 160 bit key
+ * **7.4 loop-aes with 160 bit key**
This seems to be sometimes used with twofish and blowfish and represents
a 160 bit ripemed160 hash output padded to 196 bit key length. It seems
the corresponding options for cryptsetup are
-
+```
--cipher twofish-cbc-null -s 192 -h ripemd160:20
+```
-
- * 7.5 loop-aes v1 format OpenSUSE
+ * **7.5 loop-aes v1 format OpenSUSE**
Apparently this is done by older OpenSUSE distros and stopped working
from OpenSUSE 12.1 to 12.2. One user had success with the following:
-
+```
cryptsetup create <target> <device> -c aes -s 128 -h sha256
+```
-
- * 7.6 Kernel encrypted loop device (cryptoloop)
+ * **7.6 Kernel encrypted loop device (cryptoloop)**
There are a number of different losetup implementations for using
encrypted loop devices so getting this to work may need a bit of
implementations are insecure and future support is uncertain.
Example for a compatible mapping:
-
+```
losetup -e twofish -N /dev/loop0 /image.img
-
+```
translates to
-
+```
cryptsetup create image_plain /image.img -c twofish-cbc-plain -H plain
-
+```
with the mapping being done to /dev/mapper/image_plain instead of
to /dev/loop0.
More details:
Cipher, mode and password hash (or no hash):
-
+```
-e cipher [-N] => -c cipher-cbc-plain -H plain [-s 256]
-e cipher => -c cipher-cbc-plain -H ripemd160 [-s 256]
-
+```
Key size and offsets (losetup: bytes, cryptsetuop: sectors of 512 bytes):
-
+```
-k 128 => -s 128
-o 2560 => -o 5 -p 5 # 2560/512 = 5
-
+```
There is no replacement for --pass-fd, it has to be emulated using
keyfiles, see the cryptsetup man-page.
-8. Issues with Specific Versions of cryptsetup
+# 8. Issues with Specific Versions of cryptsetup
- * 8.1 When using the create command for plain dm-crypt with
- cryptsetup 1.1.x, the mapping is incompatible and my data is not
- accessible anymore!
+ * **8.1 When using the create command for plain dm-crypt with cryptsetup 1.1.x, the mapping is incompatible and my data is not accessible anymore!**
With cryptsetup 1.1.x, the distro maintainer can define different
default encryption modes. You can check the compiled-in defaults using
If you are using a plain device and you need a compatible mode, just
specify cipher, key size and hash algorithm explicitly. For
compatibility with cryptsetup 1.0.x defaults, simple use the following:
-
+```
cryptsetup create -c aes-cbc-plain -s 256 -h ripemd160 <name> <dev>
-
+```
LUKS stores cipher and mode in the metadata on disk, avoiding this
problem.
- * 8.2 cryptsetup on SLED 10 has problems...
+ * **8.2 cryptsetup on SLED 10 has problems...**
SLED 10 is missing an essential kernel patch for dm-crypt, which is
broken in its kernel as a result. There may be a very old version of
anymore as well. My advice would be to drop SLED 10.
- * 8.3 Gcrypt 1.6.x and later break Whirlpool
+ * **8.3 Gcrypt 1.6.x and later break Whirlpool**
It is the other way round: In gcrypt 1.5.x, Whirlpool is broken and it
was fixed in 1.6.0 and later. If you selected whirlpool as hash on
- Make sure you have cryptsetup 1.6.4 or later and check the gcrypt
version:
-
+```
cryptsetup luksDump <your luks device> --debug | grep backend
-
+```
If gcrypt is at version 1.5.x or before:
- Reencrypt the LUKS header with a different hash. (Requires entering
all keyslot passphrases. If you do not have all, remove the ones you
do not have before.):
-
+```
cryptsetup-reencrypt --keep-key --hash sha256 <your luks device>
-
+```
If gcrypt is at version 1.6.1 or later:
- Patch the hash name in the LUKS header from "whirlpool" to
The detailed header layout is in Item 6.12 of this FAQ and in the
LUKS on-disk format specification. One way to change the hash is
with the following command:
-
+```
echo -n -e 'whirlpool_gcryptbug\0' | dd of=<luks device> bs=1 seek=72 conv=notrunc
-
+```
- You can now open the device again. It is highly advisable to change
the hash now with cryptsetup-reencrypt as described above. While you
can reencrypt to use the fixed whirlpool, that may not be a good idea
bug was discovered.
-9. The Initrd question
+# 9. The Initrd question
- * 9.1 My initrd is broken with cryptsetup
+ * **9.1 My initrd is broken with cryptsetup**
That is not nice! However the initrd is supplied by your distribution,
not by the cryptsetup project and hence you should complain to them. We
cannot really do anything about it.
- * 9.2 CVE-2016-4484 says cryptsetup is broken!
+ * **9.2 CVE-2016-4484 says cryptsetup is broken!**
Not really. It says the initrd in some Debian versions have a behavior
that under some very special and unusual conditions may be considered
than by any actual security concerns. Ignore it.
- * 9.3 How do I do my own initrd with cryptsetup?
+ * **9.3 How do I do my own initrd with cryptsetup?**
Note: The instructions here apply to an initrd in initramfs format, not
to an initrd in initrd format. The latter is a filesystem image, not a
A Linux initrd is in gzip'ed cpio format. To unpack it, use something
like this:
-
- md tmp; cd tmp; cat ../initrd | gunzip | cpio -id
-
+```
+ mkdir tmp; cd tmp; cat ../initrd | gunzip | cpio -id
+```
After this, you have the full initrd content in tmp/
02) Inspecting the init-script
in Debian the main init on the root partition is a binary, but the init
in the initrd (and only that one is called by the kernel) is a script
and starts like this:
-
+```
#!/bin/sh
....
-
+```
The "sh" used here is in tmp/bin/sh as just unpacked, and in Debian it
currently is a busybox.
Here is a really minimal example. It does nothing but set up some
things and then drop to an interactive shell. It is perfect to try out
things that you want to go into the init-script.
-
+```
#!/bin/sh
export PATH=/sbin:/bin
[ -d /sys ] || mkdir /sys
mount -t proc -o nodev,noexec,nosuid proc /proc
echo "initrd is running, starting BusyBox..."
exec /bin/sh --login
-
+```
Here is an example that opens the first LUKS-partition it finds with the
hard-coded password "test2" and then mounts it as root-filesystem. This
/dev/mapper/c1 /mnt/root". The second argument of switch_root is relative
to the first argument, i.e. the init started with this command is really
/mnt/sbin/init before switch_root runs.
-
+```
#!/bin/sh
export PATH=/sbin:/bin
[ -d /sys ] || mkdir /sys
done
echo "FAIL finding root on LUKS, loading BusyBox..."; sleep 5
exec /bin/sh --login
-
+```
04) What if I want a binary in the initrd, but libraries are missing?
the initrd is a kernel-parameter) and move to /boot. That is it.
-10. LUKS2 Questions
+# 10. LUKS2 Questions
- * 10.1 Is the cryptography of LUKS2 different?
+ * **10.1 Is the cryptography of LUKS2 different?**
Mostly not. The header has changed in its structure, but the
- crytpgraphy is the same. The one exception is that PBKDF2 has been
+ cryptography is the same. The one exception is that PBKDF2 has been
replaced by Argon2 to give better resilience against attacks by
graphics cards and other hardware with lots of computing power but
limited local memory per computing element.
- * 10.2 What new features does LUKS2 have?
+ * **10.2 What new features does LUKS2 have?**
There are quite a few. I recommend reading the man-page and the on-disk
format specification, see Item 1.2.
- The LUKS2 header is less vulnerable to corruption and has a 2nd copy
- * 10.3 Why does LUKS2 need so much memory?
+ * **10.3 Why does LUKS2 need so much memory?**
LUKS2 uses Argon2 instead of PBKDF2. That causes the increase in memory.
See next item.
- * 10.4 Why use Argon2 in LUKS 2 instead of PBKDF2?
+ * **10.4 Why use Argon2 in LUKS 2 instead of PBKDF2?**
LUKS tries to be secure with not-so-good passwords. Bad passwords need to
be protected in some way against an attacker that just tries all possible
password stored in a database, but there are similarities.
LUKS does not store passwords on disk. Instead, the passwords are used to
- decrypt the master-key with it and that one is stored on disk in encrypted
+ decrypt the volume-key with it and that one is stored on disk in encrypted
form. If you have a good password, with, say, more than 80 bits of
entropy, you could just put the password through a single crypto-hash (to
turn it into something that can be used as a key) and that would be secure.
low amount of memory used for Argon2 when creating the header.
- * 10.5 LUKS2 is insecure! It uses less memory than the Argon2 RFC say!
+ * **10.5 LUKS2 is insecure! It uses less memory than the Argon2 RFC say!**
Well, not really. The RFC recommends 6GiB of memory for use with disk
encryption. That is a bit insane and something clearly went wrong in the
with any memory parameter.
- * 10.6 How does re-encryption store data while it is running?
+ * **10.6 How does re-encryption store data while it is running?**
All metadata necessary to perform a recovery of said segment (in case of
crash) is stored in the LUKS2 metadata area. No matter if the LUKS2
reencryption was run in online or offline mode.
- * 10.7 What do I do if re-encryption crashes?
+ * **10.7 What do I do if re-encryption crashes?**
In case of a reencryption application crash, try to close the original
device via following command first:
-
+```
cryptsetup close <my_crypt_device>.
-
+```
Cryptsetup assesses if it's safe to teardown the reencryption device stack
or not. It will also cut off I/O (via dm-error mapping) to current
hotzone segment (to make later recovery possible). If it can't be torn
could damage the data beyond repair.
- * 10.8 Do I need to enter two passphrases to recover a crashed
- re-encryption?
+ * **10.8 Do I need to enter two passphrases to recover a crashed re-encryption?**
Cryptsetup (command line utility) expects the passphrases to be identical
for the keyslot containing old volume key and for the keyslot containing
the "cryptsetup repair" command.
- * 10.9 What is an unbound keyslot and what is it used for?
+ * **10.9 What is an unbound keyslot and what is it used for?**
Quite simply, an 'unbound key' is an independent 'key' stored in a luks2
keyslot that cannot be used to unlock a LUKS2 data device. More specifically,
currently associated with any data/crypt segment (encrypted area) in the
LUKS2 'Segments' section (displayed by luksDump).
- This is a bit of a more general idea. It basically allows to use a keyslot
- as a container for a key to be used in other things than decrypting a
- data segment.
+ This is a bit of a more general idea. It basically allows one to use a
+ keyslot as a container for a key to be used in other things than decrypting
+ a data segment.
As of April 2020, the following uses are defined:
(and bound to the respective crypt segment).
- * 10.10 What about the size of the LUKS2 header?
+ * **10.10 What about the size of the LUKS2 header**?
While the LUKS1 header has a fixed size that is determined by the cipher
spec (see Item 6.12), LUKS2 is more variable. The default size is 16MB,
recreate the container with changed parameters and restore that backup.
- * 10.11 Does LUKS2 store metadata anywhere except in the header?
+ * **10.11 Does LUKS2 store metadata anywhere except in the header?**
It does not. But note that if you use the experimental integrity support,
there will be an integrity header as well at the start of the data area
start of the device, nothing gets stored somewhere in the middle or at
the end.
+ * **10.12 What is a LUKS2 Token?**
+
+ A LUKS2 token is an object that describes "how to get a passphrase or
+ key" to unlock particular keyslot. A LUKS2 token is stored as json data
+ in the LUKS2 header. The token can be related to all keyslots or a
+ specific one. As the token is stored in JSON formay it is text by
+ default but binary data can be encoded into it according to the JSON
+ conventions.
+
+ Documentation on the last changes to LUKS2 tokens can be found in the
+ release notes. As of version 2.4 of cryptsetup, there are significant
+ features. The standard documentation for working with tokens is
+ in the luks2 reference available as PDF on the project page.
+
+
+# 11. References and Further Reading
-11. References and Further Reading
- * Purpose of this Section
+ * **Purpose of this Section**
The purpose of this section is to collect references to all materials
that do not fit the FAQ but are relevant in some fashion. This can be
At this time I would like to limit the references to things that are
available on the web.
- * Specifications
+ * **Specifications**
- LUKS on-disk format spec: See Item 1.2
- * Other Documentation
+ * **Other Documentation**
- Arch Linux on LUKS, LVM and full-disk encryption:
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
- * Code Examples
+ * **Code Examples**
- Some code examples are in the source package under docs/examples
- LUKS AF Splitter in Ruby by John Lane: https://rubygems.org/gems/afsplitter
- * Brute-forcing passphrases
+ * **Brute-forcing passphrases**
- http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
- https://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes
- * Tools
+ * **Tools**
- * SSD and Flash Disk Related
+ * **SSD and Flash Disk Related**
- * Disk Encryption
+ * **Disk Encryption**
- * Attacks Against Disk Encryption
+ * **Attacks Against Disk Encryption**
- * Risk Management as Relevant for Disk Encryption
+ * **Risk Management as Relevant for Disk Encryption**
- * Cryptography
+ * **Cryptography**
- * Secure Storage
+ * **Secure Storage**
-A. Contributors
+# A. Contributors
In no particular order:
- Arno Wagner
+++ /dev/null
-Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
-Foundation, Inc.
-
- This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-Basic Installation
-==================
-
- These are generic installation instructions.
-
- The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation. It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions. Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
- It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring. (Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.)
-
- If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release. If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
- The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'. You only need
-`configure.ac' if you want to change it or regenerate `configure' using
-a newer version of `autoconf'.
-
-The simplest way to compile this package is:
-
- 1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system. If you're
- using `csh' on an old version of System V, you might need to type
- `sh ./configure' instead to prevent `csh' from trying to execute
- `configure' itself.
-
- Running `configure' takes a while. While running, it prints some
- messages telling which features it is checking for.
-
- 2. Type `make' to compile the package.
-
- 3. Optionally, type `make check' to run any self-tests that come with
- the package.
-
- 4. Type `make install' to install the programs and any data files and
- documentation.
-
- 5. You can remove the program binaries and object files from the
- source code directory by typing `make clean'. To also remove the
- files that `configure' created (so you can compile the package for
- a different kind of computer), type `make distclean'. There is
- also a `make maintainer-clean' target, but that is intended mainly
- for the package's developers. If you use it, you may have to get
- all sorts of other programs in order to regenerate files that came
- with the distribution.
-
-Compilers and Options
-=====================
-
- Some systems require unusual options for compilation or linking that
-the `configure' script does not know about. Run `./configure --help'
-for details on some of the pertinent environment variables.
-
- You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment. Here
-is an example:
-
- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
-
- *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
- You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory. To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'. `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script. `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
- If you have to use a `make' that does not support the `VPATH'
-variable, you have to compile the package for one architecture at a
-time in the source code directory. After you have installed the
-package for one architecture, use `make distclean' before reconfiguring
-for another architecture.
-
-Installation Names
-==================
-
- By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc. You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
-
- You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files. If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
-
- In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
-kinds of files. Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
-
- If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
- Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System). The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
- For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
- There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on. Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
-`--build=TYPE' option. TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
- CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
- OS KERNEL-OS
-
- See the file `config.sub' for the possible values of each field. If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
- If you are _building_ compiler tools for cross-compiling, you should
-use the `--target=TYPE' option to select the type of system they will
-produce code for.
-
- If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
- If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists. Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
- Variables not defined in a site shell script can be set in the
-environment passed to `configure'. However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost. In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'. For example:
-
- ./configure CC=/usr/local2/bin/gcc
-
-will cause the specified gcc to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-`configure' Invocation
-======================
-
- `configure' recognizes the following options to control how it
-operates.
-
-`--help'
-`-h'
- Print a summary of the options to `configure', and exit.
-
-`--version'
-`-V'
- Print the version of Autoconf used to generate the `configure'
- script, and exit.
-
-`--cache-file=FILE'
- Enable the cache: use and save the results of the tests in FILE,
- traditionally `config.cache'. FILE defaults to `/dev/null' to
- disable caching.
-
-`--config-cache'
-`-C'
- Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
- Do not print messages saying which checks are being made. To
- suppress all normal output, redirect it to `/dev/null' (any error
- messages will still be shown).
-
-`--srcdir=DIR'
- Look for the package's source code in directory DIR. Usually
- `configure' can determine that directory automatically.
-
-`configure' also accepts some other, not widely useful, options. Run
-`configure --help' for more details.
-
-EXTRA_DIST = COPYING.LGPL FAQ docs misc
-SUBDIRS = po tests
+EXTRA_DIST = README.md COPYING.LGPL FAQ.md docs misc autogen.sh
+SUBDIRS = po tests tests/fuzz
CLEANFILES =
DISTCLEAN_TARGETS =
-DLIBDIR=\""$(libdir)"\" \
-DPREFIX=\""$(prefix)"\" \
-DSYSCONFDIR=\""$(sysconfdir)"\" \
- -DVERSION=\""$(VERSION)"\"
+ -DVERSION=\""$(VERSION)"\" \
+ -DEXTERNAL_LUKS2_TOKENS_PATH=\"${EXTERNAL_LUKS2_TOKENS_PATH}\"
AM_CFLAGS = -Wall -fPIE
+AM_CXXFLAGS = -Wall
AM_LDFLAGS = -pie
-LDADD = $(LTLIBINTL) -lm
+if ENABLE_FUZZ_TARGETS
+AM_CFLAGS += -fsanitize=fuzzer-no-link
+AM_CXXFLAGS += -fsanitize=fuzzer-no-link
+endif
+
+LDADD = $(LTLIBINTL)
tmpfilesddir = @DEFAULT_TMPFILESDIR@
+include_HEADERS =
+lib_LTLIBRARIES =
noinst_LTLIBRARIES =
sbin_PROGRAMS =
man8_MANS =
tmpfilesd_DATA =
+pkgconfig_DATA =
+dist_noinst_DATA =
include man/Makemodule.am
include lib/Makemodule.am
include src/Makemodule.am
+include tokens/Makemodule.am
ACLOCAL_AMFLAGS = -I m4
DISTCHECK_CONFIGURE_FLAGS = \
--with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \
- --enable-internal-argon2 --enable-internal-sse-argon2
+ --enable-internal-argon2 --enable-internal-sse-argon2 \
+ --enable-external-tokens --enable-ssh-token --enable-asciidoc
distclean-local:
-find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f
clean-local:
-rm -rf docs/doxygen_api_docs libargon2.la
+
+install-data-local:
+ $(MKDIR_P) -m 0755 $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH}
+
+uninstall-local:
+ rmdir $(DESTDIR)/${EXTERNAL_LUKS2_TOKENS_PATH} 2>/dev/null || :
+
+check-programs: libcryptsetup.la
+ $(MAKE) -C tests $@
+
+if ENABLE_FUZZ_TARGETS
+fuzz-targets: libcryptsetup.la libcrypto_backend.la
+ $(MAKE) -C tests/fuzz $@
+endif
+++ /dev/null
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-sbin_PROGRAMS = $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3) \
- $(am__EXEEXT_4) $(am__EXEEXT_5) $(am__EXEEXT_6) \
- $(am__EXEEXT_7) $(am__EXEEXT_8)
-@VERITYSETUP_TRUE@am__append_1 = man/veritysetup.8
-@REENCRYPT_TRUE@am__append_2 = man/cryptsetup-reencrypt.8
-@INTEGRITYSETUP_TRUE@am__append_3 = man/integritysetup.8
-@CRYPTSETUP_TMPFILE_TRUE@am__append_4 = scripts/cryptsetup.conf
-@CRYPTO_INTERNAL_ARGON2_TRUE@am__append_5 = libargon2.la
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@am__append_6 = lib/crypto_backend/argon2/blake2/blamka-round-opt.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@ lib/crypto_backend/argon2/opt.c
-
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@am__append_7 = lib/crypto_backend/argon2/blake2/blamka-round-ref.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@ lib/crypto_backend/argon2/ref.c
-
-@CRYPTO_INTERNAL_ARGON2_TRUE@am__append_8 = lib/crypto_backend/argon2/LICENSE \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/README
-@CRYPTO_BACKEND_GCRYPT_TRUE@am__append_9 = lib/crypto_backend/crypto_gcrypt.c
-@CRYPTO_BACKEND_OPENSSL_TRUE@am__append_10 = lib/crypto_backend/crypto_openssl.c
-@CRYPTO_BACKEND_NSS_TRUE@am__append_11 = lib/crypto_backend/crypto_nss.c
-@CRYPTO_BACKEND_KERNEL_TRUE@am__append_12 = lib/crypto_backend/crypto_kernel.c
-@CRYPTO_BACKEND_NETTLE_TRUE@am__append_13 = lib/crypto_backend/crypto_nettle.c
-@CRYPTO_INTERNAL_PBKDF2_TRUE@am__append_14 = lib/crypto_backend/pbkdf2_generic.c
-@CRYPTSETUP_TRUE@am__append_15 = cryptsetup
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am__append_16 = cryptsetup.static
-@VERITYSETUP_TRUE@am__append_17 = veritysetup
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__append_18 = veritysetup.static
-@INTEGRITYSETUP_TRUE@am__append_19 = integritysetup
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am__append_20 = integritysetup.static
-@REENCRYPT_TRUE@am__append_21 = cryptsetup-reencrypt
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__append_22 = cryptsetup-reencrypt.static
-subdir = .
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
- $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
- $(am__configure_deps) $(include_HEADERS) $(am__DIST_COMMON)
-am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
- configure.lineno config.status.lineno
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = lib/libcryptsetup.pc scripts/cryptsetup.conf
-CONFIG_CLEAN_VPATH_FILES =
-@CRYPTSETUP_TRUE@am__EXEEXT_1 = cryptsetup$(EXEEXT)
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_2 = cryptsetup.static$(EXEEXT)
-@VERITYSETUP_TRUE@am__EXEEXT_3 = veritysetup$(EXEEXT)
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am__EXEEXT_4 = veritysetup.static$(EXEEXT)
-@INTEGRITYSETUP_TRUE@am__EXEEXT_5 = integritysetup$(EXEEXT)
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_6 = integritysetup.static$(EXEEXT)
-@REENCRYPT_TRUE@am__EXEEXT_7 = cryptsetup-reencrypt$(EXEEXT)
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am__EXEEXT_8 = cryptsetup-reencrypt.static$(EXEEXT)
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" \
- "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)" \
- "$(DESTDIR)$(tmpfilesddir)" "$(DESTDIR)$(includedir)"
-PROGRAMS = $(sbin_PROGRAMS)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
-libargon2_la_LIBADD =
-am__libargon2_la_SOURCES_DIST = \
- lib/crypto_backend/argon2/blake2/blake2b.c \
- lib/crypto_backend/argon2/blake2/blake2.h \
- lib/crypto_backend/argon2/blake2/blake2-impl.h \
- lib/crypto_backend/argon2/argon2.c \
- lib/crypto_backend/argon2/argon2.h \
- lib/crypto_backend/argon2/core.c \
- lib/crypto_backend/argon2/core.h \
- lib/crypto_backend/argon2/encoding.c \
- lib/crypto_backend/argon2/encoding.h \
- lib/crypto_backend/argon2/thread.c \
- lib/crypto_backend/argon2/thread.h \
- lib/crypto_backend/argon2/blake2/blamka-round-opt.h \
- lib/crypto_backend/argon2/opt.c \
- lib/crypto_backend/argon2/blake2/blamka-round-ref.h \
- lib/crypto_backend/argon2/ref.c
-am__dirstamp = $(am__leading_dot)dirstamp
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_TRUE@am__objects_1 = lib/crypto_backend/argon2/libargon2_la-opt.lo
-@CRYPTO_INTERNAL_ARGON2_TRUE@@CRYPTO_INTERNAL_SSE_ARGON2_FALSE@am__objects_2 = lib/crypto_backend/argon2/libargon2_la-ref.lo
-@CRYPTO_INTERNAL_ARGON2_TRUE@am_libargon2_la_OBJECTS = lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-argon2.lo \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-core.lo \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-encoding.lo \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/libargon2_la-thread.lo \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ $(am__objects_1) $(am__objects_2)
-libargon2_la_OBJECTS = $(am_libargon2_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-libargon2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libargon2_la_CFLAGS) \
- $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
-@CRYPTO_INTERNAL_ARGON2_TRUE@am_libargon2_la_rpath =
-am__libcrypto_backend_la_SOURCES_DIST = \
- lib/crypto_backend/crypto_backend.h \
- lib/crypto_backend/crypto_backend_internal.h \
- lib/crypto_backend/crypto_cipher_kernel.c \
- lib/crypto_backend/crypto_storage.c \
- lib/crypto_backend/pbkdf_check.c lib/crypto_backend/crc32.c \
- lib/crypto_backend/argon2_generic.c \
- lib/crypto_backend/cipher_generic.c \
- lib/crypto_backend/cipher_check.c \
- lib/crypto_backend/crypto_gcrypt.c \
- lib/crypto_backend/crypto_openssl.c \
- lib/crypto_backend/crypto_nss.c \
- lib/crypto_backend/crypto_kernel.c \
- lib/crypto_backend/crypto_nettle.c \
- lib/crypto_backend/pbkdf2_generic.c
-@CRYPTO_BACKEND_GCRYPT_TRUE@am__objects_3 = lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo
-@CRYPTO_BACKEND_OPENSSL_TRUE@am__objects_4 = lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo
-@CRYPTO_BACKEND_NSS_TRUE@am__objects_5 = lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo
-@CRYPTO_BACKEND_KERNEL_TRUE@am__objects_6 = lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo
-@CRYPTO_BACKEND_NETTLE_TRUE@am__objects_7 = lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo
-@CRYPTO_INTERNAL_PBKDF2_TRUE@am__objects_8 = lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo
-am_libcrypto_backend_la_OBJECTS = lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo \
- lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo \
- lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo \
- lib/crypto_backend/libcrypto_backend_la-crc32.lo \
- lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo \
- lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo \
- lib/crypto_backend/libcrypto_backend_la-cipher_check.lo \
- $(am__objects_3) $(am__objects_4) $(am__objects_5) \
- $(am__objects_6) $(am__objects_7) $(am__objects_8)
-libcrypto_backend_la_OBJECTS = $(am_libcrypto_backend_la_OBJECTS)
-libcrypto_backend_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(libcrypto_backend_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
-am__DEPENDENCIES_1 =
-am_libcryptsetup_la_OBJECTS = lib/libcryptsetup_la-setup.lo \
- lib/libcryptsetup_la-utils.lo \
- lib/libcryptsetup_la-utils_benchmark.lo \
- lib/libcryptsetup_la-utils_crypt.lo \
- lib/libcryptsetup_la-utils_loop.lo \
- lib/libcryptsetup_la-utils_devpath.lo \
- lib/libcryptsetup_la-utils_wipe.lo \
- lib/libcryptsetup_la-utils_fips.lo \
- lib/libcryptsetup_la-utils_device.lo \
- lib/libcryptsetup_la-utils_keyring.lo \
- lib/libcryptsetup_la-utils_device_locking.lo \
- lib/libcryptsetup_la-utils_pbkdf.lo \
- lib/libcryptsetup_la-utils_safe_memory.lo \
- lib/libcryptsetup_la-utils_storage_wrappers.lo \
- lib/libcryptsetup_la-libdevmapper.lo \
- lib/libcryptsetup_la-volumekey.lo \
- lib/libcryptsetup_la-random.lo \
- lib/libcryptsetup_la-crypt_plain.lo \
- lib/libcryptsetup_la-base64.lo \
- lib/integrity/libcryptsetup_la-integrity.lo \
- lib/loopaes/libcryptsetup_la-loopaes.lo \
- lib/tcrypt/libcryptsetup_la-tcrypt.lo \
- lib/luks1/libcryptsetup_la-af.lo \
- lib/luks1/libcryptsetup_la-keyencryption.lo \
- lib/luks1/libcryptsetup_la-keymanage.lo \
- lib/verity/libcryptsetup_la-verity_hash.lo \
- lib/verity/libcryptsetup_la-verity_fec.lo \
- lib/verity/libcryptsetup_la-verity.lo \
- lib/verity/libcryptsetup_la-rs_encode_char.lo \
- lib/verity/libcryptsetup_la-rs_decode_char.lo \
- lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo \
- lib/luks2/libcryptsetup_la-luks2_json_format.lo \
- lib/luks2/libcryptsetup_la-luks2_json_metadata.lo \
- lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo \
- lib/luks2/libcryptsetup_la-luks2_digest.lo \
- lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo \
- lib/luks2/libcryptsetup_la-luks2_keyslot.lo \
- lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo \
- lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo \
- lib/luks2/libcryptsetup_la-luks2_reencrypt.lo \
- lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo \
- lib/luks2/libcryptsetup_la-luks2_segment.lo \
- lib/luks2/libcryptsetup_la-luks2_token_keyring.lo \
- lib/luks2/libcryptsetup_la-luks2_token.lo \
- lib/libcryptsetup_la-utils_blkid.lo \
- lib/bitlk/libcryptsetup_la-bitlk.lo
-libcryptsetup_la_OBJECTS = $(am_libcryptsetup_la_OBJECTS)
-libcryptsetup_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(libcryptsetup_la_CFLAGS) $(CFLAGS) \
- $(libcryptsetup_la_LDFLAGS) $(LDFLAGS) -o $@
-libutils_io_la_LIBADD =
-am_libutils_io_la_OBJECTS = lib/libutils_io_la-utils_io.lo
-libutils_io_la_OBJECTS = $(am_libutils_io_la_OBJECTS)
-libutils_io_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(libutils_io_la_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o \
- $@
-am__cryptsetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \
- lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \
- src/utils_password.c src/utils_luks2.c src/utils_blockdev.c \
- src/cryptsetup.c src/cryptsetup.h
-@CRYPTSETUP_TRUE@am_cryptsetup_OBJECTS = lib/utils_crypt.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_password.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_luks2.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_blockdev.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/cryptsetup.$(OBJEXT)
-cryptsetup_OBJECTS = $(am_cryptsetup_OBJECTS)
-am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
-@CRYPTSETUP_TRUE@cryptsetup_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-@CRYPTSETUP_TRUE@ libcryptsetup.la
-am__cryptsetup_reencrypt_SOURCES_DIST = lib/utils_crypt.c \
- lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \
- lib/utils_loop.c src/utils_password.c \
- src/cryptsetup_reencrypt.c src/cryptsetup.h
-@REENCRYPT_TRUE@am_cryptsetup_reencrypt_OBJECTS = \
-@REENCRYPT_TRUE@ lib/utils_crypt.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_io.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/utils_tools.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_loop.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/utils_password.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.$(OBJEXT)
-cryptsetup_reencrypt_OBJECTS = $(am_cryptsetup_reencrypt_OBJECTS)
-@REENCRYPT_TRUE@cryptsetup_reencrypt_DEPENDENCIES = \
-@REENCRYPT_TRUE@ $(am__DEPENDENCIES_2) libcryptsetup.la
-am__cryptsetup_reencrypt_static_SOURCES_DIST = lib/utils_crypt.c \
- lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \
- lib/utils_loop.c src/utils_password.c \
- src/cryptsetup_reencrypt.c src/cryptsetup.h
-@REENCRYPT_TRUE@am__objects_9 = lib/utils_crypt.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_io.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/utils_tools.$(OBJEXT) \
-@REENCRYPT_TRUE@ lib/utils_loop.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/utils_password.$(OBJEXT) \
-@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.$(OBJEXT)
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@am_cryptsetup_reencrypt_static_OBJECTS = \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_9)
-cryptsetup_reencrypt_static_OBJECTS = \
- $(am_cryptsetup_reencrypt_static_OBJECTS)
-@REENCRYPT_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
-@REENCRYPT_TRUE@ libcryptsetup.la
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_DEPENDENCIES = \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_3)
-cryptsetup_reencrypt_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(cryptsetup_reencrypt_static_LDFLAGS) \
- $(LDFLAGS) -o $@
-am__cryptsetup_static_SOURCES_DIST = lib/utils_crypt.c \
- lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \
- src/utils_tools.c src/utils_password.c src/utils_luks2.c \
- src/utils_blockdev.c src/cryptsetup.c src/cryptsetup.h
-@CRYPTSETUP_TRUE@am__objects_10 = lib/utils_crypt.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_password.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_luks2.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/utils_blockdev.$(OBJEXT) \
-@CRYPTSETUP_TRUE@ src/cryptsetup.$(OBJEXT)
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@am_cryptsetup_static_OBJECTS = \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_10)
-cryptsetup_static_OBJECTS = $(am_cryptsetup_static_OBJECTS)
-@CRYPTSETUP_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_2) \
-@CRYPTSETUP_TRUE@ libcryptsetup.la
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_DEPENDENCIES = \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_4)
-cryptsetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(cryptsetup_static_LDFLAGS) $(LDFLAGS) \
- -o $@
-am__integritysetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \
- lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \
- src/integritysetup.c src/cryptsetup.h
-@INTEGRITYSETUP_TRUE@am_integritysetup_OBJECTS = \
-@INTEGRITYSETUP_TRUE@ lib/utils_crypt.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ src/integritysetup.$(OBJEXT)
-integritysetup_OBJECTS = $(am_integritysetup_OBJECTS)
-@INTEGRITYSETUP_TRUE@integritysetup_DEPENDENCIES = \
-@INTEGRITYSETUP_TRUE@ $(am__DEPENDENCIES_2) libcryptsetup.la
-am__integritysetup_static_SOURCES_DIST = lib/utils_crypt.c \
- lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \
- src/utils_tools.c src/integritysetup.c src/cryptsetup.h
-@INTEGRITYSETUP_TRUE@am__objects_11 = lib/utils_crypt.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@INTEGRITYSETUP_TRUE@ src/integritysetup.$(OBJEXT)
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@am_integritysetup_static_OBJECTS = \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__objects_11)
-integritysetup_static_OBJECTS = $(am_integritysetup_static_OBJECTS)
-@INTEGRITYSETUP_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_2) \
-@INTEGRITYSETUP_TRUE@ libcryptsetup.la
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_DEPENDENCIES = \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(am__DEPENDENCIES_5)
-integritysetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(integritysetup_static_LDFLAGS) \
- $(LDFLAGS) -o $@
-am__veritysetup_SOURCES_DIST = lib/utils_crypt.c lib/utils_loop.c \
- lib/utils_io.c lib/utils_blkid.c src/utils_tools.c \
- src/utils_password.c src/veritysetup.c src/cryptsetup.h
-@VERITYSETUP_TRUE@am_veritysetup_OBJECTS = lib/utils_crypt.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/utils_password.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/veritysetup.$(OBJEXT)
-veritysetup_OBJECTS = $(am_veritysetup_OBJECTS)
-@VERITYSETUP_TRUE@veritysetup_DEPENDENCIES = $(am__DEPENDENCIES_2) \
-@VERITYSETUP_TRUE@ libcryptsetup.la
-am__veritysetup_static_SOURCES_DIST = lib/utils_crypt.c \
- lib/utils_loop.c lib/utils_io.c lib/utils_blkid.c \
- src/utils_tools.c src/utils_password.c src/veritysetup.c \
- src/cryptsetup.h
-@VERITYSETUP_TRUE@am__objects_12 = lib/utils_crypt.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_loop.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_io.$(OBJEXT) \
-@VERITYSETUP_TRUE@ lib/utils_blkid.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/utils_tools.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/utils_password.$(OBJEXT) \
-@VERITYSETUP_TRUE@ src/veritysetup.$(OBJEXT)
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@am_veritysetup_static_OBJECTS = \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__objects_12)
-veritysetup_static_OBJECTS = $(am_veritysetup_static_OBJECTS)
-@VERITYSETUP_TRUE@am__DEPENDENCIES_6 = $(am__DEPENDENCIES_2) \
-@VERITYSETUP_TRUE@ libcryptsetup.la
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_DEPENDENCIES = \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(am__DEPENDENCIES_6)
-veritysetup_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(veritysetup_static_LDFLAGS) \
- $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = lib/$(DEPDIR)/libcryptsetup_la-base64.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-random.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-setup.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo \
- lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo \
- lib/$(DEPDIR)/libutils_io_la-utils_io.Plo \
- lib/$(DEPDIR)/utils_blkid.Po lib/$(DEPDIR)/utils_crypt.Po \
- lib/$(DEPDIR)/utils_io.Po lib/$(DEPDIR)/utils_loop.Po \
- lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo \
- lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo \
- lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo \
- lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo \
- lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo \
- lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo \
- lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo \
- lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo \
- lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo \
- lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo \
- lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo \
- lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo \
- lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo \
- lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo \
- lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo \
- lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo \
- src/$(DEPDIR)/cryptsetup.Po \
- src/$(DEPDIR)/cryptsetup_reencrypt.Po \
- src/$(DEPDIR)/integritysetup.Po \
- src/$(DEPDIR)/utils_blockdev.Po src/$(DEPDIR)/utils_luks2.Po \
- src/$(DEPDIR)/utils_password.Po src/$(DEPDIR)/utils_tools.Po \
- src/$(DEPDIR)/veritysetup.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libargon2_la_SOURCES) $(libcrypto_backend_la_SOURCES) \
- $(libcryptsetup_la_SOURCES) $(libutils_io_la_SOURCES) \
- $(cryptsetup_SOURCES) $(cryptsetup_reencrypt_SOURCES) \
- $(cryptsetup_reencrypt_static_SOURCES) \
- $(cryptsetup_static_SOURCES) $(integritysetup_SOURCES) \
- $(integritysetup_static_SOURCES) $(veritysetup_SOURCES) \
- $(veritysetup_static_SOURCES)
-DIST_SOURCES = $(am__libargon2_la_SOURCES_DIST) \
- $(am__libcrypto_backend_la_SOURCES_DIST) \
- $(libcryptsetup_la_SOURCES) $(libutils_io_la_SOURCES) \
- $(am__cryptsetup_SOURCES_DIST) \
- $(am__cryptsetup_reencrypt_SOURCES_DIST) \
- $(am__cryptsetup_reencrypt_static_SOURCES_DIST) \
- $(am__cryptsetup_static_SOURCES_DIST) \
- $(am__integritysetup_SOURCES_DIST) \
- $(am__integritysetup_static_SOURCES_DIST) \
- $(am__veritysetup_SOURCES_DIST) \
- $(am__veritysetup_static_SOURCES_DIST)
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(man8_MANS)
-DATA = $(pkgconfig_DATA) $(tmpfilesd_DATA)
-HEADERS = $(include_HEADERS)
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \
- config.h.in
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DIST_SUBDIRS = $(SUBDIRS)
-am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(srcdir)/lib/Makemodule.am \
- $(srcdir)/lib/crypto_backend/Makemodule.am \
- $(srcdir)/lib/crypto_backend/argon2/Makemodule.am \
- $(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am \
- $(srcdir)/src/Makemodule.am \
- $(top_srcdir)/lib/libcryptsetup.pc.in \
- $(top_srcdir)/scripts/cryptsetup.conf.in ABOUT-NLS AUTHORS \
- COPYING ChangeLog INSTALL NEWS README TODO compile \
- config.guess config.rpath config.sub depcomp install-sh \
- ltmain.sh missing
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-distdir = $(PACKAGE)-$(VERSION)
-top_distdir = $(distdir)
-am__remove_distdir = \
- if test -d "$(distdir)"; then \
- find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
- && rm -rf "$(distdir)" \
- || { sleep 5 && rm -rf "$(distdir)"; }; \
- else :; fi
-am__post_remove_distdir = $(am__remove_distdir)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
-GZIP_ENV = --best
-DIST_TARGETS = dist-xz dist-gzip
-# Exists only to be overridden by the user if desired.
-AM_DISTCHECK_DVI_TARGET = dvi
-distuninstallcheck_listfiles = find . -type f -print
-am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
- | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
-distcleancheck_listfiles = find . -type f -print
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BLKID_CFLAGS = @BLKID_CFLAGS@
-BLKID_LIBS = @BLKID_LIBS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
-CRYPTO_LIBS = @CRYPTO_LIBS@
-CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFAULT_LUKS2_LOCK_DIR_PERMS = @DEFAULT_LUKS2_LOCK_DIR_PERMS@
-DEFAULT_LUKS2_LOCK_PATH = @DEFAULT_LUKS2_LOCK_PATH@
-DEFAULT_TMPFILESDIR = @DEFAULT_TMPFILESDIR@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@
-DEVMAPPER_LIBS = @DEVMAPPER_LIBS@
-DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@
-DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-JSON_C_CFLAGS = @JSON_C_CFLAGS@
-JSON_C_LIBS = @JSON_C_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBARGON2_CFLAGS = @LIBARGON2_CFLAGS@
-LIBARGON2_LIBS = @LIBARGON2_LIBS@
-LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@
-LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@
-LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
-LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
-LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSS_CFLAGS = @NSS_CFLAGS@
-NSS_LIBS = @NSS_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
-OPENSSL_LIBS = @OPENSSL_LIBS@
-OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@
-OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PASSWDQC_LIBS = @PASSWDQC_LIBS@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POPT_LIBS = @POPT_LIBS@
-POSUB = @POSUB@
-PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@
-PWQUALITY_LIBS = @PWQUALITY_LIBS@
-PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-USE_NLS = @USE_NLS@
-UUID_LIBS = @UUID_LIBS@
-VERSION = @VERSION@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-systemd_tmpfilesdir = @systemd_tmpfilesdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = COPYING.LGPL FAQ docs misc man/cryptsetup.8 \
- man/integritysetup.8 man/veritysetup.8 \
- man/cryptsetup-reencrypt.8 $(am__append_8) \
- lib/libcryptsetup.pc.in lib/libcryptsetup.sym
-SUBDIRS = po tests
-CLEANFILES =
-DISTCLEAN_TARGETS = scripts/cryptsetup.conf
-AM_CPPFLAGS = \
- -include config.h \
- -I$(top_srcdir)/lib \
- -DDATADIR=\""$(datadir)"\" \
- -DLOCALEDIR=\""$(datadir)/locale"\" \
- -DLIBDIR=\""$(libdir)"\" \
- -DPREFIX=\""$(prefix)"\" \
- -DSYSCONFDIR=\""$(sysconfdir)"\" \
- -DVERSION=\""$(VERSION)"\"
-
-AM_CFLAGS = -Wall
-AM_LDFLAGS =
-LDADD = $(LTLIBINTL) -lm
-tmpfilesddir = @DEFAULT_TMPFILESDIR@
-noinst_LTLIBRARIES = $(am__append_5) libcrypto_backend.la \
- libutils_io.la
-man8_MANS = man/cryptsetup.8 $(am__append_1) $(am__append_2) \
- $(am__append_3)
-tmpfilesd_DATA = $(am__append_4)
-@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_CFLAGS = $(AM_CFLAGS) -std=c89 -pthread -O3
-@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_CPPFLAGS = $(AM_CPPFLAGS) \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ -I lib/crypto_backend/argon2 \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ -I lib/crypto_backend/argon2/blake2
-
-@CRYPTO_INTERNAL_ARGON2_TRUE@libargon2_la_SOURCES = lib/crypto_backend/argon2/blake2/blake2b.c \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/blake2/blake2.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/blake2/blake2-impl.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/argon2.c \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/argon2.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/core.c \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/core.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/encoding.c \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/encoding.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/thread.c \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ lib/crypto_backend/argon2/thread.h \
-@CRYPTO_INTERNAL_ARGON2_TRUE@ $(am__append_6) $(am__append_7)
-libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@
-libcrypto_backend_la_SOURCES = lib/crypto_backend/crypto_backend.h \
- lib/crypto_backend/crypto_backend_internal.h \
- lib/crypto_backend/crypto_cipher_kernel.c \
- lib/crypto_backend/crypto_storage.c \
- lib/crypto_backend/pbkdf_check.c lib/crypto_backend/crc32.c \
- lib/crypto_backend/argon2_generic.c \
- lib/crypto_backend/cipher_generic.c \
- lib/crypto_backend/cipher_check.c $(am__append_9) \
- $(am__append_10) $(am__append_11) $(am__append_12) \
- $(am__append_13) $(am__append_14)
-@CRYPTO_INTERNAL_ARGON2_TRUE@libcrypto_backend_la_DEPENDENCIES = libargon2.la
-@CRYPTO_INTERNAL_ARGON2_TRUE@libcrypto_backend_la_LIBADD = libargon2.la
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = lib/libcryptsetup.pc
-lib_LTLIBRARIES = libcryptsetup.la
-include_HEADERS = lib/libcryptsetup.h
-libutils_io_la_CFLAGS = $(AM_CFLAGS)
-libutils_io_la_SOURCES = \
- lib/utils_io.c \
- lib/utils_io.h
-
-libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) \
- -I $(top_srcdir)/lib/crypto_backend \
- -I $(top_srcdir)/lib/luks1 \
- -I $(top_srcdir)/lib/luks2 \
- -I $(top_srcdir)/lib/loopaes \
- -I $(top_srcdir)/lib/verity \
- -I $(top_srcdir)/lib/tcrypt \
- -I $(top_srcdir)/lib/integrity \
- -I $(top_srcdir)/lib/bitlk
-
-libcryptsetup_la_DEPENDENCIES = libutils_io.la libcrypto_backend.la lib/libcryptsetup.sym
-libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \
- -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \
- -version-info @LIBCRYPTSETUP_VERSION_INFO@
-
-libcryptsetup_la_CFLAGS = $(AM_CFLAGS) @CRYPTO_CFLAGS@
-libcryptsetup_la_LIBADD = \
- @UUID_LIBS@ \
- @DEVMAPPER_LIBS@ \
- @CRYPTO_LIBS@ \
- @LIBARGON2_LIBS@ \
- @JSON_C_LIBS@ \
- @BLKID_LIBS@ \
- $(LTLIBICONV) \
- libcrypto_backend.la \
- libutils_io.la
-
-libcryptsetup_la_SOURCES = \
- lib/setup.c \
- lib/internal.h \
- lib/bitops.h \
- lib/nls.h \
- lib/libcryptsetup.h \
- lib/utils.c \
- lib/utils_benchmark.c \
- lib/utils_crypt.c \
- lib/utils_crypt.h \
- lib/utils_loop.c \
- lib/utils_loop.h \
- lib/utils_devpath.c \
- lib/utils_wipe.c \
- lib/utils_fips.c \
- lib/utils_fips.h \
- lib/utils_device.c \
- lib/utils_keyring.c \
- lib/utils_keyring.h \
- lib/utils_device_locking.c \
- lib/utils_device_locking.h \
- lib/utils_pbkdf.c \
- lib/utils_safe_memory.c \
- lib/utils_storage_wrappers.c \
- lib/utils_storage_wrappers.h \
- lib/libdevmapper.c \
- lib/utils_dm.h \
- lib/volumekey.c \
- lib/random.c \
- lib/crypt_plain.c \
- lib/base64.h \
- lib/base64.c \
- lib/integrity/integrity.h \
- lib/integrity/integrity.c \
- lib/loopaes/loopaes.h \
- lib/loopaes/loopaes.c \
- lib/tcrypt/tcrypt.h \
- lib/tcrypt/tcrypt.c \
- lib/luks1/af.h \
- lib/luks1/af.c \
- lib/luks1/keyencryption.c \
- lib/luks1/keymanage.c \
- lib/luks1/luks.h \
- lib/verity/verity_hash.c \
- lib/verity/verity_fec.c \
- lib/verity/verity.c \
- lib/verity/verity.h \
- lib/verity/rs_encode_char.c \
- lib/verity/rs_decode_char.c \
- lib/verity/rs.h \
- lib/luks2/luks2_disk_metadata.c \
- lib/luks2/luks2_json_format.c \
- lib/luks2/luks2_json_metadata.c \
- lib/luks2/luks2_luks1_convert.c \
- lib/luks2/luks2_digest.c \
- lib/luks2/luks2_digest_pbkdf2.c \
- lib/luks2/luks2_keyslot.c \
- lib/luks2/luks2_keyslot_luks2.c \
- lib/luks2/luks2_keyslot_reenc.c \
- lib/luks2/luks2_reencrypt.c \
- lib/luks2/luks2_reencrypt_digest.c \
- lib/luks2/luks2_segment.c \
- lib/luks2/luks2_token_keyring.c \
- lib/luks2/luks2_token.c \
- lib/luks2/luks2_internal.h \
- lib/luks2/luks2.h \
- lib/utils_blkid.c \
- lib/utils_blkid.h \
- lib/bitlk/bitlk.h \
- lib/bitlk/bitlk.c
-
-
-# cryptsetup
-@CRYPTSETUP_TRUE@cryptsetup_SOURCES = \
-@CRYPTSETUP_TRUE@ lib/utils_crypt.c \
-@CRYPTSETUP_TRUE@ lib/utils_loop.c \
-@CRYPTSETUP_TRUE@ lib/utils_io.c \
-@CRYPTSETUP_TRUE@ lib/utils_blkid.c \
-@CRYPTSETUP_TRUE@ src/utils_tools.c \
-@CRYPTSETUP_TRUE@ src/utils_password.c \
-@CRYPTSETUP_TRUE@ src/utils_luks2.c \
-@CRYPTSETUP_TRUE@ src/utils_blockdev.c \
-@CRYPTSETUP_TRUE@ src/cryptsetup.c \
-@CRYPTSETUP_TRUE@ src/cryptsetup.h
-
-@CRYPTSETUP_TRUE@cryptsetup_LDADD = $(LDADD) \
-@CRYPTSETUP_TRUE@ libcryptsetup.la \
-@CRYPTSETUP_TRUE@ @POPT_LIBS@ \
-@CRYPTSETUP_TRUE@ @PWQUALITY_LIBS@ \
-@CRYPTSETUP_TRUE@ @PASSWDQC_LIBS@ \
-@CRYPTSETUP_TRUE@ @UUID_LIBS@ \
-@CRYPTSETUP_TRUE@ @BLKID_LIBS@
-
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_SOURCES = $(cryptsetup_SOURCES)
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_static_LDADD = \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(cryptsetup_LDADD) \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @PWQUALITY_STATIC_LIBS@ \
-@CRYPTSETUP_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@
-
-
-# veritysetup
-@VERITYSETUP_TRUE@veritysetup_SOURCES = \
-@VERITYSETUP_TRUE@ lib/utils_crypt.c \
-@VERITYSETUP_TRUE@ lib/utils_loop.c \
-@VERITYSETUP_TRUE@ lib/utils_io.c \
-@VERITYSETUP_TRUE@ lib/utils_blkid.c \
-@VERITYSETUP_TRUE@ src/utils_tools.c \
-@VERITYSETUP_TRUE@ src/utils_password.c \
-@VERITYSETUP_TRUE@ src/veritysetup.c \
-@VERITYSETUP_TRUE@ src/cryptsetup.h
-
-@VERITYSETUP_TRUE@veritysetup_LDADD = $(LDADD) \
-@VERITYSETUP_TRUE@ libcryptsetup.la \
-@VERITYSETUP_TRUE@ @POPT_LIBS@ \
-@VERITYSETUP_TRUE@ @PWQUALITY_LIBS@ \
-@VERITYSETUP_TRUE@ @PASSWDQC_LIBS@ \
-@VERITYSETUP_TRUE@ @BLKID_LIBS@
-
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_SOURCES = $(veritysetup_SOURCES)
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_LDADD = \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ $(veritysetup_LDADD) \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @CRYPTO_STATIC_LIBS@ \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @DEVMAPPER_STATIC_LIBS@ \
-@STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@ @UUID_LIBS@
-
-
-# integritysetup
-@INTEGRITYSETUP_TRUE@integritysetup_SOURCES = \
-@INTEGRITYSETUP_TRUE@ lib/utils_crypt.c \
-@INTEGRITYSETUP_TRUE@ lib/utils_loop.c \
-@INTEGRITYSETUP_TRUE@ lib/utils_io.c \
-@INTEGRITYSETUP_TRUE@ lib/utils_blkid.c \
-@INTEGRITYSETUP_TRUE@ src/utils_tools.c \
-@INTEGRITYSETUP_TRUE@ src/integritysetup.c \
-@INTEGRITYSETUP_TRUE@ src/cryptsetup.h
-
-@INTEGRITYSETUP_TRUE@integritysetup_LDADD = $(LDADD) \
-@INTEGRITYSETUP_TRUE@ libcryptsetup.la \
-@INTEGRITYSETUP_TRUE@ @POPT_LIBS@ \
-@INTEGRITYSETUP_TRUE@ @UUID_LIBS@ \
-@INTEGRITYSETUP_TRUE@ @BLKID_LIBS@
-
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_SOURCES = $(integritysetup_SOURCES)
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_LDADD = \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ $(integritysetup_LDADD) \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@ \
-@INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@ @UUID_LIBS@
-
-
-# reencrypt
-@REENCRYPT_TRUE@cryptsetup_reencrypt_SOURCES = \
-@REENCRYPT_TRUE@ lib/utils_crypt.c \
-@REENCRYPT_TRUE@ lib/utils_io.c \
-@REENCRYPT_TRUE@ lib/utils_blkid.c \
-@REENCRYPT_TRUE@ src/utils_tools.c \
-@REENCRYPT_TRUE@ lib/utils_loop.c \
-@REENCRYPT_TRUE@ src/utils_password.c \
-@REENCRYPT_TRUE@ src/cryptsetup_reencrypt.c \
-@REENCRYPT_TRUE@ src/cryptsetup.h
-
-@REENCRYPT_TRUE@cryptsetup_reencrypt_LDADD = $(LDADD) \
-@REENCRYPT_TRUE@ libcryptsetup.la \
-@REENCRYPT_TRUE@ @POPT_LIBS@ \
-@REENCRYPT_TRUE@ @PWQUALITY_LIBS@ \
-@REENCRYPT_TRUE@ @PASSWDQC_LIBS@ \
-@REENCRYPT_TRUE@ @UUID_LIBS@ \
-@REENCRYPT_TRUE@ @BLKID_LIBS@
-
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES)
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@cryptsetup_reencrypt_static_LDADD = \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ $(cryptsetup_reencrypt_LDADD) \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @CRYPTO_STATIC_LIBS@ \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @PWQUALITY_STATIC_LIBS@ \
-@REENCRYPT_TRUE@@STATIC_TOOLS_TRUE@ @DEVMAPPER_STATIC_LIBS@
-
-ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = \
- --with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \
- --enable-internal-argon2 --enable-internal-sse-argon2
-
-all: config.h
- $(MAKE) $(AM_MAKEFLAGS) all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-am--refresh: Makefile
- @:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am $(srcdir)/lib/crypto_backend/argon2/Makemodule.am $(srcdir)/lib/crypto_backend/Makemodule.am $(srcdir)/lib/Makemodule.am $(srcdir)/src/Makemodule.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
- $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
- && exit 0; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- echo ' $(SHELL) ./config.status'; \
- $(SHELL) ./config.status;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
- esac;
-$(srcdir)/man/Makemodule.am $(srcdir)/scripts/Makemodule.am $(srcdir)/lib/crypto_backend/argon2/Makemodule.am $(srcdir)/lib/crypto_backend/Makemodule.am $(srcdir)/lib/Makemodule.am $(srcdir)/src/Makemodule.am $(am__empty):
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- $(SHELL) ./config.status --recheck
-
-$(top_srcdir)/configure: $(am__configure_deps)
- $(am__cd) $(srcdir) && $(AUTOCONF)
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
-$(am__aclocal_m4_deps):
-
-config.h: stamp-h1
- @test -f $@ || rm -f stamp-h1
- @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
-
-stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
- @rm -f stamp-h1
- cd $(top_builddir) && $(SHELL) ./config.status config.h
-$(srcdir)/config.h.in: $(am__configure_deps)
- ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
- rm -f stamp-h1
- touch $@
-
-distclean-hdr:
- -rm -f config.h stamp-h1
-lib/libcryptsetup.pc: $(top_builddir)/config.status $(top_srcdir)/lib/libcryptsetup.pc.in
- cd $(top_builddir) && $(SHELL) ./config.status $@
-scripts/cryptsetup.conf: $(top_builddir)/config.status $(top_srcdir)/scripts/cryptsetup.conf.in
- cd $(top_builddir) && $(SHELL) ./config.status $@
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-sbinPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(sbindir)" && rm -f $$files
-
-clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
- }
-
-uninstall-libLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
- done
-
-clean-libLTLIBRARIES:
- -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
- @list='$(lib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-clean-noinstLTLIBRARIES:
- -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
- @list='$(noinst_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-lib/crypto_backend/argon2/blake2/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend/argon2/blake2
- @: > lib/crypto_backend/argon2/blake2/$(am__dirstamp)
-lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend/argon2/blake2/$(DEPDIR)
- @: > lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo: \
- lib/crypto_backend/argon2/blake2/$(am__dirstamp) \
- lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend/argon2
- @: > lib/crypto_backend/argon2/$(am__dirstamp)
-lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend/argon2/$(DEPDIR)
- @: > lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-argon2.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-core.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-encoding.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-thread.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-opt.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/argon2/libargon2_la-ref.lo: \
- lib/crypto_backend/argon2/$(am__dirstamp) \
- lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
-
-libargon2.la: $(libargon2_la_OBJECTS) $(libargon2_la_DEPENDENCIES) $(EXTRA_libargon2_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libargon2_la_LINK) $(am_libargon2_la_rpath) $(libargon2_la_OBJECTS) $(libargon2_la_LIBADD) $(LIBS)
-lib/crypto_backend/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend
- @: > lib/crypto_backend/$(am__dirstamp)
-lib/crypto_backend/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/crypto_backend/$(DEPDIR)
- @: > lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crc32.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-cipher_check.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo: \
- lib/crypto_backend/$(am__dirstamp) \
- lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
-
-libcrypto_backend.la: $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_DEPENDENCIES) $(EXTRA_libcrypto_backend_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libcrypto_backend_la_LINK) $(libcrypto_backend_la_OBJECTS) $(libcrypto_backend_la_LIBADD) $(LIBS)
-lib/$(am__dirstamp):
- @$(MKDIR_P) lib
- @: > lib/$(am__dirstamp)
-lib/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/$(DEPDIR)
- @: > lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-setup.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_benchmark.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_crypt.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_loop.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_devpath.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_wipe.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_fips.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_device.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_keyring.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_device_locking.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_pbkdf.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_safe_memory.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_storage_wrappers.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-libdevmapper.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-volumekey.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-random.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-crypt_plain.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-base64.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/integrity/$(am__dirstamp):
- @$(MKDIR_P) lib/integrity
- @: > lib/integrity/$(am__dirstamp)
-lib/integrity/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/integrity/$(DEPDIR)
- @: > lib/integrity/$(DEPDIR)/$(am__dirstamp)
-lib/integrity/libcryptsetup_la-integrity.lo: \
- lib/integrity/$(am__dirstamp) \
- lib/integrity/$(DEPDIR)/$(am__dirstamp)
-lib/loopaes/$(am__dirstamp):
- @$(MKDIR_P) lib/loopaes
- @: > lib/loopaes/$(am__dirstamp)
-lib/loopaes/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/loopaes/$(DEPDIR)
- @: > lib/loopaes/$(DEPDIR)/$(am__dirstamp)
-lib/loopaes/libcryptsetup_la-loopaes.lo: lib/loopaes/$(am__dirstamp) \
- lib/loopaes/$(DEPDIR)/$(am__dirstamp)
-lib/tcrypt/$(am__dirstamp):
- @$(MKDIR_P) lib/tcrypt
- @: > lib/tcrypt/$(am__dirstamp)
-lib/tcrypt/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/tcrypt/$(DEPDIR)
- @: > lib/tcrypt/$(DEPDIR)/$(am__dirstamp)
-lib/tcrypt/libcryptsetup_la-tcrypt.lo: lib/tcrypt/$(am__dirstamp) \
- lib/tcrypt/$(DEPDIR)/$(am__dirstamp)
-lib/luks1/$(am__dirstamp):
- @$(MKDIR_P) lib/luks1
- @: > lib/luks1/$(am__dirstamp)
-lib/luks1/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/luks1/$(DEPDIR)
- @: > lib/luks1/$(DEPDIR)/$(am__dirstamp)
-lib/luks1/libcryptsetup_la-af.lo: lib/luks1/$(am__dirstamp) \
- lib/luks1/$(DEPDIR)/$(am__dirstamp)
-lib/luks1/libcryptsetup_la-keyencryption.lo: \
- lib/luks1/$(am__dirstamp) lib/luks1/$(DEPDIR)/$(am__dirstamp)
-lib/luks1/libcryptsetup_la-keymanage.lo: lib/luks1/$(am__dirstamp) \
- lib/luks1/$(DEPDIR)/$(am__dirstamp)
-lib/verity/$(am__dirstamp):
- @$(MKDIR_P) lib/verity
- @: > lib/verity/$(am__dirstamp)
-lib/verity/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/verity/$(DEPDIR)
- @: > lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/verity/libcryptsetup_la-verity_hash.lo: \
- lib/verity/$(am__dirstamp) \
- lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/verity/libcryptsetup_la-verity_fec.lo: lib/verity/$(am__dirstamp) \
- lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/verity/libcryptsetup_la-verity.lo: lib/verity/$(am__dirstamp) \
- lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/verity/libcryptsetup_la-rs_encode_char.lo: \
- lib/verity/$(am__dirstamp) \
- lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/verity/libcryptsetup_la-rs_decode_char.lo: \
- lib/verity/$(am__dirstamp) \
- lib/verity/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/$(am__dirstamp):
- @$(MKDIR_P) lib/luks2
- @: > lib/luks2/$(am__dirstamp)
-lib/luks2/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/luks2/$(DEPDIR)
- @: > lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_json_format.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_json_metadata.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_digest.lo: lib/luks2/$(am__dirstamp) \
- lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_keyslot.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_reencrypt.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_segment.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_token_keyring.lo: \
- lib/luks2/$(am__dirstamp) lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/luks2/libcryptsetup_la-luks2_token.lo: lib/luks2/$(am__dirstamp) \
- lib/luks2/$(DEPDIR)/$(am__dirstamp)
-lib/libcryptsetup_la-utils_blkid.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/bitlk/$(am__dirstamp):
- @$(MKDIR_P) lib/bitlk
- @: > lib/bitlk/$(am__dirstamp)
-lib/bitlk/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) lib/bitlk/$(DEPDIR)
- @: > lib/bitlk/$(DEPDIR)/$(am__dirstamp)
-lib/bitlk/libcryptsetup_la-bitlk.lo: lib/bitlk/$(am__dirstamp) \
- lib/bitlk/$(DEPDIR)/$(am__dirstamp)
-
-libcryptsetup.la: $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_DEPENDENCIES) $(EXTRA_libcryptsetup_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libcryptsetup_la_LINK) -rpath $(libdir) $(libcryptsetup_la_OBJECTS) $(libcryptsetup_la_LIBADD) $(LIBS)
-lib/libutils_io_la-utils_io.lo: lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-
-libutils_io.la: $(libutils_io_la_OBJECTS) $(libutils_io_la_DEPENDENCIES) $(EXTRA_libutils_io_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libutils_io_la_LINK) $(libutils_io_la_OBJECTS) $(libutils_io_la_LIBADD) $(LIBS)
-lib/utils_crypt.$(OBJEXT): lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/utils_loop.$(OBJEXT): lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/utils_io.$(OBJEXT): lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-lib/utils_blkid.$(OBJEXT): lib/$(am__dirstamp) \
- lib/$(DEPDIR)/$(am__dirstamp)
-src/$(am__dirstamp):
- @$(MKDIR_P) src
- @: > src/$(am__dirstamp)
-src/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) src/$(DEPDIR)
- @: > src/$(DEPDIR)/$(am__dirstamp)
-src/utils_tools.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-src/utils_password.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-src/utils_luks2.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-src/utils_blockdev.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-src/cryptsetup.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-
-cryptsetup$(EXEEXT): $(cryptsetup_OBJECTS) $(cryptsetup_DEPENDENCIES) $(EXTRA_cryptsetup_DEPENDENCIES)
- @rm -f cryptsetup$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(cryptsetup_OBJECTS) $(cryptsetup_LDADD) $(LIBS)
-src/cryptsetup_reencrypt.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-
-cryptsetup-reencrypt$(EXEEXT): $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_DEPENDENCIES)
- @rm -f cryptsetup-reencrypt$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(cryptsetup_reencrypt_OBJECTS) $(cryptsetup_reencrypt_LDADD) $(LIBS)
-
-cryptsetup-reencrypt.static$(EXEEXT): $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_DEPENDENCIES) $(EXTRA_cryptsetup_reencrypt_static_DEPENDENCIES)
- @rm -f cryptsetup-reencrypt.static$(EXEEXT)
- $(AM_V_CCLD)$(cryptsetup_reencrypt_static_LINK) $(cryptsetup_reencrypt_static_OBJECTS) $(cryptsetup_reencrypt_static_LDADD) $(LIBS)
-
-cryptsetup.static$(EXEEXT): $(cryptsetup_static_OBJECTS) $(cryptsetup_static_DEPENDENCIES) $(EXTRA_cryptsetup_static_DEPENDENCIES)
- @rm -f cryptsetup.static$(EXEEXT)
- $(AM_V_CCLD)$(cryptsetup_static_LINK) $(cryptsetup_static_OBJECTS) $(cryptsetup_static_LDADD) $(LIBS)
-src/integritysetup.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-
-integritysetup$(EXEEXT): $(integritysetup_OBJECTS) $(integritysetup_DEPENDENCIES) $(EXTRA_integritysetup_DEPENDENCIES)
- @rm -f integritysetup$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(integritysetup_OBJECTS) $(integritysetup_LDADD) $(LIBS)
-
-integritysetup.static$(EXEEXT): $(integritysetup_static_OBJECTS) $(integritysetup_static_DEPENDENCIES) $(EXTRA_integritysetup_static_DEPENDENCIES)
- @rm -f integritysetup.static$(EXEEXT)
- $(AM_V_CCLD)$(integritysetup_static_LINK) $(integritysetup_static_OBJECTS) $(integritysetup_static_LDADD) $(LIBS)
-src/veritysetup.$(OBJEXT): src/$(am__dirstamp) \
- src/$(DEPDIR)/$(am__dirstamp)
-
-veritysetup$(EXEEXT): $(veritysetup_OBJECTS) $(veritysetup_DEPENDENCIES) $(EXTRA_veritysetup_DEPENDENCIES)
- @rm -f veritysetup$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(veritysetup_OBJECTS) $(veritysetup_LDADD) $(LIBS)
-
-veritysetup.static$(EXEEXT): $(veritysetup_static_OBJECTS) $(veritysetup_static_DEPENDENCIES) $(EXTRA_veritysetup_static_DEPENDENCIES)
- @rm -f veritysetup.static$(EXEEXT)
- $(AM_V_CCLD)$(veritysetup_static_LINK) $(veritysetup_static_OBJECTS) $(veritysetup_static_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
- -rm -f lib/*.$(OBJEXT)
- -rm -f lib/*.lo
- -rm -f lib/bitlk/*.$(OBJEXT)
- -rm -f lib/bitlk/*.lo
- -rm -f lib/crypto_backend/*.$(OBJEXT)
- -rm -f lib/crypto_backend/*.lo
- -rm -f lib/crypto_backend/argon2/*.$(OBJEXT)
- -rm -f lib/crypto_backend/argon2/*.lo
- -rm -f lib/crypto_backend/argon2/blake2/*.$(OBJEXT)
- -rm -f lib/crypto_backend/argon2/blake2/*.lo
- -rm -f lib/integrity/*.$(OBJEXT)
- -rm -f lib/integrity/*.lo
- -rm -f lib/loopaes/*.$(OBJEXT)
- -rm -f lib/loopaes/*.lo
- -rm -f lib/luks1/*.$(OBJEXT)
- -rm -f lib/luks1/*.lo
- -rm -f lib/luks2/*.$(OBJEXT)
- -rm -f lib/luks2/*.lo
- -rm -f lib/tcrypt/*.$(OBJEXT)
- -rm -f lib/tcrypt/*.lo
- -rm -f lib/verity/*.$(OBJEXT)
- -rm -f lib/verity/*.lo
- -rm -f src/*.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-base64.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-random.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-setup.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/libutils_io_la-utils_io.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_blkid.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_crypt.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_io.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/$(DEPDIR)/utils_loop.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/cryptsetup.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/cryptsetup_reencrypt.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/integritysetup.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_blockdev.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_luks2.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_password.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/utils_tools.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@src/$(DEPDIR)/veritysetup.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo: lib/crypto_backend/argon2/blake2/blake2b.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo -MD -MP -MF lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Tpo -c -o lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo `test -f 'lib/crypto_backend/argon2/blake2/blake2b.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/blake2/blake2b.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Tpo lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/blake2/blake2b.c' object='lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/blake2/libargon2_la-blake2b.lo `test -f 'lib/crypto_backend/argon2/blake2/blake2b.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/blake2/blake2b.c
-
-lib/crypto_backend/argon2/libargon2_la-argon2.lo: lib/crypto_backend/argon2/argon2.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-argon2.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-argon2.lo `test -f 'lib/crypto_backend/argon2/argon2.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/argon2.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/argon2.c' object='lib/crypto_backend/argon2/libargon2_la-argon2.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-argon2.lo `test -f 'lib/crypto_backend/argon2/argon2.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/argon2.c
-
-lib/crypto_backend/argon2/libargon2_la-core.lo: lib/crypto_backend/argon2/core.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-core.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-core.lo `test -f 'lib/crypto_backend/argon2/core.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/core.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/core.c' object='lib/crypto_backend/argon2/libargon2_la-core.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-core.lo `test -f 'lib/crypto_backend/argon2/core.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/core.c
-
-lib/crypto_backend/argon2/libargon2_la-encoding.lo: lib/crypto_backend/argon2/encoding.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-encoding.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-encoding.lo `test -f 'lib/crypto_backend/argon2/encoding.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/encoding.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/encoding.c' object='lib/crypto_backend/argon2/libargon2_la-encoding.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-encoding.lo `test -f 'lib/crypto_backend/argon2/encoding.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/encoding.c
-
-lib/crypto_backend/argon2/libargon2_la-thread.lo: lib/crypto_backend/argon2/thread.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-thread.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-thread.lo `test -f 'lib/crypto_backend/argon2/thread.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/thread.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/thread.c' object='lib/crypto_backend/argon2/libargon2_la-thread.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-thread.lo `test -f 'lib/crypto_backend/argon2/thread.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/thread.c
-
-lib/crypto_backend/argon2/libargon2_la-opt.lo: lib/crypto_backend/argon2/opt.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-opt.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-opt.lo `test -f 'lib/crypto_backend/argon2/opt.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/opt.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/opt.c' object='lib/crypto_backend/argon2/libargon2_la-opt.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-opt.lo `test -f 'lib/crypto_backend/argon2/opt.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/opt.c
-
-lib/crypto_backend/argon2/libargon2_la-ref.lo: lib/crypto_backend/argon2/ref.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/argon2/libargon2_la-ref.lo -MD -MP -MF lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Tpo -c -o lib/crypto_backend/argon2/libargon2_la-ref.lo `test -f 'lib/crypto_backend/argon2/ref.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/ref.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Tpo lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2/ref.c' object='lib/crypto_backend/argon2/libargon2_la-ref.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libargon2_la_CPPFLAGS) $(CPPFLAGS) $(libargon2_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/argon2/libargon2_la-ref.lo `test -f 'lib/crypto_backend/argon2/ref.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2/ref.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo: lib/crypto_backend/crypto_cipher_kernel.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'lib/crypto_backend/crypto_cipher_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_cipher_kernel.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_cipher_kernel.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_cipher_kernel.lo `test -f 'lib/crypto_backend/crypto_cipher_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_cipher_kernel.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo: lib/crypto_backend/crypto_storage.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo `test -f 'lib/crypto_backend/crypto_storage.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_storage.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_storage.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_storage.lo `test -f 'lib/crypto_backend/crypto_storage.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_storage.c
-
-lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo: lib/crypto_backend/pbkdf_check.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo `test -f 'lib/crypto_backend/pbkdf_check.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf_check.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/pbkdf_check.c' object='lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf_check.lo `test -f 'lib/crypto_backend/pbkdf_check.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf_check.c
-
-lib/crypto_backend/libcrypto_backend_la-crc32.lo: lib/crypto_backend/crc32.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crc32.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crc32.lo `test -f 'lib/crypto_backend/crc32.c' || echo '$(srcdir)/'`lib/crypto_backend/crc32.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crc32.c' object='lib/crypto_backend/libcrypto_backend_la-crc32.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crc32.lo `test -f 'lib/crypto_backend/crc32.c' || echo '$(srcdir)/'`lib/crypto_backend/crc32.c
-
-lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo: lib/crypto_backend/argon2_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo `test -f 'lib/crypto_backend/argon2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/argon2_generic.c' object='lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-argon2_generic.lo `test -f 'lib/crypto_backend/argon2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/argon2_generic.c
-
-lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo: lib/crypto_backend/cipher_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo `test -f 'lib/crypto_backend/cipher_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/cipher_generic.c' object='lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-cipher_generic.lo `test -f 'lib/crypto_backend/cipher_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_generic.c
-
-lib/crypto_backend/libcrypto_backend_la-cipher_check.lo: lib/crypto_backend/cipher_check.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-cipher_check.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-cipher_check.lo `test -f 'lib/crypto_backend/cipher_check.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_check.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/cipher_check.c' object='lib/crypto_backend/libcrypto_backend_la-cipher_check.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-cipher_check.lo `test -f 'lib/crypto_backend/cipher_check.c' || echo '$(srcdir)/'`lib/crypto_backend/cipher_check.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo: lib/crypto_backend/crypto_gcrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo `test -f 'lib/crypto_backend/crypto_gcrypt.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_gcrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_gcrypt.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_gcrypt.lo `test -f 'lib/crypto_backend/crypto_gcrypt.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_gcrypt.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo: lib/crypto_backend/crypto_openssl.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo `test -f 'lib/crypto_backend/crypto_openssl.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_openssl.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_openssl.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_openssl.lo `test -f 'lib/crypto_backend/crypto_openssl.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_openssl.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo: lib/crypto_backend/crypto_nss.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo `test -f 'lib/crypto_backend/crypto_nss.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nss.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_nss.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nss.lo `test -f 'lib/crypto_backend/crypto_nss.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nss.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo: lib/crypto_backend/crypto_kernel.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo `test -f 'lib/crypto_backend/crypto_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_kernel.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_kernel.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_kernel.lo `test -f 'lib/crypto_backend/crypto_kernel.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_kernel.c
-
-lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo: lib/crypto_backend/crypto_nettle.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo `test -f 'lib/crypto_backend/crypto_nettle.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nettle.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/crypto_nettle.c' object='lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-crypto_nettle.lo `test -f 'lib/crypto_backend/crypto_nettle.c' || echo '$(srcdir)/'`lib/crypto_backend/crypto_nettle.c
-
-lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo: lib/crypto_backend/pbkdf2_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -MT lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo -MD -MP -MF lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo `test -f 'lib/crypto_backend/pbkdf2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf2_generic.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Tpo lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypto_backend/pbkdf2_generic.c' object='lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcrypto_backend_la_CFLAGS) $(CFLAGS) -c -o lib/crypto_backend/libcrypto_backend_la-pbkdf2_generic.lo `test -f 'lib/crypto_backend/pbkdf2_generic.c' || echo '$(srcdir)/'`lib/crypto_backend/pbkdf2_generic.c
-
-lib/libcryptsetup_la-setup.lo: lib/setup.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-setup.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-setup.Tpo -c -o lib/libcryptsetup_la-setup.lo `test -f 'lib/setup.c' || echo '$(srcdir)/'`lib/setup.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-setup.Tpo lib/$(DEPDIR)/libcryptsetup_la-setup.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/setup.c' object='lib/libcryptsetup_la-setup.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-setup.lo `test -f 'lib/setup.c' || echo '$(srcdir)/'`lib/setup.c
-
-lib/libcryptsetup_la-utils.lo: lib/utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils.Tpo -c -o lib/libcryptsetup_la-utils.lo `test -f 'lib/utils.c' || echo '$(srcdir)/'`lib/utils.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils.c' object='lib/libcryptsetup_la-utils.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils.lo `test -f 'lib/utils.c' || echo '$(srcdir)/'`lib/utils.c
-
-lib/libcryptsetup_la-utils_benchmark.lo: lib/utils_benchmark.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_benchmark.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo -c -o lib/libcryptsetup_la-utils_benchmark.lo `test -f 'lib/utils_benchmark.c' || echo '$(srcdir)/'`lib/utils_benchmark.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_benchmark.c' object='lib/libcryptsetup_la-utils_benchmark.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_benchmark.lo `test -f 'lib/utils_benchmark.c' || echo '$(srcdir)/'`lib/utils_benchmark.c
-
-lib/libcryptsetup_la-utils_crypt.lo: lib/utils_crypt.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_crypt.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo -c -o lib/libcryptsetup_la-utils_crypt.lo `test -f 'lib/utils_crypt.c' || echo '$(srcdir)/'`lib/utils_crypt.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_crypt.c' object='lib/libcryptsetup_la-utils_crypt.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_crypt.lo `test -f 'lib/utils_crypt.c' || echo '$(srcdir)/'`lib/utils_crypt.c
-
-lib/libcryptsetup_la-utils_loop.lo: lib/utils_loop.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_loop.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Tpo -c -o lib/libcryptsetup_la-utils_loop.lo `test -f 'lib/utils_loop.c' || echo '$(srcdir)/'`lib/utils_loop.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_loop.c' object='lib/libcryptsetup_la-utils_loop.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_loop.lo `test -f 'lib/utils_loop.c' || echo '$(srcdir)/'`lib/utils_loop.c
-
-lib/libcryptsetup_la-utils_devpath.lo: lib/utils_devpath.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_devpath.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo -c -o lib/libcryptsetup_la-utils_devpath.lo `test -f 'lib/utils_devpath.c' || echo '$(srcdir)/'`lib/utils_devpath.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_devpath.c' object='lib/libcryptsetup_la-utils_devpath.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_devpath.lo `test -f 'lib/utils_devpath.c' || echo '$(srcdir)/'`lib/utils_devpath.c
-
-lib/libcryptsetup_la-utils_wipe.lo: lib/utils_wipe.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_wipe.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo -c -o lib/libcryptsetup_la-utils_wipe.lo `test -f 'lib/utils_wipe.c' || echo '$(srcdir)/'`lib/utils_wipe.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_wipe.c' object='lib/libcryptsetup_la-utils_wipe.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_wipe.lo `test -f 'lib/utils_wipe.c' || echo '$(srcdir)/'`lib/utils_wipe.c
-
-lib/libcryptsetup_la-utils_fips.lo: lib/utils_fips.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_fips.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_fips.c' object='lib/libcryptsetup_la-utils_fips.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_fips.lo `test -f 'lib/utils_fips.c' || echo '$(srcdir)/'`lib/utils_fips.c
-
-lib/libcryptsetup_la-utils_device.lo: lib/utils_device.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_device.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo -c -o lib/libcryptsetup_la-utils_device.lo `test -f 'lib/utils_device.c' || echo '$(srcdir)/'`lib/utils_device.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_device.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_device.c' object='lib/libcryptsetup_la-utils_device.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_device.lo `test -f 'lib/utils_device.c' || echo '$(srcdir)/'`lib/utils_device.c
-
-lib/libcryptsetup_la-utils_keyring.lo: lib/utils_keyring.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_keyring.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Tpo -c -o lib/libcryptsetup_la-utils_keyring.lo `test -f 'lib/utils_keyring.c' || echo '$(srcdir)/'`lib/utils_keyring.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_keyring.c' object='lib/libcryptsetup_la-utils_keyring.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_keyring.lo `test -f 'lib/utils_keyring.c' || echo '$(srcdir)/'`lib/utils_keyring.c
-
-lib/libcryptsetup_la-utils_device_locking.lo: lib/utils_device_locking.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_device_locking.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Tpo -c -o lib/libcryptsetup_la-utils_device_locking.lo `test -f 'lib/utils_device_locking.c' || echo '$(srcdir)/'`lib/utils_device_locking.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_device_locking.c' object='lib/libcryptsetup_la-utils_device_locking.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_device_locking.lo `test -f 'lib/utils_device_locking.c' || echo '$(srcdir)/'`lib/utils_device_locking.c
-
-lib/libcryptsetup_la-utils_pbkdf.lo: lib/utils_pbkdf.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_pbkdf.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Tpo -c -o lib/libcryptsetup_la-utils_pbkdf.lo `test -f 'lib/utils_pbkdf.c' || echo '$(srcdir)/'`lib/utils_pbkdf.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_pbkdf.c' object='lib/libcryptsetup_la-utils_pbkdf.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_pbkdf.lo `test -f 'lib/utils_pbkdf.c' || echo '$(srcdir)/'`lib/utils_pbkdf.c
-
-lib/libcryptsetup_la-utils_safe_memory.lo: lib/utils_safe_memory.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_safe_memory.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Tpo -c -o lib/libcryptsetup_la-utils_safe_memory.lo `test -f 'lib/utils_safe_memory.c' || echo '$(srcdir)/'`lib/utils_safe_memory.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_safe_memory.c' object='lib/libcryptsetup_la-utils_safe_memory.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_safe_memory.lo `test -f 'lib/utils_safe_memory.c' || echo '$(srcdir)/'`lib/utils_safe_memory.c
-
-lib/libcryptsetup_la-utils_storage_wrappers.lo: lib/utils_storage_wrappers.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_storage_wrappers.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Tpo -c -o lib/libcryptsetup_la-utils_storage_wrappers.lo `test -f 'lib/utils_storage_wrappers.c' || echo '$(srcdir)/'`lib/utils_storage_wrappers.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_storage_wrappers.c' object='lib/libcryptsetup_la-utils_storage_wrappers.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_storage_wrappers.lo `test -f 'lib/utils_storage_wrappers.c' || echo '$(srcdir)/'`lib/utils_storage_wrappers.c
-
-lib/libcryptsetup_la-libdevmapper.lo: lib/libdevmapper.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-libdevmapper.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo -c -o lib/libcryptsetup_la-libdevmapper.lo `test -f 'lib/libdevmapper.c' || echo '$(srcdir)/'`lib/libdevmapper.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Tpo lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/libdevmapper.c' object='lib/libcryptsetup_la-libdevmapper.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-libdevmapper.lo `test -f 'lib/libdevmapper.c' || echo '$(srcdir)/'`lib/libdevmapper.c
-
-lib/libcryptsetup_la-volumekey.lo: lib/volumekey.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-volumekey.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-volumekey.Tpo -c -o lib/libcryptsetup_la-volumekey.lo `test -f 'lib/volumekey.c' || echo '$(srcdir)/'`lib/volumekey.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-volumekey.Tpo lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/volumekey.c' object='lib/libcryptsetup_la-volumekey.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-volumekey.lo `test -f 'lib/volumekey.c' || echo '$(srcdir)/'`lib/volumekey.c
-
-lib/libcryptsetup_la-random.lo: lib/random.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-random.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-random.Tpo -c -o lib/libcryptsetup_la-random.lo `test -f 'lib/random.c' || echo '$(srcdir)/'`lib/random.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-random.Tpo lib/$(DEPDIR)/libcryptsetup_la-random.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/random.c' object='lib/libcryptsetup_la-random.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-random.lo `test -f 'lib/random.c' || echo '$(srcdir)/'`lib/random.c
-
-lib/libcryptsetup_la-crypt_plain.lo: lib/crypt_plain.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-crypt_plain.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo -c -o lib/libcryptsetup_la-crypt_plain.lo `test -f 'lib/crypt_plain.c' || echo '$(srcdir)/'`lib/crypt_plain.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Tpo lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/crypt_plain.c' object='lib/libcryptsetup_la-crypt_plain.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-crypt_plain.lo `test -f 'lib/crypt_plain.c' || echo '$(srcdir)/'`lib/crypt_plain.c
-
-lib/libcryptsetup_la-base64.lo: lib/base64.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-base64.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-base64.Tpo -c -o lib/libcryptsetup_la-base64.lo `test -f 'lib/base64.c' || echo '$(srcdir)/'`lib/base64.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-base64.Tpo lib/$(DEPDIR)/libcryptsetup_la-base64.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/base64.c' object='lib/libcryptsetup_la-base64.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-base64.lo `test -f 'lib/base64.c' || echo '$(srcdir)/'`lib/base64.c
-
-lib/integrity/libcryptsetup_la-integrity.lo: lib/integrity/integrity.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/integrity/libcryptsetup_la-integrity.lo -MD -MP -MF lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Tpo -c -o lib/integrity/libcryptsetup_la-integrity.lo `test -f 'lib/integrity/integrity.c' || echo '$(srcdir)/'`lib/integrity/integrity.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Tpo lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/integrity/integrity.c' object='lib/integrity/libcryptsetup_la-integrity.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/integrity/libcryptsetup_la-integrity.lo `test -f 'lib/integrity/integrity.c' || echo '$(srcdir)/'`lib/integrity/integrity.c
-
-lib/loopaes/libcryptsetup_la-loopaes.lo: lib/loopaes/loopaes.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/loopaes/libcryptsetup_la-loopaes.lo -MD -MP -MF lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Tpo -c -o lib/loopaes/libcryptsetup_la-loopaes.lo `test -f 'lib/loopaes/loopaes.c' || echo '$(srcdir)/'`lib/loopaes/loopaes.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Tpo lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/loopaes/loopaes.c' object='lib/loopaes/libcryptsetup_la-loopaes.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/loopaes/libcryptsetup_la-loopaes.lo `test -f 'lib/loopaes/loopaes.c' || echo '$(srcdir)/'`lib/loopaes/loopaes.c
-
-lib/tcrypt/libcryptsetup_la-tcrypt.lo: lib/tcrypt/tcrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/tcrypt/libcryptsetup_la-tcrypt.lo -MD -MP -MF lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Tpo -c -o lib/tcrypt/libcryptsetup_la-tcrypt.lo `test -f 'lib/tcrypt/tcrypt.c' || echo '$(srcdir)/'`lib/tcrypt/tcrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Tpo lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/tcrypt/tcrypt.c' object='lib/tcrypt/libcryptsetup_la-tcrypt.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/tcrypt/libcryptsetup_la-tcrypt.lo `test -f 'lib/tcrypt/tcrypt.c' || echo '$(srcdir)/'`lib/tcrypt/tcrypt.c
-
-lib/luks1/libcryptsetup_la-af.lo: lib/luks1/af.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-af.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Tpo -c -o lib/luks1/libcryptsetup_la-af.lo `test -f 'lib/luks1/af.c' || echo '$(srcdir)/'`lib/luks1/af.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/af.c' object='lib/luks1/libcryptsetup_la-af.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-af.lo `test -f 'lib/luks1/af.c' || echo '$(srcdir)/'`lib/luks1/af.c
-
-lib/luks1/libcryptsetup_la-keyencryption.lo: lib/luks1/keyencryption.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-keyencryption.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Tpo -c -o lib/luks1/libcryptsetup_la-keyencryption.lo `test -f 'lib/luks1/keyencryption.c' || echo '$(srcdir)/'`lib/luks1/keyencryption.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/keyencryption.c' object='lib/luks1/libcryptsetup_la-keyencryption.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-keyencryption.lo `test -f 'lib/luks1/keyencryption.c' || echo '$(srcdir)/'`lib/luks1/keyencryption.c
-
-lib/luks1/libcryptsetup_la-keymanage.lo: lib/luks1/keymanage.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks1/libcryptsetup_la-keymanage.lo -MD -MP -MF lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Tpo -c -o lib/luks1/libcryptsetup_la-keymanage.lo `test -f 'lib/luks1/keymanage.c' || echo '$(srcdir)/'`lib/luks1/keymanage.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Tpo lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks1/keymanage.c' object='lib/luks1/libcryptsetup_la-keymanage.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks1/libcryptsetup_la-keymanage.lo `test -f 'lib/luks1/keymanage.c' || echo '$(srcdir)/'`lib/luks1/keymanage.c
-
-lib/verity/libcryptsetup_la-verity_hash.lo: lib/verity/verity_hash.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity_hash.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Tpo -c -o lib/verity/libcryptsetup_la-verity_hash.lo `test -f 'lib/verity/verity_hash.c' || echo '$(srcdir)/'`lib/verity/verity_hash.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity_hash.c' object='lib/verity/libcryptsetup_la-verity_hash.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity_hash.lo `test -f 'lib/verity/verity_hash.c' || echo '$(srcdir)/'`lib/verity/verity_hash.c
-
-lib/verity/libcryptsetup_la-verity_fec.lo: lib/verity/verity_fec.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity_fec.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Tpo -c -o lib/verity/libcryptsetup_la-verity_fec.lo `test -f 'lib/verity/verity_fec.c' || echo '$(srcdir)/'`lib/verity/verity_fec.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity_fec.c' object='lib/verity/libcryptsetup_la-verity_fec.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity_fec.lo `test -f 'lib/verity/verity_fec.c' || echo '$(srcdir)/'`lib/verity/verity_fec.c
-
-lib/verity/libcryptsetup_la-verity.lo: lib/verity/verity.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-verity.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Tpo -c -o lib/verity/libcryptsetup_la-verity.lo `test -f 'lib/verity/verity.c' || echo '$(srcdir)/'`lib/verity/verity.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/verity.c' object='lib/verity/libcryptsetup_la-verity.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-verity.lo `test -f 'lib/verity/verity.c' || echo '$(srcdir)/'`lib/verity/verity.c
-
-lib/verity/libcryptsetup_la-rs_encode_char.lo: lib/verity/rs_encode_char.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-rs_encode_char.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Tpo -c -o lib/verity/libcryptsetup_la-rs_encode_char.lo `test -f 'lib/verity/rs_encode_char.c' || echo '$(srcdir)/'`lib/verity/rs_encode_char.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/rs_encode_char.c' object='lib/verity/libcryptsetup_la-rs_encode_char.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-rs_encode_char.lo `test -f 'lib/verity/rs_encode_char.c' || echo '$(srcdir)/'`lib/verity/rs_encode_char.c
-
-lib/verity/libcryptsetup_la-rs_decode_char.lo: lib/verity/rs_decode_char.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/verity/libcryptsetup_la-rs_decode_char.lo -MD -MP -MF lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Tpo -c -o lib/verity/libcryptsetup_la-rs_decode_char.lo `test -f 'lib/verity/rs_decode_char.c' || echo '$(srcdir)/'`lib/verity/rs_decode_char.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Tpo lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/verity/rs_decode_char.c' object='lib/verity/libcryptsetup_la-rs_decode_char.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/verity/libcryptsetup_la-rs_decode_char.lo `test -f 'lib/verity/rs_decode_char.c' || echo '$(srcdir)/'`lib/verity/rs_decode_char.c
-
-lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo: lib/luks2/luks2_disk_metadata.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo `test -f 'lib/luks2/luks2_disk_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_disk_metadata.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_disk_metadata.c' object='lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_disk_metadata.lo `test -f 'lib/luks2/luks2_disk_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_disk_metadata.c
-
-lib/luks2/libcryptsetup_la-luks2_json_format.lo: lib/luks2/luks2_json_format.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_json_format.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_json_format.lo `test -f 'lib/luks2/luks2_json_format.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_format.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_json_format.c' object='lib/luks2/libcryptsetup_la-luks2_json_format.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_json_format.lo `test -f 'lib/luks2/luks2_json_format.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_format.c
-
-lib/luks2/libcryptsetup_la-luks2_json_metadata.lo: lib/luks2/luks2_json_metadata.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_json_metadata.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_json_metadata.lo `test -f 'lib/luks2/luks2_json_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_metadata.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_json_metadata.c' object='lib/luks2/libcryptsetup_la-luks2_json_metadata.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_json_metadata.lo `test -f 'lib/luks2/luks2_json_metadata.c' || echo '$(srcdir)/'`lib/luks2/luks2_json_metadata.c
-
-lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo: lib/luks2/luks2_luks1_convert.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo `test -f 'lib/luks2/luks2_luks1_convert.c' || echo '$(srcdir)/'`lib/luks2/luks2_luks1_convert.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_luks1_convert.c' object='lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_luks1_convert.lo `test -f 'lib/luks2/luks2_luks1_convert.c' || echo '$(srcdir)/'`lib/luks2/luks2_luks1_convert.c
-
-lib/luks2/libcryptsetup_la-luks2_digest.lo: lib/luks2/luks2_digest.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_digest.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_digest.lo `test -f 'lib/luks2/luks2_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_digest.c' object='lib/luks2/libcryptsetup_la-luks2_digest.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_digest.lo `test -f 'lib/luks2/luks2_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest.c
-
-lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo: lib/luks2/luks2_digest_pbkdf2.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo `test -f 'lib/luks2/luks2_digest_pbkdf2.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest_pbkdf2.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_digest_pbkdf2.c' object='lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_digest_pbkdf2.lo `test -f 'lib/luks2/luks2_digest_pbkdf2.c' || echo '$(srcdir)/'`lib/luks2/luks2_digest_pbkdf2.c
-
-lib/luks2/libcryptsetup_la-luks2_keyslot.lo: lib/luks2/luks2_keyslot.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot.lo `test -f 'lib/luks2/luks2_keyslot.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot.lo `test -f 'lib/luks2/luks2_keyslot.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot.c
-
-lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo: lib/luks2/luks2_keyslot_luks2.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo `test -f 'lib/luks2/luks2_keyslot_luks2.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_luks2.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot_luks2.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_luks2.lo `test -f 'lib/luks2/luks2_keyslot_luks2.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_luks2.c
-
-lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo: lib/luks2/luks2_keyslot_reenc.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo `test -f 'lib/luks2/luks2_keyslot_reenc.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_reenc.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_keyslot_reenc.c' object='lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_keyslot_reenc.lo `test -f 'lib/luks2/luks2_keyslot_reenc.c' || echo '$(srcdir)/'`lib/luks2/luks2_keyslot_reenc.c
-
-lib/luks2/libcryptsetup_la-luks2_reencrypt.lo: lib/luks2/luks2_reencrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_reencrypt.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt.lo `test -f 'lib/luks2/luks2_reencrypt.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_reencrypt.c' object='lib/luks2/libcryptsetup_la-luks2_reencrypt.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt.lo `test -f 'lib/luks2/luks2_reencrypt.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt.c
-
-lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo: lib/luks2/luks2_reencrypt_digest.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo `test -f 'lib/luks2/luks2_reencrypt_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt_digest.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_reencrypt_digest.c' object='lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_reencrypt_digest.lo `test -f 'lib/luks2/luks2_reencrypt_digest.c' || echo '$(srcdir)/'`lib/luks2/luks2_reencrypt_digest.c
-
-lib/luks2/libcryptsetup_la-luks2_segment.lo: lib/luks2/luks2_segment.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_segment.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_segment.lo `test -f 'lib/luks2/luks2_segment.c' || echo '$(srcdir)/'`lib/luks2/luks2_segment.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_segment.c' object='lib/luks2/libcryptsetup_la-luks2_segment.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_segment.lo `test -f 'lib/luks2/luks2_segment.c' || echo '$(srcdir)/'`lib/luks2/luks2_segment.c
-
-lib/luks2/libcryptsetup_la-luks2_token_keyring.lo: lib/luks2/luks2_token_keyring.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_token_keyring.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_token_keyring.lo `test -f 'lib/luks2/luks2_token_keyring.c' || echo '$(srcdir)/'`lib/luks2/luks2_token_keyring.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_token_keyring.c' object='lib/luks2/libcryptsetup_la-luks2_token_keyring.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_token_keyring.lo `test -f 'lib/luks2/luks2_token_keyring.c' || echo '$(srcdir)/'`lib/luks2/luks2_token_keyring.c
-
-lib/luks2/libcryptsetup_la-luks2_token.lo: lib/luks2/luks2_token.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/luks2/libcryptsetup_la-luks2_token.lo -MD -MP -MF lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Tpo -c -o lib/luks2/libcryptsetup_la-luks2_token.lo `test -f 'lib/luks2/luks2_token.c' || echo '$(srcdir)/'`lib/luks2/luks2_token.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Tpo lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/luks2/luks2_token.c' object='lib/luks2/libcryptsetup_la-luks2_token.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/luks2/libcryptsetup_la-luks2_token.lo `test -f 'lib/luks2/luks2_token.c' || echo '$(srcdir)/'`lib/luks2/luks2_token.c
-
-lib/libcryptsetup_la-utils_blkid.lo: lib/utils_blkid.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/libcryptsetup_la-utils_blkid.lo -MD -MP -MF lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Tpo -c -o lib/libcryptsetup_la-utils_blkid.lo `test -f 'lib/utils_blkid.c' || echo '$(srcdir)/'`lib/utils_blkid.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Tpo lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_blkid.c' object='lib/libcryptsetup_la-utils_blkid.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/libcryptsetup_la-utils_blkid.lo `test -f 'lib/utils_blkid.c' || echo '$(srcdir)/'`lib/utils_blkid.c
-
-lib/bitlk/libcryptsetup_la-bitlk.lo: lib/bitlk/bitlk.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -MT lib/bitlk/libcryptsetup_la-bitlk.lo -MD -MP -MF lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Tpo -c -o lib/bitlk/libcryptsetup_la-bitlk.lo `test -f 'lib/bitlk/bitlk.c' || echo '$(srcdir)/'`lib/bitlk/bitlk.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Tpo lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/bitlk/bitlk.c' object='lib/bitlk/libcryptsetup_la-bitlk.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcryptsetup_la_CPPFLAGS) $(CPPFLAGS) $(libcryptsetup_la_CFLAGS) $(CFLAGS) -c -o lib/bitlk/libcryptsetup_la-bitlk.lo `test -f 'lib/bitlk/bitlk.c' || echo '$(srcdir)/'`lib/bitlk/bitlk.c
-
-lib/libutils_io_la-utils_io.lo: lib/utils_io.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libutils_io_la_CFLAGS) $(CFLAGS) -MT lib/libutils_io_la-utils_io.lo -MD -MP -MF lib/$(DEPDIR)/libutils_io_la-utils_io.Tpo -c -o lib/libutils_io_la-utils_io.lo `test -f 'lib/utils_io.c' || echo '$(srcdir)/'`lib/utils_io.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) lib/$(DEPDIR)/libutils_io_la-utils_io.Tpo lib/$(DEPDIR)/libutils_io_la-utils_io.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='lib/utils_io.c' object='lib/libutils_io_la-utils_io.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libutils_io_la_CFLAGS) $(CFLAGS) -c -o lib/libutils_io_la-utils_io.lo `test -f 'lib/utils_io.c' || echo '$(srcdir)/'`lib/utils_io.c
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
- -rm -rf lib/.libs lib/_libs
- -rm -rf lib/bitlk/.libs lib/bitlk/_libs
- -rm -rf lib/crypto_backend/.libs lib/crypto_backend/_libs
- -rm -rf lib/crypto_backend/argon2/.libs lib/crypto_backend/argon2/_libs
- -rm -rf lib/crypto_backend/argon2/blake2/.libs lib/crypto_backend/argon2/blake2/_libs
- -rm -rf lib/integrity/.libs lib/integrity/_libs
- -rm -rf lib/loopaes/.libs lib/loopaes/_libs
- -rm -rf lib/luks1/.libs lib/luks1/_libs
- -rm -rf lib/luks2/.libs lib/luks2/_libs
- -rm -rf lib/tcrypt/.libs lib/tcrypt/_libs
- -rm -rf lib/verity/.libs lib/verity/_libs
-
-distclean-libtool:
- -rm -f libtool config.lt
-install-man8: $(man8_MANS)
- @$(NORMAL_INSTALL)
- @list1='$(man8_MANS)'; \
- list2=''; \
- test -n "$(man8dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.8[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-pkgconfigDATA: $(pkgconfig_DATA)
- @$(NORMAL_INSTALL)
- @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
- done
-
-uninstall-pkgconfigDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
-install-tmpfilesdDATA: $(tmpfilesd_DATA)
- @$(NORMAL_INSTALL)
- @list='$(tmpfilesd_DATA)'; test -n "$(tmpfilesddir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(tmpfilesddir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(tmpfilesddir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(tmpfilesddir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(tmpfilesddir)" || exit $$?; \
- done
-
-uninstall-tmpfilesdDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(tmpfilesd_DATA)'; test -n "$(tmpfilesddir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(tmpfilesddir)'; $(am__uninstall_files_from_dir)
-install-includeHEADERS: $(include_HEADERS)
- @$(NORMAL_INSTALL)
- @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
- $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
- done
-
-uninstall-includeHEADERS:
- @$(NORMAL_UNINSTALL)
- @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir)
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscope: cscope.files
- test ! -s cscope.files \
- || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
-clean-cscope:
- -rm -f cscope.files
-cscope.files: clean-cscope cscopelist
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
- -rm -f cscope.out cscope.in.out cscope.po.out cscope.files
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- $(am__remove_distdir)
- test -d "$(distdir)" || mkdir "$(distdir)"
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
- -test -n "$(am__skip_mode_fix)" \
- || find "$(distdir)" -type d ! -perm -755 \
- -exec chmod u+rwx,go+rx {} \; -o \
- ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
- ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
- ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
- || chmod -R a+r "$(distdir)"
-dist-gzip: distdir
- tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
- $(am__post_remove_distdir)
-
-dist-bzip2: distdir
- tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
- $(am__post_remove_distdir)
-
-dist-lzip: distdir
- tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
- $(am__post_remove_distdir)
-dist-xz: distdir
- tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
- $(am__post_remove_distdir)
-
-dist-zstd: distdir
- tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
- $(am__post_remove_distdir)
-
-dist-tarZ: distdir
- @echo WARNING: "Support for distribution archives compressed with" \
- "legacy program 'compress' is deprecated." >&2
- @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
- tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
- $(am__post_remove_distdir)
-
-dist-shar: distdir
- @echo WARNING: "Support for shar distribution archives is" \
- "deprecated." >&2
- @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
- shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
- $(am__post_remove_distdir)
-
-dist-zip: distdir
- -rm -f $(distdir).zip
- zip -rq $(distdir).zip $(distdir)
- $(am__post_remove_distdir)
-
-dist dist-all:
- $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
- $(am__post_remove_distdir)
-
-# This target untars the dist file and tries a VPATH configuration. Then
-# it guarantees that the distribution is self-contained by making another
-# tarfile.
-distcheck: dist
- case '$(DIST_ARCHIVES)' in \
- *.tar.gz*) \
- eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
- *.tar.bz2*) \
- bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
- *.tar.lz*) \
- lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
- *.tar.xz*) \
- xz -dc $(distdir).tar.xz | $(am__untar) ;;\
- *.tar.Z*) \
- uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
- *.shar.gz*) \
- eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
- *.zip*) \
- unzip $(distdir).zip ;;\
- *.tar.zst*) \
- zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
- esac
- chmod -R a-w $(distdir)
- chmod u+w $(distdir)
- mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
- chmod a-w $(distdir)
- test -d $(distdir)/_build || exit 0; \
- dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
- && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
- && am__cwd=`pwd` \
- && $(am__cd) $(distdir)/_build/sub \
- && ../../configure \
- $(AM_DISTCHECK_CONFIGURE_FLAGS) \
- $(DISTCHECK_CONFIGURE_FLAGS) \
- --srcdir=../.. --prefix="$$dc_install_base" \
- && $(MAKE) $(AM_MAKEFLAGS) \
- && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
- && $(MAKE) $(AM_MAKEFLAGS) check \
- && $(MAKE) $(AM_MAKEFLAGS) install \
- && $(MAKE) $(AM_MAKEFLAGS) installcheck \
- && $(MAKE) $(AM_MAKEFLAGS) uninstall \
- && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
- distuninstallcheck \
- && chmod -R a-w "$$dc_install_base" \
- && ({ \
- (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
- distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
- } || { rm -rf "$$dc_destdir"; exit 1; }) \
- && rm -rf "$$dc_destdir" \
- && $(MAKE) $(AM_MAKEFLAGS) dist \
- && rm -rf $(DIST_ARCHIVES) \
- && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
- && cd "$$am__cwd" \
- || exit 1
- $(am__post_remove_distdir)
- @(echo "$(distdir) archives ready for distribution: "; \
- list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
- sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
-distuninstallcheck:
- @test -n '$(distuninstallcheck_dir)' || { \
- echo 'ERROR: trying to run $@ with an empty' \
- '$$(distuninstallcheck_dir)' >&2; \
- exit 1; \
- }; \
- $(am__cd) '$(distuninstallcheck_dir)' || { \
- echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
- exit 1; \
- }; \
- test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
- || { echo "ERROR: files left after uninstall:" ; \
- if test -n "$(DESTDIR)"; then \
- echo " (check DESTDIR support)"; \
- fi ; \
- $(distuninstallcheck_listfiles) ; \
- exit 1; } >&2
-distcleancheck: distclean
- @if test '$(srcdir)' = . ; then \
- echo "ERROR: distcleancheck can only run from a VPATH build" ; \
- exit 1 ; \
- fi
- @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
- || { echo "ERROR: files left in build directory after distclean:" ; \
- $(distcleancheck_listfiles) ; \
- exit 1; } >&2
-check-am: all-am
-check: check-recursive
-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) \
- config.h
-install-sbinPROGRAMS: install-libLTLIBRARIES
-
-installdirs: installdirs-recursive
-installdirs-am:
- for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(tmpfilesddir)" "$(DESTDIR)$(includedir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
- -rm -f lib/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/$(am__dirstamp)
- -rm -f lib/bitlk/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/bitlk/$(am__dirstamp)
- -rm -f lib/crypto_backend/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/crypto_backend/$(am__dirstamp)
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/crypto_backend/argon2/$(am__dirstamp)
- -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/crypto_backend/argon2/blake2/$(am__dirstamp)
- -rm -f lib/integrity/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/integrity/$(am__dirstamp)
- -rm -f lib/loopaes/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/loopaes/$(am__dirstamp)
- -rm -f lib/luks1/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/luks1/$(am__dirstamp)
- -rm -f lib/luks2/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/luks2/$(am__dirstamp)
- -rm -f lib/tcrypt/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/tcrypt/$(am__dirstamp)
- -rm -f lib/verity/$(DEPDIR)/$(am__dirstamp)
- -rm -f lib/verity/$(am__dirstamp)
- -rm -f src/$(DEPDIR)/$(am__dirstamp)
- -rm -f src/$(am__dirstamp)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libLTLIBRARIES clean-libtool clean-local \
- clean-noinstLTLIBRARIES clean-sbinPROGRAMS mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-base64.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-random.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-setup.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo
- -rm -f lib/$(DEPDIR)/libutils_io_la-utils_io.Plo
- -rm -f lib/$(DEPDIR)/utils_blkid.Po
- -rm -f lib/$(DEPDIR)/utils_crypt.Po
- -rm -f lib/$(DEPDIR)/utils_io.Po
- -rm -f lib/$(DEPDIR)/utils_loop.Po
- -rm -f lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo
- -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo
- -rm -f lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo
- -rm -f lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo
- -rm -f lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo
- -rm -f src/$(DEPDIR)/cryptsetup.Po
- -rm -f src/$(DEPDIR)/cryptsetup_reencrypt.Po
- -rm -f src/$(DEPDIR)/integritysetup.Po
- -rm -f src/$(DEPDIR)/utils_blockdev.Po
- -rm -f src/$(DEPDIR)/utils_luks2.Po
- -rm -f src/$(DEPDIR)/utils_password.Po
- -rm -f src/$(DEPDIR)/utils_tools.Po
- -rm -f src/$(DEPDIR)/veritysetup.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-hdr distclean-libtool distclean-local distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-includeHEADERS install-man \
- install-pkgconfigDATA install-tmpfilesdDATA
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am: install-libLTLIBRARIES install-sbinPROGRAMS
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf $(top_srcdir)/autom4te.cache
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-base64.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-crypt_plain.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-libdevmapper.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-random.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-setup.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_benchmark.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_blkid.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_crypt.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_device_locking.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_devpath.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_fips.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_keyring.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_loop.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_pbkdf.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_safe_memory.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_storage_wrappers.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-utils_wipe.Plo
- -rm -f lib/$(DEPDIR)/libcryptsetup_la-volumekey.Plo
- -rm -f lib/$(DEPDIR)/libutils_io_la-utils_io.Plo
- -rm -f lib/$(DEPDIR)/utils_blkid.Po
- -rm -f lib/$(DEPDIR)/utils_crypt.Po
- -rm -f lib/$(DEPDIR)/utils_io.Po
- -rm -f lib/$(DEPDIR)/utils_loop.Po
- -rm -f lib/bitlk/$(DEPDIR)/libcryptsetup_la-bitlk.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-argon2_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_check.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-cipher_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crc32.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_cipher_kernel.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_gcrypt.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_kernel.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nettle.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_nss.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_openssl.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-crypto_storage.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf2_generic.Plo
- -rm -f lib/crypto_backend/$(DEPDIR)/libcrypto_backend_la-pbkdf_check.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-argon2.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-core.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-encoding.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-opt.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-ref.Plo
- -rm -f lib/crypto_backend/argon2/$(DEPDIR)/libargon2_la-thread.Plo
- -rm -f lib/crypto_backend/argon2/blake2/$(DEPDIR)/libargon2_la-blake2b.Plo
- -rm -f lib/integrity/$(DEPDIR)/libcryptsetup_la-integrity.Plo
- -rm -f lib/loopaes/$(DEPDIR)/libcryptsetup_la-loopaes.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-af.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keyencryption.Plo
- -rm -f lib/luks1/$(DEPDIR)/libcryptsetup_la-keymanage.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_digest_pbkdf2.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_disk_metadata.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_format.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_json_metadata.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_luks2.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_keyslot_reenc.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_luks1_convert.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_reencrypt_digest.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_segment.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token.Plo
- -rm -f lib/luks2/$(DEPDIR)/libcryptsetup_la-luks2_token_keyring.Plo
- -rm -f lib/tcrypt/$(DEPDIR)/libcryptsetup_la-tcrypt.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_decode_char.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-rs_encode_char.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_fec.Plo
- -rm -f lib/verity/$(DEPDIR)/libcryptsetup_la-verity_hash.Plo
- -rm -f src/$(DEPDIR)/cryptsetup.Po
- -rm -f src/$(DEPDIR)/cryptsetup_reencrypt.Po
- -rm -f src/$(DEPDIR)/integritysetup.Po
- -rm -f src/$(DEPDIR)/utils_blockdev.Po
- -rm -f src/$(DEPDIR)/utils_luks2.Po
- -rm -f src/$(DEPDIR)/utils_password.Po
- -rm -f src/$(DEPDIR)/utils_tools.Po
- -rm -f src/$(DEPDIR)/veritysetup.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES \
- uninstall-man uninstall-pkgconfigDATA uninstall-sbinPROGRAMS \
- uninstall-tmpfilesdDATA
-
-uninstall-man: uninstall-man8
-
-.MAKE: $(am__recursive_targets) all install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
- am--depfiles am--refresh check check-am clean clean-cscope \
- clean-generic clean-libLTLIBRARIES clean-libtool clean-local \
- clean-noinstLTLIBRARIES clean-sbinPROGRAMS cscope \
- cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \
- dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
- dist-zstd distcheck distclean distclean-compile \
- distclean-generic distclean-hdr distclean-libtool \
- distclean-local distclean-tags distcleancheck distdir \
- distuninstallcheck dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-includeHEADERS install-info \
- install-info-am install-libLTLIBRARIES install-man \
- install-man8 install-pdf install-pdf-am install-pkgconfigDATA \
- install-ps install-ps-am install-sbinPROGRAMS install-strip \
- install-tmpfilesdDATA installcheck installcheck-am installdirs \
- installdirs-am maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-includeHEADERS uninstall-libLTLIBRARIES \
- uninstall-man uninstall-man8 uninstall-pkgconfigDATA \
- uninstall-sbinPROGRAMS uninstall-tmpfilesdDATA
-
-.PRECIOUS: Makefile
-
-
-distclean-local:
- -find . -name \*~ -o -name \*.orig -o -name \*.rej | xargs rm -f
- rm -rf autom4te.cache
-
-clean-local:
- -rm -rf docs/doxygen_api_docs libargon2.la
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
+++ /dev/null
-See docs/* directory for Release Notes.
+++ /dev/null
-
- cryptsetup
-
-setup cryptographic volumes for dm-crypt (including LUKS extension)
-
-WEB PAGE:
-
- https://gitlab.com/cryptsetup/cryptsetup/
-
-FAQ:
-
- https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
-
-MAILING LIST:
-
- E-MAIL: dm-crypt@saout.de
- URL: https://www.saout.de/mailman/listinfo/dm-crypt
- ARCHIVE: https://lore.kernel.org/dm-crypt/
-
-DOWNLOAD:
-
- https://www.kernel.org/pub/linux/utils/cryptsetup/
-
-SOURCE CODE:
-
- URL: https://gitlab.com/cryptsetup/cryptsetup/tree/master
- Checkout: git clone https://gitlab.com/cryptsetup/cryptsetup.git
-
-NLS (PO TRANSLATIONS):
-
- PO files are maintained by:
- https://translationproject.org/domain/cryptsetup.html
--- /dev/null
+
+
+What the ...?
+=============
+**Cryptsetup** is an open-source utility used to conveniently set up disk encryption based
+on the [dm-crypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.
+
+These formats are supported:
+ * **plain** volumes,
+ * **LUKS** volumes,
+ * **loop-AES**,
+ * **TrueCrypt** (including **VeraCrypt** extension),
+ * **BitLocker**, and
+ * **FileVault2**.
+
+The project also includes a **veritysetup** utility used to conveniently setup
+[dm-verity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity)
+block integrity checking kernel module and **integritysetup** to setup
+[dm-integrity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity)
+block integrity kernel module.
+
+LUKS Design
+-----------
+**LUKS** is the standard for Linux disk encryption. By providing a standard on-disk format,
+it does not only facilitate compatibility among distributions, but also provides secure management
+of multiple user passwords. LUKS stores all necessary setup information in the partition header,
+enabling to transport or migrate data seamlessly.
+
+### Specification and documentation
+
+ * The latest version of the
+ [LUKS2 format specification](https://gitlab.com/cryptsetup/LUKS2-docs).
+ * The latest version of the
+ [LUKS1 format specification](https://www.kernel.org/pub/linux/utils/cryptsetup/LUKS_docs/on-disk-format.pdf).
+ * [Project home page](https://gitlab.com/cryptsetup/cryptsetup/).
+ * [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)
+
+Download
+--------
+All release tarballs and release notes are hosted on
+[kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
+
+**The latest stable cryptsetup release version is 2.6.1**
+ * [cryptsetup-2.6.1.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz)
+ * Signature [cryptsetup-2.6.1.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.sign)
+ _(You need to decompress file first to check signature.)_
+ * [Cryptsetup 2.6.1 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.1-ReleaseNotes).
+
+Previous versions
+ * [Version 2.5.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.xz) -
+ [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-2.5.0.tar.sign) -
+ [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/v2.5.0-ReleaseNotes).
+ * [Version 1.7.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz) -
+ [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign) -
+ [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.5-ReleaseNotes).
+
+Source and API documentation
+----------------------------
+For development version code, please refer to
+[source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page,
+mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or
+[GitHub](https://github.com/mbroz/cryptsetup).
+
+For libcryptsetup documentation see
+[libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page.
+
+The libcryptsetup API/ABI changes are tracked in
+[compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/).
+
+NLS PO files are maintained by
+[TranslationProject](https://translationproject.org/domain/cryptsetup.html).
+
+Required packages
+-----------------
+All distributions provide cryptsetup as distro package. If you need to compile cryptsetup yourself,
+some packages are required for compilation.
+Please always prefer distro specific build tools to manually configuring cryptsetup.
+
+Here is the list of packages needed for the compilation of project for particular distributions:
+
+**For Fedora**:
+```
+git gcc make autoconf automake gettext-devel pkgconfig openssl-devel popt-devel device-mapper-devel
+libuuid-devel json-c-devel libblkid-devel findutils libtool libssh-devel tar
+
+Optionally: libargon2-devel libpwquality-devel
+```
+To run the internal testsuite (make check) you also need to install
+```
+sharutils device-mapper jq vim-common expect keyutils netcat shadow-utils openssh-clients openssh sshpass
+```
+
+**For Debian and Ubuntu**:
+```
+git gcc make autoconf automake autopoint pkg-config libtool gettext libssl-dev libdevmapper-dev
+libpopt-dev uuid-dev libsepol1-dev libjson-c-dev libssh-dev libblkid-dev tar
+
+Optionally: libargon2-0-dev libpwquality-dev
+```
+To run the internal testsuite (make check) you also need to install
+```
+sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
+```
+
+Note that the list could change as the distributions evolve.
+
+Compilation
+-----------
+The cryptsetup project uses **automake** and **autoconf** system to generate all needed files
+for compilation. If you check it from the git snapshot, use **./autogen.sh && ./configure && make**
+to compile the project. If you use downloaded released **tar.xz** archive, the configure script
+is already pre-generated (no need to run **autoconf.sh**).
+See **./configure --help** and use **--disable-[feature]** and **--enable-[feature]** options.
+
+For running the test suite that come with the project, type **make check**.
+Note that most tests will need root user privileges and run many dangerous storage fail simulations.
+Do **not** run tests with root privilege on production systems! Some tests will need scsi_debug
+kernel module to be available.
+
+For more details, please refer to [automake](https://www.gnu.org/software/automake/manual/automake.html)
+and [autoconf](https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf.html) manuals.
+
+Help!
+-----
+### Documentation
+Please read the following documentation before posting questions in the mailing list...
+You will be able to ask better questions and better understand the answers.
+
+* [Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions),
+* [LUKS Specifications](#specification-and-documentation), and
+* manuals (aka man page, man pages, man-page)
+
+The FAQ is online and in the source code for the project. The Specifications are referenced above
+in this document. The man pages are in source and should be available after installation using
+standard man commands, e.g. **man cryptsetup**.
+
+### Mailing List
+
+For cryptsetup and LUKS related questions, please use the cryptsetup mailing list
+[cryptsetup@lists.linux.dev](mailto:cryptsetup@lists.linux.dev),
+hosted at [kernel.org subspace](https://subspace.kernel.org/lists.linux.dev.html).
+To subscribe send an empty mail to
+[cryptsetup+subscribe@lists.linux.dev](mailto:cryptsetup+subscribe@lists.linux.dev).
+
+You can also browse and/or search the mailing [list archive](https://lore.kernel.org/cryptsetup/).
+News (NNTP), Atom feed and git access to public inbox is available through [lore.kernel.org](https://lore.kernel.org) service.
+
+The former dm-crypt [list archive](https://lore.kernel.org/dm-crypt/) is also available.
--- /dev/null
+# Reporting a Security Bug in cryptsetup project
+
+If you think you have discovered a security issue, please report it through
+the project issue tracker [New issue](https://gitlab.com/cryptsetup/cryptsetup/issues)
+as a confidential issue (select confidential checkbox).
+
+An alternative is to send PGP encrypted mail to the cryptsetup maintainer.
+Current maintainer is [Milan Broz](mailto:gmazyland@gmail.com), use PGP key
+with fingerprint 2A29 1824 3FDE 4664 8D06 86F9 D9B0 577B D93E 98FC.
+
+++ /dev/null
-Please see issues tracked at https://gitlab.com/cryptsetup/cryptsetup/issues.
+++ /dev/null
-# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
-[m4_warning([this file was generated for autoconf 2.71.
-You have another version of autoconf. It may work, but is not guaranteed to.
-If you have problems, you may need to regenerate the build system entirely.
-To do so, use the procedure documented by the package, typically 'autoreconf'.])])
-
-# libgcrypt.m4 - Autoconf macros to detect libgcrypt
-# Copyright (C) 2002, 2003, 2004, 2011, 2014, 2018, 2020 g10 Code GmbH
-#
-# This file is free software; as a special exception the author gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-#
-# This file is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-#
-# Last-changed: 2020-09-27
-
-
-dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
-dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
-dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
-dnl MINIMUM-VERSION is a string with the version number optionally prefixed
-dnl with the API version to also check the API compatibility. Example:
-dnl a MINIMUM-VERSION of 1:1.2.5 won't pass the test unless the installed
-dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
-dnl this features allows to prevent build against newer versions of libgcrypt
-dnl with a changed API.
-dnl
-dnl If a prefix option is not used, the config script is first
-dnl searched in $SYSROOT/bin and then along $PATH. If the used
-dnl config script does not match the host specification the script
-dnl is added to the gpg_config_script_warn variable.
-dnl
-AC_DEFUN([AM_PATH_LIBGCRYPT],
-[ AC_REQUIRE([AC_CANONICAL_HOST])
- AC_ARG_WITH(libgcrypt-prefix,
- AS_HELP_STRING([--with-libgcrypt-prefix=PFX],
- [prefix where LIBGCRYPT is installed (optional)]),
- libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- if test x"${libgcrypt_config_prefix}" != x ; then
- LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
- fi
- fi
-
- use_gpgrt_config=""
- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG libgcrypt --exists; then
- LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
- AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
- use_gpgrt_config=yes
- fi
- fi
- if test -z "$use_gpgrt_config"; then
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- case "${SYSROOT}" in
- /*)
- if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
- LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
- fi
- ;;
- '')
- ;;
- *)
- AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
- ;;
- esac
- fi
- AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
- fi
-
- tmp=ifelse([$1], ,1:1.2.0,$1)
- if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
- req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
- min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
- else
- req_libgcrypt_api=0
- min_libgcrypt_version="$tmp"
- fi
-
- AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
- ok=no
- if test "$LIBGCRYPT_CONFIG" != "no" ; then
- req_major=`echo $min_libgcrypt_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
- req_minor=`echo $min_libgcrypt_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
- req_micro=`echo $min_libgcrypt_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
- else
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
- fi
- major=`echo $libgcrypt_config_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
- minor=`echo $libgcrypt_config_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
- micro=`echo $libgcrypt_config_version | \
- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
- if test "$major" -gt "$req_major"; then
- ok=yes
- else
- if test "$major" -eq "$req_major"; then
- if test "$minor" -gt "$req_minor"; then
- ok=yes
- else
- if test "$minor" -eq "$req_minor"; then
- if test "$micro" -ge "$req_micro"; then
- ok=yes
- fi
- fi
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- AC_MSG_RESULT([yes ($libgcrypt_config_version)])
- else
- AC_MSG_RESULT(no)
- fi
- if test $ok = yes; then
- # If we have a recent libgcrypt, we should also check that the
- # API is compatible
- if test "$req_libgcrypt_api" -gt 0 ; then
- if test -z "$use_gpgrt_config"; then
- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
- else
- tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
- fi
- if test "$tmp" -gt 0 ; then
- AC_MSG_CHECKING([LIBGCRYPT API version])
- if test "$req_libgcrypt_api" -eq "$tmp" ; then
- AC_MSG_RESULT([okay])
- else
- ok=no
- AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
- ifelse([$2], , :, [$2])
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
- else
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
- fi
- if test x"$libgcrypt_config_host" != xnone ; then
- if test x"$libgcrypt_config_host" != x"$host" ; then
- AC_MSG_WARN([[
-***
-*** The config script "$LIBGCRYPT_CONFIG" was
-*** built for $libgcrypt_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***]])
- gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
- fi
- fi
- else
- LIBGCRYPT_CFLAGS=""
- LIBGCRYPT_LIBS=""
- ifelse([$3], , :, [$3])
- fi
- AC_SUBST(LIBGCRYPT_CFLAGS)
- AC_SUBST(LIBGCRYPT_LIBS)
-])
-
-# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
-# serial 12 (pkg-config-0.29.2)
-
-dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-dnl General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-dnl 02111-1307, USA.
-dnl
-dnl As a special exception to the GNU General Public License, if you
-dnl distribute this file as part of a program that contains a
-dnl configuration script generated by Autoconf, you may include it under
-dnl the same distribution terms that you use for the rest of that
-dnl program.
-
-dnl PKG_PREREQ(MIN-VERSION)
-dnl -----------------------
-dnl Since: 0.29
-dnl
-dnl Verify that the version of the pkg-config macros are at least
-dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
-dnl installed version of pkg-config, this checks the developer's version
-dnl of pkg.m4 when generating configure.
-dnl
-dnl To ensure that this macro is defined, also add:
-dnl m4_ifndef([PKG_PREREQ],
-dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
-dnl
-dnl See the "Since" comment for each macro you use to see what version
-dnl of the macros you require.
-m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.2])
-m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
- [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
-])dnl PKG_PREREQ
-
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
-dnl Since: 0.16
-dnl
-dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
-dnl first found in the path. Checks that the version of pkg-config found
-dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
-dnl used since that's the first version where most current features of
-dnl pkg-config existed.
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=m4_default([$1], [0.9.0])
- AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- PKG_CONFIG=""
- fi
-fi[]dnl
-])dnl PKG_PROG_PKG_CONFIG
-
-dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------------------------------
-dnl Since: 0.18
-dnl
-dnl Check to see whether a particular set of modules exists. Similar to
-dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
-dnl
-dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
-dnl it's called might be skipped (such as if it is within an "if", you
-dnl have to call PKG_CHECK_EXISTS manually
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
- AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
- m4_default([$2], [:])
-m4_ifvaln([$3], [else
- $3])dnl
-fi])
-
-dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-dnl ---------------------------------------------
-dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
-dnl pkg_failed based on the result.
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
- pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
- PKG_CHECK_EXISTS([$3],
- [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes ],
- [pkg_failed=yes])
- else
- pkg_failed=untried
-fi[]dnl
-])dnl _PKG_CONFIG
-
-dnl _PKG_SHORT_ERRORS_SUPPORTED
-dnl ---------------------------
-dnl Internal check to see if pkg-config supports short errors.
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi[]dnl
-])dnl _PKG_SHORT_ERRORS_SUPPORTED
-
-
-dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl [ACTION-IF-NOT-FOUND])
-dnl --------------------------------------------------------------
-dnl Since: 0.4.0
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
-dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
- AC_MSG_RESULT([no])
- _PKG_SHORT_ERRORS_SUPPORTED
- if test $_pkg_short_errors_supported = yes; then
- $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
- else
- $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
- m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
- ])
-elif test $pkg_failed = untried; then
- AC_MSG_RESULT([no])
- m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
- ])
-else
- $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
- $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
- AC_MSG_RESULT([yes])
- $3
-fi[]dnl
-])dnl PKG_CHECK_MODULES
-
-
-dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl [ACTION-IF-NOT-FOUND])
-dnl ---------------------------------------------------------------------
-dnl Since: 0.29
-dnl
-dnl Checks for existence of MODULES and gathers its build flags with
-dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
-dnl and VARIABLE-PREFIX_LIBS from --libs.
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
-dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
-dnl configure.ac.
-AC_DEFUN([PKG_CHECK_MODULES_STATIC],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])dnl PKG_CHECK_MODULES_STATIC
-
-
-dnl PKG_INSTALLDIR([DIRECTORY])
-dnl -------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable pkgconfigdir as the location where a module
-dnl should install pkg-config .pc files. By default the directory is
-dnl $libdir/pkgconfig, but the default can be changed by passing
-dnl DIRECTORY. The user can override through the --with-pkgconfigdir
-dnl parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
- [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
- [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_INSTALLDIR
-
-
-dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
-dnl --------------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable noarch_pkgconfigdir as the location where a
-dnl module should install arch-independent pkg-config .pc files. By
-dnl default the directory is $datadir/pkgconfig, but the default can be
-dnl changed by passing DIRECTORY. The user can override through the
-dnl --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
- [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
- [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_NOARCH_INSTALLDIR
-
-
-dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------
-dnl Since: 0.28
-dnl
-dnl Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])dnl PKG_CHECK_VAR
-
-# Copyright (C) 2002-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_AUTOMAKE_VERSION(VERSION)
-# ----------------------------
-# Automake X.Y traces this macro to ensure aclocal.m4 has been
-# generated from the m4 files accompanying Automake X.Y.
-# (This private macro should not be called outside this file.)
-AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.16'
-dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
-dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.16.5], [],
- [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
-])
-
-# _AM_AUTOCONF_VERSION(VERSION)
-# -----------------------------
-# aclocal traces this macro to find the Autoconf version.
-# This is a private macro too. Using m4_define simplifies
-# the logic in aclocal, which can simply ignore this definition.
-m4_define([_AM_AUTOCONF_VERSION], [])
-
-# AM_SET_CURRENT_AUTOMAKE_VERSION
-# -------------------------------
-# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
-# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
-AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.16.5])dnl
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
-
-# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to
-# '$srcdir', '$srcdir/..', or '$srcdir/../..'.
-#
-# Of course, Automake must honor this variable whenever it calls a
-# tool from the auxiliary directory. The problem is that $srcdir (and
-# therefore $ac_aux_dir as well) can be either absolute or relative,
-# depending on how configure is run. This is pretty annoying, since
-# it makes $ac_aux_dir quite unusable in subdirectories: in the top
-# source directory, any form will work fine, but in subdirectories a
-# relative path needs to be adjusted first.
-#
-# $ac_aux_dir/missing
-# fails when called from a subdirectory if $ac_aux_dir is relative
-# $top_srcdir/$ac_aux_dir/missing
-# fails if $ac_aux_dir is absolute,
-# fails when called from a subdirectory in a VPATH build with
-# a relative $ac_aux_dir
-#
-# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
-# are both prefixed by $srcdir. In an in-source build this is usually
-# harmless because $srcdir is '.', but things will broke when you
-# start a VPATH build or use an absolute $srcdir.
-#
-# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
-# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
-# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
-# and then we would define $MISSING as
-# MISSING="\${SHELL} $am_aux_dir/missing"
-# This will work as long as MISSING is not called from configure, because
-# unfortunately $(top_srcdir) has no meaning in configure.
-# However there are other variables, like CC, which are often used in
-# configure, and could therefore not use this "fixed" $ac_aux_dir.
-#
-# Another solution, used here, is to always expand $ac_aux_dir to an
-# absolute PATH. The drawback is that using absolute paths prevent a
-# configured tree to be moved without reconfiguration.
-
-AC_DEFUN([AM_AUX_DIR_EXPAND],
-[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-])
-
-# AM_CONDITIONAL -*- Autoconf -*-
-
-# Copyright (C) 1997-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ([2.52])dnl
- m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
- [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-m4_define([_AM_COND_VALUE_$1], [$2])dnl
-if $2; then
- $1_TRUE=
- $1_FALSE='#'
-else
- $1_TRUE='#'
- $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
- AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-
-# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery. Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-# _AM_DEPENDENCIES(NAME)
-# ----------------------
-# See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC".
-# We try a few techniques and use that to set a single cache variable.
-#
-# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
-# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
-# dependency, and given that the user is not expected to run this macro,
-# just rely on AC_PROG_CC.
-AC_DEFUN([_AM_DEPENDENCIES],
-[AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-m4_if([$1], [CC], [depcc="$CC" am_compiler_list=],
- [$1], [CXX], [depcc="$CXX" am_compiler_list=],
- [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
- [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'],
- [$1], [UPC], [depcc="$UPC" am_compiler_list=],
- [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
- [depcc="$$1" am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
- [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_$1_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
- fi
- am__universal=false
- m4_case([$1], [CC],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac],
- [CXX],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac])
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_$1_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-AM_CONDITIONAL([am__fastdep$1], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
-])
-
-
-# AM_SET_DEPDIR
-# -------------
-# Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES.
-AC_DEFUN([AM_SET_DEPDIR],
-[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
-])
-
-
-# AM_DEP_TRACK
-# ------------
-AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE([dependency-tracking], [dnl
-AS_HELP_STRING(
- [--enable-dependency-tracking],
- [do not reject slow dependency extractors])
-AS_HELP_STRING(
- [--disable-dependency-tracking],
- [speeds up one-time build])])
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
-AC_SUBST([am__nodep])dnl
-_AM_SUBST_NOTMAKE([am__nodep])dnl
-])
-
-# Generate code to set up dependency tracking. -*- Autoconf -*-
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_OUTPUT_DEPENDENCY_COMMANDS
-# ------------------------------
-AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[{
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- AS_CASE([$CONFIG_FILES],
- [*\'*], [eval set x "$CONFIG_FILES"],
- [*], [set x $CONFIG_FILES])
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`AS_DIRNAME(["$am_mf"])`
- am_filepart=`AS_BASENAME(["$am_mf"])`
- AM_RUN_LOG([cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles]) || am_rc=$?
- done
- if test $am_rc -ne 0; then
- AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE="gmake" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).])
- fi
- AS_UNSET([am_dirpart])
- AS_UNSET([am_filepart])
- AS_UNSET([am_mf])
- AS_UNSET([am_rc])
- rm -f conftest-deps.mk
-}
-])# _AM_OUTPUT_DEPENDENCY_COMMANDS
-
-
-# AM_OUTPUT_DEPENDENCY_COMMANDS
-# -----------------------------
-# This macro should only be invoked once -- use via AC_REQUIRE.
-#
-# This code is only required when automatic dependency tracking is enabled.
-# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
-# order to bootstrap the dependency handling code.
-AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
-[AC_CONFIG_COMMANDS([depfiles],
- [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
-
-# Do all the work for Automake. -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This macro actually does too much. Some checks are only needed if
-# your package does certain things. But this isn't really a big deal.
-
-dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
-m4_define([AC_PROG_CC],
-m4_defn([AC_PROG_CC])
-[_AM_PROG_CC_C_O
-])
-
-# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
-# AM_INIT_AUTOMAKE([OPTIONS])
-# -----------------------------------------------
-# The call with PACKAGE and VERSION arguments is the old style
-# call (pre autoconf-2.50), which is being phased out. PACKAGE
-# and VERSION should now be passed to AC_INIT and removed from
-# the call to AM_INIT_AUTOMAKE.
-# We support both call styles for the transition. After
-# the next Automake release, Autoconf can make the AC_INIT
-# arguments mandatory, and then we can depend on a new Autoconf
-# release and drop the old call support.
-AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.65])dnl
-m4_ifdef([_$0_ALREADY_INIT],
- [m4_fatal([$0 expanded multiple times
-]m4_defn([_$0_ALREADY_INIT]))],
- [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
-dnl Autoconf wants to disallow AM_ names. We explicitly allow
-dnl the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
-AC_REQUIRE([AC_PROG_INSTALL])dnl
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-AC_SUBST([CYGPATH_W])
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[AC_DIAGNOSE([obsolete],
- [$0: two- and three-arguments forms are deprecated.])
-m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
-dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(
- m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
- [ok:ok],,
- [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
- AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
-AM_MISSING_PROG([AUTOCONF], [autoconf])
-AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
-AM_MISSING_PROG([AUTOHEADER], [autoheader])
-AM_MISSING_PROG([MAKEINFO], [makeinfo])
-AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
- [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES([CC])],
- [m4_define([AC_PROG_CC],
- m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES([CXX])],
- [m4_define([AC_PROG_CXX],
- m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES([OBJC])],
- [m4_define([AC_PROG_OBJC],
- m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
- [_AM_DEPENDENCIES([OBJCXX])],
- [m4_define([AC_PROG_OBJCXX],
- m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
-])
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-AC_SUBST([CTAGS])
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-AC_SUBST([ETAGS])
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-AC_SUBST([CSCOPE])
-
-AC_REQUIRE([AM_SILENT_RULES])dnl
-dnl The testsuite driver may need to know about EXEEXT, so add the
-dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
-dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
-AC_CONFIG_COMMANDS_PRE(dnl
-[m4_provide_if([_AM_COMPILER_EXEEXT],
- [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
- fi
-fi
-dnl The trailing newline in this macro's definition is deliberate, for
-dnl backward compatibility and to allow trailing 'dnl'-style comments
-dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
-])
-
-dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
-dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
-dnl mangled by Autoconf and run in a shell conditional statement.
-m4_define([_AC_COMPILER_EXEEXT],
-m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
-
-# When config.status generates a header, we must update the stamp-h file.
-# This file resides in the same directory as the config header
-# that is generated. The stamp files are numbered to have different names.
-
-# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
-# loop where config.status creates the headers, so we can generate
-# our stamp files there.
-AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
-[# Compute $1's index in $config_headers.
-_am_arg=$1
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_SH
-# ------------------
-# Define $install_sh.
-AC_DEFUN([AM_PROG_INSTALL_SH],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-AC_SUBST([install_sh])])
-
-# Copyright (C) 2003-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# Check whether the underlying file-system supports filenames
-# with a leading dot. For instance MS-DOS doesn't.
-AC_DEFUN([AM_SET_LEADING_DOT],
-[rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
-
-# Check to see how 'make' treats includes. -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_MAKE_INCLUDE()
-# -----------------
-# Check whether make has an 'include' directive that can support all
-# the idioms we need for our automatic dependency tracking code.
-AC_DEFUN([AM_MAKE_INCLUDE],
-[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
- AS_CASE([$?:`cat confinc.out 2>/dev/null`],
- ['0:this is the am__doit target'],
- [AS_CASE([$s],
- [BSD], [am__include='.include' am__quote='"'],
- [am__include='include' am__quote=''])])
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-AC_MSG_RESULT([${_am_result}])
-AC_SUBST([am__include])])
-AC_SUBST([am__quote])])
-
-# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-
-# Copyright (C) 1997-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_MISSING_PROG(NAME, PROGRAM)
-# ------------------------------
-AC_DEFUN([AM_MISSING_PROG],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-
-# AM_MISSING_HAS_RUN
-# ------------------
-# Define MISSING if not defined so far and test if it is modern enough.
-# If it is, set am_missing_run to use it, otherwise, to nothing.
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([missing])dnl
-if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- AC_MSG_WARN(['missing' script is too old or missing])
-fi
-])
-
-# Helper functions for option handling. -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_MANGLE_OPTION(NAME)
-# -----------------------
-AC_DEFUN([_AM_MANGLE_OPTION],
-[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-
-# _AM_SET_OPTION(NAME)
-# --------------------
-# Set option NAME. Presently that only means defining a flag for this option.
-AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), [1])])
-
-# _AM_SET_OPTIONS(OPTIONS)
-# ------------------------
-# OPTIONS is a space-separated list of Automake options.
-AC_DEFUN([_AM_SET_OPTIONS],
-[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-
-# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
-# -------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-AC_DEFUN([_AM_IF_OPTION],
-[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_PROG_CC_C_O
-# ---------------
-# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC
-# to automatically call this.
-AC_DEFUN([_AM_PROG_CC_C_O],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-AC_LANG_PUSH([C])dnl
-AC_CACHE_CHECK(
- [whether $CC understands -c and -o together],
- [am_cv_prog_cc_c_o],
- [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i])
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-AC_LANG_POP([C])])
-
-# For backward compatibility.
-AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_RUN_LOG(COMMAND)
-# -------------------
-# Run COMMAND, save the exit status in ac_status, and log it.
-# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
-AC_DEFUN([AM_RUN_LOG],
-[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
- ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- (exit $ac_status); }])
-
-# Check to make sure that the build environment is sane. -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_SANITY_CHECK
-# ---------------
-AC_DEFUN([AM_SANITY_CHECK],
-[AC_MSG_CHECKING([whether build environment is sane])
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[[\\\"\#\$\&\'\`$am_lf]]*)
- AC_MSG_ERROR([unsafe absolute working directory name]);;
-esac
-case $srcdir in
- *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
- AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$[*]" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$[*]" != "X $srcdir/configure conftest.file" \
- && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
- alias in your environment])
- fi
- if test "$[2]" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$[2]" = conftest.file
- )
-then
- # Ok.
- :
-else
- AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT([yes])
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-AC_CONFIG_COMMANDS_PRE(
- [AC_MSG_CHECKING([that generated files are newer than configure])
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- AC_MSG_RESULT([done])])
-rm -f conftest.file
-])
-
-# Copyright (C) 2009-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_SILENT_RULES([DEFAULT])
-# --------------------------
-# Enable less verbose build rules; with the default set to DEFAULT
-# ("yes" being less verbose, "no" or empty being verbose).
-AC_DEFUN([AM_SILENT_RULES],
-[AC_ARG_ENABLE([silent-rules], [dnl
-AS_HELP_STRING(
- [--enable-silent-rules],
- [less verbose build output (undo: "make V=1")])
-AS_HELP_STRING(
- [--disable-silent-rules],
- [verbose build output (undo: "make V=0")])dnl
-])
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
-esac
-dnl
-dnl A few 'make' implementations (e.g., NonStop OS and NextStep)
-dnl do not support nested variable expansions.
-dnl See automake bug#9928 and bug#10237.
-am_make=${MAKE-make}
-AC_CACHE_CHECK([whether $am_make supports nested variables],
- [am_cv_make_support_nested_variables],
- [if AS_ECHO([['TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi])
-if test $am_cv_make_support_nested_variables = yes; then
- dnl Using '$V' instead of '$(V)' breaks IRIX make.
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AC_SUBST([AM_V])dnl
-AM_SUBST_NOTMAKE([AM_V])dnl
-AC_SUBST([AM_DEFAULT_V])dnl
-AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl
-AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
-AM_BACKSLASH='\'
-AC_SUBST([AM_BACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
-])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_STRIP
-# ---------------------
-# One issue with vendor 'install' (even GNU) is that you can't
-# specify the program used to strip binaries. This is especially
-# annoying in cross-compiling environments, where the build's strip
-# is unlikely to handle the host's binaries.
-# Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in "make install-strip", and initialize
-# STRIPPROG with the value of the STRIP variable (set by the user).
-AC_DEFUN([AM_PROG_INSTALL_STRIP],
-[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be 'maybe'.
-if test "$cross_compiling" != no; then
- AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-
-# Copyright (C) 2006-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
-
-# AM_SUBST_NOTMAKE(VARIABLE)
-# --------------------------
-# Public sister of _AM_SUBST_NOTMAKE.
-AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
-
-# Check how to create a tarball. -*- Autoconf -*-
-
-# Copyright (C) 2004-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_PROG_TAR(FORMAT)
-# --------------------
-# Check how to create a tarball in format FORMAT.
-# FORMAT should be one of 'v7', 'ustar', or 'pax'.
-#
-# Substitute a variable $(am__tar) that is a command
-# writing to stdout a FORMAT-tarball containing the directory
-# $tardir.
-# tardir=directory && $(am__tar) > result.tar
-#
-# Substitute a variable $(am__untar) that extract such
-# a tarball read from stdin.
-# $(am__untar) < result.tar
-#
-AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AC_SUBST([AMTAR], ['$${TAR-tar}'])
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-
-m4_if([$1], [v7],
- [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
-
- [m4_case([$1],
- [ustar],
- [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
- # There is notably a 21 bits limit for the UID and the GID. In fact,
- # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
- # and bug#13588).
- am_max_uid=2097151 # 2^21 - 1
- am_max_gid=$am_max_uid
- # The $UID and $GID variables are not portable, so we need to resort
- # to the POSIX-mandated id(1) utility. Errors in the 'id' calls
- # below are definitely unexpected, so allow the users to see them
- # (that is, avoid stderr redirection).
- am_uid=`id -u || echo unknown`
- am_gid=`id -g || echo unknown`
- AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
- if test $am_uid -le $am_max_uid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi
- AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
- if test $am_gid -le $am_max_gid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi],
-
- [pax],
- [],
-
- [m4_fatal([Unknown tar format])])
-
- AC_MSG_CHECKING([how to create a $1 tar archive])
-
- # Go ahead even if we have the value already cached. We do so because we
- # need to set the values for the 'am__tar' and 'am__untar' variables.
- _am_tools=${am_cv_prog_tar_$1-$_am_tools}
-
- for _am_tool in $_am_tools; do
- case $_am_tool in
- gnutar)
- for _am_tar in tar gnutar gtar; do
- AM_RUN_LOG([$_am_tar --version]) && break
- done
- am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
- am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
- am__untar="$_am_tar -xf -"
- ;;
- plaintar)
- # Must skip GNU tar: if it does not support --format= it doesn't create
- # ustar tarball either.
- (tar --version) >/dev/null 2>&1 && continue
- am__tar='tar chf - "$$tardir"'
- am__tar_='tar chf - "$tardir"'
- am__untar='tar xf -'
- ;;
- pax)
- am__tar='pax -L -x $1 -w "$$tardir"'
- am__tar_='pax -L -x $1 -w "$tardir"'
- am__untar='pax -r'
- ;;
- cpio)
- am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
- am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
- am__untar='cpio -i -H $1 -d'
- ;;
- none)
- am__tar=false
- am__tar_=false
- am__untar=false
- ;;
- esac
-
- # If the value was cached, stop now. We just wanted to have am__tar
- # and am__untar set.
- test -n "${am_cv_prog_tar_$1}" && break
-
- # tar/untar a dummy directory, and stop if the command works.
- rm -rf conftest.dir
- mkdir conftest.dir
- echo GrepMe > conftest.dir/file
- AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
- rm -rf conftest.dir
- if test -s conftest.tar; then
- AM_RUN_LOG([$am__untar <conftest.tar])
- AM_RUN_LOG([cat conftest.dir/file])
- grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
- fi
- done
- rm -rf conftest.dir
-
- AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
- AC_MSG_RESULT([$am_cv_prog_tar_$1])])
-
-AC_SUBST([am__tar])
-AC_SUBST([am__untar])
-]) # _AM_PROG_TAR
-
-m4_include([m4/gettext.m4])
-m4_include([m4/iconv.m4])
-m4_include([m4/intlmacosx.m4])
-m4_include([m4/lib-ld.m4])
-m4_include([m4/lib-link.m4])
-m4_include([m4/lib-prefix.m4])
-m4_include([m4/libtool.m4])
-m4_include([m4/ltoptions.m4])
-m4_include([m4/ltsugar.m4])
-m4_include([m4/ltversion.m4])
-m4_include([m4/lt~obsolete.m4])
-m4_include([m4/nls.m4])
-m4_include([m4/po.m4])
-m4_include([m4/progtest.m4])
(autopoint --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have autopoint installed."
- echo "Download the appropriate package for your distribution,"
- echo "or see http://www.gnu.org/software/gettext"
+ echo "Download the appropriate package for your distribution."
DIE=1
}
+
+(msgfmt --version) < /dev/null > /dev/null 2>&1 || {
+ echo
+ echo "**Warning**: You should have gettext installed."
+ echo "Download the appropriate package for your distribution."
+ echo "To disable translation, you can also use --disable-nls"
+ echo "configure option."
+}
+
(autoconf --version) < /dev/null > /dev/null 2>&1 || {
echo
- echo "**Error**: You must have autoconf installed to."
- echo "Download the appropriate package for your distribution,"
- echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/"
+ echo "**Error**: You must have autoconf installed."
+ echo "Download the appropriate package for your distribution."
DIE=1
}
-(grep "^AM_PROG_LIBTOOL" $srcdir/configure.ac >/dev/null) && {
- (libtool --version) < /dev/null > /dev/null 2>&1 || {
+(grep "^LT_INIT" $srcdir/configure.ac >/dev/null) && {
+ (libtoolize --version) < /dev/null > /dev/null 2>&1 || {
echo
- echo "**Error**: You must have libtool installed."
- echo "Get ftp://ftp.gnu.org/pub/gnu/"
- echo "(or a newer version if it is available)"
+ echo "**Error**: You must have libtoolize installed."
+ echo "Download the appropriate package for your distribution."
DIE=1
}
}
(automake --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have automake installed."
- echo "Get ftp://ftp.gnu.org/pub/gnu/"
- echo "(or a newer version if it is available)"
+ echo "Download the appropriate package for your distribution."
DIE=1
NO_AUTOMAKE=yes
}
echo
echo "**Error**: Missing aclocal. The version of automake"
echo "installed doesn't appear recent enough."
- echo "Get ftp://ftp.gnu.org/pub/gnu/"
- echo "(or a newer version if it is available)"
DIE=1
}
exit 1
fi
-if test -z "$*"; then
- echo
- echo "**Warning**: I am going to run 'configure' with no arguments."
- echo "If you wish to pass any to it, please specify them on the"
- echo \'$0\'" command line."
-fi
-
echo
echo "Generate build-system by:"
echo " autopoint: $(autopoint --version | head -1)"
libtoolize --force --copy
aclocal -I m4 $AL_OPTS
autoheader $AH_OPTS
-automake --add-missing --copy --gnu $AM_OPTS
+automake --force-missing --add-missing --copy --gnu $AM_OPTS
autoconf $AC_OPTS
-if test x$NOCONFIGURE = x; then
- echo Running $srcdir/configure $conf_flags "$@" ...
- $srcdir/configure $conf_flags "$@" \
- && echo Now type \`make\' to compile $PKG_NAME
-else
- echo Skipping configure process.
-fi
+echo
+echo "Now type '$srcdir/configure' and 'make' to compile."
+echo
+++ /dev/null
-#! /bin/sh
-# Wrapper for compilers which do not understand '-c -o'.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-nl='
-'
-
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent tools from complaining about whitespace usage.
-IFS=" "" $nl"
-
-file_conv=
-
-# func_file_conv build_file lazy
-# Convert a $build file to $host form and store it in $file
-# Currently only supports Windows hosts. If the determined conversion
-# type is listed in (the comma separated) LAZY, no conversion will
-# take place.
-func_file_conv ()
-{
- file=$1
- case $file in
- / | /[!/]*) # absolute file, and not a UNC file
- if test -z "$file_conv"; then
- # lazily determine how to convert abs files
- case `uname -s` in
- MINGW*)
- file_conv=mingw
- ;;
- CYGWIN* | MSYS*)
- file_conv=cygwin
- ;;
- *)
- file_conv=wine
- ;;
- esac
- fi
- case $file_conv/,$2, in
- *,$file_conv,*)
- ;;
- mingw/*)
- file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
- ;;
- cygwin/* | msys/*)
- file=`cygpath -m "$file" || echo "$file"`
- ;;
- wine/*)
- file=`winepath -w "$file" || echo "$file"`
- ;;
- esac
- ;;
- esac
-}
-
-# func_cl_dashL linkdir
-# Make cl look for libraries in LINKDIR
-func_cl_dashL ()
-{
- func_file_conv "$1"
- if test -z "$lib_path"; then
- lib_path=$file
- else
- lib_path="$lib_path;$file"
- fi
- linker_opts="$linker_opts -LIBPATH:$file"
-}
-
-# func_cl_dashl library
-# Do a library search-path lookup for cl
-func_cl_dashl ()
-{
- lib=$1
- found=no
- save_IFS=$IFS
- IFS=';'
- for dir in $lib_path $LIB
- do
- IFS=$save_IFS
- if $shared && test -f "$dir/$lib.dll.lib"; then
- found=yes
- lib=$dir/$lib.dll.lib
- break
- fi
- if test -f "$dir/$lib.lib"; then
- found=yes
- lib=$dir/$lib.lib
- break
- fi
- if test -f "$dir/lib$lib.a"; then
- found=yes
- lib=$dir/lib$lib.a
- break
- fi
- done
- IFS=$save_IFS
-
- if test "$found" != yes; then
- lib=$lib.lib
- fi
-}
-
-# func_cl_wrapper cl arg...
-# Adjust compile command to suit cl
-func_cl_wrapper ()
-{
- # Assume a capable shell
- lib_path=
- shared=:
- linker_opts=
- for arg
- do
- if test -n "$eat"; then
- eat=
- else
- case $1 in
- -o)
- # configure might choose to run compile as 'compile cc -o foo foo.c'.
- eat=1
- case $2 in
- *.o | *.[oO][bB][jJ])
- func_file_conv "$2"
- set x "$@" -Fo"$file"
- shift
- ;;
- *)
- func_file_conv "$2"
- set x "$@" -Fe"$file"
- shift
- ;;
- esac
- ;;
- -I)
- eat=1
- func_file_conv "$2" mingw
- set x "$@" -I"$file"
- shift
- ;;
- -I*)
- func_file_conv "${1#-I}" mingw
- set x "$@" -I"$file"
- shift
- ;;
- -l)
- eat=1
- func_cl_dashl "$2"
- set x "$@" "$lib"
- shift
- ;;
- -l*)
- func_cl_dashl "${1#-l}"
- set x "$@" "$lib"
- shift
- ;;
- -L)
- eat=1
- func_cl_dashL "$2"
- ;;
- -L*)
- func_cl_dashL "${1#-L}"
- ;;
- -static)
- shared=false
- ;;
- -Wl,*)
- arg=${1#-Wl,}
- save_ifs="$IFS"; IFS=','
- for flag in $arg; do
- IFS="$save_ifs"
- linker_opts="$linker_opts $flag"
- done
- IFS="$save_ifs"
- ;;
- -Xlinker)
- eat=1
- linker_opts="$linker_opts $2"
- ;;
- -*)
- set x "$@" "$1"
- shift
- ;;
- *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
- func_file_conv "$1"
- set x "$@" -Tp"$file"
- shift
- ;;
- *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
- func_file_conv "$1" mingw
- set x "$@" "$file"
- shift
- ;;
- *)
- set x "$@" "$1"
- shift
- ;;
- esac
- fi
- shift
- done
- if test -n "$linker_opts"; then
- linker_opts="-link$linker_opts"
- fi
- exec "$@" $linker_opts
- exit 1
-}
-
-eat=
-
-case $1 in
- '')
- echo "$0: No command. Try '$0 --help' for more information." 1>&2
- exit 1;
- ;;
- -h | --h*)
- cat <<\EOF
-Usage: compile [--help] [--version] PROGRAM [ARGS]
-
-Wrapper for compilers which do not understand '-c -o'.
-Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
-arguments, and rename the output as expected.
-
-If you are trying to build a whole package this is not the
-right script to run: please start by reading the file 'INSTALL'.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v | --v*)
- echo "compile $scriptversion"
- exit $?
- ;;
- cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
- icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
- func_cl_wrapper "$@" # Doesn't return...
- ;;
-esac
-
-ofile=
-cfile=
-
-for arg
-do
- if test -n "$eat"; then
- eat=
- else
- case $1 in
- -o)
- # configure might choose to run compile as 'compile cc -o foo foo.c'.
- # So we strip '-o arg' only if arg is an object.
- eat=1
- case $2 in
- *.o | *.obj)
- ofile=$2
- ;;
- *)
- set x "$@" -o "$2"
- shift
- ;;
- esac
- ;;
- *.c)
- cfile=$1
- set x "$@" "$1"
- shift
- ;;
- *)
- set x "$@" "$1"
- shift
- ;;
- esac
- fi
- shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
- # If no '-o' option was seen then we might have been invoked from a
- # pattern rule where we don't need one. That is ok -- this is a
- # normal compilation that the losing compiler can handle. If no
- # '.c' file was seen then we are probably linking. That is also
- # ok.
- exec "$@"
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use '[/\\:.-]' here to ensure that we don't use the same name
-# that we are using for the .o file. Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
-while true; do
- if mkdir "$lockdir" >/dev/null 2>&1; then
- break
- fi
- sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir '$lockdir'; exit 1" 1 2 15
-
-# Run the compile.
-"$@"
-ret=$?
-
-if test -f "$cofile"; then
- test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
-elif test -f "${cofile}bj"; then
- test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
-fi
-
-rmdir "$lockdir"
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
+++ /dev/null
-/* config.h.in. Generated from configure.ac by autoheader. */
-
-/* Define if building universal (internal helper macro) */
-#undef AC_APPLE_UNIVERSAL_BUILD
-
-/* maximum integritysetup keyfile size (in KiB) */
-#undef DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB
-
-/* maximum keyfile size (in KiB) */
-#undef DEFAULT_KEYFILE_SIZE_MAXKB
-
-/* cipher for loop-AES mode */
-#undef DEFAULT_LOOPAES_CIPHER
-
-/* key length in bits for loop-AES mode */
-#undef DEFAULT_LOOPAES_KEYBITS
-
-/* cipher for LUKS1 */
-#undef DEFAULT_LUKS1_CIPHER
-
-/* hash function for LUKS1 header */
-#undef DEFAULT_LUKS1_HASH
-
-/* PBKDF2 iteration time for LUKS1 (in ms) */
-#undef DEFAULT_LUKS1_ITER_TIME
-
-/* key length in bits for LUKS1 */
-#undef DEFAULT_LUKS1_KEYBITS
-
-/* cipher mode for LUKS1 */
-#undef DEFAULT_LUKS1_MODE
-
-/* Argon2 PBKDF iteration time for LUKS2 (in ms) */
-#undef DEFAULT_LUKS2_ITER_TIME
-
-/* fallback cipher for LUKS2 keyslot (if data encryption is incompatible) */
-#undef DEFAULT_LUKS2_KEYSLOT_CIPHER
-
-/* fallback key size for LUKS2 keyslot (if data encryption is incompatible) */
-#undef DEFAULT_LUKS2_KEYSLOT_KEYBITS
-
-/* default luks2 locking directory permissions */
-#undef DEFAULT_LUKS2_LOCK_DIR_PERMS
-
-/* path to directory for LUKSv2 locks */
-#undef DEFAULT_LUKS2_LOCK_PATH
-
-/* Argon2 PBKDF memory cost for LUKS2 (in kB) */
-#undef DEFAULT_LUKS2_MEMORY_KB
-
-/* Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available) */
-#undef DEFAULT_LUKS2_PARALLEL_THREADS
-
-/* Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2 */
-#undef DEFAULT_LUKS2_PBKDF
-
-/* default LUKS format version */
-#undef DEFAULT_LUKS_FORMAT
-
-/* maximum passphrase size (in characters) */
-#undef DEFAULT_PASSPHRASE_SIZE_MAX
-
-/* cipher for plain mode */
-#undef DEFAULT_PLAIN_CIPHER
-
-/* password hashing function for plain mode */
-#undef DEFAULT_PLAIN_HASH
-
-/* key length in bits for plain mode */
-#undef DEFAULT_PLAIN_KEYBITS
-
-/* cipher mode for plain mode */
-#undef DEFAULT_PLAIN_MODE
-
-/* default RNG type for key generator */
-#undef DEFAULT_RNG
-
-/* override default path to directory with systemd temporary files */
-#undef DEFAULT_TMPFILESDIR
-
-/* data block size for verity mode */
-#undef DEFAULT_VERITY_DATA_BLOCK
-
-/* parity bytes for verity FEC */
-#undef DEFAULT_VERITY_FEC_ROOTS
-
-/* hash function for verity mode */
-#undef DEFAULT_VERITY_HASH
-
-/* hash block size for verity mode */
-#undef DEFAULT_VERITY_HASH_BLOCK
-
-/* salt size for verity mode */
-#undef DEFAULT_VERITY_SALT_SIZE
-
-/* Enable using of kernel userspace crypto */
-#undef ENABLE_AF_ALG
-
-/* Enable FIPS mode restrictions */
-#undef ENABLE_FIPS
-
-/* XTS mode - double default LUKS keysize if needed */
-#undef ENABLE_LUKS_ADJUST_XTS_KEYSIZE
-
-/* Define to 1 if translation of program messages to the user's native
- language is requested. */
-#undef ENABLE_NLS
-
-/* Enable password quality checking using passwdqc library */
-#undef ENABLE_PASSWDQC
-
-/* Enable password quality checking using pwquality library */
-#undef ENABLE_PWQUALITY
-
-/* Requested gcrypt version */
-#undef GCRYPT_REQ_VERSION
-
-/* Define to 1 if you have the <argon2.h> header file. */
-#undef HAVE_ARGON2_H
-
-/* Define to 1 to use blkid for detection of disk signatures. */
-#undef HAVE_BLKID
-
-/* Define to 1 if you have the <blkid/blkid.h> header file. */
-#undef HAVE_BLKID_BLKID_H
-
-/* Define to 1 to use blkid_probe_step_back. */
-#undef HAVE_BLKID_STEP_BACK
-
-/* Define to 1 to use blkid_do_wipe. */
-#undef HAVE_BLKID_WIPE
-
-/* Define to 1 if you have the <byteswap.h> header file. */
-#undef HAVE_BYTESWAP_H
-
-/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the
- CoreFoundation framework. */
-#undef HAVE_CFLOCALECOPYCURRENT
-
-/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in
- the CoreFoundation framework. */
-#undef HAVE_CFPREFERENCESCOPYAPPVALUE
-
-/* Define to 1 if you have the `clock_gettime' function. */
-#undef HAVE_CLOCK_GETTIME
-
-/* Define to 1 if you have the <ctype.h> header file. */
-#undef HAVE_CTYPE_H
-
-/* Define if the GNU dcgettext() function is already present or preinstalled.
- */
-#undef HAVE_DCGETTEXT
-
-/* Define to 1 if you have the declaration of `blkid_do_probe', and to 0 if
- you don't. */
-#undef HAVE_DECL_BLKID_DO_PROBE
-
-/* Define to 1 if you have the declaration of `blkid_do_safeprobe', and to 0
- if you don't. */
-#undef HAVE_DECL_BLKID_DO_SAFEPROBE
-
-/* Define to 1 if you have the declaration of
- `blkid_probe_filter_superblocks_type', and to 0 if you don't. */
-#undef HAVE_DECL_BLKID_PROBE_FILTER_SUPERBLOCKS_TYPE
-
-/* Define to 1 if you have the declaration of `blkid_probe_lookup_value ', and
- to 0 if you don't. */
-#undef HAVE_DECL_BLKID_PROBE_LOOKUP_VALUE__________
-
-/* Define to 1 if you have the declaration of `blkid_probe_set_device', and to
- 0 if you don't. */
-#undef HAVE_DECL_BLKID_PROBE_SET_DEVICE
-
-/* Define to 1 if you have the declaration of `blkid_reset_probe', and to 0 if
- you don't. */
-#undef HAVE_DECL_BLKID_RESET_PROBE
-
-/* Define to 1 if you have the declaration of `dm_device_get_name', and to 0
- if you don't. */
-#undef HAVE_DECL_DM_DEVICE_GET_NAME
-
-/* Define to 1 if you have the declaration of `DM_DEVICE_GET_TARGET_VERSION',
- and to 0 if you don't. */
-#undef HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION
-
-/* Define to 1 if you have the declaration of `dm_device_has_holders', and to
- 0 if you don't. */
-#undef HAVE_DECL_DM_DEVICE_HAS_HOLDERS
-
-/* Define to 1 if you have the declaration of `dm_device_has_mounted_fs', and
- to 0 if you don't. */
-#undef HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS
-
-/* Define to 1 if you have the declaration of `dm_task_deferred_remove', and
- to 0 if you don't. */
-#undef HAVE_DECL_DM_TASK_DEFERRED_REMOVE
-
-/* Define to 1 if you have the declaration of `dm_task_retry_remove', and to 0
- if you don't. */
-#undef HAVE_DECL_DM_TASK_RETRY_REMOVE
-
-/* Define to 1 if you have the declaration of `dm_task_secure_data', and to 0
- if you don't. */
-#undef HAVE_DECL_DM_TASK_SECURE_DATA
-
-/* Define to 1 if you have the declaration of
- `DM_UDEV_DISABLE_DISK_RULES_FLAG', and to 0 if you don't. */
-#undef HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG
-
-/* Define to 1 if you have the declaration of `GCRY_CIPHER_MODE_XTS', and to 0
- if you don't. */
-#undef HAVE_DECL_GCRY_CIPHER_MODE_XTS
-
-/* Define to 1 if you have the declaration of `json_object_deep_copy', and to
- 0 if you don't. */
-#undef HAVE_DECL_JSON_OBJECT_DEEP_COPY
-
-/* Define to 1 if you have the declaration of `json_object_object_add_ex', and
- to 0 if you don't. */
-#undef HAVE_DECL_JSON_OBJECT_OBJECT_ADD_EX
-
-/* Define to 1 if you have the declaration of `NSS_GetVersion', and to 0 if
- you don't. */
-#undef HAVE_DECL_NSS_GETVERSION
-
-/* Define to 1 if you have the declaration of `O_CLOEXEC', and to 0 if you
- don't. */
-#undef HAVE_DECL_O_CLOEXEC
-
-/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
- don't. */
-#undef HAVE_DECL_STRERROR_R
-
-/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
- */
-#undef HAVE_DIRENT_H
-
-/* Define to 1 if you have the <dlfcn.h> header file. */
-#undef HAVE_DLFCN_H
-
-/* Define to 1 if you have the <endian.h> header file. */
-#undef HAVE_ENDIAN_H
-
-/* Define to 1 if you have the `explicit_bzero' function. */
-#undef HAVE_EXPLICIT_BZERO
-
-/* Define to 1 if you have the <fcntl.h> header file. */
-#undef HAVE_FCNTL_H
-
-/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
-#undef HAVE_FSEEKO
-
-/* Define if the GNU gettext() function is already present or preinstalled. */
-#undef HAVE_GETTEXT
-
-/* Define if you have the iconv() function and it works. */
-#undef HAVE_ICONV
-
-/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define to 1 if the system has the type `key_serial_t'. */
-#undef HAVE_KEY_SERIAL_T
-
-/* Define to 1 if you have the `devmapper' library (-ldevmapper). */
-#undef HAVE_LIBDEVMAPPER
-
-/* Define to 1 if you have the `gcrypt' library (-lgcrypt). */
-#undef HAVE_LIBGCRYPT
-
-/* Define to 1 if you have the `nettle' library (-lnettle). */
-#undef HAVE_LIBNETTLE
-
-/* Define to 1 if you have the `popt' library (-lpopt). */
-#undef HAVE_LIBPOPT
-
-/* Define to 1 if you have the `selinux' library (-lselinux). */
-#undef HAVE_LIBSELINUX
-
-/* Define to 1 if you have the `sepol' library (-lsepol). */
-#undef HAVE_LIBSEPOL
-
-/* Define to 1 if you have the `uuid' library (-luuid). */
-#undef HAVE_LIBUUID
-
-/* Define to 1 if you have the <linux/if_alg.h> header file. */
-#undef HAVE_LINUX_IF_ALG_H
-
-/* Define to 1 if you have the <linux/keyctl.h> header file. */
-#undef HAVE_LINUX_KEYCTL_H
-
-/* Define to 1 if you have the <locale.h> header file. */
-#undef HAVE_LOCALE_H
-
-/* Define to 1 if you have the <malloc.h> header file. */
-#undef HAVE_MALLOC_H
-
-/* Define to 1 if you have the <minix/config.h> header file. */
-#undef HAVE_MINIX_CONFIG_H
-
-/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
-#undef HAVE_NDIR_H
-
-/* Define to 1 if you have the <nettle/sha.h> header file. */
-#undef HAVE_NETTLE_SHA_H
-
-/* Define to 1 if you have the <nettle/version.h> header file. */
-#undef HAVE_NETTLE_VERSION_H
-
-/* Define to 1 if you have the `passwdqc_params_free' function. */
-#undef HAVE_PASSWDQC_PARAMS_FREE
-
-/* Define to 1 if you have the `posix_fallocate' function. */
-#undef HAVE_POSIX_FALLOCATE
-
-/* Define to 1 if you have the `posix_memalign' function. */
-#undef HAVE_POSIX_MEMALIGN
-
-/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H
-
-/* Define to 1 if you have the <stdio.h> header file. */
-#undef HAVE_STDIO_H
-
-/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H
-
-/* Define if you have `strerror_r'. */
-#undef HAVE_STRERROR_R
-
-/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H
-
-/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H
-
-/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
- */
-#undef HAVE_SYS_DIR_H
-
-/* Define to 1 if you have the <sys/ioctl.h> header file. */
-#undef HAVE_SYS_IOCTL_H
-
-/* Define to 1 if you have the <sys/mman.h> header file. */
-#undef HAVE_SYS_MMAN_H
-
-/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
- */
-#undef HAVE_SYS_NDIR_H
-
-/* Define to 1 if you have the <sys/statvfs.h> header file. */
-#undef HAVE_SYS_STATVFS_H
-
-/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H
-
-/* Define to 1 if you have the <sys/sysmacros.h> header file. */
-#undef HAVE_SYS_SYSMACROS_H
-
-/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H
-
-/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H
-
-/* Define to 1 if you have the <uuid/uuid.h> header file. */
-#undef HAVE_UUID_UUID_H
-
-/* Define to 1 if you have the <wchar.h> header file. */
-#undef HAVE_WCHAR_H
-
-/* Define as const if the declaration of iconv() needs const. */
-#undef ICONV_CONST
-
-/* Enable kernel keyring service support */
-#undef KERNEL_KEYRING
-
-/* Define to the sub-directory where libtool stores uninstalled libraries. */
-#undef LT_OBJDIR
-
-/* Defined to 0 if not provided */
-#undef O_CLOEXEC
-
-/* Name of package */
-#undef PACKAGE
-
-/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT
-
-/* Define to the full name of this package. */
-#undef PACKAGE_NAME
-
-/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING
-
-/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME
-
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
-/* Define to the version of this package. */
-#undef PACKAGE_VERSION
-
-/* passwdqc library config file */
-#undef PASSWDQC_CONFIG_FILE
-
-/* Define to 1 if all of the C90 standard headers exist (not just the ones
- required in a freestanding environment). This macro is provided for
- backward compatibility; new code need not use it. */
-#undef STDC_HEADERS
-
-/* Define to 1 if strerror_r returns char *. */
-#undef STRERROR_R_CHAR_P
-
-/* Use internal Argon2 */
-#undef USE_INTERNAL_ARGON2
-
-/* Use internal PBKDF2 */
-#undef USE_INTERNAL_PBKDF2
-
-/* Use LUKS2 online reencryption extension */
-#undef USE_LUKS2_REENCRYPTION
-
-/* Enable extensions on AIX 3, Interix. */
-#ifndef _ALL_SOURCE
-# undef _ALL_SOURCE
-#endif
-/* Enable general extensions on macOS. */
-#ifndef _DARWIN_C_SOURCE
-# undef _DARWIN_C_SOURCE
-#endif
-/* Enable general extensions on Solaris. */
-#ifndef __EXTENSIONS__
-# undef __EXTENSIONS__
-#endif
-/* Enable GNU extensions on systems that have them. */
-#ifndef _GNU_SOURCE
-# undef _GNU_SOURCE
-#endif
-/* Enable X/Open compliant socket functions that do not require linking
- with -lxnet on HP-UX 11.11. */
-#ifndef _HPUX_ALT_XOPEN_SOCKET_API
-# undef _HPUX_ALT_XOPEN_SOCKET_API
-#endif
-/* Identify the host operating system as Minix.
- This macro does not affect the system headers' behavior.
- A future release of Autoconf may stop defining this macro. */
-#ifndef _MINIX
-# undef _MINIX
-#endif
-/* Enable general extensions on NetBSD.
- Enable NetBSD compatibility extensions on Minix. */
-#ifndef _NETBSD_SOURCE
-# undef _NETBSD_SOURCE
-#endif
-/* Enable OpenBSD compatibility extensions on NetBSD.
- Oddly enough, this does nothing on OpenBSD. */
-#ifndef _OPENBSD_SOURCE
-# undef _OPENBSD_SOURCE
-#endif
-/* Define to 1 if needed for POSIX-compatible behavior. */
-#ifndef _POSIX_SOURCE
-# undef _POSIX_SOURCE
-#endif
-/* Define to 2 if needed for POSIX-compatible behavior. */
-#ifndef _POSIX_1_SOURCE
-# undef _POSIX_1_SOURCE
-#endif
-/* Enable POSIX-compatible threading on Solaris. */
-#ifndef _POSIX_PTHREAD_SEMANTICS
-# undef _POSIX_PTHREAD_SEMANTICS
-#endif
-/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */
-#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
-# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__
-#endif
-/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */
-#ifndef __STDC_WANT_IEC_60559_BFP_EXT__
-# undef __STDC_WANT_IEC_60559_BFP_EXT__
-#endif
-/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */
-#ifndef __STDC_WANT_IEC_60559_DFP_EXT__
-# undef __STDC_WANT_IEC_60559_DFP_EXT__
-#endif
-/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */
-#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__
-# undef __STDC_WANT_IEC_60559_FUNCS_EXT__
-#endif
-/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */
-#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__
-# undef __STDC_WANT_IEC_60559_TYPES_EXT__
-#endif
-/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */
-#ifndef __STDC_WANT_LIB_EXT2__
-# undef __STDC_WANT_LIB_EXT2__
-#endif
-/* Enable extensions specified by ISO/IEC 24747:2009. */
-#ifndef __STDC_WANT_MATH_SPEC_FUNCS__
-# undef __STDC_WANT_MATH_SPEC_FUNCS__
-#endif
-/* Enable extensions on HP NonStop. */
-#ifndef _TANDEM_SOURCE
-# undef _TANDEM_SOURCE
-#endif
-/* Enable X/Open extensions. Define to 500 only if necessary
- to make mbstate_t available. */
-#ifndef _XOPEN_SOURCE
-# undef _XOPEN_SOURCE
-#endif
-
-
-/* Try to use udev synchronisation? */
-#undef USE_UDEV
-
-/* Version number of package */
-#undef VERSION
-
-/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
- significant byte first (like Motorola and SPARC, unlike Intel). */
-#if defined AC_APPLE_UNIVERSAL_BUILD
-# if defined __BIG_ENDIAN__
-# define WORDS_BIGENDIAN 1
-# endif
-#else
-# ifndef WORDS_BIGENDIAN
-# undef WORDS_BIGENDIAN
-# endif
-#endif
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-#undef _FILE_OFFSET_BITS
-
-/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
-#undef _LARGEFILE_SOURCE
-
-/* Define for large files, on AIX-style hosts. */
-#undef _LARGE_FILES
-
-/* Define to empty if `const' does not conform to ANSI C. */
-#undef const
-
-/* Define to `long int' if <sys/types.h> does not define. */
-#undef off_t
-
-/* Define to the equivalent of the C99 'restrict' keyword, or to
- nothing if this is not supported. Do not define if restrict is
- supported only directly. */
-#undef restrict
-/* Work around a bug in older versions of Sun C++, which did not
- #define __restrict__ or support _Restrict or __restrict__
- even though the corresponding Sun C compiler ended up with
- "#define restrict _Restrict" or "#define restrict __restrict__"
- in the previous line. This workaround can be removed once
- we assume Oracle Developer Studio 12.5 (2016) or later. */
-#if defined __SUNPRO_CC && !defined __RESTRICT && !defined __restrict__
-# define _Restrict
-# define __restrict__
-#endif
+++ /dev/null
-#! /bin/sh
-# Output a system dependent set of variables, describing how to set the
-# run time search path of shared libraries in an executable.
-#
-# Copyright 1996-2013 Free Software Foundation, Inc.
-# Taken from GNU libtool, 2001
-# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-#
-# The first argument passed to this file is the canonical host specification,
-# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or
-# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
-# should be set by the caller.
-#
-# The set of defined variables is at the end of this script.
-
-# Known limitations:
-# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
-# than 256 bytes, otherwise the compiler driver will dump core. The only
-# known workaround is to choose shorter directory names for the build
-# directory and/or the installation directory.
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-shrext=.so
-
-host="$1"
-host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-# Code taken from libtool.m4's _LT_CC_BASENAME.
-
-for cc_temp in $CC""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
-done
-cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
-
-# Code taken from libtool.m4's _LT_COMPILER_PIC.
-
-wl=
-if test "$GCC" = yes; then
- wl='-Wl,'
-else
- case "$host_os" in
- aix*)
- wl='-Wl,'
- ;;
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- ;;
- hpux9* | hpux10* | hpux11*)
- wl='-Wl,'
- ;;
- irix5* | irix6* | nonstopux*)
- wl='-Wl,'
- ;;
- linux* | k*bsd*-gnu | kopensolaris*-gnu)
- case $cc_basename in
- ecc*)
- wl='-Wl,'
- ;;
- icc* | ifort*)
- wl='-Wl,'
- ;;
- lf95*)
- wl='-Wl,'
- ;;
- nagfor*)
- wl='-Wl,-Wl,,'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- wl='-Wl,'
- ;;
- ccc*)
- wl='-Wl,'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- wl='-Wl,'
- ;;
- como)
- wl='-lopt='
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ F* | *Sun*Fortran*)
- wl=
- ;;
- *Sun\ C*)
- wl='-Wl,'
- ;;
- esac
- ;;
- esac
- ;;
- newsos6)
- ;;
- *nto* | *qnx*)
- ;;
- osf3* | osf4* | osf5*)
- wl='-Wl,'
- ;;
- rdos*)
- ;;
- solaris*)
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- wl='-Qoption ld '
- ;;
- *)
- wl='-Wl,'
- ;;
- esac
- ;;
- sunos4*)
- wl='-Qoption ld '
- ;;
- sysv4 | sysv4.2uw2* | sysv4.3*)
- wl='-Wl,'
- ;;
- sysv4*MP*)
- ;;
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- wl='-Wl,'
- ;;
- unicos*)
- wl='-Wl,'
- ;;
- uts4*)
- ;;
- esac
-fi
-
-# Code taken from libtool.m4's _LT_LINKER_SHLIBS.
-
-hardcode_libdir_flag_spec=
-hardcode_libdir_separator=
-hardcode_direct=no
-hardcode_minus_L=no
-
-case "$host_os" in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test "$GCC" != yes; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd*)
- with_gnu_ld=no
- ;;
-esac
-
-ld_shlibs=yes
-if test "$with_gnu_ld" = yes; then
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- # Unlike libtool, we use -rpath here, not --rpath, since the documented
- # option of GNU ld is called -rpath, not --rpath.
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- case "$host_os" in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test "$host_cpu" != ia64; then
- ld_shlibs=no
- fi
- ;;
- amigaos*)
- case "$host_cpu" in
- powerpc)
- ;;
- m68k)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
- beos*)
- if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- cygwin* | mingw* | pw32* | cegcc*)
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- haiku*)
- ;;
- interix[3-9]*)
- hardcode_direct=no
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- ;;
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- netbsd*)
- ;;
- solaris*)
- if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- ;;
- *)
- if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
- sunos4*)
- hardcode_direct=yes
- ;;
- *)
- if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- esac
- if test "$ld_shlibs" = no; then
- hardcode_libdir_flag_spec=
- fi
-else
- case "$host_os" in
- aix3*)
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test "$GCC" = yes; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
- aix[4-9]*)
- if test "$host_cpu" = ia64; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- else
- aix_use_runtimelinking=no
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # need to do runtime linking.
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- ;;
- esac
- fi
- hardcode_direct=yes
- hardcode_libdir_separator=':'
- if test "$GCC" = yes; then
- case $host_os in aix4.[012]|aix4.[012].*)
- collect2name=`${CC} -print-prog-name=collect2`
- if test -f "$collect2name" && \
- strings "$collect2name" | grep resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- fi
- # Begin _LT_AC_SYS_LIBPATH_AIX.
- echo 'int main () { return 0; }' > conftest.c
- ${CC} ${LDFLAGS} conftest.c -o conftest
- aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
-}'`
- if test -z "$aix_libpath"; then
- aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
-}'`
- fi
- if test -z "$aix_libpath"; then
- aix_libpath="/usr/lib:/lib"
- fi
- rm -f conftest.c conftest
- # End _LT_AC_SYS_LIBPATH_AIX.
- if test "$aix_use_runtimelinking" = yes; then
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- else
- if test "$host_cpu" = ia64; then
- hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
- else
- hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
- fi
- fi
- ;;
- amigaos*)
- case "$host_cpu" in
- powerpc)
- ;;
- m68k)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
- bsdi[45]*)
- ;;
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- hardcode_libdir_flag_spec=' '
- libext=lib
- ;;
- darwin* | rhapsody*)
- hardcode_direct=no
- if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then
- :
- else
- ld_shlibs=no
- fi
- ;;
- dgux*)
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
- freebsd2.2*)
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- ;;
- freebsd2*)
- hardcode_direct=yes
- hardcode_minus_L=yes
- ;;
- freebsd* | dragonfly*)
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- ;;
- hpux9*)
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- hpux10*)
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
- hpux11*)
- if test "$with_gnu_ld" = no; then
- hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
- hardcode_libdir_separator=:
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- ;;
- *)
- hardcode_direct=yes
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
- irix5* | irix6* | nonstopux*)
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- ;;
- netbsd*)
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- ;;
- newsos6)
- hardcode_direct=yes
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- ;;
- *nto* | *qnx*)
- ;;
- openbsd*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- else
- case "$host_os" in
- openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
- hardcode_libdir_flag_spec='-R$libdir'
- ;;
- *)
- hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
- ;;
- esac
- fi
- else
- ld_shlibs=no
- fi
- ;;
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- osf3*)
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- hardcode_libdir_separator=:
- ;;
- osf4* | osf5*)
- if test "$GCC" = yes; then
- hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
- else
- # Both cc and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- hardcode_libdir_separator=:
- ;;
- solaris*)
- hardcode_libdir_flag_spec='-R$libdir'
- ;;
- sunos4*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- ;;
- sysv4)
- case $host_vendor in
- sni)
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- hardcode_direct=no
- ;;
- motorola)
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- ;;
- sysv4.3*)
- ;;
- sysv4*MP*)
- if test -d /usr/nec; then
- ld_shlibs=yes
- fi
- ;;
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- ;;
- sysv5* | sco3.2v5* | sco5v6*)
- hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
- hardcode_libdir_separator=':'
- ;;
- uts4*)
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
- *)
- ld_shlibs=no
- ;;
- esac
-fi
-
-# Check dynamic linker characteristics
-# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER.
-# Unlike libtool.m4, here we don't care about _all_ names of the library, but
-# only about the one the linker finds when passed -lNAME. This is the last
-# element of library_names_spec in libtool.m4, or possibly two of them if the
-# linker has special search rules.
-library_names_spec= # the last element of library_names_spec in libtool.m4
-libname_spec='lib$name'
-case "$host_os" in
- aix3*)
- library_names_spec='$libname.a'
- ;;
- aix[4-9]*)
- library_names_spec='$libname$shrext'
- ;;
- amigaos*)
- case "$host_cpu" in
- powerpc*)
- library_names_spec='$libname$shrext' ;;
- m68k)
- library_names_spec='$libname.a' ;;
- esac
- ;;
- beos*)
- library_names_spec='$libname$shrext'
- ;;
- bsdi[45]*)
- library_names_spec='$libname$shrext'
- ;;
- cygwin* | mingw* | pw32* | cegcc*)
- shrext=.dll
- library_names_spec='$libname.dll.a $libname.lib'
- ;;
- darwin* | rhapsody*)
- shrext=.dylib
- library_names_spec='$libname$shrext'
- ;;
- dgux*)
- library_names_spec='$libname$shrext'
- ;;
- freebsd* | dragonfly*)
- case "$host_os" in
- freebsd[123]*)
- library_names_spec='$libname$shrext$versuffix' ;;
- *)
- library_names_spec='$libname$shrext' ;;
- esac
- ;;
- gnu*)
- library_names_spec='$libname$shrext'
- ;;
- haiku*)
- library_names_spec='$libname$shrext'
- ;;
- hpux9* | hpux10* | hpux11*)
- case $host_cpu in
- ia64*)
- shrext=.so
- ;;
- hppa*64*)
- shrext=.sl
- ;;
- *)
- shrext=.sl
- ;;
- esac
- library_names_spec='$libname$shrext'
- ;;
- interix[3-9]*)
- library_names_spec='$libname$shrext'
- ;;
- irix5* | irix6* | nonstopux*)
- library_names_spec='$libname$shrext'
- case "$host_os" in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
- *) libsuff= shlibsuff= ;;
- esac
- ;;
- esac
- ;;
- linux*oldld* | linux*aout* | linux*coff*)
- ;;
- linux* | k*bsd*-gnu | kopensolaris*-gnu)
- library_names_spec='$libname$shrext'
- ;;
- knetbsd*-gnu)
- library_names_spec='$libname$shrext'
- ;;
- netbsd*)
- library_names_spec='$libname$shrext'
- ;;
- newsos6)
- library_names_spec='$libname$shrext'
- ;;
- *nto* | *qnx*)
- library_names_spec='$libname$shrext'
- ;;
- openbsd*)
- library_names_spec='$libname$shrext$versuffix'
- ;;
- os2*)
- libname_spec='$name'
- shrext=.dll
- library_names_spec='$libname.a'
- ;;
- osf3* | osf4* | osf5*)
- library_names_spec='$libname$shrext'
- ;;
- rdos*)
- ;;
- solaris*)
- library_names_spec='$libname$shrext'
- ;;
- sunos4*)
- library_names_spec='$libname$shrext$versuffix'
- ;;
- sysv4 | sysv4.3*)
- library_names_spec='$libname$shrext'
- ;;
- sysv4*MP*)
- library_names_spec='$libname$shrext'
- ;;
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- library_names_spec='$libname$shrext'
- ;;
- tpf*)
- library_names_spec='$libname$shrext'
- ;;
- uts4*)
- library_names_spec='$libname$shrext'
- ;;
-esac
-
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
-shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
-escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
-escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
-escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
-
-LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
-
-# How to pass a linker flag through the compiler.
-wl="$escaped_wl"
-
-# Static library suffix (normally "a").
-libext="$libext"
-
-# Shared library suffix (normally "so").
-shlibext="$shlibext"
-
-# Format of library name prefix.
-libname_spec="$escaped_libname_spec"
-
-# Library names that the linker finds when passed -lNAME.
-library_names_spec="$escaped_library_names_spec"
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist.
-hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
-
-# Whether we need a single -rpath flag with a separated argument.
-hardcode_libdir_separator="$hardcode_libdir_separator"
-
-# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
-# resulting binary.
-hardcode_direct="$hardcode_direct"
-
-# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
-# resulting binary.
-hardcode_minus_L="$hardcode_minus_L"
-
-EOF
+++ /dev/null
-#! /bin/sh
-# Configuration validation subroutine script.
-# Copyright 1992-2018 Free Software Foundation, Inc.
-
-timestamp='2018-02-22'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that
-# program. This Exception is an additional permission under section 7
-# of the GNU General Public License, version 3 ("GPLv3").
-
-
-# Please send patches to <config-patches@gnu.org>.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support. The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
-
-Canonicalize a configuration name.
-
-Options:
- -h, --help print this help, then exit
- -t, --time-stamp print date of last modification, then exit
- -v, --version print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright 1992-2018 Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
- echo "$timestamp" ; exit ;;
- --version | -v )
- echo "$version" ; exit ;;
- --help | --h* | -h )
- echo "$usage"; exit ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
- break ;;
- -* )
- echo "$me: invalid option $1$help"
- exit 1 ;;
-
- *local*)
- # First pass through any local machine types.
- echo "$1"
- exit ;;
-
- * )
- break ;;
- esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
- exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
- exit 1;;
-esac
-
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
- nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
- linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
- kopensolaris*-gnu* | cloudabi*-eabi* | \
- storm-chaos* | os2-emx* | rtmk-nova*)
- os=-$maybe_os
- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
- ;;
- android-linux)
- os=-linux-android
- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
- ;;
- *)
- basic_machine=`echo "$1" | sed 's/-[^-]*$//'`
- if [ "$basic_machine" != "$1" ]
- then os=`echo "$1" | sed 's/.*-/-/'`
- else os=; fi
- ;;
-esac
-
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work. We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
- -sun*os*)
- # Prevent following clause from handling this invalid input.
- ;;
- -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
- -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
- -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
- -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
- -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
- -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -microblaze*)
- os=
- basic_machine=$1
- ;;
- -bluegene*)
- os=-cnk
- ;;
- -sim | -cisco | -oki | -wec | -winbond)
- os=
- basic_machine=$1
- ;;
- -scout)
- ;;
- -wrs)
- os=-vxworks
- basic_machine=$1
- ;;
- -chorusos*)
- os=-chorusos
- basic_machine=$1
- ;;
- -chorusrdb)
- os=-chorusrdb
- basic_machine=$1
- ;;
- -hiux*)
- os=-hiuxwe2
- ;;
- -sco6)
- os=-sco5v6
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5)
- os=-sco3.2v5
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco4)
- os=-sco3.2v4
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2.[4-9]*)
- os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2v[4-9]*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5v6*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco*)
- os=-sco3.2v2
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -udk*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -isc)
- os=-isc2.2
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -clix*)
- basic_machine=clipper-intergraph
- ;;
- -isc*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -lynx*178)
- os=-lynxos178
- ;;
- -lynx*5)
- os=-lynxos5
- ;;
- -lynx*)
- os=-lynxos
- ;;
- -ptx*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'`
- ;;
- -psos*)
- os=-psos
- ;;
- -mint | -mint[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
-esac
-
-# Decode aliases for certain CPU-COMPANY combinations.
-case $basic_machine in
- # Recognize the basic CPU types without company name.
- # Some are omitted here because they have special meanings below.
- 1750a | 580 \
- | a29k \
- | aarch64 | aarch64_be \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- | am33_2.0 \
- | arc | arceb \
- | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
- | avr | avr32 \
- | ba \
- | be32 | be64 \
- | bfin \
- | c4x | c8051 | clipper \
- | d10v | d30v | dlx | dsp16xx \
- | e2k | epiphany \
- | fido | fr30 | frv | ft32 \
- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | hexagon \
- | i370 | i860 | i960 | ia16 | ia64 \
- | ip2k | iq2000 \
- | k1om \
- | le32 | le64 \
- | lm32 \
- | m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
- | mips64octeon | mips64octeonel \
- | mips64orion | mips64orionel \
- | mips64r5900 | mips64r5900el \
- | mips64vr | mips64vrel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mips64vr5900 | mips64vr5900el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa32r6 | mipsisa32r6el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64r2 | mipsisa64r2el \
- | mipsisa64r6 | mipsisa64r6el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipsr5900 | mipsr5900el \
- | mipstx39 | mipstx39el \
- | mn10200 | mn10300 \
- | moxie \
- | mt \
- | msp430 \
- | nds32 | nds32le | nds32be \
- | nios | nios2 | nios2eb | nios2el \
- | ns16k | ns32k \
- | open8 | or1k | or1knd | or32 \
- | pdp10 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle \
- | pru \
- | pyramid \
- | riscv32 | riscv64 \
- | rl78 | rx \
- | score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
- | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
- | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
- | spu \
- | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
- | ubicom32 \
- | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
- | visium \
- | wasm32 \
- | x86 | xc16x | xstormy16 | xtensa \
- | z8k | z80)
- basic_machine=$basic_machine-unknown
- ;;
- c54x)
- basic_machine=tic54x-unknown
- ;;
- c55x)
- basic_machine=tic55x-unknown
- ;;
- c6x)
- basic_machine=tic6x-unknown
- ;;
- leon|leon[3-9])
- basic_machine=sparc-$basic_machine
- ;;
- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
- basic_machine=$basic_machine-unknown
- os=-none
- ;;
- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65)
- ;;
- ms1)
- basic_machine=mt-unknown
- ;;
-
- strongarm | thumb | xscale)
- basic_machine=arm-unknown
- ;;
- xgate)
- basic_machine=$basic_machine-unknown
- os=-none
- ;;
- xscaleeb)
- basic_machine=armeb-unknown
- ;;
-
- xscaleel)
- basic_machine=armel-unknown
- ;;
-
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
- # (2) the word "unknown" tends to confuse beginning users.
- i*86 | x86_64)
- basic_machine=$basic_machine-pc
- ;;
- # Object if more than one company name word.
- *-*-*)
- echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
- exit 1
- ;;
- # Recognize the basic CPU types with company name.
- 580-* \
- | a29k-* \
- | aarch64-* | aarch64_be-* \
- | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* | avr32-* \
- | ba-* \
- | be32-* | be64-* \
- | bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* \
- | c8051-* | clipper-* | craynv-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
- | e2k-* | elxsi-* \
- | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
- | h8300-* | h8500-* \
- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
- | hexagon-* \
- | i*86-* | i860-* | i960-* | ia16-* | ia64-* \
- | ip2k-* | iq2000-* \
- | k1om-* \
- | le32-* | le64-* \
- | lm32-* \
- | m32c-* | m32r-* | m32rle-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
- | microblaze-* | microblazeel-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
- | mips64octeon-* | mips64octeonel-* \
- | mips64orion-* | mips64orionel-* \
- | mips64r5900-* | mips64r5900el-* \
- | mips64vr-* | mips64vrel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
- | mips64vr5900-* | mips64vr5900el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa32r6-* | mipsisa32r6el-* \
- | mipsisa64-* | mipsisa64el-* \
- | mipsisa64r2-* | mipsisa64r2el-* \
- | mipsisa64r6-* | mipsisa64r6el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipsr5900-* | mipsr5900el-* \
- | mipstx39-* | mipstx39el-* \
- | mmix-* \
- | mt-* \
- | msp430-* \
- | nds32-* | nds32le-* | nds32be-* \
- | nios-* | nios2-* | nios2eb-* | nios2el-* \
- | none-* | np1-* | ns16k-* | ns32k-* \
- | open8-* \
- | or1k*-* \
- | orion-* \
- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
- | pru-* \
- | pyramid-* \
- | riscv32-* | riscv64-* \
- | rl78-* | romp-* | rs6000-* | rx-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
- | sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
- | tahoe-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
- | tile*-* \
- | tron-* \
- | ubicom32-* \
- | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
- | vax-* \
- | visium-* \
- | wasm32-* \
- | we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* \
- | xstormy16-* | xtensa*-* \
- | ymp-* \
- | z8k-* | z80-*)
- ;;
- # Recognize the basic CPU types without company name, with glob match.
- xtensa*)
- basic_machine=$basic_machine-unknown
- ;;
- # Recognize the various machine names and aliases which stand
- # for a CPU type and a company and sometimes even an OS.
- 386bsd)
- basic_machine=i386-pc
- os=-bsd
- ;;
- 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
- basic_machine=m68000-att
- ;;
- 3b*)
- basic_machine=we32k-att
- ;;
- a29khif)
- basic_machine=a29k-amd
- os=-udi
- ;;
- abacus)
- basic_machine=abacus-unknown
- ;;
- adobe68k)
- basic_machine=m68010-adobe
- os=-scout
- ;;
- alliant | fx80)
- basic_machine=fx80-alliant
- ;;
- altos | altos3068)
- basic_machine=m68k-altos
- ;;
- am29k)
- basic_machine=a29k-none
- os=-bsd
- ;;
- amd64)
- basic_machine=x86_64-pc
- ;;
- amd64-*)
- basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- amdahl)
- basic_machine=580-amdahl
- os=-sysv
- ;;
- amiga | amiga-*)
- basic_machine=m68k-unknown
- ;;
- amigaos | amigados)
- basic_machine=m68k-unknown
- os=-amigaos
- ;;
- amigaunix | amix)
- basic_machine=m68k-unknown
- os=-sysv4
- ;;
- apollo68)
- basic_machine=m68k-apollo
- os=-sysv
- ;;
- apollo68bsd)
- basic_machine=m68k-apollo
- os=-bsd
- ;;
- aros)
- basic_machine=i386-pc
- os=-aros
- ;;
- asmjs)
- basic_machine=asmjs-unknown
- ;;
- aux)
- basic_machine=m68k-apple
- os=-aux
- ;;
- balance)
- basic_machine=ns32k-sequent
- os=-dynix
- ;;
- blackfin)
- basic_machine=bfin-unknown
- os=-linux
- ;;
- blackfin-*)
- basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
- ;;
- bluegene*)
- basic_machine=powerpc-ibm
- os=-cnk
- ;;
- c54x-*)
- basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c55x-*)
- basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c6x-*)
- basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
- cegcc)
- basic_machine=arm-unknown
- os=-cegcc
- ;;
- convex-c1)
- basic_machine=c1-convex
- os=-bsd
- ;;
- convex-c2)
- basic_machine=c2-convex
- os=-bsd
- ;;
- convex-c32)
- basic_machine=c32-convex
- os=-bsd
- ;;
- convex-c34)
- basic_machine=c34-convex
- os=-bsd
- ;;
- convex-c38)
- basic_machine=c38-convex
- os=-bsd
- ;;
- cray | j90)
- basic_machine=j90-cray
- os=-unicos
- ;;
- craynv)
- basic_machine=craynv-cray
- os=-unicosmp
- ;;
- cr16 | cr16-*)
- basic_machine=cr16-unknown
- os=-elf
- ;;
- crds | unos)
- basic_machine=m68k-crds
- ;;
- crisv32 | crisv32-* | etraxfs*)
- basic_machine=crisv32-axis
- ;;
- cris | cris-* | etrax*)
- basic_machine=cris-axis
- ;;
- crx)
- basic_machine=crx-unknown
- os=-elf
- ;;
- da30 | da30-*)
- basic_machine=m68k-da30
- ;;
- decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
- basic_machine=mips-dec
- ;;
- decsystem10* | dec10*)
- basic_machine=pdp10-dec
- os=-tops10
- ;;
- decsystem20* | dec20*)
- basic_machine=pdp10-dec
- os=-tops20
- ;;
- delta | 3300 | motorola-3300 | motorola-delta \
- | 3300-motorola | delta-motorola)
- basic_machine=m68k-motorola
- ;;
- delta88)
- basic_machine=m88k-motorola
- os=-sysv3
- ;;
- dicos)
- basic_machine=i686-pc
- os=-dicos
- ;;
- djgpp)
- basic_machine=i586-pc
- os=-msdosdjgpp
- ;;
- dpx20 | dpx20-*)
- basic_machine=rs6000-bull
- os=-bosx
- ;;
- dpx2*)
- basic_machine=m68k-bull
- os=-sysv3
- ;;
- e500v[12])
- basic_machine=powerpc-unknown
- os=$os"spe"
- ;;
- e500v[12]-*)
- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=$os"spe"
- ;;
- ebmon29k)
- basic_machine=a29k-amd
- os=-ebmon
- ;;
- elxsi)
- basic_machine=elxsi-elxsi
- os=-bsd
- ;;
- encore | umax | mmax)
- basic_machine=ns32k-encore
- ;;
- es1800 | OSE68k | ose68k | ose | OSE)
- basic_machine=m68k-ericsson
- os=-ose
- ;;
- fx2800)
- basic_machine=i860-alliant
- ;;
- genix)
- basic_machine=ns32k-ns
- ;;
- gmicro)
- basic_machine=tron-gmicro
- os=-sysv
- ;;
- go32)
- basic_machine=i386-pc
- os=-go32
- ;;
- h3050r* | hiux*)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- h8300hms)
- basic_machine=h8300-hitachi
- os=-hms
- ;;
- h8300xray)
- basic_machine=h8300-hitachi
- os=-xray
- ;;
- h8500hms)
- basic_machine=h8500-hitachi
- os=-hms
- ;;
- harris)
- basic_machine=m88k-harris
- os=-sysv3
- ;;
- hp300-*)
- basic_machine=m68k-hp
- ;;
- hp300bsd)
- basic_machine=m68k-hp
- os=-bsd
- ;;
- hp300hpux)
- basic_machine=m68k-hp
- os=-hpux
- ;;
- hp3k9[0-9][0-9] | hp9[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hp9k2[0-9][0-9] | hp9k31[0-9])
- basic_machine=m68000-hp
- ;;
- hp9k3[2-9][0-9])
- basic_machine=m68k-hp
- ;;
- hp9k6[0-9][0-9] | hp6[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hp9k7[0-79][0-9] | hp7[0-79][0-9])
- basic_machine=hppa1.1-hp
- ;;
- hp9k78[0-9] | hp78[0-9])
- # FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
- # FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[0-9][13679] | hp8[0-9][13679])
- basic_machine=hppa1.1-hp
- ;;
- hp9k8[0-9][0-9] | hp8[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hppaosf)
- basic_machine=hppa1.1-hp
- os=-osf
- ;;
- hppro)
- basic_machine=hppa1.1-hp
- os=-proelf
- ;;
- i370-ibm* | ibm*)
- basic_machine=i370-ibm
- ;;
- i*86v32)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv32
- ;;
- i*86v4*)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv4
- ;;
- i*86v)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv
- ;;
- i*86sol2)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-solaris2
- ;;
- i386mach)
- basic_machine=i386-mach
- os=-mach
- ;;
- vsta)
- basic_machine=i386-unknown
- os=-vsta
- ;;
- iris | iris4d)
- basic_machine=mips-sgi
- case $os in
- -irix*)
- ;;
- *)
- os=-irix4
- ;;
- esac
- ;;
- isi68 | isi)
- basic_machine=m68k-isi
- os=-sysv
- ;;
- leon-*|leon[3-9]-*)
- basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'`
- ;;
- m68knommu)
- basic_machine=m68k-unknown
- os=-linux
- ;;
- m68knommu-*)
- basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
- ;;
- magnum | m3230)
- basic_machine=mips-mips
- os=-sysv
- ;;
- merlin)
- basic_machine=ns32k-utek
- os=-sysv
- ;;
- microblaze*)
- basic_machine=microblaze-xilinx
- ;;
- mingw64)
- basic_machine=x86_64-pc
- os=-mingw64
- ;;
- mingw32)
- basic_machine=i686-pc
- os=-mingw32
- ;;
- mingw32ce)
- basic_machine=arm-unknown
- os=-mingw32ce
- ;;
- miniframe)
- basic_machine=m68000-convergent
- ;;
- *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
- mips3*-*)
- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`
- ;;
- mips3*)
- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown
- ;;
- monitor)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- morphos)
- basic_machine=powerpc-unknown
- os=-morphos
- ;;
- moxiebox)
- basic_machine=moxie-unknown
- os=-moxiebox
- ;;
- msdos)
- basic_machine=i386-pc
- os=-msdos
- ;;
- ms1-*)
- basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'`
- ;;
- msys)
- basic_machine=i686-pc
- os=-msys
- ;;
- mvs)
- basic_machine=i370-ibm
- os=-mvs
- ;;
- nacl)
- basic_machine=le32-unknown
- os=-nacl
- ;;
- ncr3000)
- basic_machine=i486-ncr
- os=-sysv4
- ;;
- netbsd386)
- basic_machine=i386-unknown
- os=-netbsd
- ;;
- netwinder)
- basic_machine=armv4l-rebel
- os=-linux
- ;;
- news | news700 | news800 | news900)
- basic_machine=m68k-sony
- os=-newsos
- ;;
- news1000)
- basic_machine=m68030-sony
- os=-newsos
- ;;
- news-3600 | risc-news)
- basic_machine=mips-sony
- os=-newsos
- ;;
- necv70)
- basic_machine=v70-nec
- os=-sysv
- ;;
- next | m*-next)
- basic_machine=m68k-next
- case $os in
- -nextstep* )
- ;;
- -ns2*)
- os=-nextstep2
- ;;
- *)
- os=-nextstep3
- ;;
- esac
- ;;
- nh3000)
- basic_machine=m68k-harris
- os=-cxux
- ;;
- nh[45]000)
- basic_machine=m88k-harris
- os=-cxux
- ;;
- nindy960)
- basic_machine=i960-intel
- os=-nindy
- ;;
- mon960)
- basic_machine=i960-intel
- os=-mon960
- ;;
- nonstopux)
- basic_machine=mips-compaq
- os=-nonstopux
- ;;
- np1)
- basic_machine=np1-gould
- ;;
- neo-tandem)
- basic_machine=neo-tandem
- ;;
- nse-tandem)
- basic_machine=nse-tandem
- ;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
- nsv-tandem)
- basic_machine=nsv-tandem
- ;;
- nsx-tandem)
- basic_machine=nsx-tandem
- ;;
- op50n-* | op60c-*)
- basic_machine=hppa1.1-oki
- os=-proelf
- ;;
- openrisc | openrisc-*)
- basic_machine=or32-unknown
- ;;
- os400)
- basic_machine=powerpc-ibm
- os=-os400
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
- os=-ose
- ;;
- os68k)
- basic_machine=m68k-none
- os=-os68k
- ;;
- pa-hitachi)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- paragon)
- basic_machine=i860-intel
- os=-osf
- ;;
- parisc)
- basic_machine=hppa-unknown
- os=-linux
- ;;
- parisc-*)
- basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
- ;;
- pbd)
- basic_machine=sparc-tti
- ;;
- pbb)
- basic_machine=m68k-tti
- ;;
- pc532 | pc532-*)
- basic_machine=ns32k-pc532
- ;;
- pc98)
- basic_machine=i386-pc
- ;;
- pc98-*)
- basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentium | p5 | k5 | k6 | nexgen | viac3)
- basic_machine=i586-pc
- ;;
- pentiumpro | p6 | 6x86 | athlon | athlon_*)
- basic_machine=i686-pc
- ;;
- pentiumii | pentium2 | pentiumiii | pentium3)
- basic_machine=i686-pc
- ;;
- pentium4)
- basic_machine=i786-pc
- ;;
- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
- basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentiumpro-* | p6-* | 6x86-* | athlon-*)
- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentium4-*)
- basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pn)
- basic_machine=pn-gould
- ;;
- power) basic_machine=power-ibm
- ;;
- ppc | ppcbe) basic_machine=powerpc-unknown
- ;;
- ppc-* | ppcbe-*)
- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- ppcle | powerpclittle)
- basic_machine=powerpcle-unknown
- ;;
- ppcle-* | powerpclittle-*)
- basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- ppc64) basic_machine=powerpc64-unknown
- ;;
- ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- ppc64le | powerpc64little)
- basic_machine=powerpc64le-unknown
- ;;
- ppc64le-* | powerpc64little-*)
- basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- ps2)
- basic_machine=i386-ibm
- ;;
- pw32)
- basic_machine=i586-unknown
- os=-pw32
- ;;
- rdos | rdos64)
- basic_machine=x86_64-pc
- os=-rdos
- ;;
- rdos32)
- basic_machine=i386-pc
- os=-rdos
- ;;
- rom68k)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- rm[46]00)
- basic_machine=mips-siemens
- ;;
- rtpc | rtpc-*)
- basic_machine=romp-ibm
- ;;
- s390 | s390-*)
- basic_machine=s390-ibm
- ;;
- s390x | s390x-*)
- basic_machine=s390x-ibm
- ;;
- sa29200)
- basic_machine=a29k-amd
- os=-udi
- ;;
- sb1)
- basic_machine=mipsisa64sb1-unknown
- ;;
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
- ;;
- sde)
- basic_machine=mipsisa32-sde
- os=-elf
- ;;
- sei)
- basic_machine=mips-sei
- os=-seiux
- ;;
- sequent)
- basic_machine=i386-sequent
- ;;
- sh5el)
- basic_machine=sh5le-unknown
- ;;
- simso-wrs)
- basic_machine=sparclite-wrs
- os=-vxworks
- ;;
- sps7)
- basic_machine=m68k-bull
- os=-sysv2
- ;;
- spur)
- basic_machine=spur-unknown
- ;;
- st2000)
- basic_machine=m68k-tandem
- ;;
- stratus)
- basic_machine=i860-stratus
- os=-sysv4
- ;;
- strongarm-* | thumb-*)
- basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- sun2)
- basic_machine=m68000-sun
- ;;
- sun2os3)
- basic_machine=m68000-sun
- os=-sunos3
- ;;
- sun2os4)
- basic_machine=m68000-sun
- os=-sunos4
- ;;
- sun3os3)
- basic_machine=m68k-sun
- os=-sunos3
- ;;
- sun3os4)
- basic_machine=m68k-sun
- os=-sunos4
- ;;
- sun4os3)
- basic_machine=sparc-sun
- os=-sunos3
- ;;
- sun4os4)
- basic_machine=sparc-sun
- os=-sunos4
- ;;
- sun4sol2)
- basic_machine=sparc-sun
- os=-solaris2
- ;;
- sun3 | sun3-*)
- basic_machine=m68k-sun
- ;;
- sun4)
- basic_machine=sparc-sun
- ;;
- sun386 | sun386i | roadrunner)
- basic_machine=i386-sun
- ;;
- sv1)
- basic_machine=sv1-cray
- os=-unicos
- ;;
- symmetry)
- basic_machine=i386-sequent
- os=-dynix
- ;;
- t3e)
- basic_machine=alphaev5-cray
- os=-unicos
- ;;
- t90)
- basic_machine=t90-cray
- os=-unicos
- ;;
- tile*)
- basic_machine=$basic_machine-unknown
- os=-linux-gnu
- ;;
- tx39)
- basic_machine=mipstx39-unknown
- ;;
- tx39el)
- basic_machine=mipstx39el-unknown
- ;;
- toad1)
- basic_machine=pdp10-xkl
- os=-tops20
- ;;
- tower | tower-32)
- basic_machine=m68k-ncr
- ;;
- tpf)
- basic_machine=s390x-ibm
- os=-tpf
- ;;
- udi29k)
- basic_machine=a29k-amd
- os=-udi
- ;;
- ultra3)
- basic_machine=a29k-nyu
- os=-sym1
- ;;
- v810 | necv810)
- basic_machine=v810-nec
- os=-none
- ;;
- vaxv)
- basic_machine=vax-dec
- os=-sysv
- ;;
- vms)
- basic_machine=vax-dec
- os=-vms
- ;;
- vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
- ;;
- vxworks960)
- basic_machine=i960-wrs
- os=-vxworks
- ;;
- vxworks68)
- basic_machine=m68k-wrs
- os=-vxworks
- ;;
- vxworks29k)
- basic_machine=a29k-wrs
- os=-vxworks
- ;;
- w65*)
- basic_machine=w65-wdc
- os=-none
- ;;
- w89k-*)
- basic_machine=hppa1.1-winbond
- os=-proelf
- ;;
- x64)
- basic_machine=x86_64-pc
- ;;
- xbox)
- basic_machine=i686-pc
- os=-mingw32
- ;;
- xps | xps100)
- basic_machine=xps100-honeywell
- ;;
- xscale-* | xscalee[bl]-*)
- basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'`
- ;;
- ymp)
- basic_machine=ymp-cray
- os=-unicos
- ;;
- none)
- basic_machine=none-none
- os=-none
- ;;
-
-# Here we handle the default manufacturer of certain CPU types. It is in
-# some cases the only manufacturer, in others, it is the most popular.
- w89k)
- basic_machine=hppa1.1-winbond
- ;;
- op50n)
- basic_machine=hppa1.1-oki
- ;;
- op60c)
- basic_machine=hppa1.1-oki
- ;;
- romp)
- basic_machine=romp-ibm
- ;;
- mmix)
- basic_machine=mmix-knuth
- ;;
- rs6000)
- basic_machine=rs6000-ibm
- ;;
- vax)
- basic_machine=vax-dec
- ;;
- pdp11)
- basic_machine=pdp11-dec
- ;;
- we32k)
- basic_machine=we32k-att
- ;;
- sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
- basic_machine=sh-unknown
- ;;
- cydra)
- basic_machine=cydra-cydrome
- ;;
- orion)
- basic_machine=orion-highlevel
- ;;
- orion105)
- basic_machine=clipper-highlevel
- ;;
- mac | mpw | mac-mpw)
- basic_machine=m68k-apple
- ;;
- pmac | pmac-mpw)
- basic_machine=powerpc-apple
- ;;
- *-unknown)
- # Make sure to match an already-canonicalized machine name.
- ;;
- *)
- echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
- exit 1
- ;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
- *-digital*)
- basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'`
- ;;
- *-commodore*)
- basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'`
- ;;
- *)
- ;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if [ x"$os" != x"" ]
-then
-case $os in
- # First match some system type aliases that might get confused
- # with valid system types.
- # -solaris* is a basic system type, with this one exception.
- -auroraux)
- os=-auroraux
- ;;
- -solaris1 | -solaris1.*)
- os=`echo $os | sed -e 's|solaris1|sunos4|'`
- ;;
- -solaris)
- os=-solaris2
- ;;
- -unixware*)
- os=-sysv4.2uw
- ;;
- -gnu/linux*)
- os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
- ;;
- # es1800 is here to avoid being matched by es* (a different OS)
- -es1800*)
- os=-ose
- ;;
- # Now accept the basic system types.
- # The portable systems comes first.
- # Each alternative MUST end in a * to match a version number.
- # -sysv* is not here because it comes later, after sysvr4.
- -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
- | -sym* | -kopensolaris* | -plan9* \
- | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* | -cloudabi* | -sortix* \
- | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
- | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \
- | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
- | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
- | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
- | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
- | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
- | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
- | -linux-newlib* | -linux-musl* | -linux-uclibc* \
- | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \
- | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
- | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \
- | -midnightbsd*)
- # Remember, each alternative MUST END IN *, to match a version number.
- ;;
- -qnx*)
- case $basic_machine in
- x86-* | i*86-*)
- ;;
- *)
- os=-nto$os
- ;;
- esac
- ;;
- -nto-qnx*)
- ;;
- -nto*)
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
- ;;
- -sim | -xray | -os68k* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* \
- | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
- ;;
- -mac*)
- os=`echo "$os" | sed -e 's|mac|macos|'`
- ;;
- -linux-dietlibc)
- os=-linux-dietlibc
- ;;
- -linux*)
- os=`echo $os | sed -e 's|linux|linux-gnu|'`
- ;;
- -sunos5*)
- os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
- ;;
- -sunos6*)
- os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
- ;;
- -opened*)
- os=-openedition
- ;;
- -os400*)
- os=-os400
- ;;
- -wince*)
- os=-wince
- ;;
- -utek*)
- os=-bsd
- ;;
- -dynix*)
- os=-bsd
- ;;
- -acis*)
- os=-aos
- ;;
- -atheos*)
- os=-atheos
- ;;
- -syllable*)
- os=-syllable
- ;;
- -386bsd)
- os=-bsd
- ;;
- -ctix* | -uts*)
- os=-sysv
- ;;
- -nova*)
- os=-rtmk-nova
- ;;
- -ns2)
- os=-nextstep2
- ;;
- -nsk*)
- os=-nsk
- ;;
- # Preserve the version number of sinix5.
- -sinix5.*)
- os=`echo $os | sed -e 's|sinix|sysv|'`
- ;;
- -sinix*)
- os=-sysv4
- ;;
- -tpf*)
- os=-tpf
- ;;
- -triton*)
- os=-sysv3
- ;;
- -oss*)
- os=-sysv3
- ;;
- -svr4*)
- os=-sysv4
- ;;
- -svr3)
- os=-sysv3
- ;;
- -sysvr4)
- os=-sysv4
- ;;
- # This must come after -sysvr4.
- -sysv*)
- ;;
- -ose*)
- os=-ose
- ;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- os=-mint
- ;;
- -zvmoe)
- os=-zvmoe
- ;;
- -dicos*)
- os=-dicos
- ;;
- -pikeos*)
- # Until real need of OS specific support for
- # particular features comes up, bare metal
- # configurations are quite functional.
- case $basic_machine in
- arm*)
- os=-eabi
- ;;
- *)
- os=-elf
- ;;
- esac
- ;;
- -nacl*)
- ;;
- -ios)
- ;;
- -none)
- ;;
- *)
- # Get rid of the `-' at the beginning of $os.
- os=`echo $os | sed 's/[^-]*-//'`
- echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
- exit 1
- ;;
-esac
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system. Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-case $basic_machine in
- score-*)
- os=-elf
- ;;
- spu-*)
- os=-elf
- ;;
- *-acorn)
- os=-riscix1.2
- ;;
- arm*-rebel)
- os=-linux
- ;;
- arm*-semi)
- os=-aout
- ;;
- c4x-* | tic4x-*)
- os=-coff
- ;;
- c8051-*)
- os=-elf
- ;;
- hexagon-*)
- os=-elf
- ;;
- tic54x-*)
- os=-coff
- ;;
- tic55x-*)
- os=-coff
- ;;
- tic6x-*)
- os=-coff
- ;;
- # This must come before the *-dec entry.
- pdp10-*)
- os=-tops20
- ;;
- pdp11-*)
- os=-none
- ;;
- *-dec | vax-*)
- os=-ultrix4.2
- ;;
- m68*-apollo)
- os=-domain
- ;;
- i386-sun)
- os=-sunos4.0.2
- ;;
- m68000-sun)
- os=-sunos3
- ;;
- m68*-cisco)
- os=-aout
- ;;
- mep-*)
- os=-elf
- ;;
- mips*-cisco)
- os=-elf
- ;;
- mips*-*)
- os=-elf
- ;;
- or32-*)
- os=-coff
- ;;
- *-tti) # must be before sparc entry or we get the wrong os.
- os=-sysv3
- ;;
- sparc-* | *-sun)
- os=-sunos4.1.1
- ;;
- pru-*)
- os=-elf
- ;;
- *-be)
- os=-beos
- ;;
- *-ibm)
- os=-aix
- ;;
- *-knuth)
- os=-mmixware
- ;;
- *-wec)
- os=-proelf
- ;;
- *-winbond)
- os=-proelf
- ;;
- *-oki)
- os=-proelf
- ;;
- *-hp)
- os=-hpux
- ;;
- *-hitachi)
- os=-hiux
- ;;
- i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
- os=-sysv
- ;;
- *-cbm)
- os=-amigaos
- ;;
- *-dg)
- os=-dgux
- ;;
- *-dolphin)
- os=-sysv3
- ;;
- m68k-ccur)
- os=-rtu
- ;;
- m88k-omron*)
- os=-luna
- ;;
- *-next)
- os=-nextstep
- ;;
- *-sequent)
- os=-ptx
- ;;
- *-crds)
- os=-unos
- ;;
- *-ns)
- os=-genix
- ;;
- i370-*)
- os=-mvs
- ;;
- *-gould)
- os=-sysv
- ;;
- *-highlevel)
- os=-bsd
- ;;
- *-encore)
- os=-bsd
- ;;
- *-sgi)
- os=-irix
- ;;
- *-siemens)
- os=-sysv4
- ;;
- *-masscomp)
- os=-rtu
- ;;
- f30[01]-fujitsu | f700-fujitsu)
- os=-uxpv
- ;;
- *-rom68k)
- os=-coff
- ;;
- *-*bug)
- os=-coff
- ;;
- *-apple)
- os=-macos
- ;;
- *-atari*)
- os=-mint
- ;;
- *)
- os=-none
- ;;
-esac
-fi
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer. We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
- *-unknown)
- case $os in
- -riscix*)
- vendor=acorn
- ;;
- -sunos*)
- vendor=sun
- ;;
- -cnk*|-aix*)
- vendor=ibm
- ;;
- -beos*)
- vendor=be
- ;;
- -hpux*)
- vendor=hp
- ;;
- -mpeix*)
- vendor=hp
- ;;
- -hiux*)
- vendor=hitachi
- ;;
- -unos*)
- vendor=crds
- ;;
- -dgux*)
- vendor=dg
- ;;
- -luna*)
- vendor=omron
- ;;
- -genix*)
- vendor=ns
- ;;
- -mvs* | -opened*)
- vendor=ibm
- ;;
- -os400*)
- vendor=ibm
- ;;
- -ptx*)
- vendor=sequent
- ;;
- -tpf*)
- vendor=ibm
- ;;
- -vxsim* | -vxworks* | -windiss*)
- vendor=wrs
- ;;
- -aux*)
- vendor=apple
- ;;
- -hms*)
- vendor=hitachi
- ;;
- -mpw* | -macos*)
- vendor=apple
- ;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- vendor=atari
- ;;
- -vos*)
- vendor=stratus
- ;;
- esac
- basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"`
- ;;
-esac
-
-echo "$basic_machine$os"
-exit
-
-# Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
+++ /dev/null
-#! /bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for cryptsetup 2.3.7.
-#
-#
-# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-# Inc.
-#
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else \$as_nop
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-then :
-
-else \$as_nop
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-blah=\$(echo \$(echo blah))
-test x\"\$blah\" = xblah || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-
- test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
- || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1"
- if (eval "$as_required") 2>/dev/null
-then :
- as_have_required=yes
-else $as_nop
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-then :
-
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi
-fi
-
-
- if test "x$CONFIG_SHELL" != x
-then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno
-then :
- printf "%s\n" "$0: This script requires a shell more modern than all"
- printf "%s\n" "$0: the shells that I found on your system."
- if test ${ZSH_VERSION+y} ; then
- printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
- printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_echo='printf %s\n'
-as_echo_n='printf %s'
-
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME='cryptsetup'
-PACKAGE_TARNAME='cryptsetup'
-PACKAGE_VERSION='2.3.7'
-PACKAGE_STRING='cryptsetup 2.3.7'
-PACKAGE_BUGREPORT=''
-PACKAGE_URL=''
-
-ac_unique_file="src/cryptsetup.c"
-ac_default_prefix=/usr
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stddef.h>
-#ifdef HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_c_list=
-gt_needs=
-ac_subst_vars='am__EXEEXT_FALSE
-am__EXEEXT_TRUE
-LTLIBOBJS
-LIBOBJS
-DEFAULT_LUKS2_LOCK_DIR_PERMS
-DEFAULT_LUKS2_LOCK_PATH
-CRYPTSETUP_TMPFILE_FALSE
-CRYPTSETUP_TMPFILE_TRUE
-DEFAULT_TMPFILESDIR
-LIBCRYPTSETUP_VERSION_INFO
-LIBCRYPTSETUP_VERSION
-CRYPTO_STATIC_LIBS
-CRYPTO_LIBS
-CRYPTO_CFLAGS
-PASSWDQC_LIBS
-PWQUALITY_STATIC_LIBS
-systemd_tmpfilesdir
-DEVMAPPER_STATIC_LIBS
-DEVMAPPER_STATIC_CFLAGS
-HAVE_BLKID_STEP_BACK_FALSE
-HAVE_BLKID_STEP_BACK_TRUE
-HAVE_BLKID_WIPE_FALSE
-HAVE_BLKID_WIPE_TRUE
-HAVE_BLKID_FALSE
-HAVE_BLKID_TRUE
-BLKID_LIBS
-BLKID_CFLAGS
-CRYPTO_INTERNAL_SSE_ARGON2_FALSE
-CRYPTO_INTERNAL_SSE_ARGON2_TRUE
-CRYPTO_INTERNAL_ARGON2_FALSE
-CRYPTO_INTERNAL_ARGON2_TRUE
-LIBARGON2_LIBS
-LIBARGON2_CFLAGS
-CRYPTO_INTERNAL_PBKDF2_FALSE
-CRYPTO_INTERNAL_PBKDF2_TRUE
-CRYPTO_BACKEND_NETTLE_FALSE
-CRYPTO_BACKEND_NETTLE_TRUE
-CRYPTO_BACKEND_KERNEL_FALSE
-CRYPTO_BACKEND_KERNEL_TRUE
-CRYPTO_BACKEND_NSS_FALSE
-CRYPTO_BACKEND_NSS_TRUE
-CRYPTO_BACKEND_OPENSSL_FALSE
-CRYPTO_BACKEND_OPENSSL_TRUE
-CRYPTO_BACKEND_GCRYPT_FALSE
-CRYPTO_BACKEND_GCRYPT_TRUE
-NSS_LIBS
-NSS_CFLAGS
-OPENSSL_STATIC_LIBS
-OPENSSL_STATIC_CFLAGS
-OPENSSL_LIBS
-OPENSSL_CFLAGS
-LIBGCRYPT_LIBS
-LIBGCRYPT_CFLAGS
-LIBGCRYPT_CONFIG
-JSON_C_LIBS
-JSON_C_CFLAGS
-DEVMAPPER_LIBS
-DEVMAPPER_CFLAGS
-INTEGRITYSETUP_FALSE
-INTEGRITYSETUP_TRUE
-REENCRYPT_FALSE
-REENCRYPT_TRUE
-VERITYSETUP_FALSE
-VERITYSETUP_TRUE
-CRYPTSETUP_FALSE
-CRYPTSETUP_TRUE
-STATIC_TOOLS_FALSE
-STATIC_TOOLS_TRUE
-PWQUALITY_LIBS
-PWQUALITY_CFLAGS
-POPT_LIBS
-POSUB
-LTLIBINTL
-LIBINTL
-INTLLIBS
-INTL_MACOSX_LIBS
-XGETTEXT_EXTRA_OPTIONS
-MSGMERGE
-XGETTEXT_015
-XGETTEXT
-GMSGFMT_015
-MSGFMT_015
-GMSGFMT
-MSGFMT
-GETTEXT_MACRO_VERSION
-USE_NLS
-UUID_LIBS
-KERNEL_KEYRING_FALSE
-KERNEL_KEYRING_TRUE
-LTLIBICONV
-LIBICONV
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-LT_SYS_LIBRARY_PATH
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-MANIFEST_TOOL
-RANLIB
-ac_ct_AR
-AR
-DLLTOOL
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-EGREP
-GREP
-SED
-LIBTOOL
-CPP
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-am__nodep
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-CSCOPE
-ETAGS
-CTAGS
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-AM_BACKSLASH
-AM_DEFAULT_VERBOSITY
-AM_DEFAULT_V
-AM_V
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-runstatedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL
-am__quote'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_silent_rules
-enable_dependency_tracking
-enable_static
-enable_shared
-with_pic
-enable_fast_install
-with_aix_soname
-with_gnu_ld
-with_sysroot
-enable_libtool_lock
-enable_rpath
-with_libiconv_prefix
-enable_keyring
-enable_largefile
-enable_nls
-with_libintl_prefix
-enable_fips
-enable_luks2_reencryption
-enable_pwquality
-enable_passwdqc
-enable_static_cryptsetup
-enable_cryptsetup
-enable_veritysetup
-enable_cryptsetup_reencrypt
-enable_integritysetup
-enable_selinux
-enable_udev
-with_crypto_backend
-enable_kernel_crypto
-enable_gcrypt_pbkdf2
-with_libgcrypt_prefix
-enable_internal_argon2
-enable_libargon2
-enable_internal_sse_argon2
-enable_blkid
-enable_dev_random
-with_plain_hash
-with_plain_cipher
-with_plain_mode
-with_plain_keybits
-with_luks1_hash
-with_luks1_cipher
-with_luks1_mode
-with_luks1_keybits
-enable_luks_adjust_xts_keysize
-with_luks2_pbkdf
-with_luks1_iter_time
-with_luks2_iter_time
-with_luks2_memory_kb
-with_luks2_parallel_threads
-with_luks2_keyslot_cipher
-with_luks2_keyslot_keybits
-with_loopaes_cipher
-with_loopaes_keybits
-with_keyfile_size_maxkb
-with_integrity_keyfile_size_maxkb
-with_passphrase_size_max
-with_verity_hash
-with_verity_data_block
-with_verity_hash_block
-with_verity_salt_size
-with_verity_fec_roots
-with_tmpfilesdir
-with_luks2_lock_path
-with_luks2_lock_dir_perms
-with_default_luks_format
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-CPP
-LT_SYS_LIBRARY_PATH
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-PWQUALITY_CFLAGS
-PWQUALITY_LIBS
-DEVMAPPER_CFLAGS
-DEVMAPPER_LIBS
-JSON_C_CFLAGS
-JSON_C_LIBS
-OPENSSL_CFLAGS
-OPENSSL_LIBS
-OPENSSL_STATIC_CFLAGS
-OPENSSL_STATIC_LIBS
-NSS_CFLAGS
-NSS_LIBS
-LIBARGON2_CFLAGS
-LIBARGON2_LIBS
-BLKID_CFLAGS
-BLKID_LIBS
-DEVMAPPER_STATIC_CFLAGS
-DEVMAPPER_STATIC_LIBS
-systemd_tmpfilesdir'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures cryptsetup 2.3.7 to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/cryptsetup]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
- case $ac_init_help in
- short | recursive ) echo "Configuration of cryptsetup 2.3.7:";;
- esac
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-silent-rules less verbose build output (undo: "make V=1")
- --disable-silent-rules verbose build output (undo: "make V=0")
- --enable-dependency-tracking
- do not reject slow dependency extractors
- --disable-dependency-tracking
- speeds up one-time build
- --enable-static[=PKGS] build static libraries [default=no]
- --enable-shared[=PKGS] build shared libraries [default=yes]
- --enable-fast-install[=PKGS]
- optimize for fast installation [default=yes]
- --disable-libtool-lock avoid locking (might break parallel builds)
- --disable-rpath do not hardcode runtime library paths
- --disable-keyring disable kernel keyring support and builtin kernel
- keyring token
- --disable-largefile omit support for large files
- --disable-nls do not use Native Language Support
- --enable-fips enable FIPS mode restrictions
- --disable-luks2-reencryption
- disable LUKS2 online reencryption extension
- --enable-pwquality enable password quality checking using pwquality
- library
- --enable-passwdqc[=CONFIG_PATH]
- enable password quality checking using passwdqc
- library (optionally with CONFIG_PATH)
- --enable-static-cryptsetup
- enable build of static version of tools
- --disable-cryptsetup disable cryptsetup support
- --disable-veritysetup disable veritysetup support
- --disable-cryptsetup-reencrypt
- disable cryptsetup-reencrypt tool
- --disable-integritysetup
- disable integritysetup support
- --disable-selinux disable selinux support [default=auto]
- --disable-udev disable udev support
- --disable-kernel_crypto disable kernel userspace crypto (no benchmark and
- tcrypt)
- --enable-gcrypt-pbkdf2 force enable internal gcrypt PBKDF2
- --disable-internal-argon2
- disable internal implementation of Argon2 PBKDF
- --enable-libargon2 enable external libargon2 (PHC) library (disables
- internal bundled version)
- --enable-internal-sse-argon2
- enable internal SSE implementation of Argon2 PBKDF
- --disable-blkid disable use of blkid for device signature detection
- and wiping
- --enable-dev-random use /dev/random by default for key generation
- (otherwise use /dev/urandom)
- --disable-luks-adjust-xts-keysize
- XTS mode requires two keys, double default LUKS
- keysize if needed
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
- both]
- --with-aix-soname=aix|svr4|both
- shared library versioning (aka "SONAME") variant to
- provide on AIX, [default=aix].
- --with-gnu-ld assume the C compiler uses GNU ld [default=no]
- --with-sysroot[=DIR] Search for dependent libraries within DIR (or the
- compiler's sysroot if not specified).
- --with-gnu-ld assume the C compiler uses GNU ld [default=no]
- --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
- --without-libiconv-prefix don't search for libiconv in includedir and libdir
- --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
- --without-libintl-prefix don't search for libintl in includedir and libdir
- --with-crypto_backend=BACKEND
- crypto backend (gcrypt/openssl/nss/kernel/nettle)
- [openssl]
- --with-libgcrypt-prefix=PFX
- prefix where LIBGCRYPT is installed (optional)
- --with-plain-hash default password hashing function for plain mode
- [ripemd160]
- --with-plain-cipher default cipher for plain mode [aes]
- --with-plain-mode default cipher mode for plain mode
- [cbc-essiv:sha256]
- --with-plain-keybits default key length in bits for plain mode [256]
- --with-luks1-hash default hash function for LUKS1 header [sha256]
- --with-luks1-cipher default cipher for LUKS1 [aes]
- --with-luks1-mode default cipher mode for LUKS1 [xts-plain64]
- --with-luks1-keybits default key length in bits for LUKS1 [256]
- --with-luks2-pbkdf default Default PBKDF algorithm (pbkdf2 or
- argon2i/argon2id) for LUKS2 [argon2i]
- --with-luks1-iter-time default PBKDF2 iteration time for LUKS1 (in ms)
- [2000]
- --with-luks2-iter-time default Argon2 PBKDF iteration time for LUKS2 (in
- ms) [2000]
- --with-luks2-memory-kb default Argon2 PBKDF memory cost for LUKS2 (in kB)
- [1048576]
- --with-luks2-parallel-threads
- default Argon2 PBKDF max parallel cost for LUKS2 (if
- CPUs available) [4]
- --with-luks2-keyslot-cipher
- default fallback cipher for LUKS2 keyslot (if data
- encryption is incompatible) [aes-xts-plain64]
- --with-luks2-keyslot-keybits
- default fallback key size for LUKS2 keyslot (if data
- encryption is incompatible) [512]
- --with-loopaes-cipher default cipher for loop-AES mode [aes]
- --with-loopaes-keybits default key length in bits for loop-AES mode [256]
- --with-keyfile-size-maxkb
- default maximum keyfile size (in KiB) [8192]
- --with-integrity-keyfile-size-maxkb
- default maximum integritysetup keyfile size (in KiB)
- [4]
- --with-passphrase-size-max
- default maximum passphrase size (in characters)
- [512]
- --with-verity-hash default hash function for verity mode [sha256]
- --with-verity-data-block
- default data block size for verity mode [4096]
- --with-verity-hash-block
- default hash block size for verity mode [4096]
- --with-verity-salt-size default salt size for verity mode [32]
- --with-verity-fec-roots default parity bytes for verity FEC [2]
- --with-tmpfilesdir default override default path to directory with
- systemd temporary files []
- --with-luks2-lock-path default path to directory for LUKSv2 locks
- [/run/cryptsetup]
- --with-luks2-lock-dir-perms
- default default luks2 locking directory permissions
- [0700]
- --with-default-luks-format=FORMAT
- default LUKS format version (LUKS1/LUKS2) [LUKS2]
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- CPP C preprocessor
- LT_SYS_LIBRARY_PATH
- User-defined run-time library search path.
- PKG_CONFIG path to pkg-config utility
- PKG_CONFIG_PATH
- directories to add to pkg-config's search path
- PKG_CONFIG_LIBDIR
- path overriding pkg-config's built-in search path
- PWQUALITY_CFLAGS
- C compiler flags for PWQUALITY, overriding pkg-config
- PWQUALITY_LIBS
- linker flags for PWQUALITY, overriding pkg-config
- DEVMAPPER_CFLAGS
- C compiler flags for DEVMAPPER, overriding pkg-config
- DEVMAPPER_LIBS
- linker flags for DEVMAPPER, overriding pkg-config
- JSON_C_CFLAGS
- C compiler flags for JSON_C, overriding pkg-config
- JSON_C_LIBS linker flags for JSON_C, overriding pkg-config
- OPENSSL_CFLAGS
- C compiler flags for OPENSSL, overriding pkg-config
- OPENSSL_LIBS
- linker flags for OPENSSL, overriding pkg-config
- OPENSSL_STATIC_CFLAGS
- C compiler flags for OPENSSL_STATIC, overriding pkg-config
- OPENSSL_STATIC_LIBS
- linker flags for OPENSSL_STATIC, overriding pkg-config
- NSS_CFLAGS C compiler flags for NSS, overriding pkg-config
- NSS_LIBS linker flags for NSS, overriding pkg-config
- LIBARGON2_CFLAGS
- C compiler flags for LIBARGON2, overriding pkg-config
- LIBARGON2_LIBS
- linker flags for LIBARGON2, overriding pkg-config
- BLKID_CFLAGS
- C compiler flags for BLKID, overriding pkg-config
- BLKID_LIBS linker flags for BLKID, overriding pkg-config
- DEVMAPPER_STATIC_CFLAGS
- C compiler flags for DEVMAPPER_STATIC, overriding pkg-config
- DEVMAPPER_STATIC_LIBS
- linker flags for DEVMAPPER_STATIC, overriding pkg-config
- systemd_tmpfilesdir
- value of tmpfilesdir for systemd, overriding pkg-config
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for configure.gnu first; this name is used for a wrapper for
- # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-cryptsetup configure 2.3.7
-generated by GNU Autoconf 2.71
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-# ac_fn_c_try_compile LINENO
-# --------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_compile
-
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_compile
-
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_link
-
-# ac_fn_c_check_func LINENO FUNC VAR
-# ----------------------------------
-# Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below. */
-
-#include <limits.h>
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main (void)
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_func
-
-# ac_fn_c_try_run LINENO
-# ----------------------
-# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that
-# executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: program exited with status $ac_status" >&5
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_run
-
-# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR
-# ------------------------------------------------------------------
-# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
-# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR.
-ac_fn_check_decl ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- as_decl_name=`echo $2|sed 's/ *(.*//'`
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
-printf %s "checking whether $as_decl_name is declared... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
- eval ac_save_FLAGS=\$$6
- as_fn_append $6 " $5"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main (void)
-{
-#ifndef $as_decl_name
-#ifdef __cplusplus
- (void) $as_decl_use;
-#else
- (void) $as_decl_name;
-#endif
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- eval $6=\$ac_save_FLAGS
-
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_check_decl
-
-# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
-# -------------------------------------------
-# Tests whether TYPE exists after having included INCLUDES, setting cache
-# variable VAR accordingly.
-ac_fn_c_check_type ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- eval "$3=no"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main (void)
-{
-if (sizeof ($2))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-int
-main (void)
-{
-if (sizeof (($2)))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- eval "$3=yes"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_type
-ac_configure_args_raw=
-for ac_arg
-do
- case $ac_arg in
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append ac_configure_args_raw " '$ac_arg'"
-done
-
-case $ac_configure_args_raw in
- *$as_nl*)
- ac_safe_unquote= ;;
- *)
- ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab.
- ac_unsafe_a="$ac_unsafe_z#~"
- ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
- ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-esac
-
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by cryptsetup $as_me 2.3.7, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- $ $0$ac_configure_args_raw
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- printf "%s\n" "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Sanitize IFS.
- IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- printf "%s\n" "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- printf "%s\n" "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- printf "%s\n" "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- printf "%s\n" "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- printf "%s\n" "$as_me: caught signal $ac_signal"
- printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-printf "%s\n" "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- ac_site_files="$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
-else
- ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-fi
-
-for ac_site_file in $ac_site_files
-do
- case $ac_site_file in #(
- */*) :
- ;; #(
- *) :
- ac_site_file=./$ac_site_file ;;
-esac
- if test -f "$ac_site_file" && test -r "$ac_site_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
-# Test code for whether the C compiler supports C89 (global declarations)
-ac_c_conftest_c89_globals='
-/* Does the compiler advertise C89 conformance?
- Do not test the value of __STDC__, because some compilers set it to 0
- while being otherwise adequately conformant. */
-#if !defined __STDC__
-# error "Compiler does not advertise C89 conformance"
-#endif
-
-#include <stddef.h>
-#include <stdarg.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-struct buf { int x; };
-struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not \xHH hex character constants.
- These do not provoke an error unfortunately, instead are silently treated
- as an "x". The following induces an error, until -std is added to get
- proper ANSI mode. Curiously \x00 != x always comes out true, for an
- array size at least. It is necessary to write \x00 == 0 to get something
- that is true only with -std. */
-int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) '\''x'\''
-int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
- int, int);'
-
-# Test code for whether the C compiler supports C89 (body of main).
-ac_c_conftest_c89_main='
-ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-'
-
-# Test code for whether the C compiler supports C99 (global declarations)
-ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-# error "Compiler does not advertise C99 conformance"
-#endif
-
-#include <stdbool.h>
-extern int puts (const char *);
-extern int printf (const char *, ...);
-extern int dprintf (int, const char *, ...);
-extern void *malloc (size_t);
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-// dprintf is used instead of fprintf to avoid needing to declare
-// FILE and stderr.
-#define debug(...) dprintf (2, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- #error "your preprocessor is broken"
-#endif
-#if BIG_OK
-#else
- #error "your preprocessor is broken"
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static bool
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str = "";
- int number = 0;
- float fnumber = 0;
-
- while (*format)
- {
- switch (*format++)
- {
- case '\''s'\'': // string
- str = va_arg (args_copy, const char *);
- break;
- case '\''d'\'': // int
- number = va_arg (args_copy, int);
- break;
- case '\''f'\'': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-
- return *str && number && fnumber;
-}
-'
-
-# Test code for whether the C compiler supports C99 (body of main).
-ac_c_conftest_c99_main='
- // Check bool.
- _Bool success = false;
- success |= (argc != 0);
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[0] = argv[0][0];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
- || dynamic_array[ni.number - 1] != 543);
-'
-
-# Test code for whether the C compiler supports C11 (global declarations)
-ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-# error "Compiler does not advertise C11 conformance"
-#endif
-
-// Check _Alignas.
-char _Alignas (double) aligned_as_double;
-char _Alignas (0) no_special_alignment;
-extern char aligned_as_int;
-char _Alignas (0) _Alignas (int) aligned_as_int;
-
-// Check _Alignof.
-enum
-{
- int_alignment = _Alignof (int),
- int_array_alignment = _Alignof (int[100]),
- char_alignment = _Alignof (char)
-};
-_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-
-// Check _Noreturn.
-int _Noreturn does_not_return (void) { for (;;) continue; }
-
-// Check _Static_assert.
-struct test_static_assert
-{
- int x;
- _Static_assert (sizeof (int) <= sizeof (long int),
- "_Static_assert does not work in struct");
- long int y;
-};
-
-// Check UTF-8 literals.
-#define u8 syntax error!
-char const utf8_literal[] = u8"happens to be ASCII" "another string";
-
-// Check duplicate typedefs.
-typedef long *long_ptr;
-typedef long int *long_ptr;
-typedef long_ptr long_ptr;
-
-// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-struct anonymous
-{
- union {
- struct { int i; int j; };
- struct { int k; long int l; } w;
- };
- int m;
-} v1;
-'
-
-# Test code for whether the C compiler supports C11 (body of main).
-ac_c_conftest_c11_main='
- _Static_assert ((offsetof (struct anonymous, i)
- == offsetof (struct anonymous, w.k)),
- "Anonymous union alignment botch");
- v1.i = 2;
- v1.w.k = 5;
- ok |= v1.i != 5;
-'
-
-# Test code for whether the C compiler supports C11 (complete).
-ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-${ac_c_conftest_c11_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- ${ac_c_conftest_c11_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C99 (complete).
-ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C89 (complete).
-ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- return ok;
-}
-"
-
-as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
-as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
-as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
-as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
-as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
-as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
-as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
-as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
-as_fn_append ac_header_c_list " wchar.h wchar_h HAVE_WCHAR_H"
-as_fn_append ac_header_c_list " minix/config.h minix_config_h HAVE_MINIX_CONFIG_H"
-gt_needs="$gt_needs need-ngettext"
-
-# Auxiliary files required by this configure script.
-ac_aux_files="config.rpath ltmain.sh compile config.guess config.sub missing install-sh"
-
-# Locations in which to look for auxiliary files.
-ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
-
-# Search for a directory containing all of the required auxiliary files,
-# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
-# If we don't find one directory that contains all the files we need,
-# we report the set of missing files from the *first* directory in
-# $ac_aux_dir_candidates and give up.
-ac_missing_aux_files=""
-ac_first_candidate=:
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in $ac_aux_dir_candidates
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
-
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
- ac_aux_dir_found=yes
- ac_install_sh=
- for ac_aux in $ac_aux_files
- do
- # As a special case, if "install-sh" is required, that requirement
- # can be satisfied by any of "install-sh", "install.sh", or "shtool",
- # and $ac_install_sh is set appropriately for whichever one is found.
- if test x"$ac_aux" = x"install-sh"
- then
- if test -f "${as_dir}install-sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
- ac_install_sh="${as_dir}install-sh -c"
- elif test -f "${as_dir}install.sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
- ac_install_sh="${as_dir}install.sh -c"
- elif test -f "${as_dir}shtool"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
- ac_install_sh="${as_dir}shtool install -c"
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} install-sh"
- else
- break
- fi
- fi
- else
- if test -f "${as_dir}${ac_aux}"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
- else
- break
- fi
- fi
- fi
- done
- if test "$ac_aux_dir_found" = yes; then
- ac_aux_dir="$as_dir"
- break
- fi
- ac_first_candidate=false
-
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
-fi
-
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-if test -f "${ac_aux_dir}config.guess"; then
- ac_config_guess="$SHELL ${ac_aux_dir}config.guess"
-fi
-if test -f "${ac_aux_dir}config.sub"; then
- ac_config_sub="$SHELL ${ac_aux_dir}config.sub"
-fi
-if test -f "$ac_aux_dir/configure"; then
- ac_configure="$SHELL ${ac_aux_dir}configure"
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
- and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=18:0:6
-
-# Check whether --enable-silent-rules was given.
-if test ${enable_silent_rules+y}
-then :
- enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in # (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=0;;
-esac
-am_make=${MAKE-make}
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-printf %s "checking whether $am_make supports nested variables... " >&6; }
-if test ${am_cv_make_support_nested_variables+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if printf "%s\n" 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
-
-
-
-ac_config_headers="$ac_config_headers config.h:config.h.in"
-
-
-# We do not want to run test in parallel. Really.
-# http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html
-
-# For old automake use this
-#AM_INIT_AUTOMAKE(dist-xz subdir-objects)
-am__api_version='1.16'
-
-
-
- # Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-printf %s "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test ${ac_cv_path_install+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- # Account for fact that we put trailing slashes in our PATH walk.
-case $as_dir in #((
- ./ | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test ${ac_cv_path_install+y}; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-printf "%s\n" "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-printf %s "checking whether build environment is sane... " >&6; }
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
-esac
-case $srcdir in
- *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
- alias in your environment" "$LINENO" 5
- fi
- if test "$2" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-
-rm -f conftest.file
-
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
-
-
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-
- if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
-fi
-
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
-printf %s "checking for a race-free mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test ${ac_cv_path_mkdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
- case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir ('*'coreutils) '* | \
- 'BusyBox '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test ${ac_cv_path_mkdir+y}; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-printf "%s\n" "$MKDIR_P" >&6; }
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AWK+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AWK="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-printf "%s\n" "$AWK" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
- PACKAGE='cryptsetup'
- VERSION='2.3.7'
-
-
-printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
-
-
-printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-mkdir_p='$(MKDIR_P)'
-
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AMTAR='$${TAR-tar}'
-
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar pax cpio none'
-
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
-
-
-
-
-
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-
-
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
- fi
-fi
-
-
-if test "x$prefix" = "xNONE"; then
- sysconfdir=/etc
-fi
-
-
-
-
- # Make sure we can run config.sub.
-$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-printf %s "checking build system type... " >&6; }
-if test ${ac_cv_build+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-printf "%s\n" "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-printf %s "checking host system type... " >&6; }
-if test ${ac_cv_host+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-printf "%s\n" "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-
-
-
-
-
-
-
-
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
- (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- case $?:`cat confinc.out 2>/dev/null` in #(
- '0:this is the am__doit target') :
- case $s in #(
- BSD) :
- am__include='.include' am__quote='"' ;; #(
- *) :
- am__include='include' am__quote='' ;;
-esac ;; #(
- *) :
- ;;
-esac
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-printf "%s\n" "${_am_result}" >&6; }
-
-# Check whether --enable-dependency-tracking was given.
-if test ${enable_dependency_tracking+y}
-then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-printf %s "checking whether the C compiler works... " >&6; }
-ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else $as_nop
- ac_file=''
-fi
-if test -z "$ac_file"
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-printf %s "checking for C compiler default output file name... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-printf "%s\n" "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-printf %s "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-printf "%s\n" "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdio.h>
-int
-main (void)
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-printf %s "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-printf "%s\n" "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-printf %s "checking for suffix of object files... " >&6; }
-if test ${ac_cv_objext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-printf "%s\n" "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
- if test $ac_cache; then
- ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
- if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
- printf "%s\n" "#define $ac_item 1" >> confdefs.h
- fi
- ac_header= ac_cache=
- elif test $ac_header; then
- ac_cache=$ac_item
- else
- ac_header=$ac_item
- fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5
-printf %s "checking whether it is safe to define __EXTENSIONS__... " >&6; }
-if test ${ac_cv_safe_to_define___extensions__+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-# define __EXTENSIONS__ 1
- $ac_includes_default
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_safe_to_define___extensions__=yes
-else $as_nop
- ac_cv_safe_to_define___extensions__=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5
-printf "%s\n" "$ac_cv_safe_to_define___extensions__" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether _XOPEN_SOURCE should be defined" >&5
-printf %s "checking whether _XOPEN_SOURCE should be defined... " >&6; }
-if test ${ac_cv_should_define__xopen_source+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_should_define__xopen_source=no
- if test $ac_cv_header_wchar_h = yes
-then :
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <wchar.h>
- mbstate_t x;
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #define _XOPEN_SOURCE 500
- #include <wchar.h>
- mbstate_t x;
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_should_define__xopen_source=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5
-printf "%s\n" "$ac_cv_should_define__xopen_source" >&6; }
-
- printf "%s\n" "#define _ALL_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _DARWIN_C_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _GNU_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _HPUX_ALT_XOPEN_SOCKET_API 1" >>confdefs.h
-
- printf "%s\n" "#define _NETBSD_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _OPENBSD_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_IEC_60559_ATTRIBS_EXT__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_IEC_60559_BFP_EXT__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_LIB_EXT2__ 1" >>confdefs.h
-
- printf "%s\n" "#define __STDC_WANT_MATH_SPEC_FUNCS__ 1" >>confdefs.h
-
- printf "%s\n" "#define _TANDEM_SOURCE 1" >>confdefs.h
-
- if test $ac_cv_header_minix_config_h = yes
-then :
- MINIX=yes
- printf "%s\n" "#define _MINIX 1" >>confdefs.h
-
- printf "%s\n" "#define _POSIX_SOURCE 1" >>confdefs.h
-
- printf "%s\n" "#define _POSIX_1_SOURCE 2" >>confdefs.h
-
-else $as_nop
- MINIX=
-fi
- if test $ac_cv_safe_to_define___extensions__ = yes
-then :
- printf "%s\n" "#define __EXTENSIONS__ 1" >>confdefs.h
-
-fi
- if test $ac_cv_should_define__xopen_source = yes
-then :
- printf "%s\n" "#define _XOPEN_SOURCE 500" >>confdefs.h
-
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-printf %s "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if test ${ac_cv_prog_CPP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # Double quotes because $CC needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <limits.h>
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else $as_nop
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
- # Broken: success on invalid input.
-continue
-else $as_nop
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
-then :
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-printf "%s\n" "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <limits.h>
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
-
-else $as_nop
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"
-then :
- # Broken: success on invalid input.
-continue
-else $as_nop
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok
-then :
-
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-# Check whether --enable-static was given.
-if test ${enable_static+y}
-then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_static=no
-fi
-
-
-
-
-
-
-
-
-
-case `pwd` in
- *\ * | *\ *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.4.6'
-macro_revision='2.4.6'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-printf %s "checking how to print strings... " >&6; }
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO ""
-}
-
-case $ECHO in
- printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-printf "%s\n" "printf" >&6; } ;;
- print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-printf "%s\n" "print -r" >&6; } ;;
- *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-printf "%s\n" "cat" >&6; } ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-printf %s "checking for grep that handles long lines and -e... " >&6; }
-if test ${ac_cv_path_GREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in grep ggrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-printf "%s\n" "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
-if test ${ac_cv_path_EGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in egrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-printf "%s\n" "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-printf %s "checking for fgrep... " >&6; }
-if test ${ac_cv_path_FGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in fgrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_FGREP" || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-printf "%s\n" "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${lt_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
-fi
-
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${lt_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test ${lt_cv_path_NM+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-printf "%s\n" "$lt_cv_path_NM" >&6; }
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in dumpbin "link -dump"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-printf "%s\n" "$DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in dumpbin "link -dump"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
-
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-printf %s "checking the name lister ($NM) interface... " >&6; }
-if test ${lt_cv_nm_interface+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-printf "%s\n" "$lt_cv_nm_interface" >&6; }
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-printf %s "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-printf "%s\n" "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-printf %s "checking the maximum length of command line arguments... " >&6; }
-if test ${lt_cv_sys_max_cmd_len+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n "$lt_cv_sys_max_cmd_len"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
-printf "%s\n" "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-printf %s "checking how to convert $build file names to $host format... " >&6; }
-if test ${lt_cv_to_host_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-
-fi
-
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-printf %s "checking how to convert $build file names to toolchain format... " >&6; }
-if test ${lt_cv_to_tool_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- #assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-
-fi
-
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-printf %s "checking for $LD option to reload object files... " >&6; }
-if test ${lt_cv_ld_reload_flag+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_reload_flag='-r'
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-printf "%s\n" "$OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-printf %s "checking how to recognize dependent libraries... " >&6; }
-if test ${lt_cv_deplibs_check_method+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DLLTOOL"; then
- ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DLLTOOL=$ac_cv_prog_DLLTOOL
-if test -n "$DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-printf "%s\n" "$DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DLLTOOL"; then
- ac_ct_DLLTOOL=$DLLTOOL
- # Extract the first word of "dlltool", so it can be a program name with args.
-set dummy dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DLLTOOL"; then
- ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
-if test -n "$ac_ct_DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DLLTOOL" = x; then
- DLLTOOL="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DLLTOOL=$ac_ct_DLLTOOL
- fi
-else
- DLLTOOL="$ac_cv_prog_DLLTOOL"
-fi
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-printf %s "checking how to associate runtime and link libraries... " >&6; }
-if test ${lt_cv_sharedlib_from_linklib_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- for ac_prog in ar
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-printf "%s\n" "$AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AR" && break
- done
-fi
-if test -z "$AR"; then
- ac_ct_AR=$AR
- for ac_prog in ar
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-printf "%s\n" "$ac_ct_AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_AR" && break
-done
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-fi
-
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-printf %s "checking for archiver @FILE support... " >&6; }
-if test ${lt_cv_ar_at_file+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ar_at_file=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-printf "%s\n" "$lt_cv_ar_at_file" >&6; }
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-printf %s "checking command to parse $NM output from $compiler object... " >&6; }
-if test ${lt_cv_sys_global_symbol_pipe+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT_DLSYM_CONST
-#else
-# define LT_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-printf "%s\n" "failed" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-printf "%s\n" "ok" >&6; }
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-printf %s "checking for sysroot... " >&6; }
-
-# Check whether --with-sysroot was given.
-if test ${with_sysroot+y}
-then :
- withval=$with_sysroot;
-else $as_nop
- with_sysroot=no
-fi
-
-
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-printf "%s\n" "$with_sysroot" >&6; }
- as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
- ;;
-esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-printf "%s\n" "${lt_sysroot:-no}" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-printf %s "checking for a working dd... " >&6; }
-if test ${ac_cv_path_lt_DD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-if test -z "$lt_DD"; then
- ac_path_lt_DD_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in dd
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_lt_DD" || continue
-if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi
- $ac_path_lt_DD_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_lt_DD"; then
- :
- fi
-else
- ac_cv_path_lt_DD=$lt_DD
-fi
-
-rm -f conftest.i conftest2.i conftest.out
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-printf %s "checking how to truncate binary pipes... " >&6; }
-if test ${lt_cv_truncate_bin+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-printf "%s\n" "$lt_cv_truncate_bin" >&6; }
-
-
-
-
-
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in $*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-# Check whether --enable-libtool-lock was given.
-if test ${enable_libtool_lock+y}
-then :
- enableval=$enable_libtool_lock;
-fi
-
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-printf %s "checking whether the C compiler needs -belf... " >&6; }
-if test ${lt_cv_cc_needs_belf+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_cc_needs_belf=yes
-else $as_nop
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
-set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$MANIFEST_TOOL"; then
- ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
-if test -n "$MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-printf "%s\n" "$MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
- ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
- # Extract the first word of "mt", so it can be a program name with args.
-set dummy mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_MANIFEST_TOOL"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
-if test -n "$ac_ct_MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_MANIFEST_TOOL" = x; then
- MANIFEST_TOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
- fi
-else
- MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
-fi
-
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&5
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-
-
-
-
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-printf "%s\n" "$DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-printf "%s\n" "$NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-printf "%s\n" "$ac_ct_NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-printf "%s\n" "$LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-printf "%s\n" "$ac_ct_LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-printf "%s\n" "$OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-printf "%s\n" "$ac_ct_OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-printf "%s\n" "$OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-printf "%s\n" "$ac_ct_OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-printf %s "checking for -single_module linker flag... " >&6; }
-if test ${lt_cv_apple_cc_single_mod+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&5
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-printf %s "checking for -exported_symbols_list linker flag... " >&6; }
-if test ${lt_cv_ld_exported_symbols_list+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_ld_exported_symbols_list=yes
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-printf %s "checking for -force_load linker flag... " >&6; }
-if test ${lt_cv_ld_force_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cr libconftest.a conftest.o" >&5
- $AR cr libconftest.a conftest.o 2>&5
- echo "$RANLIB libconftest.a" >&5
- $RANLIB libconftest.a 2>&5
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&5
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&5
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-printf "%s\n" "$lt_cv_ld_force_load" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[012][,.]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x$2 in
- x)
- ;;
- *:)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
- ;;
- x:*)
- eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
- ;;
- *)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = xyes
-then :
- printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h
-
-fi
-
-
-
-
-
-# Set options
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
- # Check whether --enable-shared was given.
-if test ${enable_shared+y}
-then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_shared=yes
-fi
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-pic was given.
-if test ${with_pic+y}
-then :
- withval=$with_pic; lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- pic_mode=default
-fi
-
-
-
-
-
-
-
-
- # Check whether --enable-fast-install was given.
-if test ${enable_fast_install+y}
-then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
- shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[5-9]*,yes)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-# Check whether --with-aix-soname was given.
-if test ${with_aix_soname+y}
-then :
- withval=$with_aix_soname; case $withval in
- aix|svr4|both)
- ;;
- *)
- as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
- if test ${lt_cv_with_aix_soname+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_with_aix_soname=aix
-fi
-
- with_aix_soname=$lt_cv_with_aix_soname
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-printf "%s\n" "$with_aix_soname" >&6; }
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-printf %s "checking for objdir... " >&6; }
-if test ${lt_cv_objdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-printf "%s\n" "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-func_cc_basename $compiler
-cc_basename=$func_cc_basename_result
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-printf %s "checking for ${ac_tool_prefix}file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/${ac_tool_prefix}file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-printf %s "checking for file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC=$CC
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
- *)
- lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
- esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test ${lt_cv_prog_compiler_rtti_exceptions+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-
- if test yes = "$GCC"; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- lt_prog_compiler_pic='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- lt_prog_compiler_static=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- lt_prog_compiler_wl='-Xlinker '
- if test -n "$lt_prog_compiler_pic"; then
- lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Intel*\ [CF]*Compiler*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- *Portland\ Group*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
- ;;
-esac
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-printf %s "checking for $compiler option to produce PIC... " >&6; }
-if test ${lt_cv_prog_compiler_pic+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
-lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test ${lt_cv_prog_compiler_pic_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_pic_works"; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test ${lt_cv_prog_compiler_static_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_static_works"; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links=nottested
-if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-printf %s "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-printf "%s\n" "$hard_links" >&6; }
- if test no = "$hard_links"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- link_all_deplibs=no
- ;;
- esac
-
- ld_shlibs=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
- *\ \(GNU\ Binutils\)\ [3-9]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- export_dynamic_flag_spec='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='$wl--export-all-symbols'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- link_all_deplibs=yes
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- export_dynamic_flag_spec='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test no = "$ld_shlibs"; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- hardcode_direct=no
- hardcode_direct_absolute=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- export_dynamic_flag_spec='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' $wl-bernotok'
- allow_undefined_flag=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- fi
- archive_cmds_need_lc=yes
- archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- file_list_spec='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
- enable_shared_with_static_runtimes=yes
- exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- old_postinstall_cmds='chmod 644 $oldlib'
- postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- enable_shared_with_static_runtimes=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-
- else
- whole_archive_flag_spec=''
- fi
- link_all_deplibs=yes
- allow_undefined_flag=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
-
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-printf %s "checking if $CC understands -b... " >&6; }
-if test ${lt_cv_prog_compiler__b+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler__b=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -b"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler__b=yes
- fi
- else
- lt_cv_prog_compiler__b=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
-
-if test yes = "$lt_cv_prog_compiler__b"; then
- archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-fi
-
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if test ${lt_cv_irix_exported_symbol+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo (void) { return 0; }
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_irix_exported_symbol=yes
-else $as_nop
- lt_cv_irix_exported_symbol=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
- if test yes = "$lt_cv_irix_exported_symbol"; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- link_all_deplibs=no
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- ld_shlibs=yes
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- else
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='$wl-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='$wl-z,text'
- allow_undefined_flag='$wl-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-printf "%s\n" "$ld_shlibs" >&6; }
-test no = "$ld_shlibs" && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-printf %s "checking whether -lc should be explicitly linked in... " >&6; }
-if test ${lt_cv_archive_cmds_need_lc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- lt_cv_archive_cmds_need_lc=no
- else
- lt_cv_archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
- archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-printf %s "checking dynamic linker characteristics... " >&6; }
-
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[4-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a(lib.so.V)'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[23].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[3-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- if test ${lt_cv_shlibpath_overrides_runpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
-then :
- lt_cv_shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
-fi
-
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-printf "%s\n" "$dynamic_linker" >&6; }
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-printf %s "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test yes = "$hardcode_automatic"; then
-
- # We can hardcode non-existent directories.
- if test no != "$hardcode_direct" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
- test no != "$hardcode_minus_L"; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-printf "%s\n" "$hardcode_action" >&6; }
-
-if test relink = "$hardcode_action" ||
- test yes = "$inherit_rpath"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-printf %s "checking for shl_load in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_shl_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char shl_load ();
-int
-main (void)
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_shl_load=yes
-else $as_nop
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-printf %s "checking for dlopen in -lsvld... " >&6; }
-if test ${ac_cv_lib_svld_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_svld_dlopen=yes
-else $as_nop
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-printf %s "checking for dld_link in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_dld_link+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dld_link ();
-int
-main (void)
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_dld_link=yes
-else $as_nop
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes
-then :
- lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-printf %s "checking whether a program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-printf "%s\n" "$lt_cv_dlopen_self" >&6; }
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self_static+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report what library types will actually be built
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-printf %s "checking if libtool supports shared libraries... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-printf "%s\n" "$can_build_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-printf %s "checking whether to build shared libraries... " >&6; }
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-printf "%s\n" "$enable_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-printf %s "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-printf "%s\n" "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-printf "%s\n" "$PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-
- if test "X$prefix" = "XNONE"; then
- acl_final_prefix="$ac_default_prefix"
- else
- acl_final_prefix="$prefix"
- fi
- if test "X$exec_prefix" = "XNONE"; then
- acl_final_exec_prefix='${prefix}'
- else
- acl_final_exec_prefix="$exec_prefix"
- fi
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
- prefix="$acl_save_prefix"
-
-
-
-# Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'`
- while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD="$ac_prog"
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test "$with_gnu_ld" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${acl_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$acl_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- acl_cv_path_LD="$ac_dir/$ac_prog"
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$acl_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
- ;;
- *)
- test "$with_gnu_ld" != yes && break
- ;;
- esac
- fi
- done
- IFS="$acl_save_ifs"
-else
- acl_cv_path_LD="$LD" # Let the user override the test with a path.
-fi
-fi
-
-LD="$acl_cv_path_LD"
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${acl_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- acl_cv_prog_gnu_ld=yes
- ;;
-*)
- acl_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $acl_cv_prog_gnu_ld" >&5
-printf "%s\n" "$acl_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$acl_cv_prog_gnu_ld
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5
-printf %s "checking for shared library run path origin... " >&6; }
-if test ${acl_cv_rpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
- ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
- . ./conftest.sh
- rm -f ./conftest.sh
- acl_cv_rpath=done
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5
-printf "%s\n" "$acl_cv_rpath" >&6; }
- wl="$acl_cv_wl"
- acl_libext="$acl_cv_libext"
- acl_shlibext="$acl_cv_shlibext"
- acl_libname_spec="$acl_cv_libname_spec"
- acl_library_names_spec="$acl_cv_library_names_spec"
- acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
- acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
- acl_hardcode_direct="$acl_cv_hardcode_direct"
- acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
- # Check whether --enable-rpath was given.
-if test ${enable_rpath+y}
-then :
- enableval=$enable_rpath; :
-else $as_nop
- enable_rpath=yes
-fi
-
-
-
-
-
- acl_libdirstem=lib
- acl_libdirstem2=
- case "$host_os" in
- solaris*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5
-printf %s "checking for 64-bit host... " >&6; }
-if test ${gl_cv_solaris_64bit+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#ifdef _LP64
-sixtyfour bits
-#endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "sixtyfour bits" >/dev/null 2>&1
-then :
- gl_cv_solaris_64bit=yes
-else $as_nop
- gl_cv_solaris_64bit=no
-fi
-rm -rf conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5
-printf "%s\n" "$gl_cv_solaris_64bit" >&6; }
- if test $gl_cv_solaris_64bit = yes; then
- acl_libdirstem=lib/64
- case "$host_cpu" in
- sparc*) acl_libdirstem2=lib/sparcv9 ;;
- i*86 | x86_64) acl_libdirstem2=lib/amd64 ;;
- esac
- fi
- ;;
- *)
- searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
- if test -n "$searchpath"; then
- acl_save_IFS="${IFS= }"; IFS=":"
- for searchdir in $searchpath; do
- if test -d "$searchdir"; then
- case "$searchdir" in
- */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
- */../ | */.. )
- # Better ignore directories of this form. They are misleading.
- ;;
- *) searchdir=`cd "$searchdir" && pwd`
- case "$searchdir" in
- */lib64 ) acl_libdirstem=lib64 ;;
- esac ;;
- esac
- fi
- done
- IFS="$acl_save_IFS"
- fi
- ;;
- esac
- test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem"
-
-
-
-
-
-
-
-
-
-
-
-
- use_additional=yes
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
-
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
-
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
-
-# Check whether --with-libiconv-prefix was given.
-if test ${with_libiconv_prefix+y}
-then :
- withval=$with_libiconv_prefix;
- if test "X$withval" = "Xno"; then
- use_additional=no
- else
- if test "X$withval" = "X"; then
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
-
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
-
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- else
- additional_includedir="$withval/include"
- additional_libdir="$withval/$acl_libdirstem"
- if test "$acl_libdirstem2" != "$acl_libdirstem" \
- && ! test -d "$withval/$acl_libdirstem"; then
- additional_libdir="$withval/$acl_libdirstem2"
- fi
- fi
- fi
-
-fi
-
- LIBICONV=
- LTLIBICONV=
- INCICONV=
- LIBICONV_PREFIX=
- HAVE_LIBICONV=
- rpathdirs=
- ltrpathdirs=
- names_already_handled=
- names_next_round='iconv '
- while test -n "$names_next_round"; do
- names_this_round="$names_next_round"
- names_next_round=
- for name in $names_this_round; do
- already_handled=
- for n in $names_already_handled; do
- if test "$n" = "$name"; then
- already_handled=yes
- break
- fi
- done
- if test -z "$already_handled"; then
- names_already_handled="$names_already_handled $name"
- uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
- eval value=\"\$HAVE_LIB$uppername\"
- if test -n "$value"; then
- if test "$value" = yes; then
- eval value=\"\$LIB$uppername\"
- test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value"
- eval value=\"\$LTLIB$uppername\"
- test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value"
- else
- :
- fi
- else
- found_dir=
- found_la=
- found_so=
- found_a=
- eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
- if test -n "$acl_shlibext"; then
- shrext=".$acl_shlibext" # typically: shrext=.so
- else
- shrext=
- fi
- if test $use_additional = yes; then
- dir="$additional_libdir"
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- for x in $LDFLAGS $LTLIBICONV; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- case "$x" in
- -L*)
- dir=`echo "X$x" | sed -e 's/^X-L//'`
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- ;;
- esac
- if test "X$found_dir" != "X"; then
- break
- fi
- done
- fi
- if test "X$found_dir" != "X"; then
- LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name"
- if test "X$found_so" != "X"; then
- if test "$enable_rpath" = no \
- || test "X$found_dir" = "X/usr/$acl_libdirstem" \
- || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
- else
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $found_dir"
- fi
- if test "$acl_hardcode_direct" = yes; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
- else
- if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $found_dir"
- fi
- else
- haveit=
- for x in $LDFLAGS $LIBICONV; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir"
- fi
- if test "$acl_hardcode_minus_L" != no; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
- else
- LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
- fi
- fi
- fi
- fi
- else
- if test "X$found_a" != "X"; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a"
- else
- LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name"
- fi
- fi
- additional_includedir=
- case "$found_dir" in
- */$acl_libdirstem | */$acl_libdirstem/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
- if test "$name" = 'iconv'; then
- LIBICONV_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- */$acl_libdirstem2 | */$acl_libdirstem2/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
- if test "$name" = 'iconv'; then
- LIBICONV_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- esac
- if test "X$additional_includedir" != "X"; then
- if test "X$additional_includedir" != "X/usr/include"; then
- haveit=
- if test "X$additional_includedir" = "X/usr/local/include"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- for x in $CPPFLAGS $INCICONV; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-I$additional_includedir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_includedir"; then
- INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir"
- fi
- fi
- fi
- fi
- fi
- if test -n "$found_la"; then
- save_libdir="$libdir"
- case "$found_la" in
- */* | *\\*) . "$found_la" ;;
- *) . "./$found_la" ;;
- esac
- libdir="$save_libdir"
- for dep in $dependency_libs; do
- case "$dep" in
- -L*)
- additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
- if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \
- && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then
- haveit=
- if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \
- || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- haveit=
- for x in $LDFLAGS $LIBICONV; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir"
- fi
- fi
- haveit=
- for x in $LDFLAGS $LTLIBICONV; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir"
- fi
- fi
- fi
- fi
- ;;
- -R*)
- dir=`echo "X$dep" | sed -e 's/^X-R//'`
- if test "$enable_rpath" != no; then
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $dir"
- fi
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $dir"
- fi
- fi
- ;;
- -l*)
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
- ;;
- *.la)
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
- ;;
- *)
- LIBICONV="${LIBICONV}${LIBICONV:+ }$dep"
- LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep"
- ;;
- esac
- done
- fi
- else
- LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
- LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name"
- fi
- fi
- fi
- done
- done
- if test "X$rpathdirs" != "X"; then
- if test -n "$acl_hardcode_libdir_separator"; then
- alldirs=
- for found_dir in $rpathdirs; do
- alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
- done
- acl_save_libdir="$libdir"
- libdir="$alldirs"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
- else
- for found_dir in $rpathdirs; do
- acl_save_libdir="$libdir"
- libdir="$found_dir"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
- done
- fi
- fi
- if test "X$ltrpathdirs" != "X"; then
- for found_dir in $ltrpathdirs; do
- LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir"
- done
- fi
-
-
-
-
-
-
-
-
-
-
-
-
- am_save_CPPFLAGS="$CPPFLAGS"
-
- for element in $INCICONV; do
- haveit=
- for x in $CPPFLAGS; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X$element"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
- fi
- done
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5
-printf %s "checking for iconv... " >&6; }
-if test ${am_cv_func_iconv+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- am_cv_func_iconv="no, consider installing GNU libiconv"
- am_cv_lib_iconv=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdlib.h>
-#include <iconv.h>
-
-int
-main (void)
-{
-iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- am_cv_func_iconv=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test "$am_cv_func_iconv" != yes; then
- am_save_LIBS="$LIBS"
- LIBS="$LIBS $LIBICONV"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdlib.h>
-#include <iconv.h>
-
-int
-main (void)
-{
-iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- am_cv_lib_iconv=yes
- am_cv_func_iconv=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LIBS="$am_save_LIBS"
- fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5
-printf "%s\n" "$am_cv_func_iconv" >&6; }
- if test "$am_cv_func_iconv" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5
-printf %s "checking for working iconv... " >&6; }
-if test ${am_cv_func_iconv_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- am_save_LIBS="$LIBS"
- if test $am_cv_lib_iconv = yes; then
- LIBS="$LIBS $LIBICONV"
- fi
- if test "$cross_compiling" = yes
-then :
-
- case "$host_os" in
- aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
- *) am_cv_func_iconv_works="guessing yes" ;;
- esac
-
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <iconv.h>
-#include <string.h>
-int main ()
-{
- int result = 0;
- /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
- returns. */
- {
- iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
- if (cd_utf8_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\342\202\254"; /* EURO SIGN */
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_utf8_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 1;
- iconv_close (cd_utf8_to_88591);
- }
- }
- /* Test against Solaris 10 bug: Failures are not distinguishable from
- successful returns. */
- {
- iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646");
- if (cd_ascii_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\263";
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_ascii_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 2;
- iconv_close (cd_ascii_to_88591);
- }
- }
- /* Test against AIX 6.1..7.1 bug: Buffer overrun. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304";
- static char buf[2] = { (char)0xDE, (char)0xAD };
- const char *inptr = input;
- size_t inbytesleft = 1;
- char *outptr = buf;
- size_t outbytesleft = 1;
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
- result |= 4;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#if 0 /* This bug could be worked around by the caller. */
- /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
- char buf[50];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if ((int)res > 0)
- result |= 8;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#endif
- /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
- provided. */
- if (/* Try standardized names. */
- iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
- /* Try IRIX, OSF/1 names. */
- && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
- /* Try AIX names. */
- && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
- /* Try HP-UX names. */
- && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
- result |= 16;
- return result;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"
-then :
- am_cv_func_iconv_works=yes
-else $as_nop
- am_cv_func_iconv_works=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
- LIBS="$am_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5
-printf "%s\n" "$am_cv_func_iconv_works" >&6; }
- case "$am_cv_func_iconv_works" in
- *no) am_func_iconv=no am_cv_lib_iconv=no ;;
- *) am_func_iconv=yes ;;
- esac
- else
- am_func_iconv=no am_cv_lib_iconv=no
- fi
- if test "$am_func_iconv" = yes; then
-
-printf "%s\n" "#define HAVE_ICONV 1" >>confdefs.h
-
- fi
- if test "$am_cv_lib_iconv" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5
-printf %s "checking how to link with libiconv... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5
-printf "%s\n" "$LIBICONV" >&6; }
- else
- CPPFLAGS="$am_save_CPPFLAGS"
- LIBICONV=
- LTLIBICONV=
- fi
-
-
-
- if test "$am_cv_func_iconv" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for iconv declaration" >&5
-printf %s "checking for iconv declaration... " >&6; }
- if test ${am_cv_proto_iconv+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdlib.h>
-#include <iconv.h>
-extern
-#ifdef __cplusplus
-"C"
-#endif
-#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus)
-size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
-#else
-size_t iconv();
-#endif
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- am_cv_proto_iconv_arg1=""
-else $as_nop
- am_cv_proto_iconv_arg1="const"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"
-fi
-
- am_cv_proto_iconv=`echo "$am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result:
- $am_cv_proto_iconv" >&5
-printf "%s\n" "
- $am_cv_proto_iconv" >&6; }
-
-printf "%s\n" "#define ICONV_CONST $am_cv_proto_iconv_arg1" >>confdefs.h
-
-
- fi
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5
-printf %s "checking for C/C++ restrict keyword... " >&6; }
-if test ${ac_cv_c_restrict+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_c_restrict=no
- # Put '__restrict__' first, to avoid problems with glibc and non-GCC; see:
- # https://lists.gnu.org/archive/html/bug-autoconf/2016-02/msg00006.html
- # Put 'restrict' last, because C++ lacks it.
- for ac_kw in __restrict__ __restrict _Restrict restrict; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-typedef int *int_ptr;
- int foo (int_ptr $ac_kw ip) { return ip[0]; }
- int bar (int [$ac_kw]); /* Catch GCC bug 14050. */
- int bar (int ip[$ac_kw]) { return ip[0]; }
-
-int
-main (void)
-{
-int s[1];
- int *$ac_kw t = s;
- t[0] = 0;
- return foo (t) + bar (t);
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_restrict=$ac_kw
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- test "$ac_cv_c_restrict" != no && break
- done
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5
-printf "%s\n" "$ac_cv_c_restrict" >&6; }
-
- case $ac_cv_c_restrict in
- restrict) ;;
- no) printf "%s\n" "#define restrict /**/" >>confdefs.h
- ;;
- *) printf "%s\n" "#define restrict $ac_cv_c_restrict" >>confdefs.h
- ;;
- esac
-
-
-ac_header_dirent=no
-for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
- as_ac_Header=`printf "%s\n" "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
-printf %s "checking for $ac_hdr that defines DIR... " >&6; }
-if eval test \${$as_ac_Header+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
-#include <$ac_hdr>
-
-int
-main (void)
-{
-if ((DIR *) 0)
-return 0;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$as_ac_Header=yes"
-else $as_nop
- eval "$as_ac_Header=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$as_ac_Header
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_Header"\" = x"yes"
-then :
- cat >>confdefs.h <<_ACEOF
-#define `printf "%s\n" "HAVE_$ac_hdr" | $as_tr_cpp` 1
-_ACEOF
-
-ac_header_dirent=$ac_hdr; break
-fi
-
-done
-# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
-if test $ac_header_dirent = dirent.h; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
-printf %s "checking for library containing opendir... " >&6; }
-if test ${ac_cv_search_opendir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char opendir ();
-int
-main (void)
-{
-return opendir ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' dir
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_opendir=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_opendir+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_opendir+y}
-then :
-
-else $as_nop
- ac_cv_search_opendir=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
-printf "%s\n" "$ac_cv_search_opendir" >&6; }
-ac_res=$ac_cv_search_opendir
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
-printf %s "checking for library containing opendir... " >&6; }
-if test ${ac_cv_search_opendir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char opendir ();
-int
-main (void)
-{
-return opendir ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' x
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_opendir=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_opendir+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_opendir+y}
-then :
-
-else $as_nop
- ac_cv_search_opendir=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
-printf "%s\n" "$ac_cv_search_opendir" >&6; }
-ac_res=$ac_cv_search_opendir
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
-fi
-
-ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "$ac_includes_default"
-if test "x$ac_cv_header_fcntl_h" = xyes
-then :
- printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "malloc.h" "ac_cv_header_malloc_h" "$ac_includes_default"
-if test "x$ac_cv_header_malloc_h" = xyes
-then :
- printf "%s\n" "#define HAVE_MALLOC_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default"
-if test "x$ac_cv_header_inttypes_h" = xyes
-then :
- printf "%s\n" "#define HAVE_INTTYPES_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/ioctl.h" "ac_cv_header_sys_ioctl_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_ioctl_h" = xyes
-then :
- printf "%s\n" "#define HAVE_SYS_IOCTL_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_mman_h" = xyes
-then :
- printf "%s\n" "#define HAVE_SYS_MMAN_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_sysmacros_h" = xyes
-then :
- printf "%s\n" "#define HAVE_SYS_SYSMACROS_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "sys/statvfs.h" "ac_cv_header_sys_statvfs_h" "$ac_includes_default"
-if test "x$ac_cv_header_sys_statvfs_h" = xyes
-then :
- printf "%s\n" "#define HAVE_SYS_STATVFS_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "ctype.h" "ac_cv_header_ctype_h" "$ac_includes_default"
-if test "x$ac_cv_header_ctype_h" = xyes
-then :
- printf "%s\n" "#define HAVE_CTYPE_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
- printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "locale.h" "ac_cv_header_locale_h" "$ac_includes_default"
-if test "x$ac_cv_header_locale_h" = xyes
-then :
- printf "%s\n" "#define HAVE_LOCALE_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "byteswap.h" "ac_cv_header_byteswap_h" "$ac_includes_default"
-if test "x$ac_cv_header_byteswap_h" = xyes
-then :
- printf "%s\n" "#define HAVE_BYTESWAP_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default"
-if test "x$ac_cv_header_endian_h" = xyes
-then :
- printf "%s\n" "#define HAVE_ENDIAN_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
-if test "x$ac_cv_header_stdint_h" = xyes
-then :
- printf "%s\n" "#define HAVE_STDINT_H 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5
-printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; }
-if test ${ac_cv_c_undeclared_builtin_options+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_CFLAGS=$CFLAGS
- ac_cv_c_undeclared_builtin_options='cannot detect'
- for ac_arg in '' -fno-builtin; do
- CFLAGS="$ac_save_CFLAGS $ac_arg"
- # This test program should *not* compile successfully.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-(void) strchr;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- # This test program should compile successfully.
- # No library function is consistently available on
- # freestanding implementations, so test against a dummy
- # declaration. Include always-available headers on the
- # off chance that they somehow elicit warnings.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <float.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stddef.h>
-extern void ac_decl (int, char *);
-
-int
-main (void)
-{
-(void) ac_decl (0, (char *) 0);
- (void) ac_decl;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- if test x"$ac_arg" = x
-then :
- ac_cv_c_undeclared_builtin_options='none needed'
-else $as_nop
- ac_cv_c_undeclared_builtin_options=$ac_arg
-fi
- break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- done
- CFLAGS=$ac_save_CFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5
-printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; }
- case $ac_cv_c_undeclared_builtin_options in #(
- 'cannot detect') :
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot make $CC report undeclared builtins
-See \`config.log' for more details" "$LINENO" 5; } ;; #(
- 'none needed') :
- ac_c_undeclared_builtin_options='' ;; #(
- *) :
- ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;;
-esac
-
-ac_fn_check_decl "$LINENO" "O_CLOEXEC" "ac_cv_have_decl_O_CLOEXEC" "
-#ifdef HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_O_CLOEXEC" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_O_CLOEXEC $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
-
-printf "%s\n" "#define O_CLOEXEC 0" >>confdefs.h
-
-fi
-
-
- for ac_header in uuid/uuid.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "uuid/uuid.h" "ac_cv_header_uuid_uuid_h" "$ac_includes_default"
-if test "x$ac_cv_header_uuid_uuid_h" = xyes
-then :
- printf "%s\n" "#define HAVE_UUID_UUID_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need the uuid library." "$LINENO" 5
-fi
-
-done
-ac_fn_c_check_header_compile "$LINENO" "libdevmapper.h" "ac_cv_header_libdevmapper_h" "$ac_includes_default"
-if test "x$ac_cv_header_libdevmapper_h" = xyes
-then :
-
-else $as_nop
- as_fn_error $? "You need the device-mapper library." "$LINENO" 5
-fi
-
-
-# Check whether --enable-keyring was given.
-if test ${enable_keyring+y}
-then :
- enableval=$enable_keyring;
-else $as_nop
- enable_keyring=yes
-fi
-
-if test "x$enable_keyring" = "xyes"; then
- for ac_header in linux/keyctl.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "linux/keyctl.h" "ac_cv_header_linux_keyctl_h" "$ac_includes_default"
-if test "x$ac_cv_header_linux_keyctl_h" = xyes
-then :
- printf "%s\n" "#define HAVE_LINUX_KEYCTL_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need Linux kernel headers with kernel keyring service compiled." "$LINENO" 5
-fi
-
-done
-
- ac_fn_check_decl "$LINENO" "__NR_add_key" "ac_cv_have_decl___NR_add_key" "#include <syscall.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl___NR_add_key" = xyes
-then :
-
-else $as_nop
- as_fn_error $? "The kernel is missing add_key syscall." "$LINENO" 5
-fi
- ac_fn_check_decl "$LINENO" "__NR_keyctl" "ac_cv_have_decl___NR_keyctl" "#include <syscall.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl___NR_keyctl" = xyes
-then :
-
-else $as_nop
- as_fn_error $? "The kernel is missing keyctl syscall." "$LINENO" 5
-fi
- ac_fn_check_decl "$LINENO" "__NR_request_key" "ac_cv_have_decl___NR_request_key" "#include <syscall.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl___NR_request_key" = xyes
-then :
-
-else $as_nop
- as_fn_error $? "The kernel is missing request_key syscall." "$LINENO" 5
-fi
-
- ac_fn_c_check_type "$LINENO" "key_serial_t" "ac_cv_type_key_serial_t" "
- $ac_includes_default
- #ifdef HAVE_LINUX_KEYCTL_H
- # include <linux/keyctl.h>
- #endif
-
-"
-if test "x$ac_cv_type_key_serial_t" = xyes
-then :
-
-printf "%s\n" "#define HAVE_KEY_SERIAL_T 1" >>confdefs.h
-
-
-fi
-
-
-
-printf "%s\n" "#define KERNEL_KEYRING 1" >>confdefs.h
-
-fi
- if test "x$enable_keyring" = "xyes"; then
- KERNEL_KEYRING_TRUE=
- KERNEL_KEYRING_FALSE='#'
-else
- KERNEL_KEYRING_TRUE='#'
- KERNEL_KEYRING_FALSE=
-fi
-
-
-saved_LIBS=$LIBS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uuid_clear in -luuid" >&5
-printf %s "checking for uuid_clear in -luuid... " >&6; }
-if test ${ac_cv_lib_uuid_uuid_clear+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-luuid $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char uuid_clear ();
-int
-main (void)
-{
-return uuid_clear ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_uuid_uuid_clear=yes
-else $as_nop
- ac_cv_lib_uuid_uuid_clear=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_uuid_uuid_clear" >&5
-printf "%s\n" "$ac_cv_lib_uuid_uuid_clear" >&6; }
-if test "x$ac_cv_lib_uuid_uuid_clear" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBUUID 1" >>confdefs.h
-
- LIBS="-luuid $LIBS"
-
-else $as_nop
- as_fn_error $? "You need the uuid library." "$LINENO" 5
-fi
-
-UUID_LIBS=$LIBS
-
-LIBS=$saved_LIBS
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
-printf %s "checking for library containing clock_gettime... " >&6; }
-if test ${ac_cv_search_clock_gettime+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char clock_gettime ();
-int
-main (void)
-{
-return clock_gettime ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' rt posix4
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_clock_gettime=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_clock_gettime+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_clock_gettime+y}
-then :
-
-else $as_nop
- ac_cv_search_clock_gettime=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
-printf "%s\n" "$ac_cv_search_clock_gettime" >&6; }
-ac_res=$ac_cv_search_clock_gettime
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
-ac_fn_c_check_func "$LINENO" "posix_memalign" "ac_cv_func_posix_memalign"
-if test "x$ac_cv_func_posix_memalign" = xyes
-then :
- printf "%s\n" "#define HAVE_POSIX_MEMALIGN 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "clock_gettime" "ac_cv_func_clock_gettime"
-if test "x$ac_cv_func_clock_gettime" = xyes
-then :
- printf "%s\n" "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "posix_fallocate" "ac_cv_func_posix_fallocate"
-if test "x$ac_cv_func_posix_fallocate" = xyes
-then :
- printf "%s\n" "#define HAVE_POSIX_FALLOCATE 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero"
-if test "x$ac_cv_func_explicit_bzero" = xyes
-then :
- printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h
-
-fi
-
-
-if test "x$enable_largefile" = "xno"; then
- as_fn_error $? "Building with --disable-largefile is not supported, it can cause data corruption." "$LINENO" 5
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-printf %s "checking for an ANSI C-conforming const... " >&6; }
-if test ${ac_cv_c_const+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* IBM XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_const=yes
-else $as_nop
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-printf "%s\n" "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-printf "%s\n" "#define const /**/" >>confdefs.h
-
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
-printf %s "checking whether byte ordering is bigendian... " >&6; }
-if test ${ac_cv_c_bigendian+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_c_bigendian=unknown
- # See if we're dealing with a universal compiler.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifndef __APPLE_CC__
- not a universal capable compiler
- #endif
- typedef int dummy;
-
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
- # Check for potential -arch flags. It is not universal unless
- # there are at least two -arch flags with different values.
- ac_arch=
- ac_prev=
- for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
- if test -n "$ac_prev"; then
- case $ac_word in
- i?86 | x86_64 | ppc | ppc64)
- if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
- ac_arch=$ac_word
- else
- ac_cv_c_bigendian=universal
- break
- fi
- ;;
- esac
- ac_prev=
- elif test "x$ac_word" = "x-arch"; then
- ac_prev=arch
- fi
- done
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- if test $ac_cv_c_bigendian = unknown; then
- # See if sys/param.h defines the BYTE_ORDER macro.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- #include <sys/param.h>
-
-int
-main (void)
-{
-#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
- && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
- && LITTLE_ENDIAN)
- bogus endian macros
- #endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- # It does; now see whether it defined to BIG_ENDIAN or not.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- #include <sys/param.h>
-
-int
-main (void)
-{
-#if BYTE_ORDER != BIG_ENDIAN
- not big endian
- #endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_bigendian=yes
-else $as_nop
- ac_cv_c_bigendian=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
- if test $ac_cv_c_bigendian = unknown; then
- # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <limits.h>
-
-int
-main (void)
-{
-#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
- bogus endian macros
- #endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- # It does; now see whether it defined to _BIG_ENDIAN or not.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <limits.h>
-
-int
-main (void)
-{
-#ifndef _BIG_ENDIAN
- not big endian
- #endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_bigendian=yes
-else $as_nop
- ac_cv_c_bigendian=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- fi
- if test $ac_cv_c_bigendian = unknown; then
- # Compile a test program.
- if test "$cross_compiling" = yes
-then :
- # Try to guess by grepping values from an object file.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-unsigned short int ascii_mm[] =
- { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
- unsigned short int ascii_ii[] =
- { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
- int use_ascii (int i) {
- return ascii_mm[i] + ascii_ii[i];
- }
- unsigned short int ebcdic_ii[] =
- { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
- unsigned short int ebcdic_mm[] =
- { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
- int use_ebcdic (int i) {
- return ebcdic_mm[i] + ebcdic_ii[i];
- }
- extern int foo;
-
-int
-main (void)
-{
-return use_ascii (foo) == use_ebcdic (foo);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
- ac_cv_c_bigendian=yes
- fi
- if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
- if test "$ac_cv_c_bigendian" = unknown; then
- ac_cv_c_bigendian=no
- else
- # finding both strings is unlikely to happen, but who knows?
- ac_cv_c_bigendian=unknown
- fi
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_includes_default
-int
-main (void)
-{
-
- /* Are we little or big endian? From Harbison&Steele. */
- union
- {
- long int l;
- char c[sizeof (long int)];
- } u;
- u.l = 1;
- return u.c[sizeof (long int) - 1] == 1;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"
-then :
- ac_cv_c_bigendian=no
-else $as_nop
- ac_cv_c_bigendian=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
-printf "%s\n" "$ac_cv_c_bigendian" >&6; }
- case $ac_cv_c_bigendian in #(
- yes)
- printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h
-;; #(
- no)
- ;; #(
- universal)
-
-printf "%s\n" "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
-
- ;; #(
- *)
- as_fn_error $? "unknown endianness
- presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
- esac
-
-ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default"
-if test "x$ac_cv_type_off_t" = xyes
-then :
-
-else $as_nop
-
-printf "%s\n" "#define off_t long int" >>confdefs.h
-
-fi
-
-# Check whether --enable-largefile was given.
-if test ${enable_largefile+y}
-then :
- enableval=$enable_largefile;
-fi
-
-if test "$enable_largefile" != no; then
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5
-printf %s "checking for special C compiler options needed for large files... " >&6; }
-if test ${ac_cv_sys_largefile_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_sys_largefile_CC=no
- if test "$GCC" != yes; then
- ac_save_CC=$CC
- while :; do
- # IRIX 6.2 and later do not support large files by default,
- # so use the C compiler's -n32 option if that helps.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- if ac_fn_c_try_compile "$LINENO"
-then :
- break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- CC="$CC -n32"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_sys_largefile_CC=' -n32'; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- break
- done
- CC=$ac_save_CC
- rm -f conftest.$ac_ext
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5
-printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; }
- if test "$ac_cv_sys_largefile_CC" != no; then
- CC=$CC$ac_cv_sys_largefile_CC
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; }
-if test ${ac_cv_sys_file_offset_bits+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- while :; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_sys_file_offset_bits=no; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#define _FILE_OFFSET_BITS 64
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_sys_file_offset_bits=64; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_cv_sys_file_offset_bits=unknown
- break
-done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5
-printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; }
-case $ac_cv_sys_file_offset_bits in #(
- no | unknown) ;;
- *)
-printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h
-;;
-esac
-rm -rf conftest*
- if test $ac_cv_sys_file_offset_bits = unknown; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5
-printf %s "checking for _LARGE_FILES value needed for large files... " >&6; }
-if test ${ac_cv_sys_large_files+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- while :; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_sys_large_files=no; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#define _LARGE_FILES 1
-#include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_sys_large_files=1; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_cv_sys_large_files=unknown
- break
-done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5
-printf "%s\n" "$ac_cv_sys_large_files" >&6; }
-case $ac_cv_sys_large_files in #(
- no | unknown) ;;
- *)
-printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h
-;;
-esac
-rm -rf conftest*
- fi
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
-printf %s "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
-if test ${ac_cv_sys_largefile_source+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- while :; do
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sys/types.h> /* for off_t */
- #include <stdio.h>
-int
-main (void)
-{
-int (*fp) (FILE *, off_t, int) = fseeko;
- return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_sys_largefile_source=no; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#define _LARGEFILE_SOURCE 1
-#include <sys/types.h> /* for off_t */
- #include <stdio.h>
-int
-main (void)
-{
-int (*fp) (FILE *, off_t, int) = fseeko;
- return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_sys_largefile_source=1; break
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_cv_sys_largefile_source=unknown
- break
-done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
-printf "%s\n" "$ac_cv_sys_largefile_source" >&6; }
-case $ac_cv_sys_largefile_source in #(
- no | unknown) ;;
- *)
-printf "%s\n" "#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source" >>confdefs.h
-;;
-esac
-rm -rf conftest*
-
-# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
-# in glibc 2.1.3, but that breaks too many other things.
-# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
-if test $ac_cv_sys_largefile_source != unknown; then
-
-printf "%s\n" "#define HAVE_FSEEKO 1" >>confdefs.h
-
-fi
-
-if test $ac_cv_c_compiler_gnu = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5
-printf %s "checking whether $CC needs -traditional... " >&6; }
-if test ${ac_cv_prog_gcc_traditional+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_pattern="Autoconf.*'x'"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <sgtty.h>
-Autoconf TIOCGETP
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "$ac_pattern" >/dev/null 2>&1
-then :
- ac_cv_prog_gcc_traditional=yes
-else $as_nop
- ac_cv_prog_gcc_traditional=no
-fi
-rm -rf conftest*
-
-
- if test $ac_cv_prog_gcc_traditional = no; then
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <termio.h>
-Autoconf TCGETA
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "$ac_pattern" >/dev/null 2>&1
-then :
- ac_cv_prog_gcc_traditional=yes
-fi
-rm -rf conftest*
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5
-printf "%s\n" "$ac_cv_prog_gcc_traditional" >&6; }
- if test $ac_cv_prog_gcc_traditional = yes; then
- CC="$CC -traditional"
- fi
-fi
-
-ac_fn_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_strerror_r" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_STRERROR_R $ac_have_decl" >>confdefs.h
-
-
-if test $ac_cv_have_decl_strerror_r = yes; then
- # For backward compatibility's sake, define HAVE_STRERROR_R.
- # (We used to run AC_CHECK_FUNCS_ONCE for strerror_r, as well
- # as AC_CHECK_DECLS_ONCE.)
-
-printf "%s\n" "#define HAVE_STRERROR_R 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5
-printf %s "checking whether strerror_r returns char *... " >&6; }
-if test ${ac_cv_func_strerror_r_char_p+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- ac_cv_func_strerror_r_char_p=no
- if test $ac_cv_have_decl_strerror_r = yes; then
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-int
-main (void)
-{
-
- char buf[100];
- char x = *strerror_r (0, buf, sizeof buf);
- char *p = strerror_r (0, buf, sizeof buf);
- return !p || x;
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_func_strerror_r_char_p=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
- fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5
-printf "%s\n" "$ac_cv_func_strerror_r_char_p" >&6; }
-if test $ac_cv_func_strerror_r_char_p = yes; then
-
-printf "%s\n" "#define STRERROR_R_CHAR_P 1" >>confdefs.h
-
-fi
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5
-printf %s "checking whether NLS is requested... " >&6; }
- # Check whether --enable-nls was given.
-if test ${enable_nls+y}
-then :
- enableval=$enable_nls; USE_NLS=$enableval
-else $as_nop
- USE_NLS=yes
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
-printf "%s\n" "$USE_NLS" >&6; }
-
-
-
-
- GETTEXT_MACRO_VERSION=0.18
-
-
-
-
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conf$$.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conf$$.file
-if test -x conf$$.file >/dev/null 2>&1; then
- ac_executable_p="test -x"
-else
- ac_executable_p="test -f"
-fi
-rm -f conf$$.file
-
-# Extract the first word of "msgfmt", so it can be a program name with args.
-set dummy msgfmt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_MSGFMT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case "$MSGFMT" in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path.
- ;;
- *)
- ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$ac_save_IFS"
- test -z "$ac_dir" && ac_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
- echo "$as_me: trying $ac_dir/$ac_word..." >&5
- if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 &&
- (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
- ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext"
- break 2
- fi
- fi
- done
- done
- IFS="$ac_save_IFS"
- test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":"
- ;;
-esac
-fi
-MSGFMT="$ac_cv_path_MSGFMT"
-if test "$MSGFMT" != ":"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5
-printf "%s\n" "$MSGFMT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- # Extract the first word of "gmsgfmt", so it can be a program name with args.
-set dummy gmsgfmt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_GMSGFMT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $GMSGFMT in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_GMSGFMT="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT"
- ;;
-esac
-fi
-GMSGFMT=$ac_cv_path_GMSGFMT
-if test -n "$GMSGFMT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5
-printf "%s\n" "$GMSGFMT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
- case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
- *) MSGFMT_015=$MSGFMT ;;
- esac
-
- case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
- *) GMSGFMT_015=$GMSGFMT ;;
- esac
-
-
-
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conf$$.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conf$$.file
-if test -x conf$$.file >/dev/null 2>&1; then
- ac_executable_p="test -x"
-else
- ac_executable_p="test -f"
-fi
-rm -f conf$$.file
-
-# Extract the first word of "xgettext", so it can be a program name with args.
-set dummy xgettext; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_XGETTEXT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case "$XGETTEXT" in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path.
- ;;
- *)
- ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$ac_save_IFS"
- test -z "$ac_dir" && ac_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
- echo "$as_me: trying $ac_dir/$ac_word..." >&5
- if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 &&
- (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
- ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext"
- break 2
- fi
- fi
- done
- done
- IFS="$ac_save_IFS"
- test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":"
- ;;
-esac
-fi
-XGETTEXT="$ac_cv_path_XGETTEXT"
-if test "$XGETTEXT" != ":"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5
-printf "%s\n" "$XGETTEXT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- rm -f messages.po
-
- case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
- *) XGETTEXT_015=$XGETTEXT ;;
- esac
-
-
-
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conf$$.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conf$$.file
-if test -x conf$$.file >/dev/null 2>&1; then
- ac_executable_p="test -x"
-else
- ac_executable_p="test -f"
-fi
-rm -f conf$$.file
-
-# Extract the first word of "msgmerge", so it can be a program name with args.
-set dummy msgmerge; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_MSGMERGE+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case "$MSGMERGE" in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path.
- ;;
- *)
- ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$ac_save_IFS"
- test -z "$ac_dir" && ac_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
- echo "$as_me: trying $ac_dir/$ac_word..." >&5
- if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then
- ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext"
- break 2
- fi
- fi
- done
- done
- IFS="$ac_save_IFS"
- test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":"
- ;;
-esac
-fi
-MSGMERGE="$ac_cv_path_MSGMERGE"
-if test "$MSGMERGE" != ":"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5
-printf "%s\n" "$MSGMERGE" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$localedir" || localedir='${datadir}/locale'
-
-
- test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
-
-
- ac_config_commands="$ac_config_commands po-directories"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5
-printf %s "checking for CFPreferencesCopyAppValue... " >&6; }
-if test ${gt_cv_func_CFPreferencesCopyAppValue+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- gt_save_LIBS="$LIBS"
- LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <CoreFoundation/CFPreferences.h>
-int
-main (void)
-{
-CFPreferencesCopyAppValue(NULL, NULL)
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- gt_cv_func_CFPreferencesCopyAppValue=yes
-else $as_nop
- gt_cv_func_CFPreferencesCopyAppValue=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LIBS="$gt_save_LIBS"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5
-printf "%s\n" "$gt_cv_func_CFPreferencesCopyAppValue" >&6; }
- if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
-
-printf "%s\n" "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h
-
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5
-printf %s "checking for CFLocaleCopyCurrent... " >&6; }
-if test ${gt_cv_func_CFLocaleCopyCurrent+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- gt_save_LIBS="$LIBS"
- LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <CoreFoundation/CFLocale.h>
-int
-main (void)
-{
-CFLocaleCopyCurrent();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- gt_cv_func_CFLocaleCopyCurrent=yes
-else $as_nop
- gt_cv_func_CFLocaleCopyCurrent=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LIBS="$gt_save_LIBS"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5
-printf "%s\n" "$gt_cv_func_CFLocaleCopyCurrent" >&6; }
- if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
-
-printf "%s\n" "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h
-
- fi
- INTL_MACOSX_LIBS=
- if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
- INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
- fi
-
-
-
-
-
-
- LIBINTL=
- LTLIBINTL=
- POSUB=
-
- case " $gt_needs " in
- *" need-formatstring-macros "*) gt_api_version=3 ;;
- *" need-ngettext "*) gt_api_version=2 ;;
- *) gt_api_version=1 ;;
- esac
- gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
- gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
-
- if test "$USE_NLS" = "yes"; then
- gt_use_preinstalled_gnugettext=no
-
-
- if test $gt_api_version -ge 3; then
- gt_revision_test_code='
-#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
-#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
-#endif
-typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
-'
- else
- gt_revision_test_code=
- fi
- if test $gt_api_version -ge 2; then
- gt_expression_test_code=' + * ngettext ("", "", 0)'
- else
- gt_expression_test_code=
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5
-printf %s "checking for GNU gettext in libc... " >&6; }
-if eval test \${$gt_func_gnugettext_libc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern int *_nl_domain_bindings;
-
-int
-main (void)
-{
-
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$gt_func_gnugettext_libc=yes"
-else $as_nop
- eval "$gt_func_gnugettext_libc=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$gt_func_gnugettext_libc
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
-
- if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
-
-
-
-
-
- am_save_CPPFLAGS="$CPPFLAGS"
-
- for element in $INCICONV; do
- haveit=
- for x in $CPPFLAGS; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X$element"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
- fi
- done
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5
-printf %s "checking for iconv... " >&6; }
-if test ${am_cv_func_iconv+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- am_cv_func_iconv="no, consider installing GNU libiconv"
- am_cv_lib_iconv=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdlib.h>
-#include <iconv.h>
-
-int
-main (void)
-{
-iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- am_cv_func_iconv=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test "$am_cv_func_iconv" != yes; then
- am_save_LIBS="$LIBS"
- LIBS="$LIBS $LIBICONV"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <stdlib.h>
-#include <iconv.h>
-
-int
-main (void)
-{
-iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- am_cv_lib_iconv=yes
- am_cv_func_iconv=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LIBS="$am_save_LIBS"
- fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5
-printf "%s\n" "$am_cv_func_iconv" >&6; }
- if test "$am_cv_func_iconv" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5
-printf %s "checking for working iconv... " >&6; }
-if test ${am_cv_func_iconv_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- am_save_LIBS="$LIBS"
- if test $am_cv_lib_iconv = yes; then
- LIBS="$LIBS $LIBICONV"
- fi
- if test "$cross_compiling" = yes
-then :
-
- case "$host_os" in
- aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
- *) am_cv_func_iconv_works="guessing yes" ;;
- esac
-
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <iconv.h>
-#include <string.h>
-int main ()
-{
- int result = 0;
- /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
- returns. */
- {
- iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
- if (cd_utf8_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\342\202\254"; /* EURO SIGN */
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_utf8_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 1;
- iconv_close (cd_utf8_to_88591);
- }
- }
- /* Test against Solaris 10 bug: Failures are not distinguishable from
- successful returns. */
- {
- iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646");
- if (cd_ascii_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\263";
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_ascii_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 2;
- iconv_close (cd_ascii_to_88591);
- }
- }
- /* Test against AIX 6.1..7.1 bug: Buffer overrun. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304";
- static char buf[2] = { (char)0xDE, (char)0xAD };
- const char *inptr = input;
- size_t inbytesleft = 1;
- char *outptr = buf;
- size_t outbytesleft = 1;
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
- result |= 4;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#if 0 /* This bug could be worked around by the caller. */
- /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
- char buf[50];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if ((int)res > 0)
- result |= 8;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#endif
- /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
- provided. */
- if (/* Try standardized names. */
- iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
- /* Try IRIX, OSF/1 names. */
- && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
- /* Try AIX names. */
- && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
- /* Try HP-UX names. */
- && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
- result |= 16;
- return result;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"
-then :
- am_cv_func_iconv_works=yes
-else $as_nop
- am_cv_func_iconv_works=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
- LIBS="$am_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5
-printf "%s\n" "$am_cv_func_iconv_works" >&6; }
- case "$am_cv_func_iconv_works" in
- *no) am_func_iconv=no am_cv_lib_iconv=no ;;
- *) am_func_iconv=yes ;;
- esac
- else
- am_func_iconv=no am_cv_lib_iconv=no
- fi
- if test "$am_func_iconv" = yes; then
-
-printf "%s\n" "#define HAVE_ICONV 1" >>confdefs.h
-
- fi
- if test "$am_cv_lib_iconv" = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5
-printf %s "checking how to link with libiconv... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5
-printf "%s\n" "$LIBICONV" >&6; }
- else
- CPPFLAGS="$am_save_CPPFLAGS"
- LIBICONV=
- LTLIBICONV=
- fi
-
-
-
-
-
-
-
-
-
-
-
- use_additional=yes
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
-
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
-
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
-
-# Check whether --with-libintl-prefix was given.
-if test ${with_libintl_prefix+y}
-then :
- withval=$with_libintl_prefix;
- if test "X$withval" = "Xno"; then
- use_additional=no
- else
- if test "X$withval" = "X"; then
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
-
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
-
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- else
- additional_includedir="$withval/include"
- additional_libdir="$withval/$acl_libdirstem"
- if test "$acl_libdirstem2" != "$acl_libdirstem" \
- && ! test -d "$withval/$acl_libdirstem"; then
- additional_libdir="$withval/$acl_libdirstem2"
- fi
- fi
- fi
-
-fi
-
- LIBINTL=
- LTLIBINTL=
- INCINTL=
- LIBINTL_PREFIX=
- HAVE_LIBINTL=
- rpathdirs=
- ltrpathdirs=
- names_already_handled=
- names_next_round='intl '
- while test -n "$names_next_round"; do
- names_this_round="$names_next_round"
- names_next_round=
- for name in $names_this_round; do
- already_handled=
- for n in $names_already_handled; do
- if test "$n" = "$name"; then
- already_handled=yes
- break
- fi
- done
- if test -z "$already_handled"; then
- names_already_handled="$names_already_handled $name"
- uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
- eval value=\"\$HAVE_LIB$uppername\"
- if test -n "$value"; then
- if test "$value" = yes; then
- eval value=\"\$LIB$uppername\"
- test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value"
- eval value=\"\$LTLIB$uppername\"
- test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value"
- else
- :
- fi
- else
- found_dir=
- found_la=
- found_so=
- found_a=
- eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
- if test -n "$acl_shlibext"; then
- shrext=".$acl_shlibext" # typically: shrext=.so
- else
- shrext=
- fi
- if test $use_additional = yes; then
- dir="$additional_libdir"
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- for x in $LDFLAGS $LTLIBINTL; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- case "$x" in
- -L*)
- dir=`echo "X$x" | sed -e 's/^X-L//'`
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- ;;
- esac
- if test "X$found_dir" != "X"; then
- break
- fi
- done
- fi
- if test "X$found_dir" != "X"; then
- LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name"
- if test "X$found_so" != "X"; then
- if test "$enable_rpath" = no \
- || test "X$found_dir" = "X/usr/$acl_libdirstem" \
- || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
- else
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $found_dir"
- fi
- if test "$acl_hardcode_direct" = yes; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
- else
- if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $found_dir"
- fi
- else
- haveit=
- for x in $LDFLAGS $LIBINTL; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir"
- fi
- if test "$acl_hardcode_minus_L" != no; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
- else
- LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
- fi
- fi
- fi
- fi
- else
- if test "X$found_a" != "X"; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a"
- else
- LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name"
- fi
- fi
- additional_includedir=
- case "$found_dir" in
- */$acl_libdirstem | */$acl_libdirstem/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
- if test "$name" = 'intl'; then
- LIBINTL_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- */$acl_libdirstem2 | */$acl_libdirstem2/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
- if test "$name" = 'intl'; then
- LIBINTL_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- esac
- if test "X$additional_includedir" != "X"; then
- if test "X$additional_includedir" != "X/usr/include"; then
- haveit=
- if test "X$additional_includedir" = "X/usr/local/include"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- for x in $CPPFLAGS $INCINTL; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-I$additional_includedir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_includedir"; then
- INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir"
- fi
- fi
- fi
- fi
- fi
- if test -n "$found_la"; then
- save_libdir="$libdir"
- case "$found_la" in
- */* | *\\*) . "$found_la" ;;
- *) . "./$found_la" ;;
- esac
- libdir="$save_libdir"
- for dep in $dependency_libs; do
- case "$dep" in
- -L*)
- additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
- if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \
- && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then
- haveit=
- if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \
- || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- haveit=
- for x in $LDFLAGS $LIBINTL; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir"
- fi
- fi
- haveit=
- for x in $LDFLAGS $LTLIBINTL; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir"
- fi
- fi
- fi
- fi
- ;;
- -R*)
- dir=`echo "X$dep" | sed -e 's/^X-R//'`
- if test "$enable_rpath" != no; then
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $dir"
- fi
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $dir"
- fi
- fi
- ;;
- -l*)
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
- ;;
- *.la)
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
- ;;
- *)
- LIBINTL="${LIBINTL}${LIBINTL:+ }$dep"
- LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep"
- ;;
- esac
- done
- fi
- else
- LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
- LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name"
- fi
- fi
- fi
- done
- done
- if test "X$rpathdirs" != "X"; then
- if test -n "$acl_hardcode_libdir_separator"; then
- alldirs=
- for found_dir in $rpathdirs; do
- alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
- done
- acl_save_libdir="$libdir"
- libdir="$alldirs"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
- else
- for found_dir in $rpathdirs; do
- acl_save_libdir="$libdir"
- libdir="$found_dir"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
- done
- fi
- fi
- if test "X$ltrpathdirs" != "X"; then
- for found_dir in $ltrpathdirs; do
- LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir"
- done
- fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5
-printf %s "checking for GNU gettext in libintl... " >&6; }
-if eval test \${$gt_func_gnugettext_libintl+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- gt_save_CPPFLAGS="$CPPFLAGS"
- CPPFLAGS="$CPPFLAGS $INCINTL"
- gt_save_LIBS="$LIBS"
- LIBS="$LIBS $LIBINTL"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
-
-int
-main (void)
-{
-
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$gt_func_gnugettext_libintl=yes"
-else $as_nop
- eval "$gt_func_gnugettext_libintl=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
- LIBS="$LIBS $LIBICONV"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
-
-int
-main (void)
-{
-
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- LIBINTL="$LIBINTL $LIBICONV"
- LTLIBINTL="$LTLIBINTL $LTLIBICONV"
- eval "$gt_func_gnugettext_libintl=yes"
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- fi
- CPPFLAGS="$gt_save_CPPFLAGS"
- LIBS="$gt_save_LIBS"
-fi
-eval ac_res=\$$gt_func_gnugettext_libintl
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- fi
-
- if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
- || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
- && test "$PACKAGE" != gettext-runtime \
- && test "$PACKAGE" != gettext-tools; }; then
- gt_use_preinstalled_gnugettext=yes
- else
- LIBINTL=
- LTLIBINTL=
- INCINTL=
- fi
-
-
-
- if test -n "$INTL_MACOSX_LIBS"; then
- if test "$gt_use_preinstalled_gnugettext" = "yes" \
- || test "$nls_cv_use_gnu_gettext" = "yes"; then
- LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
- LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
- fi
- fi
-
- if test "$gt_use_preinstalled_gnugettext" = "yes" \
- || test "$nls_cv_use_gnu_gettext" = "yes"; then
-
-printf "%s\n" "#define ENABLE_NLS 1" >>confdefs.h
-
- else
- USE_NLS=no
- fi
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5
-printf %s "checking whether to use NLS... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
-printf "%s\n" "$USE_NLS" >&6; }
- if test "$USE_NLS" = "yes"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5
-printf %s "checking where the gettext function comes from... " >&6; }
- if test "$gt_use_preinstalled_gnugettext" = "yes"; then
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
- gt_source="external libintl"
- else
- gt_source="libc"
- fi
- else
- gt_source="included intl directory"
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5
-printf "%s\n" "$gt_source" >&6; }
- fi
-
- if test "$USE_NLS" = "yes"; then
-
- if test "$gt_use_preinstalled_gnugettext" = "yes"; then
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5
-printf %s "checking how to link with libintl... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5
-printf "%s\n" "$LIBINTL" >&6; }
-
- for element in $INCINTL; do
- haveit=
- for x in $CPPFLAGS; do
-
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- eval x=\"$x\"
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-
- if test "X$x" = "X$element"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
- fi
- done
-
- fi
-
-
-printf "%s\n" "#define HAVE_GETTEXT 1" >>confdefs.h
-
-
-printf "%s\n" "#define HAVE_DCGETTEXT 1" >>confdefs.h
-
- fi
-
- POSUB=po
- fi
-
-
-
- INTLLIBS="$LIBINTL"
-
-
-
-
-
-
-
-
-
-saved_LIBS=$LIBS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for poptConfigFileToString in -lpopt" >&5
-printf %s "checking for poptConfigFileToString in -lpopt... " >&6; }
-if test ${ac_cv_lib_popt_poptConfigFileToString+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lpopt $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char poptConfigFileToString ();
-int
-main (void)
-{
-return poptConfigFileToString ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_popt_poptConfigFileToString=yes
-else $as_nop
- ac_cv_lib_popt_poptConfigFileToString=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_popt_poptConfigFileToString" >&5
-printf "%s\n" "$ac_cv_lib_popt_poptConfigFileToString" >&6; }
-if test "x$ac_cv_lib_popt_poptConfigFileToString" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBPOPT 1" >>confdefs.h
-
- LIBS="-lpopt $LIBS"
-
-else $as_nop
- as_fn_error $? "You need popt 1.7 or newer to compile." "$LINENO" 5
-fi
-
-POPT_LIBS=$LIBS
-
-LIBS=$saved_LIBS
-
-# Check whether --enable-fips was given.
-if test ${enable_fips+y}
-then :
- enableval=$enable_fips;
-fi
-
-if test "x$enable_fips" = "xyes"; then
-
-printf "%s\n" "#define ENABLE_FIPS 1" >>confdefs.h
-
-
- if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
- as_fn_error $? "Static build is not compatible with FIPS." "$LINENO" 5
- fi
-fi
-
-
-
-# Check whether --enable-luks2-reencryption was given.
-if test ${enable_luks2_reencryption+y}
-then :
- enableval=$enable_luks2_reencryption;
-else $as_nop
- enable_luks2_reencryption=yes
-fi
-
-if test "x$enable_luks2_reencryption" = "xyes"; then
-
-printf "%s\n" "#define USE_LUKS2_REENCRYPTION 1" >>confdefs.h
-
-fi
-
-# Check whether --enable-pwquality was given.
-if test ${enable_pwquality+y}
-then :
- enableval=$enable_pwquality;
-fi
-
-
-if test "x$enable_pwquality" = "xyes"; then
-
-printf "%s\n" "#define ENABLE_PWQUALITY 1" >>confdefs.h
-
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pwquality >= 1.0.0" >&5
-printf %s "checking for pwquality >= 1.0.0... " >&6; }
-
-if test -n "$PWQUALITY_CFLAGS"; then
- pkg_cv_PWQUALITY_CFLAGS="$PWQUALITY_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5
- ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_PWQUALITY_CFLAGS=`$PKG_CONFIG --cflags "pwquality >= 1.0.0" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$PWQUALITY_LIBS"; then
- pkg_cv_PWQUALITY_LIBS="$PWQUALITY_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"pwquality >= 1.0.0\""; } >&5
- ($PKG_CONFIG --exists --print-errors "pwquality >= 1.0.0") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_PWQUALITY_LIBS=`$PKG_CONFIG --libs "pwquality >= 1.0.0" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1`
- else
- PWQUALITY_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "pwquality >= 1.0.0" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$PWQUALITY_PKG_ERRORS" >&5
-
- as_fn_error $? "You need pwquality library." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "You need pwquality library." "$LINENO" 5
-else
- PWQUALITY_CFLAGS=$pkg_cv_PWQUALITY_CFLAGS
- PWQUALITY_LIBS=$pkg_cv_PWQUALITY_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
-
- PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
-fi
-
-# Check whether --enable-passwdqc was given.
-if test ${enable_passwdqc+y}
-then :
- enableval=$enable_passwdqc;
-fi
-
-
-case "$enable_passwdqc" in
- ""|yes|no) use_passwdqc_config="" ;;
- /*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;;
- *) as_fn_error $? "Unrecognized --enable-passwdqc parameter." "$LINENO" 5 ;;
-esac
-
-printf "%s\n" "#define PASSWDQC_CONFIG_FILE \"$use_passwdqc_config\"" >>confdefs.h
-
-
-if test "x$enable_passwdqc" = "xyes"; then
-
-printf "%s\n" "#define ENABLE_PASSWDQC 1" >>confdefs.h
-
-
- saved_LIBS="$LIBS"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing passwdqc_check" >&5
-printf %s "checking for library containing passwdqc_check... " >&6; }
-if test ${ac_cv_search_passwdqc_check+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char passwdqc_check ();
-int
-main (void)
-{
-return passwdqc_check ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' passwdqc
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_passwdqc_check=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_passwdqc_check+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_passwdqc_check+y}
-then :
-
-else $as_nop
- ac_cv_search_passwdqc_check=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_passwdqc_check" >&5
-printf "%s\n" "$ac_cv_search_passwdqc_check" >&6; }
-ac_res=$ac_cv_search_passwdqc_check
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-fi
-
- case "$ac_cv_search_passwdqc_check" in
- no) as_fn_error $? "failed to find passwdqc_check" "$LINENO" 5 ;;
- -l*) PASSWDQC_LIBS="$ac_cv_search_passwdqc_check" ;;
- *) PASSWDQC_LIBS= ;;
- esac
- ac_fn_c_check_func "$LINENO" "passwdqc_params_free" "ac_cv_func_passwdqc_params_free"
-if test "x$ac_cv_func_passwdqc_params_free" = xyes
-then :
- printf "%s\n" "#define HAVE_PASSWDQC_PARAMS_FREE 1" >>confdefs.h
-
-fi
-
- LIBS="$saved_LIBS"
-fi
-
-if test "x$enable_pwquality$enable_passwdqc" = "xyesyes"; then
- as_fn_error $? "--enable-pwquality and --enable-passwdqc are mutually incompatible." "$LINENO" 5
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-saved_LIBS=$LIBS
-
-# Check whether --enable-static-cryptsetup was given.
-if test ${enable_static_cryptsetup+y}
-then :
- enableval=$enable_static_cryptsetup;
-fi
-
-if test "x$enable_static_cryptsetup" = "xyes"; then
- if test "x$enable_static" = "xno"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Requested static cryptsetup build, enabling static library." >&5
-printf "%s\n" "$as_me: WARNING: Requested static cryptsetup build, enabling static library." >&2;}
- enable_static=yes
- fi
-fi
- if test "x$enable_static_cryptsetup" = "xyes"; then
- STATIC_TOOLS_TRUE=
- STATIC_TOOLS_FALSE='#'
-else
- STATIC_TOOLS_TRUE='#'
- STATIC_TOOLS_FALSE=
-fi
-
-
-# Check whether --enable-cryptsetup was given.
-if test ${enable_cryptsetup+y}
-then :
- enableval=$enable_cryptsetup;
-else $as_nop
- enable_cryptsetup=yes
-fi
-
- if test "x$enable_cryptsetup" = "xyes"; then
- CRYPTSETUP_TRUE=
- CRYPTSETUP_FALSE='#'
-else
- CRYPTSETUP_TRUE='#'
- CRYPTSETUP_FALSE=
-fi
-
-
-# Check whether --enable-veritysetup was given.
-if test ${enable_veritysetup+y}
-then :
- enableval=$enable_veritysetup;
-else $as_nop
- enable_veritysetup=yes
-fi
-
- if test "x$enable_veritysetup" = "xyes"; then
- VERITYSETUP_TRUE=
- VERITYSETUP_FALSE='#'
-else
- VERITYSETUP_TRUE='#'
- VERITYSETUP_FALSE=
-fi
-
-
-# Check whether --enable-cryptsetup-reencrypt was given.
-if test ${enable_cryptsetup_reencrypt+y}
-then :
- enableval=$enable_cryptsetup_reencrypt;
-else $as_nop
- enable_cryptsetup_reencrypt=yes
-fi
-
- if test "x$enable_cryptsetup_reencrypt" = "xyes"; then
- REENCRYPT_TRUE=
- REENCRYPT_FALSE='#'
-else
- REENCRYPT_TRUE='#'
- REENCRYPT_FALSE=
-fi
-
-
-# Check whether --enable-integritysetup was given.
-if test ${enable_integritysetup+y}
-then :
- enableval=$enable_integritysetup;
-else $as_nop
- enable_integritysetup=yes
-fi
-
- if test "x$enable_integritysetup" = "xyes"; then
- INTEGRITYSETUP_TRUE=
- INTEGRITYSETUP_FALSE='#'
-else
- INTEGRITYSETUP_TRUE='#'
- INTEGRITYSETUP_FALSE=
-fi
-
-
-# Check whether --enable-selinux was given.
-if test ${enable_selinux+y}
-then :
- enableval=$enable_selinux;
-else $as_nop
- enable_selinux=yes
-fi
-
-
-# Check whether --enable-udev was given.
-if test ${enable_udev+y}
-then :
- enableval=$enable_udev;
-else $as_nop
- enable_udev=yes
-fi
-
-
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for devmapper >= 1.02.03" >&5
-printf %s "checking for devmapper >= 1.02.03... " >&6; }
-
-if test -n "$DEVMAPPER_CFLAGS"; then
- pkg_cv_DEVMAPPER_CFLAGS="$DEVMAPPER_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5
- ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_DEVMAPPER_CFLAGS=`$PKG_CONFIG --cflags "devmapper >= 1.02.03" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$DEVMAPPER_LIBS"; then
- pkg_cv_DEVMAPPER_LIBS="$DEVMAPPER_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.03\""; } >&5
- ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.03") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_DEVMAPPER_LIBS=`$PKG_CONFIG --libs "devmapper >= 1.02.03" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1`
- else
- DEVMAPPER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "devmapper >= 1.02.03" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$DEVMAPPER_PKG_ERRORS" >&5
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5
-printf %s "checking for dm_task_set_name in -ldevmapper... " >&6; }
-if test ${ac_cv_lib_devmapper_dm_task_set_name+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldevmapper $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dm_task_set_name ();
-int
-main (void)
-{
-return dm_task_set_name ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_devmapper_dm_task_set_name=yes
-else $as_nop
- ac_cv_lib_devmapper_dm_task_set_name=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5
-printf "%s\n" "$ac_cv_lib_devmapper_dm_task_set_name" >&6; }
-if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBDEVMAPPER 1" >>confdefs.h
-
- LIBS="-ldevmapper $LIBS"
-
-else $as_nop
- as_fn_error $? "You need the device-mapper library." "$LINENO" 5
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5
-printf %s "checking for dm_task_set_message in -ldevmapper... " >&6; }
-if test ${ac_cv_lib_devmapper_dm_task_set_message+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldevmapper $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dm_task_set_message ();
-int
-main (void)
-{
-return dm_task_set_message ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_devmapper_dm_task_set_message=yes
-else $as_nop
- ac_cv_lib_devmapper_dm_task_set_message=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5
-printf "%s\n" "$ac_cv_lib_devmapper_dm_task_set_message" >&6; }
-if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBDEVMAPPER 1" >>confdefs.h
-
- LIBS="-ldevmapper $LIBS"
-
-else $as_nop
- as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5
-fi
-
- DEVMAPPER_LIBS=$LIBS
-
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_name in -ldevmapper" >&5
-printf %s "checking for dm_task_set_name in -ldevmapper... " >&6; }
-if test ${ac_cv_lib_devmapper_dm_task_set_name+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldevmapper $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dm_task_set_name ();
-int
-main (void)
-{
-return dm_task_set_name ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_devmapper_dm_task_set_name=yes
-else $as_nop
- ac_cv_lib_devmapper_dm_task_set_name=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_name" >&5
-printf "%s\n" "$ac_cv_lib_devmapper_dm_task_set_name" >&6; }
-if test "x$ac_cv_lib_devmapper_dm_task_set_name" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBDEVMAPPER 1" >>confdefs.h
-
- LIBS="-ldevmapper $LIBS"
-
-else $as_nop
- as_fn_error $? "You need the device-mapper library." "$LINENO" 5
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_message in -ldevmapper" >&5
-printf %s "checking for dm_task_set_message in -ldevmapper... " >&6; }
-if test ${ac_cv_lib_devmapper_dm_task_set_message+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldevmapper $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dm_task_set_message ();
-int
-main (void)
-{
-return dm_task_set_message ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_devmapper_dm_task_set_message=yes
-else $as_nop
- ac_cv_lib_devmapper_dm_task_set_message=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_message" >&5
-printf "%s\n" "$ac_cv_lib_devmapper_dm_task_set_message" >&6; }
-if test "x$ac_cv_lib_devmapper_dm_task_set_message" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBDEVMAPPER 1" >>confdefs.h
-
- LIBS="-ldevmapper $LIBS"
-
-else $as_nop
- as_fn_error $? "The device-mapper library on your system is too old." "$LINENO" 5
-fi
-
- DEVMAPPER_LIBS=$LIBS
-
-else
- DEVMAPPER_CFLAGS=$pkg_cv_DEVMAPPER_CFLAGS
- DEVMAPPER_LIBS=$pkg_cv_DEVMAPPER_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
-LIBS=$saved_LIBS
-
-LIBS="$LIBS $DEVMAPPER_LIBS"
-ac_fn_check_decl "$LINENO" "dm_task_secure_data" "ac_cv_have_decl_dm_task_secure_data" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_task_secure_data" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_TASK_SECURE_DATA $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "dm_task_retry_remove" "ac_cv_have_decl_dm_task_retry_remove" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_task_retry_remove" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_TASK_RETRY_REMOVE $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "dm_task_deferred_remove" "ac_cv_have_decl_dm_task_deferred_remove" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_task_deferred_remove" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_TASK_DEFERRED_REMOVE $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "dm_device_has_mounted_fs" "ac_cv_have_decl_dm_device_has_mounted_fs" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_device_has_mounted_fs" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_DEVICE_HAS_MOUNTED_FS $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "dm_device_has_holders" "ac_cv_have_decl_dm_device_has_holders" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_device_has_holders" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_DEVICE_HAS_HOLDERS $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "dm_device_get_name" "ac_cv_have_decl_dm_device_get_name" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_dm_device_get_name" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_DEVICE_GET_NAME $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "DM_DEVICE_GET_TARGET_VERSION" "ac_cv_have_decl_DM_DEVICE_GET_TARGET_VERSION" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_DM_DEVICE_GET_TARGET_VERSION" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_DEVICE_GET_TARGET_VERSION $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "DM_UDEV_DISABLE_DISK_RULES_FLAG" "ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" "#include <libdevmapper.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_DM_UDEV_DISABLE_DISK_RULES_FLAG" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
- have_cookie=yes
-else $as_nop
- have_cookie=no
-fi
-
-if test "x$enable_udev" = xyes; then
- if test "x$have_cookie" = xno; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&5
-printf "%s\n" "$as_me: WARNING: The device-mapper library on your system has no udev support, udev support disabled." >&2;}
- else
-
-printf "%s\n" "#define USE_UDEV 1" >>confdefs.h
-
- fi
-fi
-LIBS=$saved_LIBS
-
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for json-c" >&5
-printf %s "checking for json-c... " >&6; }
-
-if test -n "$JSON_C_CFLAGS"; then
- pkg_cv_JSON_C_CFLAGS="$JSON_C_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5
- ($PKG_CONFIG --exists --print-errors "json-c") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_JSON_C_CFLAGS=`$PKG_CONFIG --cflags "json-c" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$JSON_C_LIBS"; then
- pkg_cv_JSON_C_LIBS="$JSON_C_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"json-c\""; } >&5
- ($PKG_CONFIG --exists --print-errors "json-c") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_JSON_C_LIBS=`$PKG_CONFIG --libs "json-c" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- JSON_C_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "json-c" 2>&1`
- else
- JSON_C_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "json-c" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$JSON_C_PKG_ERRORS" >&5
-
- as_fn_error $? "Package requirements (json-c) were not met:
-
-$JSON_C_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables JSON_C_CFLAGS
-and JSON_C_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables JSON_C_CFLAGS
-and JSON_C_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
- JSON_C_CFLAGS=$pkg_cv_JSON_C_CFLAGS
- JSON_C_LIBS=$pkg_cv_JSON_C_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
-ac_fn_check_decl "$LINENO" "json_object_object_add_ex" "ac_cv_have_decl_json_object_object_add_ex" "#include <json-c/json.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_json_object_object_add_ex" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_JSON_OBJECT_OBJECT_ADD_EX $ac_have_decl" >>confdefs.h
-
-ac_fn_check_decl "$LINENO" "json_object_deep_copy" "ac_cv_have_decl_json_object_deep_copy" "#include <json-c/json.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_json_object_deep_copy" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_JSON_OBJECT_DEEP_COPY $ac_have_decl" >>confdefs.h
-
-
-
-# Check whether --with-crypto_backend was given.
-if test ${with_crypto_backend+y}
-then :
- withval=$with_crypto_backend;
-else $as_nop
- with_crypto_backend=openssl
-fi
-
-
-# Check whether --enable-kernel_crypto was given.
-if test ${enable_kernel_crypto+y}
-then :
- enableval=$enable_kernel_crypto;
-else $as_nop
- enable_kernel_crypto=yes
-fi
-
-
-if test "x$enable_kernel_crypto" = "xyes"; then
- for ac_header in linux/if_alg.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "linux/if_alg.h" "ac_cv_header_linux_if_alg_h" "$ac_includes_default"
-if test "x$ac_cv_header_linux_if_alg_h" = xyes
-then :
- printf "%s\n" "#define HAVE_LINUX_IF_ALG_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)" "$LINENO" 5
-fi
-
-done
-
-printf "%s\n" "#define ENABLE_AF_ALG 1" >>confdefs.h
-
-fi
-
-case $with_crypto_backend in
- gcrypt)
- if test "x$enable_fips" = "xyes"; then
- GCRYPT_REQ_VERSION=1.4.5
- else
- GCRYPT_REQ_VERSION=1.1.42
- fi
-
-
- # Check whether --enable-gcrypt-pbkdf2 was given.
-if test ${enable_gcrypt_pbkdf2+y}
-then :
- enableval=$enable_gcrypt_pbkdf2; if test "x$enableval" = "xyes"; then
- use_internal_pbkdf2=0
- else
- use_internal_pbkdf2=1
- fi
-else $as_nop
-
-
-# Check whether --with-libgcrypt-prefix was given.
-if test ${with_libgcrypt_prefix+y}
-then :
- withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval"
-else $as_nop
- libgcrypt_config_prefix=""
-fi
-
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- if test x"${libgcrypt_config_prefix}" != x ; then
- LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
- fi
- fi
-
- use_gpgrt_config=""
- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG libgcrypt --exists; then
- LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Use gpgrt-config as libgcrypt-config" >&5
-printf "%s\n" "$as_me: Use gpgrt-config as libgcrypt-config" >&6;}
- use_gpgrt_config=yes
- fi
- fi
- if test -z "$use_gpgrt_config"; then
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- case "${SYSROOT}" in
- /*)
- if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
- LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
- fi
- ;;
- '')
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5
-printf "%s\n" "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;}
- ;;
- esac
- fi
- # Extract the first word of "libgcrypt-config", so it can be a program name with args.
-set dummy libgcrypt-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_LIBGCRYPT_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $LIBGCRYPT_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_LIBGCRYPT_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no"
- ;;
-esac
-fi
-LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG
-if test -n "$LIBGCRYPT_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5
-printf "%s\n" "$LIBGCRYPT_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-
- tmp=1.6.1
- if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
- req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
- min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
- else
- req_libgcrypt_api=0
- min_libgcrypt_version="$tmp"
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5
-printf %s "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; }
- ok=no
- if test "$LIBGCRYPT_CONFIG" != "no" ; then
- req_major=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
- req_minor=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
- req_micro=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
- else
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
- fi
- major=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
- minor=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
- micro=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
- if test "$major" -gt "$req_major"; then
- ok=yes
- else
- if test "$major" -eq "$req_major"; then
- if test "$minor" -gt "$req_minor"; then
- ok=yes
- else
- if test "$minor" -eq "$req_minor"; then
- if test "$micro" -ge "$req_micro"; then
- ok=yes
- fi
- fi
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5
-printf "%s\n" "yes ($libgcrypt_config_version)" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- if test $ok = yes; then
- # If we have a recent libgcrypt, we should also check that the
- # API is compatible
- if test "$req_libgcrypt_api" -gt 0 ; then
- if test -z "$use_gpgrt_config"; then
- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
- else
- tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
- fi
- if test "$tmp" -gt 0 ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5
-printf %s "checking LIBGCRYPT API version... " >&6; }
- if test "$req_libgcrypt_api" -eq "$tmp" ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: okay" >&5
-printf "%s\n" "okay" >&6; }
- else
- ok=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5
-printf "%s\n" "does not match. want=$req_libgcrypt_api got=$tmp" >&6; }
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
- use_internal_pbkdf2=0
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
- else
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
- fi
- if test x"$libgcrypt_config_host" != xnone ; then
- if test x"$libgcrypt_config_host" != x"$host" ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** The config script \"$LIBGCRYPT_CONFIG\" was
-*** built for $libgcrypt_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&5
-printf "%s\n" "$as_me: WARNING:
-***
-*** The config script \"$LIBGCRYPT_CONFIG\" was
-*** built for $libgcrypt_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&2;}
- gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
- fi
- fi
- else
- LIBGCRYPT_CFLAGS=""
- LIBGCRYPT_LIBS=""
- use_internal_pbkdf2=1
- fi
-
-
-
-fi
-
-
-
-# Check whether --with-libgcrypt-prefix was given.
-if test ${with_libgcrypt_prefix+y}
-then :
- withval=$with_libgcrypt_prefix; libgcrypt_config_prefix="$withval"
-else $as_nop
- libgcrypt_config_prefix=""
-fi
-
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- if test x"${libgcrypt_config_prefix}" != x ; then
- LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
- fi
- fi
-
- use_gpgrt_config=""
- if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
- if $GPGRT_CONFIG libgcrypt --exists; then
- LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Use gpgrt-config as libgcrypt-config" >&5
-printf "%s\n" "$as_me: Use gpgrt-config as libgcrypt-config" >&6;}
- use_gpgrt_config=yes
- fi
- fi
- if test -z "$use_gpgrt_config"; then
- if test x"${LIBGCRYPT_CONFIG}" = x ; then
- case "${SYSROOT}" in
- /*)
- if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
- LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
- fi
- ;;
- '')
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&5
-printf "%s\n" "$as_me: WARNING: Ignoring \$SYSROOT as it is not an absolute path." >&2;}
- ;;
- esac
- fi
- # Extract the first word of "libgcrypt-config", so it can be a program name with args.
-set dummy libgcrypt-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_LIBGCRYPT_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $LIBGCRYPT_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_LIBGCRYPT_CONFIG="$LIBGCRYPT_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_LIBGCRYPT_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_path_LIBGCRYPT_CONFIG" && ac_cv_path_LIBGCRYPT_CONFIG="no"
- ;;
-esac
-fi
-LIBGCRYPT_CONFIG=$ac_cv_path_LIBGCRYPT_CONFIG
-if test -n "$LIBGCRYPT_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT_CONFIG" >&5
-printf "%s\n" "$LIBGCRYPT_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-
- tmp=$GCRYPT_REQ_VERSION
- if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
- req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
- min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
- else
- req_libgcrypt_api=0
- min_libgcrypt_version="$tmp"
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for LIBGCRYPT - version >= $min_libgcrypt_version" >&5
-printf %s "checking for LIBGCRYPT - version >= $min_libgcrypt_version... " >&6; }
- ok=no
- if test "$LIBGCRYPT_CONFIG" != "no" ; then
- req_major=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1/'`
- req_minor=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\2/'`
- req_micro=`echo $min_libgcrypt_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\3/'`
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
- else
- libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
- fi
- major=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1/'`
- minor=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\2/'`
- micro=`echo $libgcrypt_config_version | \
- sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\3/'`
- if test "$major" -gt "$req_major"; then
- ok=yes
- else
- if test "$major" -eq "$req_major"; then
- if test "$minor" -gt "$req_minor"; then
- ok=yes
- else
- if test "$minor" -eq "$req_minor"; then
- if test "$micro" -ge "$req_micro"; then
- ok=yes
- fi
- fi
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes ($libgcrypt_config_version)" >&5
-printf "%s\n" "yes ($libgcrypt_config_version)" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- if test $ok = yes; then
- # If we have a recent libgcrypt, we should also check that the
- # API is compatible
- if test "$req_libgcrypt_api" -gt 0 ; then
- if test -z "$use_gpgrt_config"; then
- tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
- else
- tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
- fi
- if test "$tmp" -gt 0 ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking LIBGCRYPT API version" >&5
-printf %s "checking LIBGCRYPT API version... " >&6; }
- if test "$req_libgcrypt_api" -eq "$tmp" ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: okay" >&5
-printf "%s\n" "okay" >&6; }
- else
- ok=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: does not match. want=$req_libgcrypt_api got=$tmp" >&5
-printf "%s\n" "does not match. want=$req_libgcrypt_api got=$tmp" >&6; }
- fi
- fi
- fi
- fi
- if test $ok = yes; then
- LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
- LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
- :
- if test -z "$use_gpgrt_config"; then
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
- else
- libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
- fi
- if test x"$libgcrypt_config_host" != xnone ; then
- if test x"$libgcrypt_config_host" != x"$host" ; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING:
-***
-*** The config script \"$LIBGCRYPT_CONFIG\" was
-*** built for $libgcrypt_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&5
-printf "%s\n" "$as_me: WARNING:
-***
-*** The config script \"$LIBGCRYPT_CONFIG\" was
-*** built for $libgcrypt_config_host and thus may not match the
-*** used host $host.
-*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script or use \$SYSROOT.
-***" >&2;}
- gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
- fi
- fi
- else
- LIBGCRYPT_CFLAGS=""
- LIBGCRYPT_LIBS=""
- as_fn_error $? "You need the gcrypt library." "$LINENO" 5
- fi
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if internal cryptsetup PBKDF2 is compiled-in" >&5
-printf %s "checking if internal cryptsetup PBKDF2 is compiled-in... " >&6; }
- if test $use_internal_pbkdf2 = 0; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
- if test "x$enable_fips" = "xyes"; then
- as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5
- fi
-
- fi
-
- ac_fn_check_decl "$LINENO" "GCRY_CIPHER_MODE_XTS" "ac_cv_have_decl_GCRY_CIPHER_MODE_XTS" "#include <gcrypt.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_GCRY_CIPHER_MODE_XTS" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_GCRY_CIPHER_MODE_XTS $ac_have_decl" >>confdefs.h
-
-
- if test "x$enable_static_cryptsetup" = "xyes"; then
- saved_LIBS=$LIBS
- LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gcry_check_version in -lgcrypt" >&5
-printf %s "checking for gcry_check_version in -lgcrypt... " >&6; }
-if test ${ac_cv_lib_gcrypt_gcry_check_version+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgcrypt -lgpg-error $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char gcry_check_version ();
-int
-main (void)
-{
-return gcry_check_version ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_gcrypt_gcry_check_version=yes
-else $as_nop
- ac_cv_lib_gcrypt_gcry_check_version=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_gcry_check_version" >&5
-printf "%s\n" "$ac_cv_lib_gcrypt_gcry_check_version" >&6; }
-if test "x$ac_cv_lib_gcrypt_gcry_check_version" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBGCRYPT 1" >>confdefs.h
-
- LIBS="-lgcrypt $LIBS"
-
-else $as_nop
- as_fn_error $? "Cannot find static gcrypt library." "$LINENO" 5
-fi
-
- LIBGCRYPT_STATIC_LIBS="$LIBGCRYPT_LIBS -lgpg-error"
- LIBS=$saved_LIBS
- fi
-
- CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
- CRYPTO_LIBS=$LIBGCRYPT_LIBS
- CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
-
-
-printf "%s\n" "#define GCRYPT_REQ_VERSION \"$GCRYPT_REQ_VERSION\"" >>confdefs.h
-
- ;;
- openssl)
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl >= 0.9.8" >&5
-printf %s "checking for openssl >= 0.9.8... " >&6; }
-
-if test -n "$OPENSSL_CFLAGS"; then
- pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5
- ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 0.9.8" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$OPENSSL_LIBS"; then
- pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5
- ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 0.9.8" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1`
- else
- OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 0.9.8" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$OPENSSL_PKG_ERRORS" >&5
-
- as_fn_error $? "You need openssl library." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "You need openssl library." "$LINENO" 5
-else
- OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS
- OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
- CRYPTO_CFLAGS=$OPENSSL_CFLAGS
- CRYPTO_LIBS=$OPENSSL_LIBS
- use_internal_pbkdf2=0
-
- if test "x$enable_static_cryptsetup" = "xyes"; then
- saved_PKG_CONFIG=$PKG_CONFIG
- PKG_CONFIG="$PKG_CONFIG --static"
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl" >&5
-printf %s "checking for openssl... " >&6; }
-
-if test -n "$OPENSSL_STATIC_CFLAGS"; then
- pkg_cv_OPENSSL_STATIC_CFLAGS="$OPENSSL_STATIC_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
- ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_OPENSSL_STATIC_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$OPENSSL_STATIC_LIBS"; then
- pkg_cv_OPENSSL_STATIC_LIBS="$OPENSSL_STATIC_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
- ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_OPENSSL_STATIC_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1`
- else
- OPENSSL_STATIC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$OPENSSL_STATIC_PKG_ERRORS" >&5
-
- as_fn_error $? "Package requirements (openssl) were not met:
-
-$OPENSSL_STATIC_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS
-and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables OPENSSL_STATIC_CFLAGS
-and OPENSSL_STATIC_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
- OPENSSL_STATIC_CFLAGS=$pkg_cv_OPENSSL_STATIC_CFLAGS
- OPENSSL_STATIC_LIBS=$pkg_cv_OPENSSL_STATIC_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
- CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS
- PKG_CONFIG=$saved_PKG_CONFIG
- fi
- ;;
- nss)
- if test "x$enable_static_cryptsetup" = "xyes"; then
- as_fn_error $? "Static build of cryptsetup is not supported with NSS." "$LINENO" 5
- fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&5
-printf "%s\n" "$as_me: WARNING: NSS backend does NOT provide backward compatibility (missing ripemd160 hash)." >&2;}
-
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for nss" >&5
-printf %s "checking for nss... " >&6; }
-
-if test -n "$NSS_CFLAGS"; then
- pkg_cv_NSS_CFLAGS="$NSS_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
- ($PKG_CONFIG --exists --print-errors "nss") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nss" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$NSS_LIBS"; then
- pkg_cv_NSS_LIBS="$NSS_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss\""; } >&5
- ($PKG_CONFIG --exists --print-errors "nss") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nss" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nss" 2>&1`
- else
- NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nss" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$NSS_PKG_ERRORS" >&5
-
- as_fn_error $? "You need nss library." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "You need nss library." "$LINENO" 5
-else
- NSS_CFLAGS=$pkg_cv_NSS_CFLAGS
- NSS_LIBS=$pkg_cv_NSS_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
-
- saved_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS $NSS_CFLAGS"
- ac_fn_check_decl "$LINENO" "NSS_GetVersion" "ac_cv_have_decl_NSS_GetVersion" "#include <nss.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_NSS_GetVersion" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_NSS_GETVERSION $ac_have_decl" >>confdefs.h
-
- CFLAGS=$saved_CFLAGS
-
- CRYPTO_CFLAGS=$NSS_CFLAGS
- CRYPTO_LIBS=$NSS_LIBS
- use_internal_pbkdf2=1
-
- if test "x$enable_fips" = "xyes"; then
- as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5
- fi
-
- ;;
- kernel)
- for ac_header in linux/if_alg.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "linux/if_alg.h" "ac_cv_header_linux_if_alg_h" "$ac_includes_default"
-if test "x$ac_cv_header_linux_if_alg_h" = xyes
-then :
- printf "%s\n" "#define HAVE_LINUX_IF_ALG_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need Linux kernel headers with userspace crypto interface." "$LINENO" 5
-fi
-
-done
-# AC_CHECK_DECLS([AF_ALG],,
-# [AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
-# [#include <sys/socket.h>])
- use_internal_pbkdf2=1
-
- if test "x$enable_fips" = "xyes"; then
- as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5
- fi
-
- ;;
- nettle)
- for ac_header in nettle/sha.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "nettle/sha.h" "ac_cv_header_nettle_sha_h" "$ac_includes_default"
-if test "x$ac_cv_header_nettle_sha_h" = xyes
-then :
- printf "%s\n" "#define HAVE_NETTLE_SHA_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need Nettle cryptographic library." "$LINENO" 5
-fi
-
-done
- ac_fn_c_check_header_compile "$LINENO" "nettle/version.h" "ac_cv_header_nettle_version_h" "$ac_includes_default"
-if test "x$ac_cv_header_nettle_version_h" = xyes
-then :
- printf "%s\n" "#define HAVE_NETTLE_VERSION_H 1" >>confdefs.h
-
-fi
-
-
- saved_LIBS=$LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for nettle_pbkdf2_hmac_sha256 in -lnettle" >&5
-printf %s "checking for nettle_pbkdf2_hmac_sha256 in -lnettle... " >&6; }
-if test ${ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnettle $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char nettle_pbkdf2_hmac_sha256 ();
-int
-main (void)
-{
-return nettle_pbkdf2_hmac_sha256 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=yes
-else $as_nop
- ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&5
-printf "%s\n" "$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" >&6; }
-if test "x$ac_cv_lib_nettle_nettle_pbkdf2_hmac_sha256" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBNETTLE 1" >>confdefs.h
-
- LIBS="-lnettle $LIBS"
-
-else $as_nop
- as_fn_error $? "You need Nettle library version 2.6 or more recent." "$LINENO" 5
-fi
-
- CRYPTO_LIBS=$LIBS
- LIBS=$saved_LIBS
-
- CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
- use_internal_pbkdf2=0
-
- if test "x$enable_fips" = "xyes"; then
- as_fn_error $? "This option is not compatible with FIPS." "$LINENO" 5
- fi
-
- ;;
- *) as_fn_error $? "Unknown crypto backend." "$LINENO" 5 ;;
-esac
- if test "$with_crypto_backend" = "gcrypt"; then
- CRYPTO_BACKEND_GCRYPT_TRUE=
- CRYPTO_BACKEND_GCRYPT_FALSE='#'
-else
- CRYPTO_BACKEND_GCRYPT_TRUE='#'
- CRYPTO_BACKEND_GCRYPT_FALSE=
-fi
-
- if test "$with_crypto_backend" = "openssl"; then
- CRYPTO_BACKEND_OPENSSL_TRUE=
- CRYPTO_BACKEND_OPENSSL_FALSE='#'
-else
- CRYPTO_BACKEND_OPENSSL_TRUE='#'
- CRYPTO_BACKEND_OPENSSL_FALSE=
-fi
-
- if test "$with_crypto_backend" = "nss"; then
- CRYPTO_BACKEND_NSS_TRUE=
- CRYPTO_BACKEND_NSS_FALSE='#'
-else
- CRYPTO_BACKEND_NSS_TRUE='#'
- CRYPTO_BACKEND_NSS_FALSE=
-fi
-
- if test "$with_crypto_backend" = "kernel"; then
- CRYPTO_BACKEND_KERNEL_TRUE=
- CRYPTO_BACKEND_KERNEL_FALSE='#'
-else
- CRYPTO_BACKEND_KERNEL_TRUE='#'
- CRYPTO_BACKEND_KERNEL_FALSE=
-fi
-
- if test "$with_crypto_backend" = "nettle"; then
- CRYPTO_BACKEND_NETTLE_TRUE=
- CRYPTO_BACKEND_NETTLE_FALSE='#'
-else
- CRYPTO_BACKEND_NETTLE_TRUE='#'
- CRYPTO_BACKEND_NETTLE_FALSE=
-fi
-
-
- if test $use_internal_pbkdf2 = 1; then
- CRYPTO_INTERNAL_PBKDF2_TRUE=
- CRYPTO_INTERNAL_PBKDF2_FALSE='#'
-else
- CRYPTO_INTERNAL_PBKDF2_TRUE='#'
- CRYPTO_INTERNAL_PBKDF2_FALSE=
-fi
-
-
-printf "%s\n" "#define USE_INTERNAL_PBKDF2 $use_internal_pbkdf2" >>confdefs.h
-
-
-# Check whether --enable-internal-argon2 was given.
-if test ${enable_internal_argon2+y}
-then :
- enableval=$enable_internal_argon2;
-else $as_nop
- enable_internal_argon2=yes
-fi
-
-
-# Check whether --enable-libargon2 was given.
-if test ${enable_libargon2+y}
-then :
- enableval=$enable_libargon2;
-fi
-
-
-if test "x$enable_libargon2" = "xyes" ; then
- for ac_header in argon2.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "argon2.h" "ac_cv_header_argon2_h" "$ac_includes_default"
-if test "x$ac_cv_header_argon2_h" = xyes
-then :
- printf "%s\n" "#define HAVE_ARGON2_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need libargon2 development library installed." "$LINENO" 5
-fi
-
-done
- ac_fn_check_decl "$LINENO" "Argon2_id" "ac_cv_have_decl_Argon2_id" "#include <argon2.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_Argon2_id" = xyes
-then :
-
-else $as_nop
- as_fn_error $? "You need more recent Argon2 library with support for Argon2id." "$LINENO" 5
-fi
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libargon2" >&5
-printf %s "checking for libargon2... " >&6; }
-
-if test -n "$LIBARGON2_CFLAGS"; then
- pkg_cv_LIBARGON2_CFLAGS="$LIBARGON2_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libargon2\""; } >&5
- ($PKG_CONFIG --exists --print-errors "libargon2") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_LIBARGON2_CFLAGS=`$PKG_CONFIG --cflags "libargon2" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$LIBARGON2_LIBS"; then
- pkg_cv_LIBARGON2_LIBS="$LIBARGON2_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libargon2\""; } >&5
- ($PKG_CONFIG --exists --print-errors "libargon2") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_LIBARGON2_LIBS=`$PKG_CONFIG --libs "libargon2" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- LIBARGON2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libargon2" 2>&1`
- else
- LIBARGON2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libargon2" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$LIBARGON2_PKG_ERRORS" >&5
-
- LIBARGON2_LIBS="-largon2"
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- LIBARGON2_LIBS="-largon2"
-else
- LIBARGON2_CFLAGS=$pkg_cv_LIBARGON2_CFLAGS
- LIBARGON2_LIBS=$pkg_cv_LIBARGON2_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
- enable_internal_argon2=no
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2." >&5
-printf "%s\n" "$as_me: WARNING: Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2." >&2;}
-
- # Check whether --enable-internal-sse-argon2 was given.
-if test ${enable_internal_sse_argon2+y}
-then :
- enableval=$enable_internal_sse_argon2;
-fi
-
-
- if test "x$enable_internal_sse_argon2" = "xyes"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if Argon2 SSE optimization can be used" >&5
-printf %s "checking if Argon2 SSE optimization can be used... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <emmintrin.h>
- __m128i testfunc(__m128i *a, __m128i *b) {
- return _mm_xor_si128(_mm_loadu_si128(a), _mm_loadu_si128(b));
- }
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
-else $as_nop
- enable_internal_sse_argon2=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_internal_sse_argon2" >&5
-printf "%s\n" "$enable_internal_sse_argon2" >&6; }
- fi
-fi
-
-if test "x$enable_internal_argon2" = "xyes"; then
-
-printf "%s\n" "#define USE_INTERNAL_ARGON2 1" >>confdefs.h
-
-fi
- if test "x$enable_internal_argon2" = "xyes"; then
- CRYPTO_INTERNAL_ARGON2_TRUE=
- CRYPTO_INTERNAL_ARGON2_FALSE='#'
-else
- CRYPTO_INTERNAL_ARGON2_TRUE='#'
- CRYPTO_INTERNAL_ARGON2_FALSE=
-fi
-
- if test "x$enable_internal_sse_argon2" = "xyes"; then
- CRYPTO_INTERNAL_SSE_ARGON2_TRUE=
- CRYPTO_INTERNAL_SSE_ARGON2_FALSE='#'
-else
- CRYPTO_INTERNAL_SSE_ARGON2_TRUE='#'
- CRYPTO_INTERNAL_SSE_ARGON2_FALSE=
-fi
-
-
-# Check whether --enable-blkid was given.
-if test ${enable_blkid+y}
-then :
- enableval=$enable_blkid;
-else $as_nop
- enable_blkid=yes
-fi
-
-
-if test "x$enable_blkid" = "xyes"; then
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for blkid" >&5
-printf %s "checking for blkid... " >&6; }
-
-if test -n "$BLKID_CFLAGS"; then
- pkg_cv_BLKID_CFLAGS="$BLKID_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"blkid\""; } >&5
- ($PKG_CONFIG --exists --print-errors "blkid") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_BLKID_CFLAGS=`$PKG_CONFIG --cflags "blkid" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$BLKID_LIBS"; then
- pkg_cv_BLKID_LIBS="$BLKID_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"blkid\""; } >&5
- ($PKG_CONFIG --exists --print-errors "blkid") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_BLKID_LIBS=`$PKG_CONFIG --libs "blkid" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- BLKID_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "blkid" 2>&1`
- else
- BLKID_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "blkid" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$BLKID_PKG_ERRORS" >&5
-
- LIBBLKID_LIBS="-lblkid"
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- LIBBLKID_LIBS="-lblkid"
-else
- BLKID_CFLAGS=$pkg_cv_BLKID_CFLAGS
- BLKID_LIBS=$pkg_cv_BLKID_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-printf "%s\n" "#define HAVE_BLKID 1" >>confdefs.h
-
-fi
-
- for ac_header in blkid/blkid.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "blkid/blkid.h" "ac_cv_header_blkid_blkid_h" "$ac_includes_default"
-if test "x$ac_cv_header_blkid_blkid_h" = xyes
-then :
- printf "%s\n" "#define HAVE_BLKID_BLKID_H 1" >>confdefs.h
-
-else $as_nop
- as_fn_error $? "You need blkid development library installed." "$LINENO" 5
-fi
-
-done
- ac_fn_check_decl "$LINENO" "blkid_do_wipe" "ac_cv_have_decl_blkid_do_wipe" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_do_wipe" = xyes
-then :
-
-printf "%s\n" "#define HAVE_BLKID_WIPE 1" >>confdefs.h
-
- enable_blkid_wipe=yes
-
-fi
- ac_fn_check_decl "$LINENO" "blkid_probe_step_back" "ac_cv_have_decl_blkid_probe_step_back" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_probe_step_back" = xyes
-then :
-
-printf "%s\n" "#define HAVE_BLKID_STEP_BACK 1" >>confdefs.h
-
- enable_blkid_step_back=yes
-
-fi
- ac_fn_check_decl "$LINENO" "blkid_reset_probe" "ac_cv_have_decl_blkid_reset_probe" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_reset_probe" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_RESET_PROBE $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-ac_fn_check_decl "$LINENO" "blkid_probe_set_device" "ac_cv_have_decl_blkid_probe_set_device" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_probe_set_device" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_PROBE_SET_DEVICE $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-ac_fn_check_decl "$LINENO" "blkid_probe_filter_superblocks_type" "ac_cv_have_decl_blkid_probe_filter_superblocks_type" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_probe_filter_superblocks_type" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_PROBE_FILTER_SUPERBLOCKS_TYPE $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-ac_fn_check_decl "$LINENO" "blkid_do_safeprobe" "ac_cv_have_decl_blkid_do_safeprobe" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_do_safeprobe" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_DO_SAFEPROBE $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-ac_fn_check_decl "$LINENO" "blkid_do_probe" "ac_cv_have_decl_blkid_do_probe" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_do_probe" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_DO_PROBE $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-ac_fn_check_decl "$LINENO" "blkid_probe_lookup_value
- " "ac_cv_have_decl_blkid_probe_lookup_value__________" "#include <blkid/blkid.h>
-" "$ac_c_undeclared_builtin_options" "CFLAGS"
-if test "x$ac_cv_have_decl_blkid_probe_lookup_value__________" = xyes
-then :
- ac_have_decl=1
-else $as_nop
- ac_have_decl=0
-fi
-printf "%s\n" "#define HAVE_DECL_BLKID_PROBE_LOOKUP_VALUE__________ $ac_have_decl" >>confdefs.h
-if test $ac_have_decl = 1
-then :
-
-else $as_nop
- as_fn_error $? "Can not compile with blkid support, disable it by --disable-blkid." "$LINENO" 5
-fi
-
-fi
- if test "x$enable_blkid" = "xyes"; then
- HAVE_BLKID_TRUE=
- HAVE_BLKID_FALSE='#'
-else
- HAVE_BLKID_TRUE='#'
- HAVE_BLKID_FALSE=
-fi
-
- if test "x$enable_blkid_wipe" = "xyes"; then
- HAVE_BLKID_WIPE_TRUE=
- HAVE_BLKID_WIPE_FALSE='#'
-else
- HAVE_BLKID_WIPE_TRUE='#'
- HAVE_BLKID_WIPE_FALSE=
-fi
-
- if test "x$enable_blkid_step_back" = "xyes"; then
- HAVE_BLKID_STEP_BACK_TRUE=
- HAVE_BLKID_STEP_BACK_FALSE='#'
-else
- HAVE_BLKID_STEP_BACK_TRUE='#'
- HAVE_BLKID_STEP_BACK_FALSE=
-fi
-
-
-if test "x$enable_static_cryptsetup" = "xyes"; then
- saved_PKG_CONFIG=$PKG_CONFIG
- PKG_CONFIG="$PKG_CONFIG --static"
-
- LIBS="$saved_LIBS -static"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for poptGetContext in -lpopt" >&5
-printf %s "checking for poptGetContext in -lpopt... " >&6; }
-if test ${ac_cv_lib_popt_poptGetContext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lpopt $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char poptGetContext ();
-int
-main (void)
-{
-return poptGetContext ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_popt_poptGetContext=yes
-else $as_nop
- ac_cv_lib_popt_poptGetContext=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_popt_poptGetContext" >&5
-printf "%s\n" "$ac_cv_lib_popt_poptGetContext" >&6; }
-if test "x$ac_cv_lib_popt_poptGetContext" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBPOPT 1" >>confdefs.h
-
- LIBS="-lpopt $LIBS"
-
-else $as_nop
- as_fn_error $? "Cannot find static popt library." "$LINENO" 5
-fi
-
-
- LIBS="$saved_LIBS -static"
-
-pkg_failed=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for devmapper >= 1.02.27" >&5
-printf %s "checking for devmapper >= 1.02.27... " >&6; }
-
-if test -n "$DEVMAPPER_STATIC_CFLAGS"; then
- pkg_cv_DEVMAPPER_STATIC_CFLAGS="$DEVMAPPER_STATIC_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.27\""; } >&5
- ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.27") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_DEVMAPPER_STATIC_CFLAGS=`$PKG_CONFIG --cflags "devmapper >= 1.02.27" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$DEVMAPPER_STATIC_LIBS"; then
- pkg_cv_DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"devmapper >= 1.02.27\""; } >&5
- ($PKG_CONFIG --exists --print-errors "devmapper >= 1.02.27") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_DEVMAPPER_STATIC_LIBS=`$PKG_CONFIG --libs "devmapper >= 1.02.27" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- DEVMAPPER_STATIC_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "devmapper >= 1.02.27" 2>&1`
- else
- DEVMAPPER_STATIC_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "devmapper >= 1.02.27" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$DEVMAPPER_STATIC_PKG_ERRORS" >&5
-
-
- DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS
- if test "x$enable_selinux" = "xyes"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sepol_bool_set in -lsepol" >&5
-printf %s "checking for sepol_bool_set in -lsepol... " >&6; }
-if test ${ac_cv_lib_sepol_sepol_bool_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsepol $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char sepol_bool_set ();
-int
-main (void)
-{
-return sepol_bool_set ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_sepol_sepol_bool_set=yes
-else $as_nop
- ac_cv_lib_sepol_sepol_bool_set=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sepol_sepol_bool_set" >&5
-printf "%s\n" "$ac_cv_lib_sepol_sepol_bool_set" >&6; }
-if test "x$ac_cv_lib_sepol_sepol_bool_set" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBSEPOL 1" >>confdefs.h
-
- LIBS="-lsepol $LIBS"
-
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5
-printf %s "checking for is_selinux_enabled in -lselinux... " >&6; }
-if test ${ac_cv_lib_selinux_is_selinux_enabled+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lselinux $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char is_selinux_enabled ();
-int
-main (void)
-{
-return is_selinux_enabled ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_selinux_is_selinux_enabled=yes
-else $as_nop
- ac_cv_lib_selinux_is_selinux_enabled=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
-printf "%s\n" "$ac_cv_lib_selinux_is_selinux_enabled" >&6; }
-if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBSELINUX 1" >>confdefs.h
-
- LIBS="-lselinux $LIBS"
-
-fi
-
- DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS"
- fi
-
-elif test $pkg_failed = untried; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-
- DEVMAPPER_STATIC_LIBS=$DEVMAPPER_LIBS
- if test "x$enable_selinux" = "xyes"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sepol_bool_set in -lsepol" >&5
-printf %s "checking for sepol_bool_set in -lsepol... " >&6; }
-if test ${ac_cv_lib_sepol_sepol_bool_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsepol $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char sepol_bool_set ();
-int
-main (void)
-{
-return sepol_bool_set ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_sepol_sepol_bool_set=yes
-else $as_nop
- ac_cv_lib_sepol_sepol_bool_set=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sepol_sepol_bool_set" >&5
-printf "%s\n" "$ac_cv_lib_sepol_sepol_bool_set" >&6; }
-if test "x$ac_cv_lib_sepol_sepol_bool_set" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBSEPOL 1" >>confdefs.h
-
- LIBS="-lsepol $LIBS"
-
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in -lselinux" >&5
-printf %s "checking for is_selinux_enabled in -lselinux... " >&6; }
-if test ${ac_cv_lib_selinux_is_selinux_enabled+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lselinux $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char is_selinux_enabled ();
-int
-main (void)
-{
-return is_selinux_enabled ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_selinux_is_selinux_enabled=yes
-else $as_nop
- ac_cv_lib_selinux_is_selinux_enabled=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_is_selinux_enabled" >&5
-printf "%s\n" "$ac_cv_lib_selinux_is_selinux_enabled" >&6; }
-if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBSELINUX 1" >>confdefs.h
-
- LIBS="-lselinux $LIBS"
-
-fi
-
- DEVMAPPER_STATIC_LIBS="$DEVMAPPER_STATIC_LIBS $LIBS"
- fi
-
-else
- DEVMAPPER_STATIC_CFLAGS=$pkg_cv_DEVMAPPER_STATIC_CFLAGS
- DEVMAPPER_STATIC_LIBS=$pkg_cv_DEVMAPPER_STATIC_LIBS
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-
-fi
- LIBS="$saved_LIBS $DEVMAPPER_STATIC_LIBS"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dm_task_set_uuid in -ldevmapper" >&5
-printf %s "checking for dm_task_set_uuid in -ldevmapper... " >&6; }
-if test ${ac_cv_lib_devmapper_dm_task_set_uuid+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldevmapper $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dm_task_set_uuid ();
-int
-main (void)
-{
-return dm_task_set_uuid ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_devmapper_dm_task_set_uuid=yes
-else $as_nop
- ac_cv_lib_devmapper_dm_task_set_uuid=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_devmapper_dm_task_set_uuid" >&5
-printf "%s\n" "$ac_cv_lib_devmapper_dm_task_set_uuid" >&6; }
-if test "x$ac_cv_lib_devmapper_dm_task_set_uuid" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBDEVMAPPER 1" >>confdefs.h
-
- LIBS="-ldevmapper $LIBS"
-
-else $as_nop
- as_fn_error $? "Cannot link with static device-mapper library." "$LINENO" 5
-fi
-
-
- LIBS="$saved_LIBS -static"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uuid_generate in -luuid" >&5
-printf %s "checking for uuid_generate in -luuid... " >&6; }
-if test ${ac_cv_lib_uuid_uuid_generate+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-luuid $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char uuid_generate ();
-int
-main (void)
-{
-return uuid_generate ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_uuid_uuid_generate=yes
-else $as_nop
- ac_cv_lib_uuid_uuid_generate=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_uuid_uuid_generate" >&5
-printf "%s\n" "$ac_cv_lib_uuid_uuid_generate" >&6; }
-if test "x$ac_cv_lib_uuid_uuid_generate" = xyes
-then :
- printf "%s\n" "#define HAVE_LIBUUID 1" >>confdefs.h
-
- LIBS="-luuid $LIBS"
-
-else $as_nop
- as_fn_error $? "Cannot find static uuid library." "$LINENO" 5
-fi
-
-
- LIBS=$saved_LIBS
- PKG_CONFIG=$saved_PKG_CONFIG
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for systemd tmpfiles config directory" >&5
-printf %s "checking for systemd tmpfiles config directory... " >&6; }
-
-if test -n "$systemd_tmpfilesdir"; then
- pkg_cv_systemd_tmpfilesdir="$systemd_tmpfilesdir"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"systemd\""; } >&5
- ($PKG_CONFIG --exists --print-errors "systemd") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_systemd_tmpfilesdir=`$PKG_CONFIG --variable="tmpfilesdir" "systemd" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-systemd_tmpfilesdir=$pkg_cv_systemd_tmpfilesdir
-
-if test "x$systemd_tmpfilesdir" = x""
-then :
- systemd_tmpfilesdir=no
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $systemd_tmpfilesdir" >&5
-printf "%s\n" "$systemd_tmpfilesdir" >&6; }
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --enable-dev-random was given.
-if test ${enable_dev_random+y}
-then :
- enableval=$enable_dev_random;
-fi
-
-if test "x$enable_dev_random" = "xyes"; then
- default_rng=/dev/random
-else
- default_rng=/dev/urandom
-fi
-
-printf "%s\n" "#define DEFAULT_RNG \"$default_rng\"" >>confdefs.h
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-plain-hash was given.
-if test ${with_plain_hash+y}
-then :
- withval=$with_plain_hash;
-printf "%s\n" "#define DEFAULT_PLAIN_HASH \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_PLAIN_HASH \"ripemd160\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-plain-cipher was given.
-if test ${with_plain_cipher+y}
-then :
- withval=$with_plain_cipher;
-printf "%s\n" "#define DEFAULT_PLAIN_CIPHER \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_PLAIN_CIPHER \"aes\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-plain-mode was given.
-if test ${with_plain_mode+y}
-then :
- withval=$with_plain_mode;
-printf "%s\n" "#define DEFAULT_PLAIN_MODE \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_PLAIN_MODE \"cbc-essiv:sha256\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-plain-keybits was given.
-if test ${with_plain_keybits+y}
-then :
- withval=$with_plain_keybits;
-printf "%s\n" "#define DEFAULT_PLAIN_KEYBITS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_PLAIN_KEYBITS 256" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-luks1-hash was given.
-if test ${with_luks1_hash+y}
-then :
- withval=$with_luks1_hash;
-printf "%s\n" "#define DEFAULT_LUKS1_HASH \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS1_HASH \"sha256\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks1-cipher was given.
-if test ${with_luks1_cipher+y}
-then :
- withval=$with_luks1_cipher;
-printf "%s\n" "#define DEFAULT_LUKS1_CIPHER \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS1_CIPHER \"aes\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks1-mode was given.
-if test ${with_luks1_mode+y}
-then :
- withval=$with_luks1_mode;
-printf "%s\n" "#define DEFAULT_LUKS1_MODE \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS1_MODE \"xts-plain64\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks1-keybits was given.
-if test ${with_luks1_keybits+y}
-then :
- withval=$with_luks1_keybits;
-printf "%s\n" "#define DEFAULT_LUKS1_KEYBITS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS1_KEYBITS 256" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --enable-luks_adjust_xts_keysize was given.
-if test ${enable_luks_adjust_xts_keysize+y}
-then :
- enableval=$enable_luks_adjust_xts_keysize;
-else $as_nop
- enable_luks_adjust_xts_keysize=yes
-fi
-
-if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
-
-printf "%s\n" "#define ENABLE_LUKS_ADJUST_XTS_KEYSIZE 1" >>confdefs.h
-
-fi
-
-
-# Check whether --with-luks2-pbkdf was given.
-if test ${with_luks2_pbkdf+y}
-then :
- withval=$with_luks2_pbkdf;
-printf "%s\n" "#define DEFAULT_LUKS2_PBKDF \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_PBKDF \"argon2i\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks1-iter-time was given.
-if test ${with_luks1_iter_time+y}
-then :
- withval=$with_luks1_iter_time;
-printf "%s\n" "#define DEFAULT_LUKS1_ITER_TIME $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS1_ITER_TIME 2000" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks2-iter-time was given.
-if test ${with_luks2_iter_time+y}
-then :
- withval=$with_luks2_iter_time;
-printf "%s\n" "#define DEFAULT_LUKS2_ITER_TIME $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_ITER_TIME 2000" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks2-memory-kb was given.
-if test ${with_luks2_memory_kb+y}
-then :
- withval=$with_luks2_memory_kb;
-printf "%s\n" "#define DEFAULT_LUKS2_MEMORY_KB $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_MEMORY_KB 1048576" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks2-parallel-threads was given.
-if test ${with_luks2_parallel_threads+y}
-then :
- withval=$with_luks2_parallel_threads;
-printf "%s\n" "#define DEFAULT_LUKS2_PARALLEL_THREADS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_PARALLEL_THREADS 4" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-luks2-keyslot-cipher was given.
-if test ${with_luks2_keyslot_cipher+y}
-then :
- withval=$with_luks2_keyslot_cipher;
-printf "%s\n" "#define DEFAULT_LUKS2_KEYSLOT_CIPHER \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_KEYSLOT_CIPHER \"aes-xts-plain64\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-luks2-keyslot-keybits was given.
-if test ${with_luks2_keyslot_keybits+y}
-then :
- withval=$with_luks2_keyslot_keybits;
-printf "%s\n" "#define DEFAULT_LUKS2_KEYSLOT_KEYBITS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_KEYSLOT_KEYBITS 512" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-loopaes-cipher was given.
-if test ${with_loopaes_cipher+y}
-then :
- withval=$with_loopaes_cipher;
-printf "%s\n" "#define DEFAULT_LOOPAES_CIPHER \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LOOPAES_CIPHER \"aes\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-loopaes-keybits was given.
-if test ${with_loopaes_keybits+y}
-then :
- withval=$with_loopaes_keybits;
-printf "%s\n" "#define DEFAULT_LOOPAES_KEYBITS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LOOPAES_KEYBITS 256" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-keyfile-size-maxkb was given.
-if test ${with_keyfile_size_maxkb+y}
-then :
- withval=$with_keyfile_size_maxkb;
-printf "%s\n" "#define DEFAULT_KEYFILE_SIZE_MAXKB $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_KEYFILE_SIZE_MAXKB 8192" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-integrity-keyfile-size-maxkb was given.
-if test ${with_integrity_keyfile_size_maxkb+y}
-then :
- withval=$with_integrity_keyfile_size_maxkb;
-printf "%s\n" "#define DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB 4" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-passphrase-size-max was given.
-if test ${with_passphrase_size_max+y}
-then :
- withval=$with_passphrase_size_max;
-printf "%s\n" "#define DEFAULT_PASSPHRASE_SIZE_MAX $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_PASSPHRASE_SIZE_MAX 512" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-verity-hash was given.
-if test ${with_verity_hash+y}
-then :
- withval=$with_verity_hash;
-printf "%s\n" "#define DEFAULT_VERITY_HASH \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_VERITY_HASH \"sha256\"" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-verity-data-block was given.
-if test ${with_verity_data_block+y}
-then :
- withval=$with_verity_data_block;
-printf "%s\n" "#define DEFAULT_VERITY_DATA_BLOCK $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_VERITY_DATA_BLOCK 4096" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-verity-hash-block was given.
-if test ${with_verity_hash_block+y}
-then :
- withval=$with_verity_hash_block;
-printf "%s\n" "#define DEFAULT_VERITY_HASH_BLOCK $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_VERITY_HASH_BLOCK 4096" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-verity-salt-size was given.
-if test ${with_verity_salt_size+y}
-then :
- withval=$with_verity_salt_size;
-printf "%s\n" "#define DEFAULT_VERITY_SALT_SIZE $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_VERITY_SALT_SIZE 32" >>confdefs.h
-
-
-
-fi
-
-
-# Check whether --with-verity-fec-roots was given.
-if test ${with_verity_fec_roots+y}
-then :
- withval=$with_verity_fec_roots;
-printf "%s\n" "#define DEFAULT_VERITY_FEC_ROOTS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_VERITY_FEC_ROOTS 2" >>confdefs.h
-
-
-
-fi
-
-
-
-# Check whether --with-tmpfilesdir was given.
-if test ${with_tmpfilesdir+y}
-then :
- withval=$with_tmpfilesdir;
-printf "%s\n" "#define DEFAULT_TMPFILESDIR \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_TMPFILESDIR \"\"" >>confdefs.h
-
-
-
-fi
-
-test -z "$with_tmpfilesdir" && with_tmpfilesdir=$systemd_tmpfilesdir
-test "x$with_tmpfilesdir" = "xno" || {
-
- case "${with_tmpfilesdir}" in
- /*) ;;
- *) as_fn_error $? "with-tmpfilesdir argument must be an absolute path." "$LINENO" 5;;
- esac
-
- DEFAULT_TMPFILESDIR=$with_tmpfilesdir
-
-}
- if test -n "$DEFAULT_TMPFILESDIR"; then
- CRYPTSETUP_TMPFILE_TRUE=
- CRYPTSETUP_TMPFILE_FALSE='#'
-else
- CRYPTSETUP_TMPFILE_TRUE='#'
- CRYPTSETUP_TMPFILE_FALSE=
-fi
-
-
-
-# Check whether --with-luks2-lock-path was given.
-if test ${with_luks2_lock_path+y}
-then :
- withval=$with_luks2_lock_path;
-printf "%s\n" "#define DEFAULT_LUKS2_LOCK_PATH \"$withval\"" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_LOCK_PATH \"/run/cryptsetup\"" >>confdefs.h
-
-
-
-fi
-
-test -z "$with_luks2_lock_path" && with_luks2_lock_path=/run/cryptsetup
-
- case "${with_luks2_lock_path}" in
- /*) ;;
- *) as_fn_error $? "with-luks2-lock-path argument must be an absolute path." "$LINENO" 5;;
- esac
-
-DEFAULT_LUKS2_LOCK_PATH=$with_luks2_lock_path
-
-
-
-# Check whether --with-luks2-lock-dir-perms was given.
-if test ${with_luks2_lock_dir_perms+y}
-then :
- withval=$with_luks2_lock_dir_perms;
-printf "%s\n" "#define DEFAULT_LUKS2_LOCK_DIR_PERMS $withval" >>confdefs.h
-
-
-else $as_nop
-
-printf "%s\n" "#define DEFAULT_LUKS2_LOCK_DIR_PERMS 0700" >>confdefs.h
-
-
-
-fi
-
-test -z "$with_luks2_lock_dir_perms" && with_luks2_lock_dir_perms=0700
-DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
-
-
-
-# Check whether --with-default_luks_format was given.
-if test ${with_default_luks_format+y}
-then :
- withval=$with_default_luks_format;
-else $as_nop
- with_default_luks_format=LUKS2
-fi
-
-
-case $with_default_luks_format in
- LUKS1) default_luks=CRYPT_LUKS1 ;;
- LUKS2) default_luks=CRYPT_LUKS2 ;;
- *) as_fn_error $? "Unknown default LUKS format. Use LUKS1 or LUKS2 only." "$LINENO" 5 ;;
-esac
-
-printf "%s\n" "#define DEFAULT_LUKS_FORMAT $default_luks" >>confdefs.h
-
-
-
-ac_config_files="$ac_config_files Makefile lib/libcryptsetup.pc po/Makefile.in scripts/cryptsetup.conf tests/Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-DEFS=-DHAVE_CONFIG_H
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-printf %s "checking that generated files are newer than configure... " >&6; }
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
-printf "%s\n" "done" >&6; }
- if test -n "$EXEEXT"; then
- am__EXEEXT_TRUE=
- am__EXEEXT_FALSE='#'
-else
- am__EXEEXT_TRUE='#'
- am__EXEEXT_FALSE=
-fi
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${KERNEL_KEYRING_TRUE}" && test -z "${KERNEL_KEYRING_FALSE}"; then
- as_fn_error $? "conditional \"KERNEL_KEYRING\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-if test -z "${STATIC_TOOLS_TRUE}" && test -z "${STATIC_TOOLS_FALSE}"; then
- as_fn_error $? "conditional \"STATIC_TOOLS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTSETUP_TRUE}" && test -z "${CRYPTSETUP_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTSETUP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${VERITYSETUP_TRUE}" && test -z "${VERITYSETUP_FALSE}"; then
- as_fn_error $? "conditional \"VERITYSETUP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${REENCRYPT_TRUE}" && test -z "${REENCRYPT_FALSE}"; then
- as_fn_error $? "conditional \"REENCRYPT\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${INTEGRITYSETUP_TRUE}" && test -z "${INTEGRITYSETUP_FALSE}"; then
- as_fn_error $? "conditional \"INTEGRITYSETUP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_BACKEND_GCRYPT_TRUE}" && test -z "${CRYPTO_BACKEND_GCRYPT_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_BACKEND_GCRYPT\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_BACKEND_OPENSSL_TRUE}" && test -z "${CRYPTO_BACKEND_OPENSSL_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_BACKEND_OPENSSL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_BACKEND_NSS_TRUE}" && test -z "${CRYPTO_BACKEND_NSS_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_BACKEND_NSS\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_BACKEND_KERNEL_TRUE}" && test -z "${CRYPTO_BACKEND_KERNEL_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_BACKEND_KERNEL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_BACKEND_NETTLE_TRUE}" && test -z "${CRYPTO_BACKEND_NETTLE_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_BACKEND_NETTLE\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_INTERNAL_PBKDF2_TRUE}" && test -z "${CRYPTO_INTERNAL_PBKDF2_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_INTERNAL_PBKDF2\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_INTERNAL_ARGON2_TRUE}" && test -z "${CRYPTO_INTERNAL_ARGON2_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_INTERNAL_ARGON2\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTO_INTERNAL_SSE_ARGON2_TRUE}" && test -z "${CRYPTO_INTERNAL_SSE_ARGON2_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTO_INTERNAL_SSE_ARGON2\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_BLKID_TRUE}" && test -z "${HAVE_BLKID_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_BLKID\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_BLKID_WIPE_TRUE}" && test -z "${HAVE_BLKID_WIPE_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_BLKID_WIPE\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_BLKID_STEP_BACK_TRUE}" && test -z "${HAVE_BLKID_STEP_BACK_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_BLKID_STEP_BACK\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${CRYPTSETUP_TMPFILE_TRUE}" && test -z "${CRYPTSETUP_TMPFILE_FALSE}"; then
- as_fn_error $? "conditional \"CRYPTSETUP_TMPFILE\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_echo='printf %s\n'
-as_echo_n='printf %s'
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by cryptsetup $as_me 2.3.7, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-case $ac_config_headers in *"
-"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
-esac
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_headers="$ac_config_headers"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Configuration commands:
-$config_commands
-
-Report bugs to the package provider."
-
-_ACEOF
-ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config='$ac_cs_config_escaped'
-ac_cs_version="\\
-cryptsetup config.status 2.3.7
-configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --header | --heade | --head | --hea )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append CONFIG_HEADERS " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h)
- # Conflict between --help and --header
- as_fn_error $? "ambiguous option: \`$1'
-Try \`$0 --help' for more information.";;
- --help | --hel | -h )
- printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- printf "%s\n" "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
-macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
-shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
-SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
-ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
-PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
-host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
-host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
-host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
-build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
-build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
-build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
-SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
-Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
-GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
-EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
-FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
-LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
-NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
-LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
-exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
-file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
-want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
-DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
-sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
-AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
-archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
-STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
-lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
-CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
-compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
-GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
-lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
-nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
-lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
-lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
-objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
-need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
-MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
-LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
-libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
-postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
-need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
-version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
-install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
-configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
-striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in SHELL \
-ECHO \
-PATH_SEPARATOR \
-SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-file_magic_glob \
-want_nocaseglob \
-DLLTOOL \
-sharedlib_from_linklib_cmd \
-AR \
-AR_FLAGS \
-archiver_list_spec \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_import \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-lt_cv_nm_interface \
-nm_file_list_spec \
-lt_cv_truncate_bin \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_pic \
-lt_prog_compiler_wl \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-MANIFEST_TOOL \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_separator \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-install_override_mode \
-finish_eval \
-old_striplib \
-striplib; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postlink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-ac_aux_dir='$ac_aux_dir'
-
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'
-
-
-
-# Capture the value of obsolete ALL_LINGUAS because we need it to compute
- # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
- # from automake < 1.5.
- eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
- # Capture the value of LINGUAS because we need it to compute CATALOGS.
- LINGUAS="${LINGUAS-%UNSET%}"
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h:config.h.in" ;;
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "lib/libcryptsetup.pc") CONFIG_FILES="$CONFIG_FILES lib/libcryptsetup.pc" ;;
- "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
- "scripts/cryptsetup.conf") CONFIG_FILES="$CONFIG_FILES scripts/cryptsetup.conf" ;;
- "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers
- test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "\a"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-# Set up the scripts for CONFIG_HEADERS section.
-# No need to generate them if there are no CONFIG_HEADERS.
-# This happens for instance with `./config.status Makefile'.
-if test -n "$CONFIG_HEADERS"; then
-cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
-BEGIN {
-_ACEOF
-
-# Transform confdefs.h into an awk script `defines.awk', embedded as
-# here-document in config.status, that substitutes the proper values into
-# config.h.in to produce config.h.
-
-# Create a delimiter string that does not exist in confdefs.h, to ease
-# handling of long lines.
-ac_delim='%!_!# '
-for ac_last_try in false false :; do
- ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
- if test -z "$ac_tt"; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-
-# For the awk script, D is an array of macro values keyed by name,
-# likewise P contains macro parameters if any. Preserve backslash
-# newline sequences.
-
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-sed -n '
-s/.\{148\}/&'"$ac_delim"'/g
-t rset
-:rset
-s/^[ ]*#[ ]*define[ ][ ]*/ /
-t def
-d
-:def
-s/\\$//
-t bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3"/p
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
-d
-:bsnl
-s/["\\]/\\&/g
-s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
-D["\1"]=" \3\\\\\\n"\\/p
-t cont
-s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
-t cont
-d
-:cont
-n
-s/.\{148\}/&'"$ac_delim"'/g
-t clear
-:clear
-s/\\$//
-t bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/"/p
-d
-:bsnlc
-s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
-b cont
-' <confdefs.h | sed '
-s/'"$ac_delim"'/"\\\
-"/g' >>$CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- for (key in D) D_is_set[key] = 1
- FS = "\a"
-}
-/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
- line = \$ 0
- split(line, arg, " ")
- if (arg[1] == "#") {
- defundef = arg[2]
- mac1 = arg[3]
- } else {
- defundef = substr(arg[1], 2)
- mac1 = arg[2]
- }
- split(mac1, mac2, "(") #)
- macro = mac2[1]
- prefix = substr(line, 1, index(line, defundef) - 1)
- if (D_is_set[macro]) {
- # Preserve the white space surrounding the "#".
- print prefix "define", macro P[macro] D[macro]
- next
- } else {
- # Replace #undef with comments. This is necessary, for example,
- # in the case of _POSIX_SOURCE, which is predefined and required
- # on some systems where configure will not decide to define it.
- if (defundef == "undef") {
- print "/*", prefix defundef, macro, "*/"
- next
- }
- }
-}
-{ print }
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
- as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
-fi # test -n "$CONFIG_HEADERS"
-
-
-eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
- :H)
- #
- # CONFIG_HEADER
- #
- if test x"$ac_file" != x-; then
- {
- printf "%s\n" "/* $configure_input */" >&1 \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
- } >"$ac_tmp/config.h" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
-printf "%s\n" "$as_me: $ac_file is unchanged" >&6;}
- else
- rm -f "$ac_file"
- mv "$ac_tmp/config.h" "$ac_file" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- fi
- else
- printf "%s\n" "/* $configure_input */" >&1 \
- && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
- || as_fn_error $? "could not create -" "$LINENO" 5
- fi
-# Compute "$ac_file"'s index in $config_headers.
-_am_arg="$ac_file"
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
-$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$_am_arg" : 'X\(//\)[^/]' \| \
- X"$_am_arg" : 'X\(//\)$' \| \
- X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$_am_arg" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`/stamp-h$_am_stamp_count
- ;;
-
- :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- case $CONFIG_FILES in #(
- *\'*) :
- eval set x "$CONFIG_FILES" ;; #(
- *) :
- set x $CONFIG_FILES ;; #(
- *) :
- ;;
-esac
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`$as_dirname -- "$am_mf" ||
-$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$am_mf" : 'X\(//\)[^/]' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- am_filepart=`$as_basename -- "$am_mf" ||
-$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$am_mf" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { echo "$as_me:$LINENO: cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles" >&5
- (cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } || am_rc=$?
- done
- if test $am_rc -ne 0; then
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE=\"gmake\" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- { am_dirpart=; unset am_dirpart;}
- { am_filepart=; unset am_filepart;}
- { am_mf=; unset am_mf;}
- { am_rc=; unset am_rc;}
- rm -f conftest-deps.mk
-}
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags=''
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# Shared archive member basename,for filename based shared library versioning on AIX.
-shared_archive_member_spec=$shared_archive_member_spec
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that protects backslashes.
-ECHO=$lt_ECHO
-
-# The PATH separator for the build system.
-PATH_SEPARATOR=$lt_PATH_SEPARATOR
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# convert \$build file names to \$host format.
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-
-# convert \$build files to toolchain format.
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method = "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# How to find potential files when deplibs_check_method = "file_magic".
-file_magic_glob=$lt_file_magic_glob
-
-# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
-want_nocaseglob=$lt_want_nocaseglob
-
-# DLL creation program.
-DLLTOOL=$lt_DLLTOOL
-
-# Command to associate shared and link libraries.
-sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
-
-# The archiver.
-AR=$lt_AR
-
-# Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
-
-# How to feed a file listing to the archiver.
-archiver_list_spec=$lt_archiver_list_spec
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Whether to use a lock for old archive extraction.
-lock_old_archive_extraction=$lock_old_archive_extraction
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm into a list of symbols to manually relocate.
-global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name lister interface.
-nm_interface=$lt_lt_cv_nm_interface
-
-# Specify filename containing input files for \$NM.
-nm_file_list_spec=$lt_nm_file_list_spec
-
-# The root where to search for dependent libraries,and where our libraries should be installed.
-lt_sysroot=$lt_sysroot
-
-# Command to truncate a binary pipe.
-lt_truncate_bin=$lt_lt_cv_truncate_bin
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Manifest tool.
-MANIFEST_TOOL=$lt_MANIFEST_TOOL
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Permission mode override for installation of shared libraries.
-install_override_mode=$lt_install_override_mode
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Detected run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
-
-# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
-configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Commands necessary for finishing linking programs.
-postlink_cmds=$lt_postlink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x$2 in
- x)
- ;;
- *:)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
- ;;
- x:*)
- eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
- ;;
- *)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in $*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
- ;;
- "po-directories":C)
- for ac_file in $CONFIG_FILES; do
- # Support "outfile[:infile[:infile...]]"
- case "$ac_file" in
- *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
- esac
- # PO directories have a Makefile.in generated from Makefile.in.in.
- case "$ac_file" in */Makefile.in)
- # Adjust a relative srcdir.
- ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
- ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'`
- ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
- # In autoconf-2.13 it is called $ac_given_srcdir.
- # In autoconf-2.50 it is called $srcdir.
- test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
- case "$ac_given_srcdir" in
- .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
- /*) top_srcdir="$ac_given_srcdir" ;;
- *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
- esac
- # Treat a directory as a PO directory if and only if it has a
- # POTFILES.in file. This allows packages to have multiple PO
- # directories under different names or in different locations.
- if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
- rm -f "$ac_dir/POTFILES"
- test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
- gt_tab=`printf '\t'`
- cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
- POMAKEFILEDEPS="POTFILES.in"
- # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
- # on $ac_dir but don't depend on user-specified configuration
- # parameters.
- if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
- # The LINGUAS file contains the set of available languages.
- if test -n "$OBSOLETE_ALL_LINGUAS"; then
- test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
- fi
- ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
- # Hide the ALL_LINGUAS assignment from automake < 1.5.
- eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
- POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
- else
- # The set of available languages was given in configure.in.
- # Hide the ALL_LINGUAS assignment from automake < 1.5.
- eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
- fi
- # Compute POFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
- # Compute UPDATEPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
- # Compute DUMMYPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
- # Compute GMOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
- case "$ac_given_srcdir" in
- .) srcdirpre= ;;
- *) srcdirpre='$(srcdir)/' ;;
- esac
- POFILES=
- UPDATEPOFILES=
- DUMMYPOFILES=
- GMOFILES=
- for lang in $ALL_LINGUAS; do
- POFILES="$POFILES $srcdirpre$lang.po"
- UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
- DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
- GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
- done
- # CATALOGS depends on both $ac_dir and the user's LINGUAS
- # environment variable.
- INST_LINGUAS=
- if test -n "$ALL_LINGUAS"; then
- for presentlang in $ALL_LINGUAS; do
- useit=no
- if test "%UNSET%" != "$LINGUAS"; then
- desiredlanguages="$LINGUAS"
- else
- desiredlanguages="$ALL_LINGUAS"
- fi
- for desiredlang in $desiredlanguages; do
- # Use the presentlang catalog if desiredlang is
- # a. equal to presentlang, or
- # b. a variant of presentlang (because in this case,
- # presentlang can be used as a fallback for messages
- # which are not translated in the desiredlang catalog).
- case "$desiredlang" in
- "$presentlang"*) useit=yes;;
- esac
- done
- if test $useit = yes; then
- INST_LINGUAS="$INST_LINGUAS $presentlang"
- fi
- done
- fi
- CATALOGS=
- if test -n "$INST_LINGUAS"; then
- for lang in $INST_LINGUAS; do
- CATALOGS="$CATALOGS $lang.gmo"
- done
- fi
- test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
- sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
- for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
- if test -f "$f"; then
- case "$f" in
- *.orig | *.bak | *~) ;;
- *) cat "$f" >> "$ac_dir/Makefile" ;;
- esac
- fi
- done
- fi
- ;;
- esac
- done ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
-
AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.3.7])
+AC_INIT([cryptsetup],[2.6.1])
dnl library version from <major>.<minor>.<release>[-<suffix>]
LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=18:0:6
+LIBCRYPTSETUP_VERSION_INFO=21:0:9
AM_SILENT_RULES([yes])
AC_CONFIG_SRCDIR(src/cryptsetup.c)
# For old automake use this
#AM_INIT_AUTOMAKE(dist-xz subdir-objects)
-AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects])
+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests subdir-objects foreign])
if test "x$prefix" = "xNONE"; then
sysconfdir=/etc
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_CPP
+AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_MAKE_SET
+AC_PROG_MKDIR_P
AC_ENABLE_STATIC(no)
LT_INIT
PKG_PROG_PKG_CONFIG
-AM_ICONV
dnl ==========================================================================
dnl define PKG_CHECK_VAR for old pkg-config <= 0.28
])
])
dnl ==========================================================================
+dnl AsciiDoc manual pages
+
+AC_ARG_ENABLE([asciidoc],
+ AS_HELP_STRING([--disable-asciidoc], [do not generate man pages from asciidoc]),
+ [], [enable_asciidoc=yes]
+)
+
+AC_PATH_PROG([ASCIIDOCTOR], [asciidoctor])
+if test "x$enable_asciidoc" = xyes -a "x$ASCIIDOCTOR" = x; then
+ AC_MSG_ERROR([Building man pages requires asciidoctor installed.])
+fi
+AM_CONDITIONAL([ENABLE_ASCIIDOC], [test "x$enable_asciidoc" = xyes])
+
+have_manpages=no
+AS_IF([test -f "$srcdir/man/cryptsetup-open.8"], [
+ AC_MSG_NOTICE([re-use already generated man-pages.])
+ have_manpages=yes]
+)
+AM_CONDITIONAL([HAVE_MANPAGES], [test "x$have_manpages" = xyes])
+
+dnl ==========================================================================
AC_C_RESTRICT
AC_HEADER_DIRENT
-AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
+AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h uchar.h sys/ioctl.h sys/mman.h \
sys/sysmacros.h sys/statvfs.h ctype.h unistd.h locale.h byteswap.h endian.h stdint.h)
AC_CHECK_DECLS([O_CLOEXEC],,[AC_DEFINE([O_CLOEXEC],[0], [Defined to 0 if not provided])],
[[
AC_FUNC_STRERROR_R
dnl ==========================================================================
+dnl LUKS2 external tokens
+
+AC_ARG_ENABLE([external-tokens],
+ AS_HELP_STRING([--disable-external-tokens], [disable external LUKS2 tokens]),
+ [], [enable_external_tokens=yes])
+if test "x$enable_external_tokens" = "xyes"; then
+ AC_DEFINE(USE_EXTERNAL_TOKENS, 1, [Use external tokens])
+ dnl we need dynamic library loading here
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([dlsym],[dl])
+ AC_CHECK_FUNCS([dlvsym])
+ AC_SUBST(DL_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+AM_CONDITIONAL(EXTERNAL_TOKENS, test "x$enable_external_tokens" = "xyes")
+
+AC_ARG_ENABLE([ssh-token],
+ AS_HELP_STRING([--disable-ssh-token], [disable LUKS2 ssh-token]),
+ [], [enable_ssh_token=yes])
+AM_CONDITIONAL(SSHPLUGIN_TOKEN, test "x$enable_ssh_token" = "xyes")
+
+if test "x$enable_ssh_token" = "xyes" -a "x$enable_external_tokens" = "xno"; then
+ AC_MSG_ERROR([Requested LUKS2 ssh-token build, but external tokens are disabled.])
+fi
+
+dnl LUKS2 online reencryption
+AC_ARG_ENABLE([luks2-reencryption],
+ AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
+ [], [enable_luks2_reencryption=yes])
+if test "x$enable_luks2_reencryption" = "xyes"; then
+ AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
+fi
+
+dnl ==========================================================================
AM_GNU_GETTEXT([external],[need-ngettext])
AM_GNU_GETTEXT_VERSION([0.18.3])
fi
])
-dnl LUKS2 online reencryption
-AC_ARG_ENABLE([luks2-reencryption],
- AS_HELP_STRING([--disable-luks2-reencryption], [disable LUKS2 online reencryption extension]),
- [], [enable_luks2_reencryption=yes])
-if test "x$enable_luks2_reencryption" = "xyes"; then
- AC_DEFINE(USE_LUKS2_REENCRYPTION, 1, [Use LUKS2 online reencryption extension])
-fi
-
dnl ==========================================================================
dnl pwquality library (cryptsetup CLI only)
AC_ARG_ENABLE([pwquality],
fi
dnl ==========================================================================
+dnl fuzzers, it requires own static library compilation later
+AC_ARG_ENABLE([fuzz-targets],
+ AS_HELP_STRING([--enable-fuzz-targets], [enable building fuzz targets]))
+AM_CONDITIONAL(ENABLE_FUZZ_TARGETS, test "x$enable_fuzz_targets" = "xyes")
+
+if test "x$enable_fuzz_targets" = "xyes"; then
+ AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link],,
+ AC_MSG_ERROR([Required compiler options not supported; use clang.]), [-Werror])
+fi
+
+dnl ==========================================================================
dnl passwdqc library (cryptsetup CLI only)
AC_ARG_ENABLE([passwdqc],
AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@],
[], [enable_veritysetup=yes])
AM_CONDITIONAL(VERITYSETUP, test "x$enable_veritysetup" = "xyes")
-AC_ARG_ENABLE([cryptsetup-reencrypt],
- AS_HELP_STRING([--disable-cryptsetup-reencrypt], [disable cryptsetup-reencrypt tool]),
- [], [enable_cryptsetup_reencrypt=yes])
-AM_CONDITIONAL(REENCRYPT, test "x$enable_cryptsetup_reencrypt" = "xyes")
-
AC_ARG_ENABLE([integritysetup],
AS_HELP_STRING([--disable-integritysetup], [disable integritysetup support]),
[], [enable_integritysetup=yes])
AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])
AC_CHECK_DECLS([json_object_deep_copy], [], [], [#include <json-c/json.h>])
+dnl Check for libssh and argp for SSH plugin
+if test "x$enable_ssh_token" = "xyes"; then
+ PKG_CHECK_MODULES([LIBSSH], [libssh])
+ AC_CHECK_DECLS([ssh_session_is_known_server], [], [], [#include <libssh/libssh.h>])
+ AC_CHECK_HEADER([argp.h], [], AC_MSG_ERROR([You need argp library.]))
+ saved_LIBS=$LIBS
+ AC_SEARCH_LIBS([argp_parse],[argp])
+ AC_SUBST(ARGP_LIBS, $LIBS)
+ LIBS=$saved_LIBS
+fi
+
dnl Crypto backend configuration.
AC_ARG_WITH([crypto_backend],
AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
PKG_CONFIG=$saved_PKG_CONFIG
fi
+dnl Check compiler support for symver function attribute
+AC_MSG_CHECKING([for symver attribute support])
+saved_CFLAGS=$CFLAGS
+CFLAGS="-O0 -Werror"
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ void _test_sym(void);
+ __attribute__((__symver__("sym@VERSION_4.2"))) void _test_sym(void) {}
+]],
+[[ _test_sym() ]]
+)],[
+ AC_DEFINE([HAVE_ATTRIBUTE_SYMVER], 1, [Define to 1 to use __attribute__((symver))])
+ AC_MSG_RESULT([yes])
+], [
+ AC_MSG_RESULT([no])
+])
+CFLAGS=$saved_CFLAGS
+
AC_MSG_CHECKING([for systemd tmpfiles config directory])
PKG_CHECK_VAR([systemd_tmpfilesdir], [systemd], [tmpfilesdir], [], [systemd_tmpfilesdir=no])
AC_MSG_RESULT([$systemd_tmpfilesdir])
AC_SUBST([LIBARGON2_LIBS])
AC_SUBST([BLKID_LIBS])
+AC_SUBST([LIBSSH_LIBS])
+
AC_SUBST([LIBCRYPTSETUP_VERSION])
AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
+dnl Set Requires.private for libcryptsetup.pc
+dnl pwquality is used only by tools
+PKGMODULES="uuid devmapper json-c"
+case $with_crypto_backend in
+ gcrypt) PKGMODULES+=" libgcrypt" ;;
+ openssl) PKGMODULES+=" openssl" ;;
+ nss) PKGMODULES+=" nss" ;;
+ nettle) PKGMODULES+=" nettle" ;;
+esac
+if test "x$enable_libargon2" = "xyes"; then
+ PKGMODULES+=" libargon2"
+fi
+if test "x$enable_blkid" = "xyes"; then
+ PKGMODULES+=" blkid"
+fi
+AC_SUBST([PKGMODULES])
dnl ==========================================================================
AC_ARG_ENABLE([dev-random],
AS_HELP_STRING([--enable-dev-random], [use /dev/random by default for key generation (otherwise use /dev/urandom)]))
AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
fi
-CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i])
+CS_STR_WITH([luks2-pbkdf], [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2id])
CS_NUM_WITH([luks1-iter-time], [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
CS_NUM_WITH([luks2-iter-time], [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
CS_NUM_WITH([luks2-memory-kb], [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
DEFAULT_LUKS2_LOCK_DIR_PERMS=$with_luks2_lock_dir_perms
AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)
+CS_STR_WITH([luks2-external-tokens-path], [path to directory with LUKSv2 external token handlers (plugins)], [LIBDIR/cryptsetup])
+if test -n "$with_luks2_external_tokens_path"; then
+ CS_ABSPATH([${with_luks2_external_tokens_path}],[with-luks2-external-tokens-path])
+ EXTERNAL_LUKS2_TOKENS_PATH=$with_luks2_external_tokens_path
+else
+ EXTERNAL_LUKS2_TOKENS_PATH="\${libdir}/cryptsetup"
+fi
+AC_SUBST(EXTERNAL_LUKS2_TOKENS_PATH)
+
dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
AC_ARG_WITH([default_luks_format],
AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
po/Makefile.in
scripts/cryptsetup.conf
tests/Makefile
+tests/fuzz/Makefile
])
AC_OUTPUT
+++ /dev/null
-#! /bin/sh
-# depcomp - compile a program generating dependencies as side-effects
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
-
-case $1 in
- '')
- echo "$0: No command. Try '$0 --help' for more information." 1>&2
- exit 1;
- ;;
- -h | --h*)
- cat <<\EOF
-Usage: depcomp [--help] [--version] PROGRAM [ARGS]
-
-Run PROGRAMS ARGS to compile a file, generating dependencies
-as side-effects.
-
-Environment variables:
- depmode Dependency tracking mode.
- source Source file read by 'PROGRAMS ARGS'.
- object Object file output by 'PROGRAMS ARGS'.
- DEPDIR directory where to store dependencies.
- depfile Dependency file to output.
- tmpdepfile Temporary file to use when outputting dependencies.
- libtool Whether libtool is used (yes/no).
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v | --v*)
- echo "depcomp $scriptversion"
- exit $?
- ;;
-esac
-
-# Get the directory component of the given path, and save it in the
-# global variables '$dir'. Note that this directory component will
-# be either empty or ending with a '/' character. This is deliberate.
-set_dir_from ()
-{
- case $1 in
- */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
- *) dir=;;
- esac
-}
-
-# Get the suffix-stripped basename of the given path, and save it the
-# global variable '$base'.
-set_base_from ()
-{
- base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
-}
-
-# If no dependency file was actually created by the compiler invocation,
-# we still have to create a dummy depfile, to avoid errors with the
-# Makefile "include basename.Plo" scheme.
-make_dummy_depfile ()
-{
- echo "#dummy" > "$depfile"
-}
-
-# Factor out some common post-processing of the generated depfile.
-# Requires the auxiliary global variable '$tmpdepfile' to be set.
-aix_post_process_depfile ()
-{
- # If the compiler actually managed to produce a dependency file,
- # post-process it.
- if test -f "$tmpdepfile"; then
- # Each line is of the form 'foo.o: dependency.h'.
- # Do two passes, one to just change these to
- # $object: dependency.h
- # and one to simply output
- # dependency.h:
- # which is needed to avoid the deleted-header problem.
- { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
- sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
- } > "$depfile"
- rm -f "$tmpdepfile"
- else
- make_dummy_depfile
- fi
-}
-
-# A tabulation character.
-tab=' '
-# A newline character.
-nl='
-'
-# Character ranges might be problematic outside the C locale.
-# These definitions help.
-upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
-lower=abcdefghijklmnopqrstuvwxyz
-digits=0123456789
-alpha=${upper}${lower}
-
-if test -z "$depmode" || test -z "$source" || test -z "$object"; then
- echo "depcomp: Variables source, object and depmode must be set" 1>&2
- exit 1
-fi
-
-# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
-depfile=${depfile-`echo "$object" |
- sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
-tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
-
-rm -f "$tmpdepfile"
-
-# Avoid interferences from the environment.
-gccflag= dashmflag=
-
-# Some modes work just like other modes, but use different flags. We
-# parameterize here, but still list the modes in the big case below,
-# to make depend.m4 easier to write. Note that we *cannot* use a case
-# here, because this file can only contain one case statement.
-if test "$depmode" = hp; then
- # HP compiler uses -M and no extra arg.
- gccflag=-M
- depmode=gcc
-fi
-
-if test "$depmode" = dashXmstdout; then
- # This is just like dashmstdout with a different argument.
- dashmflag=-xM
- depmode=dashmstdout
-fi
-
-cygpath_u="cygpath -u -f -"
-if test "$depmode" = msvcmsys; then
- # This is just like msvisualcpp but w/o cygpath translation.
- # Just convert the backslash-escaped backslashes to single forward
- # slashes to satisfy depend.m4
- cygpath_u='sed s,\\\\,/,g'
- depmode=msvisualcpp
-fi
-
-if test "$depmode" = msvc7msys; then
- # This is just like msvc7 but w/o cygpath translation.
- # Just convert the backslash-escaped backslashes to single forward
- # slashes to satisfy depend.m4
- cygpath_u='sed s,\\\\,/,g'
- depmode=msvc7
-fi
-
-if test "$depmode" = xlc; then
- # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
- gccflag=-qmakedep=gcc,-MF
- depmode=gcc
-fi
-
-case "$depmode" in
-gcc3)
-## gcc 3 implements dependency tracking that does exactly what
-## we want. Yay! Note: for some reason libtool 1.4 doesn't like
-## it if -MD -MP comes after the -MF stuff. Hmm.
-## Unfortunately, FreeBSD c89 acceptance of flags depends upon
-## the command line argument order; so add the flags where they
-## appear in depend2.am. Note that the slowdown incurred here
-## affects only configure: in makefiles, %FASTDEP% shortcuts this.
- for arg
- do
- case $arg in
- -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
- *) set fnord "$@" "$arg" ;;
- esac
- shift # fnord
- shift # $arg
- done
- "$@"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- mv "$tmpdepfile" "$depfile"
- ;;
-
-gcc)
-## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
-## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
-## (see the conditional assignment to $gccflag above).
-## There are various ways to get dependency output from gcc. Here's
-## why we pick this rather obscure method:
-## - Don't want to use -MD because we'd like the dependencies to end
-## up in a subdir. Having to rename by hand is ugly.
-## (We might end up doing this anyway to support other compilers.)
-## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
-## -MM, not -M (despite what the docs say). Also, it might not be
-## supported by the other compilers which use the 'gcc' depmode.
-## - Using -M directly means running the compiler twice (even worse
-## than renaming).
- if test -z "$gccflag"; then
- gccflag=-MD,
- fi
- "$@" -Wp,"$gccflag$tmpdepfile"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- # The second -e expression handles DOS-style file names with drive
- # letters.
- sed -e 's/^[^:]*: / /' \
- -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the "deleted header file" problem.
-## The problem is that when a header file which appears in a .P file
-## is deleted, the dependency causes make to die (because there is
-## typically no way to rebuild the header). We avoid this by adding
-## dummy dependencies for each header file. Too bad gcc doesn't do
-## this for us directly.
-## Some versions of gcc put a space before the ':'. On the theory
-## that the space means something, we add a space to the output as
-## well. hp depmode also adds that space, but also prefixes the VPATH
-## to the object. Take care to not repeat it in the output.
-## Some versions of the HPUX 10.20 sed can't process this invocation
-## correctly. Breaking it into two sed invocations is a workaround.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-hp)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-sgi)
- if test "$libtool" = yes; then
- "$@" "-Wp,-MDupdate,$tmpdepfile"
- else
- "$@" -MDupdate "$tmpdepfile"
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
-
- if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
- echo "$object : \\" > "$depfile"
- # Clip off the initial element (the dependent). Don't try to be
- # clever and replace this with sed code, as IRIX sed won't handle
- # lines with more than a fixed number of characters (4096 in
- # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
- # the IRIX cc adds comments like '#:fec' to the end of the
- # dependency line.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
- | tr "$nl" ' ' >> "$depfile"
- echo >> "$depfile"
- # The second pass generates a dummy entry for each header file.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
- >> "$depfile"
- else
- make_dummy_depfile
- fi
- rm -f "$tmpdepfile"
- ;;
-
-xlc)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-aix)
- # The C for AIX Compiler uses -M and outputs the dependencies
- # in a .u file. In older versions, this file always lives in the
- # current directory. Also, the AIX compiler puts '$object:' at the
- # start of each line; $object doesn't have directory information.
- # Version 6 uses the directory in both cases.
- set_dir_from "$object"
- set_base_from "$object"
- if test "$libtool" = yes; then
- tmpdepfile1=$dir$base.u
- tmpdepfile2=$base.u
- tmpdepfile3=$dir.libs/$base.u
- "$@" -Wc,-M
- else
- tmpdepfile1=$dir$base.u
- tmpdepfile2=$dir$base.u
- tmpdepfile3=$dir$base.u
- "$@" -M
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- do
- test -f "$tmpdepfile" && break
- done
- aix_post_process_depfile
- ;;
-
-tcc)
- # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
- # FIXME: That version still under development at the moment of writing.
- # Make that this statement remains true also for stable, released
- # versions.
- # It will wrap lines (doesn't matter whether long or short) with a
- # trailing '\', as in:
- #
- # foo.o : \
- # foo.c \
- # foo.h \
- #
- # It will put a trailing '\' even on the last line, and will use leading
- # spaces rather than leading tabs (at least since its commit 0394caf7
- # "Emit spaces for -MD").
- "$@" -MD -MF "$tmpdepfile"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
- # We have to change lines of the first kind to '$object: \'.
- sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
- # And for each line of the second kind, we have to emit a 'dep.h:'
- # dummy dependency, to avoid the deleted-header problem.
- sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-## The order of this option in the case statement is important, since the
-## shell code in configure will try each of these formats in the order
-## listed in this file. A plain '-MD' option would be understood by many
-## compilers, so we must ensure this comes after the gcc and icc options.
-pgcc)
- # Portland's C compiler understands '-MD'.
- # Will always output deps to 'file.d' where file is the root name of the
- # source file under compilation, even if file resides in a subdirectory.
- # The object file name does not affect the name of the '.d' file.
- # pgcc 10.2 will output
- # foo.o: sub/foo.c sub/foo.h
- # and will wrap long lines using '\' :
- # foo.o: sub/foo.c ... \
- # sub/foo.h ... \
- # ...
- set_dir_from "$object"
- # Use the source, not the object, to determine the base name, since
- # that's sadly what pgcc will do too.
- set_base_from "$source"
- tmpdepfile=$base.d
-
- # For projects that build the same source file twice into different object
- # files, the pgcc approach of using the *source* file root name can cause
- # problems in parallel builds. Use a locking strategy to avoid stomping on
- # the same $tmpdepfile.
- lockdir=$base.d-lock
- trap "
- echo '$0: caught signal, cleaning up...' >&2
- rmdir '$lockdir'
- exit 1
- " 1 2 13 15
- numtries=100
- i=$numtries
- while test $i -gt 0; do
- # mkdir is a portable test-and-set.
- if mkdir "$lockdir" 2>/dev/null; then
- # This process acquired the lock.
- "$@" -MD
- stat=$?
- # Release the lock.
- rmdir "$lockdir"
- break
- else
- # If the lock is being held by a different process, wait
- # until the winning process is done or we timeout.
- while test -d "$lockdir" && test $i -gt 0; do
- sleep 1
- i=`expr $i - 1`
- done
- fi
- i=`expr $i - 1`
- done
- trap - 1 2 13 15
- if test $i -le 0; then
- echo "$0: failed to acquire lock after $numtries attempts" >&2
- echo "$0: check lockdir '$lockdir'" >&2
- exit 1
- fi
-
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- # Each line is of the form `foo.o: dependent.h',
- # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
- # Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
- sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-hp2)
- # The "hp" stanza above does not work with aCC (C++) and HP's ia64
- # compilers, which have integrated preprocessors. The correct option
- # to use with these is +Maked; it writes dependencies to a file named
- # 'foo.d', which lands next to the object file, wherever that
- # happens to be.
- # Much of this is similar to the tru64 case; see comments there.
- set_dir_from "$object"
- set_base_from "$object"
- if test "$libtool" = yes; then
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir.libs/$base.d
- "$@" -Wc,+Maked
- else
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir$base.d
- "$@" +Maked
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
- do
- test -f "$tmpdepfile" && break
- done
- if test -f "$tmpdepfile"; then
- sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
- # Add 'dependent.h:' lines.
- sed -ne '2,${
- s/^ *//
- s/ \\*$//
- s/$/:/
- p
- }' "$tmpdepfile" >> "$depfile"
- else
- make_dummy_depfile
- fi
- rm -f "$tmpdepfile" "$tmpdepfile2"
- ;;
-
-tru64)
- # The Tru64 compiler uses -MD to generate dependencies as a side
- # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
- # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
- # dependencies in 'foo.d' instead, so we check for that too.
- # Subdirectories are respected.
- set_dir_from "$object"
- set_base_from "$object"
-
- if test "$libtool" = yes; then
- # Libtool generates 2 separate objects for the 2 libraries. These
- # two compilations output dependencies in $dir.libs/$base.o.d and
- # in $dir$base.o.d. We have to check for both files, because
- # one of the two compilations can be disabled. We should prefer
- # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
- # automatically cleaned when .libs/ is deleted, while ignoring
- # the former would cause a distcleancheck panic.
- tmpdepfile1=$dir$base.o.d # libtool 1.5
- tmpdepfile2=$dir.libs/$base.o.d # Likewise.
- tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
- "$@" -Wc,-MD
- else
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir$base.d
- tmpdepfile3=$dir$base.d
- "$@" -MD
- fi
-
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- do
- test -f "$tmpdepfile" && break
- done
- # Same post-processing that is required for AIX mode.
- aix_post_process_depfile
- ;;
-
-msvc7)
- if test "$libtool" = yes; then
- showIncludes=-Wc,-showIncludes
- else
- showIncludes=-showIncludes
- fi
- "$@" $showIncludes > "$tmpdepfile"
- stat=$?
- grep -v '^Note: including file: ' "$tmpdepfile"
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- # The first sed program below extracts the file names and escapes
- # backslashes for cygpath. The second sed program outputs the file
- # name when reading, but also accumulates all include files in the
- # hold buffer in order to output them again at the end. This only
- # works with sed implementations that can handle large buffers.
- sed < "$tmpdepfile" -n '
-/^Note: including file: *\(.*\)/ {
- s//\1/
- s/\\/\\\\/g
- p
-}' | $cygpath_u | sort -u | sed -n '
-s/ /\\ /g
-s/\(.*\)/'"$tab"'\1 \\/p
-s/.\(.*\) \\/\1:/
-H
-$ {
- s/.*/'"$tab"'/
- G
- p
-}' >> "$depfile"
- echo >> "$depfile" # make sure the fragment doesn't end with a backslash
- rm -f "$tmpdepfile"
- ;;
-
-msvc7msys)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-#nosideeffect)
- # This comment above is used by automake to tell side-effect
- # dependency tracking mechanisms from slower ones.
-
-dashmstdout)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout, regardless of -o.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- # Remove '-o $object'.
- IFS=" "
- for arg
- do
- case $arg in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift # fnord
- shift # $arg
- ;;
- esac
- done
-
- test -z "$dashmflag" && dashmflag=-M
- # Require at least two characters before searching for ':'
- # in the target name. This is to cope with DOS-style filenames:
- # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
- "$@" $dashmflag |
- sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
- rm -f "$depfile"
- cat < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this sed invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-dashXmstdout)
- # This case only exists to satisfy depend.m4. It is never actually
- # run, as this mode is specially recognized in the preamble.
- exit 1
- ;;
-
-makedepend)
- "$@" || exit $?
- # Remove any Libtool call
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
- # X makedepend
- shift
- cleared=no eat=no
- for arg
- do
- case $cleared in
- no)
- set ""; shift
- cleared=yes ;;
- esac
- if test $eat = yes; then
- eat=no
- continue
- fi
- case "$arg" in
- -D*|-I*)
- set fnord "$@" "$arg"; shift ;;
- # Strip any option that makedepend may not understand. Remove
- # the object too, otherwise makedepend will parse it as a source file.
- -arch)
- eat=yes ;;
- -*|$object)
- ;;
- *)
- set fnord "$@" "$arg"; shift ;;
- esac
- done
- obj_suffix=`echo "$object" | sed 's/^.*\././'`
- touch "$tmpdepfile"
- ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
- rm -f "$depfile"
- # makedepend may prepend the VPATH from the source file name to the object.
- # No need to regex-escape $object, excess matching of '.' is harmless.
- sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process the last invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed '1,2d' "$tmpdepfile" \
- | tr ' ' "$nl" \
- | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile" "$tmpdepfile".bak
- ;;
-
-cpp)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- # Remove '-o $object'.
- IFS=" "
- for arg
- do
- case $arg in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift # fnord
- shift # $arg
- ;;
- esac
- done
-
- "$@" -E \
- | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
- -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
- | sed '$ s: \\$::' > "$tmpdepfile"
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- cat < "$tmpdepfile" >> "$depfile"
- sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-msvisualcpp)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- IFS=" "
- for arg
- do
- case "$arg" in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
- set fnord "$@"
- shift
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift
- shift
- ;;
- esac
- done
- "$@" -E 2>/dev/null |
- sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
- echo "$tab" >> "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-msvcmsys)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-none)
- exec "$@"
- ;;
-
-*)
- echo "Unknown depmode $depmode" 1>&2
- exit 1
- ;;
-esac
-
-exit 0
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
2012-03-16 Milan Broz <gmazyland@gmail.com>
* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
* Add repair command and crypt_repair() for known LUKS metadata problems repair.
- * Allow to specify --align-payload only for luksFormat.
+ * Allow one to specify --align-payload only for luksFormat.
2012-03-16 Milan Broz <mbroz@redhat.com>
* Unify password verification option.
* Fix password callback call.
* Fix default plain password entry from terminal in activate_by_passphrase.
* Add --dump-master-key option for luksDump to allow volume key dump.
- * Allow to activate by internally cached volume key
+ * Allow one to activate by internally cached volume key
(format/activate without keyslots active - used for temporary devices).
* Initialize volume key from active device in crypt_init_by_name()
* Fix cryptsetup binary exitcodes.
-# Doxyfile 1.8.8
+# Doxyfile 1.9.1
#---------------------------------------------------------------------------
# Project related configuration options
CREATE_SUBDIRS = NO
ALLOW_UNICODE_NAMES = NO
OUTPUT_LANGUAGE = English
+OUTPUT_TEXT_DIRECTION = None
BRIEF_MEMBER_DESC = YES
REPEAT_BRIEF = YES
ABBREVIATE_BRIEF =
STRIP_FROM_INC_PATH =
SHORT_NAMES = NO
JAVADOC_AUTOBRIEF = NO
+JAVADOC_BANNER = NO
QT_AUTOBRIEF = NO
MULTILINE_CPP_IS_BRIEF = NO
+PYTHON_DOCSTRING = YES
INHERIT_DOCS = YES
SEPARATE_MEMBER_PAGES = NO
TAB_SIZE = 8
ALIASES =
-TCL_SUBST =
OPTIMIZE_OUTPUT_FOR_C = YES
OPTIMIZE_OUTPUT_JAVA = NO
OPTIMIZE_FOR_FORTRAN = NO
OPTIMIZE_OUTPUT_VHDL = NO
+OPTIMIZE_OUTPUT_SLICE = NO
EXTENSION_MAPPING =
MARKDOWN_SUPPORT = YES
+TOC_INCLUDE_HEADINGS = 5
AUTOLINK_SUPPORT = YES
BUILTIN_STL_SUPPORT = NO
CPP_CLI_SUPPORT = NO
SIP_SUPPORT = NO
IDL_PROPERTY_SUPPORT = YES
DISTRIBUTE_GROUP_DOC = NO
+GROUP_NESTED_COMPOUNDS = NO
SUBGROUPING = YES
INLINE_GROUPED_CLASSES = NO
INLINE_SIMPLE_STRUCTS = NO
TYPEDEF_HIDES_STRUCT = YES
LOOKUP_CACHE_SIZE = 0
+NUM_PROC_THREADS = 1
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
EXTRACT_ALL = NO
EXTRACT_PRIVATE = NO
+EXTRACT_PRIV_VIRTUAL = NO
EXTRACT_PACKAGE = NO
EXTRACT_STATIC = NO
EXTRACT_LOCAL_CLASSES = YES
EXTRACT_LOCAL_METHODS = NO
EXTRACT_ANON_NSPACES = NO
+RESOLVE_UNNAMED_PARAMS = YES
HIDE_UNDOC_MEMBERS = NO
HIDE_UNDOC_CLASSES = NO
HIDE_FRIEND_COMPOUNDS = NO
INTERNAL_DOCS = NO
CASE_SENSE_NAMES = YES
HIDE_SCOPE_NAMES = NO
+HIDE_COMPOUND_REFERENCE= NO
SHOW_INCLUDE_FILES = YES
SHOW_GROUPED_MEMB_INC = NO
FORCE_LOCAL_INCLUDES = NO
WARN_IF_UNDOCUMENTED = YES
WARN_IF_DOC_ERROR = YES
WARN_NO_PARAMDOC = NO
+WARN_AS_ERROR = NO
WARN_FORMAT = "$file:$line: $text"
WARN_LOGFILE =
#---------------------------------------------------------------------------
# Configuration options related to the input files
#---------------------------------------------------------------------------
-INPUT = "doxygen_index.h" \
- "../lib/libcryptsetup.h"
+INPUT = doxygen_index.h \
+ ../lib/libcryptsetup.h
INPUT_ENCODING = UTF-8
FILE_PATTERNS =
RECURSIVE = NO
EXCLUDE_SYMLINKS = NO
EXCLUDE_PATTERNS =
EXCLUDE_SYMBOLS =
-EXAMPLE_PATH = "examples"
+EXAMPLE_PATH = examples
EXAMPLE_PATTERNS =
EXAMPLE_RECURSIVE = NO
IMAGE_PATH =
USE_HTAGS = NO
VERBATIM_HEADERS = YES
CLANG_ASSISTED_PARSING = NO
+CLANG_ADD_INC_PATHS = YES
CLANG_OPTIONS =
+CLANG_DATABASE_PATH =
#---------------------------------------------------------------------------
# Configuration options related to the alphabetical class index
#---------------------------------------------------------------------------
ALPHABETICAL_INDEX = YES
-COLS_IN_ALPHA_INDEX = 5
IGNORE_PREFIX =
#---------------------------------------------------------------------------
# Configuration options related to the HTML output
HTML_COLORSTYLE_SAT = 100
HTML_COLORSTYLE_GAMMA = 80
HTML_TIMESTAMP = YES
+HTML_DYNAMIC_MENUS = YES
HTML_DYNAMIC_SECTIONS = NO
HTML_INDEX_NUM_ENTRIES = 100
GENERATE_DOCSET = NO
ENUM_VALUES_PER_LINE = 4
TREEVIEW_WIDTH = 250
EXT_LINKS_IN_WINDOW = NO
+HTML_FORMULA_FORMAT = png
FORMULA_FONTSIZE = 10
FORMULA_TRANSPARENT = YES
+FORMULA_MACROFILE =
USE_MATHJAX = NO
MATHJAX_FORMAT = HTML-CSS
MATHJAX_RELPATH = http://www.mathjax.org/mathjax
LATEX_OUTPUT = latex
LATEX_CMD_NAME = latex
MAKEINDEX_CMD_NAME = makeindex
+LATEX_MAKEINDEX_CMD = makeindex
COMPACT_LATEX = NO
PAPER_TYPE = a4
EXTRA_PACKAGES =
LATEX_HEADER =
LATEX_FOOTER =
+LATEX_EXTRA_STYLESHEET =
LATEX_EXTRA_FILES =
PDF_HYPERLINKS = YES
USE_PDFLATEX = YES
LATEX_HIDE_INDICES = NO
LATEX_SOURCE_CODE = NO
LATEX_BIB_STYLE = plain
+LATEX_TIMESTAMP = NO
+LATEX_EMOJI_DIRECTORY =
#---------------------------------------------------------------------------
# Configuration options related to the RTF output
#---------------------------------------------------------------------------
RTF_HYPERLINKS = NO
RTF_STYLESHEET_FILE =
RTF_EXTENSIONS_FILE =
+RTF_SOURCE_CODE = NO
#---------------------------------------------------------------------------
# Configuration options related to the man page output
#---------------------------------------------------------------------------
GENERATE_XML = NO
XML_OUTPUT = xml
XML_PROGRAMLISTING = YES
+XML_NS_MEMB_FILE_SCOPE = NO
#---------------------------------------------------------------------------
# Configuration options related to the DOCBOOK output
#---------------------------------------------------------------------------
ALLEXTERNALS = NO
EXTERNAL_GROUPS = YES
EXTERNAL_PAGES = YES
-PERL_PATH =
#---------------------------------------------------------------------------
# Configuration options related to the dot tool
#---------------------------------------------------------------------------
CLASS_DIAGRAMS = YES
-MSCGEN_PATH =
DIA_PATH =
HIDE_UNDOC_RELATIONS = YES
HAVE_DOT = NO
GROUP_GRAPHS = YES
UML_LOOK = NO
UML_LIMIT_NUM_FIELDS = 10
+DOT_UML_DETAILS = NO
+DOT_WRAP_THRESHOLD = 17
TEMPLATE_RELATIONS = NO
INCLUDE_GRAPH = YES
INCLUDED_BY_GRAPH = YES
MSCFILE_DIRS =
DIAFILE_DIRS =
PLANTUML_JAR_PATH =
+PLANTUML_CFG_FILE =
+PLANTUML_INCLUDE_PATH =
DOT_GRAPH_MAX_NODES = 50
MAX_DOT_GRAPH_DEPTH = 0
DOT_TRANSPARENT = NO
/*
* libcryptsetup API log example
*
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/*
* libcryptsetup API - using LUKS device example
*
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* Fix optional password callback handling.
- * Allow to activate by internally cached volume key immediately after
+ * Allow one to activate by internally cached volume key immediately after
crypt_format() without active slot (for temporary devices with
on-disk metadata)
* Fix header check to support old (cryptsetup 1.0.0) header alignment.
(Regression in 1.4.0)
-* Allow to specify --align-payload only for luksFormat.
+* Allow one to specify --align-payload only for luksFormat.
* Add --master-key-file option to luksOpen (open using volume key).
Device-mapper now retry removal if device is busy.
* Allow "private" activation (skip some udev global rules) flag.
- Cryptsetup library API now allows to specify CRYPT_ACTIVATE_PRIVATE,
+ Cryptsetup library API now allows one to specify CRYPT_ACTIVATE_PRIVATE,
which means that some udev rules are not processed.
(Used for temporary devices, like internal keyslot mappings where
it is not desirable to run any device scans.)
Changes since version 1.6.0-rc1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- * Change LUKS default cipher to to use XTS encryption mode,
+ * Change LUKS default cipher to use XTS encryption mode,
aes-xts-plain64 (i.e. using AES128-XTS).
XTS mode becomes standard in hard disk encryption.
WARNING: these tests do not use dmcrypt, only crypto API.
You have to benchmark the whole device stack and you can get completely
- different results. But is is usable for basic comparison.
+ different results. But it is usable for basic comparison.
(Note for example AES-NI decryption optimization effect in example above.)
Features
* Fix cipher specification string parsing (found by gcc -fsanitize=address option).
* Try to map TCRYPT system encryption through partition
- (allows to activate mapping when other partition on the same device is mounted).
+ (allows one to activate mapping when other partition on the same device is mounted).
* Print a warning if system encryption is used and device is a partition.
(TCRYPT system encryption uses whole device argument.)
Please refer to cryptsetup FAQ for detail how to fix this situation.
-* Allow to use --disable-gcrypt-pbkdf2 during configuration
+* Allow one to use --disable-gcrypt-pbkdf2 during configuration
to force use internal PBKDF2 code.
* Require gcrypt 1.6.1 for imported implementation of PBKDF2
The command "cryptsetup status" will print basic info, even if you
do not provide detached header argument.
-* Allow to specify ECB mode in cryptsetup benchmark.
+* Allow one to specify ECB mode in cryptsetup benchmark.
* Add some LUKS images for regression testing.
Note that if image with Whirlpool fails, the most probable cause is that
* Support permanent device decryption for cryptsetup-reencrypt.
To remove LUKS encryption from a device, you can now use --decrypt option.
-* Allow to use --header option in all LUKS commands.
+* Allow one to use --header option in all LUKS commands.
The --header always takes precedence over positional device argument.
* Allow luksSuspend without need to specify a detached header.
* Detect if O_DIRECT is usable on a device allocation.
There are some strange storage stack configurations which wrongly allows
- to open devices with direct-io but fails on all IO operations later.
+ one to open devices with direct-io but fails on all IO operations later.
Cryptsetup now tries to read the device first sector to ensure it can use
direct-io.
cryptsetup resize will try to resize underlying loop device as well.
(It can be used to grow up file-backed device in one step.)
-* Cryptsetup now allows to use empty password through stdin pipe.
+* Cryptsetup now allows one to use empty password through stdin pipe.
(Intended only for testing in scripts.)
Cryptsetup API NOTE:
Changes since version 1.7.3
-* Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper.
+* Allow one to specify LUKS1 hash algorithm in Python luksFormat wrapper.
* Use LUKS1 compiled-in defaults also in Python wrapper.
Integritysetup is intended to be used for settings that require
non-cryptographic data integrity protection with no data encryption.
- Fo setting integrity protected encrypted devices, see disk authenticated
+ For setting integrity protected encrypted devices, see disk authenticated
encryption below.
Note that after formatting the checksums need to be initialized;
in kernel (more on this later).
NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
in kernel have too small 96-bit nonces that are problematic with
- randomly generated IVs (the collison probability is not negligible).
+ randomly generated IVs (the collision probability is not negligible).
For the GCM, nonce collision is a fatal problem.
* Authenticated encryption do not set encryption for dm-integrity journal.
* Add LUKS2 specific options for cryptsetup-reencrypt.
Tokens and persistent flags are now transferred during reencryption;
- change of PBKDF keyslot parameters is now supported and allows
+ change of PBKDF keyslot parameters is now supported and allows one
to set precalculated values (no benchmarks).
* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
* New API extensions for unbound keyslots (LUKS2 only)
crypt_keyslot_get_key_size() and crypt_volume_key_get()
- These functions allow to get key and key size for unbound keyslots.
+ These functions allow one to get key and key size for unbound keyslots.
* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
* crypt_get_metadata_size
* crypt_set_metadata_size
- allows to set/get area sizes in LUKS header
+ allows one to set/get area sizes in LUKS header
(according to specification).
* crypt_get_default_type
get default compiled-in LUKS type (version).
* crypt_get_pbkdf_type_params
- allows to get compiled-in PBKDF parameters.
+ allows one to get compiled-in PBKDF parameters.
* crypt_keyslot_set_encryption
* crypt_keyslot_get_encryption
- allows to set/get per-keyslot encryption algorithm for LUKS2.
+ allows one to set/get per-keyslot encryption algorithm for LUKS2.
* crypt_keyslot_get_pbkdf
- allows to get PBKDF parameters per-keyslot.
+ allows one to get PBKDF parameters per-keyslot.
and these new defines:
* CRYPT_LOG_DEBUG_JSON (message type for JSON debug)
The BITLK implementation is based on publicly available information
and it is an independent and opensource implementation that allows
-to access this proprietary disk encryption.
+one to access this proprietary disk encryption.
Changes since version 2.2.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
The slot number --key-slot (-S) option is mandatory here.
An unbound keyslot store a key is that is not assigned to data
- area on disk (LUKS2 allows to store arbitrary keys).
+ area on disk (LUKS2 allows one to store arbitrary keys).
* Rephrase some error messages and remove redundant end-of-lines.
If users want to use blake2b/blake2s, the kernel algorithm name includes
a dash (like "blake2s-256").
- Theses algorithms can now be used for integritysetup devices.
+ These algorithms can now be used for integritysetup devices.
* Fix crypto backend to properly handle ECB mode.
--- /dev/null
+Cryptsetup 2.4.0 Release Notes
+==============================
+Stable release with new features and bug fixes.
+
+This version introduces support for external libraries
+(plugins) for handling LUKS2 token objects.
+
+Changes since version 2.3.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* External LUKS token plugins
+
+ A LUKS2 token is an object that can describe how to get a passphrase
+ to unlock a particular keyslot. The generic metadata format is part
+ of the LUKS2 specification.
+
+ Cryptsetup 2.4 adds the possibility to implement token handlers
+ in external libraries (possibly provided by other projects).
+
+ A token library allows cryptsetup to understand metadata and provide
+ basic operations. Currently external tokens may be used to unlock
+ keyslots for following CLI actions: open (luksOpen),
+ refresh (open --refresh), resize and dump (prints token specific
+ content).
+
+ LUKS2 devices cannot be resumed (luksResume action) via tokens yet.
+ Support for resume and other actions will be added later.
+
+ The library now provides an interface that automatically tries to load
+ an external library for a token object in LUKS2 metadata.
+
+ Token libraries should be installed in the cryptsetup subdirectory
+ (usually /lib*/cryptsetup). This path is configurable through
+ --with-luks2-external-tokens-path configure option.
+
+ The external plugin loading can be compiled entirely out if
+ --disable-external-tokens configure option is used. The external token
+ interface can also be disabled runtime on the command line by
+ --disable-external-tokens cryptsetup switch or by calling
+ crypt_token_external_disable() API function.
+
+ The name of the loaded token library is determined from the JSON LUKS
+ metadata token object type. For example, "ssh" token will load library
+ "libcryptsetup-token-ssh.so".
+
+ External projects can use this interface to handle specific hardware
+ without introducing additional dependencies to libcryptsetup core.
+
+ As of cryptsetup 2.4.0 release systemd project already merged upstream
+ native cryptsetup token handler for its systemd-tpm2 LUKS2 token
+ released originally in systemd-v248. The token can be created using
+ systemd-cryptenroll utility and devices may be manipulated either by
+ systemd-cryptsetup cli or by cryptsetup for actions listed above.
+
+ Other tokens like systemd-fido2 and systemd-pkcs11 are currently
+ in-review.
+
+* Experimental SSH token
+
+ As a demonstration of the external LUKS2 token interface, a new SSH
+ token handler and cryptsetup-ssh utility is now provided and compiled
+ by default.
+
+ Crypsetup SSH token allows using remote keyfile through SSH protocol
+ (it will authenticate through SSH certificates).
+
+ You can disable the build of this token library with
+ --disable-ssh-token configure option.
+
+To configure the token metadata, you need cryptsetup-ssh utility.
+
+Activation of the device is then performed by the cryptsetup utility.
+
+Example (how to activate LUKS2 through remote keyfile):
+
+ - configure existing LUKS2 device with keyslot activated by a keyfile
+ # cryptsetup luksAddKey <device> keyfile --key-slot 2
+
+ - store that keyfile on a remote system accessible through SSH
+
+ - configure SSH to use certificate for authentication
+
+ - add a LUKS2 token with cryptsetup-ssh utility:
+ # cryptsetup-ssh add <device>1 --key-slot 2 \
+ --ssh-server test-vm \
+ --ssh-user test \
+ --ssh-path /home/test/keyfile \
+ --ssh-keypath /home/test/.ssh/test_rsa_key
+
+ - you should see token metadata now with "cryptsetup luksDump ..."
+ ...
+ Tokens:
+ 0: ssh
+ ssh_server: test-vm
+ ssh_user: test
+ ssh_path: /home/test/keyfile
+ ssh_key_path: /home/test/.ssh/test_rsa_key
+ Keyslot: 2
+
+
+ - activation now should be automatic
+ # cryptsetup open <device> test --verbose
+ SSH token initiating ssh session.
+ Key slot 2 unlocked.
+ Command successful.
+
+ - to remove a token, you can use "cryptsetup token remove" command
+ (no plugin library required)
+
+ Please note SSH token is just demonstration of plugin interface API,
+ it is an EXPERIMENTAL feature.
+
+* Add cryptsetup --token-type parameter.
+
+ It restricts token type to the parameter value in case no specific
+ token-id is selected.
+
+* Support for token based activation with PIN.
+
+ If specific token requires PIN to unlock keyslot passphrase and
+ --token-only parameter was used cryptsetup asks for additional
+ token PIN.
+
+* Respect keyslot priority with token-based activation.
+
+* Default LUKS2 PBKDF is now Argon2id
+
+ Cryptsetup LUKS2 was using Argon2 while there were two versions,
+ data-independent (Argon2i) suitable for the KDF use case and
+ Argon2d (data-dependent). Later Argon2id was introduced as a new
+ mandatory algorithm.
+
+ We switched the password-based key derivation algorithms
+ following the latest version of Argon2 RFC draft
+ (https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/) to Argon2id
+ (from Argon2i) as it is the mandatory and primary version
+ of the Argon2 algorithm.
+
+ There is no need to modify older containers; the main reason is that
+ RFC makes Argon2id the primary variant, while Argon2i subvariant is
+ only optional.
+ Argon2id provides better protection to side-channel attacks while
+ still providing protection to time-memory tradeoffs.
+
+ We will switch to OpenSSL implementation once it is available.
+ With a crystal ball as a reference, it could happen early in
+ OpenSSL 3.1 release.
+ Watch https://github.com/openssl/openssl/issues/4091.
+
+* Increase minimal memory cost for Argon2 benchmark to 64MiB.
+
+ This patch increases the benchmarking value to 64 MiB (as minimal
+ suggested values in Argon2 RFC). For compatibility reasons, we still
+ allow older limits if set by a parameter.
+
+ NOTE: Argon2 RFC draft defines suggested parameters for disk
+ encryption, but the LUKS2 approach is slightly different. We need to
+ provide platform-independent values. The values in the draft expect
+ 64bit systems (suggesting using 6 GiB of RAM). In comparison, we need
+ to provide compatibility with all 32bit systems, so allocating more
+ than 4GiB memory is not an option for LUKS2.
+
+ The maximal limit in LUKS2 stays for 4 GiB, and by default LUKS2 PBKDF
+ benchmarking sets maximum to 1 GIB, preferring an increase of CPU cost
+ while running benchmark
+
+* Autodetect optimal encryption sector size on LUKS2 format.
+
+ While the support for larger encryption sectors is supported
+ for several releases, it required an additional parameter.
+
+ Code now uses automatic detection of 4096-bytes native sector devices
+ and automatically enables 4096-bytes encryption size for LUKS2.
+
+ If no setor size option is used, sector size is detected
+ automatically by cryptsetup. For libcryptsetup API, autodetection
+ happens once you specify sector_size to 0.
+
+ NOTE: crypt_format() function runs autodetection ONLY if you
+ recompile your application to the new API symbol version.
+ For backward compatibility, older applications ignore this parameter.
+
+* Use VeraCrypt option by default and add --disable-veracrypt option.
+
+ While TrueCrypt is no longer developed and supported since 2014,
+ VeraCrypt devices (a successor of TrueCrypt) are much more used today.
+
+ Default is now to support VeraCrypt format (in addition to TrueCrypt),
+ making the --veracrypt option obsolete (ignored as it is the default).
+
+ If you need to disable VeraCrypt support, use the new option
+ --disable-veracrypt.
+
+ This option increases the time to recognize wrong passwords because
+ some VeraCrypt modes use a high PBKDF2 iteration count, and the code
+ must try all variants. This could be limited by using --hash and
+ --cipher options mentioned below.
+
+* Support --hash and --cipher to limit opening time for TCRYPT type
+
+ If a user knows which particular PBKDF2 hash or cipher is used for
+ TrueCrypt/VeraCrypt container, TCRYPT format now supports --hash and
+ --cipher option.
+
+ Note the value means substring (all cipher chains containing
+ the cipher substring are tried).
+
+ For example, you can use
+ # cryptsetup tcryptDump --hash sha512 <container>
+
+ Note: to speed up the scan, the hash option (used for PBKDF)2 matters.
+ Cipher variants are scanned very quickly.
+
+ Use with care.
+ It can reveal some sensitive attributes of the container!
+
+* Fixed default OpenSSL crypt backend support for OpenSSL3.
+
+ For OpenSSL version 3, we need to load legacy provider for older hash
+ and ciphers. For example, RIPEMD160 and Whirlpool hash algorithms are
+ no longer available by default.
+
+ NOTE: the plain format still uses RIPEMD160 for password hashing by
+ default. Changing the default would cause incompatibilities for many
+ old systems. Nevertheless, such a change will be needed very soon.
+
+* integritysetup: add integrity-recalculate-reset flag.
+
+ The new dm-integrity option in kernel 5.13 can restart recalculation
+ from the beginning of the device.
+ It can be used to change the integrity checksum function.
+
+ New integritysetup --integrity-recalculate-reset option is added to
+ integritysetup, and CRYPT_ACTIVATE_RECALCULATE_RESET flag to API.
+
+* cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
+
+ In LUKS1, any change in keyslot means keyslot number change.
+
+ In LUKS2, we can retain the keyslot number.
+ Now luksKeyChange and crypt_keyslot_change_by_passphrase() API
+ retains keyslot number for LUKS2 by default.
+
+* Fix cryptsetup resize using LUKS2 tokens.
+
+ Fix a bug where cryptsetup needlessly asked for a passphrase even
+ though the volume key was already unlocked via LUKS2 token.
+
+* Add close --deferred and --cancel-deferred options.
+
+ All command-line utilities now understand deferred options for the
+ close command. Deferred close means that the device is removed
+ automagically after the last user closed the device.
+ Cancel deferred means to cancel this operation (so the device remains
+ active even if there a no longer active users).
+
+ CRYPT_DEACTIVATE_DEFERRED and CRYPT_DEACTIVATE_DEFERRED_CANCEL flags
+ are now available for API.
+
+* Rewritten command-line option parsing to avoid libpopt arguments
+ memory leaks.
+
+ Note: some distributions use patched lipopt that still leaks memory
+ inside internal code (see Debian bug 941814).
+
+* Add --test-args option.
+
+ New --test-args option can be used for syntax checking for valid
+ command-line arguments with no actions performed.
+ Note that it cannot detect unknown algorithm names and similar where
+ we need call API functions.
+
+* veritysetup: add --root-hash-file option
+ Allow passing the root hash via a file, rather than verbatim on
+ the command line, for the open, verify, and format actions.
+
+* libcryptsetup C API extensions (see libcryptsetup.h for details)
+
+ - crypt_logf - a printf like log function
+ - crypt_dump_json - dump LUKS2 metadata in JSON format
+ - crypt_header_is_detached - check if context use detached header
+ - crypt_token_max - get maximal tokens number
+ - crypt_token_external_path - get path for plugins (or NULL)
+ - crypt_token_external_disable - disable runtime support for plugins
+ - crypt_activate_by_token_pin - activate by token with additional PIN
+ - crypt_reencrypt_run - fixed API for deprecated crypt_reencrypt
+
+ The token plugin library interface cosists from these versioned
+ exported symbols (for details see header file and SSH token example):
+ cryptsetup_token_open
+ cryptsetup_token_open_pin
+ cryptsetup_token_buffer_free
+ cryptsetup_token_validate
+ cryptsetup_token_dump
+ cryptsetup_token_version
+
+ Since version 2.4 libcryptsetup uses exact symbol versioning
+ Newly introduced functions have CRYPTSETUP_2.4 namespace (the old
+ symbol always used CRYPTSETUP_2.0).
+ There is no change in soname (the library is backward compatible).
+
+ * Many fixes and additions to documentation and man pages.
--- /dev/null
+Cryptsetup 2.4.1 Release Notes
+==============================
+Stable bug-fix release with minor extensions.
+
+All users of cryptsetup 2.4.0 should upgrade to this version.
+
+Changes since version 2.4.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix compilation for libc implementations without dlvsym().
+
+ Some alternative libc implementations (like musl) do not provide
+ versioned symbols dlvsym function. Code now fallbacks to dlsym
+ operation for dynamic LUKS2 token load.
+ It is up to maintainers to ensure that LUKS2 token plugins are
+ compiled for the supported version.
+
+* Fix compilation and tests on systems with non-standard libraries
+ (standalone argp library, external gettext library, BusyBox
+ implementations of standard tools).
+
+* Try to workaround some issues on systems without udev support.
+ NOTE: non-udev systems cannot provide all functionality for kernel
+ device-mapper, and some operations can fail.
+
+* Fixes for OpenSSL3 crypto backend (including FIPS mode).
+ Because cryptsetup still requires some hash functions implemented
+ in OpenSSL3 legacy provider, crypto backend now uses its library
+ context and tries to load both default and legacy OpenSSL3 providers.
+
+ If FIPS mode is detected, no library context is used, and it is up
+ to the OpenSSL system-wide policy to load proper providers.
+
+ NOTE: We still use some deprecated API in the OpenSSL3 backend,
+ and there are some known problems in OpenSSL 3.0.0.
+
+* Print error message when assigning a token to an inactive keyslot.
+
+* Fix offset bug in LUKS2 encryption code if --offset option was used.
+
+* Do not allow LUKS2 decryption for devices with data offset.
+ Such devices cannot be used after decryption.
+
+* Fix LUKS1 cryptsetup repair command for some specific problems.
+ Repair code can now fix wrongly used initialization vector
+ specification in ECB mode (that is insecure anyway!) and repair
+ the upper-case hash specification in the LUKS1 header.
--- /dev/null
+Cryptsetup 2.4.2 Release Notes
+==============================
+Stable bug-fix release.
+
+All users of cryptsetup 2.4.1 should upgrade to this version.
+
+Changes since version 2.4.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix possible large memory allocation if LUKS2 header size is invalid.
+ LUKS2 code read the full header to buffer to verify the checksum.
+ The maximal supported header size now limits the memory allocation.
+
+* Fix memory corruption in debug message printing LUKS2 checksum.
+
+* veritysetup: remove link to the UUID library for the static build.
+
+* Remove link to pwquality library for integritysetup and veritysetup.
+ These tools do not read passphrases.
+
+* OpenSSL3 backend: avoid remaining deprecated calls in API.
+ Crypto backend no longer use API deprecated in OpenSSL 3.0
+
+
+* Check if kernel device-mapper create device failed in an early phase.
+ This happens when a concurrent creation of device-mapper devices
+ meets in the very early state.
+
+* Do not set compiler optimization flag for Argon2 KDF if the memory
+ wipe is implemented in libc.
+
+* Do not attempt to unload LUKS2 tokens if external tokens are disabled.
+ This allows building a static binary with --disable-external-tokens.
+
+* LUKS convert: also check sysfs for device activity.
+ If udev symlink is missing, code fallbacks to sysfs scan to prevent
+ data corruption for the active device.
-Cryptsetup 2.3.7 Release Notes
+Cryptsetup 2.4.3 Release Notes
==============================
Stable security bug-fix release that fixes CVE-2021-4122.
-All users of cryptsetup 2.3.x must upgrade to this version.
+All users of cryptsetup 2.4.x must upgrade to this version.
-Changes since version 2.3.6
+Changes since version 2.4.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix possible attacks against data confidentiality through LUKS2 online
version 1.1.0 (with reencryption extension description and updated
metadata description). See docs/on-disk-format-luks2.pdf or online
version in https://gitlab.com/cryptsetup/LUKS2-docs repository.
+
+* Fix support for bitlk (BitLocker compatible) startup key with new
+ metadata entry introduced in Windows 11.
+
+* Fix space restriction for LUKS2 reencryption with data shift.
+ The code required more space than was needed.
--- /dev/null
+Cryptsetup 2.5.0 Release Notes
+==============================
+Stable release with new features and bug fixes.
+
+Changes since version 2.4.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Split manual pages into per-action pages and use AsciiDoc format.
+
+ Manual pages are now generated from AsciiDoc format, allowing easy
+ conditional modifications for per-action options.
+
+ Generation of man pages requires the asciidoctor tool installed.
+
+ Pre-generated man pages are also included in the distribution tarball.
+ You can use --disable-asciidoc configure option to skip man page
+ generation completely. In this case, pre-generated man pages will be
+ used for installation.
+
+ For cryptsetup, there is main man page (cryptsetup.8) that references
+ separate man pages for each command (for example, cryptsetup-open.8).
+ You can open such a man page by simply running "man cryptsetup open".
+ Also, man pages for action aliases are available (cryptsetup-luksOpen.8
+ is an alias for cryptsetup-open.8, etc.)
+
+LUKS volume reencryption changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Remove cryptsetup-reencrypt tool from the project and move reencryption
+ to already existing "cryptsetup reencrypt" command.
+
+ Cryptsetup reencrypt now handles both LUKS1 and LUKS2 reencryption,
+ encryption, and decryption.
+
+ If you need to emulate the old cryptsetup-reencrypt binary, use simple
+ wrappers script running "exec cryptsetup reencrypt $@".
+
+ All command line options should be compatible. An exception is the
+ reencryption of LUKS2 volumes with old LUKS1 reencryption code that was
+ replaced by native and more resilient LUKS2 reencryption.
+
+* LUKS2: implement --decryption option that allows LUKS removal. The
+ operation can run online or offline and supports the data shift option.
+
+ During the initialization, the LUKS2 header is exported to a file.
+ The first data segment is moved to the head of the data device in place
+ of the original header.
+
+ The feature internally introduces several new resilience modes
+ (combination of existing modes datashift and "checksum" or "journal").
+ Datashift resilience mode is applied for data moved towards the first
+ segment, and the first segment is then decrypted in place.
+
+ This decryption mode is not backward compatible with prior LUKS2
+ reencryption. Interrupted operations in progress cannot be resumed
+ using older cryptsetup releases.
+
+* Reencryption metadata options that are not compatible with recent code
+ (features implemented in more recent releases) are now only read, but
+ code will not activate or modify such metadata.
+ Reencryption metadata contains a version that is validated when
+ reencryption is resumed.
+ For more info, see the updated LUKS2 on-disk format specification.
+
+ Safe operation of reencryption is to always finish the operation with
+ only one version of the tools.
+
+* Fix decryption operation with --active-name option and restrict
+ it to be used only with LUKS2.
+
+* Do not refresh reencryption digest when not needed.
+ This should speed up the reencryption resume process.
+
+* Store proper resilience data in LUKS2 reencrypt initialization.
+ Resuming reencryption now does not require specification of resilience
+ type parameters if these are the same as during initialization.
+
+* Properly wipe the unused area after reencryption with datashift in
+ the forward direction.
+
+* Check datashift value against larger sector size.
+ For example, it could cause an issue if misaligned 4K sector appears
+ during decryption.
+
+* Do not allow sector size increase reencryption in offline mode.
+ The eventual logical block size increase on the dm-crypt device above
+ may lead to an unusable filesystem. Do not allow offline reencryption
+ when sector size increase is requested.
+
+ You can use --force-offline-reencrypt option to override this check
+ (and potentially destroy the data).
+
+* Do not allow dangerous sector size change during reencryption.
+ By changing the encryption sector size during reencryption, a user
+ may increase the effective logical block size for the dm-crypt active
+ device.
+
+ Do not allow encryption sector size to be increased over the value
+ provided by fs superblock in BLOCK_SIZE property.
+
+* Ask the user for confirmation before resuming reencryption.
+ The prompt is not shown in batch mode or when the user explicitly asks
+ for a reencryption resume via --resume-only.
+
+* Do not resume reencryption with conflicting parameters.
+ For example, if the operation was initialized as --encrypt, do not
+ allow resume with opposing parameter --decrypt and vice versa.
+ Also, the code now checks for conflicting resilience parameters
+ (datashift cannot be changed after initialization).
+
+* Add --force-offline-reencrypt option.
+ It can be used to enforce offline reencryption in batch mode when
+ the device is a regular file; therefore, cryptsetup cannot detect
+ properly active devices using it.
+ Also, it may be useful to override the active device auto-detection
+ for specific storage configurations (dangerous!).
+
+* Do not allow nested encryption in LUKS reencrypt.
+ Avoid accidental nested encryption via cryptsetup reencrypt --encrypt.
+
+* Fix --test-passphrase when the device is in reencryption.
+
+* Do not upload keys in keyring during offline reencryption.
+ Reencryption runs in userspace, so the kernel does not need the key.
+
+* Support all options allowed with luksFormat with encrypt action.
+
+* Add prompt if LUKS2 decryption is run with a detached header.
+
+* Add warning for reencryption of file image and mention
+ the possible use of --force-offline-reencrypt option.
+
+Other changes
+~~~~~~~~~~~~~
+
+* Add resize action to integritysetup.
+ This allows resizing of standalone integrity devices.
+
+* Support --device-size option (that allows unit specification) for plain
+ devices (existing --size option requires 512-byte sectors units).
+
+* Fix detection of encryption sector size if a detached header is used.
+
+* Remove obsolete dracut plugin reencryption example.
+
+* Fix possible keyslot area size overflow during conversion to LUKS2.
+ If keyslots are not sorted according to binary area offset, the area
+ size calculation was wrong and could overflow.
+
+* Hardening and fixes to LUKS2 validation functions:
+
+ * Log a visible error if convert fails due to validation check.
+
+ * Check for interval (keyslot and segment area) overflow.
+
+ * Check cipher availability before LUKS conversion to LUKS2.
+ Some historic incompatibilities are ignored for LUKS1 but do not
+ work for LUKS2.
+
+ * Add empty string check to LUKS2 metadata JSON validation.
+ Most of the LUKS2 fields cannot be empty.
+
+ * Fix JSON objects validation to check JSON object type properly.
+
+* TCRYPT: Properly apply retry count and continue if some PBKDF variant
+ is unavailable.
+
+* BITLK: Add a warning when activating a device with the wrong size
+ stored in metadata.
+
+* BITLK: Add BitLocker volume size to dump command.
+
+* BITLK: Fix possible UTF16 buffer overflow in volume key dump.
+
+* BITLK: Skip question if the batch mode is set for volume key dump.
+
+* BITLK: Check dm-zero availability in the kernel.
+ Bitlocker compatible mode uses dm-zero to mask metadata area.
+ The device cannot be activated if dm-zero is not available.
+
+* Fix error message for LUKS2-only cryptsetup commands to explicitly
+ state LUKS2 version is required.
+
+* Fix error message for incompatible dm-integrity metadata.
+ If the integritysetup tool is too old, kernel dm-integrity may use
+ a more recent version of dm-integrity metadata.
+
+* Properly deactivate the integrity device even if the LUKS2 header
+ is no longer available.
+ If LUKS2 is used with integrity protection, there is always
+ a dm-integrity device underneath that must be deactivated.
+
+* Allow use of --header option for cryptsetup close.
+ This can be used to check that the activated device has the same UUID.
+
+* Fix activation of LUKS2 device with integrity and detached header.
+ The kernel-parsed dm-integrity superblock is always located on the
+ data device, the incorrectly used detached header device here.
+
+* Add ZEROOUT IOCTL support for crypt_wipe API call.
+ For block devices, we can use optimized in-kernel BLKZEROOUT ioctl.
+
+* VERITY: set loopback sector size according to dm-verity block sizes.
+ Verity block size has the same limits, so we can optimize the loop
+ device to increase performance.
+
+* Other Documentation and man page improvements:
+
+ * Update LUKS2 on-disk format description.
+
+ * Add per-keyslot LUKS2 options to the man page.
+ Some options were missing for LUKS2 luksAddKey and luksChangeKey.
+
+ * Fix cryptsetup manpage to use PBKDF consistently.
+
+ * Add compile info to README. This information was lost when we removed
+ the default automake INSTALL file.
+
+ * Use volume key consistently in FAQ and man pages.
+
+ * Use markdown version of FAQ directly for installation.
+
+ * Clarify graceful reencryption interruption.
+ Currently, it can be interrupted by both SIGINT and SIGTERM signals.
+
+ * Add new mailing list info.
+
+ * Mention non-cryptographic xxhash64 hash for integrity protection.
+
+* veritysetup: dump device sizes.
+ Calculating device sizes for verity devices is a little bit tricky.
+ Data, hash, and FEC can share devices or be separate devices.
+ Now dump command prints used device sizes, but it requires that
+ the user specifies all values that are not stored in superblock
+ (like FEC device and FEC roots).
+
+* Fix check for argp_usage in configure if argp-standalone lib is used.
+
+* Add constant time memcmp and hexa print implementation and use it for
+ cryptographic keys handling.
+
+* Display progress when wiping the end of the resized device.
+
+* LUKS2 token: prefer token PIN query before passphrase in some cases.
+ When a user provides --token-type or specific --token-id, a token PIN
+ query is preferred to a passphrase query.
+
+* LUKS2 token: allow tokens to be replaced with --token-replace option
+ for cryptsetup token command.
+
+* LUKS2 token: do not continue operation when interrupted in PIN prompt.
+
+* Add --progress-json parameter to utilities.
+ Progress data can now be printed out in JSON format suitable for
+ machine processing.
+
+* Embedded Argon2 PBKDF: optimize and simplify thread exit.
+
+* Avoid using SHA1 in tests and fix new enforcements introduced in FIPS
+ provider for OpenSSL3 (like minimal parameters for PBKDF2).
+
+* Use custom UTF conversion and avoid linking to iconv as a dependency.
+
+* Reimplement BASE64 with simplified code instead of coreutils version.
+
+* Fix regression when warning messages were not displayed
+ if some kernel feature is not supported (2.4.2).
+
+* Add support for --key-slot option in luksResume action.
+
+Libcryptsetup API extensions and changes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Properly define uint32_t constants in API.
+ This is not a real change, but it avoids strict compiler warnings.
+
+* crypt_resume_by_token_pin() - Resume crypt device using LUKS2 token.
+
+* crypt_get_label() - Get the label of the LUKS2 device.
+
+* crypt_get_subsystem() - Get the subsystem label of the LUKS2 device.
+
+* Make CRYPT_WIPE_ENCRYPTED_ZERO crypt_wipe() option obsolete.
+ It was never implemented (the idea was to speed up wipe), but with
+ the recent RNG performance changes, it makes no longer sense.
+
+* Add struct crypt_params_reencrypt changes related to decryption.
+
+* Improve crypt_reencrypt_status() return values.
+ Empty or any non-LUKS types now returns CRYPT_REENCRYPT_INVALID status.
+ For LUKS1 devices, it returns CRYPT_REENCRYPT_NONE.
--- /dev/null
+Cryptsetup 2.6.0 Release Notes
+==============================
+Stable release with new features and bug fixes.
+
+Changes since version 2.5.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Introduce support for handling macOS FileVault2 devices (FVAULT2).
+
+ Cryptsetup now supports the mapping of FileVault2 full-disk encryption
+ by Apple for the macOS operating system using a native Linux kernel.
+ You can open an existing USB FileVault portable device and (with
+ the hfsplus filesystem driver) access the native data read/write.
+
+ Cryptsetup supports only (legacy) FileVault2 based on Core Storage
+ and HFS+ filesystem (introduced in MacOS X 10.7 Lion).
+ It does NOT support the new version of FileVault based on the APFS
+ filesystem used in recent macOS versions.
+
+ Header formatting and changes are not supported; cryptsetup never
+ changes the metadata on the device.
+
+ FVAULT2 extension requires kernel userspace crypto API and kernel
+ driver for HFS+ (hfsplus) filesystem (available on most systems today).
+
+ Example of using FileVault2 formatted USB device:
+
+ A typical encrypted device contains three partitions; the FileVault
+ encrypted partition is here sda2:
+
+ $ lsblk -o NAME,FSTYPE,LABEL /dev/sda
+ NAME FSTYPE LABEL
+ sda
+ |-sda1 vfat EFI
+ |-sda2
+ `-sda3 hfsplus Boot OS X
+
+ Note: blkid does not recognize FileVault2 format yet.
+
+ To dump metadata information about the device, you can use
+ the fvault2Dump command:
+
+ $ cryptsetup fvault2Dump /dev/sda2
+ Header information for FVAULT2 device /dev/sda2.
+ Physical volume UUID: 6f353c05-daae-4e76-a0ee-6a9569a22d81
+ Family UUID: f82cceb0-a788-4815-945a-53d57fcd55a8
+ Logical volume offset: 67108864 [bytes]
+ Logical volume size: 3288334336 [bytes]
+ Cipher: aes
+ Cipher mode: xts-plain64
+ PBKDF2 iterations: 97962
+ PBKDF2 salt: 173a4ec7447662ec79ca7a47df6c2a01
+
+ To activate the device, use open --type fvault2 option:
+
+ $ cryptsetup open --type fvault2 /dev/sda2 test
+ Enter passphrase for /dev/sda2: ...
+
+ And check the status of the active device:
+
+ $ cryptsetup status test
+ /dev/mapper/test is active.
+ type: FVAULT2
+ cipher: aes-xts-plain64
+ keysize: 256 bits
+ key location: dm-crypt
+ device: /dev/sda2
+ sector size: 512
+ offset: 131072 sectors
+ size: 6422528 sectors
+ mode: read/write
+
+ Now, if the kernel contains hfsplus filesystem driver, you can mount
+ decrypted content:
+
+ $ mount /dev/mapper/test /mnt/test
+
+ For more info about implementation, please refer to the master thesis
+ by Pavel Tobias, which was the source for this extension.
+ https://is.muni.cz/th/p0aok/?lang=en
+
+* libcryptsetup: no longer use global memory locking through mlockall()
+
+ For many years, libcryptsetup locked all memory (including dependent
+ library address space) to prevent swapping sensitive content outside
+ of RAM.
+
+ This strategy no longer works as the locking of basic libraries exceeds
+ the memory locking limit if running as a non-root user.
+
+ Libcryptsetup now locks only memory ranges containing sensitive
+ material (keys) through crypt_safe_alloc() calls.
+
+ This change solves many reported mysterious problems of unexpected
+ failures. If the initial lock was still under the limit and succeeded,
+ some following memory allocation could fail later as it exceeded
+ the locking limit. If the initial locking fails, memory locking
+ was quietly ignored completely.
+
+ The whole crypt_memory_lock() API call is deprecated; it no longer
+ calls memlockall().
+
+* libcryptsetup: process priority is increased only for key derivation
+ (PBKDF) calls.
+
+ Increasing priority was tight to memory locking and works only if
+ running under superuser.
+ Only PBKDF calls and benchmarking now increase the process priority.
+
+* Add new LUKS keyslot context handling functions and API.
+
+ In practice, the luksAddKey action does two operations.
+ It unlocks the existing device volume key and stores the unlocked
+ volume key in a new keyslot.
+ Previously the options were limited to key files and passphrases.
+
+ Newly available methods (keyslot contexts) are passphrase, keyfile,
+ key (binary representation), and LUKS2 token.
+
+ To unlock a keyslot user may:
+ - provide existing passphrase via interactive prompt (default method)
+ - use --key-file option to provide a file with a valid passphrase
+ - provide volume key directly via --volume-key-file
+ - unlock keyslot via all available LUKS2 tokens by --token-only
+ - unlock keyslot via specific token with --token-id
+ - unlock keyslot via specific token type by --token-type
+
+ To provide the passphrase for a new keyslot, a user may:
+ - provide existing passphrase via interactive prompt (default method)
+ - use --new-keyfile to read the passphrase from the file
+ - use --new-token-id to select LUKS2 token to get passphrase
+ for new keyslot. The new keyslot is assigned to the selected token
+ id if the operation is successful.
+
+* The volume key may now be extracted using a passphrase, keyfile, or
+ token. For LUKS devices, it also returns the volume key after
+ a successful crypt_format call.
+
+* Fix --disable-luks2-reencryption configuration option.
+
+* cryptsetup: Print a better error message and warning if the format
+ produces an image without space available for data.
+
+ Activation now fails early with a more descriptive message.
+
+* Print error if anti-forensic LUKS2 hash setting is not available.
+ If the specified hash was not available, activation quietly failed.
+
+* Fix internal crypt segment compare routine if the user
+ specified cipher in kernel format (capi: prefix).
+
+* cryptsetup: Add token unassign action.
+
+ This action allows removing token binding on specific keyslot.
+
+* veritysetup: add support for --use-tasklets option.
+
+ This option sets try_verify_in_tasklet kernel dm-verity option
+ (available since Linux kernel 6.0) to allow some performance
+ improvement on specific systems.
+
+* Provide pkgconfig Require.private settings.
+
+ While we do not completely provide static build on udev systems,
+ it helps produce statically linked binaries in certain situations.
+
+* Always update automake library files if autogen.sh is run.
+
+ For several releases, we distributed older automake scripts by mistake.
+
+* reencryption: Fix user defined moved segment size in LUKS2 decryption.
+
+ The --hotzone-size argument was ignored in cases where the actual data
+ size was less than the original LUKS2 data offset.
+
+* Delegate FIPS mode detection to configured crypto backend.
+ System FIPS mode check no longer depends on /etc/system-fips file.
+
+* tests: externally provided systemd plugin is now optionally compiled
+ from systemd git and tested with cryptsetup
+
+* tests: initial integration to OSS-fuzz project with basic crypt_load()
+ test for LUKS2 and JSON mutated fuzzing.
+
+ For more info, see README in tests/fuzz directory.
+
+* Update documentation, including FAQ and man pages.
+
+Libcryptsetup API extensions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The libcryptsetup API is backward compatible with existing symbols.
+
+New symbols:
+ crypt_keyslot_context_init_by_passphrase
+ crypt_keyslot_context_init_by_keyfile
+ crypt_keyslot_context_init_by_token
+ crypt_keyslot_context_init_by_volume_key
+ crypt_keyslot_context_get_error
+ crypt_keyslot_context_set_pin
+ crypt_keyslot_context_get_type
+ crypt_keyslot_context_free
+ crypt_keyslot_add_by_keyslot_context
+ crypt_volume_key_get_by_keyslot_context
+
+New defines:
+ CRYPT_FVAULT2 "FVAULT2" (FileVault2 compatible mode)
+
+Keyslot context types:
+ CRYPT_KC_TYPE_PASSPHRASE
+ CRYPT_KC_TYPE_KEYFILE
+ CRYPT_KC_TYPE_TOKEN
+ CRYPT_KC_TYPE_KEY
+
+ CRYPT_ACTIVATE_TASKLETS (dm-verity: use tasklets activation flag)
+
+WARNING!
+~~~~~~~~
+The next version of cryptsetup will change the encryption mode and key
+derivation option for the PLAIN format.
+
+This change will cause backward incompatibility.
+For this reason, the user will have to specify the exact parameters
+for cipher, key size, and key derivation parameters for plain format.
+
+The default encryption mode will be AES-XTS with 512bit key (AES-256).
+The CBC mode is no longer considered the best default, as it allows easy
+bit-flipped ciphertext modification attacks and performance problems.
+
+For the passphrase hashing in plain mode, the encryption key is directly
+derived through iterative hashing from a user-provided passphrase
+(except a keyfile that is not hashed).
+
+The default hash is RIPEMD160, which is no longer the best default
+option. The exact change will be yet discussed but should include
+the possibility of using a password-based key derivation function
+instead of iterative hashing.
--- /dev/null
+Cryptsetup 2.6.1 Release Notes
+==============================
+Stable bug-fix release with minor extensions.
+
+All users of cryptsetup 2.6.0 should upgrade to this version.
+
+Changes since version 2.6.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* bitlk: Fixes for BitLocker-compatible on-disk metadata parser
+ (found by new cryptsetup OSS-Fuzz fuzzers).
+ - Fix a possible memory leak if the metadata contains more than
+ one description field.
+ - Harden parsing of metadata entries for key and description entries.
+ - Fix broken metadata parsing that can cause a crash or out of memory.
+
+* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend.
+ OpenSSL2 uses a signed integer for PBKDF2 iteration count.
+ As cryptsetup uses an unsigned value, this can lead to overflow and
+ a decrease in the actual iteration count.
+ This situation can happen only if the user specifies
+ --pbkdf-force-iterations option.
+ OpenSSL3 (and other supported crypto backends) are not affected.
+
+* Fix compilation for new ISO C standards (gcc with -std=c11 and higher).
+
+* fvault2: Fix compilation with very old uuid.h.
+
+* verity: Fix possible hash offset setting overflow.
+
+* bitlk: Fix use of startup BEK key on big-endian platforms.
+
+* Fix compilation with latest musl library.
+ Recent musl no longer implements lseek64() in some configurations.
+ Use lseek() as 64-bit offset is mandatory for cryptsetup.
+
+* Do not initiate encryption (reencryption command) when the header and
+ data devices are the same.
+ If data device reduction is not requsted, this leads to data corruption
+ since LUKS metadata was written over the data device.
+
+* Fix possible memory leak if crypt_load() fails.
+
+* Always use passphrases with a minimal 8 chars length for benchmarking.
+ Some enterprise distributions decided to set an unconditional check
+ for PBKDF2 password length when running in FIPS mode.
+ This questionable change led to unexpected failures during LUKS format
+ and keyslot operations, where short passwords were used for
+ benchmarking PBKDF2 speed.
+ PBKDF2 benchmark calculations should not be affected by this change.
+++ /dev/null
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2011-11-20.07; # UTC
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# 'make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-nl='
-'
-IFS=" "" $nl"
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit=${DOITPROG-}
-if test -z "$doit"; then
- doit_exec=exec
-else
- doit_exec=$doit
-fi
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-chgrpprog=${CHGRPPROG-chgrp}
-chmodprog=${CHMODPROG-chmod}
-chownprog=${CHOWNPROG-chown}
-cmpprog=${CMPPROG-cmp}
-cpprog=${CPPROG-cp}
-mkdirprog=${MKDIRPROG-mkdir}
-mvprog=${MVPROG-mv}
-rmprog=${RMPROG-rm}
-stripprog=${STRIPPROG-strip}
-
-posix_glob='?'
-initialize_posix_glob='
- test "$posix_glob" != "?" || {
- if (set -f) 2>/dev/null; then
- posix_glob=
- else
- posix_glob=:
- fi
- }
-'
-
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-chgrpcmd=
-chmodcmd=$chmodprog
-chowncmd=
-mvcmd=$mvprog
-rmcmd="$rmprog -f"
-stripcmd=
-
-src=
-dst=
-dir_arg=
-dst_arg=
-
-copy_on_change=false
-no_target_directory=
-
-usage="\
-Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
- or: $0 [OPTION]... SRCFILES... DIRECTORY
- or: $0 [OPTION]... -t DIRECTORY SRCFILES...
- or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
- --help display this help and exit.
- --version display version info and exit.
-
- -c (ignored)
- -C install only if different (preserve the last data modification time)
- -d create directories instead of installing files.
- -g GROUP $chgrpprog installed files to GROUP.
- -m MODE $chmodprog installed files to MODE.
- -o USER $chownprog installed files to USER.
- -s $stripprog installed files.
- -t DIRECTORY install into DIRECTORY.
- -T report an error if DSTFILE is a directory.
-
-Environment variables override the default commands:
- CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
- RMPROG STRIPPROG
-"
-
-while test $# -ne 0; do
- case $1 in
- -c) ;;
-
- -C) copy_on_change=true;;
-
- -d) dir_arg=true;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift;;
-
- --help) echo "$usage"; exit $?;;
-
- -m) mode=$2
- case $mode in
- *' '* | *' '* | *'
-'* | *'*'* | *'?'* | *'['*)
- echo "$0: invalid mode: $mode" >&2
- exit 1;;
- esac
- shift;;
-
- -o) chowncmd="$chownprog $2"
- shift;;
-
- -s) stripcmd=$stripprog;;
-
- -t) dst_arg=$2
- # Protect names problematic for 'test' and other utilities.
- case $dst_arg in
- -* | [=\(\)!]) dst_arg=./$dst_arg;;
- esac
- shift;;
-
- -T) no_target_directory=true;;
-
- --version) echo "$0 $scriptversion"; exit $?;;
-
- --) shift
- break;;
-
- -*) echo "$0: invalid option: $1" >&2
- exit 1;;
-
- *) break;;
- esac
- shift
-done
-
-if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
- # When -d is used, all remaining arguments are directories to create.
- # When -t is used, the destination is already specified.
- # Otherwise, the last argument is the destination. Remove it from $@.
- for arg
- do
- if test -n "$dst_arg"; then
- # $@ is not empty: it contains at least $arg.
- set fnord "$@" "$dst_arg"
- shift # fnord
- fi
- shift # arg
- dst_arg=$arg
- # Protect names problematic for 'test' and other utilities.
- case $dst_arg in
- -* | [=\(\)!]) dst_arg=./$dst_arg;;
- esac
- done
-fi
-
-if test $# -eq 0; then
- if test -z "$dir_arg"; then
- echo "$0: no input file specified." >&2
- exit 1
- fi
- # It's OK to call 'install-sh -d' without argument.
- # This can happen when creating conditional directories.
- exit 0
-fi
-
-if test -z "$dir_arg"; then
- do_exit='(exit $ret); exit $ret'
- trap "ret=129; $do_exit" 1
- trap "ret=130; $do_exit" 2
- trap "ret=141; $do_exit" 13
- trap "ret=143; $do_exit" 15
-
- # Set umask so as not to create temps with too-generous modes.
- # However, 'strip' requires both read and write access to temps.
- case $mode in
- # Optimize common cases.
- *644) cp_umask=133;;
- *755) cp_umask=22;;
-
- *[0-7])
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw='% 200'
- fi
- cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
- *)
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw=,u+rw
- fi
- cp_umask=$mode$u_plus_rw;;
- esac
-fi
-
-for src
-do
- # Protect names problematic for 'test' and other utilities.
- case $src in
- -* | [=\(\)!]) src=./$src;;
- esac
-
- if test -n "$dir_arg"; then
- dst=$src
- dstdir=$dst
- test -d "$dstdir"
- dstdir_status=$?
- else
-
- # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
- # might cause directories to be created, which would be especially bad
- # if $src (and thus $dsttmp) contains '*'.
- if test ! -f "$src" && test ! -d "$src"; then
- echo "$0: $src does not exist." >&2
- exit 1
- fi
-
- if test -z "$dst_arg"; then
- echo "$0: no destination specified." >&2
- exit 1
- fi
- dst=$dst_arg
-
- # If destination is a directory, append the input filename; won't work
- # if double slashes aren't ignored.
- if test -d "$dst"; then
- if test -n "$no_target_directory"; then
- echo "$0: $dst_arg: Is a directory" >&2
- exit 1
- fi
- dstdir=$dst
- dst=$dstdir/`basename "$src"`
- dstdir_status=0
- else
- # Prefer dirname, but fall back on a substitute if dirname fails.
- dstdir=`
- (dirname "$dst") 2>/dev/null ||
- expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$dst" : 'X\(//\)[^/]' \| \
- X"$dst" : 'X\(//\)$' \| \
- X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
- echo X"$dst" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'
- `
-
- test -d "$dstdir"
- dstdir_status=$?
- fi
- fi
-
- obsolete_mkdir_used=false
-
- if test $dstdir_status != 0; then
- case $posix_mkdir in
- '')
- # Create intermediate dirs using mode 755 as modified by the umask.
- # This is like FreeBSD 'install' as of 1997-10-28.
- umask=`umask`
- case $stripcmd.$umask in
- # Optimize common cases.
- *[2367][2367]) mkdir_umask=$umask;;
- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
- *[0-7])
- mkdir_umask=`expr $umask + 22 \
- - $umask % 100 % 40 + $umask % 20 \
- - $umask % 10 % 4 + $umask % 2
- `;;
- *) mkdir_umask=$umask,go-w;;
- esac
-
- # With -d, create the new directory with the user-specified mode.
- # Otherwise, rely on $mkdir_umask.
- if test -n "$dir_arg"; then
- mkdir_mode=-m$mode
- else
- mkdir_mode=
- fi
-
- posix_mkdir=false
- case $umask in
- *[123567][0-7][0-7])
- # POSIX mkdir -p sets u+wx bits regardless of umask, which
- # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
- ;;
- *)
- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
- trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-
- if (umask $mkdir_umask &&
- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
- then
- if test -z "$dir_arg" || {
- # Check for POSIX incompatibilities with -m.
- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writable bit of parent directory when it shouldn't.
- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
- ls_ld_tmpdir=`ls -ld "$tmpdir"`
- case $ls_ld_tmpdir in
- d????-?r-*) different_mode=700;;
- d????-?--*) different_mode=755;;
- *) false;;
- esac &&
- $mkdirprog -m$different_mode -p -- "$tmpdir" && {
- ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
- }
- }
- then posix_mkdir=:
- fi
- rmdir "$tmpdir/d" "$tmpdir"
- else
- # Remove any dirs left behind by ancient mkdir implementations.
- rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
- fi
- trap '' 0;;
- esac;;
- esac
-
- if
- $posix_mkdir && (
- umask $mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
- )
- then :
- else
-
- # The umask is ridiculous, or mkdir does not conform to POSIX,
- # or it failed possibly due to a race condition. Create the
- # directory the slow way, step by step, checking for races as we go.
-
- case $dstdir in
- /*) prefix='/';;
- [-=\(\)!]*) prefix='./';;
- *) prefix='';;
- esac
-
- eval "$initialize_posix_glob"
-
- oIFS=$IFS
- IFS=/
- $posix_glob set -f
- set fnord $dstdir
- shift
- $posix_glob set +f
- IFS=$oIFS
-
- prefixes=
-
- for d
- do
- test X"$d" = X && continue
-
- prefix=$prefix$d
- if test -d "$prefix"; then
- prefixes=
- else
- if $posix_mkdir; then
- (umask=$mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
- # Don't fail if two instances are running concurrently.
- test -d "$prefix" || exit 1
- else
- case $prefix in
- *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
- *) qprefix=$prefix;;
- esac
- prefixes="$prefixes '$qprefix'"
- fi
- fi
- prefix=$prefix/
- done
-
- if test -n "$prefixes"; then
- # Don't fail if two instances are running concurrently.
- (umask $mkdir_umask &&
- eval "\$doit_exec \$mkdirprog $prefixes") ||
- test -d "$dstdir" || exit 1
- obsolete_mkdir_used=true
- fi
- fi
- fi
-
- if test -n "$dir_arg"; then
- { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
- { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
- test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
- else
-
- # Make a couple of temp file names in the proper directory.
- dsttmp=$dstdir/_inst.$$_
- rmtmp=$dstdir/_rm.$$_
-
- # Trap to clean up those temp files at exit.
- trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
- # Copy the file name to the temp name.
- (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-
- # and set any options; do chmod last to preserve setuid bits.
- #
- # If any of these fail, we abort the whole thing. If we want to
- # ignore errors from any of these, just make sure not to ignore
- # errors from the above "$doit $cpprog $src $dsttmp" command.
- #
- { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
- { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
- { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
- # If -C, don't bother to copy if it wouldn't change the file.
- if $copy_on_change &&
- old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
- new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
-
- eval "$initialize_posix_glob" &&
- $posix_glob set -f &&
- set X $old && old=:$2:$4:$5:$6 &&
- set X $new && new=:$2:$4:$5:$6 &&
- $posix_glob set +f &&
-
- test "$old" = "$new" &&
- $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
- then
- rm -f "$dsttmp"
- else
- # Rename the file to the real destination.
- $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-
- # The rename failed, perhaps because mv can't rename something else
- # to itself, or perhaps because mv is so ancient that it does not
- # support -f.
- {
- # Now remove or move aside any old file at destination location.
- # We try this two ways since rm can't unlink itself on some
- # systems and the destination file might be busy for other
- # reasons. In this case, the final cleanup might fail but the new
- # file should still install successfully.
- {
- test ! -f "$dst" ||
- $doit $rmcmd -f "$dst" 2>/dev/null ||
- { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
- } ||
- { echo "$0: cannot unlink or rename $dst" >&2
- (exit 1); exit 1
- }
- } &&
-
- # Now rename the file to the real destination.
- $doit $mvcmd "$dsttmp" "$dst"
- }
- fi || exit 1
-
- trap '' 0
- fi
-done
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
-# time-stamp-end: "; # UTC"
-# End:
pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = lib/libcryptsetup.pc
+pkgconfig_DATA += lib/libcryptsetup.pc
-lib_LTLIBRARIES = libcryptsetup.la
+lib_LTLIBRARIES += libcryptsetup.la
noinst_LTLIBRARIES += libutils_io.la
-include_HEADERS = lib/libcryptsetup.h
+include_HEADERS += lib/libcryptsetup.h
EXTRA_DIST += lib/libcryptsetup.pc.in lib/libcryptsetup.sym
lib/utils_io.c \
lib/utils_io.h
-libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) \
- -I $(top_srcdir)/lib/crypto_backend \
- -I $(top_srcdir)/lib/luks1 \
- -I $(top_srcdir)/lib/luks2 \
- -I $(top_srcdir)/lib/loopaes \
- -I $(top_srcdir)/lib/verity \
- -I $(top_srcdir)/lib/tcrypt \
- -I $(top_srcdir)/lib/integrity \
- -I $(top_srcdir)/lib/bitlk
+libcryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS)
libcryptsetup_la_DEPENDENCIES = libutils_io.la libcrypto_backend.la lib/libcryptsetup.sym
@LIBARGON2_LIBS@ \
@JSON_C_LIBS@ \
@BLKID_LIBS@ \
- $(LTLIBICONV) \
+ @DL_LIBS@ \
+ $(LTLIBINTL) \
libcrypto_backend.la \
libutils_io.la
lib/bitops.h \
lib/nls.h \
lib/libcryptsetup.h \
+ lib/libcryptsetup_macros.h \
+ lib/libcryptsetup_symver.h \
lib/utils.c \
lib/utils_benchmark.c \
lib/utils_crypt.c \
lib/utils_loop.h \
lib/utils_devpath.c \
lib/utils_wipe.c \
- lib/utils_fips.c \
- lib/utils_fips.h \
lib/utils_device.c \
lib/utils_keyring.c \
lib/utils_keyring.h \
lib/volumekey.c \
lib/random.c \
lib/crypt_plain.c \
- lib/base64.h \
- lib/base64.c \
lib/integrity/integrity.h \
lib/integrity/integrity.c \
lib/loopaes/loopaes.h \
lib/loopaes/loopaes.c \
lib/tcrypt/tcrypt.h \
lib/tcrypt/tcrypt.c \
+ lib/keyslot_context.h \
+ lib/keyslot_context.c \
lib/luks1/af.h \
lib/luks1/af.c \
lib/luks1/keyencryption.c \
lib/utils_blkid.c \
lib/utils_blkid.h \
lib/bitlk/bitlk.h \
- lib/bitlk/bitlk.c
+ lib/bitlk/bitlk.c \
+ lib/fvault2/fvault2.h \
+ lib/fvault2/fvault2.c
+++ /dev/null
-/* base64.c -- Encode binary data using printable characters.
- Copyright (C) 1999-2001, 2004-2006, 2009-2019 Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, see <https://www.gnu.org/licenses/>. */
-
-/* Written by Simon Josefsson. Partially adapted from GNU MailUtils
- * (mailbox/filter_trans.c, as of 2004-11-28). Improved by review
- * from Paul Eggert, Bruno Haible, and Stepan Kasal.
- *
- * See also RFC 4648 <https://www.ietf.org/rfc/rfc4648.txt>.
- *
- * Be careful with error checking. Here is how you would typically
- * use these functions:
- *
- * bool ok = base64_decode_alloc (in, inlen, &out, &outlen);
- * if (!ok)
- * FAIL: input was not valid base64
- * if (out == NULL)
- * FAIL: memory allocation error
- * OK: data in OUT/OUTLEN
- *
- * size_t outlen = base64_encode_alloc (in, inlen, &out);
- * if (out == NULL && outlen == 0 && inlen != 0)
- * FAIL: input too long
- * if (out == NULL)
- * FAIL: memory allocation error
- * OK: data in OUT/OUTLEN.
- *
- */
-
-#include <config.h>
-
-/* Get prototype. */
-#include "base64.h"
-
-/* Get malloc. */
-#include <stdlib.h>
-
-/* Get UCHAR_MAX. */
-#include <limits.h>
-
-#include <string.h>
-
-/* C89 compliant way to cast 'char' to 'unsigned char'. */
-static unsigned char
-to_uchar (char ch)
-{
- return ch;
-}
-
-static const char b64c[64] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-/* Base64 encode IN array of size INLEN into OUT array. OUT needs
- to be of length >= BASE64_LENGTH(INLEN), and INLEN needs to be
- a multiple of 3. */
-static void
-base64_encode_fast (const char *restrict in, size_t inlen, char *restrict out)
-{
- while (inlen)
- {
- *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f];
- *out++ = b64c[((to_uchar (in[0]) << 4) + (to_uchar (in[1]) >> 4)) & 0x3f];
- *out++ = b64c[((to_uchar (in[1]) << 2) + (to_uchar (in[2]) >> 6)) & 0x3f];
- *out++ = b64c[to_uchar (in[2]) & 0x3f];
-
- inlen -= 3;
- in += 3;
- }
-}
-
-/* Base64 encode IN array of size INLEN into OUT array of size OUTLEN.
- If OUTLEN is less than BASE64_LENGTH(INLEN), write as many bytes as
- possible. If OUTLEN is larger than BASE64_LENGTH(INLEN), also zero
- terminate the output buffer. */
-void
-base64_encode (const char *restrict in, size_t inlen,
- char *restrict out, size_t outlen)
-{
- /* Note this outlen constraint can be enforced at compile time.
- I.E. that the output buffer is exactly large enough to hold
- the encoded inlen bytes. The inlen constraints (of corresponding
- to outlen, and being a multiple of 3) can change at runtime
- at the end of input. However the common case when reading
- large inputs is to have both constraints satisfied, so we depend
- on both in base_encode_fast(). */
- if (outlen % 4 == 0 && inlen == outlen / 4 * 3)
- {
- base64_encode_fast (in, inlen, out);
- return;
- }
-
- while (inlen && outlen)
- {
- *out++ = b64c[(to_uchar (in[0]) >> 2) & 0x3f];
- if (!--outlen)
- break;
- *out++ = b64c[((to_uchar (in[0]) << 4)
- + (--inlen ? to_uchar (in[1]) >> 4 : 0))
- & 0x3f];
- if (!--outlen)
- break;
- *out++ =
- (inlen
- ? b64c[((to_uchar (in[1]) << 2)
- + (--inlen ? to_uchar (in[2]) >> 6 : 0))
- & 0x3f]
- : '=');
- if (!--outlen)
- break;
- *out++ = inlen ? b64c[to_uchar (in[2]) & 0x3f] : '=';
- if (!--outlen)
- break;
- if (inlen)
- inlen--;
- if (inlen)
- in += 3;
- }
-
- if (outlen)
- *out = '\0';
-}
-
-/* Allocate a buffer and store zero terminated base64 encoded data
- from array IN of size INLEN, returning BASE64_LENGTH(INLEN), i.e.,
- the length of the encoded data, excluding the terminating zero. On
- return, the OUT variable will hold a pointer to newly allocated
- memory that must be deallocated by the caller. If output string
- length would overflow, 0 is returned and OUT is set to NULL. If
- memory allocation failed, OUT is set to NULL, and the return value
- indicates length of the requested memory block, i.e.,
- BASE64_LENGTH(inlen) + 1. */
-size_t
-base64_encode_alloc (const char *in, size_t inlen, char **out)
-{
- size_t outlen = 1 + BASE64_LENGTH (inlen);
-
- /* Check for overflow in outlen computation.
- *
- * If there is no overflow, outlen >= inlen.
- *
- * If the operation (inlen + 2) overflows then it yields at most +1, so
- * outlen is 0.
- *
- * If the multiplication overflows, we lose at least half of the
- * correct value, so the result is < ((inlen + 2) / 3) * 2, which is
- * less than (inlen + 2) * 0.66667, which is less than inlen as soon as
- * (inlen > 4).
- */
- if (inlen > outlen)
- {
- *out = NULL;
- return 0;
- }
-
- *out = malloc (outlen);
- if (!*out)
- return outlen;
-
- base64_encode (in, inlen, *out, outlen);
-
- return outlen - 1;
-}
-
-/* With this approach this file works independent of the charset used
- (think EBCDIC). However, it does assume that the characters in the
- Base64 alphabet (A-Za-z0-9+/) are encoded in 0..255. POSIX
- 1003.1-2001 require that char and unsigned char are 8-bit
- quantities, though, taking care of that problem. But this may be a
- potential problem on non-POSIX C99 platforms.
-
- IBM C V6 for AIX mishandles "#define B64(x) ...'x'...", so use "_"
- as the formal parameter rather than "x". */
-#define B64(_) \
- ((_) == 'A' ? 0 \
- : (_) == 'B' ? 1 \
- : (_) == 'C' ? 2 \
- : (_) == 'D' ? 3 \
- : (_) == 'E' ? 4 \
- : (_) == 'F' ? 5 \
- : (_) == 'G' ? 6 \
- : (_) == 'H' ? 7 \
- : (_) == 'I' ? 8 \
- : (_) == 'J' ? 9 \
- : (_) == 'K' ? 10 \
- : (_) == 'L' ? 11 \
- : (_) == 'M' ? 12 \
- : (_) == 'N' ? 13 \
- : (_) == 'O' ? 14 \
- : (_) == 'P' ? 15 \
- : (_) == 'Q' ? 16 \
- : (_) == 'R' ? 17 \
- : (_) == 'S' ? 18 \
- : (_) == 'T' ? 19 \
- : (_) == 'U' ? 20 \
- : (_) == 'V' ? 21 \
- : (_) == 'W' ? 22 \
- : (_) == 'X' ? 23 \
- : (_) == 'Y' ? 24 \
- : (_) == 'Z' ? 25 \
- : (_) == 'a' ? 26 \
- : (_) == 'b' ? 27 \
- : (_) == 'c' ? 28 \
- : (_) == 'd' ? 29 \
- : (_) == 'e' ? 30 \
- : (_) == 'f' ? 31 \
- : (_) == 'g' ? 32 \
- : (_) == 'h' ? 33 \
- : (_) == 'i' ? 34 \
- : (_) == 'j' ? 35 \
- : (_) == 'k' ? 36 \
- : (_) == 'l' ? 37 \
- : (_) == 'm' ? 38 \
- : (_) == 'n' ? 39 \
- : (_) == 'o' ? 40 \
- : (_) == 'p' ? 41 \
- : (_) == 'q' ? 42 \
- : (_) == 'r' ? 43 \
- : (_) == 's' ? 44 \
- : (_) == 't' ? 45 \
- : (_) == 'u' ? 46 \
- : (_) == 'v' ? 47 \
- : (_) == 'w' ? 48 \
- : (_) == 'x' ? 49 \
- : (_) == 'y' ? 50 \
- : (_) == 'z' ? 51 \
- : (_) == '0' ? 52 \
- : (_) == '1' ? 53 \
- : (_) == '2' ? 54 \
- : (_) == '3' ? 55 \
- : (_) == '4' ? 56 \
- : (_) == '5' ? 57 \
- : (_) == '6' ? 58 \
- : (_) == '7' ? 59 \
- : (_) == '8' ? 60 \
- : (_) == '9' ? 61 \
- : (_) == '+' ? 62 \
- : (_) == '/' ? 63 \
- : -1)
-
-static const signed char b64[0x100] = {
- B64 (0), B64 (1), B64 (2), B64 (3),
- B64 (4), B64 (5), B64 (6), B64 (7),
- B64 (8), B64 (9), B64 (10), B64 (11),
- B64 (12), B64 (13), B64 (14), B64 (15),
- B64 (16), B64 (17), B64 (18), B64 (19),
- B64 (20), B64 (21), B64 (22), B64 (23),
- B64 (24), B64 (25), B64 (26), B64 (27),
- B64 (28), B64 (29), B64 (30), B64 (31),
- B64 (32), B64 (33), B64 (34), B64 (35),
- B64 (36), B64 (37), B64 (38), B64 (39),
- B64 (40), B64 (41), B64 (42), B64 (43),
- B64 (44), B64 (45), B64 (46), B64 (47),
- B64 (48), B64 (49), B64 (50), B64 (51),
- B64 (52), B64 (53), B64 (54), B64 (55),
- B64 (56), B64 (57), B64 (58), B64 (59),
- B64 (60), B64 (61), B64 (62), B64 (63),
- B64 (64), B64 (65), B64 (66), B64 (67),
- B64 (68), B64 (69), B64 (70), B64 (71),
- B64 (72), B64 (73), B64 (74), B64 (75),
- B64 (76), B64 (77), B64 (78), B64 (79),
- B64 (80), B64 (81), B64 (82), B64 (83),
- B64 (84), B64 (85), B64 (86), B64 (87),
- B64 (88), B64 (89), B64 (90), B64 (91),
- B64 (92), B64 (93), B64 (94), B64 (95),
- B64 (96), B64 (97), B64 (98), B64 (99),
- B64 (100), B64 (101), B64 (102), B64 (103),
- B64 (104), B64 (105), B64 (106), B64 (107),
- B64 (108), B64 (109), B64 (110), B64 (111),
- B64 (112), B64 (113), B64 (114), B64 (115),
- B64 (116), B64 (117), B64 (118), B64 (119),
- B64 (120), B64 (121), B64 (122), B64 (123),
- B64 (124), B64 (125), B64 (126), B64 (127),
- B64 (128), B64 (129), B64 (130), B64 (131),
- B64 (132), B64 (133), B64 (134), B64 (135),
- B64 (136), B64 (137), B64 (138), B64 (139),
- B64 (140), B64 (141), B64 (142), B64 (143),
- B64 (144), B64 (145), B64 (146), B64 (147),
- B64 (148), B64 (149), B64 (150), B64 (151),
- B64 (152), B64 (153), B64 (154), B64 (155),
- B64 (156), B64 (157), B64 (158), B64 (159),
- B64 (160), B64 (161), B64 (162), B64 (163),
- B64 (164), B64 (165), B64 (166), B64 (167),
- B64 (168), B64 (169), B64 (170), B64 (171),
- B64 (172), B64 (173), B64 (174), B64 (175),
- B64 (176), B64 (177), B64 (178), B64 (179),
- B64 (180), B64 (181), B64 (182), B64 (183),
- B64 (184), B64 (185), B64 (186), B64 (187),
- B64 (188), B64 (189), B64 (190), B64 (191),
- B64 (192), B64 (193), B64 (194), B64 (195),
- B64 (196), B64 (197), B64 (198), B64 (199),
- B64 (200), B64 (201), B64 (202), B64 (203),
- B64 (204), B64 (205), B64 (206), B64 (207),
- B64 (208), B64 (209), B64 (210), B64 (211),
- B64 (212), B64 (213), B64 (214), B64 (215),
- B64 (216), B64 (217), B64 (218), B64 (219),
- B64 (220), B64 (221), B64 (222), B64 (223),
- B64 (224), B64 (225), B64 (226), B64 (227),
- B64 (228), B64 (229), B64 (230), B64 (231),
- B64 (232), B64 (233), B64 (234), B64 (235),
- B64 (236), B64 (237), B64 (238), B64 (239),
- B64 (240), B64 (241), B64 (242), B64 (243),
- B64 (244), B64 (245), B64 (246), B64 (247),
- B64 (248), B64 (249), B64 (250), B64 (251),
- B64 (252), B64 (253), B64 (254), B64 (255)
-};
-
-#if UCHAR_MAX == 255
-# define uchar_in_range(c) true
-#else
-# define uchar_in_range(c) ((c) <= 255)
-#endif
-
-/* Return true if CH is a character from the Base64 alphabet, and
- false otherwise. Note that '=' is padding and not considered to be
- part of the alphabet. */
-bool
-isbase64 (char ch)
-{
- return uchar_in_range (to_uchar (ch)) && 0 <= b64[to_uchar (ch)];
-}
-
-/* Initialize decode-context buffer, CTX. */
-void
-base64_decode_ctx_init (struct base64_decode_context *ctx)
-{
- ctx->i = 0;
-}
-
-/* If CTX->i is 0 or 4, there are four or more bytes in [*IN..IN_END), and
- none of those four is a newline, then return *IN. Otherwise, copy up to
- 4 - CTX->i non-newline bytes from that range into CTX->buf, starting at
- index CTX->i and setting CTX->i to reflect the number of bytes copied,
- and return CTX->buf. In either case, advance *IN to point to the byte
- after the last one processed, and set *N_NON_NEWLINE to the number of
- verified non-newline bytes accessible through the returned pointer. */
-static const char *
-get_4 (struct base64_decode_context *ctx,
- char const *restrict *in, char const *restrict in_end,
- size_t *n_non_newline)
-{
- if (ctx->i == 4)
- ctx->i = 0;
-
- if (ctx->i == 0)
- {
- char const *t = *in;
- if (4 <= in_end - *in && memchr (t, '\n', 4) == NULL)
- {
- /* This is the common case: no newline. */
- *in += 4;
- *n_non_newline = 4;
- return (const char *) t;
- }
- }
-
- {
- /* Copy non-newline bytes into BUF. */
- char const *p = *in;
- while (p < in_end)
- {
- char c = *p++;
- if (c != '\n')
- {
- ctx->buf[ctx->i++] = c;
- if (ctx->i == 4)
- break;
- }
- }
-
- *in = p;
- *n_non_newline = ctx->i;
- return ctx->buf;
- }
-}
-
-#define return_false \
- do \
- { \
- *outp = out; \
- return false; \
- } \
- while (false)
-
-/* Decode up to four bytes of base64-encoded data, IN, of length INLEN
- into the output buffer, *OUT, of size *OUTLEN bytes. Return true if
- decoding is successful, false otherwise. If *OUTLEN is too small,
- as many bytes as possible are written to *OUT. On return, advance
- *OUT to point to the byte after the last one written, and decrement
- *OUTLEN to reflect the number of bytes remaining in *OUT. */
-static bool
-decode_4 (char const *restrict in, size_t inlen,
- char *restrict *outp, size_t *outleft)
-{
- char *out = *outp;
- if (inlen < 2)
- return false;
-
- if (!isbase64 (in[0]) || !isbase64 (in[1]))
- return false;
-
- if (*outleft)
- {
- *out++ = ((b64[to_uchar (in[0])] << 2)
- | (b64[to_uchar (in[1])] >> 4));
- --*outleft;
- }
-
- if (inlen == 2)
- return_false;
-
- if (in[2] == '=')
- {
- if (inlen != 4)
- return_false;
-
- if (in[3] != '=')
- return_false;
- }
- else
- {
- if (!isbase64 (in[2]))
- return_false;
-
- if (*outleft)
- {
- *out++ = (((b64[to_uchar (in[1])] << 4) & 0xf0)
- | (b64[to_uchar (in[2])] >> 2));
- --*outleft;
- }
-
- if (inlen == 3)
- return_false;
-
- if (in[3] == '=')
- {
- if (inlen != 4)
- return_false;
- }
- else
- {
- if (!isbase64 (in[3]))
- return_false;
-
- if (*outleft)
- {
- *out++ = (((b64[to_uchar (in[2])] << 6) & 0xc0)
- | b64[to_uchar (in[3])]);
- --*outleft;
- }
- }
- }
-
- *outp = out;
- return true;
-}
-
-/* Decode base64-encoded input array IN of length INLEN to output array
- OUT that can hold *OUTLEN bytes. The input data may be interspersed
- with newlines. Return true if decoding was successful, i.e. if the
- input was valid base64 data, false otherwise. If *OUTLEN is too
- small, as many bytes as possible will be written to OUT. On return,
- *OUTLEN holds the length of decoded bytes in OUT. Note that as soon
- as any non-alphabet, non-newline character is encountered, decoding
- is stopped and false is returned. If INLEN is zero, then process
- only whatever data is stored in CTX.
-
- Initially, CTX must have been initialized via base64_decode_ctx_init.
- Subsequent calls to this function must reuse whatever state is recorded
- in that buffer. It is necessary for when a quadruple of base64 input
- bytes spans two input buffers.
-
- If CTX is NULL then newlines are treated as garbage and the input
- buffer is processed as a unit. */
-
-bool
-base64_decode_ctx (struct base64_decode_context *ctx,
- const char *restrict in, size_t inlen,
- char *restrict out, size_t *outlen)
-{
- size_t outleft = *outlen;
- bool ignore_newlines = ctx != NULL;
- bool flush_ctx = false;
- unsigned int ctx_i = 0;
-
- if (ignore_newlines)
- {
- ctx_i = ctx->i;
- flush_ctx = inlen == 0;
- }
-
-
- while (true)
- {
- size_t outleft_save = outleft;
- if (ctx_i == 0 && !flush_ctx)
- {
- while (true)
- {
- /* Save a copy of outleft, in case we need to re-parse this
- block of four bytes. */
- outleft_save = outleft;
- if (!decode_4 (in, inlen, &out, &outleft))
- break;
-
- in += 4;
- inlen -= 4;
- }
- }
-
- if (inlen == 0 && !flush_ctx)
- break;
-
- /* Handle the common case of 72-byte wrapped lines.
- This also handles any other multiple-of-4-byte wrapping. */
- if (inlen && *in == '\n' && ignore_newlines)
- {
- ++in;
- --inlen;
- continue;
- }
-
- /* Restore OUT and OUTLEFT. */
- out -= outleft_save - outleft;
- outleft = outleft_save;
-
- {
- char const *in_end = in + inlen;
- char const *non_nl;
-
- if (ignore_newlines)
- non_nl = get_4 (ctx, &in, in_end, &inlen);
- else
- non_nl = in; /* Might have nl in this case. */
-
- /* If the input is empty or consists solely of newlines (0 non-newlines),
- then we're done. Likewise if there are fewer than 4 bytes when not
- flushing context and not treating newlines as garbage. */
- if (inlen == 0 || (inlen < 4 && !flush_ctx && ignore_newlines))
- {
- inlen = 0;
- break;
- }
- if (!decode_4 (non_nl, inlen, &out, &outleft))
- break;
-
- inlen = in_end - in;
- }
- }
-
- *outlen -= outleft;
-
- return inlen == 0;
-}
-
-/* Allocate an output buffer in *OUT, and decode the base64 encoded
- data stored in IN of size INLEN to the *OUT buffer. On return, the
- size of the decoded data is stored in *OUTLEN. OUTLEN may be NULL,
- if the caller is not interested in the decoded length. *OUT may be
- NULL to indicate an out of memory error, in which case *OUTLEN
- contains the size of the memory block needed. The function returns
- true on successful decoding and memory allocation errors. (Use the
- *OUT and *OUTLEN parameters to differentiate between successful
- decoding and memory error.) The function returns false if the
- input was invalid, in which case *OUT is NULL and *OUTLEN is
- undefined. */
-bool
-base64_decode_alloc_ctx (struct base64_decode_context *ctx,
- const char *in, size_t inlen, char **out,
- size_t *outlen)
-{
- /* This may allocate a few bytes too many, depending on input,
- but it's not worth the extra CPU time to compute the exact size.
- The exact size is 3 * (inlen + (ctx ? ctx->i : 0)) / 4, minus 1 if the
- input ends with "=" and minus another 1 if the input ends with "==".
- Dividing before multiplying avoids the possibility of overflow. */
- size_t needlen = 3 * (inlen / 4) + 3;
-
- *out = malloc (needlen);
- if (!*out)
- return true;
-
- if (!base64_decode_ctx (ctx, in, inlen, *out, &needlen))
- {
- free (*out);
- *out = NULL;
- return false;
- }
-
- if (outlen)
- *outlen = needlen;
-
- return true;
-}
+++ /dev/null
-/* base64.h -- Encode binary data using printable characters.
- Copyright (C) 2004-2006, 2009-2019 Free Software Foundation, Inc.
- Written by Simon Josefsson.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, see <https://www.gnu.org/licenses/>. */
-
-#ifndef BASE64_H
-# define BASE64_H
-
-/* Get size_t. */
-# include <stddef.h>
-
-/* Get bool. */
-# include <stdbool.h>
-
-# ifdef __cplusplus
-extern "C" {
-# endif
-
-/* This uses that the expression (n+(k-1))/k means the smallest
- integer >= n/k, i.e., the ceiling of n/k. */
-# define BASE64_LENGTH(inlen) ((((inlen) + 2) / 3) * 4)
-
-struct base64_decode_context
-{
- unsigned int i;
- char buf[4];
-};
-
-extern bool isbase64 (char ch) __attribute__ ((__const__));
-
-extern void base64_encode (const char *restrict in, size_t inlen,
- char *restrict out, size_t outlen);
-
-extern size_t base64_encode_alloc (const char *in, size_t inlen, char **out);
-
-extern void base64_decode_ctx_init (struct base64_decode_context *ctx);
-
-extern bool base64_decode_ctx (struct base64_decode_context *ctx,
- const char *restrict in, size_t inlen,
- char *restrict out, size_t *outlen);
-
-extern bool base64_decode_alloc_ctx (struct base64_decode_context *ctx,
- const char *in, size_t inlen,
- char **out, size_t *outlen);
-
-#define base64_decode(in, inlen, out, outlen) \
- base64_decode_ctx (NULL, in, inlen, out, outlen)
-
-#define base64_decode_alloc(in, inlen, out, outlen) \
- base64_decode_alloc_ctx (NULL, in, inlen, out, outlen)
-
-# ifdef __cplusplus
-}
-# endif
-
-#endif /* BASE64_H */
/*
* BITLK (BitLocker-compatible) volume handling
*
- * Copyright (C) 2019-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2021 Milan Broz
- * Copyright (C) 2019-2021 Vojtech Trefny
+ * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2023 Milan Broz
+ * Copyright (C) 2019-2023 Vojtech Trefny
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <string.h>
#include <uuid/uuid.h>
#include <time.h>
-#include <iconv.h>
#include <limits.h>
#include "bitlk.h"
}
}
-/* TODO -- move to some utils file */
-static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep)
-{
- int i;
- for(i = 0; i < n; i++)
- log_std(cd, "%02hhx%s", (const char)d[i], sep);
-}
-
static uint64_t filetime_to_unixtime(uint64_t time)
{
return (time - EPOCH_AS_FILETIME) / HUNDREDS_OF_NANOSECONDS;
}
-static int convert_to_utf8(struct crypt_device *cd, uint8_t *input, size_t inlen, char **out)
-{
- char *outbuf = NULL;
- iconv_t ic;
- size_t ic_inlen = inlen;
- size_t ic_outlen = inlen;
- char *ic_outbuf = NULL;
- size_t r = 0;
-
- outbuf = malloc(inlen);
- if (outbuf == NULL)
- return -ENOMEM;
-
- memset(outbuf, 0, inlen);
- ic_outbuf = outbuf;
-
- ic = iconv_open("UTF-8", "UTF-16LE");
- r = iconv(ic, (char **) &input, &ic_inlen, &ic_outbuf, &ic_outlen);
- iconv_close(ic);
-
- if (r == 0)
- *out = strdup(outbuf);
- else {
- *out = NULL;
- log_dbg(cd, "Failed to convert volume description: %s", strerror(errno));
- r = 0;
- }
-
- free(outbuf);
- return r;
-}
-
-static int passphrase_to_utf16(struct crypt_device *cd, char *input, size_t inlen, char **out)
-{
- char *outbuf = NULL;
- iconv_t ic;
- size_t ic_inlen = inlen;
- size_t ic_outlen = inlen * 2;
- char *ic_outbuf = NULL;
- size_t r = 0;
-
- if (inlen == 0)
- return r;
-
- outbuf = crypt_safe_alloc(inlen * 2);
- if (outbuf == NULL)
- return -ENOMEM;
-
- memset(outbuf, 0, inlen * 2);
- ic_outbuf = outbuf;
-
- ic = iconv_open("UTF-16LE", "UTF-8");
- r = iconv(ic, &input, &ic_inlen, &ic_outbuf, &ic_outlen);
- iconv_close(ic);
-
- if (r == 0) {
- *out = outbuf;
- } else {
- *out = NULL;
- crypt_safe_free(outbuf);
- log_dbg(cd, "Failed to convert passphrase: %s", strerror(errno));
- r = -errno;
- }
-
- return r;
-}
-
static int parse_vmk_entry(struct crypt_device *cd, uint8_t *data, int start, int end, struct bitlk_vmk **vmk)
{
uint16_t key_entry_size = 0;
const char *key = NULL;
struct volume_key *vk = NULL;
bool supported = false;
+ int r = 0;
/* only passphrase or recovery passphrase vmks are supported (can be used to activate) */
supported = (*vmk)->protection == BITLK_PROTECTION_PASSPHRASE ||
(*vmk)->protection == BITLK_PROTECTION_RECOVERY_PASSPHRASE ||
(*vmk)->protection == BITLK_PROTECTION_STARTUP_KEY;
- while (end - start > 2) {
+ while ((end - start) >= (ssize_t)(sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value))) {
/* size of this entry */
memcpy(&key_entry_size, data + start, sizeof(key_entry_size));
key_entry_size = le16_to_cpu(key_entry_size);
if (key_entry_size == 0)
break;
+ if (key_entry_size > (end - start))
+ return -EINVAL;
+
/* type and value of this entry */
memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type));
memcpy(&key_entry_value,
}
/* stretch key with salt, skip 4 B (encryption method of the stretch key) */
- if (key_entry_value == BITLK_ENTRY_VALUE_STRETCH_KEY)
+ if (key_entry_value == BITLK_ENTRY_VALUE_STRETCH_KEY) {
+ if ((end - start) < (BITLK_ENTRY_HEADER_LEN + BITLK_SALT_SIZE + 4))
+ return -EINVAL;
memcpy((*vmk)->salt,
data + start + BITLK_ENTRY_HEADER_LEN + 4,
- sizeof((*vmk)->salt));
+ BITLK_SALT_SIZE);
/* AES-CCM encrypted key */
- else if (key_entry_value == BITLK_ENTRY_VALUE_ENCRYPTED_KEY) {
+ } else if (key_entry_value == BITLK_ENTRY_VALUE_ENCRYPTED_KEY) {
+ if (key_entry_size < (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE))
+ return -EINVAL;
/* nonce */
memcpy((*vmk)->nonce,
data + start + BITLK_ENTRY_HEADER_LEN,
- sizeof((*vmk)->nonce));
+ BITLK_NONCE_SIZE);
/* MAC tag */
memcpy((*vmk)->mac_tag,
data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE,
- sizeof((*vmk)->mac_tag));
+ BITLK_VMK_MAC_TAG_SIZE);
/* AES-CCM encrypted key */
key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE);
key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE;
} else if (key_entry_value == BITLK_ENTRY_VALUE_RECOVERY_TIME) {
;
} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING) {
- if (convert_to_utf8(cd, data + start + BITLK_ENTRY_HEADER_LEN, key_entry_size - BITLK_ENTRY_HEADER_LEN, &string) < 0) {
- log_err(cd, _("Invalid string found when parsing Volume Master Key."));
+ if (key_entry_size < BITLK_ENTRY_HEADER_LEN)
+ return -EINVAL;
+ string = malloc((key_entry_size - BITLK_ENTRY_HEADER_LEN) * 2 + 1);
+ if (!string)
+ return -ENOMEM;
+ r = crypt_utf16_to_utf8(&string, CONST_CAST(char16_t *)(data + start + BITLK_ENTRY_HEADER_LEN),
+ key_entry_size - BITLK_ENTRY_HEADER_LEN);
+ if (r < 0 || !string) {
free(string);
+ log_err(cd, _("Invalid string found when parsing Volume Master Key."));
return -EINVAL;
} else if ((*vmk)->name != NULL) {
if (supported) {
struct bitlk_fve_metadata fve = {};
struct bitlk_entry_vmk entry_vmk = {};
uint8_t *fve_entries = NULL;
+ size_t fve_entries_size = 0;
uint32_t fve_metadata_size = 0;
int fve_offset = 0;
char guid_buf[UUID_STR_LEN] = {0};
int i = 0;
int r = 0;
int start = 0;
- int end = 0;
size_t key_size = 0;
const char *key = NULL;
+ char *description = NULL;
struct bitlk_vmk *vmk = NULL;
struct bitlk_vmk *vmk_p = params->vmks;
/* read and check the signature */
if (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), &sig, sizeof(sig), 0) != sizeof(sig)) {
- log_err(cd, _("Failed to read BITLK signature from %s."), device_path(device));
- r = -EINVAL;
+ log_dbg(cd, "Failed to read BITLK signature from %s.", device_path(device));
+ r = -EIO;
goto out;
}
params->togo = true;
fve_offset = BITLK_HEADER_METADATA_OFFSET_TOGO;
} else {
- log_err(cd, _("Invalid or unknown signature for BITLK device."));
+ log_dbg(cd, "Invalid or unknown signature for BITLK device.");
r = -EINVAL;
goto out;
}
le16_to_cpu(fve.curr_state), le16_to_cpu(fve.next_state));
}
+ params->volume_size = le64_to_cpu(fve.volume_size);
params->metadata_version = le16_to_cpu(fve.fve_version);
- fve_metadata_size = le32_to_cpu(fve.metadata_size);
switch (le16_to_cpu(fve.encryption)) {
/* AES-CBC with Elephant difuser */
params->creation_time = filetime_to_unixtime(le64_to_cpu(fve.creation_time));
+ fve_metadata_size = le32_to_cpu(fve.metadata_size);
+ if (fve_metadata_size < (BITLK_FVE_METADATA_HEADER_LEN + sizeof(entry_size) + sizeof(entry_type)) ||
+ fve_metadata_size > BITLK_FVE_METADATA_SIZE) {
+ r = -EINVAL;
+ goto out;
+ }
+ fve_entries_size = fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN;
+
/* read and parse all FVE metadata entries */
- fve_entries = malloc(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN);
+ fve_entries = malloc(fve_entries_size);
if (!fve_entries) {
r = -ENOMEM;
goto out;
}
- memset(fve_entries, 0, (fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN));
+ memset(fve_entries, 0, fve_entries_size);
- log_dbg(cd, "Reading BITLK FVE metadata entries of size %" PRIu32 " on device %s, offset %" PRIu64 ".",
- fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN, device_path(device),
- params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN);
+ log_dbg(cd, "Reading BITLK FVE metadata entries of size %zu on device %s, offset %" PRIu64 ".",
+ fve_entries_size, device_path(device), params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN);
if (read_lseek_blockwise(devfd, device_block_size(cd, device),
- device_alignment(device), fve_entries, fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN,
- params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != (ssize_t)(fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN)) {
+ device_alignment(device), fve_entries, fve_entries_size,
+ params->metadata_offset[0] + BITLK_FVE_METADATA_HEADERS_LEN) != (ssize_t)fve_entries_size) {
log_err(cd, _("Failed to read BITLK metadata entries from %s."), device_path(device));
r = -EINVAL;
goto out;
}
- end = fve_metadata_size - BITLK_FVE_METADATA_HEADER_LEN;
- while (end - start > 2) {
+ while ((fve_entries_size - start) >= (sizeof(entry_size) + sizeof(entry_type))) {
+
/* size of this entry */
memcpy(&entry_size, fve_entries + start, sizeof(entry_size));
entry_size = le16_to_cpu(entry_size);
if (entry_size == 0)
break;
+ if (entry_size > (fve_entries_size - start)) {
+ r = -EINVAL;
+ goto out;
+ }
+
/* type of this entry */
memcpy(&entry_type, fve_entries + start + sizeof(entry_size), sizeof(entry_type));
entry_type = le16_to_cpu(entry_type);
/* VMK */
if (entry_type == BITLK_ENTRY_TYPE_VMK) {
+ if (entry_size < (BITLK_ENTRY_HEADER_LEN + sizeof(entry_vmk))) {
+ r = -EINVAL;
+ goto out;
+ }
/* skip first four variables in the entry (entry size, type, value and version) */
memcpy(&entry_vmk,
fve_entries + start + BITLK_ENTRY_HEADER_LEN,
vmk_p = vmk;
vmk = vmk->next;
/* FVEK */
- } else if (entry_type == BITLK_ENTRY_TYPE_FVEK) {
+ } else if (entry_type == BITLK_ENTRY_TYPE_FVEK && !params->fvek) {
+ if (entry_size < (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE)) {
+ r = -EINVAL;
+ goto out;
+ }
params->fvek = malloc(sizeof(struct bitlk_fvek));
if (!params->fvek) {
r = -ENOMEM;
}
memcpy(params->fvek->nonce,
fve_entries + start + BITLK_ENTRY_HEADER_LEN,
- sizeof(params->fvek->nonce));
+ BITLK_NONCE_SIZE);
/* MAC tag */
memcpy(params->fvek->mac_tag,
fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE,
- sizeof(params->fvek->mac_tag));
+ BITLK_VMK_MAC_TAG_SIZE);
/* AES-CCM encrypted key */
key_size = entry_size - (BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE);
key = (const char *) fve_entries + start + BITLK_ENTRY_HEADER_LEN + BITLK_NONCE_SIZE + BITLK_VMK_MAC_TAG_SIZE;
/* volume header info (location and size) */
} else if (entry_type == BITLK_ENTRY_TYPE_VOLUME_HEADER) {
struct bitlk_entry_header_block entry_header;
+ if ((fve_entries_size - start) < (BITLK_ENTRY_HEADER_LEN + sizeof(entry_header))) {
+ r = -EINVAL;
+ goto out;
+ }
memcpy(&entry_header,
fve_entries + start + BITLK_ENTRY_HEADER_LEN,
sizeof(entry_header));
params->volume_header_offset = le64_to_cpu(entry_header.offset);
params->volume_header_size = le64_to_cpu(entry_header.size);
/* volume description (utf-16 string) */
- } else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION) {
- r = convert_to_utf8(cd, fve_entries + start + BITLK_ENTRY_HEADER_LEN,
- entry_size - BITLK_ENTRY_HEADER_LEN,
- &(params->description));
+ } else if (entry_type == BITLK_ENTRY_TYPE_DESCRIPTION && !params->description) {
+ if (entry_size < BITLK_ENTRY_HEADER_LEN) {
+ r = -EINVAL;
+ goto out;
+ }
+ description = malloc((entry_size - BITLK_ENTRY_HEADER_LEN) * 2 + 1);
+ if (!description) {
+ r = -ENOMEM;
+ goto out;
+ }
+ r = crypt_utf16_to_utf8(&description, CONST_CAST(char16_t *)(fve_entries + start + BITLK_ENTRY_HEADER_LEN),
+ entry_size - BITLK_ENTRY_HEADER_LEN);
if (r < 0) {
+ free(description);
BITLK_bitlk_vmk_free(vmk);
+ log_err(cd, _("Failed to convert BITLK volume description"));
goto out;
}
+ params->description = description;
}
start += entry_size;
log_std(cd, "Version: \t%u\n", params->metadata_version);
log_std(cd, "GUID: \t%s\n", params->guid);
log_std(cd, "Sector size: \t%u [bytes]\n", params->sector_size);
+ log_std(cd, "Volume size: \t%" PRIu64 " [bytes]\n", params->volume_size);
log_std(cd, "Created: \t%s", ctime((time_t *)&(params->creation_time)));
log_std(cd, "Description: \t%s\n", params->description);
log_std(cd, "Cipher name: \t%s\n", params->cipher);
log_std(cd, "\tGUID: \t%s\n", vmk_p->guid);
log_std(cd, "\tProtection: \t%s\n", get_vmk_protection_string (vmk_p->protection));
log_std(cd, "\tSalt: \t");
- hexprint(cd, (const char *) vmk_p->salt, 16, "");
+ crypt_log_hex(cd, (const char *) vmk_p->salt, 16, "", 0, NULL);
log_std(cd, "\n");
vk_p = vmk_p->vk;
- each part is a number dividable by 11
*/
if (passwordLen != BITLK_RECOVERY_KEY_LEN) {
- if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') {
- /* looks like a recovery key with an extra newline, possibly from a key file */
- passwordLen--;
- log_dbg(cd, "Possible extra EOL stripped from the recovery key.");
- } else
- return 0;
- }
+ if (passwordLen == BITLK_RECOVERY_KEY_LEN + 1 && password[passwordLen - 1] == '\n') {
+ /* looks like a recovery key with an extra newline, possibly from a key file */
+ passwordLen--;
+ log_dbg(cd, "Possible extra EOL stripped from the recovery key.");
+ } else
+ return 0;
+ }
for (i = BITLK_RECOVERY_PART_LEN; i < passwordLen; i += BITLK_RECOVERY_PART_LEN + 1) {
if (password[i] != '-')
return 0;
}
-static int parse_external_key_entry(struct crypt_device *cd, const char *data, int start, int end, struct volume_key **vk)
+static int parse_external_key_entry(struct crypt_device *cd,
+ const char *data,
+ int start,
+ int end,
+ struct volume_key **vk,
+ const struct bitlk_metadata *params)
{
uint16_t key_entry_size = 0;
uint16_t key_entry_type = 0;
uint16_t key_entry_value = 0;
size_t key_size = 0;
const char *key = NULL;
+ struct bitlk_guid guid;
+ char guid_buf[UUID_STR_LEN] = {0};
- while (end - start > 2) {
+ while ((end - start) >= (ssize_t)(sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value))) {
/* size of this entry */
memcpy(&key_entry_size, data + start, sizeof(key_entry_size));
key_entry_size = le16_to_cpu(key_entry_size);
if (key_entry_size == 0)
break;
+ if (key_entry_size > (end - start))
+ return -EINVAL;
+
/* type and value of this entry */
memcpy(&key_entry_type, data + start + sizeof(key_entry_size), sizeof(key_entry_type));
memcpy(&key_entry_value,
key_entry_type = le16_to_cpu(key_entry_type);
key_entry_value = le16_to_cpu(key_entry_value);
- /* only properties should be in this entry */
- if (key_entry_type != BITLK_ENTRY_TYPE_PROPERTY) {
+ if (key_entry_type != BITLK_ENTRY_TYPE_PROPERTY && key_entry_type != BITLK_ENTRY_TYPE_VOLUME_GUID) {
log_err(cd, _("Unexpected metadata entry type '%u' found when parsing external key."), key_entry_type);
return -EINVAL;
}
if (key_entry_value == BITLK_ENTRY_VALUE_KEY) {
+ if (key_entry_size < (BITLK_ENTRY_HEADER_LEN + 4))
+ return -EINVAL;
key_size = key_entry_size - (BITLK_ENTRY_HEADER_LEN + 4);
key = (const char *) data + start + BITLK_ENTRY_HEADER_LEN + 4;
*vk = crypt_alloc_volume_key(key_size, key);
/* optional "ExternalKey" string, we can safely ignore it */
} else if (key_entry_value == BITLK_ENTRY_VALUE_STRING)
;
- else {
+ /* GUID of the BitLocker device we are trying to open with this key */
+ else if (key_entry_value == BITLK_ENTRY_VALUE_GUID) {
+ if ((end - start) < (ssize_t)(BITLK_ENTRY_HEADER_LEN + sizeof(struct bitlk_guid)))
+ return -EINVAL;
+ memcpy(&guid, data + start + BITLK_ENTRY_HEADER_LEN, sizeof(struct bitlk_guid));
+ guid_to_string(&guid, guid_buf);
+ if (strcmp(guid_buf, params->guid) != 0) {
+ log_err(cd, _("BEK file GUID '%s' does not match GUID of the volume."), guid_buf);
+ return -EINVAL;
+ }
+ } else {
log_err(cd, _("Unexpected metadata entry value '%u' found when parsing external key."), key_entry_value);
return -EINVAL;
}
const char *password,
size_t passwordLen,
const struct bitlk_vmk *vmk,
- struct volume_key **su_key)
+ struct volume_key **su_key,
+ const struct bitlk_metadata *params)
{
struct bitlk_bek_header bek_header = {0};
char guid_buf[UUID_STR_LEN] = {0};
uint16_t key_entry_type = 0;
uint16_t key_entry_value = 0;
- if (passwordLen < BITLK_BEK_FILE_HEADER_LEN)
+ if (passwordLen < (BITLK_BEK_FILE_HEADER_LEN + sizeof(key_entry_size) + sizeof(key_entry_type) + sizeof(key_entry_value)))
return -EPERM;
memcpy(&bek_header, password, BITLK_BEK_FILE_HEADER_LEN);
else
return -EPERM;
- if (bek_header.metadata_version != 1) {
- log_err(cd, "Unsupported BEK metadata version %" PRIu32 "", bek_header.metadata_version);
+ if (le32_to_cpu(bek_header.metadata_version) != 1) {
+ log_err(cd, _("Unsupported BEK metadata version %" PRIu32), le32_to_cpu(bek_header.metadata_version));
return -ENOTSUP;
}
- if (bek_header.metadata_size != passwordLen) {
- log_err(cd, "Unexpected BEK metadata size %" PRIu32 " does not match BEK file length", bek_header.metadata_size);
+ if (le32_to_cpu(bek_header.metadata_size) != passwordLen) {
+ log_err(cd, _("Unexpected BEK metadata size %" PRIu32 " does not match BEK file length"),
+ le32_to_cpu(bek_header.metadata_size));
return -EINVAL;
}
if (key_entry_type == BITLK_ENTRY_TYPE_STARTUP_KEY && key_entry_value == BITLK_ENTRY_VALUE_EXTERNAL_KEY) {
return parse_external_key_entry(cd, password,
BITLK_BEK_FILE_HEADER_LEN + BITLK_ENTRY_HEADER_LEN + BITLK_STARTUP_KEY_HEADER_LEN,
- passwordLen, su_key);
+ passwordLen, su_key, params);
} else {
log_err(cd, _("Unexpected metadata entry found when parsing startup key."));
log_dbg(cd, "Entry type: %u, entry value: %u", key_entry_type, key_entry_value);
struct bitlk_kdf_data kdf = {};
struct crypt_hash *hd = NULL;
int len = 0;
- char *utf16Password = NULL;
+ char16_t *utf16Password = NULL;
int i = 0;
int r = 0;
if (!recovery) {
/* passphrase: convert to UTF-16 first, then sha256(sha256(pw)) */
- r = passphrase_to_utf16(cd, CONST_CAST(char*)password, passwordLen, &utf16Password);
+ utf16Password = crypt_safe_alloc(sizeof(char16_t) * (passwordLen + 1));
+ if (!utf16Password) {
+ r = -ENOMEM;
+ goto out;
+ }
+ r = crypt_utf8_to_utf16(&utf16Password, CONST_CAST(char*)password, passwordLen);
if (r < 0)
goto out;
- crypt_hash_write(hd, utf16Password, passwordLen * 2);
+ crypt_hash_write(hd, (char*)utf16Password, passwordLen * 2);
r = crypt_hash_final(hd, kdf.initial_sha256, len);
if (r < 0)
goto out;
return r;
}
-int BITLK_activate(struct crypt_device *cd,
- const char *name,
- const char *password,
- size_t passwordLen,
- const struct bitlk_metadata *params,
- uint32_t flags)
+int BITLK_get_volume_key(struct crypt_device *cd,
+ const char *password,
+ size_t passwordLen,
+ const struct bitlk_metadata *params,
+ struct volume_key **open_fvek_key)
{
int r = 0;
- int i = 0;
- int j = 0;
- int min = 0;
- int num_segments = 0;
- struct crypt_dm_active_device dmd = {
- .flags = flags,
- };
- struct dm_target *next_segment = NULL;
struct volume_key *open_vmk_key = NULL;
- struct volume_key *open_fvek_key = NULL;
struct volume_key *vmk_dec_key = NULL;
struct volume_key *recovery_key = NULL;
const struct bitlk_vmk *next_vmk = NULL;
- struct segment segments[MAX_BITLK_SEGMENTS] = {};
- struct segment temp;
- uint64_t next_start = 0;
- uint64_t next_end = 0;
- uint64_t last_segment = 0;
- uint32_t dmt_flags;
-
- if (!params->state) {
- log_err(cd, _("This BITLK device is in an unsupported state and cannot be activated."));
- r = -ENOTSUP;
- goto out;
- }
-
- if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
- log_err(cd, _("BITLK devices with type '%s' cannot be activated."), get_bitlk_type_string(params->type));
- r = -ENOTSUP;
- goto out;
- }
next_vmk = params->vmks;
while (next_vmk) {
if (r)
return r;
} else if (next_vmk->protection == BITLK_PROTECTION_STARTUP_KEY) {
- r = get_startup_key(cd, password, passwordLen, next_vmk, &vmk_dec_key);
+ r = get_startup_key(cd, password, passwordLen, next_vmk, &vmk_dec_key, params);
if (r) {
next_vmk = next_vmk->next;
continue;
}
crypt_free_volume_key(vmk_dec_key);
- r = decrypt_key(cd, &open_fvek_key, params->fvek->vk, open_vmk_key,
+ r = decrypt_key(cd, open_fvek_key, params->fvek->vk, open_vmk_key,
params->fvek->mac_tag, BITLK_VMK_MAC_TAG_SIZE,
params->fvek->nonce, BITLK_NONCE_SIZE, true);
if (r < 0) {
return r;
}
- /* Password verify only */
- if (!name) {
- crypt_free_volume_key(open_fvek_key);
- return r;
+ return 0;
+}
+
+static int _activate_check(struct crypt_device *cd,
+ const struct bitlk_metadata *params)
+{
+ const struct bitlk_vmk *next_vmk = NULL;
+
+ if (!params->state) {
+ log_err(cd, _("This BITLK device is in an unsupported state and cannot be activated."));
+ return -ENOTSUP;
+ }
+
+ if (params->type != BITLK_ENCRYPTION_TYPE_NORMAL) {
+ log_err(cd, _("BITLK devices with type '%s' cannot be activated."), get_bitlk_type_string(params->type));
+ return -ENOTSUP;
}
next_vmk = params->vmks;
while (next_vmk) {
if (next_vmk->protection == BITLK_PROTECTION_CLEAR_KEY) {
- crypt_free_volume_key(open_fvek_key);
log_err(cd, _("Activation of partially decrypted BITLK device is not supported."));
return -ENOTSUP;
}
next_vmk = next_vmk->next;
}
+ return 0;
+}
+
+static int _activate(struct crypt_device *cd,
+ const char *name,
+ struct volume_key *open_fvek_key,
+ const struct bitlk_metadata *params,
+ uint32_t flags)
+{
+ int r = 0;
+ int i = 0;
+ int j = 0;
+ int min = 0;
+ int num_segments = 0;
+ struct crypt_dm_active_device dmd = {
+ .flags = flags,
+ };
+ struct dm_target *next_segment = NULL;
+ struct segment segments[MAX_BITLK_SEGMENTS] = {};
+ struct segment temp;
+ uint64_t next_start = 0;
+ uint64_t next_end = 0;
+ uint64_t last_segment = 0;
+ uint32_t dmt_flags = 0;
+
+ r = _activate_check(cd, params);
+ if (r)
+ return r;
+
r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
0, &dmd.size, &dmd.flags);
- if (r) {
- crypt_free_volume_key(open_fvek_key);
+ if (r)
return r;
- }
+
+ if (dmd.size * SECTOR_SIZE != params->volume_size)
+ log_std(cd, _("WARNING: BitLocker volume size %" PRIu64 " does not match the underlying device size %" PRIu64 ""),
+ params->volume_size,
+ dmd.size * SECTOR_SIZE);
/* there will be always 4 dm-zero segments: 3x metadata, 1x FS header */
for (i = 0; i < 3; i++) {
log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."));
r = -ENOTSUP;
}
+ if ((dmd.flags & CRYPT_ACTIVATE_IV_LARGE_SECTORS) && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED)) {
+ log_err(cd, _("Cannot activate device, kernel dm-crypt is missing support for large sector size."));
+ r = -ENOTSUP;
+ }
+ if (dm_flags(cd, DM_ZERO, &dmt_flags) < 0) {
+ log_err(cd, _("Cannot activate device, kernel dm-zero module is missing."));
+ r = -ENOTSUP;
+ }
}
out:
dm_targets_free(cd, &dmd);
+ return r;
+}
+
+int BITLK_activate_by_passphrase(struct crypt_device *cd,
+ const char *name,
+ const char *password,
+ size_t passwordLen,
+ const struct bitlk_metadata *params,
+ uint32_t flags)
+{
+ int r = 0;
+ struct volume_key *open_fvek_key = NULL;
+
+ r = _activate_check(cd, params);
+ if (r)
+ return r;
+
+ r = BITLK_get_volume_key(cd, password, passwordLen, params, &open_fvek_key);
+ if (r < 0)
+ goto out;
+
+ /* Password verify only */
+ if (!name)
+ goto out;
+
+ r = _activate(cd, name, open_fvek_key, params, flags);
+out:
+ crypt_free_volume_key(open_fvek_key);
+ return r;
+}
+
+int BITLK_activate_by_volume_key(struct crypt_device *cd,
+ const char *name,
+ const char *volume_key,
+ size_t volume_key_size,
+ const struct bitlk_metadata *params,
+ uint32_t flags)
+{
+ int r = 0;
+ struct volume_key *open_fvek_key = NULL;
+
+ r = _activate_check(cd, params);
+ if (r)
+ return r;
+
+ open_fvek_key = crypt_alloc_volume_key(volume_key_size, volume_key);
+ if (!open_fvek_key)
+ return -ENOMEM;
+
+ r = _activate(cd, name, open_fvek_key, params, flags);
+
crypt_free_volume_key(open_fvek_key);
return r;
}
/*
* BITLK (BitLocker-compatible) header definition
*
- * Copyright (C) 2019-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2019-2021 Milan Broz
- * Copyright (C) 2019-2021 Vojtech Trefny
+ * Copyright (C) 2019-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2019-2023 Milan Broz
+ * Copyright (C) 2019-2023 Vojtech Trefny
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
struct crypt_device;
struct device;
+struct volume_key;
#define BITLK_NONCE_SIZE 12
#define BITLK_SALT_SIZE 16
BITLK_ENTRY_TYPE_STARTUP_KEY = 0x0006,
BITLK_ENTRY_TYPE_DESCRIPTION = 0x0007,
BITLK_ENTRY_TYPE_VOLUME_HEADER = 0x000f,
+ BITLK_ENTRY_TYPE_VOLUME_GUID = 0x0019,
} BITLKFVEEntryType;
typedef enum {
BITLK_ENTRY_VALUE_EXTERNAL_KEY = 0x0009,
BITLK_ENTRY_VALUE_OFFSET_SIZE = 0x000f,
BITLK_ENTRY_VALUE_RECOVERY_TIME = 0x015,
+ BITLK_ENTRY_VALUE_GUID = 0x0017,
} BITLKFVEEntryValue;
struct bitlk_vmk {
struct bitlk_metadata {
uint16_t sector_size;
+ uint64_t volume_size;
bool togo;
bool state;
BITLKEncryptionType type;
int BITLK_dump(struct crypt_device *cd, struct device *device, struct bitlk_metadata *params);
-int BITLK_activate(struct crypt_device *cd,
- const char *name,
- const char *password,
- size_t passwordLen,
- const struct bitlk_metadata *params,
- uint32_t flags);
+int BITLK_get_volume_key(struct crypt_device *cd,
+ const char *password,
+ size_t passwordLen,
+ const struct bitlk_metadata *params,
+ struct volume_key **open_fvek_key);
+
+int BITLK_activate_by_passphrase(struct crypt_device *cd,
+ const char *name,
+ const char *password,
+ size_t passwordLen,
+ const struct bitlk_metadata *params,
+ uint32_t flags);
+
+int BITLK_activate_by_volume_key(struct crypt_device *cd,
+ const char *name,
+ const char *volume_key,
+ size_t volume_key_size,
+ const struct bitlk_metadata *params,
+ uint32_t flags);
void BITLK_bitlk_fvek_free(struct bitlk_fvek *fvek);
void BITLK_bitlk_vmk_free(struct bitlk_vmk *vmk);
* cryptsetup plain device helper functions
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
lib/crypto_backend/crypto_storage.c \
lib/crypto_backend/pbkdf_check.c \
lib/crypto_backend/crc32.c \
+ lib/crypto_backend/base64.c \
+ lib/crypto_backend/utf8.c \
lib/crypto_backend/argon2_generic.c \
lib/crypto_backend/cipher_generic.c \
lib/crypto_backend/cipher_check.c
}
}
-void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
+void secure_wipe_memory(void *v, size_t n) {
SecureZeroMemory(v, n);
+}
#elif defined memset_s
+void secure_wipe_memory(void *v, size_t n) {
memset_s(v, n, 0, n);
+}
#elif defined(HAVE_EXPLICIT_BZERO)
+void secure_wipe_memory(void *v, size_t n) {
explicit_bzero(v, n);
+}
#else
+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
memset_sec(v, 0, n);
-#endif
}
+#endif
/* Memory clear flag defaults to true. */
int FLAG_clear_internal_memory = 1;
{
argon2_thread_data *my_data = thread_data;
fill_segment(my_data->instance_ptr, my_data->pos);
- argon2_thread_exit();
return 0;
}
#endif
}
-void argon2_thread_exit(void) {
-#if defined(_WIN32)
- _endthreadex(0);
-#else
- pthread_exit(NULL);
-#endif
-}
-
#endif /* ARGON2_NO_THREADS */
*/
int argon2_thread_join(argon2_thread_handle_t handle);
-/* Terminate the current thread. Must be run inside a thread created by
- * argon2_thread_create.
-*/
-void argon2_thread_exit(void);
-
#endif /* ARGON2_NO_THREADS */
#endif
/*
* Argon2 PBKDF2 library wrapper
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Milan Broz
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
--- /dev/null
+/*
+ * Base64 "Not encryption" helpers, copied and adapted from systemd project.
+ *
+ * Copyright (C) 2010 Lennart Poettering
+ *
+ * cryptsetup related changes
+ * Copyright (C) 2021-2023 Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <limits.h>
+
+#include "crypto_backend.h"
+
+#define WHITESPACE " \t\n\r"
+
+/* https://tools.ietf.org/html/rfc4648#section-4 */
+static char base64char(int x)
+{
+ static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789+/";
+ return table[x & 63];
+}
+
+static int unbase64char(char c)
+{
+ unsigned offset;
+
+ if (c >= 'A' && c <= 'Z')
+ return c - 'A';
+
+ offset = 'Z' - 'A' + 1;
+
+ if (c >= 'a' && c <= 'z')
+ return c - 'a' + offset;
+
+ offset += 'z' - 'a' + 1;
+
+ if (c >= '0' && c <= '9')
+ return c - '0' + offset;
+
+ offset += '9' - '0' + 1;
+
+ if (c == '+')
+ return offset;
+
+ offset++;
+
+ if (c == '/')
+ return offset;
+
+ return -EINVAL;
+}
+
+int crypt_base64_encode(char **out, size_t *out_length, const char *in, size_t in_length)
+{
+ char *r, *z;
+ const uint8_t *x;
+
+ assert(in || in_length == 0);
+ assert(out);
+
+ /* three input bytes makes four output bytes, padding is added so we must round up */
+ z = r = malloc(4 * (in_length + 2) / 3 + 1);
+ if (!r)
+ return -ENOMEM;
+
+ for (x = (const uint8_t *)in; x < (const uint8_t*)in + (in_length / 3) * 3; x += 3) {
+ /* x[0] == XXXXXXXX; x[1] == YYYYYYYY; x[2] == ZZZZZZZZ */
+ *(z++) = base64char(x[0] >> 2); /* 00XXXXXX */
+ *(z++) = base64char((x[0] & 3) << 4 | x[1] >> 4); /* 00XXYYYY */
+ *(z++) = base64char((x[1] & 15) << 2 | x[2] >> 6); /* 00YYYYZZ */
+ *(z++) = base64char(x[2] & 63); /* 00ZZZZZZ */
+ }
+
+ switch (in_length % 3) {
+ case 2:
+ *(z++) = base64char(x[0] >> 2); /* 00XXXXXX */
+ *(z++) = base64char((x[0] & 3) << 4 | x[1] >> 4); /* 00XXYYYY */
+ *(z++) = base64char((x[1] & 15) << 2); /* 00YYYY00 */
+ *(z++) = '=';
+
+ break;
+ case 1:
+ *(z++) = base64char(x[0] >> 2); /* 00XXXXXX */
+ *(z++) = base64char((x[0] & 3) << 4); /* 00XX0000 */
+ *(z++) = '=';
+ *(z++) = '=';
+
+ break;
+ }
+
+ *z = 0;
+ *out = r;
+ if (out_length)
+ *out_length = z - r;
+ return 0;
+}
+
+static int unbase64_next(const char **p, size_t *l)
+{
+ int ret;
+
+ assert(p);
+ assert(l);
+
+ /* Find the next non-whitespace character, and decode it. If we find padding, we return it as INT_MAX. We
+ * greedily skip all preceding and all following whitespace. */
+
+ for (;;) {
+ if (*l == 0)
+ return -EPIPE;
+
+ if (!strchr(WHITESPACE, **p))
+ break;
+
+ /* Skip leading whitespace */
+ (*p)++, (*l)--;
+ }
+
+ if (**p == '=')
+ ret = INT_MAX; /* return padding as INT_MAX */
+ else {
+ ret = unbase64char(**p);
+ if (ret < 0)
+ return ret;
+ }
+
+ for (;;) {
+ (*p)++, (*l)--;
+
+ if (*l == 0)
+ break;
+ if (!strchr(WHITESPACE, **p))
+ break;
+
+ /* Skip following whitespace */
+ }
+
+ return ret;
+}
+
+int crypt_base64_decode(char **out, size_t *out_length, const char *in, size_t in_length)
+{
+ uint8_t *buf = NULL;
+ const char *x;
+ uint8_t *z;
+ size_t len;
+ int r;
+
+ assert(in || in_length == 0);
+ assert(out);
+ assert(out_length);
+
+ if (in_length == (size_t) -1)
+ in_length = strlen(in);
+
+ /* A group of four input bytes needs three output bytes, in case of padding we need to add two or three extra
+ * bytes. Note that this calculation is an upper boundary, as we ignore whitespace while decoding */
+ len = (in_length / 4) * 3 + (in_length % 4 != 0 ? (in_length % 4) - 1 : 0);
+
+ buf = malloc(len + 1);
+ if (!buf)
+ return -ENOMEM;
+
+ for (x = in, z = buf;;) {
+ int a, b, c, d; /* a == 00XXXXXX; b == 00YYYYYY; c == 00ZZZZZZ; d == 00WWWWWW */
+
+ a = unbase64_next(&x, &in_length);
+ if (a == -EPIPE) /* End of string */
+ break;
+ if (a < 0) {
+ r = a;
+ goto err;
+ }
+ if (a == INT_MAX) { /* Padding is not allowed at the beginning of a 4ch block */
+ r = -EINVAL;
+ goto err;
+ }
+
+ b = unbase64_next(&x, &in_length);
+ if (b < 0) {
+ r = b;
+ goto err;
+ }
+ if (b == INT_MAX) { /* Padding is not allowed at the second character of a 4ch block either */
+ r = -EINVAL;
+ goto err;
+ }
+
+ c = unbase64_next(&x, &in_length);
+ if (c < 0) {
+ r = c;
+ goto err;
+ }
+
+ d = unbase64_next(&x, &in_length);
+ if (d < 0) {
+ r = d;
+ goto err;
+ }
+
+ if (c == INT_MAX) { /* Padding at the third character */
+
+ if (d != INT_MAX) { /* If the third character is padding, the fourth must be too */
+ r = -EINVAL;
+ goto err;
+ }
+
+ /* b == 00YY0000 */
+ if (b & 15) {
+ r = -EINVAL;
+ goto err;
+ }
+
+ if (in_length > 0) { /* Trailing rubbish? */
+ r = -ENAMETOOLONG;
+ goto err;
+ }
+
+ *(z++) = (uint8_t) a << 2 | (uint8_t) (b >> 4); /* XXXXXXYY */
+ break;
+ }
+
+ if (d == INT_MAX) {
+ /* c == 00ZZZZ00 */
+ if (c & 3) {
+ r = -EINVAL;
+ goto err;
+ }
+
+ if (in_length > 0) { /* Trailing rubbish? */
+ r = -ENAMETOOLONG;
+ goto err;
+ }
+
+ *(z++) = (uint8_t) a << 2 | (uint8_t) b >> 4; /* XXXXXXYY */
+ *(z++) = (uint8_t) b << 4 | (uint8_t) c >> 2; /* YYYYZZZZ */
+ break;
+ }
+
+ *(z++) = (uint8_t) a << 2 | (uint8_t) b >> 4; /* XXXXXXYY */
+ *(z++) = (uint8_t) b << 4 | (uint8_t) c >> 2; /* YYYYZZZZ */
+ *(z++) = (uint8_t) c << 6 | (uint8_t) d; /* ZZWWWWWW */
+ }
+
+ *z = 0;
+
+ *out_length = (size_t) (z - buf);
+ *out = (char *)buf;
+ return 0;
+err:
+ free(buf);
+
+ /* Ignore other errors in crypt_backend */
+ if (r != -ENOMEM)
+ r = -EINVAL;
+
+ return r;
+}
/*
* Cipher performance check
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2021 Milan Broz
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/*
* Linux kernel cipher generic utilities
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2021 Milan Broz
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
bool wrapped_key;
};
-/* FIXME: Getting block size should be dynamic from cipher backend. */
static const struct cipher_alg cipher_algs[] = {
{ "cipher_null", NULL, 16, false },
{ "aes", NULL, 16, false },
0x2d02ef8dL
};
+static const uint32_t crc32c_tab[] = {
+ 0x00000000L, 0xF26B8303L, 0xE13B70F7L, 0x1350F3F4L, 0xC79A971FL,
+ 0x35F1141CL, 0x26A1E7E8L, 0xD4CA64EBL, 0x8AD958CFL, 0x78B2DBCCL,
+ 0x6BE22838L, 0x9989AB3BL, 0x4D43CFD0L, 0xBF284CD3L, 0xAC78BF27L,
+ 0x5E133C24L, 0x105EC76FL, 0xE235446CL, 0xF165B798L, 0x030E349BL,
+ 0xD7C45070L, 0x25AFD373L, 0x36FF2087L, 0xC494A384L, 0x9A879FA0L,
+ 0x68EC1CA3L, 0x7BBCEF57L, 0x89D76C54L, 0x5D1D08BFL, 0xAF768BBCL,
+ 0xBC267848L, 0x4E4DFB4BL, 0x20BD8EDEL, 0xD2D60DDDL, 0xC186FE29L,
+ 0x33ED7D2AL, 0xE72719C1L, 0x154C9AC2L, 0x061C6936L, 0xF477EA35L,
+ 0xAA64D611L, 0x580F5512L, 0x4B5FA6E6L, 0xB93425E5L, 0x6DFE410EL,
+ 0x9F95C20DL, 0x8CC531F9L, 0x7EAEB2FAL, 0x30E349B1L, 0xC288CAB2L,
+ 0xD1D83946L, 0x23B3BA45L, 0xF779DEAEL, 0x05125DADL, 0x1642AE59L,
+ 0xE4292D5AL, 0xBA3A117EL, 0x4851927DL, 0x5B016189L, 0xA96AE28AL,
+ 0x7DA08661L, 0x8FCB0562L, 0x9C9BF696L, 0x6EF07595L, 0x417B1DBCL,
+ 0xB3109EBFL, 0xA0406D4BL, 0x522BEE48L, 0x86E18AA3L, 0x748A09A0L,
+ 0x67DAFA54L, 0x95B17957L, 0xCBA24573L, 0x39C9C670L, 0x2A993584L,
+ 0xD8F2B687L, 0x0C38D26CL, 0xFE53516FL, 0xED03A29BL, 0x1F682198L,
+ 0x5125DAD3L, 0xA34E59D0L, 0xB01EAA24L, 0x42752927L, 0x96BF4DCCL,
+ 0x64D4CECFL, 0x77843D3BL, 0x85EFBE38L, 0xDBFC821CL, 0x2997011FL,
+ 0x3AC7F2EBL, 0xC8AC71E8L, 0x1C661503L, 0xEE0D9600L, 0xFD5D65F4L,
+ 0x0F36E6F7L, 0x61C69362L, 0x93AD1061L, 0x80FDE395L, 0x72966096L,
+ 0xA65C047DL, 0x5437877EL, 0x4767748AL, 0xB50CF789L, 0xEB1FCBADL,
+ 0x197448AEL, 0x0A24BB5AL, 0xF84F3859L, 0x2C855CB2L, 0xDEEEDFB1L,
+ 0xCDBE2C45L, 0x3FD5AF46L, 0x7198540DL, 0x83F3D70EL, 0x90A324FAL,
+ 0x62C8A7F9L, 0xB602C312L, 0x44694011L, 0x5739B3E5L, 0xA55230E6L,
+ 0xFB410CC2L, 0x092A8FC1L, 0x1A7A7C35L, 0xE811FF36L, 0x3CDB9BDDL,
+ 0xCEB018DEL, 0xDDE0EB2AL, 0x2F8B6829L, 0x82F63B78L, 0x709DB87BL,
+ 0x63CD4B8FL, 0x91A6C88CL, 0x456CAC67L, 0xB7072F64L, 0xA457DC90L,
+ 0x563C5F93L, 0x082F63B7L, 0xFA44E0B4L, 0xE9141340L, 0x1B7F9043L,
+ 0xCFB5F4A8L, 0x3DDE77ABL, 0x2E8E845FL, 0xDCE5075CL, 0x92A8FC17L,
+ 0x60C37F14L, 0x73938CE0L, 0x81F80FE3L, 0x55326B08L, 0xA759E80BL,
+ 0xB4091BFFL, 0x466298FCL, 0x1871A4D8L, 0xEA1A27DBL, 0xF94AD42FL,
+ 0x0B21572CL, 0xDFEB33C7L, 0x2D80B0C4L, 0x3ED04330L, 0xCCBBC033L,
+ 0xA24BB5A6L, 0x502036A5L, 0x4370C551L, 0xB11B4652L, 0x65D122B9L,
+ 0x97BAA1BAL, 0x84EA524EL, 0x7681D14DL, 0x2892ED69L, 0xDAF96E6AL,
+ 0xC9A99D9EL, 0x3BC21E9DL, 0xEF087A76L, 0x1D63F975L, 0x0E330A81L,
+ 0xFC588982L, 0xB21572C9L, 0x407EF1CAL, 0x532E023EL, 0xA145813DL,
+ 0x758FE5D6L, 0x87E466D5L, 0x94B49521L, 0x66DF1622L, 0x38CC2A06L,
+ 0xCAA7A905L, 0xD9F75AF1L, 0x2B9CD9F2L, 0xFF56BD19L, 0x0D3D3E1AL,
+ 0x1E6DCDEEL, 0xEC064EEDL, 0xC38D26C4L, 0x31E6A5C7L, 0x22B65633L,
+ 0xD0DDD530L, 0x0417B1DBL, 0xF67C32D8L, 0xE52CC12CL, 0x1747422FL,
+ 0x49547E0BL, 0xBB3FFD08L, 0xA86F0EFCL, 0x5A048DFFL, 0x8ECEE914L,
+ 0x7CA56A17L, 0x6FF599E3L, 0x9D9E1AE0L, 0xD3D3E1ABL, 0x21B862A8L,
+ 0x32E8915CL, 0xC083125FL, 0x144976B4L, 0xE622F5B7L, 0xF5720643L,
+ 0x07198540L, 0x590AB964L, 0xAB613A67L, 0xB831C993L, 0x4A5A4A90L,
+ 0x9E902E7BL, 0x6CFBAD78L, 0x7FAB5E8CL, 0x8DC0DD8FL, 0xE330A81AL,
+ 0x115B2B19L, 0x020BD8EDL, 0xF0605BEEL, 0x24AA3F05L, 0xD6C1BC06L,
+ 0xC5914FF2L, 0x37FACCF1L, 0x69E9F0D5L, 0x9B8273D6L, 0x88D28022L,
+ 0x7AB90321L, 0xAE7367CAL, 0x5C18E4C9L, 0x4F48173DL, 0xBD23943EL,
+ 0xF36E6F75L, 0x0105EC76L, 0x12551F82L, 0xE03E9C81L, 0x34F4F86AL,
+ 0xC69F7B69L, 0xD5CF889DL, 0x27A40B9EL, 0x79B737BAL, 0x8BDCB4B9L,
+ 0x988C474DL, 0x6AE7C44EL, 0xBE2DA0A5L, 0x4C4623A6L, 0x5F16D052L,
+ 0xAD7D5351L
+};
+
/*
* This a generic crc32() function, it takes seed as an argument,
* and does __not__ xor at the end. Then individual users can do
* whatever they need.
*/
-uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
+static uint32_t compute_crc32(
+ const uint32_t *crc32_tab,
+ uint32_t seed,
+ const unsigned char *buf,
+ size_t len)
{
uint32_t crc = seed;
const unsigned char *p = buf;
return crc;
}
+
+uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
+{
+ return compute_crc32(crc32_tab, seed, buf, len);
+}
+
+uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len)
+{
+ return compute_crc32(crc32c_tab, seed, buf, len);
+}
/*
* crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#ifndef _CRYPTO_BACKEND_H
#define _CRYPTO_BACKEND_H
+#include <assert.h>
#include <stdint.h>
#include <stdbool.h>
#include <stddef.h>
#include <string.h>
+#ifdef HAVE_UCHAR_H
+#include <uchar.h>
+#else
+#define char32_t uint32_t
+#define char16_t uint16_t
+#endif
struct crypt_hash;
struct crypt_hmac;
struct crypt_cipher;
struct crypt_storage;
-int crypt_backend_init(void);
+int crypt_backend_init(bool fips);
void crypt_backend_destroy(void);
-#define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */
+#define CRYPT_BACKEND_KERNEL (1 << 0) /* Crypto uses kernel part, for benchmark */
+#define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */
uint32_t crypt_backend_flags(void);
const char *crypt_backend_version(void);
/* PBKDF*/
struct crypt_pbkdf_limits {
uint32_t min_iterations, max_iterations;
- uint32_t min_memory, max_memory;
+ uint32_t min_memory, max_memory, min_bench_memory;
uint32_t min_parallel, max_parallel;
};
/* CRC32 */
uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
+uint32_t crypt_crc32c(uint32_t seed, const unsigned char *buf, size_t len);
+
+/* Base64 */
+int crypt_base64_encode(char **out, size_t *out_length, const char *in, size_t in_length);
+int crypt_base64_decode(char **out, size_t *out_length, const char *in, size_t in_length);
+
+/* UTF8/16 */
+int crypt_utf16_to_utf8(char **out, const char16_t *s, size_t length /* bytes! */);
+int crypt_utf8_to_utf16(char16_t **out, const char *s, size_t length);
/* Block ciphers */
int crypt_cipher_ivsize(const char *name, const char *mode);
#endif
}
+/* Memcmp helper (memcmp in constant time) */
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n);
+
+/* crypto backend running in FIPS mode */
+bool crypt_fips_mode(void);
+
#endif /* _CRYPTO_BACKEND_H */
/*
* crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "crypto_backend.h"
-#if USE_INTERNAL_PBKDF2
/* internal PBKDF2 implementation */
int pkcs5_pbkdf2(const char *hash,
const char *P, size_t Plen,
unsigned int c,
unsigned int dkLen, char *DK,
unsigned int hash_block_size);
-#endif
/* Argon2 implementation wrapper */
int argon2(const char *type, const char *password, size_t password_length,
const char *iv, size_t iv_length,
const char *tag, size_t tag_length);
+/* Internal implementation for constant time memory comparison */
+static inline int crypt_internal_memeq(const void *m1, const void *m2, size_t n)
+{
+ const unsigned char *_m1 = (const unsigned char *) m1;
+ const unsigned char *_m2 = (const unsigned char *) m2;
+ unsigned char result = 0;
+ size_t i;
+
+ for (i = 0; i < n; i++)
+ result |= _m1[i] ^ _m2[i];
+
+ return result;
+}
+
#endif /* _CRYPTO_BACKEND_INTERNAL_H */
/*
* Linux kernel userspace API crypto backend implementation (skcipher)
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
}
len = sendmsg(ctx->opfd, &msg, 0);
- if (len != (ssize_t)(in_length)) {
+ if (len != (ssize_t)(in_length))
r = -EIO;
- goto bad;
+ else {
+ len = read(ctx->opfd, out, out_length);
+ if (len != (ssize_t)out_length)
+ r = -EIO;
}
- len = read(ctx->opfd, out, out_length);
- if (len != (ssize_t)out_length)
- r = -EIO;
-bad:
crypt_backend_memzero(buffer, sizeof(buffer));
return r;
}
/*
* GCRYPT crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <string.h>
#include <stdio.h>
#include <errno.h>
-#include <assert.h>
#include <gcrypt.h>
#include "crypto_backend_internal.h"
crypto_backend_whirlpool_bug = 1;
}
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
{
int r;
return -ENOSYS;
}
-/* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
+/* If gcrypt compiled to support POSIX 1003.1e capabilities,
* it drops all privileges during secure memory initialisation.
* For now, the only workaround is to disable secure memory in gcrypt.
* cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
}
/* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips __attribute__((unused)))
{
switch(quality) {
case CRYPT_RND_NORMAL:
return -ENOTSUP;
#endif
}
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+ return crypt_internal_memeq(m1, m2, n);
+}
+
+#if !ENABLE_FIPS
+bool crypt_fips_mode(void) { return false; }
+#else
+bool crypt_fips_mode(void)
+{
+ static bool fips_mode = false, fips_checked = false;
+
+ if (fips_checked)
+ return fips_mode;
+
+ fips_mode = gcry_fips_mode_active();
+ fips_checked = true;
+
+ return fips_mode;
+}
+#endif /* ENABLE FIPS */
/*
* Linux kernel userspace API crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <linux/if_alg.h>
#include "crypto_backend_internal.h"
-/* FIXME: remove later */
#ifndef AF_ALG
#define AF_ALG 38
#endif
return 0;
}
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
{
struct utsname uts;
struct sockaddr_alg sa = {
}
/* RNG - N/A */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer __attribute__((unused)), size_t length __attribute__((unused)),
+ int quality __attribute__((unused)), int fips __attribute__((unused)))
{
return -EINVAL;
}
return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
}
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
{
return true;
}
return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
iv, iv_length, tag, tag_length);
}
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+ return crypt_internal_memeq(m1, m2, n);
+}
+
+bool crypt_fips_mode(void)
+{
+ return false;
+}
/*
* Nettle crypto backend implementation
*
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2021 Milan Broz
+ * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <nettle/sha3.h>
#include <nettle/hmac.h>
#include <nettle/pbkdf2.h>
+#include <nettle/memops.h>
#include "crypto_backend_internal.h"
#if HAVE_NETTLE_VERSION_H
return NULL;
}
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
{
return 0;
}
h->hash = _get_alg(name);
- if (!h->hash)
- goto bad;
+ if (!h->hash) {
+ free(h);
+ return -EINVAL;
+ }
h->key = malloc(key_length);
- if (!h->key)
- goto bad;
+ if (!h->key) {
+ free(h);
+ return -ENOMEM;
+ }
memcpy(h->key, key, key_length);
h->key_length = key_length;
*ctx = h;
return 0;
-bad:
- free(h);
- return -EINVAL;
}
static void crypt_hmac_restart(struct crypt_hmac *ctx)
}
/* RNG - N/A */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer __attribute__((unused)),
+ size_t length __attribute__((unused)),
+ int quality __attribute__((unused)),
+ int fips __attribute__((unused)))
{
return -EINVAL;
}
return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
}
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
{
return true;
}
return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
iv, iv_length, tag, tag_length);
}
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+ /* The logic is inverse to memcmp... */
+ return !memeql_sec(m1, m2, n);
+}
+
+bool crypt_fips_mode(void)
+{
+ return false;
+}
/*
* NSS crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
return NULL;
}
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips __attribute__((unused)))
{
int r;
h->hash = _get_alg(name);
if (!h->hash)
- goto bad;
+ goto err;
h->slot = PK11_GetInternalKeySlot();
if (!h->slot)
- goto bad;
+ goto err;
h->key = PK11_ImportSymKey(h->slot, h->hash->ck_type, PK11_OriginUnwrap,
CKA_SIGN, &keyItem, NULL);
if (!h->key)
- goto bad;
+ goto err;
h->md = PK11_CreateContextBySymKey(h->hash->ck_type, CKA_SIGN, h->key,
&noParams);
if (!h->md)
- goto bad;
+ goto err;
if (PK11_DigestBegin(h->md) != SECSuccess)
- goto bad;
+ goto err;
*ctx = h;
return 0;
-bad:
+err:
crypt_hmac_destroy(h);
return -EINVAL;
}
}
/* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length, int quality __attribute__((unused)), int fips)
{
if (fips)
return -EINVAL;
return crypt_cipher_decrypt_kernel(&ctx->ck, in, out, length, iv, iv_length);
}
-bool crypt_cipher_kernel_only(struct crypt_cipher *ctx)
+bool crypt_cipher_kernel_only(struct crypt_cipher *ctx __attribute__((unused)))
{
return true;
}
return crypt_bitlk_decrypt_key_kernel(key, key_length, in, out, length,
iv, iv_length, tag, tag_length);
}
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+ return NSS_SecureMemcmp(m1, m2, n);
+}
+
+bool crypt_fips_mode(void)
+{
+ return false;
+}
/*
* OPENSSL crypto backend implementation
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2021 Milan Broz
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <string.h>
#include <errno.h>
+#include <limits.h>
+#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include "crypto_backend_internal.h"
+#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/provider.h>
+#include <openssl/kdf.h>
+#include <openssl/core_names.h>
+static OSSL_PROVIDER *ossl_legacy = NULL;
+static OSSL_PROVIDER *ossl_default = NULL;
+static OSSL_LIB_CTX *ossl_ctx = NULL;
+static char backend_version[256] = "OpenSSL";
+#endif
#define CONST_CAST(x) (x)(uintptr_t)
};
struct crypt_hmac {
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MAC *mac;
+ EVP_MAC_CTX *md;
+ EVP_MAC_CTX *md_org;
+#else
HMAC_CTX *md;
const EVP_MD *hash_id;
+#endif
int hash_len;
};
struct {
EVP_CIPHER_CTX *hd_enc;
EVP_CIPHER_CTX *hd_dec;
+ const EVP_CIPHER *cipher_type;
size_t iv_length;
} lib;
} u;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
-static void openssl_backend_init(void)
+static int openssl_backend_init(bool fips __attribute__((unused)))
{
OpenSSL_add_all_algorithms();
+ return 0;
+}
+
+static void openssl_backend_exit(void)
+{
}
static const char *openssl_backend_version(void)
free(md);
}
#else
-static void openssl_backend_init(void)
+static void openssl_backend_exit(void)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ if (ossl_legacy)
+ OSSL_PROVIDER_unload(ossl_legacy);
+ if (ossl_default)
+ OSSL_PROVIDER_unload(ossl_default);
+ if (ossl_ctx)
+ OSSL_LIB_CTX_free(ossl_ctx);
+
+ ossl_legacy = NULL;
+ ossl_default = NULL;
+ ossl_ctx = NULL;
+#endif
+}
+
+static int openssl_backend_init(bool fips)
{
+/*
+ * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
+ */
+#if OPENSSL_VERSION_MAJOR >= 3
+ int r;
+
+ /*
+ * In FIPS mode we keep default OpenSSL context & global config
+ */
+ if (!fips) {
+ ossl_ctx = OSSL_LIB_CTX_new();
+ if (!ossl_ctx)
+ return -EINVAL;
+
+ ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0);
+ if (!ossl_default) {
+ OSSL_LIB_CTX_free(ossl_ctx);
+ return -EINVAL;
+ }
+
+ /* Optional */
+ ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
+ }
+
+ r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s",
+ OpenSSL_version(OPENSSL_VERSION),
+ ossl_default ? "[default]" : "",
+ ossl_legacy ? "[legacy]" : "",
+ fips ? "[fips]" : "");
+
+ if (r < 0 || (size_t)r >= sizeof(backend_version)) {
+ openssl_backend_exit();
+ return -EINVAL;
+ }
+#endif
+ return 0;
}
static const char *openssl_backend_version(void)
{
- return OpenSSL_version(OPENSSL_VERSION);
+#if OPENSSL_VERSION_MAJOR >= 3
+ return backend_version;
+#else
+ return OpenSSL_version(OPENSSL_VERSION);
+#endif
}
#endif
-int crypt_backend_init(void)
+int crypt_backend_init(bool fips)
{
if (crypto_backend_initialised)
return 0;
- openssl_backend_init();
+ if (openssl_backend_init(fips))
+ return -EINVAL;
crypto_backend_initialised = 1;
return 0;
void crypt_backend_destroy(void)
{
+ /*
+ * If Destructor was already called, we must not call it again
+ */
+ if (!crypto_backend_initialised)
+ return;
+
crypto_backend_initialised = 0;
+
+ openssl_backend_exit();
}
uint32_t crypt_backend_flags(void)
{
+#if OPENSSL_VERSION_MAJOR >= 3
return 0;
+#else
+ return CRYPT_BACKEND_PBKDF2_INT;
+#endif
}
const char *crypt_backend_version(void)
return hash_name;
}
+static const EVP_MD *hash_id_get(const char *name)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ return EVP_MD_fetch(ossl_ctx, crypt_hash_compat_name(name), NULL);
+#else
+ return EVP_get_digestbyname(crypt_hash_compat_name(name));
+#endif
+}
+
+static void hash_id_free(const EVP_MD *hash_id)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MD_free(CONST_CAST(EVP_MD*)hash_id);
+#endif
+}
+
+static const EVP_CIPHER *cipher_type_get(const char *name)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ return EVP_CIPHER_fetch(ossl_ctx, name, NULL);
+#else
+ return EVP_get_cipherbyname(name);
+#endif
+}
+
+static void cipher_type_free(const EVP_CIPHER *cipher_type)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type);
+#endif
+}
+
/* HASH */
int crypt_hash_size(const char *name)
{
+ int size;
const EVP_MD *hash_id;
- hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
+ hash_id = hash_id_get(name);
if (!hash_id)
return -EINVAL;
- return EVP_MD_size(hash_id);
+ size = EVP_MD_size(hash_id);
+ hash_id_free(hash_id);
+ return size;
}
int crypt_hash_init(struct crypt_hash **ctx, const char *name)
return -ENOMEM;
}
- h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
+ h->hash_id = hash_id_get(name);
if (!h->hash_id) {
EVP_MD_CTX_free(h->md);
free(h);
}
if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
+ hash_id_free(h->hash_id);
EVP_MD_CTX_free(h->md);
free(h);
return -EINVAL;
void crypt_hash_destroy(struct crypt_hash *ctx)
{
+ hash_id_free(ctx->hash_id);
EVP_MD_CTX_free(ctx->md);
memset(ctx, 0, sizeof(*ctx));
free(ctx);
const void *key, size_t key_length)
{
struct crypt_hmac *h;
+#if OPENSSL_VERSION_MAJOR >= 3
+ OSSL_PARAM params[] = {
+ OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, CONST_CAST(void*)name, 0),
+ OSSL_PARAM_END
+ };
+
+ h = malloc(sizeof(*h));
+ if (!h)
+ return -ENOMEM;
+
+ h->mac = EVP_MAC_fetch(ossl_ctx, OSSL_MAC_NAME_HMAC, NULL);
+ if (!h->mac) {
+ free(h);
+ return -EINVAL;
+ }
+
+ h->md = EVP_MAC_CTX_new(h->mac);
+ if (!h->md) {
+ EVP_MAC_free(h->mac);
+ free(h);
+ return -ENOMEM;
+ }
+
+ if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
+ EVP_MAC_CTX_free(h->md);
+ EVP_MAC_free(h->mac);
+ free(h);
+ return -EINVAL;
+ }
+ h->hash_len = EVP_MAC_CTX_get_mac_size(h->md);
+ h->md_org = EVP_MAC_CTX_dup(h->md);
+#else
h = malloc(sizeof(*h));
if (!h)
return -ENOMEM;
return -ENOMEM;
}
- h->hash_id = EVP_get_digestbyname(crypt_hash_compat_name(name));
+ h->hash_id = hash_id_get(name);
if (!h->hash_id) {
HMAC_CTX_free(h->md);
free(h);
HMAC_Init_ex(h->md, key, key_length, h->hash_id, NULL);
h->hash_len = EVP_MD_size(h->hash_id);
+#endif
*ctx = h;
return 0;
}
-static void crypt_hmac_restart(struct crypt_hmac *ctx)
+static int crypt_hmac_restart(struct crypt_hmac *ctx)
{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MAC_CTX_free(ctx->md);
+ ctx->md = EVP_MAC_CTX_dup(ctx->md_org);
+ if (!ctx->md)
+ return -EINVAL;
+#else
HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
+#endif
+ return 0;
}
int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
{
+#if OPENSSL_VERSION_MAJOR >= 3
+ return EVP_MAC_update(ctx->md, (const unsigned char *)buffer, length) == 1 ? 0 : -EINVAL;
+#else
HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
return 0;
+#endif
}
int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
{
unsigned char tmp[EVP_MAX_MD_SIZE];
+#if OPENSSL_VERSION_MAJOR >= 3
+ size_t tmp_len = 0;
+
+ if (length > (size_t)ctx->hash_len)
+ return -EINVAL;
+
+ if (EVP_MAC_final(ctx->md, tmp, &tmp_len, sizeof(tmp)) != 1)
+ return -EINVAL;
+#else
unsigned int tmp_len = 0;
if (length > (size_t)ctx->hash_len)
return -EINVAL;
HMAC_Final(ctx->md, tmp, &tmp_len);
-
+#endif
memcpy(buffer, tmp, length);
crypt_backend_memzero(tmp, sizeof(tmp));
if (tmp_len < length)
return -EINVAL;
- crypt_hmac_restart(ctx);
+ if (crypt_hmac_restart(ctx))
+ return -EINVAL;
return 0;
}
void crypt_hmac_destroy(struct crypt_hmac *ctx)
{
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_MAC_CTX_free(ctx->md);
+ EVP_MAC_CTX_free(ctx->md_org);
+ EVP_MAC_free(ctx->mac);
+#else
+ hash_id_free(ctx->hash_id);
HMAC_CTX_free(ctx->md);
+#endif
memset(ctx, 0, sizeof(*ctx));
free(ctx);
}
/* RNG */
-int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+int crypt_backend_rng(char *buffer, size_t length,
+ int quality __attribute__((unused)), int fips __attribute__((unused)))
{
if (RAND_bytes((unsigned char *)buffer, length) != 1)
return -EINVAL;
return 0;
}
+static int openssl_pbkdf2(const char *password, size_t password_length,
+ const char *salt, size_t salt_length, uint32_t iterations,
+ const char *hash, char *key, size_t key_length)
+{
+ int r;
+#if OPENSSL_VERSION_MAJOR >= 3
+ EVP_KDF_CTX *ctx;
+ EVP_KDF *pbkdf2;
+ OSSL_PARAM params[] = {
+ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_PASSWORD,
+ CONST_CAST(void*)password, password_length),
+ OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT,
+ CONST_CAST(void*)salt, salt_length),
+ OSSL_PARAM_uint32(OSSL_KDF_PARAM_ITER, &iterations),
+ OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST,
+ CONST_CAST(void*)hash, 0),
+ OSSL_PARAM_END
+ };
+
+ pbkdf2 = EVP_KDF_fetch(ossl_ctx, "pbkdf2", NULL);
+ if (!pbkdf2)
+ return -EINVAL;
+
+ ctx = EVP_KDF_CTX_new(pbkdf2);
+ if (!ctx) {
+ EVP_KDF_free(pbkdf2);
+ return -EINVAL;
+ }
+
+ r = EVP_KDF_derive(ctx, (unsigned char*)key, key_length, params);
+
+ EVP_KDF_CTX_free(ctx);
+ EVP_KDF_free(pbkdf2);
+#else
+ const EVP_MD *hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash));
+ if (!hash_id)
+ return -EINVAL;
+
+ /* OpenSSL2 has iteration as signed int, avoid overflow */
+ if (iterations > INT_MAX)
+ return -EINVAL;
+
+ r = PKCS5_PBKDF2_HMAC(password, (int)password_length, (const unsigned char *)salt,
+ (int)salt_length, iterations, hash_id, (int)key_length, (unsigned char*) key);
+#endif
+ return r == 1 ? 0 : -EINVAL;
+}
+
+static int openssl_argon2(const char *type, const char *password, size_t password_length,
+ const char *salt, size_t salt_length, char *key, size_t key_length,
+ uint32_t iterations, uint32_t memory, uint32_t parallel)
+{
+ return argon2(type, password, password_length, salt, salt_length,
+ key, key_length, iterations, memory, parallel);
+}
+
/* PBKDF */
int crypt_pbkdf(const char *kdf, const char *hash,
const char *password, size_t password_length,
const char *salt, size_t salt_length,
char *key, size_t key_length,
uint32_t iterations, uint32_t memory, uint32_t parallel)
-
{
- const EVP_MD *hash_id;
-
if (!kdf)
return -EINVAL;
- if (!strcmp(kdf, "pbkdf2")) {
- hash_id = EVP_get_digestbyname(crypt_hash_compat_name(hash));
- if (!hash_id)
- return -EINVAL;
-
- if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
- (const unsigned char *)salt, (int)salt_length,
- (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
- return -EINVAL;
- return 0;
- } else if (!strncmp(kdf, "argon2", 6)) {
- return argon2(kdf, password, password_length, salt, salt_length,
- key, key_length, iterations, memory, parallel);
- }
-
+ if (!strcmp(kdf, "pbkdf2"))
+ return openssl_pbkdf2(password, password_length, salt, salt_length,
+ iterations, hash, key, key_length);
+ if (!strncmp(kdf, "argon2", 6))
+ return openssl_argon2(kdf, password, password_length, salt, salt_length,
+ key, key_length, iterations, memory, parallel);
return -EINVAL;
}
/* Block ciphers */
-static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec)
+static void _cipher_destroy(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type)
{
EVP_CIPHER_CTX_free(*hd_enc);
*hd_enc = NULL;
EVP_CIPHER_CTX_free(*hd_dec);
*hd_dec = NULL;
+
+ cipher_type_free(*cipher_type);
+ *cipher_type = NULL;
}
-static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const char *name,
+static int _cipher_init(EVP_CIPHER_CTX **hd_enc, EVP_CIPHER_CTX **hd_dec, const EVP_CIPHER **cipher_type, const char *name,
const char *mode, const void *key, size_t key_length, size_t *iv_length)
{
char cipher_name[256];
if (r < 0 || (size_t)r >= sizeof(cipher_name))
return -EINVAL;
- type = EVP_get_cipherbyname(cipher_name);
+ type = cipher_type_get(cipher_name);
if (!type)
return -ENOENT;
- if (EVP_CIPHER_key_length(type) != (int)key_length)
+ if (EVP_CIPHER_key_length(type) != (int)key_length) {
+ cipher_type_free(type);
return -EINVAL;
+ }
*hd_enc = EVP_CIPHER_CTX_new();
*hd_dec = EVP_CIPHER_CTX_new();
*iv_length = EVP_CIPHER_iv_length(type);
- if (!*hd_enc || !*hd_dec)
+ if (!*hd_enc || !*hd_dec) {
+ cipher_type_free(type);
return -EINVAL;
+ }
if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 ||
EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) {
- _cipher_destroy(hd_enc, hd_dec);
+ _cipher_destroy(hd_enc, hd_dec, &type);
return -EINVAL;
}
if (EVP_CIPHER_CTX_set_padding(*hd_enc, 0) != 1 ||
EVP_CIPHER_CTX_set_padding(*hd_dec, 0) != 1) {
- _cipher_destroy(hd_enc, hd_dec);
+ _cipher_destroy(hd_enc, hd_dec, &type);
return -EINVAL;
}
+ *cipher_type = type;
+
return 0;
}
if (!h)
return -ENOMEM;
- if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, name, mode, key,
+ if (!_cipher_init(&h->u.lib.hd_enc, &h->u.lib.hd_dec, &h->u.lib.cipher_type, name, mode, key,
key_length, &h->u.lib.iv_length)) {
h->use_kernel = false;
*ctx = h;
if (ctx->use_kernel)
crypt_cipher_destroy_kernel(&ctx->u.kernel);
else
- _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec);
+ _cipher_destroy(&ctx->u.lib.hd_enc, &ctx->u.lib.hd_dec, &ctx->u.lib.cipher_type);
free(ctx);
}
return ctx->use_kernel;
}
-int crypt_bitlk_decrypt_key(const void *key, size_t key_length,
+int crypt_bitlk_decrypt_key(const void *key, size_t key_length __attribute__((unused)),
const char *in, char *out, size_t length,
const char *iv, size_t iv_length,
const char *tag, size_t tag_length)
if (EVP_DecryptInit_ex(ctx, EVP_aes_256_ccm(), NULL, NULL, NULL) != 1)
goto out;
- //EVP_CIPHER_CTX_key_length(ctx)
- //EVP_CIPHER_CTX_iv_length(ctx)
-
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, iv_length, NULL) != 1)
goto out;
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_length, CONST_CAST(void*)tag) != 1)
return -ENOTSUP;
#endif
}
+
+int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
+{
+ return CRYPTO_memcmp(m1, m2, n);
+}
+
+#if !ENABLE_FIPS
+bool crypt_fips_mode(void) { return false; }
+#else
+static bool openssl_fips_mode(void)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+ return EVP_default_properties_is_fips_enabled(NULL);
+#else
+ return FIPS_mode();
+#endif
+}
+
+bool crypt_fips_mode(void)
+{
+ static bool fips_mode = false, fips_checked = false;
+
+ if (fips_checked)
+ return fips_mode;
+
+ fips_mode = openssl_fips_mode();
+ fips_checked = true;
+
+ return fips_mode;
+}
+#endif /* ENABLE FIPS */
* Generic wrapper for storage encryption modes and Initial Vectors
* (reimplementation of some functions from Linux dm-crypt kernel)
*
- * Copyright (C) 2014-2021 Milan Broz
+ * Copyright (C) 2014-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <stdlib.h>
#include <errno.h>
+#include <strings.h>
#include "bitops.h"
#include "crypto_backend.h"
static int crypt_sector_iv_generate(struct crypt_sector_iv *ctx, uint64_t sector)
{
- uint64_t val;
+ uint64_t val, *u64_iv;
+ uint32_t *u32_iv;
switch (ctx->type) {
case IV_NONE:
break;
case IV_PLAIN:
memset(ctx->iv, 0, ctx->iv_size);
- *(uint32_t *)ctx->iv = cpu_to_le32(sector & 0xffffffff);
+ u32_iv = (void *)ctx->iv;
+ *u32_iv = cpu_to_le32(sector & 0xffffffff);
break;
case IV_PLAIN64:
memset(ctx->iv, 0, ctx->iv_size);
- *(uint64_t *)ctx->iv = cpu_to_le64(sector);
+ u64_iv = (void *)ctx->iv;
+ *u64_iv = cpu_to_le64(sector);
break;
case IV_PLAIN64BE:
memset(ctx->iv, 0, ctx->iv_size);
- *(uint64_t *)&ctx->iv[ctx->iv_size - sizeof(uint64_t)] = cpu_to_be64(sector);
+ /* iv_size is at least of size u64; usually it is 16 bytes */
+ u64_iv = (void *)&ctx->iv[ctx->iv_size - sizeof(uint64_t)];
+ *u64_iv = cpu_to_be64(sector);
break;
case IV_ESSIV:
memset(ctx->iv, 0, ctx->iv_size);
- *(uint64_t *)ctx->iv = cpu_to_le64(sector);
+ u64_iv = (void *)ctx->iv;
+ *u64_iv = cpu_to_le64(sector);
return crypt_cipher_encrypt(ctx->cipher,
ctx->iv, ctx->iv, ctx->iv_size, NULL, 0);
break;
break;
case IV_EBOIV:
memset(ctx->iv, 0, ctx->iv_size);
- *(uint64_t *)ctx->iv = cpu_to_le64(sector << ctx->shift);
+ u64_iv = (void *)ctx->iv;
+ *u64_iv = cpu_to_le64(sector << ctx->shift);
return crypt_cipher_encrypt(ctx->cipher,
ctx->iv, ctx->iv, ctx->iv_size, NULL, 0);
break;
* Copyright (C) 2004 Free Software Foundation
*
* cryptsetup related changes
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/*
* PBKDF performance check
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
* Copyright (C) 2016-2020 Ondrej Mosnacek
*
* This file is free software; you can redistribute it and/or
limits->min_iterations = 1000; /* recommendation in NIST SP 800-132 */
limits->max_iterations = UINT32_MAX;
limits->min_memory = 0; /* N/A */
+ limits->min_bench_memory=0; /* N/A */
limits->max_memory = 0; /* N/A */
limits->min_parallel = 0; /* N/A */
limits->max_parallel = 0; /* N/A */
} else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) {
limits->min_iterations = 4;
limits->max_iterations = UINT32_MAX;
- limits->min_memory = 32;
+ limits->min_memory = 32; /* hard limit */
+ limits->min_bench_memory=64*1024; /* 64 MiB minimum for benchmark */
limits->max_memory = 4*1024*1024; /* 4GiB */
limits->min_parallel = 1;
limits->max_parallel = 4;
count_kernel_time = 1;
/*
- * FIXME: if there is no self usage info, count system time.
+ * If there is no self usage info, count system time.
* This seem like getrusage() bug in some hypervisors...
*/
if (!end->ru_utime.tv_sec && !start->ru_utime.tv_sec &&
{
struct crypt_pbkdf_limits pbkdf_limits;
int r = -EINVAL;
+ uint32_t min_memory;
if (!kdf || !iterations_out || !memory_out)
return -EINVAL;
- /* FIXME: whole limits propagation should be more clear here */
r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits);
if (r < 0)
return r;
+ min_memory = pbkdf_limits.min_bench_memory;
+ if (min_memory > max_memory_kb)
+ min_memory = max_memory_kb;
+
*memory_out = 0;
*iterations_out = 0;
r = crypt_argon2_check(kdf, password, password_size,
salt, salt_size, volume_key_size,
pbkdf_limits.min_iterations,
- pbkdf_limits.min_memory,
+ min_memory,
max_memory_kb,
parallel_threads, time_ms, iterations_out,
memory_out, progress, usrptr);
--- /dev/null
+/*
+ * UTF8/16 helpers, copied and adapted from systemd project.
+ *
+ * Copyright (C) 2010 Lennart Poettering
+ *
+ * cryptsetup related changes
+ * Copyright (C) 2021-2023 Vojtech Trefny
+
+ * Parts of the original systemd implementation are based on the GLIB utf8
+ * validation functions.
+ * gutf8.c - Operations on UTF-8 strings.
+ *
+ * Copyright (C) 1999 Tom Tromey
+ * Copyright (C) 2000 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <errno.h>
+#include <endian.h>
+
+#include "crypto_backend.h"
+
+static inline bool utf16_is_surrogate(char16_t c)
+{
+ return c >= 0xd800U && c <= 0xdfffU;
+}
+
+static inline bool utf16_is_trailing_surrogate(char16_t c)
+{
+ return c >= 0xdc00U && c <= 0xdfffU;
+}
+
+static inline char32_t utf16_surrogate_pair_to_unichar(char16_t lead, char16_t trail)
+{
+ return ((((char32_t) lead - 0xd800U) << 10) + ((char32_t) trail - 0xdc00U) + 0x10000U);
+}
+
+/**
+ * utf8_encode_unichar() - Encode single UCS-4 character as UTF-8
+ * @out_utf8: output buffer of at least 4 bytes or NULL
+ * @g: UCS-4 character to encode
+ *
+ * This encodes a single UCS-4 character as UTF-8 and writes it into @out_utf8.
+ * The length of the character is returned. It is not zero-terminated! If the
+ * output buffer is NULL, only the length is returned.
+ *
+ * Returns: The length in bytes that the UTF-8 representation does or would
+ * occupy.
+ */
+static size_t utf8_encode_unichar(char *out_utf8, char32_t g)
+{
+ if (g < (1 << 7)) {
+ if (out_utf8)
+ out_utf8[0] = g & 0x7f;
+ return 1;
+ } else if (g < (1 << 11)) {
+ if (out_utf8) {
+ out_utf8[0] = 0xc0 | ((g >> 6) & 0x1f);
+ out_utf8[1] = 0x80 | (g & 0x3f);
+ }
+ return 2;
+ } else if (g < (1 << 16)) {
+ if (out_utf8) {
+ out_utf8[0] = 0xe0 | ((g >> 12) & 0x0f);
+ out_utf8[1] = 0x80 | ((g >> 6) & 0x3f);
+ out_utf8[2] = 0x80 | (g & 0x3f);
+ }
+ return 3;
+ } else if (g < (1 << 21)) {
+ if (out_utf8) {
+ out_utf8[0] = 0xf0 | ((g >> 18) & 0x07);
+ out_utf8[1] = 0x80 | ((g >> 12) & 0x3f);
+ out_utf8[2] = 0x80 | ((g >> 6) & 0x3f);
+ out_utf8[3] = 0x80 | (g & 0x3f);
+ }
+ return 4;
+ }
+
+ return 0;
+}
+
+/**
+ * crypt_utf16_to_utf8()
+ * @out: output buffer, should be 2 * @length + 1 long
+ * @s: string to convert
+ * @length: length of @s in bytes
+ *
+ * Converts a UTF16LE encoded string to a UTF8 encoded string.
+ *
+ * Returns: 0 on success, negative errno otherwise
+ */
+int crypt_utf16_to_utf8(char **out, const char16_t *s, size_t length /* bytes! */)
+{
+ const uint8_t *f;
+ char *t;
+
+ assert(s);
+ assert(out);
+ assert(*out);
+
+ /* Input length is in bytes, i.e. the shortest possible character takes 2 bytes. Each unicode character may
+ * take up to 4 bytes in UTF-8. Let's also account for a trailing NUL byte. */
+ if (length * 2 < length)
+ return -EOVERFLOW; /* overflow */
+
+ f = (const uint8_t*) s;
+ t = *out;
+
+ while (f + 1 < (const uint8_t*) s + length) {
+ char16_t w1, w2;
+
+ /* see RFC 2781 section 2.2 */
+
+ w1 = f[1] << 8 | f[0];
+ f += 2;
+
+ if (!utf16_is_surrogate(w1)) {
+ t += utf8_encode_unichar(t, w1);
+ continue;
+ }
+
+ if (utf16_is_trailing_surrogate(w1))
+ continue; /* spurious trailing surrogate, ignore */
+
+ if (f + 1 >= (const uint8_t*) s + length)
+ break;
+
+ w2 = f[1] << 8 | f[0];
+ f += 2;
+
+ if (!utf16_is_trailing_surrogate(w2)) {
+ f -= 2;
+ continue; /* surrogate missing its trailing surrogate, ignore */
+ }
+
+ t += utf8_encode_unichar(t, utf16_surrogate_pair_to_unichar(w1, w2));
+ }
+
+ *t = 0;
+ return 0;
+}
+
+/* count of characters used to encode one unicode char */
+static size_t utf8_encoded_expected_len(uint8_t c)
+{
+ if (c < 0x80)
+ return 1;
+ if ((c & 0xe0) == 0xc0)
+ return 2;
+ if ((c & 0xf0) == 0xe0)
+ return 3;
+ if ((c & 0xf8) == 0xf0)
+ return 4;
+ if ((c & 0xfc) == 0xf8)
+ return 5;
+ if ((c & 0xfe) == 0xfc)
+ return 6;
+
+ return 0;
+}
+
+/* decode one unicode char */
+static int utf8_encoded_to_unichar(const char *str, char32_t *ret_unichar)
+{
+ char32_t unichar;
+ size_t len, i;
+
+ assert(str);
+
+ len = utf8_encoded_expected_len(str[0]);
+
+ switch (len) {
+ case 1:
+ *ret_unichar = (char32_t)str[0];
+ return 0;
+ case 2:
+ unichar = str[0] & 0x1f;
+ break;
+ case 3:
+ unichar = (char32_t)str[0] & 0x0f;
+ break;
+ case 4:
+ unichar = (char32_t)str[0] & 0x07;
+ break;
+ case 5:
+ unichar = (char32_t)str[0] & 0x03;
+ break;
+ case 6:
+ unichar = (char32_t)str[0] & 0x01;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ for (i = 1; i < len; i++) {
+ if (((char32_t)str[i] & 0xc0) != 0x80)
+ return -EINVAL;
+
+ unichar <<= 6;
+ unichar |= (char32_t)str[i] & 0x3f;
+ }
+
+ *ret_unichar = unichar;
+
+ return 0;
+}
+
+static size_t utf16_encode_unichar(char16_t *out, char32_t c)
+{
+ /* Note that this encodes as little-endian. */
+
+ switch (c) {
+
+ case 0 ... 0xd7ffU:
+ case 0xe000U ... 0xffffU:
+ out[0] = htole16(c);
+ return 1;
+
+ case 0x10000U ... 0x10ffffU:
+ c -= 0x10000U;
+ out[0] = htole16((c >> 10) + 0xd800U);
+ out[1] = htole16((c & 0x3ffU) + 0xdc00U);
+ return 2;
+
+ default: /* A surrogate (invalid) */
+ return 0;
+ }
+}
+
+/**
+ * crypt_utf8_to_utf16()
+ * @out: output buffer, should be @length + 1 long
+ * @s: string to convert
+ * @length: length of @s in bytes
+ *
+ * Converts a UTF8 encoded string to a UTF16LE encoded string.
+ *
+ * Returns: 0 on success, negative errno otherwise
+ */
+int crypt_utf8_to_utf16(char16_t **out, const char *s, size_t length)
+{
+ char16_t *p;
+ size_t i;
+ int r;
+
+ assert(s);
+
+ p = *out;
+
+ for (i = 0; i < length;) {
+ char32_t unichar;
+ size_t e;
+
+ e = utf8_encoded_expected_len(s[i]);
+ if (e <= 1) /* Invalid and single byte characters are copied as they are */
+ goto copy;
+
+ if (i + e > length) /* sequence longer than input buffer, then copy as-is */
+ goto copy;
+
+ r = utf8_encoded_to_unichar(s + i, &unichar);
+ if (r < 0) /* sequence invalid, then copy as-is */
+ goto copy;
+
+ p += utf16_encode_unichar(p, unichar);
+ i += e;
+ continue;
+
+ copy:
+ *(p++) = htole16(s[i++]);
+ }
+
+ *p = 0;
+ return 0;
+}
--- /dev/null
+/*
+ * FVAULT2 (FileVault2-compatible) volume handling
+ *
+ * Copyright (C) 2021-2022 Pavel Tobias
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <regex.h>
+#include <stdio.h>
+#include <uuid/uuid.h>
+
+#include "internal.h"
+#include "fvault2.h"
+
+/* Core Storage signature/magic; "CS" big-endian */
+#define FVAULT2_CORE_STORAGE_MAGIC 0x4353
+
+/* size of the physical volume header in bytes */
+#define FVAULT2_VOL_HEADER_SIZE 512
+
+/* size of a single metadata block in bytes */
+#define FVAULT2_MD_BLOCK_SIZE 8192
+
+/* maximal offset to read metadata block */
+#define FVAULT2_MAX_OFF 1024*1024*1024
+
+/* encrypted metadata parsing progress flags (see _read_encrypted_metadata) */
+#define FVAULT2_ENC_MD_PARSED_0x0019 0b001
+#define FVAULT2_ENC_MD_PARSED_0x001A 0b010
+#define FVAULT2_ENC_MD_PARSED_0x0305 0b100
+#define FVAULT2_ENC_MD_PARSED_NONE 0b000
+#define FVAULT2_ENC_MD_PARSED_ALL 0b111
+
+/* sizes of decoded PassphraseWrappedKEKStruct and KEKWrappedVolumeKeyStruct */
+#define FVAULT2_PWK_SIZE 284
+#define FVAULT2_KWVK_SIZE 256
+
+/* size of an AES-128 key */
+#define FVAULT2_AES_KEY_SIZE 16
+
+/* size of the volume key and the encrypted metadata decryption key */
+#define FVAULT2_XTS_KEY_SIZE (FVAULT2_AES_KEY_SIZE * 2)
+
+/* size of an XTS tweak value */
+#define FVAULT2_XTS_TWEAK_SIZE 16
+
+/* size of a binary representation of a UUID */
+#define FVAULT2_UUID_BIN_SIZE 16
+
+struct crc32_checksum {
+ uint32_t value;
+ uint32_t seed;
+} __attribute__((packed));
+
+struct volume_header {
+ struct crc32_checksum checksum;
+ uint16_t version;
+ uint16_t block_type;
+ uint8_t unknown1[52];
+ uint64_t ph_vol_size;
+ uint8_t unknown2[16];
+ uint16_t magic;
+ uint32_t checksum_algo;
+ uint8_t unknown3[2];
+ uint32_t block_size;
+ uint32_t metadata_size;
+ uint64_t disklbl_blkoff;
+ uint64_t other_md_blkoffs[3];
+ uint8_t unknown4[32];
+ uint32_t key_data_size;
+ uint32_t cipher;
+ uint8_t key_data[FVAULT2_AES_KEY_SIZE];
+ uint8_t unknown5[112];
+ uint8_t ph_vol_uuid[FVAULT2_UUID_BIN_SIZE];
+ uint8_t unknown6[192];
+} __attribute__((packed));
+
+struct volume_groups_descriptor {
+ uint8_t unknown1[8];
+ uint64_t enc_md_blocks_n;
+ uint8_t unknown2[16];
+ uint64_t enc_md_blkoff;
+} __attribute__((packed));
+
+struct metadata_block_header {
+ struct crc32_checksum checksum;
+ uint16_t version;
+ uint16_t block_type;
+ uint8_t unknown1[20];
+ uint64_t block_num;
+ uint8_t unknown2[8];
+ uint32_t block_size;
+ uint8_t unknown3[12];
+} __attribute__((packed));
+
+struct metadata_block_0x0011 {
+ struct metadata_block_header header;
+ uint32_t md_size;
+ uint8_t unknown1[4];
+ struct crc32_checksum checksum;
+ uint8_t unknown2[140];
+ uint32_t vol_gr_des_off;
+} __attribute__((packed));
+
+struct metadata_block_0x0019 {
+ struct metadata_block_header header;
+ uint8_t unknown1[40];
+ uint32_t xml_comp_size;
+ uint32_t xml_uncomp_size;
+ uint32_t xml_off;
+ uint32_t xml_size;
+} __attribute__((packed));
+
+struct metadata_block_0x001a {
+ struct metadata_block_header header;
+ uint8_t unknown1[64];
+ uint32_t xml_off;
+ uint32_t xml_size;
+} __attribute__((packed));
+
+struct metadata_block_0x0305 {
+ struct metadata_block_header header;
+ uint32_t entries_n;
+ uint8_t unknown1[36];
+ uint32_t log_vol_blkoff;
+} __attribute__((packed));
+
+struct passphrase_wrapped_kek {
+ uint32_t pbkdf2_salt_type;
+ uint32_t pbkdf2_salt_size;
+ uint8_t pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE];
+ uint32_t wrapped_kek_type;
+ uint32_t wrapped_kek_size;
+ uint8_t wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE];
+ uint8_t unknown1[112];
+ uint32_t pbkdf2_iters;
+} __attribute__((packed));
+
+struct kek_wrapped_volume_key {
+ uint32_t wrapped_vk_type;
+ uint32_t wrapped_vk_size;
+ uint8_t wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE];
+} __attribute__((packed));
+
+/**
+ * Test whether all bytes of a chunk of memory are equal to a constant value.
+ * @param[in] value the value all bytes should be equal to
+ * @param[in] data the tested chunk of memory
+ * @param[in] data_size byte-size of the chunk of memory
+ */
+static bool _filled_with(
+ uint8_t value,
+ const void *data,
+ size_t data_size)
+{
+ const uint8_t *data_bytes = data;
+ size_t i;
+
+ for (i = 0; i < data_size; i++)
+ if (data_bytes[i] != value)
+ return false;
+
+ return true;
+}
+
+/**
+ * Assert the validity of the CRC checksum of a chunk of memory.
+ * @param[in] data a chunk of memory starting with a crc32_checksum struct
+ * @param[in] data_size the size of the chunk of memory in bytes
+ */
+static int _check_crc(
+ const void *data,
+ size_t data_size)
+{
+ const size_t crc_size = sizeof(struct crc32_checksum);
+ uint32_t seed;
+ uint32_t value;
+
+ assert(data_size >= crc_size);
+
+ value = le32_to_cpu(((const struct crc32_checksum *)data)->value);
+ seed = le32_to_cpu(((const struct crc32_checksum *)data)->seed);
+ if (seed != 0xffffffff)
+ return -EINVAL;
+
+ if (crypt_crc32c(seed, (const uint8_t *)data + crc_size,
+ data_size - crc_size) != value)
+ return -EINVAL;
+
+ return 0;
+}
+
+/**
+ * Unwrap an AES-wrapped key.
+ * @param[in] kek the KEK with which the key has been wrapped
+ * @param[in] kek_size the size of the KEK in bytes
+ * @param[in] key_wrapped the wrapped key
+ * @param[in] key_wrapped_size the size of the wrapped key in bytes
+ * @param[out] key_buf key an output buffer for the unwrapped key
+ * @param[in] key_buf_size the size of the output buffer in bytes
+ */
+static int _unwrap_key(
+ const void *kek,
+ size_t kek_size,
+ const void *key_wrapped,
+ size_t key_wrapped_size,
+ void *key_buf,
+ size_t key_buf_size)
+{
+ /* Algorithm and notation taken from NIST Special Publication 800-38F:
+ https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
+
+ This implementation supports only 128-bit KEKs and wrapped keys. */
+
+ int r = 0;
+ struct crypt_cipher *cipher = NULL;
+ void *cipher_in = NULL;
+ void *cipher_out = NULL;
+ uint64_t a;
+ uint64_t r2;
+ uint64_t r3;
+ uint64_t t;
+ uint64_t r2_prev;
+
+ assert(kek_size == 16 && key_wrapped_size == 24 && key_buf_size == 16);
+
+ r = crypt_cipher_init(&cipher, "aes", "ecb", kek, kek_size);
+ if (r < 0)
+ goto out;
+
+ cipher_in = malloc(16);
+ if (cipher_in == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ cipher_out = malloc(16);
+ if (cipher_out == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ /* CHAPTER 6.1, ALGORITHM 2: W^-1(C) */
+
+ /* initialize variables */
+ a = ((const uint64_t *)key_wrapped)[0]; /* A = C_1 (see step 1c) */
+ r2 = ((const uint64_t *)key_wrapped)[1]; /* R_1 = C_2 (see step 1d) */
+ r3 = ((const uint64_t *)key_wrapped)[2]; /* R_2 = C_3 (see step 1d) */
+
+ /* calculate intermediate values for each t = s, ..., 1 (see step 2),
+ where s = 6 * (n - 1) (see step 1a) */
+ for (t = 6 * (3 - 1); t > 0; t--) {
+ /* store current R2 for later assignment (see step 2c) */
+ r2_prev = r2;
+
+ /* prepare input for CIPH^{-1}_K (see steps 2a, 2b) */
+ ((uint64_t *)cipher_in)[0] = a ^ cpu_to_be64(t);
+ ((uint64_t *)cipher_in)[1] = r3;
+
+ /* A||R2 = CIPH^{-1}_K(...) (see steps 2a, 2b) */
+ r = crypt_cipher_decrypt(cipher, cipher_in, cipher_out, 16, NULL, 0);
+ if (r < 0)
+ goto out;
+ a = ((uint64_t *)cipher_out)[0];
+ r2 = ((uint64_t *)cipher_out)[1];
+
+ /* assign previous R2 (see step 2c) */
+ r3 = r2_prev;
+ }
+
+ /* note that A||R_1||R_2 holds the result S (see step 3) */
+
+ /* CHAPTER 6.2, ALGORITHM 4: KW-AD(C) */
+
+ /* check whether MSB_{64}(S) (= A) matches ICV1 (see step 3) */
+ if (a != 0xA6A6A6A6A6A6A6A6) {
+ r = -EPERM;
+ goto out;
+ }
+
+ /* return LSB_{128}(S) (= R_1||R_2) (see step 4) */
+ ((uint64_t *)key_buf)[0] = r2;
+ ((uint64_t *)key_buf)[1] = r3;
+out:
+ free(cipher_in);
+ free(cipher_out);
+ if (cipher != NULL)
+ crypt_cipher_destroy(cipher);
+ return r;
+}
+
+/**
+ * Search XML plist data for a property and return its value.
+ * @param[in] xml a 0-terminated string containing the XML plist data
+ * @param[in] prop_key a 0-terminated string with the seeked property's key
+ * @param[in] prop_type a 0-terminated string with the seeked property's type
+ * @param[out] value a 0-terminated string with the found property's value
+ */
+static int _search_xml(
+ const char *xml,
+ const char *prop_key,
+ const char *prop_type,
+ char **value)
+{
+ int r = 0;
+ char *pattern = NULL;
+ bool regex_ready = false;
+ regex_t regex;
+ regmatch_t match[2];
+ const char *value_start;
+ size_t value_len;
+
+ if (asprintf(&pattern, "<key>%s</key><%s[^>]*>([^<]+)</%s>",
+ prop_key, prop_type, prop_type) < 0) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ if (regcomp(®ex, pattern, REG_EXTENDED) != 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ regex_ready = true;
+
+ if (regexec(®ex, xml, 2, match, 0) != 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ value_start = xml + match[1].rm_so;
+ value_len = match[1].rm_eo - match[1].rm_so;
+
+ *value = calloc(value_len + 1, 1);
+ if (*value == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ memcpy(*value, value_start, value_len);
+out:
+ free(pattern);
+ if (regex_ready)
+ regfree(®ex);
+ return r;
+}
+
+/**
+ * Extract relevant info from a metadata block of type 0x0019.
+ * @param[in] md_block the pre-read and decrypted metadata block
+ * @param[out] pbkdf2_iters number of PBKDF2 iterations
+ * @param[out] pbkdf2_salt PBKDF2 salt (intermt. key derivation from passphrase)
+ * @param[out] wrapped_kek KEK AES-wrapped with passphrase-derived key
+ * @param[out] wrapped_vk volume key AES-wrapped with KEK
+ */
+static int _parse_metadata_block_0x0019(
+ const struct metadata_block_0x0019 *md_block,
+ uint32_t *pbkdf2_iters,
+ uint8_t *pbkdf2_salt,
+ uint8_t *wrapped_kek,
+ uint8_t *wrapped_vk)
+{
+ int r = 0;
+ char *xml = NULL;
+ char *pwk_base64 = NULL;
+ char *kwvk_base64 = NULL;
+ struct passphrase_wrapped_kek *pwk = NULL;
+ struct kek_wrapped_volume_key *kwvk = NULL;
+ size_t decoded_size;
+ uint32_t xml_off = le32_to_cpu(md_block->xml_off);
+ uint32_t xml_size = le32_to_cpu(md_block->xml_size);
+
+ if (xml_off + xml_size > FVAULT2_MD_BLOCK_SIZE)
+ return -EINVAL;
+
+ xml = strndup((const char *)md_block + xml_off, xml_size);
+ if (xml == NULL)
+ return -ENOMEM;
+
+ r = _search_xml(xml, "PassphraseWrappedKEKStruct", "data", &pwk_base64);
+ if (r < 0)
+ goto out;
+ r = crypt_base64_decode((char **)&pwk, &decoded_size, pwk_base64, strlen(pwk_base64));
+ if (r < 0)
+ goto out;
+ if (decoded_size != FVAULT2_PWK_SIZE) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = _search_xml(xml, "KEKWrappedVolumeKeyStruct", "data", &kwvk_base64);
+ if (r < 0)
+ goto out;
+ r = crypt_base64_decode((char **)&kwvk, &decoded_size, kwvk_base64, strlen(kwvk_base64));
+ if (r < 0)
+ goto out;
+ if (decoded_size != FVAULT2_KWVK_SIZE) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ *pbkdf2_iters = le32_to_cpu(pwk->pbkdf2_iters);
+ memcpy(pbkdf2_salt, pwk->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE);
+ memcpy(wrapped_kek, pwk->wrapped_kek, FVAULT2_WRAPPED_KEY_SIZE);
+ memcpy(wrapped_vk, kwvk->wrapped_vk, FVAULT2_WRAPPED_KEY_SIZE);
+out:
+ free(xml);
+ free(pwk_base64);
+ free(kwvk_base64);
+ free(pwk);
+ free(kwvk);
+ return r;
+}
+
+/**
+ * Validate a UUID string and reformat it to match system defaults.
+ * @param[in] uuid_in the original UUID string
+ * @param[out] uuid_out the reformatted UUID string
+ */
+static int _reformat_uuid(
+ const char *uuid_in,
+ char *uuid_out)
+{
+ uint8_t uuid_bin[FVAULT2_UUID_LEN];
+ int r;
+
+ r = uuid_parse(uuid_in, uuid_bin);
+ if (r < 0)
+ return -EINVAL;
+
+ uuid_unparse(uuid_bin, uuid_out);
+ return 0;
+}
+
+/**
+ * Extract relevant info from a metadata block of type 0x001A.
+ * @param[in] md_block the pre-read and decrypted metadata block
+ * @param[out] log_vol_size encrypted logical volume size in bytes
+ * @param[out] family_uuid logical volume family UUID
+ */
+static int _parse_metadata_block_0x001a(
+ const struct metadata_block_0x001a *md_block,
+ uint64_t *log_vol_size,
+ char *family_uuid)
+{
+ int r = 0;
+ char *xml = NULL;
+ char *log_vol_size_str = NULL;
+ char *family_uuid_str = NULL;
+ uint32_t xml_off = le32_to_cpu(md_block->xml_off);
+ uint32_t xml_size = le32_to_cpu(md_block->xml_size);
+
+ if (xml_off + xml_size > FVAULT2_MD_BLOCK_SIZE)
+ return -EINVAL;
+
+ xml = strndup((const char *)md_block + xml_off, xml_size);
+ if (xml == NULL)
+ return -ENOMEM;
+
+ r = _search_xml(xml, "com.apple.corestorage.lv.size", "integer", &log_vol_size_str);
+ if (r < 0)
+ goto out;
+ *log_vol_size = strtoull(log_vol_size_str, NULL, 16);
+ if (*log_vol_size == 0 || *log_vol_size == ULLONG_MAX) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = _search_xml(xml, "com.apple.corestorage.lv.familyUUID", "string", &family_uuid_str);
+ if (r < 0)
+ goto out;
+ r = _reformat_uuid(family_uuid_str, family_uuid);
+ if (r < 0)
+ goto out;
+out:
+ free(xml);
+ free(log_vol_size_str);
+ free(family_uuid_str);
+ return r;
+}
+
+/**
+ * Extract relevant info from a metadata block of type 0x0305.
+ * @param[in] md_block the pre-read and decrypted metadata block
+ * @param[out] log_vol_blkoff block-offset of the encrypted logical volume
+ */
+static int _parse_metadata_block_0x0305(
+ const struct metadata_block_0x0305 *md_block,
+ uint32_t *log_vol_blkoff)
+{
+ *log_vol_blkoff = le32_to_cpu(md_block->log_vol_blkoff);
+ return 0;
+}
+
+/**
+ * Extract relevant info from the physical volume header.
+ * @param[in] devfd opened device file descriptor
+ * @param[in] cd crypt_device passed into FVAULT2_read_metadata
+ * @param[out] block_size used to compute byte-offsets from block-offsets
+ * @param[out] disklbl_blkoff block-offset of the disk label block
+ * @param[out] ph_vol_uuid physical volume UUID
+ * @param[out] enc_md_key AES-XTS key used to decrypt the encrypted metadata
+ */
+static int _read_volume_header(
+ int devfd,
+ struct crypt_device *cd,
+ uint64_t *block_size,
+ uint64_t *disklbl_blkoff,
+ char *ph_vol_uuid,
+ struct volume_key **enc_md_key)
+{
+ int r = 0;
+ struct device *dev = crypt_metadata_device(cd);
+ struct volume_header *vol_header = NULL;
+
+ assert(sizeof(*vol_header) == FVAULT2_VOL_HEADER_SIZE);
+
+ vol_header = malloc(FVAULT2_VOL_HEADER_SIZE);
+ if (vol_header == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ log_dbg(cd, "Reading FVAULT2 volume header of size %u bytes.", FVAULT2_VOL_HEADER_SIZE);
+ if (read_blockwise(devfd, device_block_size(cd, dev),
+ device_alignment(dev), vol_header,
+ FVAULT2_VOL_HEADER_SIZE) != FVAULT2_VOL_HEADER_SIZE) {
+ log_err(cd, _("Could not read %u bytes of volume header."), FVAULT2_VOL_HEADER_SIZE);
+ r = -EIO;
+ goto out;
+ }
+
+ r = _check_crc(vol_header, FVAULT2_VOL_HEADER_SIZE);
+ if (r < 0) {
+ log_dbg(cd, "CRC mismatch.");
+ goto out;
+ }
+
+ if (le16_to_cpu(vol_header->version) != 1) {
+ log_err(cd, _("Unsupported FVAULT2 version %" PRIu16 "."),
+ le16_to_cpu(vol_header->version));
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (be16_to_cpu(vol_header->magic) != FVAULT2_CORE_STORAGE_MAGIC) {
+ log_dbg(cd, "Invalid Core Storage magic bytes.");
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (le32_to_cpu(vol_header->key_data_size) != FVAULT2_AES_KEY_SIZE) {
+ log_dbg(cd, "Unsupported AES key size: %" PRIu32 " bytes.",
+ le32_to_cpu(vol_header->key_data_size));
+ r = -EINVAL;
+ goto out;
+ }
+
+ *enc_md_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, NULL);
+ if (*enc_md_key == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ *block_size = le32_to_cpu(vol_header->block_size);
+ *disklbl_blkoff = le64_to_cpu(vol_header->disklbl_blkoff);
+ uuid_unparse(vol_header->ph_vol_uuid, ph_vol_uuid);
+ memcpy((*enc_md_key)->key, vol_header->key_data, FVAULT2_AES_KEY_SIZE);
+ memcpy((*enc_md_key)->key + FVAULT2_AES_KEY_SIZE,
+ vol_header->ph_vol_uuid, FVAULT2_AES_KEY_SIZE);
+out:
+ free(vol_header);
+ return r;
+}
+
+/**
+ * Extract info from the disk label block and the volume groups descriptor.
+ * @param[in] devfd opened device file descriptor
+ * @param[in] cd crypt_device passed into FVAULT2_read_metadata
+ * @param[in] block_size used to compute byte-offsets from block-offsets
+ * @param[in] disklbl_blkoff block-offset of the disk label block
+ * @param[out] enc_md_blkoff block-offset of the encrypted metadata
+ * @param[out] enc_md_blocks_n total count of encrypted metadata blocks
+ */
+static int _read_disklabel(
+ int devfd,
+ struct crypt_device *cd,
+ uint64_t block_size,
+ uint64_t disklbl_blkoff,
+ uint64_t *enc_md_blkoff,
+ uint64_t *enc_md_blocks_n)
+{
+ int r = 0;
+ uint64_t off;
+ ssize_t size;
+ void *md_block = NULL;
+ struct metadata_block_0x0011 *md_block_11;
+ struct volume_groups_descriptor *vol_gr_des = NULL;
+ struct device *dev = crypt_metadata_device(cd);
+
+ md_block = malloc(FVAULT2_MD_BLOCK_SIZE);
+ if (md_block == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ if (uint64_mult_overflow(&off, disklbl_blkoff, block_size) ||
+ off > FVAULT2_MAX_OFF) {
+ log_dbg(cd, "Device offset overflow.");
+ r = -EINVAL;
+ goto out;
+ }
+ size = FVAULT2_MD_BLOCK_SIZE;
+ log_dbg(cd, "Reading FVAULT2 disk label header of size %zu bytes.", size);
+ if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
+ device_alignment(dev), md_block, size, off) != size) {
+ r = -EIO;
+ goto out;
+ }
+
+ r = _check_crc(md_block, FVAULT2_MD_BLOCK_SIZE);
+ if (r < 0) {
+ log_dbg(cd, "CRC mismatch.");
+ goto out;
+ }
+
+ vol_gr_des = malloc(sizeof(*vol_gr_des));
+ if (vol_gr_des == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ md_block_11 = md_block;
+ off += le32_to_cpu(md_block_11->vol_gr_des_off);
+ if (off > FVAULT2_MAX_OFF) {
+ log_dbg(cd, "Device offset overflow.");
+ r = -EINVAL;
+ goto out;
+ }
+ size = sizeof(struct volume_groups_descriptor);
+ log_dbg(cd, "Reading FVAULT2 volume groups descriptor of size %zu bytes.", size);
+ if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
+ device_alignment(dev), vol_gr_des, size, off) != size) {
+ r = -EIO;
+ goto out;
+ }
+
+ *enc_md_blkoff = le64_to_cpu(vol_gr_des->enc_md_blkoff);
+ *enc_md_blocks_n = le64_to_cpu(vol_gr_des->enc_md_blocks_n);
+out:
+ free(md_block);
+ free(vol_gr_des);
+ return r;
+}
+
+/**
+ * Extract info from relevant encrypted metadata blocks.
+ * @param[in] devfd opened device file descriptor
+ * @param[in] cd crypt_device passed into FVAULT2_read_metadata
+ * @param[in] block_size used to compute byte-offsets from block-offsets
+ * @param[in] start_blkoff block-offset of the start of the encrypted metadata
+ * @param[in] blocks_n total count of encrypted metadata blocks
+ * @param[in] key AES-XTS key for decryption
+ * @param[out] params decryption parameters struct to fill
+ */
+static int _read_encrypted_metadata(
+ int devfd,
+ struct crypt_device *cd,
+ uint64_t block_size,
+ uint64_t start_blkoff,
+ uint64_t blocks_n,
+ const struct volume_key *key,
+ struct fvault2_params *params)
+{
+ int r = 0;
+ int status = FVAULT2_ENC_MD_PARSED_NONE;
+ struct device *dev = crypt_metadata_device(cd);
+ struct crypt_cipher *cipher = NULL;
+ void *tweak;
+ void *md_block_enc = NULL;
+ void *md_block = NULL;
+ struct metadata_block_header *md_block_header;
+ uint32_t log_vol_blkoff;
+ uint64_t i, start_off;
+ off_t off;
+ unsigned int block_type;
+
+ tweak = calloc(FVAULT2_XTS_TWEAK_SIZE, 1);
+ if (tweak == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ md_block_enc = malloc(FVAULT2_MD_BLOCK_SIZE);
+ if (md_block_enc == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ md_block = malloc(FVAULT2_MD_BLOCK_SIZE);
+ if (md_block == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = crypt_cipher_init(&cipher, "aes", "xts", key->key, FVAULT2_XTS_KEY_SIZE);
+ if (r < 0)
+ goto out;
+
+ if (uint64_mult_overflow(&start_off, start_blkoff, block_size) ||
+ start_off > FVAULT2_MAX_OFF) {
+ log_dbg(cd, "Device offset overflow.");
+ r = -EINVAL;
+ goto out;
+ }
+
+ log_dbg(cd, "Reading FVAULT2 encrypted metadata blocks.");
+ for (i = 0; i < blocks_n; i++) {
+ off = start_off + i * FVAULT2_MD_BLOCK_SIZE;
+ if (off > FVAULT2_MAX_OFF) {
+ log_dbg(cd, "Device offset overflow.");
+ r = -EINVAL;
+ goto out;
+ }
+ if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
+ device_alignment(dev), md_block_enc,
+ FVAULT2_MD_BLOCK_SIZE, off)
+ != FVAULT2_MD_BLOCK_SIZE) {
+ r = -EIO;
+ goto out;
+ }
+
+ if (_filled_with(0, md_block_enc, FVAULT2_MD_BLOCK_SIZE))
+ break;
+
+ *(uint64_t *)tweak = cpu_to_le64(i);
+ r = crypt_cipher_decrypt(cipher, md_block_enc, md_block,
+ FVAULT2_MD_BLOCK_SIZE, tweak, FVAULT2_XTS_TWEAK_SIZE);
+ if (r < 0)
+ goto out;
+
+ r = _check_crc(md_block, FVAULT2_MD_BLOCK_SIZE);
+ if (r < 0) {
+ log_dbg(cd, "CRC mismatch.");
+ goto out;
+ }
+
+ md_block_header = md_block;
+ block_type = le16_to_cpu(md_block_header->block_type);
+ switch (block_type) {
+ case 0x0019:
+ log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0019.", i);
+ r = _parse_metadata_block_0x0019(md_block,
+ ¶ms->pbkdf2_iters,
+ (uint8_t *)params->pbkdf2_salt,
+ (uint8_t *)params->wrapped_kek,
+ (uint8_t *)params->wrapped_vk);
+ if (r < 0)
+ goto out;
+ status |= FVAULT2_ENC_MD_PARSED_0x0019;
+ break;
+
+ case 0x001A:
+ log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x001A.", i);
+ r = _parse_metadata_block_0x001a(md_block,
+ ¶ms->log_vol_size,
+ params->family_uuid);
+ if (r < 0)
+ goto out;
+ status |= FVAULT2_ENC_MD_PARSED_0x001A;
+ break;
+
+ case 0x0305:
+ log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0305.", i);
+ r = _parse_metadata_block_0x0305(md_block,
+ &log_vol_blkoff);
+ if (r < 0)
+ goto out;
+ if (uint64_mult_overflow(¶ms->log_vol_off,
+ log_vol_blkoff, block_size)) {
+ log_dbg(cd, "Device offset overflow.");
+ r = -EINVAL;
+ goto out;
+ }
+ status |= FVAULT2_ENC_MD_PARSED_0x0305;
+ break;
+ }
+ }
+
+ if (status != FVAULT2_ENC_MD_PARSED_ALL) {
+ log_dbg(cd, "Necessary FVAULT2 metadata blocks not found.");
+ r = -EINVAL;
+ goto out;
+ }
+out:
+ free(tweak);
+ free(md_block_enc);
+ free(md_block);
+ if (cipher != NULL)
+ crypt_cipher_destroy(cipher);
+ return r;
+}
+
+/**
+ * Activate device.
+ * @param[in] cd crypt_device struct passed into FVAULT2_activate_by_*
+ * @param[in] name name of the mapped device
+ * @param[in] vol_key the pre-derived AES-XTS volume key
+ * @param[in] params logical volume decryption parameters
+ * @param[in] flags flags assigned to the crypt_dm_active_device struct
+ */
+static int _activate(
+ struct crypt_device *cd,
+ const char *name,
+ struct volume_key *vol_key,
+ const struct fvault2_params *params,
+ uint32_t flags)
+{
+ int r = 0;
+ char *cipher = NULL;
+ struct crypt_dm_active_device dm_dev = {
+ .flags = flags,
+ .size = params->log_vol_size / SECTOR_SIZE
+ };
+
+ r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
+ crypt_get_data_offset(cd), &dm_dev.size, &dm_dev.flags);
+ if (r)
+ return r;
+
+ if (asprintf(&cipher, "%s-%s", params->cipher, params->cipher_mode) < 0)
+ return -ENOMEM;
+
+ r = dm_crypt_target_set(&dm_dev.segment, 0, dm_dev.size,
+ crypt_data_device(cd), vol_key, cipher,
+ crypt_get_iv_offset(cd), crypt_get_data_offset(cd),
+ crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd),
+ crypt_get_sector_size(cd));
+
+ if (!r)
+ r = dm_create_device(cd, name, CRYPT_FVAULT2, &dm_dev);
+
+ dm_targets_free(cd, &dm_dev);
+ free(cipher);
+ return r;
+}
+
+int FVAULT2_read_metadata(
+ struct crypt_device *cd,
+ struct fvault2_params *params)
+{
+ int r = 0;
+ int devfd;
+ uint64_t block_size;
+ uint64_t disklbl_blkoff;
+ uint64_t enc_md_blkoff;
+ uint64_t enc_md_blocks_n;
+ struct volume_key *enc_md_key = NULL;
+ struct device *device = crypt_metadata_device(cd);
+
+ devfd = device_open(cd, device, O_RDONLY);
+ if (devfd < 0) {
+ log_err(cd, _("Cannot open device %s."), device_path(device));
+ return -EIO;
+ }
+
+ r = _read_volume_header(devfd, cd, &block_size, &disklbl_blkoff,
+ params->ph_vol_uuid, &enc_md_key);
+ if (r < 0)
+ goto out;
+
+ r = _read_disklabel(devfd, cd, block_size, disklbl_blkoff,
+ &enc_md_blkoff, &enc_md_blocks_n);
+ if (r < 0)
+ goto out;
+
+ r = _read_encrypted_metadata(devfd, cd, block_size, enc_md_blkoff,
+ enc_md_blocks_n, enc_md_key, params);
+ if (r < 0)
+ goto out;
+
+ params->cipher = "aes";
+ params->cipher_mode = "xts-plain64";
+ params->key_size = FVAULT2_XTS_KEY_SIZE;
+out:
+ crypt_free_volume_key(enc_md_key);
+ return r;
+}
+
+int FVAULT2_get_volume_key(
+ struct crypt_device *cd,
+ const char *passphrase,
+ size_t passphrase_len,
+ const struct fvault2_params *params,
+ struct volume_key **vol_key)
+{
+ int r = 0;
+ uint8_t family_uuid_bin[FVAULT2_UUID_BIN_SIZE];
+ struct volume_key *passphrase_key = NULL;
+ struct volume_key *kek = NULL;
+ struct crypt_hash *hash = NULL;
+
+ *vol_key = NULL;
+
+ if (uuid_parse(params->family_uuid, family_uuid_bin) < 0) {
+ log_dbg(cd, "Could not parse logical volume family UUID: %s.",
+ params->family_uuid);
+ r = -EINVAL;
+ goto out;
+ }
+
+ passphrase_key = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL);
+ if (passphrase_key == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = crypt_pbkdf("pbkdf2", "sha256", passphrase, passphrase_len,
+ params->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE, passphrase_key->key,
+ FVAULT2_AES_KEY_SIZE, params->pbkdf2_iters, 0, 0);
+ if (r < 0)
+ goto out;
+
+ kek = crypt_alloc_volume_key(FVAULT2_AES_KEY_SIZE, NULL);
+ if (kek == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = _unwrap_key(passphrase_key->key, FVAULT2_AES_KEY_SIZE, params->wrapped_kek,
+ FVAULT2_WRAPPED_KEY_SIZE, kek->key, FVAULT2_AES_KEY_SIZE);
+ if (r < 0)
+ goto out;
+
+ *vol_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, NULL);
+ if (*vol_key == NULL) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = _unwrap_key(kek->key, FVAULT2_AES_KEY_SIZE, params->wrapped_vk,
+ FVAULT2_WRAPPED_KEY_SIZE, (*vol_key)->key, FVAULT2_AES_KEY_SIZE);
+ if (r < 0)
+ goto out;
+
+ r = crypt_hash_init(&hash, "sha256");
+ if (r < 0)
+ goto out;
+ r = crypt_hash_write(hash, (*vol_key)->key, FVAULT2_AES_KEY_SIZE);
+ if (r < 0)
+ goto out;
+ r = crypt_hash_write(hash, (char *)family_uuid_bin,
+ FVAULT2_UUID_BIN_SIZE);
+ if (r < 0)
+ goto out;
+ r = crypt_hash_final(hash, (*vol_key)->key + FVAULT2_AES_KEY_SIZE,
+ FVAULT2_AES_KEY_SIZE);
+ if (r < 0)
+ goto out;
+out:
+ crypt_free_volume_key(passphrase_key);
+ crypt_free_volume_key(kek);
+ if (r < 0) {
+ crypt_free_volume_key(*vol_key);
+ *vol_key = NULL;
+ }
+ if (hash != NULL)
+ crypt_hash_destroy(hash);
+ return r;
+}
+
+int FVAULT2_dump(
+ struct crypt_device *cd,
+ struct device *device,
+ const struct fvault2_params *params)
+{
+ log_std(cd, "Header information for FVAULT2 device %s.\n", device_path(device));
+
+ log_std(cd, "Physical volume UUID: \t%s\n", params->ph_vol_uuid);
+ log_std(cd, "Family UUID: \t%s\n", params->family_uuid);
+
+ log_std(cd, "Logical volume offset:\t%" PRIu64 " [bytes]\n", params->log_vol_off);
+
+ log_std(cd, "Logical volume size: \t%" PRIu64 " [bytes]\n",
+ params->log_vol_size);
+
+ log_std(cd, "Cipher: \t%s\n", params->cipher);
+ log_std(cd, "Cipher mode: \t%s\n", params->cipher_mode);
+
+ log_std(cd, "PBKDF2 iterations: \t%" PRIu32 "\n", params->pbkdf2_iters);
+
+ log_std(cd, "PBKDF2 salt: \t");
+ crypt_log_hex(cd, params->pbkdf2_salt, FVAULT2_PBKDF2_SALT_SIZE, " ", 0, NULL);
+ log_std(cd, "\n");
+
+ return 0;
+}
+
+int FVAULT2_activate_by_passphrase(
+ struct crypt_device *cd,
+ const char *name,
+ const char *passphrase,
+ size_t passphrase_len,
+ const struct fvault2_params *params,
+ uint32_t flags)
+{
+ int r;
+ struct volume_key *vol_key = NULL;
+
+ r = FVAULT2_get_volume_key(cd, passphrase, passphrase_len, params, &vol_key);
+ if (r < 0)
+ return r;
+
+ if (name)
+ r = _activate(cd, name, vol_key, params, flags);
+
+ crypt_free_volume_key(vol_key);
+ return r;
+}
+
+int FVAULT2_activate_by_volume_key(
+ struct crypt_device *cd,
+ const char *name,
+ const char *key,
+ size_t key_size,
+ const struct fvault2_params *params,
+ uint32_t flags)
+{
+ int r = 0;
+ struct volume_key *vol_key = NULL;
+
+ if (key_size != FVAULT2_XTS_KEY_SIZE)
+ return -EINVAL;
+
+ vol_key = crypt_alloc_volume_key(FVAULT2_XTS_KEY_SIZE, key);
+ if (vol_key == NULL)
+ return -ENOMEM;
+
+ r = _activate(cd, name, vol_key, params, flags);
+
+ crypt_free_volume_key(vol_key);
+ return r;
+}
--- /dev/null
+/*
+ * FVAULT2 (FileVault2-compatible) volume handling
+ *
+ * Copyright (C) 2021-2022 Pavel Tobias
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _CRYPTSETUP_FVAULT2_H
+#define _CRYPTSETUP_FVAULT2_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define FVAULT2_WRAPPED_KEY_SIZE 24
+#define FVAULT2_PBKDF2_SALT_SIZE 16
+#define FVAULT2_UUID_LEN 37
+
+struct crypt_device;
+struct volume_key;
+
+struct fvault2_params {
+ const char *cipher;
+ const char *cipher_mode;
+ uint16_t key_size;
+ uint32_t pbkdf2_iters;
+ char pbkdf2_salt[FVAULT2_PBKDF2_SALT_SIZE];
+ char wrapped_kek[FVAULT2_WRAPPED_KEY_SIZE];
+ char wrapped_vk[FVAULT2_WRAPPED_KEY_SIZE];
+ char family_uuid[FVAULT2_UUID_LEN];
+ char ph_vol_uuid[FVAULT2_UUID_LEN];
+ uint64_t log_vol_off;
+ uint64_t log_vol_size;
+};
+
+int FVAULT2_read_metadata(
+ struct crypt_device *cd,
+ struct fvault2_params *params);
+
+int FVAULT2_get_volume_key(
+ struct crypt_device *cd,
+ const char *passphrase,
+ size_t passphrase_len,
+ const struct fvault2_params *params,
+ struct volume_key **vol_key);
+
+int FVAULT2_dump(
+ struct crypt_device *cd,
+ struct device *device,
+ const struct fvault2_params *params);
+
+int FVAULT2_activate_by_passphrase(
+ struct crypt_device *cd,
+ const char *name,
+ const char *passphrase,
+ size_t passphrase_len,
+ const struct fvault2_params *params,
+ uint32_t flags);
+
+int FVAULT2_activate_by_volume_key(
+ struct crypt_device *cd,
+ const char *name,
+ const char *key,
+ size_t key_size,
+ const struct fvault2_params *params,
+ uint32_t flags);
+
+#endif
/*
* Integrity volume handling
*
- * Copyright (C) 2016-2021 Milan Broz
+ * Copyright (C) 2016-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "integrity.h"
#include "internal.h"
+/* For LUKS2, integrity metadata are on DATA device even for detached header! */
+static struct device *INTEGRITY_metadata_device(struct crypt_device *cd)
+{
+ const char *type = crypt_get_type(cd);
+
+ if (type && !strcmp(type, CRYPT_LUKS2))
+ return crypt_data_device(cd);
+
+ return crypt_metadata_device(cd);
+}
+
static int INTEGRITY_read_superblock(struct crypt_device *cd,
struct device *device,
uint64_t offset, struct superblock *sb)
return -EINVAL;
if (read_lseek_blockwise(devfd, device_block_size(cd, device),
- device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) ||
- memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic)) ||
- sb->version < SB_VERSION_1 || sb->version > SB_VERSION_5) {
- log_std(cd, "No integrity superblock detected on %s.\n",
- device_path(device));
+ device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) ||
+ memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic))) {
+ log_dbg(cd, "No kernel dm-integrity metadata detected on %s.", device_path(device));
+ r = -EINVAL;
+ } else if (sb->version < SB_VERSION_1 || sb->version > SB_VERSION_5) {
+ log_err(cd, _("Incompatible kernel dm-integrity metadata (version %u) detected on %s."),
+ sb->version, device_path(device));
r = -EINVAL;
} else {
sb->integrity_tag_size = le16toh(sb->integrity_tag_size);
struct superblock sb;
int r;
- r = INTEGRITY_read_superblock(cd, crypt_metadata_device(cd), 0, &sb);
+ r = INTEGRITY_read_superblock(cd, INTEGRITY_metadata_device(cd), 0, &sb);
if (r)
return r;
return 0;
}
-int INTEGRITY_key_size(struct crypt_device *cd, const char *integrity)
+int INTEGRITY_key_size(const char *integrity)
{
if (!integrity)
return 0;
if (!strcmp(integrity, "crc32") || !strcmp(integrity, "crc32c"))
return 4;
+ if (!strcmp(integrity, "xxhash64"))
+ return 8;
+
r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash);
if (r == 1)
r = crypt_hash_size(hash);
return r < 0 ? 0 : r;
}
-int INTEGRITY_tag_size(struct crypt_device *cd,
- const char *integrity,
+int INTEGRITY_tag_size(const char *integrity,
const char *cipher,
const char *cipher_mode)
{
if (!integrity || !strcmp(integrity, "none"))
auth_tag_size = 0;
else if (!strcmp(integrity, "aead"))
- auth_tag_size = 16; //FIXME gcm- mode only
+ auth_tag_size = 16; /* gcm- mode only */
else if (!strcmp(integrity, "cmac(aes)"))
auth_tag_size = 16;
else if (!strcmp(integrity, "hmac(sha1)"))
if (sb_flags & SB_FLAG_RECALCULATING)
dmd->flags |= CRYPT_ACTIVATE_RECALCULATE;
- r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd),
+ r = INTEGRITY_data_sectors(cd, INTEGRITY_metadata_device(cd),
crypt_get_data_offset(cd) * SECTOR_SIZE, &dmd->size);
if (r < 0)
return r;
return dm_integrity_target_set(cd, &dmd->segment, 0, dmd->size,
- crypt_metadata_device(cd), crypt_data_device(cd),
+ INTEGRITY_metadata_device(cd), crypt_data_device(cd),
crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd),
crypt_get_sector_size(cd), vk, journal_crypt_key,
journal_mac_key, params);
log_dbg(cd, "Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
device_path(tgt->data_device), name, tgt->u.integrity.tag_size, dmd->size);
- r = device_block_adjust(cd, tgt->data_device, DEV_EXCL,
- tgt->u.integrity.offset, NULL, &dmd->flags);
- if (r)
- return r;
+ r = create_or_reload_device(cd, name, type, dmd);
- if (tgt->u.integrity.meta_device) {
- r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL);
- if (r)
- return r;
- }
-
- r = dm_create_device(cd, name, type, dmd);
if (r < 0 && (dm_flags(cd, DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
log_err(cd, _("Kernel does not support dm-integrity mapping."));
return -ENOTSUP;
struct volume_key *journal_mac_key,
uint32_t flags, uint32_t sb_flags)
{
- struct crypt_dm_active_device dmd = {};
- int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key,
- journal_mac_key, &dmd, flags, sb_flags);
+ struct crypt_dm_active_device dmdq = {}, dmd = {};
+ int r;
- if (r < 0)
- return r;
+ if (flags & CRYPT_ACTIVATE_REFRESH) {
+ r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE |
+ DM_ACTIVE_CRYPT_KEY |
+ DM_ACTIVE_INTEGRITY_PARAMS |
+ DM_ACTIVE_JOURNAL_CRYPT_KEY |
+ DM_ACTIVE_JOURNAL_MAC_KEY, &dmdq);
+ if (r < 0)
+ return r;
+
+ r = INTEGRITY_create_dmd_device(cd, params, vk ?: dmdq.segment.u.integrity.vk,
+ journal_crypt_key ?: dmdq.segment.u.integrity.journal_crypt_key,
+ journal_mac_key ?: dmdq.segment.u.integrity.journal_integrity_key,
+ &dmd, flags, sb_flags);
+
+ if (!r)
+ dmd.size = dmdq.size;
+ } else
+ r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key,
+ journal_mac_key, &dmd, flags, sb_flags);
+
+ if (!r)
+ r = INTEGRITY_activate_dmd_device(cd, name, CRYPT_INTEGRITY, &dmd, sb_flags);
- r = INTEGRITY_activate_dmd_device(cd, name, CRYPT_INTEGRITY, &dmd, sb_flags);
+ dm_targets_free(cd, &dmdq);
dm_targets_free(cd, &dmd);
return r;
}
if (params && params->integrity_key_size)
vk = crypt_alloc_volume_key(params->integrity_key_size, NULL);
- r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, crypt_metadata_device(cd),
+ r = dm_integrity_target_set(cd, tgt, 0, dmdi.size, INTEGRITY_metadata_device(cd),
crypt_data_device(cd), crypt_get_integrity_tag_size(cd),
crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk,
journal_crypt_key, journal_mac_key, params);
/*
* Integrity header definition
*
- * Copyright (C) 2016-2021 Milan Broz
+ * Copyright (C) 2016-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
int INTEGRITY_data_sectors(struct crypt_device *cd,
struct device *device, uint64_t offset,
uint64_t *data_sectors);
-int INTEGRITY_key_size(struct crypt_device *cd,
- const char *integrity);
-int INTEGRITY_tag_size(struct crypt_device *cd,
- const char *integrity,
+int INTEGRITY_key_size(const char *integrity);
+int INTEGRITY_tag_size(const char *integrity,
const char *cipher,
const char *cipher_mode);
int INTEGRITY_hash_tag_size(const char *integrity);
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <unistd.h>
#include <inttypes.h>
#include <fcntl.h>
+#include <assert.h>
#include "nls.h"
#include "bitops.h"
#include "utils_crypt.h"
#include "utils_loop.h"
#include "utils_dm.h"
-#include "utils_fips.h"
#include "utils_keyring.h"
#include "utils_io.h"
-#include "crypto_backend.h"
+#include "crypto_backend/crypto_backend.h"
#include "utils_storage_wrappers.h"
#include "libcryptsetup.h"
-/* to silent gcc -Wcast-qual for const cast */
-#define CONST_CAST(x) (x)(uintptr_t)
+#include "libcryptsetup_macros.h"
+#include "libcryptsetup_symver.h"
-#define SHIFT_4K 12
-#define SECTOR_SHIFT 9
-#define SECTOR_SIZE (1 << SECTOR_SHIFT)
-#define MAX_SECTOR_SIZE 4096 /* min page size among all platforms */
-#define DEFAULT_DISK_ALIGNMENT 1048576 /* 1MiB */
-#define DEFAULT_MEM_ALIGNMENT 4096
#define LOG_MAX_LEN 4096
#define MAX_DM_DEPS 32
#define CRYPT_SUBDEV "SUBDEV" /* prefix for sublayered devices underneath public crypt types */
-#define at_least(a, b) ({ __typeof__(a) __at_least = (a); (__at_least >= (b))?__at_least:(b); })
-
-#define MISALIGNED(a, b) ((a) & ((b) - 1))
-#define MISALIGNED_4K(a) MISALIGNED((a), 1 << SHIFT_4K)
-#define MISALIGNED_512(a) MISALIGNED((a), 1 << SECTOR_SHIFT)
-#define NOTPOW2(a) MISALIGNED((a), (a))
-
-#ifndef ARRAY_SIZE
-# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
-#endif
-
-#define MOVE_REF(x, y) \
- do { \
- typeof (x) *_px = &(x), *_py = &(y); \
- *_px = *_py; \
- *_py = NULL; \
- } while (0)
-
#ifndef O_CLOEXEC
#define O_CLOEXEC 0
#endif
int device_check_size(struct crypt_device *cd,
struct device *device,
uint64_t req_offset, int falloc);
+void device_set_block_size(struct device *device, size_t size);
+size_t device_optimal_encryption_sector_size(struct crypt_device *cd, struct device *device);
int device_open_locked(struct crypt_device *cd, struct device *device, int flags);
int device_read_lock(struct crypt_device *cd, struct device *device);
char *crypt_get_base_device(const char *dev_path);
uint64_t crypt_dev_partition_offset(const char *dev_path);
int lookup_by_disk_id(const char *dm_uuid);
-int lookup_by_sysfs_uuid_field(const char *dm_uuid, size_t max_len);
+int lookup_by_sysfs_uuid_field(const char *dm_uuid);
int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid);
size_t crypt_getpagesize(void);
int init_crypto(struct crypt_device *ctx);
-void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6)));
-#define log_dbg(c, x...) logger(c, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
-#define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
-#define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
-#define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
+#define log_dbg(c, x...) crypt_logf(c, CRYPT_LOG_DEBUG, x)
+#define log_std(c, x...) crypt_logf(c, CRYPT_LOG_NORMAL, x)
+#define log_verbose(c, x...) crypt_logf(c, CRYPT_LOG_VERBOSE, x)
+#define log_err(c, x...) crypt_logf(c, CRYPT_LOG_ERROR, x)
int crypt_get_debug_level(void);
-int crypt_memlock_inc(struct crypt_device *ctx);
-int crypt_memlock_dec(struct crypt_device *ctx);
+void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise);
int crypt_metadata_locking_enabled(void);
void crypt_drop_keyring_key_by_description(struct crypt_device *cd, const char *key_description, key_type_t ktype);
void crypt_drop_keyring_key(struct crypt_device *cd, struct volume_key *vks);
-static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
+static inline uint64_t compact_version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
{
return (uint64_t)release | ((uint64_t)patch << 16) | ((uint64_t)minor << 32) | ((uint64_t)major << 48);
}
--- /dev/null
+/*
+ * LUKS - Linux Unified Key Setup, keyslot unlock helpers
+ *
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+
+#include "luks1/luks.h"
+#include "luks2/luks2.h"
+#include "keyslot_context.h"
+
+static int get_luks2_key_by_passphrase(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ int segment,
+ struct volume_key **r_vk)
+{
+ int r;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE);
+ assert(r_vk);
+
+ r = LUKS2_keyslot_open(cd, keyslot, segment, kc->u.p.passphrase, kc->u.p.passphrase_size, r_vk);
+ if (r < 0)
+ kc->error = r;
+
+ return r;
+}
+
+static int get_luks1_volume_key_by_passphrase(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ struct volume_key **r_vk)
+{
+ int r;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE);
+ assert(r_vk);
+
+ r = LUKS_open_key_with_hdr(keyslot, kc->u.p.passphrase, kc->u.p.passphrase_size,
+ crypt_get_hdr(cd, CRYPT_LUKS1), r_vk, cd);
+ if (r < 0)
+ kc->error = r;
+
+ return r;
+}
+
+static int get_luks2_volume_key_by_passphrase(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ struct volume_key **r_vk)
+{
+ return get_luks2_key_by_passphrase(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk);
+}
+
+static int get_passphrase_by_passphrase(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ const char **r_passphrase,
+ size_t *r_passphrase_size)
+{
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_PASSPHRASE);
+ assert(r_passphrase);
+ assert(r_passphrase_size);
+
+ *r_passphrase = kc->u.p.passphrase;
+ *r_passphrase_size = kc->u.p.passphrase_size;
+
+ return 0;
+}
+
+static int get_passphrase_by_keyfile(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ const char **r_passphrase,
+ size_t *r_passphrase_size)
+{
+ int r;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE);
+ assert(r_passphrase);
+ assert(r_passphrase_size);
+
+ if (!kc->i_passphrase) {
+ r = crypt_keyfile_device_read(cd, kc->u.kf.keyfile,
+ &kc->i_passphrase, &kc->i_passphrase_size,
+ kc->u.kf.keyfile_offset, kc->u.kf.keyfile_size, 0);
+ if (r < 0) {
+ kc->error = r;
+ return r;
+ }
+ }
+
+ *r_passphrase = kc->i_passphrase;
+ *r_passphrase_size = kc->i_passphrase_size;
+
+ return 0;
+}
+
+static int get_luks2_key_by_keyfile(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ int segment,
+ struct volume_key **r_vk)
+{
+ int r;
+ const char *passphrase;
+ size_t passphrase_size;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE);
+ assert(r_vk);
+
+ r = get_passphrase_by_keyfile(cd, kc, &passphrase, &passphrase_size);
+ if (r)
+ return r;
+
+ r = LUKS2_keyslot_open(cd, keyslot, segment, passphrase, passphrase_size, r_vk);
+ if (r < 0)
+ kc->error = r;
+
+ return r;
+}
+
+static int get_luks2_volume_key_by_keyfile(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ struct volume_key **r_vk)
+{
+ return get_luks2_key_by_keyfile(cd, kc, keyslot, CRYPT_DEFAULT_SEGMENT, r_vk);
+}
+
+static int get_luks1_volume_key_by_keyfile(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ struct volume_key **r_vk)
+{
+ int r;
+ const char *passphrase;
+ size_t passphrase_size;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_KEYFILE);
+ assert(r_vk);
+
+ r = get_passphrase_by_keyfile(cd, kc, &passphrase, &passphrase_size);
+ if (r)
+ return r;
+
+ r = LUKS_open_key_with_hdr(keyslot, passphrase, passphrase_size,
+ crypt_get_hdr(cd, CRYPT_LUKS1), r_vk, cd);
+ if (r < 0)
+ kc->error = r;
+
+ return r;
+}
+
+static int get_key_by_key(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot __attribute__((unused)),
+ int segment __attribute__((unused)),
+ struct volume_key **r_vk)
+{
+ assert(kc && kc->type == CRYPT_KC_TYPE_KEY);
+ assert(r_vk);
+
+ if (!kc->u.k.volume_key) {
+ kc->error = -ENOENT;
+ return kc->error;
+ }
+
+ *r_vk = crypt_alloc_volume_key(kc->u.k.volume_key_size, kc->u.k.volume_key);
+ if (!*r_vk) {
+ kc->error = -ENOMEM;
+ return kc->error;
+ }
+
+ return 0;
+}
+
+static int get_volume_key_by_key(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot __attribute__((unused)),
+ struct volume_key **r_vk)
+{
+ return get_key_by_key(cd, kc, -2 /* unused */, -2 /* unused */, r_vk);
+}
+
+static int get_luks2_key_by_token(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot __attribute__((unused)),
+ int segment,
+ struct volume_key **r_vk)
+{
+ int r;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_TOKEN);
+ assert(r_vk);
+
+ r = LUKS2_token_unlock_key(cd, crypt_get_hdr(cd, CRYPT_LUKS2), kc->u.t.id, kc->u.t.type,
+ kc->u.t.pin, kc->u.t.pin_size, segment, kc->u.t.usrptr, r_vk);
+ if (r < 0)
+ kc->error = r;
+
+ return r;
+}
+
+static int get_luks2_volume_key_by_token(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot __attribute__((unused)),
+ struct volume_key **r_vk)
+{
+ return get_luks2_key_by_token(cd, kc, -2 /* unused */, CRYPT_DEFAULT_SEGMENT, r_vk);
+}
+
+static int get_passphrase_by_token(struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ const char **r_passphrase,
+ size_t *r_passphrase_size)
+{
+ int r;
+
+ assert(cd);
+ assert(kc && kc->type == CRYPT_KC_TYPE_TOKEN);
+ assert(r_passphrase);
+ assert(r_passphrase_size);
+
+ if (!kc->i_passphrase) {
+ r = LUKS2_token_unlock_passphrase(cd, crypt_get_hdr(cd, CRYPT_LUKS2), kc->u.t.id,
+ kc->u.t.type, kc->u.t.pin, kc->u.t.pin_size,
+ kc->u.t.usrptr, &kc->i_passphrase, &kc->i_passphrase_size);
+ if (r < 0) {
+ kc->error = r;
+ return r;
+ }
+ kc->u.t.id = r;
+ }
+
+ *r_passphrase = kc->i_passphrase;
+ *r_passphrase_size = kc->i_passphrase_size;
+
+ return kc->u.t.id;
+}
+
+static void unlock_method_init_internal(struct crypt_keyslot_context *kc)
+{
+ assert(kc);
+
+ kc->error = 0;
+ kc->i_passphrase = NULL;
+ kc->i_passphrase_size = 0;
+}
+
+void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc,
+ const char *volume_key,
+ size_t volume_key_size)
+{
+ assert(kc);
+
+ kc->type = CRYPT_KC_TYPE_KEY;
+ kc->u.k.volume_key = volume_key;
+ kc->u.k.volume_key_size = volume_key_size;
+ kc->get_luks2_key = get_key_by_key;
+ kc->get_luks2_volume_key = get_volume_key_by_key;
+ kc->get_luks1_volume_key = get_volume_key_by_key;
+ kc->get_passphrase = NULL; /* keyslot key context does not provide passphrase */
+ unlock_method_init_internal(kc);
+}
+
+void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_context *kc,
+ const char *passphrase,
+ size_t passphrase_size)
+{
+ assert(kc);
+
+ kc->type = CRYPT_KC_TYPE_PASSPHRASE;
+ kc->u.p.passphrase = passphrase;
+ kc->u.p.passphrase_size = passphrase_size;
+ kc->get_luks2_key = get_luks2_key_by_passphrase;
+ kc->get_luks2_volume_key = get_luks2_volume_key_by_passphrase;
+ kc->get_luks1_volume_key = get_luks1_volume_key_by_passphrase;
+ kc->get_passphrase = get_passphrase_by_passphrase;
+ unlock_method_init_internal(kc);
+}
+
+void crypt_keyslot_unlock_by_keyfile_init_internal(struct crypt_keyslot_context *kc,
+ const char *keyfile,
+ size_t keyfile_size,
+ uint64_t keyfile_offset)
+{
+ assert(kc);
+
+ kc->type = CRYPT_KC_TYPE_KEYFILE;
+ kc->u.kf.keyfile = keyfile;
+ kc->u.kf.keyfile_size = keyfile_size;
+ kc->u.kf.keyfile_offset = keyfile_offset;
+ kc->get_luks2_key = get_luks2_key_by_keyfile;
+ kc->get_luks2_volume_key = get_luks2_volume_key_by_keyfile;
+ kc->get_luks1_volume_key = get_luks1_volume_key_by_keyfile;
+ kc->get_passphrase = get_passphrase_by_keyfile;
+ unlock_method_init_internal(kc);
+}
+
+void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *kc,
+ int token,
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr)
+{
+ assert(kc);
+
+ kc->type = CRYPT_KC_TYPE_TOKEN;
+ kc->u.t.id = token;
+ kc->u.t.type = type;
+ kc->u.t.pin = pin;
+ kc->u.t.pin_size = pin_size;
+ kc->u.t.usrptr = usrptr;
+ kc->get_luks2_key = get_luks2_key_by_token;
+ kc->get_luks2_volume_key = get_luks2_volume_key_by_token;
+ kc->get_luks1_volume_key = NULL; /* LUKS1 is not supported */
+ kc->get_passphrase = get_passphrase_by_token;
+ unlock_method_init_internal(kc);
+}
+
+void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *kc)
+{
+ if (!kc)
+ return;
+
+ crypt_safe_free(kc->i_passphrase);
+ kc->i_passphrase = NULL;
+ kc->i_passphrase_size = 0;
+}
+
+void crypt_keyslot_context_free(struct crypt_keyslot_context *kc)
+{
+ crypt_keyslot_context_destroy_internal(kc);
+ free(kc);
+}
+
+int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd,
+ const char *passphrase,
+ size_t passphrase_size,
+ struct crypt_keyslot_context **kc)
+{
+ struct crypt_keyslot_context *tmp;
+
+ if (!kc || !passphrase)
+ return -EINVAL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ return -ENOMEM;
+
+ crypt_keyslot_unlock_by_passphrase_init_internal(tmp, passphrase, passphrase_size);
+
+ *kc = tmp;
+
+ return 0;
+}
+
+int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd,
+ const char *keyfile,
+ size_t keyfile_size,
+ uint64_t keyfile_offset,
+ struct crypt_keyslot_context **kc)
+{
+ struct crypt_keyslot_context *tmp;
+
+ if (!kc || !keyfile)
+ return -EINVAL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ return -ENOMEM;
+
+ crypt_keyslot_unlock_by_keyfile_init_internal(tmp, keyfile, keyfile_size, keyfile_offset);
+
+ *kc = tmp;
+
+ return 0;
+}
+
+int crypt_keyslot_context_init_by_token(struct crypt_device *cd,
+ int token,
+ const char *type,
+ const char *pin, size_t pin_size,
+ void *usrptr,
+ struct crypt_keyslot_context **kc)
+{
+ struct crypt_keyslot_context *tmp;
+
+ if (!kc || (token < 0 && token != CRYPT_ANY_TOKEN))
+ return -EINVAL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ return -ENOMEM;
+
+ crypt_keyslot_unlock_by_token_init_internal(tmp, token, type, pin, pin_size, usrptr);
+
+ *kc = tmp;
+
+ return 0;
+}
+
+int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd,
+ const char *volume_key,
+ size_t volume_key_size,
+ struct crypt_keyslot_context **kc)
+{
+ struct crypt_keyslot_context *tmp;
+
+ if (!kc)
+ return -EINVAL;
+
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ return -ENOMEM;
+
+ crypt_keyslot_unlock_by_key_init_internal(tmp, volume_key, volume_key_size);
+
+ *kc = tmp;
+
+ return 0;
+}
+
+int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc)
+{
+ return kc ? kc->error : -EINVAL;
+}
+
+int crypt_keyslot_context_set_pin(struct crypt_device *cd,
+ const char *pin, size_t pin_size,
+ struct crypt_keyslot_context *kc)
+{
+ if (!kc || kc->type != CRYPT_KC_TYPE_TOKEN)
+ return -EINVAL;
+
+ kc->u.t.pin = pin;
+ kc->u.t.pin_size = pin_size;
+ kc->error = 0;
+
+ return 0;
+}
+
+int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc)
+{
+ return kc ? kc->type : -EINVAL;
+}
+
+const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc)
+{
+ assert(kc);
+
+ switch (kc->type) {
+ case CRYPT_KC_TYPE_PASSPHRASE:
+ return "passphrase";
+ case CRYPT_KC_TYPE_KEYFILE:
+ return "keyfile";
+ case CRYPT_KC_TYPE_TOKEN:
+ return "token";
+ case CRYPT_KC_TYPE_KEY:
+ return "key";
+ default:
+ return "<unknown>";
+ }
+}
--- /dev/null
+/*
+ * LUKS - Linux Unified Key Setup, keyslot unlock helpers
+ *
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef KEYSLOT_CONTEXT_H
+#define KEYSLOT_CONTEXT_H
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#include "internal.h"
+
+typedef int (*keyslot_context_get_key) (
+ struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ int segment,
+ struct volume_key **r_vk);
+
+typedef int (*keyslot_context_get_volume_key) (
+ struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ int keyslot,
+ struct volume_key **r_vk);
+
+typedef int (*keyslot_context_get_passphrase) (
+ struct crypt_device *cd,
+ struct crypt_keyslot_context *kc,
+ const char **r_passphrase,
+ size_t *r_passphrase_size);
+
+/* crypt_keyslot_context */
+struct crypt_keyslot_context {
+ int type;
+
+ union {
+ struct {
+ const char *passphrase;
+ size_t passphrase_size;
+ } p;
+ struct {
+ const char *keyfile;
+ uint64_t keyfile_offset;
+ size_t keyfile_size;
+ } kf;
+ struct {
+ int id;
+ const char *type;
+ const char *pin;
+ size_t pin_size;
+ void *usrptr;
+ } t;
+ struct {
+ const char *volume_key;
+ size_t volume_key_size;
+ } k;
+ } u;
+
+ int error;
+
+ char *i_passphrase;
+ size_t i_passphrase_size;
+
+ keyslot_context_get_key get_luks2_key;
+ keyslot_context_get_volume_key get_luks1_volume_key;
+ keyslot_context_get_volume_key get_luks2_volume_key;
+ keyslot_context_get_passphrase get_passphrase;
+};
+
+void crypt_keyslot_context_destroy_internal(struct crypt_keyslot_context *method);
+
+void crypt_keyslot_unlock_by_key_init_internal(struct crypt_keyslot_context *kc,
+ const char *volume_key,
+ size_t volume_key_size);
+
+void crypt_keyslot_unlock_by_passphrase_init_internal(struct crypt_keyslot_context *kc,
+ const char *passphrase,
+ size_t passphrase_size);
+
+void crypt_keyslot_unlock_by_keyfile_init_internal(struct crypt_keyslot_context *kc,
+ const char *keyfile,
+ size_t keyfile_size,
+ uint64_t keyfile_offset);
+
+void crypt_keyslot_unlock_by_token_init_internal(struct crypt_keyslot_context *kc,
+ int token,
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr);
+
+const char *keyslot_context_type_string(const struct crypt_keyslot_context *kc);
+
+#endif /* KEYSLOT_CONTEXT_H */
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
struct crypt_device; /* crypt device handle */
+struct crypt_keyslot_context;
/**
* Initialize crypt device handle and check if the provided device exists.
* other values mean accepted.
*
* @param cd crypt device handle
- * @param confirm user defined confirm callback reference
+ * @param confirm user defined confirm callback reference; use
+ * @p msg for message for user to confirm and
+ * @p usrptr for identification in callback
* @param usrptr provided identification in callback
- * @param msg Message for user to confirm
*
* @note Current version of cryptsetup API requires confirmation for UUID change and
* LUKS header restore only.
* Set log function.
*
* @param cd crypt device handle (can be @e NULL to set default log function)
- * @param log user defined log function reference
+ * @param log user defined log function reference; use
+ * @p level for log level,
+ * @p msg for message, and
+ * @p usrptr for identification in callback
* @param usrptr provided identification in callback
- * @param level log level below (debug messages can uses other levels)
- * @param msg log message
*/
void crypt_set_log_callback(struct crypt_device *cd,
void (*log)(int level, const char *msg, void *usrptr),
* @param msg log message
*/
void crypt_log(struct crypt_device *cd, int level, const char *msg);
+
+/**
+ * Log function with variable arguments.
+ *
+ * @param cd crypt device handle
+ * @param level log level
+ * @param format formatted log message
+ */
+void crypt_logf(struct crypt_device *cd, int level, const char *format, ...);
/** @} */
/**
};
/** Iteration time set by crypt_set_iteration_time(), for compatibility only. */
-#define CRYPT_PBKDF_ITER_TIME_SET (1 << 0)
+#define CRYPT_PBKDF_ITER_TIME_SET (UINT32_C(1) << 0)
/** Never run benchmarks, use pre-set value or defaults. */
-#define CRYPT_PBKDF_NO_BENCHMARK (1 << 1)
+#define CRYPT_PBKDF_NO_BENCHMARK (UINT32_C(1) << 1)
/** PBKDF2 according to RFC2898, LUKS1 legacy */
#define CRYPT_KDF_PBKDF2 "pbkdf2"
/**
* Helper to lock/unlock memory to avoid swap sensitive data to disk.
+ * \b Deprecated, only for backward compatibility. Memory with keys are locked automatically.
*
* @param cd crypt device handle, can be @e NULL
* @param lock 0 to unlock otherwise lock memory
* @note Only root can do this.
* @note It locks/unlocks all process memory, not only crypt context.
*/
-int crypt_memory_lock(struct crypt_device *cd, int lock);
+int crypt_memory_lock(struct crypt_device *cd, int lock) __attribute__((deprecated));
/**
* Set global lock protection for on-disk metadata (file-based locking).
#define CRYPT_INTEGRITY "INTEGRITY"
/** BITLK (BitLocker-compatible mode) */
#define CRYPT_BITLK "BITLK"
+/** FVAULT2 (FileVault2-compatible mode) */
+#define CRYPT_FVAULT2 "FVAULT2"
/** LUKS any version */
#define CRYPT_LUKS NULL
};
/** No on-disk header (only hashes) */
-#define CRYPT_VERITY_NO_HEADER (1 << 0)
+#define CRYPT_VERITY_NO_HEADER (UINT32_C(1) << 0)
/** Verity hash in userspace before activation */
-#define CRYPT_VERITY_CHECK_HASH (1 << 1)
+#define CRYPT_VERITY_CHECK_HASH (UINT32_C(1) << 1)
/** Create hash - format hash device */
-#define CRYPT_VERITY_CREATE_HASH (1 << 2)
+#define CRYPT_VERITY_CREATE_HASH (UINT32_C(1) << 2)
/** Root hash signature required for activation */
-#define CRYPT_VERITY_ROOT_HASH_SIGNATURE (1 << 3)
+#define CRYPT_VERITY_ROOT_HASH_SIGNATURE (UINT32_C(1) << 3)
/**
*
};
/** Include legacy modes when scanning for header */
-#define CRYPT_TCRYPT_LEGACY_MODES (1 << 0)
+#define CRYPT_TCRYPT_LEGACY_MODES (UINT32_C(1) << 0)
/** Try to load hidden header (describing hidden device) */
-#define CRYPT_TCRYPT_HIDDEN_HEADER (1 << 1)
+#define CRYPT_TCRYPT_HIDDEN_HEADER (UINT32_C(1) << 1)
/** Try to load backup header */
-#define CRYPT_TCRYPT_BACKUP_HEADER (1 << 2)
+#define CRYPT_TCRYPT_BACKUP_HEADER (UINT32_C(1) << 2)
/** Device contains encrypted system (with boot loader) */
-#define CRYPT_TCRYPT_SYSTEM_HEADER (1 << 3)
+#define CRYPT_TCRYPT_SYSTEM_HEADER (UINT32_C(1) << 3)
/** Include VeraCrypt modes when scanning for header,
* all other TCRYPT flags applies as well.
* VeraCrypt device is reported as TCRYPT type.
*/
-#define CRYPT_TCRYPT_VERA_MODES (1 << 4)
+#define CRYPT_TCRYPT_VERA_MODES (UINT32_C(1) << 4)
/**
*
const struct crypt_params_integrity *integrity_params; /**< Data integrity parameters or @e NULL*/
size_t data_alignment; /**< data area alignment in 512B sectors, data offset is multiple of this */
const char *data_device; /**< detached encrypted data device or @e NULL */
- uint32_t sector_size; /**< encryption sector size */
+ uint32_t sector_size; /**< encryption sector size, 0 triggers auto-detection for optimal encryption sector size */
const char *label; /**< header label or @e NULL*/
const char *subsystem; /**< header subsystem label or @e NULL*/
};
uint32_t crypt_get_compatibility(struct crypt_device *cd);
/** dm-integrity device uses less effective (legacy) padding (old kernels) */
-#define CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (1 << 0)
+#define CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (UINT32_C(1) << 0)
/** dm-integrity device does not protect superblock with HMAC (old kernels) */
-#define CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC (1 << 1)
+#define CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC (UINT32_C(1) << 1)
/** dm-integrity allow recalculating of volumes with HMAC keys (old kernels) */
-#define CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC (1 << 2)
+#define CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC (UINT32_C(1) << 2)
/**
* Convert to new type for already existing device.
const char *subsystem);
/**
+ * Get the label of an existing device.
+ *
+ * @param cd crypt device handle
+ *
+ * @return label, or @e NULL otherwise
+ */
+const char *crypt_get_label(struct crypt_device *cd);
+
+/**
+ * Get the subsystem of an existing device.
+ *
+ * @param cd crypt device handle
+ *
+ * @return subsystem, or @e NULL otherwise
+ */
+const char *crypt_get_subsystem(struct crypt_device *cd);
+
+/**
* Enable or disable loading of volume keys via kernel keyring. When set to
* 'enabled' library loads key in kernel keyring first and pass the key
* description to dm-crypt instead of binary key copy. If set to 'disabled'
* @post In case LUKS header is read successfully but payload device is too small
* error is returned and device type in context is set to @e NULL
*
- * @note Note that in current version load works only for LUKS and VERITY device type.
+ * @note Note that load works only for device types with on-disk metadata.
+ * @note Function does not print visible error message if metadata is not present.
*
*/
int crypt_load(struct crypt_device *cd,
const char *name,
const char *volume_key,
size_t volume_key_size);
+/**
+ * Resume crypt device using LUKS2 token.
+ *
+ * @param cd LUKS2 crypt device handle
+ * @param name name of device to resume
+ * @param type restrict type of token, if @e NULL all types are allowed
+ * @param pin passphrase (or PIN) to unlock token (may be binary data)
+ * @param pin_size size of @e pin
+ * @param usrptr provided identification in callback
+ *
+ * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note EPERM errno means token provided passphrase successfully, but
+ * passphrase did not unlock any keyslot associated with the token.
+ *
+ * @note ENOENT errno means no token (or subsequently assigned keyslot) was
+ * eligible to resume LUKS2 device.
+ *
+ * @note ENOANO errno means that token is PIN protected and was either missing
+ * (NULL) or wrong.
+ *
+ * @note Negative EAGAIN errno means token handler requires additional hardware
+ * not present in the system to unlock keyslot.
+ *
+ * @note with @param token set to CRYPT_ANY_TOKEN libcryptsetup runs best effort loop
+ * to resume device using any available token. It may happen that various token handlers
+ * return different error codes. At the end loop returns error codes in the following
+ * order (from the most significant to the least) any negative errno except those
+ * listed below, non negative token id (success), -ENOANO, -EAGAIN, -EPERM, -ENOENT.
+ */
+int crypt_resume_by_token_pin(struct crypt_device *cd,
+ const char *name,
+ const char *type,
+ int token,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr);
/** @} */
/**
size_t passphrase_size);
/** create keyslot with volume key not associated with current dm-crypt segment */
-#define CRYPT_VOLUME_KEY_NO_SEGMENT (1 << 0)
+#define CRYPT_VOLUME_KEY_NO_SEGMENT (UINT32_C(1) << 0)
/** create keyslot with new volume key and assign it to current dm-crypt segment */
-#define CRYPT_VOLUME_KEY_SET (1 << 1)
+#define CRYPT_VOLUME_KEY_SET (UINT32_C(1) << 1)
/** Assign key to first matching digest before creating new digest */
-#define CRYPT_VOLUME_KEY_DIGEST_REUSE (1 << 2)
+#define CRYPT_VOLUME_KEY_DIGEST_REUSE (UINT32_C(1) << 2)
/**
* Add key slot using provided key.
uint32_t flags);
/**
+ * @defgroup crypt-keyslot-context Crypt keyslot context
+ * @addtogroup crypt-keyslot-context
+ * @{
+ */
+
+/**
+ * Release crypt keyslot context and used memory.
+ *
+ * @param kc crypt keyslot context
+ */
+void crypt_keyslot_context_free(struct crypt_keyslot_context *kc);
+
+/**
+ * Initialize keyslot context via passphrase.
+ *
+ * @param cd crypt device handle initialized to LUKS device context
+ * @param passphrase passphrase for a keyslot
+ * @param passphrase_size size of passphrase
+ * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_PASSPHRASE
+ *
+ * @return zero on success or negative errno otherwise.
+ */
+int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd,
+ const char *passphrase,
+ size_t passphrase_size,
+ struct crypt_keyslot_context **kc);
+
+/**
+ * Initialize keyslot context via key file path.
+ *
+ * @param cd crypt device handle initialized to LUKS device context
+ *
+ * @param keyfile key file with passphrase for a keyslot
+ * @param keyfile_size number of bytes to read from keyfile, @e 0 is unlimited
+ * @param keyfile_offset number of bytes to skip at start of keyfile
+ * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEYFILE
+ *
+ * @return zero on success or negative errno otherwise.
+ */
+int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd,
+ const char *keyfile,
+ size_t keyfile_size,
+ uint64_t keyfile_offset,
+ struct crypt_keyslot_context **kc);
+
+/**
+ * Initialize keyslot context via LUKS2 token.
+ *
+ * @param cd crypt device handle initialized to LUKS2 device context
+ *
+ * @param token token providing passphrase for a keyslot or CRYPT_ANY_TOKEN
+ * @param type restrict type of token, if @e NULL all types are allowed
+ * @param pin passphrase (or PIN) to unlock token (may be binary data)
+ * @param pin_size size of @e pin
+ * @param usrptr provided identification in callback
+ * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_TOKEN
+ *
+ * @return zero on success or negative errno otherwise.
+ */
+int crypt_keyslot_context_init_by_token(struct crypt_device *cd,
+ int token,
+ const char *type,
+ const char *pin, size_t pin_size,
+ void *usrptr,
+ struct crypt_keyslot_context **kc);
+
+/**
+ * Initialize keyslot context via key.
+ *
+ * @param cd crypt device handle initialized to LUKS device context
+ *
+ * @param volume_key provided volume key or @e NULL if used after crypt_format
+ * or with CRYPT_VOLUME_KEY_NO_SEGMENT flag
+ * @param volume_key_size size of volume_key
+ * @param kc returns crypt keyslot context handle type CRYPT_KC_TYPE_KEY
+ *
+ * @return zero on success or negative errno otherwise.
+ */
+int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd,
+ const char *volume_key,
+ size_t volume_key_size,
+ struct crypt_keyslot_context **kc);
+
+/**
+ * Get error code per keyslot context from last failed call.
+ *
+ * @note If @link crypt_keyslot_add_by_keyslot_context @endlink passed with
+ * no negative return code. The return value of this function is undefined.
+ *
+ * @param kc keyslot context involved in failed @link crypt_keyslot_add_by_keyslot_context @endlink
+ *
+ * @return Negative errno if keyslot context caused a failure, zero otherwise.
+ */
+int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc);
+
+/**
+ * Set new pin to token based keyslot context.
+ *
+ * @note Use when @link crypt_keyslot_add_by_keyslot_context @endlink failed
+ * and token keyslot context returned -ENOANO error code via
+ * @link crypt_keyslot_context_get_error @endlink.
+ *
+ * @param cd crypt device handle initialized to LUKS2 device context
+ * @param pin passphrase (or PIN) to unlock token (may be binary data)
+ * @param pin_size size of @e pin
+ * @param kc LUKS2 keyslot context (only @link CRYPT_KC_TYPE_TOKEN @endlink is allowed)
+ *
+ * @return zero on success or negative errno otherwise
+ */
+int crypt_keyslot_context_set_pin(struct crypt_device *cd,
+ const char *pin, size_t pin_size,
+ struct crypt_keyslot_context *kc);
+
+/**
+ * @defgroup crypt-keyslot-context-types Crypt keyslot context
+ * @addtogroup crypt-keyslot-context-types
+ * @{
+ */
+/** keyslot context initialized by passphrase (@link crypt_keyslot_context_init_by_passphrase @endlink) */
+#define CRYPT_KC_TYPE_PASSPHRASE INT16_C(1)
+/** keyslot context initialized by keyfile (@link crypt_keyslot_context_init_by_keyfile @endlink) */
+#define CRYPT_KC_TYPE_KEYFILE INT16_C(2)
+/** keyslot context initialized by token (@link crypt_keyslot_context_init_by_token @endlink) */
+#define CRYPT_KC_TYPE_TOKEN INT16_C(3)
+/** keyslot context initialized by volume key or unbound key (@link crypt_keyslot_context_init_by_volume_key @endlink) */
+#define CRYPT_KC_TYPE_KEY INT16_C(4)
+/** @} */
+
+/**
+ * Get type identifier for crypt keyslot context.
+ *
+ * @param kc keyslot context
+ *
+ * @return crypt keyslot context type id (see @link crypt-keyslot-context-types @endlink) or negative errno otherwise.
+ */
+int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc);
+/** @} */
+
+/**
+ * Add key slot by volume key provided by keyslot context (kc). New
+ * keyslot will be protected by passphrase provided by new keyslot context (new_kc).
+ * See @link crypt-keyslot-context @endlink for context initialization routines.
+ *
+ * @pre @e cd contains initialized and formatted LUKS device context.
+ *
+ * @param cd crypt device handle
+ * @param keyslot_existing existing keyslot or CRYPT_ANY_SLOT to get volume key from.
+ * @param kc keyslot context providing volume key.
+ * @param keyslot_new new keyslot or CRYPT_ANY_SLOT (first free number is used).
+ * @param new_kc keyslot context providing passphrase for new keyslot.
+ * @param flags key flags to set
+ *
+ * @return allocated key slot number or negative errno otherwise.
+ *
+ * @note new_kc can not be @e CRYPT_KC_TYPE_KEY type keyslot context.
+ *
+ * @note For kc parameter with type @e CRYPT_KC_TYPE_KEY the keyslot_existing
+ * parameter is ignored.
+ *
+ * @note in case there is no active LUKS keyslot to get existing volume key from, one of following must apply:
+ * @li @e cd must be device handle used in crypt_format() by current process (it holds reference to generated volume key)
+ * @li kc must be of @e CRYPT_KC_TYPE_KEY type with valid volume key.
+ *
+ * @note With CRYPT_VOLUME_KEY_NO_SEGMENT flag raised and kc of type @e CRYPT_KC_TYPE_KEY with @e volume_key set to @e NULL
+ * the new volume_key will be generated and stored in new keyslot. The keyslot will become unbound (unusable to
+ * dm-crypt device activation).
+ *
+ * @warning CRYPT_VOLUME_KEY_SET flag force updates volume key. It is @b not @b reencryption!
+ * By doing so you will most probably destroy your ciphertext data device. It's supposed
+ * to be used only in wrapped keys scheme for key refresh process where real (inner) volume
+ * key stays untouched. It may be involed on active @e keyslot which makes the (previously
+ * unbound) keyslot new regular keyslot.
+ */
+int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd,
+ int keyslot_existing,
+ struct crypt_keyslot_context *kc,
+ int keyslot_new,
+ struct crypt_keyslot_context *new_kc,
+ uint32_t flags);
+
+/**
* Destroy (and disable) key slot.
*
* @pre @e cd contains initialized and formatted LUKS device context
*/
/** device is read only */
-#define CRYPT_ACTIVATE_READONLY (1 << 0)
+#define CRYPT_ACTIVATE_READONLY (UINT32_C(1) << 0)
/** only reported for device without uuid */
-#define CRYPT_ACTIVATE_NO_UUID (1 << 1)
+#define CRYPT_ACTIVATE_NO_UUID (UINT32_C(1) << 1)
/** activate even if cannot grant exclusive access (DANGEROUS) */
-#define CRYPT_ACTIVATE_SHARED (1 << 2)
+#define CRYPT_ACTIVATE_SHARED (UINT32_C(1) << 2)
/** enable discards aka TRIM */
-#define CRYPT_ACTIVATE_ALLOW_DISCARDS (1 << 3)
+#define CRYPT_ACTIVATE_ALLOW_DISCARDS (UINT32_C(1) << 3)
/** skip global udev rules in activation ("private device"), input only */
-#define CRYPT_ACTIVATE_PRIVATE (1 << 4)
+#define CRYPT_ACTIVATE_PRIVATE (UINT32_C(1) << 4)
/** corruption detected (verity), output only */
-#define CRYPT_ACTIVATE_CORRUPTED (1 << 5)
+#define CRYPT_ACTIVATE_CORRUPTED (UINT32_C(1) << 5)
/** use same_cpu_crypt option for dm-crypt */
-#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
+#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (UINT32_C(1) << 6)
/** use submit_from_crypt_cpus for dm-crypt */
-#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
+#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (UINT32_C(1) << 7)
/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
-#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8)
+#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (UINT32_C(1) << 8)
/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
-#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
+#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (UINT32_C(1) << 9)
/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
-#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
+#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (UINT32_C(1) << 10)
/** key loaded in kernel keyring instead directly in dm-crypt */
-#define CRYPT_ACTIVATE_KEYRING_KEY (1 << 11)
+#define CRYPT_ACTIVATE_KEYRING_KEY (UINT32_C(1) << 11)
/** dm-integrity: direct writes, do not use journal */
-#define CRYPT_ACTIVATE_NO_JOURNAL (1 << 12)
+#define CRYPT_ACTIVATE_NO_JOURNAL (UINT32_C(1) << 12)
/** dm-integrity: recovery mode - no journal, no integrity checks */
-#define CRYPT_ACTIVATE_RECOVERY (1 << 13)
+#define CRYPT_ACTIVATE_RECOVERY (UINT32_C(1) << 13)
/** ignore persistently stored flags */
-#define CRYPT_ACTIVATE_IGNORE_PERSISTENT (1 << 14)
+#define CRYPT_ACTIVATE_IGNORE_PERSISTENT (UINT32_C(1) << 14)
/** dm-verity: check_at_most_once - check data blocks only the first time */
-#define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (1 << 15)
+#define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (UINT32_C(1) << 15)
/** allow activation check including unbound keyslots (keyslots without segments) */
-#define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (1 << 16)
+#define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (UINT32_C(1) << 16)
/** dm-integrity: activate automatic recalculation */
-#define CRYPT_ACTIVATE_RECALCULATE (1 << 17)
+#define CRYPT_ACTIVATE_RECALCULATE (UINT32_C(1) << 17)
/** reactivate existing and update flags, input only */
-#define CRYPT_ACTIVATE_REFRESH (1 << 18)
+#define CRYPT_ACTIVATE_REFRESH (UINT32_C(1) << 18)
/** Use global lock to serialize memory hard KDF on activation (OOM workaround) */
-#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19)
+#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (UINT32_C(1) << 19)
/** dm-integrity: direct writes, use bitmap to track dirty sectors */
-#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20)
+#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (UINT32_C(1) << 20)
/** device is suspended (key should be wiped from memory), output only */
-#define CRYPT_ACTIVATE_SUSPENDED (1 << 21)
+#define CRYPT_ACTIVATE_SUSPENDED (UINT32_C(1) << 21)
/** use IV sector counted in sector_size instead of default 512 bytes sectors */
-#define CRYPT_ACTIVATE_IV_LARGE_SECTORS (1 << 22)
+#define CRYPT_ACTIVATE_IV_LARGE_SECTORS (UINT32_C(1) << 22)
/** dm-verity: panic_on_corruption flag - panic kernel on corruption */
-#define CRYPT_ACTIVATE_PANIC_ON_CORRUPTION (1 << 23)
+#define CRYPT_ACTIVATE_PANIC_ON_CORRUPTION (UINT32_C(1) << 23)
/** dm-crypt: bypass internal workqueue and process read requests synchronously. */
-#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24)
+#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (UINT32_C(1) << 24)
/** dm-crypt: bypass internal workqueue and process write requests synchronously. */
-#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25)
+#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (UINT32_C(1) << 25)
+/** dm-integrity: reset automatic recalculation */
+#define CRYPT_ACTIVATE_RECALCULATE_RESET (UINT32_C(1) << 26)
+/** dm-verity: try to use tasklets */
+#define CRYPT_ACTIVATE_TASKLETS (UINT32_C(1) << 27)
/**
* Active device runtime attributes
* LUKS2 header requirements
*/
/** Unfinished offline reencryption */
-#define CRYPT_REQUIREMENT_OFFLINE_REENCRYPT (1 << 0)
+#define CRYPT_REQUIREMENT_OFFLINE_REENCRYPT (UINT32_C(1) << 0)
/** Online reencryption in-progress */
-#define CRYPT_REQUIREMENT_ONLINE_REENCRYPT (1 << 1)
+#define CRYPT_REQUIREMENT_ONLINE_REENCRYPT (UINT32_C(1) << 1)
/** unknown requirement in header (output only) */
-#define CRYPT_REQUIREMENT_UNKNOWN (1 << 31)
+#define CRYPT_REQUIREMENT_UNKNOWN (UINT32_C(1) << 31)
/**
* Persistent flags type
* @note For VERITY the volume key means root hash required for activation.
* Because kernel dm-verity is always read only, you have to provide
* CRYPT_ACTIVATE_READONLY flag always.
- * @note For TCRYPT the volume key should be always NULL and because master
- * key from decrypted header is used instead.
+ * @note For TCRYPT the volume key should be always NULL
+ * the key from decrypted header is used instead.
*/
int crypt_activate_by_volume_key(struct crypt_device *cd,
const char *name,
uint32_t flags);
/** lazy deactivation - remove once last user releases it */
-#define CRYPT_DEACTIVATE_DEFERRED (1 << 0)
+#define CRYPT_DEACTIVATE_DEFERRED (UINT32_C(1) << 0)
/** force deactivation - if the device is busy, it is replaced by error device */
-#define CRYPT_DEACTIVATE_FORCE (1 << 1)
+#define CRYPT_DEACTIVATE_FORCE (UINT32_C(1) << 1)
+/** if set, remove lazy deactivation */
+#define CRYPT_DEACTIVATE_DEFERRED_CANCEL (UINT32_C(1) << 2)
/**
* Deactivate crypt device. This function tries to remove active device-mapper
* @note For TCRYPT cipher chain is the volume key concatenated
* for all ciphers in chain.
* @note For VERITY the volume key means root hash used for activation.
+ * @note For LUKS devices, if passphrase is @e NULL and volume key is cached in
+ * device context it returns the volume key generated in preceding
+ * @link crypt_format @endlink call.
*/
int crypt_volume_key_get(struct crypt_device *cd,
int keyslot,
size_t passphrase_size);
/**
+ * Get volume key from crypt device by keyslot context.
+ *
+ * @param cd crypt device handle
+ * @param keyslot use this keyslot or @e CRYPT_ANY_SLOT
+ * @param volume_key buffer for volume key
+ * @param volume_key_size on input, size of buffer @e volume_key,
+ * on output size of @e volume_key
+ * @param kc keyslot context used to unlock volume key
+ *
+ * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note See @link crypt-keyslot-context-types @endlink for info on keyslot
+ * context initialization.
+ * @note For TCRYPT cipher chain is the volume key concatenated
+ * for all ciphers in chain (kc may be NULL).
+ * @note For VERITY the volume key means root hash used for activation
+ * (kc may be NULL).
+ * @note For LUKS devices, if kc is @e NULL and volume key is cached in
+ * device context it returns the volume key generated in preceding
+ * @link crypt_format @endlink call.
+ * @note @link CRYPT_KC_TYPE_TOKEN @endlink keyslot context is usable only with LUKS2 devices.
+ * @note @link CRYPT_KC_TYPE_KEY @endlink keyslot context can not be used.
+ * @note To get LUKS2 unbound key, keyslot parameter must not be @e CRYPT_ANY_SLOT.
+ * @note EPERM errno means provided keyslot context could not unlock any (or selected)
+ * keyslot.
+ * @note ENOENT errno means no LUKS keyslot is available to retrieve volume key from
+ * and there's no cached volume key in device handle.
+ */
+int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd,
+ int keyslot,
+ char *volume_key,
+ size_t *volume_key_size,
+ struct crypt_keyslot_context *kc);
+
+/**
* Verify that provided volume key is valid for crypt device.
*
* @param cd crypt device handle
* @param volume_key_size size of @e volume_key
*
* @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note Negative EPERM return value means that passed volume_key
+ * did not pass digest verification routine (not a valid volume
+ * key).
*/
int crypt_volume_key_verify(struct crypt_device *cd,
const char *volume_key,
int crypt_dump(struct crypt_device *cd);
/**
+ * Dump JSON-formatted information about LUKS2 device
+ *
+ * @param cd crypt device handle (only LUKS2 format supported)
+ * @param json buffer with JSON, if NULL use log callback for output
+ * @param flags dump flags (reserved)
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_dump_json(struct crypt_device *cd, const char **json, uint32_t flags);
+
+/**
* Get cipher used in device.
*
* @param cd crypt device handle
int crypt_get_sector_size(struct crypt_device *cd);
/**
+ * Check if initialized LUKS context uses detached header
+ * (LUKS header located on a different device than data.)
+ *
+ * @param cd crypt device handle
+ *
+ * @return @e 1 if detached header is used, @e 0 if not
+ * or negative errno value otherwise.
+ *
+ * @note This is a runtime attribute, it does not say
+ * if a LUKS device requires detached header.
+ * This function works only with LUKS devices.
+ */
+int crypt_header_is_detached(struct crypt_device *cd);
+
+/**
* Get device parameters for VERITY device.
*
* @param cd crypt device handle
uint32_t flags);
/** Read key only to the first end of line (\\n). */
-#define CRYPT_KEYFILE_STOP_EOL (1 << 0)
+#define CRYPT_KEYFILE_STOP_EOL (UINT32_C(1) << 0)
/** @} */
/**
typedef enum {
CRYPT_WIPE_ZERO, /**< Fill with zeroes */
CRYPT_WIPE_RANDOM, /**< Use RNG to fill data */
- CRYPT_WIPE_ENCRYPTED_ZERO, /**< Add encryption and fill with zeroes as plaintext */
+ CRYPT_WIPE_ENCRYPTED_ZERO, /**< Obsolete, same as CRYPT_WIPE_RANDOM */
CRYPT_WIPE_SPECIAL, /**< Compatibility only, do not use (Gutmann method) */
} crypt_wipe_pattern;
);
/** Use direct-io */
-#define CRYPT_WIPE_NO_DIRECT_IO (1 << 0)
+#define CRYPT_WIPE_NO_DIRECT_IO (UINT32_C(1) << 0)
/** @} */
/**
* @{
*/
+/**
+ * Get number of tokens supported for device type.
+ *
+ * @param type crypt device type
+ *
+ * @return token count or negative errno otherwise if device
+ * doesn't not support tokens.
+ *
+ * @note Real number of supported tokens for a particular device depends
+ * on usable metadata area size.
+ */
+int crypt_token_max(const char *type);
+
/** Iterate through all tokens */
#define CRYPT_ANY_TOKEN -1
* @param buffer returned allocated buffer with password
* @param buffer_len length of the buffer
* @param usrptr user data in @link crypt_activate_by_token @endlink
+ *
+ * @return 0 on success (token passed LUKS2 keyslot passphrase in buffer) or
+ * negative errno otherwise.
+ *
+ * @note Negative ENOANO errno means that token is PIN protected and caller should
+ * use @link crypt_activate_by_token_pin @endlink with PIN provided.
+ *
+ * @note Negative EAGAIN errno means token handler requires additional hardware
+ * not present in the system.
*/
typedef int (*crypt_token_open_func) (
struct crypt_device *cd,
void *usrptr);
/**
+ * Token handler open with passphrase/PIN function prototype.
+ * This function retrieves password from a token and return allocated buffer
+ * containing this password. This buffer has to be deallocated by calling
+ * free() function and content should be wiped before deallocation.
+ *
+ * @param cd crypt device handle
+ * @param token token id
+ * @param pin passphrase (or PIN) to unlock token (may be binary data)
+ * @param pin_size size of @e pin
+ * @param buffer returned allocated buffer with password
+ * @param buffer_len length of the buffer
+ * @param usrptr user data in @link crypt_activate_by_token @endlink
+ *
+ * @return 0 on success (token passed LUKS2 keyslot passphrase in buffer) or
+ * negative errno otherwise.
+ *
+ * @note Negative ENOANO errno means that token is PIN protected and PIN was
+ * missing or wrong.
+ *
+ * @note Negative EAGAIN errno means token handler requires additional hardware
+ * not present in the system.
+ */
+typedef int (*crypt_token_open_pin_func) (
+ struct crypt_device *cd,
+ int token,
+ const char *pin,
+ size_t pin_size,
+ char **buffer,
+ size_t *buffer_len,
+ void *usrptr);
+
+/**
* Token handler buffer free function prototype.
* This function is used by library to free the buffer with keyslot
* passphrase when it's no longer needed. If not defined the library
typedef void (*crypt_token_dump_func) (struct crypt_device *cd, const char *json);
/**
+ * Token handler version function prototype.
+ * This function is supposed to return pointer to version string information.
+ *
+ * @note The returned string is advised to contain only version.
+ * For example '1.0.0' or 'v1.2.3.4'.
+ *
+ */
+typedef const char * (*crypt_token_version_func) (void);
+
+/**
* Token handler
*/
typedef struct {
int crypt_token_register(const crypt_token_handler *handler);
/**
+ * Report configured path where library searches for external token handlers
+ *
+ * @return @e absolute path when external tokens are enabled or @e NULL otherwise.
+ */
+const char *crypt_token_external_path(void);
+
+/**
+ * Disable external token handlers (plugins) support
+ * If disabled, it cannot be enabled again.
+ */
+void crypt_token_external_disable(void);
+
+/** ABI version for external token in libcryptsetup-token-[name].so */
+#define CRYPT_TOKEN_ABI_VERSION1 "CRYPTSETUP_TOKEN_1.0"
+
+/** open by token - ABI exported symbol for external token (mandatory) */
+#define CRYPT_TOKEN_ABI_OPEN "cryptsetup_token_open"
+/** open by token with PIN - ABI exported symbol for external token */
+#define CRYPT_TOKEN_ABI_OPEN_PIN "cryptsetup_token_open_pin"
+/** deallocate callback - ABI exported symbol for external token */
+#define CRYPT_TOKEN_ABI_BUFFER_FREE "cryptsetup_token_buffer_free"
+/** validate token metadata - ABI exported symbol for external token */
+#define CRYPT_TOKEN_ABI_VALIDATE "cryptsetup_token_validate"
+/** dump token metadata - ABI exported symbol for external token */
+#define CRYPT_TOKEN_ABI_DUMP "cryptsetup_token_dump"
+/** token version - ABI exported symbol for external token */
+#define CRYPT_TOKEN_ABI_VERSION "cryptsetup_token_version"
+
+/**
* Activate device or check key using a token.
*
* @param cd crypt device handle
* @param flags activation flags
*
* @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note EPERM errno means token provided passphrase successfully, but
+ * passphrase did not unlock any keyslot associated with the token.
+ *
+ * @note ENOENT errno means no token (or subsequently assigned keyslot) was
+ * eligible to unlock device.
+ *
+ * @note ENOANO errno means that token is PIN protected and you should call
+ * @link crypt_activate_by_token_pin @endlink with PIN
+ *
+ * @note Negative EAGAIN errno means token handler requires additional hardware
+ * not present in the system.
+ *
+ * @note with @e token set to CRYPT_ANY_TOKEN libcryptsetup runs best effort loop
+ * to unlock device using any available token. It may happen that various token handlers
+ * return different error codes. At the end loop returns error codes in the following
+ * order (from the most significant to the least) any negative errno except those
+ * listed below, non negative token id (success), -ENOANO, -EAGAIN, -EPERM, -ENOENT.
*/
int crypt_activate_by_token(struct crypt_device *cd,
const char *name,
int token,
void *usrptr,
uint32_t flags);
+
+/**
+ * Activate device or check key using a token with PIN.
+ *
+ * @param cd crypt device handle
+ * @param name name of device to create, if @e NULL only check token
+ * @param type restrict type of token, if @e NULL all types are allowed
+ * @param token requested token to check or CRYPT_ANY_TOKEN to check all
+ * @param pin passphrase (or PIN) to unlock token (may be binary data)
+ * @param pin_size size of @e pin
+ * @param usrptr provided identification in callback
+ * @param flags activation flags
+ *
+ * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note EPERM errno means token provided passphrase successfully, but
+ * passphrase did not unlock any keyslot associated with the token.
+ *
+ * @note ENOENT errno means no token (or subsequently assigned keyslot) was
+ * eligible to unlock device.
+ *
+ * @note ENOANO errno means that token is PIN protected and was either missing
+ * (NULL) or wrong.
+ *
+ * @note Negative EAGAIN errno means token handler requires additional hardware
+ * not present in the system.
+ *
+ * @note with @e token set to CRYPT_ANY_TOKEN libcryptsetup runs best effort loop
+ * to unlock device using any available token. It may happen that various token handlers
+ * return different error codes. At the end loop returns error codes in the following
+ * order (from the most significant to the least) any negative errno except those
+ * listed below, non negative token id (success), -ENOANO, -EAGAIN, -EPERM, -ENOENT.
+ */
+int crypt_activate_by_token_pin(struct crypt_device *cd,
+ const char *name,
+ const char *type,
+ int token,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr,
+ uint32_t flags);
/** @} */
/**
*/
/** Initialize reencryption metadata but do not run reencryption yet. (in) */
-#define CRYPT_REENCRYPT_INITIALIZE_ONLY (1 << 0)
-/** Move the first segment, used only with data shift. (in/out) */
-#define CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT (1 << 1)
+#define CRYPT_REENCRYPT_INITIALIZE_ONLY (UINT32_C(1) << 0)
+/** Move the first segment, used only with datashift resilience mode
+ * and subvariants. (in/out) */
+#define CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT (UINT32_C(1) << 1)
/** Resume already initialized reencryption only. (in) */
-#define CRYPT_REENCRYPT_RESUME_ONLY (1 << 2)
+#define CRYPT_REENCRYPT_RESUME_ONLY (UINT32_C(1) << 2)
/** Run reencryption recovery only. (in) */
-#define CRYPT_REENCRYPT_RECOVERY (1 << 3)
+#define CRYPT_REENCRYPT_RECOVERY (UINT32_C(1) << 3)
/** Reencryption requires metadata protection. (in/out) */
-#define CRYPT_REENCRYPT_REPAIR_NEEDED (1 << 4)
+#define CRYPT_REENCRYPT_REPAIR_NEEDED (UINT32_C(1) << 4)
/**
* Reencryption direction
struct crypt_params_reencrypt {
crypt_reencrypt_mode_info mode; /**< Reencryption mode, immutable after first init. */
crypt_reencrypt_direction_info direction; /**< Reencryption direction, immutable after first init. */
- const char *resilience; /**< Resilience mode: "none", "checksum", "journal" or "shift" (only "shift" is immutable after init) */
+ const char *resilience; /**< Resilience mode: "none", "checksum", "journal", "datashift",
+ "datashift-checksum" or "datashift-journal".
+ "datashift" mode is immutable, "datashift-" subvariant can be only
+ changed to other "datashift-" subvariant */
const char *hash; /**< Used hash for "checksum" resilience type, ignored otherwise. */
- uint64_t data_shift; /**< Used in "shift" mode, must be non-zero, immutable after first init. */
- uint64_t max_hotzone_size; /**< Exact hotzone size for "none" mode. Maximum hotzone size for "checksum" and "journal" modes. */
+ uint64_t data_shift; /**< Used in "datashift" mode (and subvariants), must be non-zero,
+ immutable after first init. */
+ uint64_t max_hotzone_size; /**< Maximum hotzone size (may be lowered by library). For "datashift-" subvariants
+ it is used to set size of moved segment (decryption only). */
uint64_t device_size; /**< Reencrypt only initial part of the data device. */
const struct crypt_params_luks2 *luks2; /**< LUKS2 parameters for the final reencryption volume.*/
uint32_t flags; /**< Reencryption flags. */
const struct crypt_params_reencrypt *params);
/**
- * Run data reencryption.
+ * Legacy data reencryption function.
*
* @param cd crypt device handle
* @param progress is a callback function reporting device \b size,
* current \b offset of reencryption and provided \b usrptr identification
*
* @return @e 0 on success or negative errno value otherwise.
+ *
+ * @deprecated Use @link crypt_reencrypt_run @endlink instead.
*/
int crypt_reencrypt(struct crypt_device *cd,
- int (*progress)(uint64_t size, uint64_t offset, void *usrptr));
+ int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
+__attribute__((deprecated));
+
+/**
+ * Run data reencryption.
+ *
+ * @param cd crypt device handle
+ * @param progress is a callback function reporting device \b size,
+ * current \b offset of reencryption and provided \b usrptr identification
+ * @param usrptr progress specific data
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_reencrypt_run(struct crypt_device *cd,
+ int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+ void *usrptr);
/**
* Reencryption status info
Version: @LIBCRYPTSETUP_VERSION@
Cflags: -I${includedir}
Libs: -L${libdir} -lcryptsetup
+Requires.private: @PKGMODULES@
local:
*;
};
+
+CRYPTSETUP_2.4 {
+ global:
+ crypt_reencrypt_run;
+ crypt_token_max;
+ crypt_header_is_detached;
+ crypt_logf;
+ crypt_activate_by_token_pin;
+ crypt_dump_json;
+ crypt_format;
+ crypt_token_external_disable;
+ crypt_token_external_path;
+} CRYPTSETUP_2.0;
+
+CRYPTSETUP_2.5 {
+ global:
+ crypt_get_label;
+ crypt_get_subsystem;
+ crypt_resume_by_token_pin;
+} CRYPTSETUP_2.4;
+
+CRYPTSETUP_2.6 {
+ global:
+ crypt_keyslot_context_free;
+ crypt_keyslot_context_init_by_passphrase;
+ crypt_keyslot_context_init_by_keyfile;
+ crypt_keyslot_context_init_by_token;
+ crypt_keyslot_context_init_by_volume_key;
+ crypt_keyslot_context_get_error;
+ crypt_keyslot_context_set_pin;
+ crypt_keyslot_context_get_type;
+ crypt_keyslot_add_by_keyslot_context;
+ crypt_volume_key_get_by_keyslot_context;
+} CRYPTSETUP_2.5;
--- /dev/null
+/*
+ * Definitions of common constant and generic macros of libcryptsetup
+ *
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _LIBCRYPTSETUP_MACROS_H
+#define _LIBCRYPTSETUP_MACROS_H
+
+/* to silent gcc -Wcast-qual for const cast */
+#define CONST_CAST(x) (x)(uintptr_t)
+
+/* to silent clang -Wcast-align when working with byte arrays */
+#define VOIDP_CAST(x) (x)(void*)
+
+#define UNUSED(x) (void)(x)
+
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
+#endif
+
+#define BITFIELD_SIZE(BF_PTR) (sizeof(*(BF_PTR)) * 8)
+
+#define MOVE_REF(x, y) \
+ do { \
+ __typeof__(x) *_px = &(x), *_py = &(y); \
+ *_px = *_py; \
+ *_py = NULL; \
+ } while (0)
+
+#define FREE_AND_NULL(x) do { free(x); x = NULL; } while (0)
+
+#define AT_LEAST(a, b) ({ __typeof__(a) __at_least = (a); (__at_least >= (b))?__at_least:(b); })
+
+#define SHIFT_4K 12
+#define SECTOR_SHIFT 9
+#define SECTOR_SIZE (1 << SECTOR_SHIFT)
+#define MAX_SECTOR_SIZE 4096 /* min page size among all platforms */
+#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)
+
+#define MISALIGNED(a, b) ((a) & ((b) - 1))
+#define MISALIGNED_4K(a) MISALIGNED((a), 1 << SHIFT_4K)
+#define MISALIGNED_512(a) MISALIGNED((a), 1 << SECTOR_SHIFT)
+#define NOTPOW2(a) MISALIGNED((a), (a))
+
+#define DEFAULT_DISK_ALIGNMENT 1048576 /* 1MiB */
+#define DEFAULT_MEM_ALIGNMENT 4096
+
+#define DM_UUID_LEN 129
+#define DM_BY_ID_PREFIX "dm-uuid-"
+#define DM_BY_ID_PREFIX_LEN 8
+#define DM_UUID_PREFIX "CRYPT-"
+#define DM_UUID_PREFIX_LEN 6
+
+#endif /* _LIBCRYPTSETUP_MACROS_H */
--- /dev/null
+/*
+ * Helpers for defining versioned symbols
+ *
+ * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _LIBCRYPTSETUP_SYMVER_H
+#define _LIBCRYPTSETUP_SYMVER_H
+
+/*
+ * Note on usage:
+ *
+ * Do not use CRYPT_SYMBOL_EXPORT_NEW and CRYPT_SYMBOL_EXPORT_OLD on public
+ * symbols being exported only once. Linker will handle it automatically as
+ * always.
+ *
+ * It's supposed to be used only with symbols that are exported in at least
+ * two versions simultaneously as follows:
+ *
+ * - the latest version is marked with _NEW variant and all other compatible
+ * symbols should be marked with _OLD variant
+ *
+ * Examples:
+ *
+ * - int crypt_func_X(unsigned *x, long y) gets introduced in CRYPTSETUP_2.4.
+ *
+ * No need to use any macro referenced here, just add proper version
+ * mapping in libcryptsetup.sym file.
+ *
+ * In later version CRYPTSETUP_2.5 symbol crypt_func_X has to fixed
+ * in incompatible way by adding new function parameter. The new version
+ * has to be added in mapping file libcryptsetup.sym as well.
+ *
+ * The definition of compatible function gets prefixed with following macro:
+ *
+ * CRYPT_SYMBOL_EXPORT_OLD(int, crypt_func_X, 2, 4,
+ * unsigned *x, long y)
+ * {
+ * function body
+ * }
+ *
+ * Whereas new version introduced in CRYPTSETUP_2.5 is defined as follows:
+ *
+ * CRYPT_SYMBOL_EXPORT_NEW(int, crypt_func_X, 2, 5,
+ * unsigned *x, long y, void *new_parameter)
+ * {
+ * function body
+ * }
+ *
+ * If in later version CRYPTSETUP_2.6 yet another version of crypt_func_X gets
+ * introduced it will be prefixed with CRYPT_SYMBOL_EXPORT_NEW(int, crypt_func_X, 2, 6...)
+ * macro and all previous versions CRYPTSETUP_2.4 and CRYPTSETUP_2.5 will be
+ * under CRYPT_SYMBOL_EXPORT_OLD(int, crypt_func_X, ...) macro
+ */
+
+#if HAVE_ATTRIBUTE_SYMVER
+# define _CRYPT_SYMVER(_local_sym, _public_sym, _ver_str, _maj, _min) \
+ __attribute__((__symver__(#_public_sym _ver_str #_maj "." #_min)))
+#endif
+
+#if !defined(_CRYPT_SYMVER) && (defined(__GNUC__) || defined(__clang__))
+# define _CRYPT_SYMVER(_local_sym, _public_sym, _ver_str, _maj, _min) \
+ __asm__(".symver " #_local_sym "," #_public_sym _ver_str #_maj "." #_min);
+#endif
+
+#define _CRYPT_FUNC(_public_sym, _prefix_str, _maj, _min, _ret, ...) \
+ _ret __##_public_sym##_v##_maj##_##_min(__VA_ARGS__); \
+ _CRYPT_SYMVER(__##_public_sym##_v##_maj##_##_min, _public_sym, _prefix_str "CRYPTSETUP_", _maj, _min) \
+ _ret __##_public_sym##_v##_maj##_##_min(__VA_ARGS__)
+
+#ifdef _CRYPT_SYMVER
+
+# define CRYPT_SYMBOL_EXPORT_OLD(_ret, _public_sym, _maj, _min, ...) \
+ _CRYPT_FUNC(_public_sym, "@", _maj, _min, _ret, __VA_ARGS__)
+# define CRYPT_SYMBOL_EXPORT_NEW(_ret, _public_sym, _maj, _min, ...) \
+ _CRYPT_FUNC(_public_sym, "@@", _maj, _min, _ret, __VA_ARGS__)
+
+#else /* no support for symbol versioning at all */
+
+# define CRYPT_SYMBOL_EXPORT_OLD(_ret, _public_sym, _maj, _min, ...) \
+ static inline __attribute__((unused)) \
+ _ret __##_public_sym##_v##_maj##_##_min(__VA_ARGS__)
+
+# define CRYPT_SYMBOL_EXPORT_NEW(_ret, _public_sym, _maj, _min, ...) \
+ _ret _public_sym(__VA_ARGS__)
+
+#endif
+
+#endif /* _LIBCRYPTSETUP_SYMVER_H */
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdio.h>
#include <stdbool.h>
#include <ctype.h>
-#include <dirent.h>
#include <errno.h>
#include <libdevmapper.h>
-#include <linux/fs.h>
#include <uuid/uuid.h>
#include <sys/stat.h>
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* for major, minor */
#endif
-#include <assert.h>
#include "internal.h"
-#define DM_UUID_LEN 129
-#define DM_BY_ID_PREFIX "dm-uuid-"
-#define DM_BY_ID_PREFIX_LEN 8
-#define DM_UUID_PREFIX "CRYPT-"
-#define DM_UUID_PREFIX_LEN 6
#define DM_CRYPT_TARGET "crypt"
#define DM_VERITY_TARGET "verity"
#define DM_INTEGRITY_TARGET "integrity"
static bool _dm_crypt_checked = false;
static bool _dm_verity_checked = false;
static bool _dm_integrity_checked = false;
+static bool _dm_zero_checked = false;
static int _quiet_log = 0;
static uint32_t _dm_flags = 0;
if (_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch))
_dm_flags |= DM_VERITY_PANIC_CORRUPTION_SUPPORTED;
+ if (_dm_satisfies_version(1, 9, 0, verity_maj, verity_min, verity_patch))
+ _dm_flags |= DM_VERITY_TASKLETS_SUPPORTED;
+
_dm_verity_checked = true;
}
if (_dm_satisfies_version(1, 7, 0, integrity_maj, integrity_min, integrity_patch))
_dm_flags |= DM_INTEGRITY_FIX_HMAC_SUPPORTED;
+ if (_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
+ _dm_flags |= DM_INTEGRITY_RESET_RECALC_SUPPORTED;
+
_dm_integrity_checked = true;
}
+static void _dm_set_zero_compat(struct crypt_device *cd,
+ unsigned zero_maj,
+ unsigned zero_min,
+ unsigned zero_patch)
+{
+ if (_dm_zero_checked || zero_maj == 0)
+ return;
+
+ log_dbg(cd, "Detected dm-zero version %i.%i.%i.",
+ zero_maj, zero_min, zero_patch);
+
+ _dm_zero_checked = true;
+}
+
/* We use this for loading target module */
static void _dm_check_target(dm_target_type target_type)
{
return;
if (!(dmt = dm_task_create(DM_DEVICE_GET_TARGET_VERSION)))
- goto out;
+ return;
- if (!dm_task_set_name(dmt, target_name))
- goto out;
+ if (dm_task_set_name(dmt, target_name))
+ dm_task_run(dmt);
- if (!dm_task_run(dmt))
- goto out;
-out:
- if (dmt)
- dm_task_destroy(dmt);
+ dm_task_destroy(dmt);
#endif
}
unsigned dm_maj, dm_min, dm_patch;
int r = 0;
- if ((target_type == DM_CRYPT && _dm_crypt_checked) ||
+ if ((target_type == DM_CRYPT && _dm_crypt_checked) ||
(target_type == DM_VERITY && _dm_verity_checked) ||
(target_type == DM_INTEGRITY && _dm_integrity_checked) ||
- (target_type == DM_LINEAR) || (target_type == DM_ZERO) ||
- (_dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked))
+ (target_type == DM_ZERO && _dm_zero_checked) ||
+ (target_type == DM_LINEAR) ||
+ (_dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked && _dm_zero_checked))
return 1;
/* Shut up DM while checking */
_dm_check_target(target_type);
- /* FIXME: add support to DM so it forces crypt target module load here */
if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS)))
goto out;
_dm_set_integrity_compat(cd, (unsigned)target->version[0],
(unsigned)target->version[1],
(unsigned)target->version[2]);
+ } else if (!strcmp(DM_ZERO_TARGET, target->name)) {
+ _dm_set_zero_compat(cd, (unsigned)target->version[0],
+ (unsigned)target->version[1],
+ (unsigned)target->version[2]);
}
- target = (struct dm_versions *)((char *) target + target->next);
+ target = VOIDP_CAST(struct dm_versions *)((char *) target + target->next);
} while (last_target != target);
r = 1;
*flags = _dm_flags;
if (target == DM_UNKNOWN &&
- _dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked)
+ _dm_crypt_checked && _dm_verity_checked && _dm_integrity_checked && _dm_zero_checked)
return 0;
- if ((target == DM_CRYPT && _dm_crypt_checked) ||
+ if ((target == DM_CRYPT && _dm_crypt_checked) ||
(target == DM_VERITY && _dm_verity_checked) ||
(target == DM_INTEGRITY && _dm_integrity_checked) ||
- (target == DM_LINEAR) || (target == DM_ZERO)) /* nothing to check */
+ (target == DM_ZERO && _dm_zero_checked) ||
+ (target == DM_LINEAR)) /* nothing to check */
return 0;
return -ENODEV;
}
}
-/*
- * libdevmapper is not context friendly, switch context on every DM call.
- * FIXME: this is not safe if called in parallel but neither is DM lib.
- */
+/* libdevmapper is not context friendly, switch context on every DM call. */
static int dm_init_context(struct crypt_device *cd, dm_target_type target)
{
_context = cd;
return dm_device_path(NULL, major(st.st_rdev), minor(st.st_rdev));
}
-static void hex_key(char *hexkey, size_t key_size, const char *key)
-{
- unsigned i;
-
- for(i = 0; i < key_size; i++)
- sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
-}
-
static size_t int_log10(uint64_t x)
{
uint64_t r = 0;
return r;
}
-#define CLEN 64 /* 2*MAX_CIPHER_LEN */
-#define CLENS "63" /* for sscanf length + '\0' */
-#define CAPIL 144 /* should be enough to fit whole capi string */
-#define CAPIS "143" /* for sscanf of crypto API string + 16 + \0 */
-
-static int cipher_c2dm(const char *org_c, const char *org_i, unsigned tag_size,
+static int cipher_dm2c(const char *org_c, const char *org_i, unsigned tag_size,
char *c_dm, int c_dm_size,
char *i_dm, int i_dm_size)
{
int c_size = 0, i_size = 0, i;
- char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN];
- char capi[CAPIL];
+ char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN+1],
+ tmp[MAX_CAPI_ONE_LEN], capi[MAX_CAPI_LEN];
if (!c_dm || !c_dm_size || !i_dm || !i_dm_size)
return -EINVAL;
- i = sscanf(org_c, "%" CLENS "[^-]-%" CLENS "s", cipher, tmp);
+ i = sscanf(org_c, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", cipher, tmp);
if (i != 2)
return -EINVAL;
- i = sscanf(tmp, "%" CLENS "[^-]-%" CLENS "s", mode, iv);
+ i = sscanf(tmp, "%" MAX_CAPI_ONE_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", mode, iv);
if (i == 1) {
memset(iv, 0, sizeof(iv));
strncpy(iv, mode, sizeof(iv)-1);
return 0;
}
-static int cipher_dm2c(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
-{
- char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN];
- char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1];
- size_t len;
- int i;
-
- if (!c_dm)
- return -EINVAL;
-
- /* legacy mode */
- if (strncmp(c_dm, "capi:", 4)) {
- if (!(*org_c = strdup(c_dm)))
- return -ENOMEM;
- *org_i = NULL;
- return 0;
- }
-
- /* modes with capi: prefix */
- i = sscanf(c_dm, "capi:%" CAPIS "[^-]-%" CLENS "s", tmp, iv);
- if (i != 2)
- return -EINVAL;
-
- len = strlen(tmp);
- if (len < 2)
- return -EINVAL;
-
- if (tmp[len-1] == ')')
- tmp[len-1] = '\0';
-
- if (sscanf(tmp, "rfc4309(%" CAPIS "s", capi) == 1) {
- if (!(*org_i = strdup("aead")))
- return -ENOMEM;
- } else if (sscanf(tmp, "rfc7539(%" CAPIS "[^,],%" CLENS "s", capi, auth) == 2) {
- if (!(*org_i = strdup(auth)))
- return -ENOMEM;
- } else if (sscanf(tmp, "authenc(%" CLENS "[^,],%" CAPIS "s", auth, capi) == 2) {
- if (!(*org_i = strdup(auth)))
- return -ENOMEM;
- } else {
- if (i_dm) {
- if (!(*org_i = strdup(i_dm)))
- return -ENOMEM;
- } else
- *org_i = NULL;
- memset(capi, 0, sizeof(capi));
- strncpy(capi, tmp, sizeof(capi)-1);
- }
-
- i = sscanf(capi, "%" CLENS "[^(](%" CLENS "[^)])", mode, cipher);
- if (i == 2)
- i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
- else
- i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
- if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
- free(*org_i);
- *org_i = NULL;
- return -EINVAL;
- }
-
- if (!(*org_c = strdup(dmcrypt_tmp))) {
- free(*org_i);
- *org_i = NULL;
- return -ENOMEM;
- }
-
- return 0;
-}
-
static char *_uf(char *buf, size_t buf_size, const char *s, unsigned u)
{
size_t r = snprintf(buf, buf_size, " %s:%u", s, u);
if (!tgt)
return NULL;
- r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
+ r = cipher_dm2c(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
cipher_dm, sizeof(cipher_dm), integrity_dm, sizeof(integrity_dm));
if (r < 0)
return NULL;
null_cipher = 1;
if (null_cipher)
- hexkey = crypt_safe_alloc(2);
+ hexkey = crypt_bytes_to_hex(0, NULL);
else if (flags & CRYPT_ACTIVATE_KEYRING_KEY) {
keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10;
hexkey = crypt_safe_alloc(keystr_len);
- } else
- hexkey = crypt_safe_alloc(tgt->u.crypt.vk->keylength * 2 + 1);
-
- if (!hexkey)
- goto out;
-
- if (null_cipher)
- strncpy(hexkey, "-", 2);
- else if (flags & CRYPT_ACTIVATE_KEYRING_KEY) {
+ if (!hexkey)
+ goto out;
r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key_description);
if (r < 0 || r >= keystr_len)
goto out;
} else
- hex_key(hexkey, tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key);
+ hexkey = crypt_bytes_to_hex(tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key);
+
+ if (!hexkey)
+ goto out;
max_size = strlen(hexkey) + strlen(cipher_dm) +
strlen(device_block_path(tgt->data_device)) +
num_options++;
if (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE)
num_options++;
+ if (flags & CRYPT_ACTIVATE_TASKLETS)
+ num_options++;
max_fec_size = (tgt->u.verity.fec_device ? strlen(device_block_path(tgt->u.verity.fec_device)) : 0) + 256;
fec_features = crypt_safe_alloc(max_fec_size);
} else
*verity_verify_args = '\0';
- if (num_options) { /* MAX length int32 + 18 + 22 + 20 + 19 + 19 */
- r = snprintf(features, sizeof(features), " %d%s%s%s%s%s", num_options,
+ if (num_options) { /* MAX length int32 + 18 + 22 + 20 + 19 + 19 + 22 */
+ r = snprintf(features, sizeof(features), " %d%s%s%s%s%s%s", num_options,
(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
(flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? " panic_on_corruption" : "",
(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "",
- (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : "");
+ (flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? " check_at_most_once" : "",
+ (flags & CRYPT_ACTIVATE_TASKLETS) ? " try_verify_in_tasklet" : "");
if (r < 0 || (size_t)r >= sizeof(features))
goto out;
} else
*features = '\0';
- hexroot = crypt_safe_alloc(tgt->u.verity.root_hash_size * 2 + 1);
+ hexroot = crypt_bytes_to_hex(tgt->u.verity.root_hash_size, tgt->u.verity.root_hash);
if (!hexroot)
goto out;
- hex_key(hexroot, tgt->u.verity.root_hash_size, tgt->u.verity.root_hash);
- hexsalt = crypt_safe_alloc(vp->salt_size ? vp->salt_size * 2 + 1 : 2);
+ hexsalt = crypt_bytes_to_hex(vp->salt_size, vp->salt);
if (!hexsalt)
goto out;
- if (vp->salt_size)
- hex_key(hexsalt, vp->salt_size, vp->salt);
- else
- strncpy(hexsalt, "-", 2);
max_size = strlen(hexroot) + strlen(hexsalt) +
strlen(device_block_path(tgt->data_device)) +
num_options++;
if (tgt->u.integrity.vk) {
- hexkey = crypt_safe_alloc(tgt->u.integrity.vk->keylength * 2 + 1);
+ hexkey = crypt_bytes_to_hex(tgt->u.integrity.vk->keylength, tgt->u.integrity.vk->key);
if (!hexkey)
goto out;
- hex_key(hexkey, tgt->u.integrity.vk->keylength, tgt->u.integrity.vk->key);
} else
hexkey = NULL;
num_options++;
if (tgt->u.integrity.journal_integrity_key) {
- hexkey = crypt_safe_alloc(tgt->u.integrity.journal_integrity_key->keylength * 2 + 1);
+ hexkey = crypt_bytes_to_hex( tgt->u.integrity.journal_integrity_key->keylength,
+ tgt->u.integrity.journal_integrity_key->key);
if (!hexkey)
goto out;
- hex_key(hexkey, tgt->u.integrity.journal_integrity_key->keylength,
- tgt->u.integrity.journal_integrity_key->key);
} else
hexkey = NULL;
num_options++;
if (tgt->u.integrity.journal_crypt_key) {
- hexkey = crypt_safe_alloc(tgt->u.integrity.journal_crypt_key->keylength * 2 + 1);
+ hexkey = crypt_bytes_to_hex(tgt->u.integrity.journal_crypt_key->keylength,
+ tgt->u.integrity.journal_crypt_key->key);
if (!hexkey)
goto out;
- hex_key(hexkey, tgt->u.integrity.journal_crypt_key->keylength,
- tgt->u.integrity.journal_crypt_key->key);
} else
hexkey = NULL;
num_options++;
if (flags & CRYPT_ACTIVATE_RECALCULATE)
num_options++;
+ if (flags & CRYPT_ACTIVATE_RECALCULATE_RESET)
+ num_options++;
if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS)
num_options++;
- r = snprintf(features, max_size, "%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", num_options,
+ r = snprintf(features, max_size, "%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", num_options,
tgt->u.integrity.journal_size ? _uf(feature[0], sizeof(feature[0]), /* MAX length 17 + int32 */
"journal_sectors", (unsigned)(tgt->u.integrity.journal_size / SECTOR_SIZE)) : "",
tgt->u.integrity.journal_watermark ? _uf(feature[1], sizeof(feature[1]), /* MAX length 19 + int32 */
tgt->u.integrity.fix_hmac ? " fix_hmac" : "", /* MAX length 9 */
tgt->u.integrity.legacy_recalc ? " legacy_recalculate" : "", /* MAX length 19 */
flags & CRYPT_ACTIVATE_RECALCULATE ? " recalculate" : "", /* MAX length 12 */
+ flags & CRYPT_ACTIVATE_RECALCULATE_RESET ? " reset_recalculate" : "", /* MAX length 18 */
flags & CRYPT_ACTIVATE_ALLOW_DISCARDS ? " allow_discards" : "", /* MAX length 15 */
tgt->u.integrity.meta_device ? " meta_device:" : "", /* MAX length 13 + str_device */
tgt->u.integrity.meta_device ? device_block_path(tgt->u.integrity.meta_device) : "");
return params_out;
}
-static char *get_dm_linear_params(const struct dm_target *tgt, uint32_t flags)
+static char *get_dm_linear_params(const struct dm_target *tgt)
{
char *params;
int r;
return params;
}
-static char *get_dm_zero_params(const struct dm_target *tgt, uint32_t flags)
+static char *get_dm_zero_params(void)
{
char *params = crypt_safe_alloc(1);
if (!params)
return 0;
if (!dm_task_set_name(dmt, name))
- goto error;
+ goto out;
if (!dm_task_add_target(dmt, UINT64_C(0), size, "error", ""))
- goto error;
+ goto out;
if (!dm_task_set_ro(dmt))
- goto error;
+ goto out;
if (!dm_task_no_open_count(dmt))
- goto error;
+ goto out;
if (!dm_task_run(dmt))
- goto error;
+ goto out;
if (_dm_resume_device(name, 0)) {
_dm_simple(DM_DEVICE_CLEAR, name, 0);
- goto error;
+ goto out;
}
r = 1;
-
-error:
+out:
dm_task_destroy(dmt);
return r;
}
int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type)
{
- int r;
+ int r_udev, r;
char *c;
char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX;
/* cut of dm name */
*c = '\0';
+ /* Either udev or sysfs can report that device is active. */
r = lookup_by_disk_id(dev_uuid);
- if (r == -ENOENT) {
- log_dbg(cd, "Search by disk id not available. Using sysfs instead.");
- r = lookup_by_sysfs_uuid_field(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN);
- }
+ if (r > 0)
+ return r;
- return r;
+ r_udev = r;
+ r = lookup_by_sysfs_uuid_field(dev_uuid + DM_BY_ID_PREFIX_LEN);
+
+ return r == -ENOENT ? r_udev : r;
}
static int _add_dm_targets(struct dm_task *dmt, struct crypt_dm_active_device *dmd)
else if (tgt->type == DM_INTEGRITY)
tgt->params = get_dm_integrity_params(tgt, dmd->flags);
else if (tgt->type == DM_LINEAR)
- tgt->params = get_dm_linear_params(tgt, dmd->flags);
+ tgt->params = get_dm_linear_params(tgt);
else if (tgt->type == DM_ZERO)
- tgt->params = get_dm_zero_params(tgt, dmd->flags);
+ tgt->params = get_dm_zero_params();
else {
r = -ENOTSUP;
goto err;
return r;
}
-static bool dm_device_exists(struct crypt_device *cd, const char *name)
-{
- int r = dm_status_device(cd, name);
- return (r >= 0 || r == -EEXIST);
-}
-
static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
- const char *uuid, struct crypt_dm_active_device *dmd)
+ struct crypt_dm_active_device *dmd)
{
struct dm_task *dmt = NULL;
struct dm_info dmi;
goto out;
if (!dm_task_run(dmt)) {
- if (dm_device_exists(cd, name))
+ r = dm_status_device(cd, name);;
+ if (r >= 0)
r = -EEXIST;
+ if (r != -EEXIST && r != -ENODEV)
+ r = -EINVAL;
goto out;
}
static void _dm_target_erase(struct crypt_device *cd, struct dm_target *tgt)
{
+ if (tgt->direction == TARGET_EMPTY)
+ return;
+
if (tgt->direction == TARGET_QUERY)
_dm_target_free_query_path(cd, tgt);
if (dm_init_context(cd, dmd->segment.type))
return -ENOTSUP;
- r = _dm_create_device(cd, name, type, dmd->uuid, dmd);
+ r = _dm_create_device(cd, name, type, dmd);
+ if (!r || r == -EEXIST)
+ goto out;
- if (r < 0 && dm_flags(cd, dmd->segment.type, &dmt_flags))
+ if (dm_flags(cd, dmd->segment.type, &dmt_flags))
goto out;
- if (r && (dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR || dmd->segment.type == DM_ZERO) &&
+ if ((dmd->segment.type == DM_CRYPT || dmd->segment.type == DM_LINEAR || dmd->segment.type == DM_ZERO) &&
check_retry(cd, &dmd->flags, dmt_flags)) {
log_dbg(cd, "Retrying open without incompatible options.");
- r = _dm_create_device(cd, name, type, dmd->uuid, dmd);
+ r = _dm_create_device(cd, name, type, dmd);
+ if (!r || r == -EEXIST)
+ goto out;
}
- /*
- * Print warning if activating dm-crypt cipher_null device unless it's reencryption helper or
- * keyslot encryption helper device (LUKS1 cipher_null devices).
- */
- if (!r && !(dmd->flags & CRYPT_ACTIVATE_PRIVATE) && single_segment(dmd) && dmd->segment.type == DM_CRYPT &&
- crypt_is_cipher_null(dmd->segment.u.crypt.cipher))
- log_dbg(cd, "Activated dm-crypt device with cipher_null. Device is not encrypted.");
-
- if (r == -EINVAL &&
- dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
- !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
+ if (dmd->flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
+ !(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED))) {
log_err(cd, _("Requested dm-crypt performance options are not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL &&
- dmd->flags & (CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) &&
- !(dmt_flags & DM_CRYPT_NO_WORKQUEUE_SUPPORTED))
+ if (dmd->flags & (CRYPT_ACTIVATE_NO_READ_WORKQUEUE | CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE) &&
+ !(dmt_flags & DM_CRYPT_NO_WORKQUEUE_SUPPORTED)) {
log_err(cd, _("Requested dm-crypt performance options are not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
- CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
- CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
- CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) &&
- !(dmt_flags & DM_VERITY_ON_CORRUPTION_SUPPORTED))
+ if (dmd->flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+ CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+ CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
+ CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) &&
+ !(dmt_flags & DM_VERITY_ON_CORRUPTION_SUPPORTED)) {
log_err(cd, _("Requested dm-verity data corruption handling options are not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION &&
- !(dmt_flags & DM_VERITY_PANIC_CORRUPTION_SUPPORTED))
+ if (dmd->flags & CRYPT_ACTIVATE_TASKLETS &&
+ !(dmt_flags & DM_VERITY_TASKLETS_SUPPORTED)) {
+ log_err(cd, _("Requested dm-verity tasklets option is not supported."));
+ r = -EINVAL;
+ }
+
+ if (dmd->flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION &&
+ !(dmt_flags & DM_VERITY_PANIC_CORRUPTION_SUPPORTED)) {
log_err(cd, _("Requested dm-verity data corruption handling options are not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->segment.type == DM_VERITY &&
- dmd->segment.u.verity.fec_device && !(dmt_flags & DM_VERITY_FEC_SUPPORTED))
+ if (dmd->segment.type == DM_VERITY &&
+ dmd->segment.u.verity.fec_device && !(dmt_flags & DM_VERITY_FEC_SUPPORTED)) {
log_err(cd, _("Requested dm-verity FEC options are not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->segment.type == DM_CRYPT) {
- if (dmd->segment.u.crypt.integrity && !(dmt_flags & DM_INTEGRITY_SUPPORTED))
+ if (dmd->segment.type == DM_CRYPT) {
+ if (dmd->segment.u.crypt.integrity && !(dmt_flags & DM_INTEGRITY_SUPPORTED)) {
log_err(cd, _("Requested data integrity options are not supported."));
- if (dmd->segment.u.crypt.sector_size != SECTOR_SIZE && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED))
+ r = -EINVAL;
+ }
+ if (dmd->segment.u.crypt.sector_size != SECTOR_SIZE && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED)) {
log_err(cd, _("Requested sector_size option is not supported."));
+ r = -EINVAL;
+ }
}
- if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_RECALCULATE) &&
- !(dmt_flags & DM_INTEGRITY_RECALC_SUPPORTED))
+ if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_RECALCULATE) &&
+ !(dmt_flags & DM_INTEGRITY_RECALC_SUPPORTED)) {
log_err(cd, _("Requested automatic recalculation of integrity tags is not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
- !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED))
+ if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_RECALCULATE_RESET) &&
+ !(dmt_flags & DM_INTEGRITY_RESET_RECALC_SUPPORTED)) {
+ log_err(cd, _("Requested automatic recalculation of integrity tags is not supported."));
+ r = -EINVAL;
+ }
+
+ if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
+ !(dmt_flags & DM_INTEGRITY_DISCARDS_SUPPORTED)) {
log_err(cd, _("Discard/TRIM is not supported."));
+ r = -EINVAL;
+ }
- if (r == -EINVAL && dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) &&
- !(dmt_flags & DM_INTEGRITY_BITMAP_SUPPORTED))
+ if (dmd->segment.type == DM_INTEGRITY && (dmd->flags & CRYPT_ACTIVATE_NO_JOURNAL_BITMAP) &&
+ !(dmt_flags & DM_INTEGRITY_BITMAP_SUPPORTED)) {
log_err(cd, _("Requested dm-integrity bitmap mode is not supported."));
+ r = -EINVAL;
+ }
out:
+ /*
+ * Print warning if activating dm-crypt cipher_null device unless it's reencryption helper or
+ * keyslot encryption helper device (LUKS1 cipher_null devices).
+ */
+ if (!r && !(dmd->flags & CRYPT_ACTIVATE_PRIVATE) && single_segment(dmd) && dmd->segment.type == DM_CRYPT &&
+ crypt_is_cipher_null(dmd->segment.u.crypt.cipher))
+ log_dbg(cd, "Activated dm-crypt device with cipher_null. Device is not encrypted.");
+
dm_exit_context();
return r;
}
int r = -EINVAL;
if (!(dmt = dm_task_create(DM_DEVICE_STATUS)))
- goto out;
+ return r;
if (!dm_task_no_flush(dmt))
goto out;
if (!r && status_line && !(*status_line = strdup(params)))
r = -ENOMEM;
- if (dmt)
- dm_task_destroy(dmt);
+ dm_task_destroy(dmt);
return r;
}
/* cipher */
if (get_flags & DM_ACTIVE_CRYPT_CIPHER) {
- r = cipher_dm2c(CONST_CAST(char**)&cipher,
- CONST_CAST(char**)&integrity,
- rcipher, rintegrity);
+ r = crypt_capi_to_cipher(&cipher, &integrity, rcipher, rintegrity);
if (r < 0)
goto err;
}
*act_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
else if (!strcasecmp(arg, "check_at_most_once"))
*act_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE;
+ else if (!strcasecmp(arg, "try_verify_in_tasklet"))
+ *act_flags |= CRYPT_ACTIVATE_TASKLETS;
else if (!strcasecmp(arg, "use_fec_from_device")) {
str = strsep(¶ms, " ");
str2 = crypt_lookup_dev(str);
str = strsep(¶ms, " ");
if (!str)
goto err;
- if (!root_hash_sig_key_desc) {
+ if (vp && !root_hash_sig_key_desc) {
root_hash_sig_key_desc = strdup(str);
if (!root_hash_sig_key_desc) {
r = -ENOMEM;
goto err;
}
+ /* not stored in params, but cannot be used without vp */
+ vp->flags |= CRYPT_VERITY_ROOT_HASH_SIGNATURE;
}
i++;
- if (vp)
- vp->flags |= CRYPT_VERITY_ROOT_HASH_SIGNATURE;
} else /* unknown option */
goto err;
}
struct device *data_device = NULL, *meta_device = NULL;
char *integrity = NULL, *journal_crypt = NULL, *journal_integrity = NULL;
struct volume_key *vk = NULL;
+ struct volume_key *journal_integrity_key = NULL;
+ struct volume_key *journal_crypt_key = NULL;
tgt->type = DM_INTEGRITY;
tgt->direction = TARGET_QUERY;
goto err;
}
}
+
+ if (str) {
+ len = crypt_hex_to_bytes(str, &str2, 1);
+ if (len < 0) {
+ r = len;
+ goto err;
+ }
+
+ r = 0;
+ if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEY) {
+ journal_crypt_key = crypt_alloc_volume_key(len, str2);
+ if (!journal_crypt_key)
+ r = -ENOMEM;
+ } else if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE) {
+ journal_crypt_key = crypt_alloc_volume_key(len, NULL);
+ if (!journal_crypt_key)
+ r = -ENOMEM;
+ }
+ crypt_safe_free(str2);
+ if (r < 0)
+ goto err;
+ }
} else if (!strncmp(arg, "journal_mac:", 12) && !journal_integrity) {
str = &arg[12];
arg = strsep(&str, ":");
goto err;
}
}
+
+ if (str) {
+ len = crypt_hex_to_bytes(str, &str2, 1);
+ if (len < 0) {
+ r = len;
+ goto err;
+ }
+
+ r = 0;
+ if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEY) {
+ journal_integrity_key = crypt_alloc_volume_key(len, str2);
+ if (!journal_integrity_key)
+ r = -ENOMEM;
+ } else if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEYSIZE) {
+ journal_integrity_key = crypt_alloc_volume_key(len, NULL);
+ if (!journal_integrity_key)
+ r = -ENOMEM;
+ }
+ crypt_safe_free(str2);
+ if (r < 0)
+ goto err;
+ }
} else if (!strcmp(arg, "recalculate")) {
*act_flags |= CRYPT_ACTIVATE_RECALCULATE;
+ } else if (!strcmp(arg, "reset_recalculate")) {
+ *act_flags |= CRYPT_ACTIVATE_RECALCULATE_RESET;
} else if (!strcmp(arg, "fix_padding")) {
tgt->u.integrity.fix_padding = true;
} else if (!strcmp(arg, "fix_hmac")) {
tgt->u.integrity.journal_integrity = journal_integrity;
if (vk)
tgt->u.integrity.vk = vk;
+ if (journal_integrity_key)
+ tgt->u.integrity.journal_integrity_key = journal_integrity_key;
+ if (journal_crypt_key)
+ tgt->u.integrity.journal_crypt_key = journal_crypt_key;
return 0;
err:
device_free(cd, data_device);
free(journal_crypt);
free(journal_integrity);
crypt_free_volume_key(vk);
+ crypt_free_volume_key(journal_integrity_key);
+ crypt_free_volume_key(journal_crypt_key);
return r;
}
return r;
}
-static int _dm_target_query_error(struct crypt_device *cd, struct dm_target *tgt)
+static int _dm_target_query_error(struct dm_target *tgt)
{
tgt->type = DM_ERROR;
tgt->direction = TARGET_QUERY;
return 0;
}
-static int _dm_target_query_zero(struct crypt_device *cd, struct dm_target *tgt)
+static int _dm_target_query_zero(struct dm_target *tgt)
{
tgt->type = DM_ZERO;
tgt->direction = TARGET_QUERY;
else if (!strcmp(target_type, DM_LINEAR_TARGET))
r = _dm_target_query_linear(cd, tgt, get_flags, params);
else if (!strcmp(target_type, DM_ERROR_TARGET))
- r = _dm_target_query_error(cd, tgt);
+ r = _dm_target_query_error(tgt);
else if (!strcmp(target_type, DM_ZERO_TARGET))
- r = _dm_target_query_zero(cd, tgt);
+ r = _dm_target_query_zero(tgt);
if (!r) {
tgt->offset = *start;
goto out;
}
- /* Never allow to return empty key */
+ /* Never allow one to return empty key */
if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi.suspended) {
log_dbg(cd, "Cannot read volume key while suspended.");
r = -EINVAL;
r = (dmi.open_count > 0);
out:
- if (dmt)
- dm_task_destroy(dmt);
+ dm_task_destroy(dmt);
if (r < 0)
dm_targets_free(cd, dmd);
return r;
}
-static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps, char **names, size_t names_offset, size_t names_length)
+static int _process_deps(struct crypt_device *cd, const char *prefix, struct dm_deps *deps,
+ char **names, size_t names_offset, size_t names_length)
{
#if HAVE_DECL_DM_DEVICE_GET_NAME
struct crypt_dm_active_device dmd;
#endif
}
-int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix, char **names, size_t names_length)
+int dm_device_deps(struct crypt_device *cd, const char *name, const char *prefix,
+ char **names, size_t names_length)
{
struct dm_task *dmt;
struct dm_info dmi;
{
uint32_t dmt_flags;
int msg_size;
- char *msg = NULL;
+ char *msg = NULL, *key = NULL;
int r = -ENOTSUP;
if (dm_init_context(cd, DM_CRYPT) || dm_flags(cd, DM_CRYPT, &dmt_flags))
goto out;
}
- strcpy(msg, "key set ");
- if (!vk->keylength)
- snprintf(msg + 8, msg_size - 8, "-");
- else if (vk->key_description)
- snprintf(msg + 8, msg_size - 8, ":%zu:logon:%s", vk->keylength, vk->key_description);
- else
- hex_key(&msg[8], vk->keylength, vk->key);
+ if (vk->key_description) {
+ r = snprintf(msg, msg_size, "key set :%zu:logon:%s", vk->keylength, vk->key_description);
+ } else {
+ key = crypt_bytes_to_hex(vk->keylength, vk->key);
+ if (!key) {
+ r = -ENOMEM;
+ goto out;
+ }
+ r = snprintf(msg, msg_size, "key set %s", key);
+ }
+ if (r < 0 || r >= msg_size) {
+ r = -EINVAL;
+ goto out;
+ }
if (!_dm_message(name, msg) ||
_dm_resume_device(name, 0)) {
r = -EINVAL;
r = 0;
out:
crypt_safe_free(msg);
+ crypt_safe_free(key);
dm_exit_context();
return r;
}
+int dm_cancel_deferred_removal(const char *name)
+{
+ return _dm_message(name, "@cancel_deferred_remove") ? 0 : -ENOTSUP;
+}
+
const char *dm_get_dir(void)
{
return dm_dir();
uint64_t iv_offset, uint64_t data_offset, const char *integrity, uint32_t tag_size,
uint32_t sector_size)
{
- int r = -EINVAL;
-
- /* free on error */
char *dm_integrity = NULL;
if (tag_size) {
/* Space for IV metadata only */
dm_integrity = strdup(integrity ?: "none");
- if (!dm_integrity) {
- r = -ENOMEM;
- goto err;
- }
+ if (!dm_integrity)
+ return -ENOMEM;
}
tgt->data_device = data_device;
tgt->u.crypt.sector_size = sector_size;
return 0;
-err:
- free(dm_integrity);
-
- return r;
}
int dm_verity_target_set(struct dm_target *tgt, uint64_t seg_offset, uint64_t seg_size,
/*
* loop-AES compatible volume handling
*
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2021 Milan Broz
+ * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/*
* loop-AES compatible volume handling
*
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2021 Milan Broz
+ * Copyright (C) 2011-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#define _LOOPAES_H
#include <stdint.h>
-#include <unistd.h>
+#include <stddef.h>
struct crypt_device;
struct volume_key;
* AFsplitter - Anti forensic information splitter
*
* Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
*
* AFsplitter diffuses information over a large stripe of data,
* therefore supporting secure data destruction.
return r;
}
-int AF_merge(struct crypt_device *ctx __attribute__((unused)), const char *src, char *dst,
+int AF_merge(const char *src, char *dst,
size_t blocksize, unsigned int blocknumbers, const char *hash)
{
unsigned int i;
if (!bufblock)
return -ENOMEM;
- for(i = 0; i < blocknumbers - 1; i++) {
+ for (i = 0; i < blocknumbers - 1; i++) {
XORblock(src + blocksize * i, bufblock, bufblock, blocksize);
r = diffuse(bufblock, bufblock, blocksize, hash);
if (r < 0)
* AFsplitter - Anti forensic information splitter
*
* Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
*
* AFsplitter diffuses information over a large stripe of data,
* therefore supporting secure data destruction.
#include <stddef.h>
+struct crypt_device;
+struct volume_key;
+
/*
* AF_split operates on src and produces information split data in
* dst. src is assumed to be of the length blocksize. The data stripe
int AF_split(struct crypt_device *ctx, const char *src, char *dst,
size_t blocksize, unsigned int blocknumbers, const char *hash);
-int AF_merge(struct crypt_device *ctx, const char *src, char *dst, size_t blocksize,
+int AF_merge(const char *src, char *dst, size_t blocksize,
unsigned int blocknumbers, const char *hash);
size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers);
* LUKS - Linux Unified Key Setup
*
* Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* LUKS - Linux Unified Key Setup
*
* Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2013-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2013-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <sys/types.h>
#include <sys/stat.h>
-#include <netinet/in.h>
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
-#include <assert.h>
#include <uuid/uuid.h>
+#include <limits.h>
#include "luks.h"
#include "af.h"
}
}
+static int _is_not_lower(char *str, unsigned max_len)
+{
+ for(; *str && max_len; str++, max_len--)
+ if (isupper(*str))
+ return 1;
+ return 0;
+}
+
+static int _to_lower(char *str, unsigned max_len)
+{
+ int r = 0;
+
+ for(; *str && max_len; str++, max_len--)
+ if (isupper(*str)) {
+ *str = tolower(*str);
+ r = 1;
+ }
+
+ return r;
+}
+
size_t LUKS_device_sectors(const struct luks_phdr *hdr)
{
int sorted_areas[LUKS_NUMKEYS] = { 0, 1, 2, 3, 4, 5, 6, 7 };
hdr_size = LUKS_device_sectors(&hdr) << SECTOR_SHIFT;
buffer_size = size_round_up(hdr_size, crypt_getpagesize());
- buffer = crypt_safe_alloc(buffer_size);
+ buffer = malloc(buffer_size);
if (!buffer || hdr_size < LUKS_ALIGN_KEYSLOTS || hdr_size > buffer_size) {
r = -ENOMEM;
goto out;
}
+ memset(buffer, 0, buffer_size);
log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
r = 0;
out:
crypt_safe_memzero(&hdr, sizeof(hdr));
- crypt_safe_free(buffer);
+ crypt_safe_memzero(buffer, buffer_size);
+ free(buffer);
return r;
}
goto out;
}
- buffer = crypt_safe_alloc(buffer_size);
+ buffer = malloc(buffer_size);
if (!buffer) {
r = -ENOMEM;
goto out;
r = LUKS_read_phdr(hdr, 1, 0, ctx);
out:
device_sync(ctx, device);
- crypt_safe_free(buffer);
+ crypt_safe_memzero(buffer, buffer_size);
+ free(buffer);
return r;
}
/*
* cryptsetup 1.0 did not align keyslots to 4k, cannot repair this one
* Also we cannot trust possibly broken keyslots metadata here through LUKS_keyslots_offset().
- * Expect first keyslot is aligned, if not, then manual repair is neccessary.
+ * Expect first keyslot is aligned, if not, then manual repair is necessary.
*/
if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
log_err(ctx, _("Non standard keyslots alignment, manual repair required."));
return -EINVAL;
}
+ /*
+ * ECB mode does not use IV but legacy dmcrypt silently allows it.
+ * Today device cannot be activated anyway, so we need to fix it here.
+ */
+ if (!strncmp(phdr->cipherMode, "ecb-", 4)) {
+ log_err(ctx, _("Cipher mode repaired (%s -> %s)."), phdr->cipherMode, "ecb");
+ memset(phdr->cipherMode, 0, LUKS_CIPHERMODE_L);
+ strcpy(phdr->cipherMode, "ecb");
+ need_write = 1;
+ }
+
+ /*
+ * Old cryptsetup expects "sha1", gcrypt allows case insensitive names,
+ * so always convert hash to lower case in header
+ */
+ if (_to_lower(phdr->hashSpec, LUKS_HASHSPEC_L)) {
+ log_err(ctx, _("Cipher hash repaired to lowercase (%s)."), phdr->hashSpec);
+ if (crypt_hmac_size(phdr->hashSpec) < LUKS_DIGESTSIZE) {
+ log_err(ctx, _("Requested LUKS hash %s is not supported."), phdr->hashSpec);
+ return -EINVAL;
+ }
+ need_write = 1;
+ }
+
r = LUKS_check_cipher(ctx, phdr->keyBytes, phdr->cipherName, phdr->cipherMode);
if (r < 0)
return -EINVAL;
unsigned int i;
char luksMagic[] = LUKS_MAGIC;
- if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
+ hdr->version = be16_to_cpu(hdr->version);
+ if (memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
log_dbg(ctx, "LUKS header not detected.");
if (require_luks_device)
log_err(ctx, _("Device %s is not a valid LUKS device."), device);
return -EINVAL;
- } else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
+ } else if (hdr->version != 1) {
log_err(ctx, _("Unsupported LUKS version %d."), hdr->version);
return -EINVAL;
}
hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr->hashSpec);
- return -EINVAL;
+ r = -EINVAL;
}
/* Header detected */
- hdr->payloadOffset = ntohl(hdr->payloadOffset);
- hdr->keyBytes = ntohl(hdr->keyBytes);
- hdr->mkDigestIterations = ntohl(hdr->mkDigestIterations);
-
- for(i = 0; i < LUKS_NUMKEYS; ++i) {
- hdr->keyblock[i].active = ntohl(hdr->keyblock[i].active);
- hdr->keyblock[i].passwordIterations = ntohl(hdr->keyblock[i].passwordIterations);
- hdr->keyblock[i].keyMaterialOffset = ntohl(hdr->keyblock[i].keyMaterialOffset);
- hdr->keyblock[i].stripes = ntohl(hdr->keyblock[i].stripes);
+ hdr->payloadOffset = be32_to_cpu(hdr->payloadOffset);
+ hdr->keyBytes = be32_to_cpu(hdr->keyBytes);
+ hdr->mkDigestIterations = be32_to_cpu(hdr->mkDigestIterations);
+
+ for (i = 0; i < LUKS_NUMKEYS; ++i) {
+ hdr->keyblock[i].active = be32_to_cpu(hdr->keyblock[i].active);
+ hdr->keyblock[i].passwordIterations = be32_to_cpu(hdr->keyblock[i].passwordIterations);
+ hdr->keyblock[i].keyMaterialOffset = be32_to_cpu(hdr->keyblock[i].keyMaterialOffset);
+ hdr->keyblock[i].stripes = be32_to_cpu(hdr->keyblock[i].stripes);
}
if (LUKS_check_keyslots(ctx, hdr))
hdr->uuid[UUID_STRING_L - 1] = '\0';
if (repair) {
+ if (!strncmp(hdr->cipherMode, "ecb-", 4)) {
+ log_err(ctx, _("LUKS cipher mode %s is invalid."), hdr->cipherMode);
+ r = -EINVAL;
+ }
+
+ if (_is_not_lower(hdr->hashSpec, LUKS_HASHSPEC_L)) {
+ log_err(ctx, _("LUKS hash %s is invalid."), hdr->hashSpec);
+ r = -EINVAL;
+ }
+
if (r == -EINVAL)
r = _keyslot_repair(hdr, ctx);
else
return r;
}
-static void _to_lower(char *str, unsigned max_len)
-{
- for(; *str && max_len; str++, max_len--)
- if (isupper(*str))
- *str = tolower(*str);
-}
-
-static void LUKS_fix_header_compatible(struct luks_phdr *header)
-{
- /* Old cryptsetup expects "sha1", gcrypt allows case insensitive names,
- * so always convert hash to lower case in header */
- _to_lower(header->hashSpec, LUKS_HASHSPEC_L);
-
- /* ECB mode does not use IV but dmcrypt silently allows it.
- * Drop any IV here if ECB is used (that is not secure anyway).*/
- if (!strncmp(header->cipherMode, "ecb-", 4)) {
- memset(header->cipherMode, 0, LUKS_CIPHERMODE_L);
- strcpy(header->cipherMode, "ecb");
- }
-}
-
int LUKS_read_phdr_backup(const char *backup_file,
struct luks_phdr *hdr,
int require_luks_device,
if (read_buffer(devfd, hdr, hdr_size) < hdr_size)
r = -EIO;
- else {
- LUKS_fix_header_compatible(hdr);
+ else
r = _check_and_convert_hdr(backup_file, hdr,
require_luks_device, 0, ctx);
- }
close(devfd);
return r;
memset(&convHdr._padding, 0, sizeof(convHdr._padding));
/* Convert every uint16/32_t item to network byte order */
- convHdr.version = htons(hdr->version);
- convHdr.payloadOffset = htonl(hdr->payloadOffset);
- convHdr.keyBytes = htonl(hdr->keyBytes);
- convHdr.mkDigestIterations = htonl(hdr->mkDigestIterations);
+ convHdr.version = cpu_to_be16(hdr->version);
+ convHdr.payloadOffset = cpu_to_be32(hdr->payloadOffset);
+ convHdr.keyBytes = cpu_to_be32(hdr->keyBytes);
+ convHdr.mkDigestIterations = cpu_to_be32(hdr->mkDigestIterations);
for(i = 0; i < LUKS_NUMKEYS; ++i) {
- convHdr.keyblock[i].active = htonl(hdr->keyblock[i].active);
- convHdr.keyblock[i].passwordIterations = htonl(hdr->keyblock[i].passwordIterations);
- convHdr.keyblock[i].keyMaterialOffset = htonl(hdr->keyblock[i].keyMaterialOffset);
- convHdr.keyblock[i].stripes = htonl(hdr->keyblock[i].stripes);
+ convHdr.keyblock[i].active = cpu_to_be32(hdr->keyblock[i].active);
+ convHdr.keyblock[i].passwordIterations = cpu_to_be32(hdr->keyblock[i].passwordIterations);
+ convHdr.keyblock[i].keyMaterialOffset = cpu_to_be32(hdr->keyblock[i].keyMaterialOffset);
+ convHdr.keyblock[i].stripes = cpu_to_be32(hdr->keyblock[i].stripes);
}
r = write_lseek_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
+ _to_lower(header->hashSpec, LUKS_HASHSPEC_L);
header->keyBytes=vk->keylength;
- LUKS_fix_header_compatible(header);
-
log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
header->version, header->hashSpec ,header->cipherName, header->cipherMode,
header->keyBytes);
return r;
}
- /* Compute master key digest */
+ /* Compute volume key digest */
pbkdf = crypt_get_pbkdf(ctx);
r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
if (r < 0)
if (PBKDF2_temp > (double)UINT32_MAX)
return -EINVAL;
- header->mkDigestIterations = at_least((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
+ header->mkDigestIterations = AT_LEAST((uint32_t)PBKDF2_temp, LUKS_MKD_ITERATIONS_MIN);
assert(header->mkDigestIterations);
r = crypt_pbkdf(CRYPT_KDF_PBKDF2, header->hashSpec, vk->key,vk->keylength,
* Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
*/
hdr->keyblock[keyIndex].passwordIterations =
- at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
+ AT_LEAST(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex,
hdr->keyblock[keyIndex].passwordIterations);
hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
derived_key->key, hdr->keyBytes,
hdr->keyblock[keyIndex].passwordIterations, 0, 0);
- if (r < 0)
+ if (r < 0) {
+ if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
+ hdr->keyblock[keyIndex].passwordIterations > INT_MAX)
+ log_err(ctx, _("PBKDF2 iteration value overflow."));
goto out;
+ }
/*
- * AF splitting, the masterkey stored in vk->key is split to AfKey
+ * AF splitting, the volume key stored in vk->key is split to AfKey
*/
assert(vk->keylength == hdr->keyBytes);
AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
hdr->mkDigestIterations, 0, 0) < 0)
return -EINVAL;
- if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
+ if (crypt_backend_memeq(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
return -EPERM;
return 0;
if (r < 0)
goto out;
- r = AF_merge(ctx, AfKey, (*vk)->key, (*vk)->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
+ r = AF_merge(AfKey, (*vk)->key, (*vk)->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
if (r < 0)
goto out;
uint64_t offset, length;
size_t wipe_block;
+ r = LUKS_check_device_size(ctx, hdr, 1);
+ if (r)
+ return r;
+
/* Wipe complete header, keyslots and padding areas with zeroes. */
offset = 0;
length = (uint64_t)hdr->payloadOffset * SECTOR_SIZE;
* LUKS - Linux Unified Key Setup
*
* Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
/*
* LUKS - Linux Unified Key Setup v2
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-"
#define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6
+#define LUKS2_TOKEN_NAME_MAX 64
+
#define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring"
#define LUKS2_DIGEST_MAX 8
/* 1 GiB */
#define LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH 0x40000000
+/* supported reencryption requirement versions */
+#define LUKS2_REENCRYPT_REQ_VERSION UINT8_C(2)
+#define LUKS2_DECRYPT_DATASHIFT_REQ_VERSION UINT8_C(3)
+
+/* see reencrypt_assembly_verification_data() in luks2_reencrypt_digest.c */
+/* LUKS2_REENCRYPT_MAX_VERSION UINT8_C(207) */
+
struct device;
struct luks2_reencrypt;
+struct reenc_protection;
struct crypt_lock_handle;
struct crypt_dm_active_device;
struct luks_phdr; /* LUKS1 for conversion */
uint8_t salt2[LUKS2_SALT_L];
char uuid[LUKS2_UUID_L];
void *jobj;
+ void *jobj_rollback;
};
struct luks2_keyslot_params {
int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair);
int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr);
int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr);
+int LUKS2_hdr_rollback(struct crypt_device *cd, struct luks2_hdr *hdr);
int LUKS2_hdr_dump(struct crypt_device *cd, struct luks2_hdr *hdr);
+int LUKS2_hdr_dump_json(struct crypt_device *cd, struct luks2_hdr *hdr, const char **json);
int LUKS2_hdr_uuid(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot,
int wipe_area_only);
-crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int keyslot);
+crypt_keyslot_priority LUKS2_keyslot_priority_get(struct luks2_hdr *hdr, int keyslot);
int LUKS2_keyslot_priority_set(struct crypt_device *cd,
struct luks2_hdr *hdr,
crypt_keyslot_priority priority,
int commit);
+int LUKS2_keyslot_swap(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ int keyslot2);
+
/*
* Generic LUKS2 token
*/
-int LUKS2_token_json_get(struct crypt_device *cd,
- struct luks2_hdr *hdr,
+int LUKS2_token_json_get(struct luks2_hdr *hdr,
int token,
const char **json);
int assign,
int commit);
-int LUKS2_token_is_assigned(struct crypt_device *cd,
- struct luks2_hdr *hdr,
+int LUKS2_token_is_assigned(struct luks2_hdr *hdr,
int keyslot,
int token);
int token,
const char **type);
-int LUKS2_builtin_token_get(struct crypt_device *cd,
+int LUKS2_token_open_and_activate(struct crypt_device *cd,
struct luks2_hdr *hdr,
int token,
+ const char *name,
const char *type,
- void *params);
+ const char *pin,
+ size_t pin_size,
+ uint32_t flags,
+ void *usrptr);
-int LUKS2_builtin_token_create(struct crypt_device *cd,
+int LUKS2_token_unlock_key(struct crypt_device *cd,
struct luks2_hdr *hdr,
int token,
const char *type,
- const void *params,
- int commit);
+ const char *pin,
+ size_t pin_size,
+ int segment,
+ void *usrptr,
+ struct volume_key **vk);
-int LUKS2_token_open_and_activate(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int token,
- const char *name,
- uint32_t flags,
- void *usrptr);
+int LUKS2_token_keyring_get(struct luks2_hdr *hdr,
+ int token,
+ struct crypt_token_params_luks2_keyring *keyring_params);
-int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
+int LUKS2_token_keyring_json(char *buffer, size_t buffer_size,
+ const struct crypt_token_params_luks2_keyring *keyring_params);
+
+int LUKS2_token_unlock_passphrase(struct crypt_device *cd,
struct luks2_hdr *hdr,
- const char *name,
- uint32_t flags);
+ int token,
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr,
+ char **passphrase,
+ size_t *passphrase_size);
+
+void crypt_token_unload_external_all(struct crypt_device *cd);
/*
* Generic LUKS2 digest
uint64_t LUKS2_get_data_offset(struct luks2_hdr *hdr);
int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic);
-int LUKS2_get_sector_size(struct luks2_hdr *hdr);
+uint32_t LUKS2_get_sector_size(struct luks2_hdr *hdr);
const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment);
const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment);
int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment);
int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot);
const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size);
-int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr);
+int LUKS2_keyslot_find_empty(struct crypt_device *cd, struct luks2_hdr *hdr, size_t keylength);
int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment);
crypt_keyslot_info LUKS2_keyslot_info(struct luks2_hdr *hdr, int keyslot);
int LUKS2_keyslot_area(struct luks2_hdr *hdr,
*/
int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs);
int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs, bool commit);
+int LUKS2_config_set_requirement_version(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t req_id, uint8_t req_version, bool commit);
-int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint32_t *version);
+int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint8_t *version);
+
+bool LUKS2_reencrypt_requirement_candidate(struct luks2_hdr *hdr);
int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t reqs_mask, int quiet);
int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd,
struct luks2_hdr *hdr, struct volume_key *vk, int keyslot);
int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd,
- struct luks2_hdr *hdr, struct volume_key *vk, int digest);
+ struct volume_key *vk, int digest);
int LUKS2_luks1_to_luks2(struct crypt_device *cd,
struct luks_phdr *hdr1,
int keyslot_new,
const char *passphrase,
size_t passphrase_size,
- uint32_t flags,
struct volume_key **vks);
void LUKS2_reencrypt_free(struct crypt_device *cd,
struct luks2_hdr *hdr,
struct volume_key *vks);
+int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ const struct reenc_protection *rp,
+ int reencrypt_keyslot,
+ uint64_t *r_length);
+
+void LUKS2_reencrypt_protection_erase(struct reenc_protection *rp);
+
#endif
/*
* LUKS - Linux Unified Key Setup v2, digest handling
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
NULL
};
-static const digest_handler *LUKS2_digest_handler_type(struct crypt_device *cd, const char *type)
+static const digest_handler *LUKS2_digest_handler_type(const char *type)
{
int i;
if (!json_object_object_get_ex(jobj1, "type", &jobj2))
return NULL;
- return LUKS2_digest_handler_type(cd, json_object_get_string(jobj2));
+ return LUKS2_digest_handler_type(json_object_get_string(jobj2));
}
-static int LUKS2_digest_find_free(struct crypt_device *cd, struct luks2_hdr *hdr)
+static int LUKS2_digest_find_free(struct luks2_hdr *hdr)
{
int digest = 0;
int digest;
const digest_handler *dh;
- dh = LUKS2_digest_handler_type(cd, type);
+ dh = LUKS2_digest_handler_type(type);
if (!dh)
return -EINVAL;
- digest = LUKS2_digest_find_free(cd, hdr);
+ digest = LUKS2_digest_find_free(hdr);
if (digest < 0)
return -EINVAL;
}
int LUKS2_digest_verify_by_digest(struct crypt_device *cd,
- struct luks2_hdr *hdr,
int digest,
const struct volume_key *vk)
{
log_dbg(cd, "Verifying key from keyslot %d, digest %d.", keyslot, digest);
- return LUKS2_digest_verify_by_digest(cd, hdr, digest, vk);
+ return LUKS2_digest_verify_by_digest(cd, digest, vk);
}
int LUKS2_digest_dump(struct crypt_device *cd, int digest)
int digest;
for (digest = 0; digest < LUKS2_DIGEST_MAX; digest++)
- if (LUKS2_digest_verify_by_digest(cd, hdr, digest, vk) == digest)
+ if (LUKS2_digest_verify_by_digest(cd, digest, vk) == digest)
return digest;
return -ENOENT;
int segment,
const struct volume_key *vk)
{
- return LUKS2_digest_verify_by_digest(cd, hdr, LUKS2_digest_by_segment(hdr, segment), vk);
+ return LUKS2_digest_verify_by_digest(cd, LUKS2_digest_by_segment(hdr, segment), vk);
}
/* FIXME: segment can have more digests */
if (r < 0)
return r;
- // FIXME: do not write header in nothing changed
return commit ? LUKS2_hdr_write(cd, hdr) : 0;
}
-static int assign_all_segments(struct crypt_device *cd, struct luks2_hdr *hdr,
- int digest, int assign)
+static int assign_all_segments(struct luks2_hdr *hdr, int digest, int assign)
{
json_object *jobj1, *jobj_digest, *jobj_digest_segments;
json_object_object_foreach(jobj_digests, key, val) {
UNUSED(val);
if (segment == CRYPT_ANY_SEGMENT)
- r = assign_all_segments(cd, hdr, atoi(key), assign);
+ r = assign_all_segments(hdr, atoi(key), assign);
else
r = assign_one_segment(cd, hdr, segment, atoi(key), assign);
if (r < 0)
}
} else {
if (segment == CRYPT_ANY_SEGMENT)
- r = assign_all_segments(cd, hdr, digest, assign);
+ r = assign_all_segments(hdr, digest, assign);
else
r = assign_one_segment(cd, hdr, segment, digest, assign);
}
if (r < 0)
return r;
- // FIXME: do not write header in nothing changed
return commit ? LUKS2_hdr_write(cd, hdr) : 0;
}
}
int LUKS2_volume_key_load_in_keyring_by_digest(struct crypt_device *cd,
- struct luks2_hdr *hdr, struct volume_key *vk, int digest)
+ struct volume_key *vk, int digest)
{
char *desc = get_key_description_by_digest(cd, digest);
int r;
/*
* LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible)
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
char checkHashBuf[64];
json_object *jobj_digest, *jobj1;
const char *hashSpec;
- char *mkDigest = NULL, mkDigestSalt[LUKS_SALTSIZE];
+ char *mkDigest = NULL, *mkDigestSalt = NULL;
unsigned int mkDigestIterations;
size_t len;
- int r;
+ int r = -EINVAL;
/* This can be done only for internally linked digests */
jobj_digest = LUKS2_get_digest_jobj(crypt_get_hdr(cd, CRYPT_LUKS2), digest);
if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1))
return -EINVAL;
- len = sizeof(mkDigestSalt);
- if (!base64_decode(json_object_get_string(jobj1),
- json_object_get_string_len(jobj1), mkDigestSalt, &len))
- return -EINVAL;
+ r = crypt_base64_decode(&mkDigestSalt, &len, json_object_get_string(jobj1),
+ json_object_get_string_len(jobj1));
+ if (r < 0)
+ goto out;
if (len != LUKS_SALTSIZE)
- return -EINVAL;
+ goto out;
if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
- return -EINVAL;
- len = 0;
- if (!base64_decode_alloc(json_object_get_string(jobj1),
- json_object_get_string_len(jobj1), &mkDigest, &len))
- return -EINVAL;
+ goto out;
+ r = crypt_base64_decode(&mkDigest, &len, json_object_get_string(jobj1),
+ json_object_get_string_len(jobj1));
+ if (r < 0)
+ goto out;
if (len < LUKS_DIGESTSIZE ||
len > sizeof(checkHashBuf) ||
- (len != LUKS_DIGESTSIZE && len != (size_t)crypt_hash_size(hashSpec))) {
- free(mkDigest);
- return -EINVAL;
- }
+ (len != LUKS_DIGESTSIZE && len != (size_t)crypt_hash_size(hashSpec)))
+ goto out;
r = -EPERM;
if (crypt_pbkdf(CRYPT_KDF_PBKDF2, hashSpec, volume_key, volume_key_len,
mkDigestIterations, 0, 0) < 0) {
r = -EINVAL;
} else {
- if (memcmp(checkHashBuf, mkDigest, len) == 0)
+ if (crypt_backend_memeq(checkHashBuf, mkDigest, len) == 0)
r = 0;
}
-
+out:
free(mkDigest);
+ free(mkDigestSalt);
return r;
}
json_object_object_add(jobj_digest, "hash", json_object_new_string(pbkdf.hash));
json_object_object_add(jobj_digest, "iterations", json_object_new_int(pbkdf.iterations));
- base64_encode_alloc(salt, LUKS_SALTSIZE, &base64_str);
- if (!base64_str) {
+ r = crypt_base64_encode(&base64_str, NULL, salt, LUKS_SALTSIZE);
+ if (r < 0) {
json_object_put(jobj_digest);
- return -ENOMEM;
+ return r;
}
json_object_object_add(jobj_digest, "salt", json_object_new_string(base64_str));
free(base64_str);
- base64_encode_alloc(digest_raw, hmac_size, &base64_str);
- if (!base64_str) {
+ r = crypt_base64_encode(&base64_str, NULL, digest_raw, hmac_size);
+ if (r < 0) {
json_object_put(jobj_digest);
- return -ENOMEM;
+ return r;
}
json_object_object_add(jobj_digest, "digest", json_object_new_string(base64_str));
free(base64_str);
/*
* LUKS - Linux Unified Key Setup v2
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <assert.h>
-
#include "luks2_internal.h"
/*
int i;
for (i = 0; i < crypt_hash_size(csum_alg); i++)
- snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]);
- csum_txt[i*2+1] = '\0'; /* Just to be safe, sprintf should write \0 there. */
+ if (snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]) != 2)
+ return;
log_dbg(cd, "Checksum:%s (%s)", &csum_txt[0], info);
}
size_t *hdr_json_size, int secondary,
uint64_t offset)
{
+ uint64_t hdr_size;
+
if (memcmp(hdr->magic, secondary ? LUKS2_MAGIC_2ND : LUKS2_MAGIC_1ST, LUKS2_MAGIC_L))
return -EINVAL;
}
if (offset != be64_to_cpu(hdr->hdr_offset)) {
- log_dbg(cd, "LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.",
- (unsigned)be64_to_cpu(hdr->hdr_offset), (unsigned)offset);
+ log_dbg(cd, "LUKS2 offset 0x%04" PRIx64 " on device differs to expected offset 0x%04" PRIx64 ".",
+ be64_to_cpu(hdr->hdr_offset), offset);
return -EINVAL;
}
- if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) {
- log_dbg(cd, "LUKS2 offset 0x%04x in secondary header does not match size 0x%04x.",
- (unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size));
+ hdr_size = be64_to_cpu(hdr->hdr_size);
+
+ if (hdr_size < LUKS2_HDR_16K_LEN || hdr_size > LUKS2_HDR_OFFSET_MAX) {
+ log_dbg(cd, "LUKS2 header has bogus size 0x%04" PRIx64 ".", hdr_size);
+ return -EINVAL;
+ }
+
+ if (secondary && (offset != hdr_size)) {
+ log_dbg(cd, "LUKS2 offset 0x%04" PRIx64 " in secondary header does not match size 0x%04" PRIx64 ".",
+ offset, hdr_size);
return -EINVAL;
}
/* FIXME: sanity check checksum alg. */
- log_dbg(cd, "LUKS2 header version %u of size %u bytes, checksum %s.",
- (unsigned)be16_to_cpu(hdr->version), (unsigned)be64_to_cpu(hdr->hdr_size),
+ log_dbg(cd, "LUKS2 header version %u of size %" PRIu64 " bytes, checksum %s.",
+ be16_to_cpu(hdr->version), hdr_size,
hdr->checksum_alg);
- *hdr_json_size = be64_to_cpu(hdr->hdr_size) - LUKS2_HDR_BIN_LEN;
+ *hdr_json_size = hdr_size - LUKS2_HDR_BIN_LEN;
return 0;
}
return -EIO;
}
+ /*
+ * hdr_json_size is validated if this call succeeds
+ */
r = hdr_disk_sanity_check_pre(cd, hdr_disk, &hdr_json_size, secondary, offset);
- if (r < 0) {
+ if (r < 0)
return r;
- }
/*
* Allocate and read JSON area. Always the whole area must be read.
*/
*json_area = malloc(hdr_json_size);
- if (!*json_area) {
+ if (!*json_area)
return -ENOMEM;
- }
if (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), *json_area, hdr_json_size,
if (hdr_checksum_check(cd, hdr_disk->checksum_alg, hdr_disk,
*json_area, hdr_json_size)) {
log_dbg(cd, "LUKS2 header checksum error (offset %" PRIu64 ").", offset);
+ free(*json_area);
+ *json_area = NULL;
r = -EINVAL;
}
memset(hdr_disk->csum, 0, LUKS2_CHECKSUM_L);
log_dbg(cd, "Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".",
hdr->hdr_size, offset);
- /* FIXME: read-only device silent fail? */
-
devfd = device_open_locked(cd, device, O_RDWR);
if (devfd < 0)
return devfd == -1 ? -EINVAL : devfd;
memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(cd, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
if (r)
- log_dbg(cd, "Cannot generate master salt.");
+ log_dbg(cd, "Cannot generate header salt.");
else {
hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0);
r = hdr_write_disk(cd, device, hdr, json_area1, 1);
memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN);
r = crypt_random_get(cd, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
if (r)
- log_dbg(cd, "Cannot generate master salt.");
+ log_dbg(cd, "Cannot generate header salt.");
else {
hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1);
r = hdr_write_disk(cd, device, hdr, json_area2, 0);
flags |= O_DIRECT;
devfd = open(device_path(device), flags);
- if (devfd < 0)
- goto err;
-
- if ((read_lseek_blockwise(devfd, device_block_size(cd, device),
+ if (devfd != -1 && (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), &hdr, sizeof(hdr), 0) == sizeof(hdr)) &&
!memcmp(hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L))
r = (int)be16_to_cpu(hdr.version);
-err:
+
if (devfd != -1)
close(devfd);
/*
* LUKS - Linux Unified Key Setup v2
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <json-c/json.h>
#include "internal.h"
-#include "base64.h"
#include "luks2.h"
-#define UNUSED(x) (void)(x)
-
/* override useless forward slash escape when supported by json-c */
#ifndef JSON_C_TO_STRING_NOSLASHESCAPE
#define JSON_C_TO_STRING_NOSLASHESCAPE 0
*/
/* validation helper */
-json_bool validate_json_uint32(json_object *jobj);
+bool validate_json_uint32(json_object *jobj);
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
const char *section, const char *key, json_type type);
+json_object *json_contains_string(struct crypt_device *cd, json_object *jobj,
+ const char *name, const char *section, const char *key);
int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
typedef int (*keyslot_wipe_func) (struct crypt_device *cd, int keyslot);
typedef int (*keyslot_dump_func) (struct crypt_device *cd, int keyslot);
typedef int (*keyslot_validate_func) (struct crypt_device *cd, json_object *jobj_keyslot);
-typedef void(*keyslot_repair_func) (struct crypt_device *cd, json_object *jobj_keyslot);
+typedef void(*keyslot_repair_func) (json_object *jobj_keyslot);
/* see LUKS2_luks2_to_luks1 */
int placeholder_keyslot_alloc(struct crypt_device *cd,
int keyslot,
uint64_t area_offset,
- uint64_t area_length,
- size_t volume_key_len);
+ uint64_t area_length);
/* validate all keyslot implementations in hdr json */
int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);
keyslot_repair_func repair;
} keyslot_handler;
-/* can not fit prototype alloc function */
-int reenc_keyslot_alloc(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int keyslot,
- const struct crypt_params_reencrypt *params);
+struct reenc_protection {
+ enum { REENC_PROTECTION_NOT_SET = 0,
+ REENC_PROTECTION_NONE,
+ REENC_PROTECTION_CHECKSUM,
+ REENC_PROTECTION_JOURNAL,
+ REENC_PROTECTION_DATASHIFT } type;
+
+ union {
+ struct {
+ char hash[LUKS2_CHECKSUM_ALG_L];
+ struct crypt_hash *ch;
+ size_t hash_size;
+ /* buffer for checksums */
+ void *checksums;
+ size_t checksums_len;
+ size_t block_size;
+ } csum;
+ struct {
+ uint64_t data_shift;
+ } ds;
+ } p;
+};
/**
* LUKS2 digest handlers (EXPERIMENTAL)
digest_dump_func dump;
} digest_handler;
-/**
- * LUKS2 token handlers (internal use only)
- */
-typedef int (*builtin_token_get_func) (json_object *jobj_token, void *params);
-typedef int (*builtin_token_set_func) (json_object **jobj_token, const void *params);
+int keyring_open(struct crypt_device *cd,
+ int token,
+ char **buffer,
+ size_t *buffer_len,
+ void *usrptr);
+
+void keyring_dump(struct crypt_device *cd, const char *json);
+
+int keyring_validate(struct crypt_device *cd, const char *json);
-typedef struct {
- /* internal only section used by builtin tokens */
- builtin_token_get_func get;
- builtin_token_set_func set;
- /* public token handler */
- const crypt_token_handler *h;
-} token_handler;
+void keyring_buffer_free(void *buffer, size_t buffer_size);
-int token_keyring_set(json_object **, const void *);
-int token_keyring_get(json_object *, void *);
+struct crypt_token_handler_v2 {
+ const char *name;
+ crypt_token_open_func open;
+ crypt_token_buffer_free_func buffer_free;
+ crypt_token_validate_func validate;
+ crypt_token_dump_func dump;
+
+ /* here ends v1. Do not touch anything above */
+
+ crypt_token_open_pin_func open_pin;
+ crypt_token_version_func version;
+
+ void *dlhandle;
+};
+
+/*
+ * Initial sequence of structure members in union 'u' must be always
+ * identical. Version 4 must fully contain version 3 which must
+ * subsequently fully contain version 2, etc.
+ *
+ * See C standard, section 6.5.2.3, item 5.
+ */
+struct crypt_token_handler_internal {
+ uint32_t version;
+ union {
+ crypt_token_handler v1; /* deprecated public structure */
+ struct crypt_token_handler_v2 v2; /* internal helper v2 structure */
+ } u;
+};
int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
size_t keylength, uint64_t *area_offset, uint64_t *area_length);
int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot,
- const struct crypt_params_reencrypt *params);
+ const struct crypt_params_reencrypt *params,
+ size_t alignment);
+
+int LUKS2_keyslot_reencrypt_update_needed(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment);
+
+int LUKS2_keyslot_reencrypt_update(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment,
+ struct volume_key *vks);
+
+int LUKS2_keyslot_reencrypt_load(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ struct reenc_protection *rp,
+ bool primary);
int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
struct luks2_hdr *hdr,
+ uint8_t version,
struct volume_key *vks);
int LUKS2_keyslot_dump(struct crypt_device *cd,
uint64_t json_segment_get_iv_offset(json_object *jobj_segment);
uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise);
const char *json_segment_get_cipher(json_object *jobj_segment);
-int json_segment_get_sector_size(json_object *jobj_segment);
+uint32_t json_segment_get_sector_size(json_object *jobj_segment);
bool json_segment_is_backup(json_object *jobj_segment);
json_object *json_segments_get_segment(json_object *jobj_segments, int segment);
unsigned json_segments_count(json_object *jobj_segments);
* Generic LUKS2 digest
*/
int LUKS2_digest_verify_by_digest(struct crypt_device *cd,
- struct luks2_hdr *hdr,
int digest,
const struct volume_key *vk);
int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment);
int LUKS2_find_keyslot(struct luks2_hdr *hdr, const char *type);
-int LUKS2_set_keyslots_size(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- uint64_t data_offset);
+int LUKS2_set_keyslots_size(struct luks2_hdr *hdr, uint64_t data_offset);
#endif
/*
* LUKS - Linux Unified Key Setup v2, LUKS2 header format code
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "luks2_internal.h"
#include <uuid/uuid.h>
-#include <assert.h>
struct area {
uint64_t offset;
static size_t get_area_size(size_t keylength)
{
- //FIXME: calculate this properly, for now it is AF_split_sectors
+ /* for now it is AF_split_sectors */
return size_round_up(keylength * 4000, 4096);
}
log_dbg(cd, "Found area %zu -> %zu", offset, length + offset);
- *area_offset = offset;
- *area_length = length;
+ if (area_offset)
+ *area_offset = offset;
+ if (area_length)
+ *area_length = length;
+
return 0;
}
wipe_block = 4096;
}
+ r = device_check_size(cd, crypt_metadata_device(cd), length, 1);
+ if (r)
+ return r;
+
log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
offset, length + offset);
offset, length, wipe_block, NULL, NULL);
}
-/* FIXME: what if user wanted to keep original keyslots size? */
-int LUKS2_set_keyslots_size(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- uint64_t data_offset)
+int LUKS2_set_keyslots_size(struct luks2_hdr *hdr, uint64_t data_offset)
{
json_object *jobj_config;
uint64_t keyslots_size;
/*
* LUKS - Linux Unified Key Setup v2
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
- * Copyright (C) 2015-2021 Ondrej Kozina
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
+ * Copyright (C) 2015-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "luks2_internal.h"
#include "../integrity/integrity.h"
-#include <assert.h>
#include <ctype.h>
#include <uuid/uuid.h>
size_t buf_len;
unsigned int i;
- if (!base64_decode_alloc(json_object_get_string(jobj),
- json_object_get_string_len(jobj),
- &buf, &buf_len))
+ if (crypt_base64_decode(&buf, &buf_len, json_object_get_string(jobj),
+ json_object_get_string_len(jobj)))
return;
for (i = 0; i < buf_len; i++) {
if (s >= 0)
return s;
- if (LUKS2_segments_count(hdr) == 1)
+ if (LUKS2_segments_count(hdr) >= 1)
return 0;
return -EINVAL;
}
/* jobj has to be json_type_string and numbered */
-static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
+static bool json_str_to_uint64(json_object *jobj, uint64_t *value)
{
char *endptr;
unsigned long long tmp;
tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
if (*endptr || errno) {
*value = 0;
- return 0;
+ return false;
}
*value = tmp;
- return 1;
+ return true;
}
uint64_t crypt_jobj_get_uint64(json_object *jobj)
/*
* Validate helpers
*/
-static json_bool numbered(struct crypt_device *cd, const char *name, const char *key)
+static bool numbered(struct crypt_device *cd, const char *name, const char *key)
{
int i;
for (i = 0; key[i]; i++)
if (!isdigit(key[i])) {
log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
- return 0;
+ return false;
}
- return 1;
+ return true;
}
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
return sobj;
}
-json_bool validate_json_uint32(json_object *jobj)
+json_object *json_contains_string(struct crypt_device *cd, json_object *jobj,
+ const char *name, const char *section, const char *key)
+{
+ json_object *sobj = json_contains(cd, jobj, name, section, key, json_type_string);
+
+ if (!sobj)
+ return NULL;
+
+ if (strlen(json_object_get_string(sobj)) < 1)
+ return NULL;
+
+ return sobj;
+}
+
+bool validate_json_uint32(json_object *jobj)
{
int64_t tmp;
errno = 0;
tmp = json_object_get_int64(jobj);
- return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
+ return (errno || tmp < 0 || tmp > UINT32_MAX) ? false : true;
}
-static json_bool validate_keyslots_array(struct crypt_device *cd,
- json_object *jarr, json_object *jobj_keys)
+static bool validate_keyslots_array(struct crypt_device *cd, json_object *jarr, json_object *jobj_keys)
{
json_object *jobj;
int i = 0, length = (int) json_object_array_length(jarr);
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
- return 0;
+ return false;
}
if (!json_contains(cd, jobj_keys, "", "Keyslots section",
json_object_get_string(jobj), json_type_object))
- return 0;
+ return false;
i++;
}
- return 1;
+ return true;
}
-static json_bool validate_segments_array(struct crypt_device *cd,
- json_object *jarr, json_object *jobj_segments)
+static bool validate_segments_array(struct crypt_device *cd, json_object *jarr, json_object *jobj_segments)
{
json_object *jobj;
int i = 0, length = (int) json_object_array_length(jarr);
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in segments array at index %d.", i);
- return 0;
+ return false;
}
if (!json_contains(cd, jobj_segments, "", "Segments section",
json_object_get_string(jobj), json_type_object))
- return 0;
+ return false;
i++;
}
- return 1;
+ return true;
}
-static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
+static bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
{
json_object *jobj_segments;
UNUSED(key);
json_object_object_get_ex(val, "segments", &jobj_segments);
if (LUKS2_array_jobj(jobj_segments, segment_name))
- return 1;
+ return true;
}
- return 0;
+ return false;
}
-static json_bool validate_intervals(struct crypt_device *cd,
- int length, const struct interval *ix,
- uint64_t metadata_size, uint64_t keyslots_area_end)
+
+static bool validate_intervals(struct crypt_device *cd,
+ int length, const struct interval *ix,
+ uint64_t metadata_size, uint64_t keyslots_area_end)
{
int j, i = 0;
while (i < length) {
+ /* Offset cannot be inside primary or secondary JSON area */
if (ix[i].offset < 2 * metadata_size) {
log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
- return 0;
+ return false;
}
if (!ix[i].length) {
log_dbg(cd, "Area length must be greater than zero.");
- return 0;
+ return false;
+ }
+
+ if (ix[i].offset > (UINT64_MAX - ix[i].length)) {
+ log_dbg(cd, "Interval offset+length overflow.");
+ return false;
}
if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
- return 0;
+ return false;
}
for (j = 0; j < length; j++) {
if (i == j)
continue;
+
+ if (ix[j].offset > (UINT64_MAX - ix[j].length)) {
+ log_dbg(cd, "Interval offset+length overflow.");
+ return false;
+ }
+
if ((ix[i].offset >= ix[j].offset) && (ix[i].offset < (ix[j].offset + ix[j].length))) {
log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
ix[i].offset, ix[i].offset + ix[i].length,
ix[j].offset, ix[j].offset + ix[j].length);
- return 0;
+ return false;
}
}
i++;
}
- return 1;
+ return true;
}
-static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
+static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_keyslot, const char *key)
{
json_object *jobj_key_size;
- if (!json_contains(cd, hdr_keyslot, key, "Keyslot", "type", json_type_string))
+ if (!json_contains_string(cd, hdr_keyslot, key, "Keyslot", "type"))
return 1;
if (!(jobj_key_size = json_contains(cd, hdr_keyslot, key, "Keyslot", "key_size", json_type_int)))
return 1;
if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
return 1;
- if (!json_contains(cd, jobj_token, key, "Token", "type", json_type_string))
+ if (!json_contains_string(cd, jobj_token, key, "Token", "type"))
return 1;
jarr = json_contains(cd, jobj_token, key, "Token", "keyslots", json_type_array);
{
json_object *jobj;
- if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj)) {
- log_dbg(cd, "Missing keyslots section.");
+ if (!(jobj = json_contains(cd, hdr_jobj, "", "JSON area", "keyslots", json_type_object)))
return 1;
- }
json_object_object_foreach(jobj, key, val) {
if (!numbered(cd, "Keyslot", key))
return 1;
- if (LUKS2_keyslot_validate(cd, hdr_jobj, val, key))
+ if (LUKS2_keyslot_validate(cd, val, key))
return 1;
}
{
json_object *jobj;
- if (!json_object_object_get_ex(hdr_jobj, "tokens", &jobj)) {
- log_dbg(cd, "Missing tokens section.");
+ if (!(jobj = json_contains(cd, hdr_jobj, "", "JSON area", "tokens", json_type_object)))
return 1;
- }
json_object_object_foreach(jobj, key, val) {
if (!numbered(cd, "Token", key))
return 0;
}
-static int hdr_validate_crypt_segment(struct crypt_device *cd,
- json_object *jobj, const char *key, json_object *jobj_digests,
- uint64_t offset, uint64_t size)
+static int hdr_validate_crypt_segment(struct crypt_device *cd, json_object *jobj,
+ const char *key, json_object *jobj_digests,
+ uint64_t size)
{
+ int r;
json_object *jobj_ivoffset, *jobj_sector_size, *jobj_integrity;
uint32_t sector_size;
uint64_t ivoffset;
- if (!(jobj_ivoffset = json_contains(cd, jobj, key, "Segment", "iv_tweak", json_type_string)) ||
- !json_contains(cd, jobj, key, "Segment", "encryption", json_type_string) ||
+ if (!(jobj_ivoffset = json_contains_string(cd, jobj, key, "Segment", "iv_tweak")) ||
+ !json_contains_string(cd, jobj, key, "Segment", "encryption") ||
!(jobj_sector_size = json_contains(cd, jobj, key, "Segment", "sector_size", json_type_int)))
return 1;
/* integrity */
if (json_object_object_get_ex(jobj, "integrity", &jobj_integrity)) {
if (!json_contains(cd, jobj, key, "Segment", "integrity", json_type_object) ||
- !json_contains(cd, jobj_integrity, key, "Segment integrity", "type", json_type_string) ||
- !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_encryption", json_type_string) ||
- !json_contains(cd, jobj_integrity, key, "Segment integrity", "journal_integrity", json_type_string))
+ !json_contains_string(cd, jobj_integrity, key, "Segment integrity", "type") ||
+ !json_contains_string(cd, jobj_integrity, key, "Segment integrity", "journal_encryption") ||
+ !json_contains_string(cd, jobj_integrity, key, "Segment integrity", "journal_integrity"))
return 1;
}
return 1;
}
- return !segment_has_digest(key, jobj_digests);
+ r = segment_has_digest(key, jobj_digests);
+
+ if (!r)
+ log_dbg(cd, "Crypt segment %s not assigned to key digest.", key);
+
+ return !r;
}
static bool validate_segment_intervals(struct crypt_device *cd,
for (j = 0; j < length; j++) {
if (i == j)
continue;
+
+ if (ix[j].length != UINT64_MAX && ix[j].offset > (UINT64_MAX - ix[j].length)) {
+ log_dbg(cd, "Interval offset+length overflow.");
+ return false;
+ }
+
if ((ix[i].offset >= ix[j].offset) && (ix[j].length == UINT64_MAX || (ix[i].offset < (ix[j].offset + ix[j].length)))) {
log_dbg(cd, "Overlapping segments [%" PRIu64 ",%" PRIu64 "]%s and [%" PRIu64 ",%" PRIu64 "]%s.",
ix[i].offset, ix[i].offset + ix[i].length, ix[i].length == UINT64_MAX ? "(dynamic)" : "",
int i, r, count, first_backup = -1;
struct interval *intervals = NULL;
- if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments)) {
- log_dbg(cd, "Missing segments section.");
+ if (!(jobj_segments = json_contains(cd, hdr_jobj, "", "JSON area", "segments", json_type_object)))
return 1;
- }
count = json_object_object_length(jobj_segments);
if (count < 1) {
return 1;
/* those fields are mandatory for all segment types */
- if (!(jobj_type = json_contains(cd, val, key, "Segment", "type", json_type_string)) ||
- !(jobj_offset = json_contains(cd, val, key, "Segment", "offset", json_type_string)) ||
- !(jobj_size = json_contains(cd, val, key, "Segment", "size", json_type_string)))
+ if (!(jobj_type = json_contains_string(cd, val, key, "Segment", "type")) ||
+ !(jobj_offset = json_contains_string(cd, val, key, "Segment", "offset")) ||
+ !(jobj_size = json_contains_string(cd, val, key, "Segment", "size")))
+ return 1;
+
+ if (!numbered(cd, "offset", json_object_get_string(jobj_offset)))
return 1;
- if (!numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
- !json_str_to_uint64(jobj_offset, &offset))
+ if (!json_str_to_uint64(jobj_offset, &offset)) {
+ log_dbg(cd, "Illegal segment offset value.");
return 1;
+ }
/* size "dynamic" means whole device starting at 'offset' */
if (strcmp(json_object_get_string(jobj_size), "dynamic")) {
- if (!numbered(cd, "size", json_object_get_string(jobj_size)) ||
- !json_str_to_uint64(jobj_size, &size) || !size)
+ if (!numbered(cd, "size", json_object_get_string(jobj_size)))
return 1;
+ if (!json_str_to_uint64(jobj_size, &size) || !size) {
+ log_dbg(cd, "Illegal segment size value.");
+ return 1;
+ }
} else
size = 0;
/* crypt */
if (!strcmp(json_object_get_string(jobj_type), "crypt") &&
- hdr_validate_crypt_segment(cd, val, key, jobj_digests, offset, size))
+ hdr_validate_crypt_segment(cd, val, key, jobj_digests, size))
return 1;
}
json_object_object_foreach(jobj_keyslots, key, val) {
if (!(jobj_area = json_contains(cd, val, key, "Keyslot", "area", json_type_object)) ||
- !json_contains(cd, jobj_area, key, "Keyslot area", "type", json_type_string) ||
- !(jobj_offset = json_contains(cd, jobj_area, key, "Keyslot", "offset", json_type_string)) ||
- !(jobj_length = json_contains(cd, jobj_area, key, "Keyslot", "size", json_type_string)) ||
+ !json_contains_string(cd, jobj_area, key, "Keyslot area", "type") ||
+ !(jobj_offset = json_contains_string(cd, jobj_area, key, "Keyslot", "offset")) ||
+ !(jobj_length = json_contains_string(cd, jobj_area, key, "Keyslot", "size")) ||
!numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
!numbered(cd, "size", json_object_get_string(jobj_length))) {
free(intervals);
/* rule out values > UINT64_MAX */
if (!json_str_to_uint64(jobj_offset, &intervals[i].offset) ||
!json_str_to_uint64(jobj_length, &intervals[i].length)) {
+ log_dbg(cd, "Illegal keyslot area values.");
free(intervals);
return 1;
}
{
json_object *jarr_keys, *jarr_segs, *jobj, *jobj_keyslots, *jobj_segments;
- if (!json_object_object_get_ex(hdr_jobj, "digests", &jobj)) {
- log_dbg(cd, "Missing digests section.");
+ if (!(jobj = json_contains(cd, hdr_jobj, "", "JSON area", "digests", json_type_object)))
return 1;
- }
/* keyslots are not yet validated, but we need to know digest doesn't reference missing keyslot */
- if (!json_object_object_get_ex(hdr_jobj, "keyslots", &jobj_keyslots))
+ if (!(jobj_keyslots = json_contains(cd, hdr_jobj, "", "JSON area", "keyslots", json_type_object)))
return 1;
/* segments are not yet validated, but we need to know digest doesn't reference missing segment */
- if (!json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments))
+ if (!(jobj_segments = json_contains(cd, hdr_jobj, "", "JSON area", "segments", json_type_object)))
return 1;
json_object_object_foreach(jobj, key, val) {
if (!numbered(cd, "Digest", key))
return 1;
- if (!json_contains(cd, val, key, "Digest", "type", json_type_string) ||
+ if (!json_contains_string(cd, val, key, "Digest", "type") ||
!(jarr_keys = json_contains(cd, val, key, "Digest", "keyslots", json_type_array)) ||
!(jarr_segs = json_contains(cd, val, key, "Digest", "segments", json_type_array)))
return 1;
int i;
uint64_t keyslots_size, metadata_size, segment_offset;
- if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) {
- log_dbg(cd, "Missing config section.");
+ if (!(jobj_config = json_contains(cd, hdr_jobj, "", "JSON area", "config", json_type_object)))
return 1;
- }
- if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "json_size", json_type_string)) ||
- !json_str_to_uint64(jobj, &metadata_size))
+ if (!(jobj = json_contains_string(cd, jobj_config, "section", "Config", "json_size")))
+ return 1;
+ if (!json_str_to_uint64(jobj, &metadata_size)) {
+ log_dbg(cd, "Illegal config json_size value.");
return 1;
+ }
/* single metadata instance is assembled from json area size plus
* binary header size */
metadata_size += LUKS2_HDR_BIN_LEN;
- if (!(jobj = json_contains(cd, jobj_config, "section", "Config", "keyslots_size", json_type_string)) ||
- !json_str_to_uint64(jobj, &keyslots_size))
+ if (!(jobj = json_contains_string(cd, jobj_config, "section", "Config", "keyslots_size")))
+ return 1;
+ if(!json_str_to_uint64(jobj, &keyslots_size)) {
+ log_dbg(cd, "Illegal config keyslot_size value.");
return 1;
+ }
if (LUKS2_check_metadata_area_size(metadata_size)) {
log_dbg(cd, "Unsupported LUKS2 header size (%" PRIu64 ").", metadata_size);
return 0;
}
+static bool reencrypt_candidate_flag(const char *flag)
+{
+ const char *ptr;
+
+ assert(flag);
+
+ if (!strcmp(flag, "online-reencrypt"))
+ return true;
+
+ if (strncmp(flag, "online-reencrypt-v", 18))
+ return false;
+
+ ptr = flag + 18;
+ if (!*ptr)
+ return false;
+
+ while (*ptr) {
+ if (!isdigit(*ptr))
+ return false;
+ ptr++;
+ }
+
+ return true;
+}
+
static int hdr_validate_requirements(struct crypt_device *cd, json_object *hdr_jobj)
{
int i;
json_object *jobj_config, *jobj, *jobj1;
+ unsigned online_reencrypt_flag = 0;
- if (!json_object_object_get_ex(hdr_jobj, "config", &jobj_config)) {
- log_dbg(cd, "Missing config section.");
+ if (!(jobj_config = json_contains(cd, hdr_jobj, "", "JSON area", "config", json_type_object)))
return 1;
- }
/* Requirements object is optional */
if (json_object_object_get_ex(jobj_config, "requirements", &jobj)) {
return 1;
/* All array members must be strings */
- for (i = 0; i < (int) json_object_array_length(jobj1); i++)
+ for (i = 0; i < (int) json_object_array_length(jobj1); i++) {
if (!json_object_is_type(json_object_array_get_idx(jobj1, i), json_type_string))
return 1;
+
+ if (reencrypt_candidate_flag(json_object_get_string(json_object_array_get_idx(jobj1, i))))
+ online_reencrypt_flag++;
+
+ }
}
}
+ if (online_reencrypt_flag > 1) {
+ log_dbg(cd, "Multiple online reencryption requirement flags detected.");
+ return 1;
+ }
+
return 0;
}
return 0;
}
+static bool hdr_json_free(json_object **jobj)
+{
+ assert(jobj);
+
+ if (json_object_put(*jobj))
+ *jobj = NULL;
+
+ return (*jobj == NULL);
+}
+
+static int hdr_update_copy_for_rollback(struct crypt_device *cd, struct luks2_hdr *hdr)
+{
+ json_object **jobj_copy;
+
+ assert(hdr);
+ assert(hdr->jobj);
+
+ jobj_copy = (json_object **)&hdr->jobj_rollback;
+
+ if (!hdr_json_free(jobj_copy)) {
+ log_dbg(cd, "LUKS2 rollback metadata copy still in use");
+ return -EINVAL;
+ }
+
+ return json_object_copy(hdr->jobj, jobj_copy) ? -ENOMEM : 0;
+}
+
/* FIXME: should we expose do_recovery parameter explicitly? */
int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr, int repair)
{
} else
device_read_unlock(cd, crypt_metadata_device(cd));
+ if (!r && (r = hdr_update_copy_for_rollback(cd, hdr)))
+ log_dbg(cd, "Failed to update rollback LUKS2 metadata.");
+
return r;
}
int LUKS2_hdr_write_force(struct crypt_device *cd, struct luks2_hdr *hdr)
{
+ int r;
+
if (hdr_cleanup_and_validate(cd, hdr))
return -EINVAL;
- return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false);
+ r = LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), false);
+
+ if (!r && (r = hdr_update_copy_for_rollback(cd, hdr)))
+ log_dbg(cd, "Failed to update rollback LUKS2 metadata.");
+
+ return r;
}
int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr)
{
+ int r;
+
if (hdr_cleanup_and_validate(cd, hdr))
return -EINVAL;
- return LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true);
+ r = LUKS2_disk_hdr_write(cd, hdr, crypt_metadata_device(cd), true);
+
+ if (!r && (r = hdr_update_copy_for_rollback(cd, hdr)))
+ log_dbg(cd, "Failed to update rollback LUKS2 metadata.");
+
+ return r;
+}
+
+int LUKS2_hdr_rollback(struct crypt_device *cd, struct luks2_hdr *hdr)
+{
+ json_object **jobj_copy;
+
+ assert(hdr->jobj_rollback);
+
+ log_dbg(cd, "Rolling back in-memory LUKS2 json metadata.");
+
+ jobj_copy = (json_object **)&hdr->jobj;
+
+ if (!hdr_json_free(jobj_copy)) {
+ log_dbg(cd, "LUKS2 header still in use");
+ return -EINVAL;
+ }
+
+ return json_object_copy(hdr->jobj_rollback, jobj_copy) ? -ENOMEM : 0;
}
int LUKS2_hdr_uuid(struct crypt_device *cd, struct luks2_hdr *hdr, const char *uuid)
void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr)
{
- if (json_object_put(hdr->jobj))
- hdr->jobj = NULL;
- else if (hdr->jobj)
+ json_object **jobj;
+
+ assert(hdr);
+
+ jobj = (json_object **)&hdr->jobj;
+
+ if (!hdr_json_free(jobj))
log_dbg(cd, "LUKS2 header still in use");
+
+ jobj = (json_object **)&hdr->jobj_rollback;
+
+ if (!hdr_json_free(jobj))
+ log_dbg(cd, "LUKS2 rollback metadata copy still in use");
}
static uint64_t LUKS2_keyslots_size_jobj(json_object *jobj)
hdr_size = LUKS2_hdr_and_areas_size(hdr);
buffer_size = size_round_up(hdr_size, crypt_getpagesize());
- buffer = crypt_safe_alloc(buffer_size);
+ buffer = malloc(buffer_size);
if (!buffer)
return -ENOMEM;
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s."),
device_path(crypt_metadata_device(cd)));
- crypt_safe_free(buffer);
- return r;
+ goto out;
}
devfd = device_open_locked(cd, device, O_RDONLY);
if (devfd < 0) {
device_read_unlock(cd, device);
log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device));
- crypt_safe_free(buffer);
- return devfd == -1 ? -EINVAL : devfd;
+ r = (devfd == -1) ? -EINVAL : devfd;
+ goto out;
}
if (read_lseek_blockwise(devfd, device_block_size(cd, device),
device_alignment(device), buffer, hdr_size, 0) < hdr_size) {
device_read_unlock(cd, device);
- crypt_safe_free(buffer);
- return -EIO;
+ r = -EIO;
+ goto out;
}
device_read_unlock(cd, device);
log_err(cd, _("Requested header backup file %s already exists."), backup_file);
else
log_err(cd, _("Cannot create header backup file %s."), backup_file);
- crypt_safe_free(buffer);
- return -EINVAL;
+ r = -EINVAL;
+ goto out;
}
ret = write_buffer(fd, buffer, buffer_size);
close(fd);
r = -EIO;
} else
r = 0;
-
- crypt_safe_free(buffer);
+out:
+ crypt_safe_memzero(buffer, buffer_size);
+ free(buffer);
return r;
}
int r, fd, devfd = -1, diff_uuid = 0;
ssize_t ret, buffer_size = 0;
char *buffer = NULL, msg[1024];
- struct luks2_hdr hdr_file;
- struct luks2_hdr tmp_hdr = {};
+ struct luks2_hdr hdr_file = {}, tmp_hdr = {};
uint32_t reqs = 0;
r = device_alloc(cd, &backup_device, backup_file);
}
buffer_size = LUKS2_hdr_and_areas_size(&hdr_file);
- buffer = crypt_safe_alloc(buffer_size);
+ buffer = malloc(buffer_size);
if (!buffer) {
r = -ENOMEM;
goto out;
LUKS2_hdr_free(cd, &tmp_hdr);
crypt_safe_memzero(&hdr_file, sizeof(hdr_file));
crypt_safe_memzero(&tmp_hdr, sizeof(tmp_hdr));
- crypt_safe_free(buffer);
-
+ crypt_safe_memzero(buffer, buffer_size);
+ free(buffer);
device_sync(cd, device);
-
return r;
}
/* LUKS2 library requirements */
struct requirement_flag {
uint32_t flag;
- uint32_t version;
+ uint8_t version;
const char *description;
};
static const struct requirement_flag requirements_flags[] = {
{ CRYPT_REQUIREMENT_OFFLINE_REENCRYPT,1, "offline-reencrypt" },
{ CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 2, "online-reencrypt-v2" },
+ { CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 3, "online-reencrypt-v3" },
{ CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 1, "online-reencrypt" },
{ 0, 0, NULL }
};
return &unknown_requirement_flag;
}
-int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint32_t *version)
+static json_object *mandatory_requirements_jobj(struct luks2_hdr *hdr)
{
- json_object *jobj_config, *jobj_requirements, *jobj_mandatory, *jobj;
- int i, len;
- const struct requirement_flag *req;
+ json_object *jobj_config, *jobj_requirements, *jobj_mandatory;
- assert(hdr && version);
- if (!hdr || !version)
- return -EINVAL;
+ assert(hdr);
if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
- return -EINVAL;
+ return NULL;
if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements))
- return -ENOENT;
+ return NULL;
if (!json_object_object_get_ex(jobj_requirements, "mandatory", &jobj_mandatory))
+ return NULL;
+
+ return jobj_mandatory;
+}
+
+bool LUKS2_reencrypt_requirement_candidate(struct luks2_hdr *hdr)
+{
+ json_object *jobj_mandatory;
+ int i, len;
+
+ assert(hdr);
+
+ jobj_mandatory = mandatory_requirements_jobj(hdr);
+ if (!jobj_mandatory)
+ return false;
+
+ len = (int) json_object_array_length(jobj_mandatory);
+ if (len <= 0)
+ return false;
+
+ for (i = 0; i < len; i++) {
+ if (reencrypt_candidate_flag(json_object_get_string(json_object_array_get_idx(jobj_mandatory, i))))
+ return true;
+ }
+
+ return false;
+}
+
+int LUKS2_config_get_reencrypt_version(struct luks2_hdr *hdr, uint8_t *version)
+{
+ json_object *jobj_mandatory, *jobj;
+ int i, len;
+ const struct requirement_flag *req;
+
+ assert(hdr);
+ assert(version);
+
+ jobj_mandatory = mandatory_requirements_jobj(hdr);
+ if (!jobj_mandatory)
return -ENOENT;
len = (int) json_object_array_length(jobj_mandatory);
/* check current library is aware of the requirement */
req = get_requirement_by_name(json_object_get_string(jobj));
- if (req->flag == (uint32_t)CRYPT_REQUIREMENT_UNKNOWN)
+ if (req->flag == CRYPT_REQUIREMENT_UNKNOWN)
continue;
*version = req->version;
static const struct requirement_flag *stored_requirement_name_by_id(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t req_id)
{
- json_object *jobj_config, *jobj_requirements, *jobj_mandatory, *jobj;
+ json_object *jobj_mandatory, *jobj;
int i, len;
const struct requirement_flag *req;
assert(hdr);
- if (!hdr)
- return NULL;
-
- if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
- return NULL;
- if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements))
- return NULL;
-
- if (!json_object_object_get_ex(jobj_requirements, "mandatory", &jobj_mandatory))
+ jobj_mandatory = mandatory_requirements_jobj(hdr);
+ if (!jobj_mandatory)
return NULL;
len = (int) json_object_array_length(jobj_mandatory);
if (len <= 0)
- return 0;
+ return NULL;
for (i = 0; i < len; i++) {
jobj = json_object_array_get_idx(jobj_mandatory, i);
*/
int LUKS2_config_get_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uint32_t *reqs)
{
- json_object *jobj_config, *jobj_requirements, *jobj_mandatory, *jobj;
+ json_object *jobj_mandatory, *jobj;
int i, len;
const struct requirement_flag *req;
assert(hdr);
- if (!hdr || !reqs)
- return -EINVAL;
+ assert(reqs);
*reqs = 0;
- if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
- return 0;
-
- if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements))
- return 0;
-
- if (!json_object_object_get_ex(jobj_requirements, "mandatory", &jobj_mandatory))
+ jobj_mandatory = mandatory_requirements_jobj(hdr);
+ if (!jobj_mandatory)
return 0;
len = (int) json_object_array_length(jobj_mandatory);
return r;
}
+static json_object *LUKS2_get_mandatory_requirements_filtered_jobj(struct luks2_hdr *hdr,
+ uint32_t filter_req_ids)
+{
+ int i, len;
+ const struct requirement_flag *req;
+ json_object *jobj_mandatory, *jobj_mandatory_filtered, *jobj;
+
+ jobj_mandatory_filtered = json_object_new_array();
+ if (!jobj_mandatory_filtered)
+ return NULL;
+
+ jobj_mandatory = mandatory_requirements_jobj(hdr);
+ if (!jobj_mandatory)
+ return jobj_mandatory_filtered;
+
+ len = (int) json_object_array_length(jobj_mandatory);
+
+ for (i = 0; i < len; i++) {
+ jobj = json_object_array_get_idx(jobj_mandatory, i);
+ req = get_requirement_by_name(json_object_get_string(jobj));
+ if (req->flag == CRYPT_REQUIREMENT_UNKNOWN || req->flag & filter_req_ids)
+ continue;
+ json_object_array_add(jobj_mandatory_filtered,
+ json_object_new_string(req->description));
+ }
+
+ return jobj_mandatory_filtered;
+}
+
+/*
+ * The function looks for specific version of requirement id.
+ * If it can't be fulfilled function fails.
+ */
+int LUKS2_config_set_requirement_version(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ uint32_t req_id,
+ uint8_t req_version,
+ bool commit)
+{
+ json_object *jobj_config, *jobj_requirements, *jobj_mandatory;
+ const struct requirement_flag *req;
+ int r = -EINVAL;
+
+ if (!hdr || req_id == CRYPT_REQUIREMENT_UNKNOWN)
+ return -EINVAL;
+
+ req = requirements_flags;
+
+ while (req->description) {
+ /* we have a match */
+ if (req->flag == req_id && req->version == req_version)
+ break;
+ req++;
+ }
+
+ if (!req->description)
+ return -EINVAL;
+
+ /*
+ * Creates copy of mandatory requirements set without specific requirement
+ * (no matter the version) we want to set.
+ */
+ jobj_mandatory = LUKS2_get_mandatory_requirements_filtered_jobj(hdr, req_id);
+ if (!jobj_mandatory)
+ return -ENOMEM;
+
+ json_object_array_add(jobj_mandatory, json_object_new_string(req->description));
+
+ if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
+ goto err;
+
+ if (!json_object_object_get_ex(jobj_config, "requirements", &jobj_requirements)) {
+ jobj_requirements = json_object_new_object();
+ if (!jobj_requirements) {
+ r = -ENOMEM;
+ goto err;
+ }
+ json_object_object_add(jobj_config, "requirements", jobj_requirements);
+ }
+
+ json_object_object_add(jobj_requirements, "mandatory", jobj_mandatory);
+
+ return commit ? LUKS2_hdr_write(cd, hdr) : 0;
+err:
+ json_object_put(jobj_mandatory);
+ return r;
+}
+
/*
* Header dump
*/
json_object_object_get_ex(hdr_jobj, "keyslots", &keyslots_jobj);
for (j = 0; j < LUKS2_KEYSLOTS_MAX; j++) {
- (void) snprintf(slot, sizeof(slot), "%i", j);
+ if (snprintf(slot, sizeof(slot), "%i", j) < 0)
+ slot[0] = '\0';
json_object_object_get_ex(keyslots_jobj, slot, &val);
if (!val)
continue;
json_object_object_get_ex(hdr_jobj, "tokens", &tokens_jobj);
for (j = 0; j < LUKS2_TOKENS_MAX; j++) {
- (void) snprintf(token, sizeof(token), "%i", j);
+ if (snprintf(token, sizeof(token), "%i", j) < 0)
+ token[0] = '\0';
json_object_object_get_ex(tokens_jobj, token, &val);
if (!val)
continue;
json_object_object_get_ex(val, "keyslots", &jobj2);
for (i = 0; i < (int) json_object_array_length(jobj2); i++) {
jobj3 = json_object_array_get_idx(jobj2, i);
- log_std(cd, "\tKeyslot: %s\n", json_object_get_string(jobj3));
+ log_std(cd, "\tKeyslot: %s\n", json_object_get_string(jobj3));
}
}
}
json_object_object_get_ex(hdr_jobj, "segments", &jobj_segments);
for (i = 0; i < LUKS2_SEGMENT_MAX; i++) {
- (void) snprintf(segment, sizeof(segment), "%i", i);
+ if (snprintf(segment, sizeof(segment), "%i", i) < 0)
+ segment[0] = '\0';
if (!json_object_object_get_ex(jobj_segments, segment, &jobj_segment))
continue;
json_object_object_get_ex(hdr_jobj, "digests", &jobj1);
for (i = 0; i < LUKS2_DIGEST_MAX; i++) {
- (void) snprintf(key, sizeof(key), "%i", i);
+ if (snprintf(key, sizeof(key), "%i", i) < 0)
+ key[0] = '\0';
json_object_object_get_ex(jobj1, key, &val);
if (!val)
continue;
return 0;
}
+int LUKS2_hdr_dump_json(struct crypt_device *cd, struct luks2_hdr *hdr, const char **json)
+{
+ const char *json_buf;
+
+ json_buf = json_object_to_json_string_ext(hdr->jobj,
+ JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE);
+
+ if (!json_buf)
+ return -EINVAL;
+
+ if (json)
+ *json = json_buf;
+ else
+ crypt_log(cd, CRYPT_LOG_NORMAL, json_buf);
+
+ return 0;
+}
+
int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
{
- int sector_size;
- json_object *jobj_segments, *jobj_size;
+ int i, len, sector_size;
+ json_object *jobj_segments, *jobj_segment, *jobj_size;
uint64_t tmp = 0;
if (!size || !json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments))
return -EINVAL;
- json_object_object_foreach(jobj_segments, key, val) {
- UNUSED(key);
- if (json_segment_is_backup(val))
- continue;
+ len = json_object_object_length(jobj_segments);
+
+ for (i = 0; i < len; i++) {
+ if (!(jobj_segment = json_segments_get_segment(jobj_segments, i)))
+ return -EINVAL;
+
+ if (json_segment_is_backup(jobj_segment))
+ break;
- json_object_object_get_ex(val, "size", &jobj_size);
+ json_object_object_get_ex(jobj_segment, "size", &jobj_size);
if (!strcmp(json_object_get_string(jobj_size), "dynamic")) {
- sector_size = json_segment_get_sector_size(val);
+ sector_size = json_segment_get_sector_size(jobj_segment);
/* last dynamic segment must have at least one sector in size */
if (tmp)
*size = tmp + (sector_size > 0 ? sector_size : SECTOR_SIZE);
return -1;
}
-int LUKS2_get_sector_size(struct luks2_hdr *hdr)
+uint32_t LUKS2_get_sector_size(struct luks2_hdr *hdr)
{
- json_object *jobj_segment;
-
- jobj_segment = LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT);
- if (!jobj_segment)
- return SECTOR_SIZE;
-
- return json_segment_get_sector_size(jobj_segment) ?: SECTOR_SIZE;
+ return json_segment_get_sector_size(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT));
}
int LUKS2_assembly_multisegment_dmd(struct crypt_device *cd,
tgt = &dmd->segment;
/* TODO: We have LUKS2 dependencies now */
- if (hdr && single_segment(dmd) && tgt->type == DM_CRYPT && crypt_get_integrity_tag_size(cd))
+ if (single_segment(dmd) && tgt->type == DM_CRYPT && tgt->u.crypt.tag_size)
namei = device_dm_name(tgt->data_device);
r = dm_device_deps(cd, name, deps_uuid_prefix, deps, ARRAY_SIZE(deps));
/*
* LUKS - Linux Unified Key Setup v2, keyslot handling
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
};
static const keyslot_handler
-*LUKS2_keyslot_handler_type(struct crypt_device *cd, const char *type)
+*LUKS2_keyslot_handler_type(const char *type)
{
int i;
if (!json_object_object_get_ex(jobj1, "type", &jobj2))
return NULL;
- return LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj2));
+ return LUKS2_keyslot_handler_type(json_object_get_string(jobj2));
}
-int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr)
+int LUKS2_keyslot_find_empty(struct crypt_device *cd, struct luks2_hdr *hdr, size_t keylength)
{
int i;
for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++)
if (!LUKS2_get_keyslot_jobj(hdr, i))
- return i;
+ break;
+
+ if (i == LUKS2_KEYSLOTS_MAX)
+ return -EINVAL;
- return -EINVAL;
+ /* Check also there is a space for the key in keyslots area */
+ if (keylength && LUKS2_find_area_gap(cd, hdr, keylength, NULL, NULL) < 0)
+ return -ENOSPC;
+
+ return i;
}
/* Check if a keyslot is assigned to specific segment */
if (r == -ENOMEM)
log_err(cd, _("Not enough available memory to open a keyslot."));
- else if (r != -EPERM)
+ else if (r != -EPERM && r != -ENOENT)
log_err(cd, _("Keyslot open failed."));
}
return r;
if (r < 0) {
if (r == -ENOMEM)
log_err(cd, _("Not enough available memory to open a keyslot."));
- else if (r != -EPERM)
+ else if (r != -EPERM && r != -ENOENT)
log_err(cd, _("Keyslot open failed."));
}
return r;
}
-int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int keyslot,
- const struct crypt_params_reencrypt *params)
-{
- const keyslot_handler *h;
- int r;
-
- if (keyslot == CRYPT_ANY_SLOT)
- return -EINVAL;
-
- /* FIXME: find keyslot by type */
- h = LUKS2_keyslot_handler_type(cd, "reencrypt");
- if (!h)
- return -EINVAL;
-
- r = reenc_keyslot_alloc(cd, hdr, keyslot, params);
- if (r < 0)
- return r;
-
- r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNORE, 0);
- if (r < 0)
- return r;
-
- r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
- if (r) {
- log_dbg(cd, "Keyslot validation failed.");
- return r;
- }
-
- return 0;
-}
-
int LUKS2_keyslot_reencrypt_store(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot,
if (!LUKS2_get_keyslot_jobj(hdr, keyslot)) {
/* Try to allocate default and empty keyslot type */
- h = LUKS2_keyslot_handler_type(cd, "luks2");
+ h = LUKS2_keyslot_handler_type("luks2");
if (!h)
return -EINVAL;
return h->dump(cd, keyslot);
}
-crypt_keyslot_priority LUKS2_keyslot_priority_get(struct crypt_device *cd,
- struct luks2_hdr *hdr, int keyslot)
+crypt_keyslot_priority LUKS2_keyslot_priority_get(struct luks2_hdr *hdr, int keyslot)
{
json_object *jobj_keyslot, *jobj_priority;
int placeholder_keyslot_alloc(struct crypt_device *cd,
int keyslot,
uint64_t area_offset,
- uint64_t area_length,
- size_t volume_key_len)
+ uint64_t area_length)
{
struct luks2_hdr *hdr;
json_object *jobj_keyslots, *jobj_keyslot, *jobj_area;
json_object_object_foreach(jobj_keyslots, slot, val) {
keyslot = atoi(slot);
json_object_object_get_ex(val, "type", &jobj_type);
- h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
+ h = LUKS2_keyslot_handler_type(json_object_get_string(jobj_type));
if (!h)
continue;
if (h->validate && h->validate(cd, val)) {
return -EINVAL;
}
- if (!(reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT) && reencrypt_count) {
+ if (reencrypt_count && !LUKS2_reencrypt_requirement_candidate(&dummy)) {
log_dbg(cd, "Missing reencryption requirement flag.");
return -EINVAL;
}
!json_object_is_type(jobj_type, json_type_string))
continue;
- h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
+ h = LUKS2_keyslot_handler_type(json_object_get_string(jobj_type));
if (h && h->repair)
- h->repair(cd, val);
+ h->repair(val);
}
}
return -ENOENT;
}
+
+/* assumes valid header, it does not move references in tokens/digests etc! */
+int LUKS2_keyslot_swap(struct crypt_device *cd, struct luks2_hdr *hdr,
+ int keyslot, int keyslot2)
+{
+ json_object *jobj_keyslots, *jobj_keyslot, *jobj_keyslot2;
+ int r;
+
+ if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots))
+ return -EINVAL;
+
+ jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
+ if (!jobj_keyslot)
+ return -EINVAL;
+
+ jobj_keyslot2 = LUKS2_get_keyslot_jobj(hdr, keyslot2);
+ if (!jobj_keyslot2)
+ return -EINVAL;
+
+ /* This transfer owner of object, no need for json_object_put */
+ json_object_get(jobj_keyslot);
+ json_object_get(jobj_keyslot2);
+
+ json_object_object_del_by_uint(jobj_keyslots, keyslot);
+ r = json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot2);
+ if (r < 0) {
+ log_dbg(cd, "Failed to swap keyslot %d.", keyslot);
+ return r;
+ }
+
+ json_object_object_del_by_uint(jobj_keyslots, keyslot2);
+ r = json_object_object_add_by_uint(jobj_keyslots, keyslot2, jobj_keyslot);
+ if (r < 0)
+ log_dbg(cd, "Failed to swap keyslot2 %d.", keyslot2);
+
+ return r;
+}
/*
* LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include <limits.h>
#include "luks2_internal.h"
/* FIXME: move keyslot encryption to crypto backend */
/* Serialize memory-hard keyslot access: optional workaround for parallel processing */
#define MIN_MEMORY_FOR_SERIALIZE_LOCK_KB 32*1024 /* 32MB */
+/* coverity[ -taint_source : arg-0 ] */
static int luks2_encrypt_to_storage(char *src, size_t srcLength,
const char *cipher, const char *cipher_mode,
struct volume_key *vk, unsigned int sector,
}
static int luks2_keyslot_get_pbkdf_params(json_object *jobj_keyslot,
- struct crypt_pbkdf_type *pbkdf, char *salt)
+ struct crypt_pbkdf_type *pbkdf, char **salt)
{
json_object *jobj_kdf, *jobj1, *jobj2;
size_t salt_len;
+ int r;
if (!jobj_keyslot || !pbkdf)
return -EINVAL;
if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj2))
return -EINVAL;
- salt_len = LUKS_SALTSIZE;
- if (!base64_decode(json_object_get_string(jobj2),
- json_object_get_string_len(jobj2),
- salt, &salt_len))
- return -EINVAL;
- if (salt_len != LUKS_SALTSIZE)
+
+ r = crypt_base64_decode(salt, &salt_len, json_object_get_string(jobj2),
+ json_object_get_string_len(jobj2));
+ if (r < 0)
+ return r;
+
+ if (salt_len != LUKS_SALTSIZE) {
+ free(*salt);
return -EINVAL;
+ }
return 0;
}
const char *volume_key, size_t volume_key_len)
{
struct volume_key *derived_key;
- char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
+ char *salt = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
char *AfKey = NULL;
const char *af_hash = NULL;
size_t AFEKSize, keyslot_key_len;
return -EINVAL;
af_hash = json_object_get_string(jobj2);
- if (luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, salt))
- return -EINVAL;
+ r = luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, &salt);
+ if (r < 0)
+ return r;
/*
* Allocate derived key storage.
*/
derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL);
- if (!derived_key)
+ if (!derived_key) {
+ free(salt);
return -ENOMEM;
+ }
/*
* Calculate keyslot content, split and store it to keyslot area.
*/
+ log_dbg(cd, "Running keyslot key derivation.");
r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen,
salt, LUKS_SALTSIZE,
derived_key->key, derived_key->keylength,
pbkdf.iterations, pbkdf.max_memory_kb,
pbkdf.parallel_threads);
+ free(salt);
if (r < 0) {
+ if ((crypt_backend_flags() & CRYPT_BACKEND_PBKDF2_INT) &&
+ pbkdf.iterations > INT_MAX)
+ log_err(cd, _("PBKDF2 iteration value overflow."));
crypt_free_volume_key(derived_key);
return r;
}
return -ENOMEM;
}
- r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
+ r = crypt_hash_size(af_hash);
+ if (r < 0)
+ log_err(cd, _("Hash algorithm %s is not available."), af_hash);
+ else
+ r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
if (r == 0) {
- log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset);
+ log_dbg(cd, "Updating keyslot area [0x%04" PRIx64 "].", area_offset);
/* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */
r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode,
derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
const char *password, size_t passwordLen,
char *volume_key, size_t volume_key_len)
{
- struct volume_key *derived_key;
+ struct volume_key *derived_key = NULL;
struct crypt_pbkdf_type pbkdf;
- char *AfKey;
+ char *AfKey = NULL;
size_t AFEKSize;
const char *af_hash = NULL;
- char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
+ char *salt = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
json_object *jobj2, *jobj_af, *jobj_area;
uint64_t area_offset;
size_t keyslot_key_len;
!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
return -EINVAL;
- if (luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, salt))
- return -EINVAL;
-
if (!json_object_object_get_ex(jobj_af, "hash", &jobj2))
return -EINVAL;
af_hash = json_object_get_string(jobj2);
return -EINVAL;
keyslot_key_len = json_object_get_int(jobj2);
- /*
- * If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
- */
- if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB)
- try_serialize_lock = true;
- if (try_serialize_lock && crypt_serialize_lock(cd))
- return -EINVAL;
+ r = luks2_keyslot_get_pbkdf_params(jobj_keyslot, &pbkdf, &salt);
+ if (r < 0)
+ return r;
+
/*
* Allocate derived key storage space.
*/
derived_key = crypt_alloc_volume_key(keyslot_key_len, NULL);
- if (!derived_key)
- return -ENOMEM;
+ if (!derived_key) {
+ r = -ENOMEM;
+ goto out;
+ }
AFEKSize = AF_split_sectors(volume_key_len, LUKS_STRIPES) * SECTOR_SIZE;
AfKey = crypt_safe_alloc(AFEKSize);
if (!AfKey) {
- crypt_free_volume_key(derived_key);
- return -ENOMEM;
+ r = -ENOMEM;
+ goto out;
}
+
+ /*
+ * If requested, serialize unlocking for memory-hard KDF. Usually NOOP.
+ */
+ if (pbkdf.max_memory_kb > MIN_MEMORY_FOR_SERIALIZE_LOCK_KB)
+ try_serialize_lock = true;
+ if (try_serialize_lock && (r = crypt_serialize_lock(cd)))
+ goto out;
+
/*
* Calculate derived key, decrypt keyslot content and merge it.
*/
+ log_dbg(cd, "Running keyslot key derivation.");
r = crypt_pbkdf(pbkdf.type, pbkdf.hash, password, passwordLen,
salt, LUKS_SALTSIZE,
derived_key->key, derived_key->keylength,
crypt_serialize_unlock(cd);
if (r == 0) {
- log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offset);
+ log_dbg(cd, "Reading keyslot area [0x%04" PRIx64 "].", area_offset);
/* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */
r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode,
derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
}
- if (r == 0)
- r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
-
+ if (r == 0) {
+ r = crypt_hash_size(af_hash);
+ if (r < 0)
+ log_err(cd, _("Hash algorithm %s is not available."), af_hash);
+ else
+ r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
+ }
+out:
+ free(salt);
crypt_free_volume_key(derived_key);
crypt_safe_free(AfKey);
r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT);
if (r < 0)
return r;
- base64_encode_alloc(salt, LUKS_SALTSIZE, &salt_base64);
- if (!salt_base64)
- return -ENOMEM;
+ r = crypt_base64_encode(&salt_base64, NULL, salt, LUKS_SALTSIZE);
+ if (r < 0)
+ return r;
json_object_object_add(jobj_kdf, "salt", json_object_new_string(salt_base64));
free(salt_base64);
return -EINVAL;
if (keyslot == CRYPT_ANY_SLOT)
- keyslot = LUKS2_keyslot_find_empty(hdr);
+ keyslot = LUKS2_keyslot_find_empty(cd, hdr, 0);
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX)
return -ENOMEM;
if (!jobj_keyslot)
return -EINVAL;
- if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
- !json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
- !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
+ if (!(jobj_kdf = json_contains(cd, jobj_keyslot, "", "keyslot", "kdf", json_type_object)) ||
+ !(jobj_af = json_contains(cd, jobj_keyslot, "", "keyslot", "af", json_type_object)) ||
+ !(jobj_area = json_contains(cd, jobj_keyslot, "", "keyslot", "area", json_type_object)))
return -EINVAL;
count = json_object_object_length(jobj_kdf);
- jobj1 = json_contains(cd, jobj_kdf, "", "kdf section", "type", json_type_string);
+ jobj1 = json_contains_string(cd, jobj_kdf, "", "kdf section", "type");
if (!jobj1)
return -EINVAL;
type = json_object_get_string(jobj1);
if (!strcmp(type, CRYPT_KDF_PBKDF2)) {
if (count != 4 || /* type, salt, hash, iterations only */
- !json_contains(cd, jobj_kdf, "kdf type", type, "hash", json_type_string) ||
+ !json_contains_string(cd, jobj_kdf, "kdf type", type, "hash") ||
!json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
- !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
+ !json_contains_string(cd, jobj_kdf, "kdf type", type, "salt"))
return -EINVAL;
} else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) {
if (count != 5 || /* type, salt, time, memory, cpus only */
!json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) ||
!json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
- !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
+ !json_contains_string(cd, jobj_kdf, "kdf type", type, "salt"))
return -EINVAL;
}
- if (!json_object_object_get_ex(jobj_af, "type", &jobj1))
+ jobj1 = json_contains_string(cd, jobj_af, "", "af section", "type");
+ if (!jobj1)
return -EINVAL;
- if (!strcmp(json_object_get_string(jobj1), "luks1")) {
- if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) ||
+ type = json_object_get_string(jobj1);
+
+ if (!strcmp(type, "luks1")) {
+ if (!json_contains_string(cd, jobj_af, "", "luks1 af", "hash") ||
!json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int))
return -EINVAL;
} else
return -EINVAL;
// FIXME check numbered
- if (!json_object_object_get_ex(jobj_area, "type", &jobj1))
+ jobj1 = json_contains_string(cd, jobj_area, "", "area section", "type");
+ if (!jobj1)
return -EINVAL;
- if (!strcmp(json_object_get_string(jobj1), "raw")) {
- if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) ||
+ type = json_object_get_string(jobj1);
+
+ if (!strcmp(type, "raw")) {
+ if (!json_contains_string(cd, jobj_area, "area", "raw type", "encryption") ||
!json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) ||
- !json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) ||
- !json_contains(cd, jobj_area, "area", "raw type", "size", json_type_string))
+ !json_contains_string(cd, jobj_area, "area", "raw type", "offset") ||
+ !json_contains_string(cd, jobj_area, "area", "raw type", "size"))
return -EINVAL;
} else
return -EINVAL;
return r;
}
-static void luks2_keyslot_repair(struct crypt_device *cd, json_object *jobj_keyslot)
+static void luks2_keyslot_repair(json_object *jobj_keyslot)
{
const char *type;
json_object *jobj_kdf, *jobj_type;
/*
* LUKS - Linux Unified Key Setup v2, reencryption keyslot handler
*
- * Copyright (C) 2016-2021, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021, Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "luks2_internal.h"
-static int reenc_keyslot_open(struct crypt_device *cd,
- int keyslot,
- const char *password,
- size_t password_len,
- char *volume_key,
- size_t volume_key_len)
+static int reenc_keyslot_open(struct crypt_device *cd __attribute__((unused)),
+ int keyslot __attribute__((unused)),
+ const char *password __attribute__((unused)),
+ size_t password_len __attribute__((unused)),
+ char *volume_key __attribute__((unused)),
+ size_t volume_key_len __attribute__((unused)))
{
return -ENOENT;
}
-int reenc_keyslot_alloc(struct crypt_device *cd,
+static json_object *reencrypt_keyslot_area_jobj(struct crypt_device *cd,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment,
+ uint64_t area_offset,
+ uint64_t area_length)
+{
+ json_object *jobj_area = json_object_new_object();
+
+ if (!jobj_area || !params || !params->resilience)
+ return NULL;
+
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ json_object_object_add(jobj_area, "type", json_object_new_string(params->resilience));
+
+ if (!strcmp(params->resilience, "checksum")) {
+ log_dbg(cd, "Setting reencrypt keyslot for checksum protection.");
+ json_object_object_add(jobj_area, "hash", json_object_new_string(params->hash));
+ json_object_object_add(jobj_area, "sector_size", json_object_new_int64(alignment));
+ } else if (!strcmp(params->resilience, "journal")) {
+ log_dbg(cd, "Setting reencrypt keyslot for journal protection.");
+ } else if (!strcmp(params->resilience, "none")) {
+ log_dbg(cd, "Setting reencrypt keyslot for none protection.");
+ } else if (!strcmp(params->resilience, "datashift")) {
+ log_dbg(cd, "Setting reencrypt keyslot for datashift protection.");
+ json_object_object_add(jobj_area, "shift_size",
+ crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
+ } else if (!strcmp(params->resilience, "datashift-checksum")) {
+ log_dbg(cd, "Setting reencrypt keyslot for datashift and checksum protection.");
+ json_object_object_add(jobj_area, "hash", json_object_new_string(params->hash));
+ json_object_object_add(jobj_area, "sector_size", json_object_new_int64(alignment));
+ json_object_object_add(jobj_area, "shift_size",
+ crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
+ } else if (!strcmp(params->resilience, "datashift-journal")) {
+ log_dbg(cd, "Setting reencrypt keyslot for datashift and journal protection.");
+ json_object_object_add(jobj_area, "shift_size",
+ crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
+ } else {
+ json_object_put(jobj_area);
+ return NULL;
+ }
+
+ return jobj_area;
+}
+
+static json_object *reencrypt_keyslot_area_jobj_update_block_size(struct crypt_device *cd,
+ json_object *jobj_area, size_t alignment)
+{
+ json_object *jobj_type, *jobj_area_new = NULL;
+
+ if (!jobj_area ||
+ !json_object_object_get_ex(jobj_area, "type", &jobj_type) ||
+ (strcmp(json_object_get_string(jobj_type), "checksum") &&
+ strcmp(json_object_get_string(jobj_type), "datashift-checksum")))
+ return NULL;
+
+ if (json_object_copy(jobj_area, &jobj_area_new))
+ return NULL;
+
+ log_dbg(cd, "Updating reencrypt resilience checksum block size.");
+
+ json_object_object_add(jobj_area_new, "sector_size", json_object_new_int64(alignment));
+
+ return jobj_area_new;
+}
+
+static int reenc_keyslot_alloc(struct crypt_device *cd,
struct luks2_hdr *hdr,
int keyslot,
- const struct crypt_params_reencrypt *params)
+ const struct crypt_params_reencrypt *params,
+ size_t alignment)
{
int r;
json_object *jobj_keyslots, *jobj_keyslot, *jobj_area;
log_dbg(cd, "Allocating reencrypt keyslot %d.", keyslot);
+ if (!params || !params->resilience || params->direction > CRYPT_REENCRYPT_BACKWARD)
+ return -EINVAL;
+
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX)
return -ENOMEM;
if (!json_object_object_get_ex(hdr->jobj, "keyslots", &jobj_keyslots))
return -EINVAL;
- /* encryption doesn't require area (we shift data and backup will be available) */
- if (!params->data_shift) {
- r = LUKS2_find_area_max_gap(cd, hdr, &area_offset, &area_length);
- if (r < 0)
- return r;
- } else { /* we can't have keyslot w/o area...bug? */
+ /* only plain datashift resilience mode does not require additional storage */
+ if (!strcmp(params->resilience, "datashift"))
r = LUKS2_find_area_gap(cd, hdr, 1, &area_offset, &area_length);
- if (r < 0)
- return r;
- }
+ else
+ r = LUKS2_find_area_max_gap(cd, hdr, &area_offset, &area_length);
+ if (r < 0)
+ return r;
+
+ jobj_area = reencrypt_keyslot_area_jobj(cd, params, alignment, area_offset, area_length);
+ if (!jobj_area)
+ return -EINVAL;
jobj_keyslot = json_object_new_object();
- if (!jobj_keyslot)
+ if (!jobj_keyslot) {
+ json_object_put(jobj_area);
return -ENOMEM;
-
- jobj_area = json_object_new_object();
-
- if (params->data_shift) {
- json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
- json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
- } else
- /* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
- json_object_object_add(jobj_area, "type", json_object_new_string("none"));
-
- json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
+ }
+ json_object_object_add(jobj_keyslot, "area", jobj_area);
json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
json_object_object_add(jobj_keyslot, "mode", json_object_new_string(crypt_reencrypt_mode_to_str(params->mode)));
if (params->direction == CRYPT_REENCRYPT_FORWARD)
json_object_object_add(jobj_keyslot, "direction", json_object_new_string("forward"));
- else if (params->direction == CRYPT_REENCRYPT_BACKWARD)
- json_object_object_add(jobj_keyslot, "direction", json_object_new_string("backward"));
else
- return -EINVAL;
-
- json_object_object_add(jobj_keyslot, "area", jobj_area);
+ json_object_object_add(jobj_keyslot, "direction", json_object_new_string("backward"));
json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
if (LUKS2_check_json_size(cd, hdr)) {
static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_keyslot)
{
- json_object *jobj_mode, *jobj_area, *jobj_type, *jobj_shift_size, *jobj_hash, *jobj_sector_size, *jobj_direction, *jobj_key_size;
+ json_object *jobj_mode, *jobj_area, *jobj_type, *jobj_shift_size, *jobj_hash,
+ *jobj_sector_size, *jobj_direction, *jobj_key_size;
const char *mode, *type, *direction;
uint32_t sector_size;
uint64_t shift_size;
/* mode (string: encrypt,reencrypt,decrypt)
* direction (string:)
* area {
- * type: (string: datashift, journal, checksum, none)
- * hash: (string: checksum only)
- * sector_size (uint32: checksum only)
- * shift_size (uint64: datashift only)
+ * type: (string: datashift, journal, checksum, none, datashift-journal, datashift-checksum)
+ * hash: (string: checksum and datashift-checksum types)
+ * sector_size (uint32: checksum and datashift-checksum types)
+ * shift_size (uint64: all datashift based types)
* }
*/
return -EINVAL;
jobj_key_size = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "key_size", json_type_int);
- jobj_mode = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "mode", json_type_string);
- jobj_direction = json_contains(cd, jobj_keyslot, "", "reencrypt keyslot", "direction", json_type_string);
+ jobj_mode = json_contains_string(cd, jobj_keyslot, "", "reencrypt keyslot", "mode");
+ jobj_direction = json_contains_string(cd, jobj_keyslot, "", "reencrypt keyslot", "direction");
if (!jobj_mode || !jobj_direction || !jobj_key_size)
return -EINVAL;
return -EINVAL;
}
- if (!strcmp(type, "checksum")) {
- jobj_hash = json_contains(cd, jobj_area, "type:checksum", "Keyslot area", "hash", json_type_string);
- jobj_sector_size = json_contains(cd, jobj_area, "type:checksum", "Keyslot area", "sector_size", json_type_int);
+ if (!strcmp(type, "checksum") || !strcmp(type, "datashift-checksum")) {
+ jobj_hash = json_contains_string(cd, jobj_area, "type:checksum",
+ "Keyslot area", "hash");
+ jobj_sector_size = json_contains(cd, jobj_area, "type:checksum",
+ "Keyslot area", "sector_size", json_type_int);
if (!jobj_hash || !jobj_sector_size)
return -EINVAL;
if (!validate_json_uint32(jobj_sector_size))
return -EINVAL;
sector_size = crypt_jobj_get_uint32(jobj_sector_size);
if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
- log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
+ log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.",
+ sector_size);
return -EINVAL;
}
- } else if (!strcmp(type, "datashift")) {
- if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
+ } else if (!strcmp(type, "datashift") ||
+ !strcmp(type, "datashift-checksum") ||
+ !strcmp(type, "datashift-journal")) {
+ if (!(jobj_shift_size = json_contains_string(cd, jobj_area, "type:datashift",
+ "Keyslot area", "shift_size")))
return -EINVAL;
shift_size = crypt_jobj_get_uint64(jobj_shift_size);
return -EINVAL;
if (MISALIGNED_512(shift_size)) {
- log_dbg(cd, "Shift size field has to be aligned to sector size: %" PRIu32, SECTOR_SIZE);
+ log_dbg(cd, "Shift size field has to be aligned to 512 bytes.");
return -EINVAL;
}
}
return 0;
}
+static int reenc_keyslot_update_needed(struct crypt_device *cd,
+ json_object *jobj_keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment)
+{
+ const char *type;
+ json_object *jobj_area, *jobj_type, *jobj;
+
+ if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) ||
+ !json_object_object_get_ex(jobj_area, "type", &jobj_type) ||
+ !(type = json_object_get_string(jobj_type)))
+ return -EINVAL;
+
+ /*
+ * If no resilience mode change is requested and effective
+ * resilience mode is 'checksum' then check alignment matches
+ * stored checksum block size.
+ */
+ if (!params || !params->resilience) {
+ if (!strcmp(json_object_get_string(jobj_type), "checksum") ||
+ !strcmp(json_object_get_string(jobj_type), "datashift-checksum"))
+ return (json_object_object_get_ex(jobj_area, "sector_size", &jobj) ||
+ alignment != crypt_jobj_get_uint32(jobj));
+ return 0;
+ }
+
+ if (strcmp(params->resilience, type))
+ return 1;
+
+ if (!strcmp(type, "checksum") ||
+ !strcmp(type, "datashift-checksum")) {
+ if (!params->hash)
+ return -EINVAL;
+ if (!json_object_object_get_ex(jobj_area, "hash", &jobj) ||
+ strcmp(json_object_get_string(jobj), params->hash) ||
+ !json_object_object_get_ex(jobj_area, "sector_size", &jobj) ||
+ crypt_jobj_get_uint32(jobj) != alignment)
+ return 1;
+ }
+
+ if (!strncmp(type, "datashift", 9)) {
+ if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj))
+ return -EINVAL;
+ if ((params->data_shift << SECTOR_SHIFT) != crypt_jobj_get_uint64(jobj))
+ return 1;
+ }
+
+ /* nothing to compare with 'none' and 'journal' */
+ return 0;
+}
+
+static int load_checksum_protection(struct crypt_device *cd,
+ json_object *jobj_area,
+ uint64_t area_length,
+ struct reenc_protection *rp)
+{
+ int r;
+ json_object *jobj_hash, *jobj_block_size;
+
+ if (!jobj_area || !rp ||
+ !json_object_object_get_ex(jobj_area, "hash", &jobj_hash) ||
+ !json_object_object_get_ex(jobj_area, "sector_size", &jobj_block_size))
+ return -EINVAL;
+
+ r = snprintf(rp->p.csum.hash, sizeof(rp->p.csum.hash), "%s", json_object_get_string(jobj_hash));
+ if (r < 0 || (size_t)r >= sizeof(rp->p.csum.hash))
+ return -EINVAL;
+
+ if (crypt_hash_init(&rp->p.csum.ch, rp->p.csum.hash)) {
+ log_err(cd, _("Hash algorithm %s is not available."), rp->p.csum.hash);
+ return -EINVAL;
+ }
+
+ r = crypt_hash_size(rp->p.csum.hash);
+ if (r <= 0) {
+ crypt_hash_destroy(rp->p.csum.ch);
+ rp->p.csum.ch = NULL;
+ log_dbg(cd, "Invalid hash size");
+ return -EINVAL;
+ }
+
+ rp->p.csum.hash_size = r;
+ rp->p.csum.block_size = crypt_jobj_get_uint32(jobj_block_size);
+ rp->p.csum.checksums_len = area_length;
+
+ rp->type = REENC_PROTECTION_CHECKSUM;
+ return 0;
+}
+
+static int reenc_keyslot_load_resilience_primary(struct crypt_device *cd,
+ const char *type,
+ json_object *jobj_area,
+ uint64_t area_length,
+ struct reenc_protection *rp)
+{
+ json_object *jobj;
+
+ if (!strcmp(type, "checksum")) {
+ log_dbg(cd, "Initializing checksum resilience mode.");
+ return load_checksum_protection(cd, jobj_area, area_length, rp);
+ } else if (!strcmp(type, "journal")) {
+ log_dbg(cd, "Initializing journal resilience mode.");
+ rp->type = REENC_PROTECTION_JOURNAL;
+ } else if (!strcmp(type, "none")) {
+ log_dbg(cd, "Initializing none resilience mode.");
+ rp->type = REENC_PROTECTION_NONE;
+ } else if (!strcmp(type, "datashift") ||
+ !strcmp(type, "datashift-checksum") ||
+ !strcmp(type, "datashift-journal")) {
+ log_dbg(cd, "Initializing datashift resilience mode.");
+ if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj))
+ return -EINVAL;
+ rp->type = REENC_PROTECTION_DATASHIFT;
+ rp->p.ds.data_shift = crypt_jobj_get_uint64(jobj);
+ } else
+ return -EINVAL;
+
+ return 0;
+}
+
+static int reenc_keyslot_load_resilience_secondary(struct crypt_device *cd,
+ const char *type,
+ json_object *jobj_area,
+ uint64_t area_length,
+ struct reenc_protection *rp)
+{
+ if (!strcmp(type, "datashift-checksum")) {
+ log_dbg(cd, "Initializing checksum resilience mode.");
+ return load_checksum_protection(cd, jobj_area, area_length, rp);
+ } else if (!strcmp(type, "datashift-journal")) {
+ log_dbg(cd, "Initializing journal resilience mode.");
+ rp->type = REENC_PROTECTION_JOURNAL;
+ } else
+ rp->type = REENC_PROTECTION_NOT_SET;
+
+ return 0;
+}
+
+static int reenc_keyslot_load_resilience(struct crypt_device *cd,
+ json_object *jobj_keyslot,
+ struct reenc_protection *rp,
+ bool primary)
+{
+ const char *type;
+ int r;
+ json_object *jobj_area, *jobj_type;
+ uint64_t dummy, area_length;
+
+ if (!rp || !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) ||
+ !json_object_object_get_ex(jobj_area, "type", &jobj_type))
+ return -EINVAL;
+
+ r = LUKS2_keyslot_jobj_area(jobj_keyslot, &dummy, &area_length);
+ if (r < 0)
+ return r;
+
+ type = json_object_get_string(jobj_type);
+ if (!type)
+ return -EINVAL;
+
+ if (primary)
+ return reenc_keyslot_load_resilience_primary(cd, type, jobj_area, area_length, rp);
+ else
+ return reenc_keyslot_load_resilience_secondary(cd, type, jobj_area, area_length, rp);
+}
+
+static bool reenc_keyslot_update_is_valid(struct crypt_device *cd,
+ json_object *jobj_area,
+ const struct crypt_params_reencrypt *params)
+{
+ const char *type;
+ json_object *jobj_type, *jobj;
+
+ if (!json_object_object_get_ex(jobj_area, "type", &jobj_type) ||
+ !(type = json_object_get_string(jobj_type)))
+ return false;
+
+ /* do not allow switch to/away from datashift resilience type */
+ if ((strcmp(params->resilience, "datashift") && !strcmp(type, "datashift")) ||
+ (!strcmp(params->resilience, "datashift") && strcmp(type, "datashift")))
+ return false;
+
+ /* do not allow switch to/away from datashift- resilience subvariants */
+ if ((strncmp(params->resilience, "datashift-", 10) &&
+ !strncmp(type, "datashift-", 10)) ||
+ (!strncmp(params->resilience, "datashift-", 10) &&
+ strncmp(type, "datashift-", 10)))
+ return false;
+
+ /* datashift value is also immutable */
+ if (!strncmp(type, "datashift", 9)) {
+ if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj))
+ return false;
+ return (params->data_shift << SECTOR_SHIFT) == crypt_jobj_get_uint64(jobj);
+ }
+
+ return true;
+}
+
+static int reenc_keyslot_update(struct crypt_device *cd,
+ json_object *jobj_keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment)
+{
+ int r;
+ json_object *jobj_area, *jobj_area_new;
+ uint64_t area_offset, area_length;
+
+ if (!json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
+ return -EINVAL;
+
+ r = LUKS2_keyslot_jobj_area(jobj_keyslot, &area_offset, &area_length);
+ if (r < 0)
+ return r;
+
+ if (!params || !params->resilience)
+ jobj_area_new = reencrypt_keyslot_area_jobj_update_block_size(cd, jobj_area, alignment);
+ else {
+ if (!reenc_keyslot_update_is_valid(cd, jobj_area, params)) {
+ log_err(cd, _("Invalid reencryption resilience mode change requested."));
+ return -EINVAL;
+ }
+
+ jobj_area_new = reencrypt_keyslot_area_jobj(cd, params, alignment,
+ area_offset, area_length);
+ }
+
+ if (!jobj_area_new)
+ return -EINVAL;
+
+ /* increase refcount for validation purposes */
+ json_object_get(jobj_area);
+
+ json_object_object_add(jobj_keyslot, "area", jobj_area_new);
+
+ r = reenc_keyslot_validate(cd, jobj_keyslot);
+ if (r) {
+ /* replace invalid object with previous valid one */
+ json_object_object_add(jobj_keyslot, "area", jobj_area);
+ return -EINVAL;
+ }
+
+ /* previous area object is no longer needed */
+ json_object_put(jobj_area);
+
+ return 0;
+}
+
+int LUKS2_keyslot_reencrypt_allocate(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment)
+{
+ int r;
+
+ if (keyslot == CRYPT_ANY_SLOT)
+ return -EINVAL;
+
+ r = reenc_keyslot_alloc(cd, hdr, keyslot, params, alignment);
+ if (r < 0)
+ return r;
+
+ r = LUKS2_keyslot_priority_set(cd, hdr, keyslot, CRYPT_SLOT_PRIORITY_IGNORE, 0);
+ if (r < 0)
+ return r;
+
+ r = reenc_keyslot_validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
+ if (r) {
+ log_dbg(cd, "Keyslot validation failed.");
+ return r;
+ }
+
+ return 0;
+}
+
+int LUKS2_keyslot_reencrypt_update_needed(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment)
+{
+ int r;
+ json_object *jobj_type, *jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
+
+ if (!jobj_keyslot ||
+ !json_object_object_get_ex(jobj_keyslot, "type", &jobj_type) ||
+ strcmp(json_object_get_string(jobj_type), "reencrypt"))
+ return -EINVAL;
+
+ r = reenc_keyslot_update_needed(cd, jobj_keyslot, params, alignment);
+ if (!r)
+ log_dbg(cd, "No update of reencrypt keyslot needed.");
+
+ return r;
+}
+
+int LUKS2_keyslot_reencrypt_update(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ const struct crypt_params_reencrypt *params,
+ size_t alignment,
+ struct volume_key *vks)
+{
+ int r;
+ uint8_t version;
+ uint64_t max_size, moved_segment_size;
+ json_object *jobj_type, *jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
+ struct reenc_protection check_rp = {};
+
+ if (!jobj_keyslot ||
+ !json_object_object_get_ex(jobj_keyslot, "type", &jobj_type) ||
+ strcmp(json_object_get_string(jobj_type), "reencrypt"))
+ return -EINVAL;
+
+ if (LUKS2_config_get_reencrypt_version(hdr, &version))
+ return -EINVAL;
+
+ /* verify existing reencryption metadata before updating */
+ r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
+ if (r < 0)
+ return r;
+
+ r = reenc_keyslot_update(cd, jobj_keyslot, params, alignment);
+ if (r < 0)
+ return r;
+
+ r = reenc_keyslot_load_resilience(cd, jobj_keyslot, &check_rp, false);
+ if (r < 0)
+ return r;
+
+ if (check_rp.type != REENC_PROTECTION_NOT_SET) {
+ r = LUKS2_reencrypt_max_hotzone_size(cd, hdr, &check_rp, keyslot, &max_size);
+ LUKS2_reencrypt_protection_erase(&check_rp);
+ if (r < 0)
+ return r;
+ moved_segment_size = json_segment_get_size(LUKS2_get_segment_by_flag(hdr, "backup-moved-segment"), 0);
+ if (!moved_segment_size)
+ return -EINVAL;
+ if (moved_segment_size > max_size) {
+ log_err(cd, _("Can not update resilience type. "
+ "New type only provides %" PRIu64 " bytes, "
+ "required space is: %" PRIu64 " bytes."),
+ max_size, moved_segment_size);
+ return -EINVAL;
+ }
+ }
+
+ r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, version, vks);
+ if (r < 0)
+ log_err(cd, _("Failed to refresh reencryption verification digest."));
+
+ return r ?: LUKS2_hdr_write(cd, hdr);
+}
+
+int LUKS2_keyslot_reencrypt_load(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int keyslot,
+ struct reenc_protection *rp,
+ bool primary)
+{
+ json_object *jobj_type, *jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
+
+ if (!jobj_keyslot ||
+ !json_object_object_get_ex(jobj_keyslot, "type", &jobj_type) ||
+ strcmp(json_object_get_string(jobj_type), "reencrypt"))
+ return -EINVAL;
+
+ return reenc_keyslot_load_resilience(cd, jobj_keyslot, rp, primary);
+}
+
const keyslot_handler reenc_keyslot = {
.name = "reencrypt",
.open = reenc_keyslot_open,
/*
* LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
*
- * Copyright (C) 2015-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021 Ondrej Kozina
- * Copyright (C) 2015-2021 Milan Broz
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Ondrej Kozina
+ * Copyright (C) 2015-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "../luks1/luks.h"
#include "../luks1/af.h"
+/* This differs from LUKS_check_cipher() that it does not check dm-crypt fallback. */
int LUKS2_check_cipher(struct crypt_device *cd,
size_t keylength,
const char *cipher,
const char *cipher_mode)
{
- return LUKS_check_cipher(cd, keylength, cipher, cipher_mode);
+ int r;
+ struct crypt_storage *s;
+ char buf[SECTOR_SIZE], *empty_key;
+
+ log_dbg(cd, "Checking if cipher %s-%s is usable (storage wrapper).", cipher, cipher_mode);
+
+ empty_key = crypt_safe_alloc(keylength);
+ if (!empty_key)
+ return -ENOMEM;
+
+ /* No need to get KEY quality random but it must avoid known weak keys. */
+ r = crypt_random_get(cd, empty_key, keylength, CRYPT_RND_NORMAL);
+ if (r < 0)
+ goto out;
+
+ r = crypt_storage_init(&s, SECTOR_SIZE, cipher, cipher_mode, empty_key, keylength, false);
+ if (r < 0)
+ goto out;
+
+ memset(buf, 0, sizeof(buf));
+ r = crypt_storage_decrypt(s, 0, sizeof(buf), buf);
+ crypt_storage_destroy(s);
+out:
+ crypt_safe_free(empty_key);
+ crypt_safe_memzero(buf, sizeof(buf));
+ return r;
}
static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struct json_object **keyslot_object)
char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
size_t base64_len;
struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
- uint64_t offset, area_size, offs_a, offs_b, length;
+ uint64_t offset, area_size, length;
+ int r;
keyslot_obj = json_object_new_object();
json_object_object_add(keyslot_obj, "type", json_object_new_string("luks2"));
json_object_object_add(jobj_kdf, "hash", json_object_new_string(hdr_v1->hashSpec));
json_object_object_add(jobj_kdf, "iterations", json_object_new_int64(hdr_v1->keyblock[keyslot].passwordIterations));
/* salt field */
- base64_len = base64_encode_alloc(hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE, &base64_str);
- if (!base64_str) {
+ r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->keyblock[keyslot].passwordSalt, LUKS_SALTSIZE);
+ if (r < 0) {
json_object_put(keyslot_obj);
json_object_put(jobj_kdf);
- if (!base64_len)
- return -EINVAL;
- return -ENOMEM;
+ return r;
}
field = json_object_new_string_len(base64_str, base64_len);
free(base64_str);
json_object_object_add(jobj_af, "type", json_object_new_string("luks1"));
json_object_object_add(jobj_af, "hash", json_object_new_string(hdr_v1->hashSpec));
/* stripes field ignored, fixed to LUKS_STRIPES (4000) */
- json_object_object_add(jobj_af, "stripes", json_object_new_int(4000));
+ json_object_object_add(jobj_af, "stripes", json_object_new_int(LUKS_STRIPES));
json_object_object_add(keyslot_obj, "af", jobj_af);
/* Area */
/* encryption algorithm field */
if (*hdr_v1->cipherMode != '\0') {
- (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
+ if (snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode) < 0) {
+ json_object_put(keyslot_obj);
+ json_object_put(jobj_area);
+ return -EINVAL;
+ }
json_object_object_add(jobj_area, "encryption", json_object_new_string(cipher));
} else
json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName));
/* area */
- if (LUKS_keyslot_area(hdr_v1, 0, &offs_a, &length) ||
- LUKS_keyslot_area(hdr_v1, 1, &offs_b, &length) ||
- LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
+ if (LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
json_object_put(keyslot_obj);
json_object_put(jobj_area);
return -EINVAL;
}
- area_size = offs_b - offs_a;
+ area_size = size_round_up(length, 4096);
json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
/* cipher field */
if (*hdr_v1->cipherMode != '\0') {
- (void) snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode);
+ if (snprintf(cipher, sizeof(cipher), "%s-%s", hdr_v1->cipherName, hdr_v1->cipherMode) < 0) {
+ json_object_put(segment_obj);
+ return -EINVAL;
+ }
c = cipher;
} else
c = hdr_v1->cipherName;
static int json_luks1_digest(const struct luks_phdr *hdr_v1, struct json_object **digest_object)
{
- char keyslot_str[2], *base64_str;
- int ks;
+ char keyslot_str[16], *base64_str;
+ int r, ks;
size_t base64_len;
struct json_object *digest_obj, *array, *field;
for (ks = 0; ks < LUKS_NUMKEYS; ks++) {
if (hdr_v1->keyblock[ks].active != LUKS_KEY_ENABLED)
continue;
- (void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks);
+ if (snprintf(keyslot_str, sizeof(keyslot_str), "%d", ks) < 0) {
+ json_object_put(field);
+ json_object_put(array);
+ json_object_put(digest_obj);
+ return -EINVAL;
+ }
field = json_object_new_string(keyslot_str);
if (!field || json_object_array_add(array, field) < 0) {
json_object_object_add(digest_obj, "hash", field);
/* salt field */
- base64_len = base64_encode_alloc(hdr_v1->mkDigestSalt, LUKS_SALTSIZE, &base64_str);
- if (!base64_str) {
+ r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->mkDigestSalt, LUKS_SALTSIZE);
+ if (r < 0) {
json_object_put(digest_obj);
- if (!base64_len)
- return -EINVAL;
- return -ENOMEM;
+ return r;
}
field = json_object_new_string_len(base64_str, base64_len);
json_object_object_add(digest_obj, "salt", field);
/* digest field */
- base64_len = base64_encode_alloc(hdr_v1->mkDigest, LUKS_DIGESTSIZE, &base64_str);
- if (!base64_str) {
+ r = crypt_base64_encode(&base64_str, &base64_len, hdr_v1->mkDigest, LUKS_DIGESTSIZE);
+ if (r < 0) {
json_object_put(digest_obj);
- if (!base64_len)
- return -EINVAL;
- return -ENOMEM;
+ return r;
}
field = json_object_new_string_len(base64_str, base64_len);
}
}
-/* FIXME: return specific error code for partial write error (aka keyslots are gone) */
static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
off_t offset_to, size_t buf_size)
{
return -EINVAL;
}
+ if (LUKS2_check_cipher(cd, hdr1->keyBytes, hdr1->cipherName, hdr1->cipherMode)) {
+ log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2."),
+ hdr1->cipherName, hdr1->cipherMode);
+ return -EINVAL;
+ }
+
if (luksmeta_header_present(cd, luks1_size))
return -EINVAL;
move_keyslot_offset(jobj, luks1_shift);
- // fill hdr2
+ /* Create and fill LUKS2 hdr */
memset(hdr2, 0, sizeof(*hdr2));
hdr2->hdr_size = LUKS2_HDR_16K_LEN;
hdr2->seqid = 1;
/* check future LUKS2 metadata before moving keyslots area */
if (LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN)) {
+ log_err(cd, _("Cannot convert to LUKS2 format - invalid metadata."));
r = -EINVAL;
goto out;
}
goto out;
}
- // move keyslots 4k -> 32k offset
+ /* move keyslots 4k -> 32k offset */
buf_offset = 2 * LUKS2_HDR_16K_LEN;
buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS;
goto out;
}
- // Write JSON hdr2
+ /* Write new LUKS2 JSON */
r = LUKS2_hdr_write(cd, hdr2);
out:
LUKS2_hdr_free(cd, hdr2);
strcmp(json_object_get_string(jobj), hash))
return 0;
- /* FIXME: should this go to validation code instead (aka invalid luks2 header if assigned to segment 0)? */
- /* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */
ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) {
{
size_t buf_size, buf_offset;
char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
- char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
+ char *digest, *digest_salt;
const char *hash;
size_t len;
json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2;
uint32_t key_size;
int i, r, last_active = 0;
uint64_t offset, area_length;
- char buf[256], luksMagic[] = LUKS_MAGIC;
+ char *buf, luksMagic[] = LUKS_MAGIC;
jobj_digest = LUKS2_get_digest_jobj(hdr2, 0);
if (!jobj_digest)
return -EINVAL;
}
+ if (json_segments_count(LUKS2_get_segments_jobj(hdr2)) != 1) {
+ log_err(cd, _("Cannot convert to LUKS1 format - device uses more segments."));
+ return -EINVAL;
+ }
+
r = LUKS2_tokens_count(hdr2);
if (r < 0)
return r;
* inactive keyslots. Otherwise we would allocate all
* inactive luks1 keyslots over same binary keyslot area.
*/
- if (placeholder_keyslot_alloc(cd, i, offset, area_length, key_size))
+ if (placeholder_keyslot_alloc(cd, i, offset, area_length))
return -EINVAL;
}
if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
continue;
- len = sizeof(buf);
- memset(buf, 0, len);
- if (!base64_decode(json_object_get_string(jobj1),
- json_object_get_string_len(jobj1), buf, &len))
+
+ if (crypt_base64_decode(&buf, &len, json_object_get_string(jobj1),
+ json_object_get_string_len(jobj1)))
continue;
- if (len > 0 && len != LUKS_SALTSIZE)
+ if (len > 0 && len != LUKS_SALTSIZE) {
+ free(buf);
continue;
+ }
memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE);
+ free(buf);
}
if (!jobj_keyslot) {
if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
return -EINVAL;
- len = sizeof(digest);
- if (!base64_decode(json_object_get_string(jobj1),
- json_object_get_string_len(jobj1), digest, &len))
- return -EINVAL;
+ r = crypt_base64_decode(&digest, &len, json_object_get_string(jobj1),
+ json_object_get_string_len(jobj1));
+ if (r < 0)
+ return r;
/* We can store full digest here, not only sha1 length */
- if (len < LUKS_DIGESTSIZE)
+ if (len < LUKS_DIGESTSIZE) {
+ free(digest);
return -EINVAL;
+ }
memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE);
+ free(digest);
if (!json_object_object_get_ex(jobj_digest, "salt", &jobj1))
return -EINVAL;
- len = sizeof(digest_salt);
- if (!base64_decode(json_object_get_string(jobj1),
- json_object_get_string_len(jobj1), digest_salt, &len))
- return -EINVAL;
- if (len != LUKS_SALTSIZE)
+ r = crypt_base64_decode(&digest_salt, &len, json_object_get_string(jobj1),
+ json_object_get_string_len(jobj1));
+ if (r < 0)
+ return r;
+ if (len != LUKS_SALTSIZE) {
+ free(digest_salt);
return -EINVAL;
+ }
memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE);
+ free(digest_salt);
if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
return -EINVAL;
offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
if (offset > UINT32_MAX)
return -EINVAL;
- /* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
hdr1->payloadOffset = offset;
strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */
if (r)
return r > 0 ? -EBUSY : r;
- // move keyslots 32k -> 4k offset
+ /* move keyslots 32k -> 4k offset */
buf_offset = 2 * LUKS2_HDR_16K_LEN;
buf_size = LUKS2_keyslots_size(hdr2);
r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size);
crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
- // Write LUKS1 hdr
+ /* Write new LUKS1 hdr */
return LUKS_write_phdr(hdr1, cd);
}
/*
* LUKS - Linux Unified Key Setup v2, reencryption helpers
*
- * Copyright (C) 2015-2021, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2021, Ondrej Kozina
+ * Copyright (C) 2015-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "luks2_internal.h"
#include "utils_device_locking.h"
-struct reenc_protection {
- enum { REENC_PROTECTION_NONE = 0, /* none should be 0 always */
- REENC_PROTECTION_CHECKSUM,
- REENC_PROTECTION_JOURNAL,
- REENC_PROTECTION_DATASHIFT } type;
-
- union {
- struct {
- } none;
- struct {
- char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
- struct crypt_hash *ch;
- size_t hash_size;
- /* buffer for checksums */
- void *checksums;
- size_t checksums_len;
- } csum;
- struct {
- } ds;
- } p;
-};
-
struct luks2_reencrypt {
/* reencryption window attributes */
uint64_t offset;
uint64_t progress;
uint64_t length;
- uint64_t data_shift;
- size_t alignment;
uint64_t device_size;
bool online;
bool fixed_length;
/* reencryption window persistence attributes */
struct reenc_protection rp;
+ struct reenc_protection rp_moved_segment;
int reenc_keyslot;
struct crypt_lock_handle *reenc_lock;
};
#if USE_LUKS2_REENCRYPTION
-static int reencrypt_keyslot_update(struct crypt_device *cd,
- const struct luks2_reencrypt *rh)
+static uint64_t data_shift_value(struct reenc_protection *rp)
{
- int r;
- json_object *jobj_keyslot, *jobj_area, *jobj_area_type;
- struct luks2_hdr *hdr;
-
- if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
- return -EINVAL;
-
- jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, rh->reenc_keyslot);
- if (!jobj_keyslot)
- return -EINVAL;
-
- json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
- json_object_object_get_ex(jobj_area, "type", &jobj_area_type);
-
- if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
- log_dbg(cd, "Updating reencrypt keyslot for checksum protection.");
- json_object_object_add(jobj_area, "type", json_object_new_string("checksum"));
- json_object_object_add(jobj_area, "hash", json_object_new_string(rh->rp.p.csum.hash));
- json_object_object_add(jobj_area, "sector_size", json_object_new_int64(rh->alignment));
- } else if (rh->rp.type == REENC_PROTECTION_NONE) {
- log_dbg(cd, "Updating reencrypt keyslot for none protection.");
- json_object_object_add(jobj_area, "type", json_object_new_string("none"));
- json_object_object_del(jobj_area, "hash");
- } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) {
- log_dbg(cd, "Updating reencrypt keyslot for journal protection.");
- json_object_object_add(jobj_area, "type", json_object_new_string("journal"));
- json_object_object_del(jobj_area, "hash");
- } else
- log_dbg(cd, "No update of reencrypt keyslot needed.");
-
- r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, rh->vks);
- if (r < 0)
- log_err(cd, "Failed to refresh reencryption verification digest.");
-
- return r;
+ return rp->type == REENC_PROTECTION_DATASHIFT ? rp->p.ds.data_shift : 0;
}
static json_object *reencrypt_segment(struct luks2_hdr *hdr, unsigned new)
return reencrypt_segment(hdr, 0);
}
+static json_object *reencrypt_segments_old(struct luks2_hdr *hdr)
+{
+ json_object *jobj_segments, *jobj = NULL;
+
+ if (json_object_copy(reencrypt_segment_old(hdr), &jobj))
+ return NULL;
+
+ json_segment_remove_flag(jobj, "backup-previous");
+
+ jobj_segments = json_object_new_object();
+ if (!jobj_segments) {
+ json_object_put(jobj);
+ return NULL;
+ }
+
+ if (json_object_object_add_by_uint(jobj_segments, 0, jobj)) {
+ json_object_put(jobj);
+ json_object_put(jobj_segments);
+ return NULL;
+ }
+
+ return jobj_segments;
+}
+
static const char *reencrypt_segment_cipher_new(struct luks2_hdr *hdr)
{
return json_segment_get_cipher(reencrypt_segment(hdr, 1));
return json_segment_get_cipher(reencrypt_segment(hdr, 0));
}
-static int reencrypt_get_sector_size_new(struct luks2_hdr *hdr)
+static uint32_t reencrypt_get_sector_size_new(struct luks2_hdr *hdr)
{
return json_segment_get_sector_size(reencrypt_segment(hdr, 1));
}
-static int reencrypt_get_sector_size_old(struct luks2_hdr *hdr)
+static uint32_t reencrypt_get_sector_size_old(struct luks2_hdr *hdr)
{
return json_segment_get_sector_size(reencrypt_segment(hdr, 0));
}
return json_object_get_string(jobj_hash);
}
#if USE_LUKS2_REENCRYPTION
-static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
-{
- json_object *jobj_keyslot, *jobj_area, *jobj_type, *jobj_hash, *jobj_sector_size;
- int ks = LUKS2_find_keyslot(hdr, "reencrypt");
-
- if (ks < 0)
- return 0;
-
- jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, ks);
-
- json_object_object_get_ex(jobj_keyslot, "area", &jobj_area);
- if (!json_object_object_get_ex(jobj_area, "type", &jobj_type))
- return 0;
- if (strcmp(json_object_get_string(jobj_type), "checksum"))
- return 0;
- if (!json_object_object_get_ex(jobj_area, "hash", &jobj_hash))
- return 0;
- if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
- return 0;
-
- return crypt_jobj_get_uint32(jobj_sector_size);
-}
-
-static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- struct luks2_reencrypt *rh,
- uint64_t data_offset)
+static json_object *_enc_create_segments_shift_after(struct luks2_reencrypt *rh, uint64_t data_offset)
{
int reenc_seg, i = 0;
json_object *jobj_copy, *jobj_seg_new = NULL, *jobj_segs_post = json_object_new_object();
return NULL;
}
-static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_device *cd,
- struct luks2_hdr *hdr,
+static json_object *reencrypt_make_hot_segments_encrypt_shift(struct luks2_hdr *hdr,
struct luks2_reencrypt *rh,
uint64_t data_offset)
{
if (tmp < device_size) {
fixed_length = device_size - tmp;
- jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + rh->data_shift, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
+ jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh, data_offset + data_shift_value(&rh->rp),
+ rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
+ if (!jobj_old_seg)
+ goto err;
+ json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg);
+ }
+
+ return jobj_segs_hot;
+err:
+ json_object_put(jobj_segs_hot);
+ return NULL;
+}
+
+static json_object *reencrypt_make_hot_segments_decrypt_shift(struct crypt_device *cd,
+ struct luks2_hdr *hdr, struct luks2_reencrypt *rh,
+ uint64_t device_size, uint64_t data_offset)
+{
+ json_object *jobj_segs_hot, *jobj_reenc_seg, *jobj_old_seg, *jobj_new_seg;
+ uint64_t fixed_length, tmp = rh->offset + rh->length, linear_length = rh->progress;
+ unsigned int sg = 0;
+
+ jobj_segs_hot = json_object_new_object();
+ if (!jobj_segs_hot)
+ return NULL;
+
+ if (rh->offset) {
+ jobj_new_seg = LUKS2_get_segment_jobj(hdr, 0);
+ if (!jobj_new_seg)
+ goto err;
+ json_object_object_add_by_uint(jobj_segs_hot, sg++, json_object_get(jobj_new_seg));
+
+ if (linear_length) {
+ jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh,
+ data_offset,
+ json_segment_get_size(jobj_new_seg, 0),
+ 0,
+ &linear_length);
+ if (!jobj_new_seg)
+ goto err;
+ json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_new_seg);
+ }
+ }
+
+ jobj_reenc_seg = reencrypt_make_segment_reencrypt(cd, hdr, rh, data_offset,
+ rh->offset,
+ rh->offset,
+ &rh->length);
+ if (!jobj_reenc_seg)
+ goto err;
+
+ json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_reenc_seg);
+
+ if (!rh->offset && (jobj_new_seg = LUKS2_get_segment_jobj(hdr, 1)) &&
+ !json_segment_is_backup(jobj_new_seg))
+ json_object_object_add_by_uint(jobj_segs_hot, sg++, json_object_get(jobj_new_seg));
+ else if (tmp < device_size) {
+ fixed_length = device_size - tmp;
+ jobj_old_seg = reencrypt_make_segment_old(cd, hdr, rh,
+ data_offset + data_shift_value(&rh->rp),
+ rh->offset + rh->length,
+ rh->fixed_length ? &fixed_length : NULL);
if (!jobj_old_seg)
goto err;
json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_old_seg);
return NULL;
}
+static json_object *_dec_create_segments_shift_after(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ struct luks2_reencrypt *rh,
+ uint64_t data_offset)
+{
+ int reenc_seg, i = 0;
+ json_object *jobj_copy, *jobj_seg_old, *jobj_seg_new,
+ *jobj_segs_post = json_object_new_object();
+ unsigned segs;
+ uint64_t tmp;
+
+ if (!rh->jobj_segs_hot || !jobj_segs_post)
+ goto err;
+
+ segs = json_segments_count(rh->jobj_segs_hot);
+ if (segs == 0)
+ return jobj_segs_post;
+
+ reenc_seg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
+ if (reenc_seg < 0)
+ goto err;
+
+ if (reenc_seg == 0) {
+ jobj_seg_new = reencrypt_make_segment_new(cd, hdr, rh, data_offset, 0, 0, NULL);
+ if (!jobj_seg_new)
+ goto err;
+ json_object_object_add_by_uint(jobj_segs_post, 0, jobj_seg_new);
+
+ return jobj_segs_post;
+ }
+
+ jobj_copy = json_segments_get_segment(rh->jobj_segs_hot, 0);
+ if (!jobj_copy)
+ goto err;
+ json_object_object_add_by_uint(jobj_segs_post, i++, json_object_get(jobj_copy));
+
+ jobj_seg_old = json_segments_get_segment(rh->jobj_segs_hot, reenc_seg + 1);
+
+ tmp = rh->length + rh->progress;
+ jobj_seg_new = reencrypt_make_segment_new(cd, hdr, rh, data_offset,
+ json_segment_get_size(rh->jobj_segment_moved, 0),
+ data_shift_value(&rh->rp),
+ jobj_seg_old ? &tmp : NULL);
+ json_object_object_add_by_uint(jobj_segs_post, i++, jobj_seg_new);
+
+ if (jobj_seg_old)
+ json_object_object_add_by_uint(jobj_segs_post, i, json_object_get(jobj_seg_old));
+
+ return jobj_segs_post;
+err:
+ json_object_put(jobj_segs_post);
+ return NULL;
+}
+
static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd,
struct luks2_hdr *hdr,
struct luks2_reencrypt *rh,
if (tmp < device_size) {
fixed_length = device_size - tmp;
- jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length, rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
+ jobj_new_seg = reencrypt_make_segment_new(cd, hdr, rh, data_offset, rh->offset + rh->length,
+ rh->offset + rh->length, rh->fixed_length ? &fixed_length : NULL);
if (!jobj_new_seg)
goto err;
json_object_object_add_by_uint(jobj_segs_hot, sg, jobj_new_seg);
rh->jobj_segs_hot = NULL;
if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
- rh->data_shift && rh->jobj_segment_moved) {
+ rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->jobj_segment_moved) {
log_dbg(cd, "Calculating hot segments for encryption with data move.");
- rh->jobj_segs_hot = reencrypt_make_hot_segments_encrypt_shift(cd, hdr, rh, data_offset);
+ rh->jobj_segs_hot = reencrypt_make_hot_segments_encrypt_shift(hdr, rh, data_offset);
+ } else if (rh->mode == CRYPT_REENCRYPT_DECRYPT && rh->direction == CRYPT_REENCRYPT_FORWARD &&
+ rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->jobj_segment_moved) {
+ log_dbg(cd, "Calculating hot segments for decryption with data move.");
+ rh->jobj_segs_hot = reencrypt_make_hot_segments_decrypt_shift(cd, hdr, rh, device_size, data_offset);
} else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
log_dbg(cd, "Calculating hot segments (forward direction).");
rh->jobj_segs_hot = reencrypt_make_hot_segments_forward(cd, hdr, rh, device_size, data_offset);
rh->jobj_segs_post = NULL;
if (rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->direction == CRYPT_REENCRYPT_BACKWARD &&
- rh->data_shift && rh->jobj_segment_moved) {
+ rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->jobj_segment_moved) {
log_dbg(cd, "Calculating post segments for encryption with data move.");
- rh->jobj_segs_post = _enc_create_segments_shift_after(cd, hdr, rh, data_offset);
+ rh->jobj_segs_post = _enc_create_segments_shift_after(rh, data_offset);
+ } else if (rh->mode == CRYPT_REENCRYPT_DECRYPT && rh->direction == CRYPT_REENCRYPT_FORWARD &&
+ rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->jobj_segment_moved) {
+ log_dbg(cd, "Calculating post segments for decryption with data move.");
+ rh->jobj_segs_post = _dec_create_segments_shift_after(cd, hdr, rh, data_offset);
} else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
log_dbg(cd, "Calculating post segments (forward direction).");
rh->jobj_segs_post = reencrypt_make_post_segments_forward(cd, hdr, rh, data_offset);
typedef enum { REENC_OK = 0, REENC_ERR, REENC_ROLLBACK, REENC_FATAL } reenc_status_t;
+void LUKS2_reencrypt_protection_erase(struct reenc_protection *rp)
+{
+ if (!rp || rp->type != REENC_PROTECTION_CHECKSUM)
+ return;
+
+ if (rp->p.csum.ch) {
+ crypt_hash_destroy(rp->p.csum.ch);
+ rp->p.csum.ch = NULL;
+ }
+
+ if (rp->p.csum.checksums) {
+ crypt_safe_memzero(rp->p.csum.checksums, rp->p.csum.checksums_len);
+ free(rp->p.csum.checksums);
+ rp->p.csum.checksums = NULL;
+ }
+}
+
void LUKS2_reencrypt_free(struct crypt_device *cd, struct luks2_reencrypt *rh)
{
if (!rh)
return;
- if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
- if (rh->rp.p.csum.ch) {
- crypt_hash_destroy(rh->rp.p.csum.ch);
- rh->rp.p.csum.ch = NULL;
- }
- if (rh->rp.p.csum.checksums) {
- memset(rh->rp.p.csum.checksums, 0, rh->rp.p.csum.checksums_len);
- free(rh->rp.p.csum.checksums);
- rh->rp.p.csum.checksums = NULL;
- }
- }
+ LUKS2_reencrypt_protection_erase(&rh->rp);
+ LUKS2_reencrypt_protection_erase(&rh->rp_moved_segment);
json_object_put(rh->jobj_segs_hot);
rh->jobj_segs_hot = NULL;
crypt_unlock_internal(cd, rh->reenc_lock);
free(rh);
}
+
+int LUKS2_reencrypt_max_hotzone_size(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ const struct reenc_protection *rp,
+ int reencrypt_keyslot,
+ uint64_t *r_length)
+{
+#if USE_LUKS2_REENCRYPTION
+ int r;
+ uint64_t dummy, area_length;
+
+ assert(hdr);
+ assert(rp);
+ assert(r_length);
+
+ if (rp->type <= REENC_PROTECTION_NONE) {
+ *r_length = LUKS2_REENCRYPT_MAX_HOTZONE_LENGTH;
+ return 0;
+ }
+
+ if (rp->type == REENC_PROTECTION_DATASHIFT) {
+ *r_length = rp->p.ds.data_shift;
+ return 0;
+ }
+
+ r = LUKS2_keyslot_area(hdr, reencrypt_keyslot, &dummy, &area_length);
+ if (r < 0)
+ return -EINVAL;
+
+ if (rp->type == REENC_PROTECTION_JOURNAL) {
+ *r_length = area_length;
+ return 0;
+ }
+
+ if (rp->type == REENC_PROTECTION_CHECKSUM) {
+ *r_length = (area_length / rp->p.csum.hash_size) * rp->p.csum.block_size;
+ return 0;
+ }
+
+ return -EINVAL;
+#else
+ return -ENOTSUP;
+#endif
+}
#if USE_LUKS2_REENCRYPTION
static size_t reencrypt_get_alignment(struct crypt_device *cd,
struct luks2_hdr *hdr)
{
- int ss;
- size_t alignment = device_block_size(cd, crypt_data_device(cd));
+ size_t ss, alignment = device_block_size(cd, crypt_data_device(cd));
ss = reencrypt_get_sector_size_old(hdr);
- if (ss > 0 && (size_t)ss > alignment)
+ if (ss > alignment)
alignment = ss;
ss = reencrypt_get_sector_size_new(hdr);
- if (ss > 0 && (size_t)ss > alignment)
- alignment = (size_t)ss;
+ if (ss > alignment)
+ alignment = ss;
return alignment;
}
rh->jobj_segment_moved = NULL;
}
-static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset)
+static int reencrypt_offset_backward_moved(struct luks2_hdr *hdr, json_object *jobj_segments,
+ uint64_t *reencrypt_length, uint64_t data_shift, uint64_t *offset)
{
uint64_t tmp, linear_length = 0;
int sg, segs = json_segments_count(jobj_segments);
linear_length += LUKS2_segment_size(hdr, sg, 0);
/* all active linear segments length */
- if (linear_length) {
+ if (linear_length && segs > 1) {
if (linear_length < data_shift)
return -EINVAL;
tmp = linear_length - data_shift;
return -EINVAL;
}
-static int _offset_forward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t *offset)
+static int reencrypt_offset_forward_moved(struct luks2_hdr *hdr,
+ json_object *jobj_segments,
+ uint64_t data_shift,
+ uint64_t *offset)
+{
+ int last_crypt = LUKS2_last_segment_by_type(hdr, "crypt");
+
+ /* if last crypt segment exists and it's first one, just return offset = 0 */
+ if (last_crypt <= 0) {
+ *offset = 0;
+ return 0;
+ }
+
+ *offset = LUKS2_segment_offset(hdr, last_crypt, 0) - data_shift;
+ return 0;
+}
+
+static int _offset_forward(json_object *jobj_segments, uint64_t *offset)
{
int segs = json_segments_count(jobj_segments);
return 0;
}
-static int _offset_backward(struct luks2_hdr *hdr, json_object *jobj_segments, uint64_t device_size, uint64_t *length, uint64_t *offset)
+static int _offset_backward(json_object *jobj_segments, uint64_t device_size, uint64_t *length, uint64_t *offset)
{
int segs = json_segments_count(jobj_segments);
uint64_t tmp;
uint64_t *reencrypt_length,
uint64_t *offset)
{
- int sg;
+ int r, sg;
json_object *jobj_segments;
uint64_t data_shift = reencrypt_data_shift(hdr);
return 0;
}
- if (di == CRYPT_REENCRYPT_FORWARD)
- return _offset_forward(hdr, jobj_segments, offset);
- else if (di == CRYPT_REENCRYPT_BACKWARD) {
+ if (di == CRYPT_REENCRYPT_FORWARD) {
+ if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_DECRYPT &&
+ LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0) {
+ r = reencrypt_offset_forward_moved(hdr, jobj_segments, data_shift, offset);
+ if (!r && *offset > device_size)
+ *offset = device_size;
+ return r;
+ }
+ return _offset_forward(jobj_segments, offset);
+ } else if (di == CRYPT_REENCRYPT_BACKWARD) {
if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_ENCRYPT &&
LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
return reencrypt_offset_backward_moved(hdr, jobj_segments, reencrypt_length, data_shift, offset);
- return _offset_backward(hdr, jobj_segments, device_size, reencrypt_length, offset);
+ return _offset_backward(jobj_segments, device_size, reencrypt_length, offset);
}
return -EINVAL;
}
static uint64_t reencrypt_length(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- struct luks2_reencrypt *rh,
+ struct reenc_protection *rp,
uint64_t keyslot_area_length,
- uint64_t length_max)
+ uint64_t length_max,
+ size_t alignment)
{
unsigned long dummy, optimal_alignment;
uint64_t length, soft_mem_limit;
- if (rh->rp.type == REENC_PROTECTION_NONE)
+ if (rp->type == REENC_PROTECTION_NONE)
length = length_max ?: LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH;
- else if (rh->rp.type == REENC_PROTECTION_CHECKSUM)
- length = (keyslot_area_length / rh->rp.p.csum.hash_size) * rh->alignment;
- else if (rh->rp.type == REENC_PROTECTION_DATASHIFT)
- return reencrypt_data_shift(hdr);
+ else if (rp->type == REENC_PROTECTION_CHECKSUM)
+ length = (keyslot_area_length / rp->p.csum.hash_size) * rp->p.csum.block_size;
+ else if (rp->type == REENC_PROTECTION_DATASHIFT)
+ return rp->p.ds.data_shift;
else
length = keyslot_area_length;
if (length_max && length > length_max)
length = length_max;
- length -= (length % rh->alignment);
+ length -= (length % alignment);
/* Emits error later */
if (!length)
device_topology_alignment(cd, crypt_data_device(cd), &optimal_alignment, &dummy, length);
/* we have to stick with encryption sector size alignment */
- if (optimal_alignment % rh->alignment)
+ if (optimal_alignment % alignment)
return length;
/* align to opt-io size only if remaining size allows it */
return length;
}
-static int reencrypt_context_init(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh, uint64_t device_size, const struct crypt_params_reencrypt *params)
+static int reencrypt_context_init(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ struct luks2_reencrypt *rh,
+ uint64_t device_size,
+ uint64_t max_hotzone_size,
+ uint64_t fixed_device_size)
{
int r;
+ size_t alignment;
uint64_t dummy, area_length;
rh->reenc_keyslot = LUKS2_find_keyslot(hdr, "reencrypt");
rh->mode = reencrypt_mode(hdr);
- rh->alignment = reencrypt_get_alignment(cd, hdr);
- if (!rh->alignment)
- return -EINVAL;
+ rh->direction = reencrypt_direction(hdr);
+
+ r = LUKS2_keyslot_reencrypt_load(cd, hdr, rh->reenc_keyslot, &rh->rp, true);
+ if (r < 0)
+ return r;
- log_dbg(cd, "Hotzone size: %" PRIu64 ", device size: %" PRIu64 ", alignment: %zu.",
- params->max_hotzone_size << SECTOR_SHIFT,
- params->device_size << SECTOR_SHIFT, rh->alignment);
+ if (rh->rp.type == REENC_PROTECTION_CHECKSUM)
+ alignment = rh->rp.p.csum.block_size;
+ else
+ alignment = reencrypt_get_alignment(cd, hdr);
- if ((params->max_hotzone_size << SECTOR_SHIFT) % rh->alignment) {
- log_err(cd, _("Hotzone size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment);
+ if (!alignment)
return -EINVAL;
- }
- if ((params->device_size << SECTOR_SHIFT) % rh->alignment) {
- log_err(cd, _("Device size must be multiple of calculated zone alignment (%zu bytes)."), rh->alignment);
+ if ((max_hotzone_size << SECTOR_SHIFT) % alignment) {
+ log_err(cd, _("Hotzone size must be multiple of calculated zone alignment (%zu bytes)."), alignment);
return -EINVAL;
}
- rh->direction = reencrypt_direction(hdr);
-
- if (!strcmp(params->resilience, "datashift")) {
- log_dbg(cd, "Initializing reencryption context with data_shift resilience.");
- rh->rp.type = REENC_PROTECTION_DATASHIFT;
- rh->data_shift = reencrypt_data_shift(hdr);
- } else if (!strcmp(params->resilience, "journal")) {
- log_dbg(cd, "Initializing reencryption context with journal resilience.");
- rh->rp.type = REENC_PROTECTION_JOURNAL;
- } else if (!strcmp(params->resilience, "checksum")) {
- log_dbg(cd, "Initializing reencryption context with checksum resilience.");
- rh->rp.type = REENC_PROTECTION_CHECKSUM;
-
- r = snprintf(rh->rp.p.csum.hash,
- sizeof(rh->rp.p.csum.hash), "%s", params->hash);
- if (r < 0 || (size_t)r >= sizeof(rh->rp.p.csum.hash)) {
- log_dbg(cd, "Invalid hash parameter");
- return -EINVAL;
- }
-
- if (crypt_hash_init(&rh->rp.p.csum.ch, params->hash)) {
- log_dbg(cd, "Failed to initialize checksum resilience hash %s", params->hash);
- return -EINVAL;
- }
-
- r = crypt_hash_size(params->hash);
- if (r < 1) {
- log_dbg(cd, "Invalid hash size");
- return -EINVAL;
- }
- rh->rp.p.csum.hash_size = r;
-
- rh->rp.p.csum.checksums_len = area_length;
- if (posix_memalign(&rh->rp.p.csum.checksums, device_alignment(crypt_metadata_device(cd)),
- rh->rp.p.csum.checksums_len))
- return -ENOMEM;
- } else if (!strcmp(params->resilience, "none")) {
- log_dbg(cd, "Initializing reencryption context with none resilience.");
- rh->rp.type = REENC_PROTECTION_NONE;
- } else {
- log_err(cd, _("Unsupported resilience mode %s"), params->resilience);
+ if ((fixed_device_size << SECTOR_SHIFT) % alignment) {
+ log_err(cd, _("Device size must be multiple of calculated zone alignment (%zu bytes)."), alignment);
return -EINVAL;
}
- if (params->device_size) {
+ if (fixed_device_size) {
log_dbg(cd, "Switching reencryption to fixed size mode.");
- device_size = params->device_size << SECTOR_SHIFT;
+ device_size = fixed_device_size << SECTOR_SHIFT;
rh->fixed_length = true;
} else
rh->fixed_length = false;
- rh->length = reencrypt_length(cd, hdr, rh, area_length, params->max_hotzone_size << SECTOR_SHIFT);
+ rh->length = reencrypt_length(cd, &rh->rp, area_length, max_hotzone_size << SECTOR_SHIFT, alignment);
if (!rh->length) {
log_dbg(cd, "Invalid reencryption length.");
return -EINVAL;
if (rh->length > device_size - rh->offset)
rh->length = device_size - rh->offset;
- log_dbg(cd, "reencrypt-direction: %s", rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward");
-
_load_backup_segments(hdr, rh);
+ r = LUKS2_keyslot_reencrypt_load(cd, hdr, rh->reenc_keyslot, &rh->rp_moved_segment, false);
+ if (r < 0)
+ return r;
+
+ if (rh->rp_moved_segment.type == REENC_PROTECTION_NOT_SET)
+ log_dbg(cd, "No moved segment resilience configured.");
+
if (rh->direction == CRYPT_REENCRYPT_BACKWARD)
rh->progress = device_size - rh->offset - rh->length;
- else
+ else if (rh->jobj_segment_moved && rh->direction == CRYPT_REENCRYPT_FORWARD) {
+ if (rh->offset == json_segment_get_offset(LUKS2_get_segment_by_flag(hdr, "backup-moved-segment"), false))
+ rh->progress = device_size - json_segment_get_size(LUKS2_get_segment_by_flag(hdr, "backup-moved-segment"), false);
+ else
+ rh->progress = rh->offset - json_segment_get_size(rh->jobj_segment_moved, 0);
+ } else
rh->progress = rh->offset;
+ log_dbg(cd, "reencrypt-direction: %s", rh->direction == CRYPT_REENCRYPT_FORWARD ? "forward" : "backward");
log_dbg(cd, "backup-previous digest id: %d", rh->digest_old);
log_dbg(cd, "backup-final digest id: %d", rh->digest_new);
log_dbg(cd, "reencrypt length: %" PRIu64, rh->length);
log_dbg(cd, "reencrypt offset: %" PRIu64, rh->offset);
- log_dbg(cd, "reencrypt shift: %s%" PRIu64, (rh->data_shift && rh->direction == CRYPT_REENCRYPT_BACKWARD ? "-" : ""), rh->data_shift);
- log_dbg(cd, "reencrypt alignment: %zu", rh->alignment);
+ log_dbg(cd, "reencrypt shift: %s%" PRIu64,
+ (rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->direction == CRYPT_REENCRYPT_BACKWARD ? "-" : ""),
+ data_shift_value(&rh->rp));
+ log_dbg(cd, "reencrypt alignment: %zu", alignment);
log_dbg(cd, "reencrypt progress: %" PRIu64, rh->progress);
rh->device_size = device_size;
static size_t reencrypt_buffer_length(struct luks2_reencrypt *rh)
{
- if (rh->data_shift)
- return rh->data_shift;
+ if (rh->rp.type == REENC_PROTECTION_DATASHIFT)
+ return data_shift_value(&rh->rp);
return rh->length;
}
static int reencrypt_load_clean(struct crypt_device *cd,
struct luks2_hdr *hdr,
uint64_t device_size,
- struct luks2_reencrypt **rh,
- const struct crypt_params_reencrypt *params)
+ uint64_t max_hotzone_size,
+ uint64_t fixed_device_size,
+ struct luks2_reencrypt **rh)
{
int r;
- const struct crypt_params_reencrypt hdr_reenc_params = {
- .resilience = reencrypt_resilience_type(hdr),
- .hash = reencrypt_resilience_hash(hdr),
- .device_size = params ? params->device_size : 0
- };
struct luks2_reencrypt *tmp = crypt_zalloc(sizeof (*tmp));
if (!tmp)
return -ENOMEM;
- r = -EINVAL;
- if (!hdr_reenc_params.resilience)
- goto err;
-
- /* skip context update if data shift is detected in header */
- if (!strcmp(hdr_reenc_params.resilience, "datashift"))
- params = NULL;
-
- log_dbg(cd, "Initializing reencryption context (%s).", params ? "update" : "load");
+ log_dbg(cd, "Loading stored reencryption context.");
- if (!params || !params->resilience)
- params = &hdr_reenc_params;
-
- r = reencrypt_context_init(cd, hdr, tmp, device_size, params);
+ r = reencrypt_context_init(cd, hdr, tmp, device_size, max_hotzone_size, fixed_device_size);
if (r)
goto err;
struct luks2_hdr *hdr, uint64_t device_size, struct luks2_reencrypt **rh)
{
bool dynamic;
- uint64_t minimal_size;
+ uint64_t required_device_size;
int r, reenc_seg;
- struct crypt_params_reencrypt params = {};
- if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic))
+ if (LUKS2_get_data_size(hdr, &required_device_size, &dynamic))
return -EINVAL;
- if (!dynamic)
- params.device_size = minimal_size >> SECTOR_SHIFT;
+ if (dynamic)
+ required_device_size = 0;
+ else
+ required_device_size >>= SECTOR_SHIFT;
- r = reencrypt_load_clean(cd, hdr, device_size, rh, ¶ms);
+ r = reencrypt_load_clean(cd, hdr, device_size, 0, required_device_size, rh);
if (!r) {
reenc_seg = json_segments_segment_in_reencrypt(LUKS2_get_segments_jobj(hdr));
(*rh)->length = LUKS2_segment_size(hdr, reenc_seg, 0);
}
- if (!r && ((*rh)->rp.type == REENC_PROTECTION_CHECKSUM)) {
- /* we have to override calculated alignment with value stored in mda */
- (*rh)->alignment = reencrypt_alignment(hdr);
- if (!(*rh)->alignment) {
- log_dbg(cd, "Failed to get read resilience sector_size from metadata.");
- r = -EINVAL;
- }
- }
-
if (!r)
r = reencrypt_make_segments_crashed(cd, hdr, *rh);
return r;
}
-static int reencrypt_update_flag(struct crypt_device *cd, int enable, bool commit)
+static int reencrypt_update_flag(struct crypt_device *cd, uint8_t version,
+ bool enable, bool commit)
{
uint32_t reqs;
struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+ if (enable) {
+ log_dbg(cd, "Going to store reencryption requirement flag (version: %u).", version);
+ return LUKS2_config_set_requirement_version(cd, hdr, CRYPT_REQUIREMENT_ONLINE_REENCRYPT, version, commit);
+ }
+
if (LUKS2_config_get_requirements(cd, hdr, &reqs))
return -EINVAL;
- /* nothing to do */
- if (enable && (reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
- return -EINVAL;
+ reqs &= ~CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
+
+ log_dbg(cd, "Going to wipe reencryption requirement flag.");
+
+ return LUKS2_config_set_requirements(cd, hdr, reqs, commit);
+}
+
+static int reencrypt_hotzone_protect_ready(struct crypt_device *cd,
+ struct reenc_protection *rp)
+{
+ assert(rp);
- /* nothing to do */
- if (!enable && !(reqs & CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
+ if (rp->type == REENC_PROTECTION_NOT_SET)
return -EINVAL;
- if (enable)
- reqs |= CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
- else
- reqs &= ~CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
+ if (rp->type != REENC_PROTECTION_CHECKSUM)
+ return 0;
- log_dbg(cd, "Going to %s reencryption requirement flag.", enable ? "store" : "wipe");
+ if (!rp->p.csum.checksums) {
+ log_dbg(cd, "Allocating buffer for storing resilience checksums.");
+ if (posix_memalign(&rp->p.csum.checksums, device_alignment(crypt_metadata_device(cd)),
+ rp->p.csum.checksums_len))
+ return -ENOMEM;
+ }
- return LUKS2_config_set_requirements(cd, hdr, reqs, commit);
+ return 0;
}
static int reencrypt_recover_segment(struct crypt_device *cd,
struct volume_key *vk_old, *vk_new;
size_t count, s;
ssize_t read, w;
- unsigned resilience;
+ struct reenc_protection *rp;
+ int devfd, r, new_sector_size, old_sector_size, rseg;
uint64_t area_offset, area_length, area_length_read, crash_iv_offset,
data_offset = crypt_get_data_offset(cd) << SECTOR_SHIFT;
- int devfd, r, new_sector_size, old_sector_size, rseg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
char *checksum_tmp = NULL, *data_buffer = NULL;
struct crypt_storage_wrapper *cw1 = NULL, *cw2 = NULL;
- resilience = rh->rp.type;
+ assert(hdr);
+ assert(rh);
+ assert(vks);
+
+ rseg = json_segments_segment_in_reencrypt(rh->jobj_segs_hot);
+ if (rh->offset == 0 && rh->rp_moved_segment.type > REENC_PROTECTION_NOT_SET) {
+ log_dbg(cd, "Recovery using moved segment protection.");
+ rp = &rh->rp_moved_segment;
+ } else
+ rp = &rh->rp;
if (rseg < 0 || rh->length < 512)
return -EINVAL;
+ r = reencrypt_hotzone_protect_ready(cd, rp);
+ if (r) {
+ log_err(cd, _("Failed to initialize hotzone protection."));
+ return -EINVAL;
+ }
+
vk_new = crypt_volume_key_by_id(vks, rh->digest_new);
if (!vk_new && rh->mode != CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
else
crash_iv_offset = json_segment_get_iv_offset(json_segments_get_segment(rh->jobj_segs_hot, rseg));
- log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64, data_offset + rh->offset, rh->length, crash_iv_offset);
+ log_dbg(cd, "crash_offset: %" PRIu64 ", crash_length: %" PRIu64 ", crash_iv_offset: %" PRIu64,
+ data_offset + rh->offset, rh->length, crash_iv_offset);
r = crypt_storage_wrapper_init(cd, &cw2, crypt_data_device(cd),
data_offset + rh->offset, crash_iv_offset, new_sector_size,
goto out;
}
- switch (resilience) {
+ switch (rp->type) {
case REENC_PROTECTION_CHECKSUM:
log_dbg(cd, "Checksums based recovery.");
goto out;
}
- count = rh->length / rh->alignment;
- area_length_read = count * rh->rp.p.csum.hash_size;
+ count = rh->length / rp->p.csum.block_size;
+ area_length_read = count * rp->p.csum.hash_size;
if (area_length_read > area_length) {
log_dbg(cd, "Internal error in calculated area_length.");
r = -EINVAL;
goto out;
}
- checksum_tmp = malloc(rh->rp.p.csum.hash_size);
+ checksum_tmp = malloc(rp->p.csum.hash_size);
if (!checksum_tmp) {
r = -ENOMEM;
goto out;
/* read old data checksums */
read = read_lseek_blockwise(devfd, device_block_size(cd, crypt_metadata_device(cd)),
- device_alignment(crypt_metadata_device(cd)), rh->rp.p.csum.checksums, area_length_read, area_offset);
+ device_alignment(crypt_metadata_device(cd)), rp->p.csum.checksums, area_length_read, area_offset);
if (read < 0 || (size_t)read != area_length_read) {
log_err(cd, _("Failed to read checksums for current hotzone."));
r = -EINVAL;
}
for (s = 0; s < count; s++) {
- if (crypt_hash_write(rh->rp.p.csum.ch, data_buffer + (s * rh->alignment), rh->alignment)) {
+ if (crypt_hash_write(rp->p.csum.ch, data_buffer + (s * rp->p.csum.block_size), rp->p.csum.block_size)) {
log_dbg(cd, "Failed to write hash.");
r = EINVAL;
goto out;
}
- if (crypt_hash_final(rh->rp.p.csum.ch, checksum_tmp, rh->rp.p.csum.hash_size)) {
+ if (crypt_hash_final(rp->p.csum.ch, checksum_tmp, rp->p.csum.hash_size)) {
log_dbg(cd, "Failed to finalize hash.");
r = EINVAL;
goto out;
}
- if (!memcmp(checksum_tmp, (char *)rh->rp.p.csum.checksums + (s * rh->rp.p.csum.hash_size), rh->rp.p.csum.hash_size)) {
- log_dbg(cd, "Sector %zu (size %zu, offset %zu) needs recovery", s, rh->alignment, s * rh->alignment);
- if (crypt_storage_wrapper_decrypt(cw1, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment)) {
+ if (!memcmp(checksum_tmp, (char *)rp->p.csum.checksums + (s * rp->p.csum.hash_size), rp->p.csum.hash_size)) {
+ log_dbg(cd, "Sector %zu (size %zu, offset %zu) needs recovery", s, rp->p.csum.block_size, s * rp->p.csum.block_size);
+ if (crypt_storage_wrapper_decrypt(cw1, s * rp->p.csum.block_size, data_buffer + (s * rp->p.csum.block_size), rp->p.csum.block_size)) {
log_err(cd, _("Failed to decrypt sector %zu."), s);
r = -EINVAL;
goto out;
}
- w = crypt_storage_wrapper_encrypt_write(cw2, s * rh->alignment, data_buffer + (s * rh->alignment), rh->alignment);
- if (w < 0 || (size_t)w != rh->alignment) {
+ w = crypt_storage_wrapper_encrypt_write(cw2, s * rp->p.csum.block_size, data_buffer + (s * rp->p.csum.block_size), rp->p.csum.block_size);
+ if (w < 0 || (size_t)w != rp->p.csum.block_size) {
log_err(cd, _("Failed to recover sector %zu."), s);
r = -EINVAL;
goto out;
if (rseg == 0) {
r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd),
- json_segment_get_offset(rh->jobj_segment_moved, 0), 0, 0,
- reencrypt_segment_cipher_old(hdr), NULL, 0);
- } else
+ json_segment_get_offset(rh->jobj_segment_moved, 0), 0,
+ reencrypt_get_sector_size_old(hdr),
+ reencrypt_segment_cipher_old(hdr), vk_old, 0);
+ } else {
+ if (rh->direction == CRYPT_REENCRYPT_FORWARD)
+ data_offset = data_offset + rh->offset + data_shift_value(rp);
+ else
+ data_offset = data_offset + rh->offset - data_shift_value(rp);
r = crypt_storage_wrapper_init(cd, &cw1, crypt_data_device(cd),
- data_offset + rh->offset - rh->data_shift, 0, 0,
- reencrypt_segment_cipher_old(hdr), NULL, 0);
+ data_offset,
+ crash_iv_offset,
+ reencrypt_get_sector_size_old(hdr),
+ reencrypt_segment_cipher_old(hdr), vk_old, 0);
+ }
if (r) {
log_err(cd, _("Failed to initialize old segment storage wrapper."));
goto out;
return r;
}
-static int reencrypt_add_moved_segment(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- struct luks2_reencrypt *rh)
+static int reencrypt_add_moved_segment(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
{
- int s = LUKS2_segment_first_unused_id(hdr);
+ int digest = rh->digest_old, s = LUKS2_segment_first_unused_id(hdr);
if (!rh->jobj_segment_moved)
return 0;
return -EINVAL;
}
+ if (!strcmp(json_segment_type(rh->jobj_segment_moved), "crypt"))
+ return LUKS2_digest_segment_assign(cd, hdr, s, digest, 1, 0);
+
return 0;
}
return commit ? LUKS2_hdr_write(cd, hdr) : 0;
}
-static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr, uint64_t dev_size, uint64_t data_shift, bool move_first_segment, crypt_reencrypt_direction_info di)
+static int reencrypt_set_encrypt_segments(struct crypt_device *cd, struct luks2_hdr *hdr,
+ uint64_t dev_size, uint64_t data_shift, bool move_first_segment,
+ crypt_reencrypt_direction_info di)
{
int r;
uint64_t first_segment_offset, first_segment_length,
second_segment_offset, second_segment_length,
- data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
+ data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT,
+ data_size = dev_size - data_shift;
json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments;
if (dev_size < data_shift)
* [future LUKS2 header (data shift size)][second data segment][gap (data shift size)][first data segment (data shift size)]
*/
first_segment_offset = dev_size;
- first_segment_length = data_shift;
- second_segment_offset = data_shift;
- second_segment_length = dev_size - 2 * data_shift;
- } else if (data_shift) {
+ if (data_size < data_shift) {
+ first_segment_length = data_size;
+ second_segment_length = second_segment_offset = 0;
+ } else {
+ first_segment_length = data_shift;
+ second_segment_offset = data_shift;
+ second_segment_length = data_size - data_shift;
+ }
+ } else if (data_shift) {
first_segment_offset = data_offset;
first_segment_length = dev_size;
} else {
if (second_segment_length &&
!(jobj_segment_second = json_segment_create_linear(second_segment_offset, &second_segment_length, 0))) {
log_dbg(cd, "Failed generate 2nd segment.");
- goto err;
+ return r;
}
} else
jobj_segment_first = json_segment_create_linear(first_segment_offset, first_segment_length ? &first_segment_length : NULL, 0);
if (!jobj_segment_first) {
log_dbg(cd, "Failed generate 1st segment.");
- goto err;
+ return r;
}
json_object_object_add(jobj_segments, "0", jobj_segment_first);
r = LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, CRYPT_ANY_DIGEST, 0, 0);
- if (!r)
- r = LUKS2_segments_set(cd, hdr, jobj_segments, 0);
-err:
- return r;
+ return r ?: LUKS2_segments_set(cd, hdr, jobj_segments, 0);
+}
+
+static int reencrypt_set_decrypt_shift_segments(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ uint64_t dev_size,
+ uint64_t moved_segment_length,
+ crypt_reencrypt_direction_info di)
+{
+ int r;
+ uint64_t first_segment_offset, first_segment_length,
+ second_segment_offset, second_segment_length,
+ data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
+ json_object *jobj_segment_first = NULL, *jobj_segment_second = NULL, *jobj_segments;
+
+ if (di == CRYPT_REENCRYPT_BACKWARD)
+ return -ENOTSUP;
+
+ /*
+ * future data_device layout:
+ * [encrypted first segment (max data shift size)][gap (data shift size)][second encrypted data segment]
+ */
+ first_segment_offset = 0;
+ first_segment_length = moved_segment_length;
+ if (dev_size > moved_segment_length) {
+ second_segment_offset = data_offset + first_segment_length;
+ second_segment_length = 0;
+ }
+
+ jobj_segments = json_object_new_object();
+ if (!jobj_segments)
+ return -ENOMEM;
+
+ r = -EINVAL;
+ jobj_segment_first = json_segment_create_crypt(first_segment_offset,
+ crypt_get_iv_offset(cd), &first_segment_length,
+ crypt_get_cipher_spec(cd), crypt_get_sector_size(cd), 0);
+
+ if (!jobj_segment_first) {
+ log_dbg(cd, "Failed generate 1st segment.");
+ return r;
+ }
+
+ if (dev_size > moved_segment_length) {
+ jobj_segment_second = json_segment_create_crypt(second_segment_offset,
+ crypt_get_iv_offset(cd) + (first_segment_length >> SECTOR_SHIFT),
+ second_segment_length ? &second_segment_length : NULL,
+ crypt_get_cipher_spec(cd),
+ crypt_get_sector_size(cd), 0);
+ if (!jobj_segment_second) {
+ json_object_put(jobj_segment_first);
+ log_dbg(cd, "Failed generate 2nd segment.");
+ return r;
+ }
+ }
+
+ json_object_object_add(jobj_segments, "0", jobj_segment_first);
+ if (jobj_segment_second)
+ json_object_object_add(jobj_segments, "1", jobj_segment_second);
+
+ r = LUKS2_segments_set(cd, hdr, jobj_segments, 0);
+
+ return r ?: LUKS2_digest_segment_assign(cd, hdr, CRYPT_ANY_SEGMENT, 0, 1, 0);
}
static int reencrypt_make_targets(struct crypt_device *cd,
jobj = json_segments_get_segment(jobj_segments, s);
if (!jobj) {
log_dbg(cd, "Internal error. Segment %u is null.", s);
- r = -EINVAL;
- goto out;
+ return -EINVAL;
}
reenc_seg = (s == json_segments_segment_in_reencrypt(jobj_segments));
segment_size = (size >> SECTOR_SHIFT) - segment_start;
if (!segment_size) {
log_dbg(cd, "Internal error. Wrong segment size %u", s);
- r = -EINVAL;
- goto out;
+ return -EINVAL;
}
+ if (reenc_seg)
+ segment_offset -= crypt_get_data_offset(cd);
+
if (!strcmp(json_segment_type(jobj), "crypt")) {
vk = crypt_volume_key_by_id(vks, reenc_seg ? LUKS2_reencrypt_digest_new(hdr) : LUKS2_digest_by_segment(hdr, s));
if (!vk) {
log_err(cd, _("Missing key for dm-crypt segment %u"), s);
- r = -EINVAL;
- goto out;
+ return -EINVAL;
}
- if (reenc_seg)
- segment_offset -= crypt_get_data_offset(cd);
-
r = dm_crypt_target_set(result, segment_start, segment_size,
reenc_seg ? hz_device : crypt_data_device(cd),
vk,
json_segment_get_sector_size(jobj));
if (r) {
log_err(cd, _("Failed to set dm-crypt segment."));
- goto out;
+ return r;
}
} else if (!strcmp(json_segment_type(jobj), "linear")) {
r = dm_linear_target_set(result, segment_start, segment_size, reenc_seg ? hz_device : crypt_data_device(cd), segment_offset);
if (r) {
log_err(cd, _("Failed to set dm-linear segment."));
- goto out;
+ return r;
}
- } else {
- r = -EINVAL;
- goto out;
- }
+ } else
+ return EINVAL;
segment_start += segment_size;
s++;
}
return s;
-out:
- return r;
}
/* GLOBAL FIXME: audit function names and parameters names */
return r;
if (exists && ((r = dm_query_device(cd, target, 0, &dmd_target)) < 0))
- goto err;
+ goto out;
dmd_source.flags |= flags;
dmd_source.uuid = crypt_get_uuid(cd);
log_err(cd, _("Source and target device sizes don't match. Source %" PRIu64 ", target: %" PRIu64 "."),
dmd_source.size, dmd_target.size);
r = -EINVAL;
- goto err;
+ goto out;
}
r = dm_reload_device(cd, target, &dmd_source, 0, 0);
if (!r) {
}
} else
r = dm_create_device(cd, target, CRYPT_SUBDEV, &dmd_source);
-err:
+out:
dm_targets_free(cd, &dmd_source);
dm_targets_free(cd, &dmd_target);
r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK,
new_offset, &dmd.size, &dmd.flags);
if (r)
- goto err;
+ goto out;
r = dm_linear_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), new_offset);
if (r)
- goto err;
+ goto out;
r = dm_create_device(cd, name, CRYPT_SUBDEV, &dmd);
-err:
+out:
dm_targets_free(cd, &dmd);
return r;
return REENC_OK;
}
-static int reencrypt_move_data(struct crypt_device *cd, int devfd, uint64_t data_shift)
+static int reencrypt_move_data(struct crypt_device *cd,
+ int devfd,
+ uint64_t data_shift,
+ crypt_reencrypt_mode_info mode)
{
void *buffer;
int r;
ssize_t ret;
- uint64_t buffer_len, offset;
+ uint64_t buffer_len, offset,
+ read_offset = (mode == CRYPT_REENCRYPT_ENCRYPT ? 0 : data_shift);
struct luks2_hdr *hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
- log_dbg(cd, "Going to move data from head of data device.");
-
- buffer_len = data_shift;
- if (!buffer_len)
- return -EINVAL;
-
offset = json_segment_get_offset(LUKS2_get_segment_jobj(hdr, 0), 0);
-
- /* this is nonsense anyway */
- if (buffer_len != json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0)) {
- log_dbg(cd, "buffer_len %" PRIu64", segment size %" PRIu64, buffer_len, json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0));
+ buffer_len = json_segment_get_size(LUKS2_get_segment_jobj(hdr, 0), 0);
+ if (!buffer_len || buffer_len > data_shift)
return -EINVAL;
- }
if (posix_memalign(&buffer, device_alignment(crypt_data_device(cd)), buffer_len))
return -ENOMEM;
ret = read_lseek_blockwise(devfd,
device_block_size(cd, crypt_data_device(cd)),
device_alignment(crypt_data_device(cd)),
- buffer, buffer_len, 0);
+ buffer, buffer_len, read_offset);
if (ret < 0 || (uint64_t)ret != buffer_len) {
+ log_dbg(cd, "Failed to read data at offset %" PRIu64 " (size: %zu)",
+ read_offset, buffer_len);
r = -EIO;
- goto err;
+ goto out;
}
- log_dbg(cd, "Going to write %" PRIu64 " bytes at offset %" PRIu64, buffer_len, offset);
+ log_dbg(cd, "Going to write %" PRIu64 " bytes read at offset %" PRIu64 " to new offset %" PRIu64,
+ buffer_len, read_offset, offset);
ret = write_lseek_blockwise(devfd,
device_block_size(cd, crypt_data_device(cd)),
device_alignment(crypt_data_device(cd)),
buffer, buffer_len, offset);
if (ret < 0 || (uint64_t)ret != buffer_len) {
+ log_dbg(cd, "Failed to write data at offset %" PRIu64 " (size: %zu)",
+ offset, buffer_len);
r = -EIO;
- goto err;
+ goto out;
}
r = 0;
-err:
- memset(buffer, 0, buffer_len);
+out:
+ crypt_safe_memzero(buffer, buffer_len);
free(buffer);
return r;
}
const struct crypt_params_reencrypt *params)
{
int r, segment, moved_segment = -1, digest_old = -1, digest_new = -1;
- json_object *jobj_segment_new = NULL, *jobj_segment_old = NULL, *jobj_segment_bcp = NULL;
+ json_object *jobj_tmp, *jobj_segment_new = NULL, *jobj_segment_old = NULL, *jobj_segment_bcp = NULL;
uint32_t sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
- uint64_t segment_offset, tmp, data_shift = params->data_shift << SECTOR_SHIFT;
+ uint64_t segment_offset, tmp, data_shift = params->data_shift << SECTOR_SHIFT,
+ device_size = params->device_size << SECTOR_SHIFT;
if (params->mode != CRYPT_REENCRYPT_DECRYPT) {
digest_new = LUKS2_digest_by_keyslot(hdr, keyslot_new);
if (segment < 0)
return -EINVAL;
- if (params->mode == CRYPT_REENCRYPT_ENCRYPT &&
- (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)) {
- json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp);
+ if (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT) {
+ if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_segment_bcp)) {
+ r = -EINVAL;
+ goto err;
+ }
r = LUKS2_segment_set_flag(jobj_segment_bcp, "backup-moved-segment");
if (r)
goto err;
moved_segment = segment++;
json_object_object_add_by_uint(LUKS2_get_segments_jobj(hdr), moved_segment, jobj_segment_bcp);
+ if (!strcmp(json_segment_type(jobj_segment_bcp), "crypt"))
+ LUKS2_digest_segment_assign(cd, hdr, moved_segment, digest_old, 1, 0);
}
/* FIXME: Add detection for case (digest old == digest new && old segment == new segment) */
- if (digest_old >= 0)
- json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old);
- else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
+ if (digest_old >= 0) {
+ if (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT) {
+ jobj_tmp = LUKS2_get_segment_jobj(hdr, 0);
+ if (!jobj_tmp) {
+ r = -EINVAL;
+ goto err;
+ }
+
+ jobj_segment_old = json_segment_create_crypt(data_offset,
+ json_segment_get_iv_offset(jobj_tmp),
+ device_size ? &device_size : NULL,
+ json_segment_get_cipher(jobj_tmp),
+ json_segment_get_sector_size(jobj_tmp),
+ 0);
+ } else {
+ if (json_object_copy(LUKS2_get_segment_jobj(hdr, CRYPT_DEFAULT_SEGMENT), &jobj_segment_old)) {
+ r = -EINVAL;
+ goto err;
+ }
+ }
+ } else if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
r = LUKS2_get_data_size(hdr, &tmp, NULL);
if (r)
goto err;
- jobj_segment_old = json_segment_create_linear(0, tmp ? &tmp : NULL, 0);
+
+ if (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT)
+ jobj_segment_old = json_segment_create_linear(0, tmp ? &tmp : NULL, 0);
+ else
+ jobj_segment_old = json_segment_create_linear(data_offset, tmp ? &tmp : NULL, 0);
}
if (!jobj_segment_old) {
/* FIXME: also check occupied space by keyslot in shrunk area */
if (params->direction == CRYPT_REENCRYPT_FORWARD && data_shift &&
crypt_metadata_device(cd) == crypt_data_device(cd) &&
- LUKS2_set_keyslots_size(cd, hdr, json_segment_get_offset(reencrypt_segment_new(hdr), 0))) {
+ LUKS2_set_keyslots_size(hdr, json_segment_get_offset(reencrypt_segment_new(hdr), 0))) {
log_err(cd, _("Failed to set new keyslots area size."));
r = -EINVAL;
goto err;
return r;
}
-static int reencrypt_verify_and_upload_keys(struct crypt_device *cd, struct luks2_hdr *hdr, int digest_old, int digest_new, struct volume_key *vks)
+static int reencrypt_verify_single_key(struct crypt_device *cd, int digest, struct volume_key *vks)
+{
+ struct volume_key *vk;
+
+ vk = crypt_volume_key_by_id(vks, digest);
+ if (!vk)
+ return -ENOENT;
+
+ if (LUKS2_digest_verify_by_digest(cd, digest, vk) != digest)
+ return -EINVAL;
+
+ return 0;
+}
+
+static int reencrypt_verify_keys(struct crypt_device *cd,
+ int digest_old,
+ int digest_new,
+ struct volume_key *vks)
{
int r;
+
+ if (digest_new >= 0 && (r = reencrypt_verify_single_key(cd, digest_new, vks)))
+ return r;
+
+ if (digest_old >= 0 && (r = reencrypt_verify_single_key(cd, digest_old, vks)))
+ return r;
+
+ return 0;
+}
+
+static int reencrypt_upload_single_key(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int digest,
+ struct volume_key *vks)
+{
struct volume_key *vk;
- if (digest_new >= 0) {
- vk = crypt_volume_key_by_id(vks, digest_new);
- if (!vk)
- return -ENOENT;
- else {
- if (LUKS2_digest_verify_by_digest(cd, hdr, digest_new, vk) != digest_new)
- return -EINVAL;
+ vk = crypt_volume_key_by_id(vks, digest);
+ if (!vk)
+ return -EINVAL;
- if (crypt_use_keyring_for_vk(cd) && !crypt_is_cipher_null(reencrypt_segment_cipher_new(hdr)) &&
- (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk))))
- return r;
+ return LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, digest);
+}
+
+static int reencrypt_upload_keys(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int digest_old,
+ int digest_new,
+ struct volume_key *vks)
+{
+ int r;
+
+ if (!crypt_use_keyring_for_vk(cd))
+ return 0;
+
+ if (digest_new >= 0 && !crypt_is_cipher_null(reencrypt_segment_cipher_new(hdr)) &&
+ (r = reencrypt_upload_single_key(cd, hdr, digest_new, vks)))
+ return r;
+
+ if (digest_old >= 0 && !crypt_is_cipher_null(reencrypt_segment_cipher_old(hdr)) &&
+ (r = reencrypt_upload_single_key(cd, hdr, digest_old, vks))) {
+ crypt_drop_keyring_key(cd, vks);
+ return r;
+ }
+
+ return 0;
+}
+
+static int reencrypt_verify_and_upload_keys(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int digest_old,
+ int digest_new,
+ struct volume_key *vks)
+{
+ int r;
+
+ r = reencrypt_verify_keys(cd, digest_old, digest_new, vks);
+ if (r)
+ return r;
+
+ r = reencrypt_upload_keys(cd, hdr, digest_old, digest_new, vks);
+ if (r)
+ return r;
+
+ return 0;
+}
+
+static int reencrypt_verify_checksum_params(struct crypt_device *cd,
+ const struct crypt_params_reencrypt *params)
+{
+ size_t len;
+ struct crypt_hash *ch;
+
+ assert(params);
+
+ if (!params->hash)
+ return -EINVAL;
+
+ len = strlen(params->hash);
+ if (!len || len > (LUKS2_CHECKSUM_ALG_L - 1))
+ return -EINVAL;
+
+ if (crypt_hash_size(params->hash) <= 0)
+ return -EINVAL;
+
+ if (crypt_hash_init(&ch, params->hash)) {
+ log_err(cd, _("Hash algorithm %s is not available."), params->hash);
+ return -EINVAL;
+ }
+ /* We just check for alg availability */
+ crypt_hash_destroy(ch);
+
+ return 0;
+}
+
+static int reencrypt_verify_datashift_params(struct crypt_device *cd,
+ const struct crypt_params_reencrypt *params,
+ uint32_t sector_size)
+{
+ assert(params);
+
+ if (!params->data_shift)
+ return -EINVAL;
+ if (MISALIGNED(params->data_shift, sector_size >> SECTOR_SHIFT)) {
+ log_err(cd, _("Data shift value is not aligned to encryption sector size (%" PRIu32 " bytes)."),
+ sector_size);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int reencrypt_verify_resilience_params(struct crypt_device *cd,
+ const struct crypt_params_reencrypt *params,
+ uint32_t sector_size, bool move_first_segment)
+{
+ /* no change requested */
+ if (!params || !params->resilience)
+ return 0;
+
+ if (!strcmp(params->resilience, "journal"))
+ return (params->data_shift || move_first_segment) ? -EINVAL : 0;
+ else if (!strcmp(params->resilience, "none"))
+ return (params->data_shift || move_first_segment) ? -EINVAL : 0;
+ else if (!strcmp(params->resilience, "datashift"))
+ return reencrypt_verify_datashift_params(cd, params, sector_size);
+ else if (!strcmp(params->resilience, "checksum")) {
+ if (params->data_shift || move_first_segment)
+ return -EINVAL;
+ return reencrypt_verify_checksum_params(cd, params);
+ } else if (!strcmp(params->resilience, "datashift-checksum")) {
+ if (!move_first_segment ||
+ reencrypt_verify_datashift_params(cd, params, sector_size))
+ return -EINVAL;
+ return reencrypt_verify_checksum_params(cd, params);
+ } else if (!strcmp(params->resilience, "datashift-journal")) {
+ if (!move_first_segment)
+ return -EINVAL;
+ return reencrypt_verify_datashift_params(cd, params, sector_size);
+ }
+
+ log_err(cd, _("Unsupported resilience mode %s"), params->resilience);
+ return -EINVAL;
+}
+
+static int reencrypt_decrypt_with_datashift_init(struct crypt_device *cd,
+ const char *name,
+ struct luks2_hdr *hdr,
+ int reencrypt_keyslot,
+ uint32_t sector_size,
+ uint64_t data_size,
+ uint64_t data_offset,
+ const char *passphrase,
+ size_t passphrase_size,
+ int keyslot_old,
+ const struct crypt_params_reencrypt *params,
+ struct volume_key **vks)
+{
+ bool clear_table = false;
+ int r, devfd = -1;
+ uint64_t data_shift, max_moved_segment_length, moved_segment_length;
+ struct reenc_protection check_rp = {};
+ struct crypt_dm_active_device dmd_target, dmd_source = {
+ .uuid = crypt_get_uuid(cd),
+ .flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
+ };
+ json_object *jobj_segments_old;
+
+ assert(hdr);
+ assert(params);
+ assert(params->resilience);
+ assert(params->data_shift);
+ assert(vks);
+
+ if (!data_offset)
+ return -EINVAL;
+
+ if (params->max_hotzone_size > params->data_shift) {
+ log_err(cd, _("Moved segment size can not be greater than data shift value."));
+ return -EINVAL;
+ }
+
+ log_dbg(cd, "Initializing decryption with datashift.");
+
+ data_shift = params->data_shift << SECTOR_SHIFT;
+
+ /*
+ * In offline mode we must perform data move with exclusively opened data
+ * device in order to exclude LUKS2 decryption process and filesystem mount.
+ */
+ if (name)
+ devfd = device_open(cd, crypt_data_device(cd), O_RDWR);
+ else
+ devfd = device_open_excl(cd, crypt_data_device(cd), O_RDWR);
+ if (devfd < 0)
+ return -EINVAL;
+
+ /* in-memory only */
+ moved_segment_length = params->max_hotzone_size << SECTOR_SHIFT;
+ if (!moved_segment_length)
+ moved_segment_length = data_shift < LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH ?
+ data_shift : LUKS2_DEFAULT_NONE_REENCRYPTION_LENGTH;
+
+ if (moved_segment_length > data_size)
+ moved_segment_length = data_size;
+
+ r = reencrypt_set_decrypt_shift_segments(cd, hdr, data_size,
+ moved_segment_length,
+ params->direction);
+ if (r)
+ goto out;
+
+ r = reencrypt_make_backup_segments(cd, hdr, CRYPT_ANY_SLOT, NULL, data_offset, params);
+ if (r) {
+ log_dbg(cd, "Failed to create reencryption backup device segments.");
+ goto out;
+ }
+
+ r = reencrypt_verify_resilience_params(cd, params, sector_size, true);
+ if (r < 0) {
+ log_err(cd, _("Invalid reencryption resilience parameters."));
+ goto out;
+ }
+
+ r = LUKS2_keyslot_reencrypt_allocate(cd, hdr, reencrypt_keyslot,
+ params, reencrypt_get_alignment(cd, hdr));
+ if (r < 0)
+ goto out;
+
+ r = LUKS2_keyslot_reencrypt_load(cd, hdr, reencrypt_keyslot, &check_rp, false);
+ if (r < 0)
+ goto out;
+
+ r = LUKS2_reencrypt_max_hotzone_size(cd, hdr, &check_rp,
+ reencrypt_keyslot,
+ &max_moved_segment_length);
+ if (r < 0)
+ goto out;
+
+ LUKS2_reencrypt_protection_erase(&check_rp);
+
+ if (moved_segment_length > max_moved_segment_length) {
+ log_err(cd, _("Moved segment too large. Requested size %" PRIu64 ", available space for: %" PRIu64 "."),
+ moved_segment_length, max_moved_segment_length);
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, CRYPT_ANY_SLOT,
+ passphrase, passphrase_size, vks);
+ if (r < 0)
+ goto out;
+
+ r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, LUKS2_DECRYPT_DATASHIFT_REQ_VERSION, *vks);
+ if (r < 0)
+ goto out;
+
+ if (name) {
+ r = reencrypt_verify_and_upload_keys(cd, hdr,
+ LUKS2_reencrypt_digest_old(hdr),
+ LUKS2_reencrypt_digest_new(hdr),
+ *vks);
+ if (r)
+ goto out;
+
+ r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
+ DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
+ DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
+ if (r < 0)
+ goto out;
+
+ jobj_segments_old = reencrypt_segments_old(hdr);
+ if (!jobj_segments_old) {
+ r = -EINVAL;
+ goto out;
+ }
+ r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, jobj_segments_old, &dmd_source);
+ if (!r) {
+ r = crypt_compare_dm_devices(cd, &dmd_source, &dmd_target);
+ if (r)
+ log_err(cd, _("Mismatching parameters on device %s."), name);
+ }
+ json_object_put(jobj_segments_old);
+
+ dm_targets_free(cd, &dmd_source);
+ dm_targets_free(cd, &dmd_target);
+ free(CONST_CAST(void*)dmd_target.uuid);
+
+ if (r)
+ goto out;
+
+ dmd_source.size = dmd_target.size;
+ r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source);
+ if (!r) {
+ r = dm_reload_device(cd, name, &dmd_source, dmd_target.flags, 0);
+ if (r)
+ log_err(cd, _("Failed to reload device %s."), name);
+ else
+ clear_table = true;
}
+
+ dm_targets_free(cd, &dmd_source);
+
+ if (r)
+ goto out;
}
- if (digest_old >= 0 && digest_old != digest_new) {
- vk = crypt_volume_key_by_id(vks, digest_old);
- if (!vk) {
- r = -ENOENT;
- goto err;
- } else {
- if (LUKS2_digest_verify_by_digest(cd, hdr, digest_old, vk) != digest_old) {
- r = -EINVAL;
- goto err;
- }
- if (crypt_use_keyring_for_vk(cd) && !crypt_is_cipher_null(reencrypt_segment_cipher_old(hdr)) &&
- (r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk))))
- goto err;
+ if (name) {
+ r = dm_suspend_device(cd, name, DM_SUSPEND_SKIP_LOCKFS);
+ if (r) {
+ log_err(cd, _("Failed to suspend device %s."), name);
+ goto out;
}
}
- return 0;
-err:
- crypt_drop_keyring_key(cd, vks);
+ if (reencrypt_move_data(cd, devfd, data_shift, params->mode)) {
+ r = -EIO;
+ goto out;
+ }
+
+ /* This must be first and only write in LUKS2 metadata during _reencrypt_init */
+ r = reencrypt_update_flag(cd, LUKS2_DECRYPT_DATASHIFT_REQ_VERSION, true, true);
+ if (r) {
+ log_dbg(cd, "Failed to set online-reencryption requirement.");
+ r = -EINVAL;
+ } else
+ r = reencrypt_keyslot;
+out:
+ if (r < 0 && clear_table && dm_clear_device(cd, name))
+ log_err(cd, _("Failed to clear table."));
+ else if (clear_table && dm_resume_device(cd, name, DM_SUSPEND_SKIP_LOCKFS))
+ log_err(cd, _("Failed to resume device %s."), name);
+
+ device_release_excl(cd, crypt_data_device(cd));
+ if (r < 0 && LUKS2_hdr_rollback(cd, hdr) < 0)
+ log_dbg(cd, "Failed to rollback LUKS2 metadata after failure.");
+
return r;
}
{
bool move_first_segment;
char _cipher[128];
- uint32_t sector_size;
+ uint32_t check_sector_size, new_sector_size, old_sector_size;
int r, reencrypt_keyslot, devfd = -1;
- uint64_t data_offset, dev_size = 0;
+ uint64_t data_offset, data_size = 0;
struct crypt_dm_active_device dmd_target, dmd_source = {
.uuid = crypt_get_uuid(cd),
.flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
};
- if (!params || params->mode > CRYPT_REENCRYPT_DECRYPT)
+ assert(cd);
+ assert(hdr);
+
+ if (!params || !params->resilience || params->mode > CRYPT_REENCRYPT_DECRYPT)
return -EINVAL;
if (params->mode != CRYPT_REENCRYPT_DECRYPT &&
move_first_segment = (params->flags & CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT);
+ old_sector_size = LUKS2_get_sector_size(hdr);
+
/* implicit sector size 512 for decryption */
- sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
- if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
- NOTPOW2(sector_size)) {
+ new_sector_size = params->luks2 ? params->luks2->sector_size : SECTOR_SIZE;
+ if (new_sector_size < SECTOR_SIZE || new_sector_size > MAX_SECTOR_SIZE ||
+ NOTPOW2(new_sector_size)) {
log_err(cd, _("Unsupported encryption sector size."));
return -EINVAL;
}
+ /* check the larger encryption sector size only */
+ check_sector_size = new_sector_size > old_sector_size ? new_sector_size : old_sector_size;
if (!cipher_mode || *cipher_mode == '\0')
r = snprintf(_cipher, sizeof(_cipher), "%s", cipher);
if (r < 0 || (size_t)r >= sizeof(_cipher))
return -EINVAL;
- if (MISALIGNED(params->data_shift, sector_size >> SECTOR_SHIFT)) {
- log_err(cd, _("Data shift is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size);
- return -EINVAL;
- }
-
data_offset = LUKS2_get_data_offset(hdr) << SECTOR_SHIFT;
r = device_check_access(cd, crypt_data_device(cd), DEV_OK);
if (r)
return r;
- r = device_size(crypt_data_device(cd), &dev_size);
+ r = device_size(crypt_data_device(cd), &data_size);
if (r)
return r;
- dev_size -= data_offset;
+ data_size -= data_offset;
+
+ if (params->device_size) {
+ if ((params->device_size << SECTOR_SHIFT) > data_size) {
+ log_err(cd, _("Reduced data size is larger than real device size."));
+ return -EINVAL;
+ } else
+ data_size = params->device_size << SECTOR_SHIFT;
+ }
- if (MISALIGNED(dev_size, sector_size)) {
- log_err(cd, _("Data device is not aligned to requested encryption sector size (%" PRIu32 " bytes)."), sector_size);
+ if (MISALIGNED(data_size, check_sector_size)) {
+ log_err(cd, _("Data device is not aligned to encryption sector size (%" PRIu32 " bytes)."), check_sector_size);
return -EINVAL;
}
- reencrypt_keyslot = LUKS2_keyslot_find_empty(hdr);
+ reencrypt_keyslot = LUKS2_keyslot_find_empty(cd, hdr, 0);
if (reencrypt_keyslot < 0) {
log_err(cd, _("All key slots full."));
return -EINVAL;
}
+ if (params->mode == CRYPT_REENCRYPT_DECRYPT && (params->data_shift > 0) && move_first_segment)
+ return reencrypt_decrypt_with_datashift_init(cd, name, hdr,
+ reencrypt_keyslot,
+ check_sector_size,
+ data_size,
+ data_offset,
+ passphrase,
+ passphrase_size,
+ keyslot_old,
+ params,
+ vks);
+
+
/*
* We must perform data move with exclusive open data device
* to exclude another cryptsetup process to colide with
* encryption initialization (or mount)
*/
if (move_first_segment) {
- if (dev_size < 2 * (params->data_shift << SECTOR_SHIFT)) {
+ if (data_size < (params->data_shift << SECTOR_SHIFT)) {
log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd)));
return -EINVAL;
}
if (params->data_shift < LUKS2_get_data_offset(hdr)) {
- log_err(cd, _("Data shift (%" PRIu64 " sectors) is less than future data offset (%" PRIu64 " sectors)."), params->data_shift, LUKS2_get_data_offset(hdr));
+ log_err(cd, _("Data shift (%" PRIu64 " sectors) is less than future data offset (%" PRIu64 " sectors)."),
+ params->data_shift, LUKS2_get_data_offset(hdr));
return -EINVAL;
}
devfd = device_open_excl(cd, crypt_data_device(cd), O_RDWR);
if (devfd < 0) {
if (devfd == -EBUSY)
- log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."), device_path(crypt_data_device(cd)));
+ log_err(cd,_("Failed to open %s in exclusive mode (already mapped or mounted)."),
+ device_path(crypt_data_device(cd)));
return -EINVAL;
}
}
if (params->mode == CRYPT_REENCRYPT_ENCRYPT) {
/* in-memory only */
- r = reencrypt_set_encrypt_segments(cd, hdr, dev_size, params->data_shift << SECTOR_SHIFT, move_first_segment, params->direction);
+ r = reencrypt_set_encrypt_segments(cd, hdr, data_size,
+ params->data_shift << SECTOR_SHIFT,
+ move_first_segment,
+ params->direction);
if (r)
- goto err;
+ goto out;
}
- r = LUKS2_keyslot_reencrypt_allocate(cd, hdr, reencrypt_keyslot,
- params);
- if (r < 0)
- goto err;
-
r = reencrypt_make_backup_segments(cd, hdr, keyslot_new, _cipher, data_offset, params);
if (r) {
log_dbg(cd, "Failed to create reencryption backup device segments.");
- goto err;
+ goto out;
}
+ r = reencrypt_verify_resilience_params(cd, params, check_sector_size, move_first_segment);
+ if (r < 0)
+ goto out;
+
+ r = LUKS2_keyslot_reencrypt_allocate(cd, hdr, reencrypt_keyslot, params,
+ reencrypt_get_alignment(cd, hdr));
+ if (r < 0)
+ goto out;
+
r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks);
if (r < 0)
- goto err;
+ goto out;
- r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, *vks);
+ r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, LUKS2_REENCRYPT_REQ_VERSION, *vks);
if (r < 0)
- goto err;
+ goto out;
if (name && params->mode != CRYPT_REENCRYPT_ENCRYPT) {
r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
if (r)
- goto err;
+ goto out;
r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
if (r < 0)
- goto err;
+ goto out;
r = LUKS2_assembly_multisegment_dmd(cd, hdr, *vks, LUKS2_get_segments_jobj(hdr), &dmd_source);
if (!r) {
free(CONST_CAST(void*)dmd_target.uuid);
if (r)
- goto err;
+ goto out;
}
- if (move_first_segment && reencrypt_move_data(cd, devfd, params->data_shift << SECTOR_SHIFT)) {
+ if (move_first_segment && reencrypt_move_data(cd, devfd, params->data_shift << SECTOR_SHIFT, params->mode)) {
r = -EIO;
- goto err;
+ goto out;
}
/* This must be first and only write in LUKS2 metadata during _reencrypt_init */
- r = reencrypt_update_flag(cd, 1, true);
+ r = reencrypt_update_flag(cd, LUKS2_REENCRYPT_REQ_VERSION, true, true);
if (r) {
log_dbg(cd, "Failed to set online-reencryption requirement.");
r = -EINVAL;
} else
r = reencrypt_keyslot;
-err:
+out:
device_release_excl(cd, crypt_data_device(cd));
- if (r < 0)
- crypt_load(cd, CRYPT_LUKS2, NULL);
+ if (r < 0 && LUKS2_hdr_rollback(cd, hdr) < 0)
+ log_dbg(cd, "Failed to rollback LUKS2 metadata after failure.");
return r;
}
static int reencrypt_hotzone_protect_final(struct crypt_device *cd,
- struct luks2_hdr *hdr, struct luks2_reencrypt *rh,
+ struct luks2_hdr *hdr, int reencrypt_keyslot,
+ const struct reenc_protection *rp,
const void *buffer, size_t buffer_len)
{
const void *pbuffer;
size_t data_offset, len;
int r;
- if (rh->rp.type == REENC_PROTECTION_NONE)
+ assert(hdr);
+ assert(rp);
+
+ if (rp->type == REENC_PROTECTION_NONE)
return 0;
- if (rh->rp.type == REENC_PROTECTION_CHECKSUM) {
+ if (rp->type == REENC_PROTECTION_CHECKSUM) {
log_dbg(cd, "Checksums hotzone resilience.");
- for (data_offset = 0, len = 0; data_offset < buffer_len; data_offset += rh->alignment, len += rh->rp.p.csum.hash_size) {
- if (crypt_hash_write(rh->rp.p.csum.ch, (const char *)buffer + data_offset, rh->alignment)) {
+ for (data_offset = 0, len = 0; data_offset < buffer_len; data_offset += rp->p.csum.block_size, len += rp->p.csum.hash_size) {
+ if (crypt_hash_write(rp->p.csum.ch, (const char *)buffer + data_offset, rp->p.csum.block_size)) {
log_dbg(cd, "Failed to hash sector at offset %zu.", data_offset);
return -EINVAL;
}
- if (crypt_hash_final(rh->rp.p.csum.ch, (char *)rh->rp.p.csum.checksums + len, rh->rp.p.csum.hash_size)) {
+ if (crypt_hash_final(rp->p.csum.ch, (char *)rp->p.csum.checksums + len, rp->p.csum.hash_size)) {
log_dbg(cd, "Failed to finalize hash.");
return -EINVAL;
}
}
- pbuffer = rh->rp.p.csum.checksums;
- } else if (rh->rp.type == REENC_PROTECTION_JOURNAL) {
+ pbuffer = rp->p.csum.checksums;
+ } else if (rp->type == REENC_PROTECTION_JOURNAL) {
log_dbg(cd, "Journal hotzone resilience.");
len = buffer_len;
pbuffer = buffer;
- } else if (rh->rp.type == REENC_PROTECTION_DATASHIFT) {
+ } else if (rp->type == REENC_PROTECTION_DATASHIFT) {
log_dbg(cd, "Data shift hotzone resilience.");
return LUKS2_hdr_write(cd, hdr);
} else
log_dbg(cd, "Going to store %zu bytes in reencrypt keyslot.", len);
- r = LUKS2_keyslot_reencrypt_store(cd, hdr, rh->reenc_keyslot, pbuffer, len);
+ r = LUKS2_keyslot_reencrypt_store(cd, hdr, reencrypt_keyslot, pbuffer, len);
return r > 0 ? 0 : r;
}
return -EINVAL;
if (rh->direction == CRYPT_REENCRYPT_BACKWARD) {
- if (rh->data_shift && rh->mode == CRYPT_REENCRYPT_ENCRYPT) {
+ if (rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->mode == CRYPT_REENCRYPT_ENCRYPT) {
if (rh->offset)
- rh->offset -= rh->data_shift;
- if (rh->offset && (rh->offset < rh->data_shift)) {
+ rh->offset -= data_shift_value(&rh->rp);
+ if (rh->offset && (rh->offset < data_shift_value(&rh->rp))) {
rh->length = rh->offset;
- rh->offset = rh->data_shift;
+ rh->offset = data_shift_value(&rh->rp);
}
if (!rh->offset)
- rh->length = rh->data_shift;
+ rh->length = data_shift_value(&rh->rp);
} else {
if (rh->offset < rh->length)
rh->length = rh->offset;
}
} else if (rh->direction == CRYPT_REENCRYPT_FORWARD) {
rh->offset += (uint64_t)rh->read;
+ if (rh->device_size == rh->offset &&
+ rh->jobj_segment_moved &&
+ rh->mode == CRYPT_REENCRYPT_DECRYPT &&
+ rh->rp.type == REENC_PROTECTION_DATASHIFT) {
+ rh->offset = 0;
+ rh->length = json_segment_get_size(rh->jobj_segment_moved, 0);
+ }
/* it fails in-case of device_size < rh->offset later */
- if (rh->device_size - rh->offset < rh->length)
+ else if (rh->device_size - rh->offset < rh->length)
rh->length = rh->device_size - rh->offset;
} else
return -EINVAL;
static int reencrypt_load(struct crypt_device *cd, struct luks2_hdr *hdr,
uint64_t device_size,
- const struct crypt_params_reencrypt *params,
+ uint64_t max_hotzone_size,
+ uint64_t required_device_size,
struct volume_key *vks,
struct luks2_reencrypt **rh)
{
return r;
if (ri == CRYPT_REENCRYPT_CLEAN)
- r = reencrypt_load_clean(cd, hdr, device_size, &tmp, params);
+ r = reencrypt_load_clean(cd, hdr, device_size, max_hotzone_size, required_device_size, &tmp);
else if (ri == CRYPT_REENCRYPT_CRASH)
r = reencrypt_load_crashed(cd, hdr, device_size, &tmp);
else
if (r < 0)
return -ENOMEM;
if (r < 20) {
- r = -EINVAL;
- goto out;
+ free(lock_resource);
+ return -EINVAL;
}
r = crypt_write_lock(cd, lock_resource, false, reencrypt_lock);
-out:
+
free(lock_resource);
return r;
struct volume_key **vks,
const struct crypt_params_reencrypt *params)
{
- int r, old_ss, new_ss;
+ int r, reencrypt_slot;
struct luks2_hdr *hdr;
struct crypt_lock_handle *reencrypt_lock;
struct luks2_reencrypt *rh;
const struct volume_key *vk;
+ size_t alignment;
+ uint32_t old_sector_size, new_sector_size, sector_size;
struct crypt_dm_active_device dmd_target, dmd_source = {
.uuid = crypt_get_uuid(cd),
.flags = CRYPT_ACTIVATE_SHARED /* turn off exclusive open checks */
};
- uint64_t minimal_size, device_size, mapping_size = 0, required_size = 0;
+ uint64_t minimal_size, device_size, mapping_size = 0, required_size = 0,
+ max_hotzone_size = 0;
bool dynamic;
- struct crypt_params_reencrypt rparams = {};
uint32_t flags = 0;
+ assert(cd);
+
+ hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
+ if (!hdr)
+ return -EINVAL;
+
+ log_dbg(cd, "Loading LUKS2 reencryption context.");
+
+ old_sector_size = reencrypt_get_sector_size_old(hdr);
+ new_sector_size = reencrypt_get_sector_size_new(hdr);
+ sector_size = new_sector_size > old_sector_size ? new_sector_size : old_sector_size;
+
+ r = reencrypt_verify_resilience_params(cd, params, sector_size,
+ LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0);
+ if (r < 0)
+ return r;
+
if (params) {
- rparams = *params;
required_size = params->device_size;
+ max_hotzone_size = params->max_hotzone_size;
}
- log_dbg(cd, "Loading LUKS2 reencryption context.");
-
rh = crypt_get_luks2_reencrypt(cd);
if (rh) {
LUKS2_reencrypt_free(cd, rh);
rh = NULL;
}
- hdr = crypt_get_hdr(cd, CRYPT_LUKS2);
-
r = reencrypt_lock_and_verify(cd, hdr, &reencrypt_lock);
if (r)
return r;
+ reencrypt_slot = LUKS2_find_keyslot(hdr, "reencrypt");
+ if (reencrypt_slot < 0) {
+ r = -EINVAL;
+ goto err;
+ }
+
/* From now on we hold reencryption lock */
- if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic))
- return -EINVAL;
+ if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic)) {
+ r = -EINVAL;
+ goto err;
+ }
/* some configurations provides fixed device size */
r = LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, false, dynamic);
minimal_size >>= SECTOR_SHIFT;
- old_ss = reencrypt_get_sector_size_old(hdr);
- new_ss = reencrypt_get_sector_size_new(hdr);
-
- r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
+ r = reencrypt_verify_keys(cd, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
if (r == -ENOENT) {
log_dbg(cd, "Keys are not ready. Unlocking all volume keys.");
r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, vks);
- if (r < 0)
- goto err;
- r = reencrypt_verify_and_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
}
if (r < 0)
goto err;
if (name) {
+ r = reencrypt_upload_keys(cd, hdr, LUKS2_reencrypt_digest_old(hdr), LUKS2_reencrypt_digest_new(hdr), *vks);
+ if (r < 0)
+ goto err;
+
r = dm_query_device(cd, name, DM_ACTIVE_UUID | DM_ACTIVE_DEVICE |
DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
DM_ACTIVE_CRYPT_CIPHER, &dmd_target);
* By default reencryption code aims to retain flags from existing dm device.
* The keyring activation flag can not be inherited if original cipher is null.
*
- * In this case override the flag based on decision made in reencrypt_verify_and_upload_keys
+ * In this case override the flag based on decision made in reencrypt_upload_keys
* above. The code checks if new VK is eligible for keyring.
*/
vk = crypt_volume_key_by_id(*vks, LUKS2_reencrypt_digest_new(hdr));
if ((minimal_size && (required_size < minimal_size)) ||
(required_size > (device_size >> SECTOR_SHIFT)) ||
(!dynamic && (required_size != minimal_size)) ||
- (old_ss > 0 && MISALIGNED(required_size, old_ss >> SECTOR_SHIFT)) ||
- (new_ss > 0 && MISALIGNED(required_size, new_ss >> SECTOR_SHIFT))) {
+ (old_sector_size > 0 && MISALIGNED(required_size, old_sector_size >> SECTOR_SHIFT)) ||
+ (new_sector_size > 0 && MISALIGNED(required_size, new_sector_size >> SECTOR_SHIFT))) {
log_err(cd, _("Illegal device size requested in reencryption parameters."));
goto err;
}
- rparams.device_size = required_size;
}
- r = reencrypt_load(cd, hdr, device_size, &rparams, *vks, &rh);
+ alignment = reencrypt_get_alignment(cd, hdr);
+
+ r = LUKS2_keyslot_reencrypt_update_needed(cd, hdr, reencrypt_slot, params, alignment);
+ if (r > 0) /* metadata update needed */
+ r = LUKS2_keyslot_reencrypt_update(cd, hdr, reencrypt_slot, params, alignment, *vks);
+ if (r < 0)
+ goto err;
+
+ r = reencrypt_load(cd, hdr, device_size, max_hotzone_size, required_size, *vks, &rh);
if (r < 0 || !rh)
goto err;
}
device_release_excl(cd, crypt_data_device(cd));
- /* FIXME: There's a race for dm device activation not managed by cryptsetup.
+ /* There's a race for dm device activation not managed by cryptsetup.
*
* 1) excl close
* 2) rogue dm device activation
* 3) one or more dm-crypt based wrapper activation
- * 4) next excl open get's skipped due to 3) device from 2) remains undetected.
+ * 4) next excl open gets skipped due to 3) device from 2) remains undetected.
*/
r = reencrypt_init_storage_wrappers(cd, hdr, rh, *vks);
if (r)
if (ri == CRYPT_REENCRYPT_CRASH) {
r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot_old, keyslot_new,
- passphrase, passphrase_size, 0, NULL);
+ passphrase, passphrase_size, NULL);
if (r < 0)
log_err(cd, _("LUKS2 reencryption recovery failed."));
} else {
struct crypt_lock_handle *reencrypt_lock;
struct luks2_reencrypt *rh;
crypt_reencrypt_info ri;
+ uint8_t requirement_version;
+ const char *resilience;
struct volume_key *vks = NULL;
log_dbg(cd, "Loading LUKS2 reencryption context for metadata repair.");
goto out;
}
+ resilience = reencrypt_resilience_type(hdr);
+ if (!resilience) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (reencrypt_mode(hdr) == CRYPT_REENCRYPT_DECRYPT &&
+ !strncmp(resilience, "datashift-", 10) &&
+ LUKS2_get_segment_id_by_flag(hdr, "backup-moved-segment") >= 0)
+ requirement_version = LUKS2_DECRYPT_DATASHIFT_REQ_VERSION;
+ else
+ requirement_version = LUKS2_REENCRYPT_REQ_VERSION;
+
r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new, passphrase, passphrase_size, &vks);
if (r < 0)
goto out;
- r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, vks);
+ r = LUKS2_keyslot_reencrypt_digest_create(cd, hdr, requirement_version, vks);
crypt_free_volume_key(vks);
vks = NULL;
if (r < 0)
goto out;
- /* removes online-reencrypt flag v1 */
- if ((r = reencrypt_update_flag(cd, 0, false)))
- goto out;
-
- /* adds online-reencrypt flag v2 and commits metadata */
- r = reencrypt_update_flag(cd, 1, true);
+ /* replaces old online-reencrypt flag with updated version and commits metadata */
+ r = reencrypt_update_flag(cd, requirement_version, true, true);
out:
LUKS2_reencrypt_unlock(cd, reencrypt_lock);
crypt_free_volume_key(vks);
if (r < 0)
return r;
r = LUKS2_check_cipher(cd, r, cipher, cipher_mode);
- if (r < 0)
+ if (r < 0) {
+ log_err(cd, _("Unable to use cipher specification %s-%s for LUKS2."), cipher, cipher_mode);
return r;
+ }
}
r = LUKS2_device_write_lock(cd, hdr, crypt_metadata_device(cd));
bool online)
{
int r;
+ struct reenc_protection *rp;
+
+ assert(hdr);
+ assert(rh);
+
+ rp = &rh->rp;
/* in memory only */
r = reencrypt_make_segments(cd, hdr, rh, device_size);
return REENC_ERR;
}
- if (online) {
- r = reencrypt_refresh_overlay_devices(cd, hdr, rh->overlay_name, rh->hotzone_name, rh->vks, rh->device_size, rh->flags);
- /* Teardown overlay devices with dm-error. None bio shall pass! */
- if (r != REENC_OK)
- return r;
- }
-
log_dbg(cd, "Reencrypting chunk starting at offset: %" PRIu64 ", size :%" PRIu64 ".", rh->offset, rh->length);
log_dbg(cd, "data_offset: %" PRIu64, crypt_get_data_offset(cd) << SECTOR_SHIFT);
- if (!rh->offset && rh->mode == CRYPT_REENCRYPT_ENCRYPT && rh->data_shift &&
- rh->jobj_segment_moved) {
+ if (!rh->offset && rp->type == REENC_PROTECTION_DATASHIFT && rh->jobj_segment_moved) {
crypt_storage_wrapper_destroy(rh->cw1);
log_dbg(cd, "Reinitializing old segment storage wrapper for moved segment.");
r = crypt_storage_wrapper_init(cd, &rh->cw1, crypt_data_device(cd),
log_err(cd, _("Failed to initialize old segment storage wrapper."));
return REENC_ROLLBACK;
}
+
+ if (rh->rp_moved_segment.type != REENC_PROTECTION_NOT_SET) {
+ log_dbg(cd, "Switching to moved segment resilience type.");
+ rp = &rh->rp_moved_segment;
+ }
+ }
+
+ r = reencrypt_hotzone_protect_ready(cd, rp);
+ if (r) {
+ log_err(cd, _("Failed to initialize hotzone protection."));
+ return REENC_ROLLBACK;
+ }
+
+ if (online) {
+ r = reencrypt_refresh_overlay_devices(cd, hdr, rh->overlay_name, rh->hotzone_name, rh->vks, rh->device_size, rh->flags);
+ /* Teardown overlay devices with dm-error. None bio shall pass! */
+ if (r != REENC_OK)
+ return r;
}
rh->read = crypt_storage_wrapper_read(rh->cw1, rh->offset, rh->reenc_buffer, rh->length);
}
/* metadata commit point */
- r = reencrypt_hotzone_protect_final(cd, hdr, rh, rh->reenc_buffer, rh->read);
+ r = reencrypt_hotzone_protect_final(cd, hdr, rh->reenc_keyslot, rp, rh->reenc_buffer, rh->read);
if (r < 0) {
/* severity normal */
log_err(cd, _("Failed to write reencryption resilience metadata."));
return REENC_FATAL;
}
- if (rh->rp.type != REENC_PROTECTION_NONE && crypt_storage_wrapper_datasync(rh->cw2)) {
+ if (rp->type != REENC_PROTECTION_NONE && crypt_storage_wrapper_datasync(rh->cw2)) {
log_err(cd, _("Failed to sync data."));
return REENC_FATAL;
}
/* metadata commit safe point */
- r = reencrypt_assign_segments(cd, hdr, rh, 0, rh->rp.type != REENC_PROTECTION_NONE);
+ r = reencrypt_assign_segments(cd, hdr, rh, 0, rp->type != REENC_PROTECTION_NONE);
if (r) {
/* severity fatal */
log_err(cd, _("Failed to update metadata after current reencryption hotzone completed."));
return 0;
}
-static int reencrypt_wipe_moved_segment(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
+static int reencrypt_wipe_unused_device_area(struct crypt_device *cd, struct luks2_reencrypt *rh)
{
+ uint64_t offset, length, dev_size;
int r = 0;
- uint64_t offset, length;
- if (rh->jobj_segment_moved) {
+ assert(cd);
+ assert(rh);
+
+ if (rh->jobj_segment_moved && rh->mode == CRYPT_REENCRYPT_ENCRYPT) {
offset = json_segment_get_offset(rh->jobj_segment_moved, 0);
length = json_segment_get_size(rh->jobj_segment_moved, 0);
log_dbg(cd, "Wiping %" PRIu64 " bytes of backup segment data at offset %" PRIu64,
offset, length, 1024 * 1024, NULL, NULL);
}
+ if (r < 0)
+ return r;
+
+ if (rh->rp.type == REENC_PROTECTION_DATASHIFT && rh->direction == CRYPT_REENCRYPT_FORWARD) {
+ r = device_size(crypt_data_device(cd), &dev_size);
+ if (r < 0)
+ return r;
+
+ if (dev_size < data_shift_value(&rh->rp))
+ return -EINVAL;
+
+ offset = dev_size - data_shift_value(&rh->rp);
+ length = data_shift_value(&rh->rp);
+ log_dbg(cd, "Wiping %" PRIu64 " bytes of data at offset %" PRIu64,
+ length, offset);
+ r = crypt_wipe_device(cd, crypt_data_device(cd), CRYPT_WIPE_RANDOM,
+ offset, length, 1024 * 1024, NULL, NULL);
+ }
+
return r;
}
}
if (finished) {
- if (reencrypt_wipe_moved_segment(cd, hdr, rh))
- log_err(cd, _("Failed to wipe backup segment data."));
- if (reencrypt_get_data_offset_new(hdr) && LUKS2_set_keyslots_size(cd, hdr, reencrypt_get_data_offset_new(hdr)))
+ if (reencrypt_wipe_unused_device_area(cd, rh))
+ log_err(cd, _("Failed to wipe unused data device area."));
+ if (reencrypt_get_data_offset_new(hdr) && LUKS2_set_keyslots_size(hdr, reencrypt_get_data_offset_new(hdr)))
log_dbg(cd, "Failed to set new keyslots area size.");
if (rh->digest_old >= 0 && rh->digest_new != rh->digest_old)
for (i = 0; i < LUKS2_KEYSLOTS_MAX; i++)
if (reencrypt_erase_backup_segments(cd, hdr))
log_dbg(cd, "Failed to erase backup segments");
- if (reencrypt_update_flag(cd, 0, false))
+ if (reencrypt_update_flag(cd, 0, false, false))
log_dbg(cd, "Failed to disable reencryption requirement flag.");
/* metadata commit point also removing reencryption flag on-disk */
return 0;
}
-static void reencrypt_teardown_fatal(struct crypt_device *cd, struct luks2_hdr *hdr, struct luks2_reencrypt *rh)
+static void reencrypt_teardown_fatal(struct crypt_device *cd, struct luks2_reencrypt *rh)
{
log_err(cd, _("Fatal error while reencrypting chunk starting at %" PRIu64 ", %" PRIu64 " sectors long."),
(rh->offset >> SECTOR_SHIFT) + crypt_get_data_offset(cd), rh->length >> SECTOR_SHIFT);
if (rh->online) {
- log_err(cd, "Reencryption was run in online mode.");
+ log_err(cd, _("Online reencryption failed."));
if (dm_status_suspended(cd, rh->hotzone_name) > 0) {
log_dbg(cd, "Hotzone device %s suspended, replacing with dm-error.", rh->hotzone_name);
if (dm_error_device(cd, rh->hotzone_name)) {
static int reencrypt_teardown(struct crypt_device *cd, struct luks2_hdr *hdr,
struct luks2_reencrypt *rh, reenc_status_t rs, bool interrupted,
- int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
+ int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+ void *usrptr)
{
int r;
switch (rs) {
case REENC_OK:
if (progress && !interrupted)
- progress(rh->device_size, rh->progress, NULL);
+ progress(rh->device_size, rh->progress, usrptr);
r = reencrypt_teardown_ok(cd, hdr, rh);
break;
case REENC_FATAL:
- reencrypt_teardown_fatal(cd, hdr, rh);
+ reencrypt_teardown_fatal(cd, rh);
/* fall-through */
default:
r = -EIO;
return r;
}
#endif
-int crypt_reencrypt(struct crypt_device *cd,
- int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
+
+int crypt_reencrypt_run(
+ struct crypt_device *cd,
+ int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+ void *usrptr)
{
#if USE_LUKS2_REENCRYPTION
int r;
rs = REENC_OK;
- /* update reencrypt keyslot protection parameters in memory only */
- if (!quit && (rh->device_size > rh->progress)) {
- r = reencrypt_keyslot_update(cd, rh);
- if (r < 0) {
- log_dbg(cd, "Keyslot update failed.");
- return reencrypt_teardown(cd, hdr, rh, REENC_ERR, quit, progress);
- }
- }
+ if (progress && progress(rh->device_size, rh->progress, usrptr))
+ quit = true;
while (!quit && (rh->device_size > rh->progress)) {
rs = reencrypt_step(cd, hdr, rh, rh->device_size, rh->online);
break;
log_dbg(cd, "Progress %" PRIu64 ", device_size %" PRIu64, rh->progress, rh->device_size);
- if (progress && progress(rh->device_size, rh->progress, NULL))
+ if (progress && progress(rh->device_size, rh->progress, usrptr))
quit = true;
r = reencrypt_context_update(cd, rh);
log_dbg(cd, "Next reencryption chunk size will be %" PRIu64 " sectors).", rh->length);
}
- r = reencrypt_teardown(cd, hdr, rh, rs, quit, progress);
+ r = reencrypt_teardown(cd, hdr, rh, rs, quit, progress, usrptr);
return r;
#else
log_err(cd, _("This operation is not supported for this device type."));
#endif
}
+int crypt_reencrypt(
+ struct crypt_device *cd,
+ int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
+{
+ return crypt_reencrypt_run(cd, progress, NULL);
+}
#if USE_LUKS2_REENCRYPTION
static int reencrypt_recovery(struct crypt_device *cd,
struct luks2_hdr *hdr,
int r;
struct luks2_reencrypt *rh = NULL;
- r = reencrypt_load(cd, hdr, device_size, NULL, vks, &rh);
+ r = reencrypt_load(cd, hdr, device_size, 0, 0, vks, &rh);
if (r < 0) {
log_err(cd, _("Failed to load LUKS2 reencryption context."));
return r;
r = reencrypt_recover_segment(cd, hdr, rh, vks);
if (r < 0)
- goto err;
+ goto out;
if ((r = reencrypt_assign_segments(cd, hdr, rh, 0, 0)))
- goto err;
+ goto out;
r = reencrypt_context_update(cd, rh);
if (r) {
log_err(cd, _("Failed to update reencryption context."));
- goto err;
+ goto out;
}
r = reencrypt_teardown_ok(cd, hdr, rh);
if (!r)
r = LUKS2_hdr_write(cd, hdr);
-err:
+out:
LUKS2_reencrypt_free(cd, rh);
return r;
return r;
log_dbg(cd, "Required minimal device size: %" PRIu64 " (%" PRIu64 " sectors)"
- ", real device size: %" PRIu64 " (%" PRIu64 " sectors)\n"
+ ", real device size: %" PRIu64 " (%" PRIu64 " sectors) "
"calculated device size: %" PRIu64 " (%" PRIu64 " sectors)",
check_size, check_size >> SECTOR_SHIFT, real_size, real_size >> SECTOR_SHIFT,
real_size - data_offset, (real_size - data_offset) >> SECTOR_SHIFT);
- if (real_size < data_offset || (check_size && (real_size - data_offset) < check_size)) {
+ if (real_size < data_offset || (check_size && real_size < check_size)) {
log_err(cd, _("Device %s is too small."), device_path(crypt_data_device(cd)));
return -EINVAL;
}
int keyslot_new,
const char *passphrase,
size_t passphrase_size,
- uint32_t flags,
struct volume_key **vks)
{
uint64_t minimal_size, device_size;
r = LUKS2_keyslot_open_all_segments(cd, keyslot_old, keyslot_new,
passphrase, passphrase_size, &_vks);
if (r < 0)
- goto err;
+ goto out;
keyslot = r;
if (crypt_use_keyring_for_vk(cd))
vk = _vks;
while (vk) {
- r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk));
+ r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, crypt_volume_key_get_id(vk));
if (r < 0)
- goto err;
+ goto out;
vk = crypt_volume_key_next(vk);
}
if (LUKS2_reencrypt_check_device_size(cd, hdr, minimal_size, &device_size, true, false))
- goto err;
+ goto out;
r = reencrypt_recovery(cd, hdr, device_size, _vks);
if (!r && vks)
MOVE_REF(*vks, _vks);
-err:
+out:
if (r < 0)
crypt_drop_keyring_key(cd, _vks);
crypt_free_volume_key(_vks);
{
crypt_reencrypt_info ri;
int digest;
- uint32_t version;
+ uint8_t version;
+
+ if (params)
+ memset(params, 0, sizeof(*params));
ri = LUKS2_reencrypt_status(hdr);
if (ri == CRYPT_REENCRYPT_NONE || ri == CRYPT_REENCRYPT_INVALID || !params)
/*
* LUKS - Linux Unified Key Setup v2, reencryption digest helpers
*
- * Copyright (C) 2022, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2022, Ondrej Kozina
- * Copyright (C) 2022, Milan Broz
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2022-2023 Ondrej Kozina
+ * Copyright (C) 2022-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
#include "luks2_internal.h"
-#include <assert.h>
#define MAX_STR 64
{ JU32, jobj_area, "sector_size" },
{}
};
+ struct jtype j_datashift_checksum[] = {
+ { JSTR, jobj_keyslot, "mode" },
+ { JSTR, jobj_keyslot, "direction" },
+ { JSTR, jobj_area, "type" },
+ { JU64, jobj_area, "offset" },
+ { JU64, jobj_area, "size" },
+ { JSTR, jobj_area, "hash" },
+ { JU32, jobj_area, "sector_size" },
+ { JU64, jobj_area, "shift_size" },
+ {}
+ };
- if (!strcmp(area_type, "datashift"))
+ if (!strcmp(area_type, "datashift-checksum"))
+ return srs(j_datashift_checksum, buffer);
+ else if (!strcmp(area_type, "datashift") ||
+ !strcmp(area_type, "datashift-journal"))
return srs(j_datashift, buffer);
else if (!strcmp(area_type, "checksum"))
return srs(j_checksum, buffer);
static int reencrypt_assembly_verification_data(struct crypt_device *cd,
struct luks2_hdr *hdr,
struct volume_key *vks,
+ uint8_t version,
struct volume_key **verification_data)
{
uint8_t *ptr;
struct volume_key *data = NULL, *vk_old = NULL, *vk_new = NULL;
size_t keyslot_data_len, segments_data_len, data_len = 2;
+ /*
+ * This works up to (including) version v207.
+ */
+ assert(version < (UINT8_MAX - 0x2F));
+
/* Keys - calculate length */
digest_new = LUKS2_reencrypt_digest_new(hdr);
digest_old = LUKS2_reencrypt_digest_old(hdr);
if (digest_old >= 0) {
vk_old = crypt_volume_key_by_id(vks, digest_old);
- if (!vk_old)
+ if (!vk_old) {
+ log_dbg(cd, "Key (digest id %d) required but not unlocked.", digest_old);
return -EINVAL;
+ }
data_len += blob_serialize(vk_old->key, vk_old->keylength, NULL);
}
if (digest_new >= 0 && digest_old != digest_new) {
vk_new = crypt_volume_key_by_id(vks, digest_new);
- if (!vk_new)
+ if (!vk_new) {
+ log_dbg(cd, "Key (digest id %d) required but not unlocked.", digest_new);
return -EINVAL;
+ }
data_len += blob_serialize(vk_new->key, vk_new->keylength, NULL);
}
ptr = (uint8_t*)data->key;
- /* v2 */
*ptr++ = 0x76;
- *ptr++ = 0x32;
+ *ptr++ = 0x30 + version;
if (vk_old)
ptr += blob_serialize(vk_old->key, vk_old->keylength, ptr);
int LUKS2_keyslot_reencrypt_digest_create(struct crypt_device *cd,
struct luks2_hdr *hdr,
+ uint8_t version,
struct volume_key *vks)
{
int digest_reencrypt, keyslot_reencrypt, r;
if (keyslot_reencrypt < 0)
return keyslot_reencrypt;
- r = reencrypt_assembly_verification_data(cd, hdr, vks, &data);
+ r = reencrypt_assembly_verification_data(cd, hdr, vks, version, &data);
if (r < 0)
return r;
{
int r, keyslot_reencrypt;
struct volume_key *data;
+ uint8_t version;
+
+ log_dbg(cd, "Verifying reencryption metadata.");
keyslot_reencrypt = LUKS2_find_keyslot(hdr, "reencrypt");
if (keyslot_reencrypt < 0)
return keyslot_reencrypt;
- r = reencrypt_assembly_verification_data(cd, hdr, vks, &data);
+ if (LUKS2_config_get_reencrypt_version(hdr, &version))
+ return -EINVAL;
+
+ r = reencrypt_assembly_verification_data(cd, hdr, vks, version, &data);
if (r < 0)
return r;
/*
* LUKS - Linux Unified Key Setup v2, internal segment handling
*
- * Copyright (C) 2018-2021, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2021, Ondrej Kozina
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
return json_object_get_string(jobj);
}
-int json_segment_get_sector_size(json_object *jobj_segment)
+uint32_t json_segment_get_sector_size(json_object *jobj_segment)
{
json_object *jobj;
+ int i;
if (!jobj_segment ||
!json_object_object_get_ex(jobj_segment, "sector_size", &jobj))
- return -1;
+ return SECTOR_SIZE;
- return json_object_get_int(jobj);
+ i = json_object_get_int(jobj);
+ return i < 0 ? SECTOR_SIZE : i;
}
static json_object *json_segment_get_flags(json_object *jobj_segment)
int LUKS2_segment_first_unused_id(struct luks2_hdr *hdr)
{
json_object *jobj_segments;
- int id, last_id = -1;
if (!json_object_object_get_ex(hdr->jobj, "segments", &jobj_segments))
return -EINVAL;
- json_object_object_foreach(jobj_segments, slot, val) {
- UNUSED(val);
- id = atoi(slot);
- if (id > last_id)
- last_id = id;
- }
-
- return last_id + 1;
+ return json_object_object_length(jobj_segments);
}
int LUKS2_segment_set_flag(json_object *jobj_segment, const char *flag)
/*
* LUKS - Linux Unified Key Setup v2, token handling
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Milan Broz
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <assert.h>
+#include <ctype.h>
+#include <dlfcn.h>
#include "luks2_internal.h"
-/* Builtin tokens */
-extern const crypt_token_handler keyring_handler;
+#if USE_EXTERNAL_TOKENS
+static bool external_tokens_enabled = true;
+#else
+static bool external_tokens_enabled = false;
+#endif
-static token_handler token_handlers[LUKS2_TOKENS_MAX] = {
+static struct crypt_token_handler_internal token_handlers[LUKS2_TOKENS_MAX] = {
/* keyring builtin token */
{
- .get = token_keyring_get,
- .set = token_keyring_set,
- .h = &keyring_handler
- },
+ .version = 1,
+ .u = {
+ .v1 = { .name = LUKS2_TOKEN_KEYRING,
+ .open = keyring_open,
+ .buffer_free = keyring_buffer_free,
+ .validate = keyring_validate,
+ .dump = keyring_dump }
+ }
+ }
};
+void crypt_token_external_disable(void)
+{
+ external_tokens_enabled = false;
+}
+
+const char *crypt_token_external_path(void)
+{
+ return external_tokens_enabled ? EXTERNAL_LUKS2_TOKENS_PATH : NULL;
+}
+
+#if USE_EXTERNAL_TOKENS
+static void *token_dlvsym(struct crypt_device *cd,
+ void *handle,
+ const char *symbol,
+ const char *version)
+{
+ char *error;
+ void *sym;
+
+#ifdef HAVE_DLVSYM
+ log_dbg(cd, "Loading symbol %s@%s.", symbol, version);
+ sym = dlvsym(handle, symbol, version);
+#else
+ log_dbg(cd, "Loading default version of symbol %s.", symbol);
+ sym = dlsym(handle, symbol);
+#endif
+ error = dlerror();
+
+ if (error)
+ log_dbg(cd, "%s", error);
+
+ return sym;
+}
+#endif
+
+static bool token_validate_v1(struct crypt_device *cd, const crypt_token_handler *h)
+{
+ if (!h)
+ return false;
+
+ if (!h->name) {
+ log_dbg(cd, "Error: token handler does not provide name attribute.");
+ return false;
+ }
+
+ if (!h->open) {
+ log_dbg(cd, "Error: token handler does not provide open function.");
+ return false;
+ }
+
+ return true;
+}
+
+#if USE_EXTERNAL_TOKENS
+static bool token_validate_v2(struct crypt_device *cd, const struct crypt_token_handler_internal *h)
+{
+ if (!h)
+ return false;
+
+ if (!token_validate_v1(cd, &h->u.v1))
+ return false;
+
+ if (!h->u.v2.version) {
+ log_dbg(cd, "Error: token handler does not provide " CRYPT_TOKEN_ABI_VERSION " function.");
+ return false;
+ }
+
+ return true;
+}
+
+static bool external_token_name_valid(const char *name)
+{
+ if (!*name || strlen(name) > LUKS2_TOKEN_NAME_MAX)
+ return false;
+
+ while (*name) {
+ if (!isalnum(*name) && *name != '-' && *name != '_')
+ return false;
+ name++;
+ }
+
+ return true;
+}
+#endif
+
+static int
+crypt_token_load_external(struct crypt_device *cd, const char *name, struct crypt_token_handler_internal *ret)
+{
+#if USE_EXTERNAL_TOKENS
+ struct crypt_token_handler_v2 *token;
+ void *h;
+ char buf[PATH_MAX];
+ int r;
+
+ if (!external_tokens_enabled)
+ return -ENOTSUP;
+
+ if (!ret || !name)
+ return -EINVAL;
+
+ if (!external_token_name_valid(name)) {
+ log_dbg(cd, "External token name (%.*s) invalid.", LUKS2_TOKEN_NAME_MAX, name);
+ return -EINVAL;
+ }
+
+ token = &ret->u.v2;
+
+ r = snprintf(buf, sizeof(buf), "%s/libcryptsetup-token-%s.so", crypt_token_external_path(), name);
+ if (r < 0 || (size_t)r >= sizeof(buf))
+ return -EINVAL;
+
+ assert(*buf == '/');
+
+ log_dbg(cd, "Trying to load %s.", buf);
+
+ h = dlopen(buf, RTLD_LAZY);
+ if (!h) {
+ log_dbg(cd, "%s", dlerror());
+ return -EINVAL;
+ }
+ dlerror();
+
+ token->name = strdup(name);
+ token->open = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_OPEN, CRYPT_TOKEN_ABI_VERSION1);
+ token->buffer_free = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_BUFFER_FREE, CRYPT_TOKEN_ABI_VERSION1);
+ token->validate = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_VALIDATE, CRYPT_TOKEN_ABI_VERSION1);
+ token->dump = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_DUMP, CRYPT_TOKEN_ABI_VERSION1);
+ token->open_pin = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_OPEN_PIN, CRYPT_TOKEN_ABI_VERSION1);
+ token->version = token_dlvsym(cd, h, CRYPT_TOKEN_ABI_VERSION, CRYPT_TOKEN_ABI_VERSION1);
+
+ if (!token_validate_v2(cd, ret)) {
+ free(CONST_CAST(void *)token->name);
+ dlclose(h);
+ memset(token, 0, sizeof(*token));
+ return -EINVAL;
+ }
+
+ /* Token loaded, possible error here means only debug message fail and can be ignored */
+ r = snprintf(buf, sizeof(buf), "%s", token->version() ?: "");
+ if (r < 0 || (size_t)r >= sizeof(buf))
+ *buf = '\0';
+
+ log_dbg(cd, "Token handler %s-%s loaded successfully.", token->name, buf);
+
+ token->dlhandle = h;
+ ret->version = 2;
+
+ return 0;
+#else
+ return -ENOTSUP;
+#endif
+}
+
static int is_builtin_candidate(const char *type)
{
return !strncmp(type, LUKS2_BUILTIN_TOKEN_PREFIX, LUKS2_BUILTIN_TOKEN_PREFIX_LEN);
}
-int crypt_token_register(const crypt_token_handler *handler)
+static int crypt_token_find_free(struct crypt_device *cd, const char *name, int *index)
{
int i;
- if (is_builtin_candidate(handler->name)) {
- log_dbg(NULL, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
+ if (is_builtin_candidate(name)) {
+ log_dbg(cd, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
return -EINVAL;
}
- for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) {
- if (!strcmp(token_handlers[i].h->name, handler->name)) {
- log_dbg(NULL, "Keyslot handler %s is already registered.", handler->name);
+ for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].u.v1.name; i++) {
+ if (!strcmp(token_handlers[i].u.v1.name, name)) {
+ log_dbg(cd, "Keyslot handler %s is already registered.", name);
return -EINVAL;
}
}
if (i == LUKS2_TOKENS_MAX)
return -EINVAL;
- token_handlers[i].h = handler;
+ if (index)
+ *index = i;
+
+ return 0;
+}
+
+int crypt_token_register(const crypt_token_handler *handler)
+{
+ int i, r;
+
+ if (!token_validate_v1(NULL, handler))
+ return -EINVAL;
+
+ r = crypt_token_find_free(NULL, handler->name, &i);
+ if (r < 0)
+ return r;
+
+ token_handlers[i].version = 1;
+ token_handlers[i].u.v1 = *handler;
return 0;
}
-static const token_handler
-*LUKS2_token_handler_type_internal(struct crypt_device *cd, const char *type)
+void crypt_token_unload_external_all(struct crypt_device *cd)
{
+#if USE_EXTERNAL_TOKENS
int i;
- for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++)
- if (!strcmp(token_handlers[i].h->name, type))
- return token_handlers + i;
+ for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) {
+ if (token_handlers[i].version < 2)
+ continue;
+
+ log_dbg(cd, "Unloading %s token handler.", token_handlers[i].u.v2.name);
+
+ free(CONST_CAST(void *)token_handlers[i].u.v2.name);
- return NULL;
+ if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle))
+ log_dbg(cd, "%s", dlerror());
+ }
+#endif
}
-static const crypt_token_handler
+static const void
*LUKS2_token_handler_type(struct crypt_device *cd, const char *type)
{
- const token_handler *th = LUKS2_token_handler_type_internal(cd, type);
+ int i;
- return th ? th->h : NULL;
+ for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].u.v1.name; i++)
+ if (!strcmp(token_handlers[i].u.v1.name, type))
+ return &token_handlers[i].u;
+
+ if (i >= LUKS2_TOKENS_MAX)
+ return NULL;
+
+ if (is_builtin_candidate(type))
+ return NULL;
+
+ if (crypt_token_load_external(cd, type, &token_handlers[i]))
+ return NULL;
+
+ return &token_handlers[i].u;
}
-static const token_handler
-*LUKS2_token_handler_internal(struct crypt_device *cd, int token)
+static const void
+*LUKS2_token_handler(struct crypt_device *cd, int token)
{
struct luks2_hdr *hdr;
json_object *jobj1, *jobj2;
if (!json_object_object_get_ex(jobj1, "type", &jobj2))
return NULL;
- return LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj2));
-}
-
-static const crypt_token_handler
-*LUKS2_token_handler(struct crypt_device *cd, int token)
-{
- const token_handler *th = LUKS2_token_handler_internal(cd, token);
-
- return th ? th->h : NULL;
+ return LUKS2_token_handler_type(cd, json_object_get_string(jobj2));
}
static int LUKS2_token_find_free(struct luks2_hdr *hdr)
int commit)
{
const crypt_token_handler *h;
- const token_handler *th;
json_object *jobj_tokens, *jobj_type, *jobj;
enum json_tokener_error jerr;
char num[16];
}
json_object_object_get_ex(jobj, "type", &jobj_type);
- if (is_builtin_candidate(json_object_get_string(jobj_type))) {
- th = LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj_type));
- if (!th || !th->set) {
- log_dbg(cd, "%s is builtin token candidate with missing handler", json_object_get_string(jobj_type));
- json_object_put(jobj);
- return -EINVAL;
- }
- h = th->h;
- } else
- h = LUKS2_token_handler_type(cd, json_object_get_string(jobj_type));
+ h = LUKS2_token_handler_type(cd, json_object_get_string(jobj_type));
+
+ if (is_builtin_candidate(json_object_get_string(jobj_type)) && !h) {
+ log_dbg(cd, "%s is builtin token candidate with missing handler",
+ json_object_get_string(jobj_type));
+ json_object_put(jobj);
+ return -EINVAL;
+ }
if (h && h->validate && h->validate(cd, json)) {
json_object_put(jobj);
const char **type)
{
const char *tmp;
- const token_handler *th;
+ const crypt_token_handler *th;
json_object *jobj_type, *jobj_token;
if (token < 0 || token >= LUKS2_TOKENS_MAX)
json_object_object_get_ex(jobj_token, "type", &jobj_type);
tmp = json_object_get_string(jobj_type);
- if ((th = LUKS2_token_handler_type_internal(cd, tmp))) {
+ if ((th = LUKS2_token_handler_type(cd, tmp))) {
if (type)
- *type = th->h->name;
- return th->set ? CRYPT_TOKEN_INTERNAL : CRYPT_TOKEN_EXTERNAL;
+ *type = th->name;
+ return is_builtin_candidate(tmp) ? CRYPT_TOKEN_INTERNAL : CRYPT_TOKEN_EXTERNAL;
}
if (type)
return is_builtin_candidate(tmp) ? CRYPT_TOKEN_INTERNAL_UNKNOWN : CRYPT_TOKEN_EXTERNAL_UNKNOWN;
}
-int LUKS2_builtin_token_get(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int token,
- const char *type,
- void *params)
+static const char *token_json_to_string(json_object *jobj_token)
{
- const token_handler *th = LUKS2_token_handler_type_internal(cd, type);
-
- // internal error
- assert(th && th->get);
-
- return th->get(LUKS2_get_token_jobj(hdr, token), params) ?: token;
+ return json_object_to_json_string_ext(jobj_token,
+ JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
}
-int LUKS2_builtin_token_create(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int token,
- const char *type,
- const void *params,
- int commit)
+static int token_is_usable(struct luks2_hdr *hdr, json_object *jobj_token, int segment,
+ crypt_keyslot_priority minimal_priority, bool requires_keyslot)
{
- const token_handler *th;
- int r;
- json_object *jobj_token, *jobj_tokens;
+ crypt_keyslot_priority keyslot_priority;
+ json_object *jobj_array;
+ int i, keyslot, len, r = -ENOENT;
- th = LUKS2_token_handler_type_internal(cd, type);
+ if (!jobj_token)
+ return -EINVAL;
- // at this point all builtin handlers must exist and have validate fn defined
- assert(th && th->set && th->h->validate);
+ if (!json_object_object_get_ex(jobj_token, "keyslots", &jobj_array))
+ return -EINVAL;
- if (token == CRYPT_ANY_TOKEN) {
- if ((token = LUKS2_token_find_free(hdr)) < 0)
- log_err(cd, _("No free token slot."));
- }
- if (token < 0 || token >= LUKS2_TOKENS_MAX)
+ if (segment < 0 && segment != CRYPT_ANY_SEGMENT)
return -EINVAL;
- r = th->set(&jobj_token, params);
- if (r) {
- log_err(cd, _("Failed to create builtin token %s."), type);
- return r;
- }
+ /* no assigned keyslot returns -ENOENT even for CRYPT_ANY_SEGMENT */
+ len = json_object_array_length(jobj_array);
+ if (len < 0)
+ return -ENOENT;
- // builtin tokens must produce valid json
- r = LUKS2_token_validate(cd, hdr->jobj, jobj_token, "new");
- assert(!r);
- r = th->h->validate(cd, json_object_to_json_string_ext(jobj_token,
- JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE));
- assert(!r);
+ if (!requires_keyslot)
+ return 0;
- json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
- json_object_object_add_by_uint(jobj_tokens, token, jobj_token);
- if (LUKS2_check_json_size(cd, hdr)) {
- log_dbg(cd, "Not enough space in header json area for new %s token.", type);
- json_object_object_del_by_uint(jobj_tokens, token);
- return -ENOSPC;
+ if (!len)
+ return -ENOENT;
+
+ for (i = 0; i < len; i++) {
+ keyslot = atoi(json_object_get_string(json_object_array_get_idx(jobj_array, i)));
+
+ keyslot_priority = LUKS2_keyslot_priority_get(hdr, keyslot);
+ if (keyslot_priority == CRYPT_SLOT_PRIORITY_INVALID)
+ return -EINVAL;
+
+ if (keyslot_priority < minimal_priority)
+ continue;
+
+ r = LUKS2_keyslot_for_segment(hdr, keyslot, segment);
+ if (r != -ENOENT)
+ return r;
}
- if (commit)
- return LUKS2_hdr_write(cd, hdr) ?: token;
+ return r;
+}
- return token;
+static int translate_errno(struct crypt_device *cd, int ret_val, const char *type)
+{
+ if ((ret_val > 0 || ret_val == -EINVAL || ret_val == -EPERM) && !is_builtin_candidate(type)) {
+ log_dbg(cd, "%s token handler returned %d. Changing to %d.", type, ret_val, -ENOENT);
+ ret_val = -ENOENT;
+ }
+
+ return ret_val;
}
-static int LUKS2_token_open(struct crypt_device *cd,
+static int token_open(struct crypt_device *cd,
struct luks2_hdr *hdr,
int token,
+ json_object *jobj_token,
+ const char *type,
+ int segment,
+ crypt_keyslot_priority priority,
+ const char *pin,
+ size_t pin_size,
char **buffer,
size_t *buffer_len,
- void *usrptr)
+ void *usrptr,
+ bool requires_keyslot)
{
- const char *json;
- const crypt_token_handler *h;
+ const struct crypt_token_handler_v2 *h;
+ json_object *jobj_type;
int r;
- if (!(h = LUKS2_token_handler(cd, token)))
- return -ENOENT;
+ assert(token >= 0);
+ assert(jobj_token);
+ assert(priority >= 0);
- if (h->validate) {
- if (LUKS2_token_json_get(cd, hdr, token, &json))
+ if (type) {
+ if (!json_object_object_get_ex(jobj_token, "type", &jobj_type))
return -EINVAL;
+ if (strcmp(type, json_object_get_string(jobj_type)))
+ return -ENOENT;
+ }
- if (h->validate(cd, json)) {
- log_dbg(cd, "Token %d (%s) validation failed.", token, h->name);
- return -EINVAL;
- }
+ r = token_is_usable(hdr, jobj_token, segment, priority, requires_keyslot);
+ if (r < 0) {
+ if (r == -ENOENT)
+ log_dbg(cd, "Token %d unusable for segment %d with desired keyslot priority %d.",
+ token, segment, priority);
+ return r;
}
- r = h->open(cd, token, buffer, buffer_len, usrptr);
+ if (!(h = LUKS2_token_handler(cd, token)))
+ return -ENOENT;
+
+ if (h->validate && h->validate(cd, token_json_to_string(jobj_token))) {
+ log_dbg(cd, "Token %d (%s) validation failed.", token, h->name);
+ return -ENOENT;
+ }
+
+ if (pin && !h->open_pin)
+ r = -ENOENT;
+ else if (pin)
+ r = translate_errno(cd, h->open_pin(cd, token, pin, pin_size, buffer, buffer_len, usrptr), h->name);
+ else
+ r = translate_errno(cd, h->open(cd, token, buffer, buffer_len, usrptr), h->name);
if (r < 0)
log_dbg(cd, "Token %d (%s) open failed with %d.", token, h->name, r);
}
}
+static bool break_loop_retval(int r)
+{
+ if (r == -ENOENT || r == -EPERM || r == -EAGAIN || r == -ENOANO)
+ return false;
+ return true;
+}
+
+static void update_return_errno(int r, int *stored)
+{
+ if (*stored == -ENOANO)
+ return;
+ else if (r == -ENOANO)
+ *stored = r;
+ else if (r == -EAGAIN && *stored != -ENOANO)
+ *stored = r;
+ else if (r == -EPERM && (*stored != -ENOANO && *stored != -EAGAIN))
+ *stored = r;
+}
+
static int LUKS2_keyslot_open_by_token(struct crypt_device *cd,
struct luks2_hdr *hdr,
int token,
int segment,
+ crypt_keyslot_priority priority,
const char *buffer,
size_t buffer_len,
struct volume_key **vk)
{
- const crypt_token_handler *h;
- json_object *jobj_token, *jobj_token_keyslots, *jobj;
+ crypt_keyslot_priority keyslot_priority;
+ json_object *jobj_token, *jobj_token_keyslots, *jobj_type, *jobj;
unsigned int num = 0;
- int i, r;
-
- if (!(h = LUKS2_token_handler(cd, token)))
- return -ENOENT;
+ int i, r = -ENOENT, stored_retval = -ENOENT;
jobj_token = LUKS2_get_token_jobj(hdr, token);
if (!jobj_token)
return -EINVAL;
+ if (!json_object_object_get_ex(jobj_token, "type", &jobj_type))
+ return -EINVAL;
+
json_object_object_get_ex(jobj_token, "keyslots", &jobj_token_keyslots);
if (!jobj_token_keyslots)
return -EINVAL;
/* Try to open keyslot referenced in token */
- r = -EINVAL;
for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) {
jobj = json_object_array_get_idx(jobj_token_keyslots, i);
num = atoi(json_object_get_string(jobj));
- log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).", num, token, h->name);
+ keyslot_priority = LUKS2_keyslot_priority_get(hdr, num);
+ if (keyslot_priority == CRYPT_SLOT_PRIORITY_INVALID)
+ return -EINVAL;
+ if (keyslot_priority < priority)
+ continue;
+ log_dbg(cd, "Trying to open keyslot %u with token %d (type %s).",
+ num, token, json_object_get_string(jobj_type));
r = LUKS2_keyslot_open(cd, num, segment, buffer, buffer_len, vk);
+ /* short circuit on fatal error */
+ if (r < 0 && r != -EPERM && r != -ENOENT)
+ return r;
+ /* save -EPERM in case no other keyslot is usable */
+ if (r == -EPERM)
+ stored_retval = r;
}
if (r < 0)
- return r;
+ return stored_retval;
return num;
}
-int LUKS2_token_open_and_activate(struct crypt_device *cd,
- struct luks2_hdr *hdr,
- int token,
- const char *name,
- uint32_t flags,
- void *usrptr)
+static bool token_is_blocked(int token, uint32_t *block_list)
+{
+ /* it is safe now, but have assert in case LUKS2_TOKENS_MAX grows */
+ assert(token >= 0 && (size_t)token < BITFIELD_SIZE(block_list));
+
+ return (*block_list & (UINT32_C(1) << token));
+}
+
+static void token_block(int token, uint32_t *block_list)
+{
+ /* it is safe now, but have assert in case LUKS2_TOKENS_MAX grows */
+ assert(token >= 0 && (size_t)token < BITFIELD_SIZE(block_list));
+
+ *block_list |= (UINT32_C(1) << token);
+}
+
+static int token_open_priority(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ json_object *jobj_tokens,
+ const char *type,
+ int segment,
+ crypt_keyslot_priority priority,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr,
+ int *stored_retval,
+ uint32_t *block_list,
+ struct volume_key **vk)
{
- bool use_keyring;
- int keyslot, r;
char *buffer;
- size_t buffer_len;
- struct volume_key *vk = NULL;
+ size_t buffer_size;
+ int token, r;
- r = LUKS2_token_open(cd, hdr, token, &buffer, &buffer_len, usrptr);
- if (r < 0)
- return r;
+ assert(stored_retval);
+ assert(block_list);
+
+ json_object_object_foreach(jobj_tokens, slot, val) {
+ token = atoi(slot);
+ if (token_is_blocked(token, block_list))
+ continue;
+ r = token_open(cd, hdr, token, val, type, segment, priority, pin, pin_size, &buffer, &buffer_size, usrptr, true);
+ if (!r) {
+ r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, priority,
+ buffer, buffer_size, vk);
+ LUKS2_token_buffer_free(cd, token, buffer, buffer_size);
+ }
- r = LUKS2_keyslot_open_by_token(cd, hdr, token,
- (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ?
- CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT,
- buffer, buffer_len, &vk);
+ if (r == -ENOANO)
+ token_block(token, block_list);
- LUKS2_token_buffer_free(cd, token, buffer, buffer_len);
+ if (break_loop_retval(r))
+ return r;
- if (r < 0)
+ update_return_errno(r, stored_retval);
+ }
+
+ return *stored_retval;
+}
+
+static int token_open_any(struct crypt_device *cd, struct luks2_hdr *hdr, const char *type, int segment,
+ const char *pin, size_t pin_size, void *usrptr, struct volume_key **vk)
+{
+ json_object *jobj_tokens;
+ int r, retval = -ENOENT;
+ uint32_t blocked = 0; /* bitmap with tokens blocked from loop by returning -ENOANO (wrong/missing pin) */
+
+ json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
+
+ /* passing usrptr for CRYPT_ANY_TOKEN does not make sense without specific type */
+ if (!type)
+ usrptr = NULL;
+
+ r = token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_PREFER,
+ pin, pin_size, usrptr, &retval, &blocked, vk);
+ if (break_loop_retval(r))
return r;
- keyslot = r;
+ return token_open_priority(cd, hdr, jobj_tokens, type, segment, CRYPT_SLOT_PRIORITY_NORMAL,
+ pin, pin_size, usrptr, &retval, &blocked, vk);
+}
- if (!crypt_use_keyring_for_vk(cd))
- use_keyring = false;
- else
- use_keyring = ((name && !crypt_is_cipher_null(crypt_get_cipher(cd))) ||
- (flags & CRYPT_ACTIVATE_KEYRING_KEY));
+int LUKS2_token_unlock_key(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int token,
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ int segment,
+ void *usrptr,
+ struct volume_key **vk)
+{
+ char *buffer;
+ size_t buffer_size;
+ json_object *jobj_token;
+ int r = -ENOENT;
- if (use_keyring) {
- if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, vk, keyslot)))
- flags |= CRYPT_ACTIVATE_KEYRING_KEY;
- }
+ assert(vk);
- if (r >= 0 && name)
- r = LUKS2_activate(cd, name, vk, flags);
+ if (segment == CRYPT_DEFAULT_SEGMENT)
+ segment = LUKS2_get_default_segment(hdr);
- if (r < 0)
- crypt_drop_keyring_key(cd, vk);
- crypt_free_volume_key(vk);
+ if (segment < 0 && segment != CRYPT_ANY_SEGMENT)
+ return -EINVAL;
- return r < 0 ? r : keyslot;
+ if (token >= 0 && token < LUKS2_TOKENS_MAX) {
+ if ((jobj_token = LUKS2_get_token_jobj(hdr, token))) {
+ r = token_open(cd, hdr, token, jobj_token, type, segment, CRYPT_SLOT_PRIORITY_IGNORE,
+ pin, pin_size, &buffer, &buffer_size, usrptr, true);
+ if (!r) {
+ r = LUKS2_keyslot_open_by_token(cd, hdr, token, segment, CRYPT_SLOT_PRIORITY_IGNORE,
+ buffer, buffer_size, vk);
+ LUKS2_token_buffer_free(cd, token, buffer, buffer_size);
+ }
+ }
+ } else if (token == CRYPT_ANY_TOKEN)
+ /*
+ * return priorities (ordered form least to most significant):
+ * ENOENT - unusable for activation (no token handler, invalid token metadata, not assigned to volume segment, etc)
+ * EPERM - usable but token provided passphrase did not unlock any assigned keyslot
+ * EAGAIN - usable but not ready (token HW is missing)
+ * ENOANO - ready, but token pin is wrong or missing
+ *
+ * success (>= 0) or any other negative errno short-circuits token activation loop
+ * immediately
+ */
+ r = token_open_any(cd, hdr, type, segment, pin, pin_size, usrptr, vk);
+ else
+ r = -EINVAL;
+
+ return r;
}
-int LUKS2_token_open_and_activate_any(struct crypt_device *cd,
+int LUKS2_token_open_and_activate(struct crypt_device *cd,
struct luks2_hdr *hdr,
+ int token,
const char *name,
- uint32_t flags)
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ uint32_t flags,
+ void *usrptr)
{
- char *buffer;
- json_object *tokens_jobj;
- size_t buffer_len;
- int keyslot, token, r = -EINVAL;
+ bool use_keyring;
+ int keyslot, r, segment;
struct volume_key *vk = NULL;
- json_object_object_get_ex(hdr->jobj, "tokens", &tokens_jobj);
-
- json_object_object_foreach(tokens_jobj, slot, val) {
- UNUSED(val);
- token = atoi(slot);
+ if (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY)
+ segment = CRYPT_ANY_SEGMENT;
+ else
+ segment = CRYPT_DEFAULT_SEGMENT;
- r = LUKS2_token_open(cd, hdr, token, &buffer, &buffer_len, NULL);
- if (r < 0)
- continue;
+ r = LUKS2_token_unlock_key(cd, hdr, token, type, pin, pin_size, segment, usrptr, &vk);
+ if (r < 0)
+ return r;
- r = LUKS2_keyslot_open_by_token(cd, hdr, token,
- (flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) ?
- CRYPT_ANY_SEGMENT : CRYPT_DEFAULT_SEGMENT,
- buffer, buffer_len, &vk);
- LUKS2_token_buffer_free(cd, token, buffer, buffer_len);
- if (r >= 0)
- break;
- }
+ assert(vk);
keyslot = r;
- if (r >= 0 && (name || (flags & CRYPT_ACTIVATE_KEYRING_KEY)) && crypt_use_keyring_for_vk(cd)) {
+ if (!crypt_use_keyring_for_vk(cd))
+ use_keyring = false;
+ else
+ use_keyring = ((name && !crypt_is_cipher_null(crypt_get_cipher(cd))) ||
+ (flags & CRYPT_ACTIVATE_KEYRING_KEY));
+
+ if (use_keyring) {
if (!(r = LUKS2_volume_key_load_in_keyring_by_keyslot(cd, hdr, vk, keyslot)))
flags |= CRYPT_ACTIVATE_KEYRING_KEY;
}
}
}
-int LUKS2_token_json_get(struct crypt_device *cd, struct luks2_hdr *hdr,
- int token, const char **json)
+int LUKS2_token_json_get(struct luks2_hdr *hdr, int token, const char **json)
{
json_object *jobj_token;
if (!jobj_token)
return -EINVAL;
- *json = json_object_to_json_string_ext(jobj_token,
- JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
+ *json = token_json_to_string(jobj_token);
return 0;
}
json_object *jobj_tokens;
int r = 0;
+ if ((keyslot < 0 && keyslot != CRYPT_ANY_SLOT) || keyslot >= LUKS2_KEYSLOTS_MAX ||
+ (token < 0 && token != CRYPT_ANY_TOKEN) || token >= LUKS2_TOKENS_MAX)
+ return -EINVAL;
+
if (token == CRYPT_ANY_TOKEN) {
json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
if (r < 0)
return r;
- // FIXME: do not write header in nothing changed
if (commit)
return LUKS2_hdr_write(cd, hdr) ?: token;
return -ENOENT;
}
-int LUKS2_token_is_assigned(struct crypt_device *cd, struct luks2_hdr *hdr,
- int keyslot, int token)
+int LUKS2_token_is_assigned(struct luks2_hdr *hdr, int keyslot, int token)
{
if (keyslot < 0 || keyslot >= LUKS2_KEYSLOTS_MAX || token < 0 || token >= LUKS2_TOKENS_MAX)
return -EINVAL;
return commit ? LUKS2_hdr_write(cd, hdr) : 0;
}
+
+int LUKS2_token_unlock_passphrase(struct crypt_device *cd,
+ struct luks2_hdr *hdr,
+ int token,
+ const char *type,
+ const char *pin,
+ size_t pin_size,
+ void *usrptr,
+ char **passphrase,
+ size_t *passphrase_size)
+{
+ char *buffer;
+ size_t buffer_size;
+ json_object *jobj_token, *jobj_tokens;
+ int r = -ENOENT, retval = -ENOENT;
+
+ if (!hdr)
+ return -EINVAL;
+
+ if (token >= 0 && token < LUKS2_TOKENS_MAX) {
+ if ((jobj_token = LUKS2_get_token_jobj(hdr, token)))
+ r = token_open(cd, hdr, token, jobj_token, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE,
+ pin, pin_size, &buffer, &buffer_size, usrptr, false);
+ } else if (token == CRYPT_ANY_TOKEN) {
+ json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
+
+ if (!type)
+ usrptr = NULL;
+
+ json_object_object_foreach(jobj_tokens, slot, val) {
+ token = atoi(slot);
+ r = token_open(cd, hdr, token, val, type, CRYPT_ANY_SEGMENT, CRYPT_SLOT_PRIORITY_IGNORE,
+ pin, pin_size, &buffer, &buffer_size, usrptr, false);
+
+ /*
+ * return priorities (ordered form least to most significant):
+ * ENOENT - unusable for activation (no token handler, invalid token metadata, etc)
+ * EAGAIN - usable but not ready (token HW is missing)
+ * ENOANO - ready, but token pin is wrong or missing
+ *
+ * success (>= 0) or any other negative errno short-circuits token activation loop
+ * immediately
+ */
+ if (break_loop_retval(r))
+ goto out;
+
+ update_return_errno(r, &retval);
+ }
+ r = retval;
+ } else
+ r = -EINVAL;
+out:
+ if (!r) {
+ *passphrase = crypt_safe_alloc(buffer_size);
+ if (*passphrase) {
+ memcpy(*passphrase, buffer, buffer_size);
+ *passphrase_size = buffer_size;
+ } else
+ r = -ENOMEM;
+ LUKS2_token_buffer_free(cd, token, buffer, buffer_size);
+ }
+
+ if (!r)
+ return token;
+
+ return r;
+}
/*
* LUKS - Linux Unified Key Setup v2, kernel keyring token
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <assert.h>
-
#include "luks2_internal.h"
-static int keyring_open(struct crypt_device *cd,
+int keyring_open(struct crypt_device *cd,
int token,
char **buffer,
size_t *buffer_len,
r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len);
if (r == -ENOTSUP) {
log_dbg(cd, "Kernel keyring features disabled.");
- return -EINVAL;
+ return -ENOENT;
} else if (r < 0) {
log_dbg(cd, "keyring_get_passphrase failed (error %d)", r);
- return -EINVAL;
+ return -EPERM;
}
return 0;
}
-static int keyring_validate(struct crypt_device *cd __attribute__((unused)),
+int keyring_validate(struct crypt_device *cd __attribute__((unused)),
const char *json)
{
enum json_tokener_error jerr;
return r;
}
-static void keyring_dump(struct crypt_device *cd, const char *json)
+void keyring_dump(struct crypt_device *cd, const char *json)
{
enum json_tokener_error jerr;
json_object *jobj_token, *jobj_key;
json_object_put(jobj_token);
}
-int token_keyring_set(json_object **jobj_builtin_token,
- const void *params)
+int LUKS2_token_keyring_json(char *buffer, size_t buffer_size,
+ const struct crypt_token_params_luks2_keyring *keyring_params)
{
- json_object *jobj_token, *jobj;
- const struct crypt_token_params_luks2_keyring *keyring_params = (const struct crypt_token_params_luks2_keyring *) params;
-
- jobj_token = json_object_new_object();
- if (!jobj_token)
- return -ENOMEM;
-
- jobj = json_object_new_string(LUKS2_TOKEN_KEYRING);
- if (!jobj) {
- json_object_put(jobj_token);
- return -ENOMEM;
- }
- json_object_object_add(jobj_token, "type", jobj);
-
- jobj = json_object_new_array();
- if (!jobj) {
- json_object_put(jobj_token);
- return -ENOMEM;
- }
- json_object_object_add(jobj_token, "keyslots", jobj);
+ int r;
- jobj = json_object_new_string(keyring_params->key_description);
- if (!jobj) {
- json_object_put(jobj_token);
- return -ENOMEM;
- }
- json_object_object_add(jobj_token, "key_description", jobj);
+ r = snprintf(buffer, buffer_size, "{ \"type\": \"%s\", \"keyslots\":[],\"key_description\":\"%s\"}",
+ LUKS2_TOKEN_KEYRING, keyring_params->key_description);
+ if (r < 0 || (size_t)r >= buffer_size)
+ return -EINVAL;
- *jobj_builtin_token = jobj_token;
return 0;
}
-int token_keyring_get(json_object *jobj_token,
- void *params)
+int LUKS2_token_keyring_get(struct luks2_hdr *hdr,
+ int token, struct crypt_token_params_luks2_keyring *keyring_params)
{
- json_object *jobj;
- struct crypt_token_params_luks2_keyring *keyring_params = (struct crypt_token_params_luks2_keyring *) params;
+ json_object *jobj_token, *jobj;
+ jobj_token = LUKS2_get_token_jobj(hdr, token);
json_object_object_get_ex(jobj_token, "type", &jobj);
assert(!strcmp(json_object_get_string(jobj), LUKS2_TOKEN_KEYRING));
keyring_params->key_description = json_object_get_string(jobj);
- return 0;
+ return token;
}
-const crypt_token_handler keyring_handler = {
- .name = LUKS2_TOKEN_KEYRING,
- .open = keyring_open,
- .validate = keyring_validate,
- .dump = keyring_dump
-};
+void keyring_buffer_free(void *buffer, size_t buffer_len __attribute__((unused)))
+{
+ crypt_safe_free(buffer);
+}
/*
* cryptsetup kernel RNG access functions
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <string.h>
#include <errno.h>
-#include <assert.h>
#include <sys/select.h>
#include "libcryptsetup.h"
#define RANDOM_DEVICE_TIMEOUT 5
/* URANDOM_DEVICE access */
-static int _get_urandom(struct crypt_device *ctx __attribute__((unused)),
- char *buf, size_t len)
+static int _get_urandom(char *buf, size_t len)
{
int r;
size_t old_len = len;
assert(urandom_fd != -1);
- while(len) {
+ while (len) {
r = read(urandom_fd, buf, len);
if (r == -1 && errno != EINTR)
return -EINVAL;
if(urandom_fd == -1)
urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
if(urandom_fd == -1)
- goto fail;
+ goto err;
/* Used for CRYPT_RND_KEY */
if(random_fd == -1)
random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
if(random_fd == -1)
- goto fail;
+ goto err;
if (crypt_fips_mode())
log_verbose(ctx, _("Running in FIPS mode."));
random_initialised = 1;
return 0;
-fail:
+err:
crypt_random_exit();
log_err(ctx, _("Fatal error during RNG initialisation."));
return -ENOSYS;
}
+/* coverity[ -taint_source : arg-1 ] */
int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality)
{
int status, rng_type;
switch(quality) {
case CRYPT_RND_NORMAL:
- status = _get_urandom(ctx, buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RND_SALT:
if (crypt_fips_mode())
status = crypt_backend_rng(buf, len, quality, 1);
else
- status = _get_urandom(ctx, buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RND_KEY:
if (crypt_fips_mode()) {
crypt_random_default_key_rng();
switch (rng_type) {
case CRYPT_RNG_URANDOM:
- status = _get_urandom(ctx, buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RNG_RANDOM:
status = _get_random(ctx, buf, len);
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <errno.h>
#include "libcryptsetup.h"
-#include "luks.h"
-#include "luks2.h"
-#include "loopaes.h"
-#include "verity.h"
-#include "tcrypt.h"
-#include "integrity.h"
-#include "bitlk.h"
+#include "luks1/luks.h"
+#include "luks2/luks2.h"
+#include "loopaes/loopaes.h"
+#include "verity/verity.h"
+#include "tcrypt/tcrypt.h"
+#include "integrity/integrity.h"
+#include "bitlk/bitlk.h"
+#include "fvault2/fvault2.h"
#include "utils_device_locking.h"
#include "internal.h"
+#include "keyslot_context.h"
#define CRYPT_CD_UNRESTRICTED (1 << 0)
#define CRYPT_CD_QUIET (1 << 1)
bool memory_hard_pbkdf_lock_enabled;
struct crypt_lock_handle *pbkdf_memory_hard_lock;
- // FIXME: private binary headers and access it properly
- // through sub-library (LUKS1, TCRYPT)
-
union {
struct { /* used in CRYPT_LUKS1 */
struct luks_phdr hdr;
struct bitlk_metadata params;
char *cipher_spec;
} bitlk;
+ struct { /* used in CRYPT_FVAULT2 */
+ struct fvault2_params params;
+ } fvault2;
struct { /* used if initialized without header by name */
char *active_name;
/* buffers, must refresh from kernel on every query */
/* Log helper */
static void (*_default_log)(int level, const char *msg, void *usrptr) = NULL;
+static void *_default_log_usrptr = NULL;
static int _debug_level = 0;
/* Library can do metadata locking */
if (cd && cd->log)
cd->log(level, msg, cd->log_usrptr);
else if (_default_log)
- _default_log(level, msg, NULL);
+ _default_log(level, msg, _default_log_usrptr);
/* Default to stdout/stderr if there is no callback. */
else
fprintf(level == CRYPT_LOG_ERROR ? stderr : stdout, "%s", msg);
}
-__attribute__((format(printf, 5, 6)))
-void logger(struct crypt_device *cd, int level, const char *file,
- int line, const char *format, ...)
+__attribute__((format(printf, 3, 4)))
+void crypt_logf(struct crypt_device *cd, int level, const char *format, ...)
{
va_list argp;
char target[LOG_MAX_LEN + 2];
return r;
}
- r = crypt_backend_init();
+ r = crypt_backend_init(crypt_fips_mode());
if (r < 0)
log_err(ctx, _("Cannot initialize crypto backend."));
return (type && !strcmp(CRYPT_BITLK, type));
}
+static int isFVAULT2(const char *type)
+{
+ return (type && !strcmp(CRYPT_FVAULT2, type));
+}
+
static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags)
{
int r = 0;
static void crypt_set_null_type(struct crypt_device *cd)
{
- if (!cd->type)
- return;
-
free(cd->type);
cd->type = NULL;
- cd->u.none.active_name = NULL;
cd->data_offset = 0;
cd->metadata_size = 0;
cd->keyslots_size = 0;
+ crypt_safe_memzero(&cd->u, sizeof(cd->u));
}
static void crypt_reset_null_type(struct crypt_device *cd)
if (isLUKS1(cd->type))
*keyslot = LUKS_keyslot_find_empty(&cd->u.luks1.hdr);
else
- *keyslot = LUKS2_keyslot_find_empty(&cd->u.luks2.hdr);
+ *keyslot = LUKS2_keyslot_find_empty(cd, &cd->u.luks2.hdr, 0);
if (*keyslot < 0) {
log_err(cd, _("All key slots full."));
return -EINVAL;
switch (ki) {
case CRYPT_SLOT_INVALID:
log_err(cd, _("Key slot %d is invalid, please select between 0 and %d."),
- *keyslot, LUKS_NUMKEYS - 1);
+ *keyslot, crypt_keyslot_max(cd->type) - 1);
return -EINVAL;
case CRYPT_SLOT_INACTIVE:
break;
size_t len;
int r;
- /* Must user header-on-disk if we know type here */
+ /* Must use header-on-disk if we know the type here */
if (cd->type || !cd->u.none.active_name)
return -EINVAL;
void (*log)(int level, const char *msg, void *usrptr),
void *usrptr)
{
- if (!cd)
+ if (!cd) {
_default_log = log;
- else {
+ _default_log_usrptr = usrptr;
+ } else {
cd->log = log;
cd->log_usrptr = usrptr;
}
memset(h, 0, sizeof(*h));
r = device_alloc(NULL, &h->device, device);
- if (r < 0)
- goto bad;
+ if (r < 0) {
+ free(h);
+ return r;
+ }
dm_backend_init(NULL);
*cd = h;
return 0;
-bad:
- device_free(NULL, h->device);
- free(h);
- return r;
}
static int crypt_check_data_device_size(struct crypt_device *cd)
cd->device = dev;
- return crypt_check_data_device_size(cd);
+ r = crypt_check_data_device_size(cd);
+ if (!r && isLUKS2(cd->type))
+ device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
+
+ return r;
}
int crypt_set_data_device(struct crypt_device *cd, const char *device)
return r;
}
+static void crypt_free_type(struct crypt_device *cd, const char *force_type)
+{
+ const char *type = force_type ?: cd->type;
+
+ if (isPLAIN(type)) {
+ free(CONST_CAST(void*)cd->u.plain.hdr.hash);
+ free(cd->u.plain.cipher);
+ free(cd->u.plain.cipher_spec);
+ } else if (isLUKS2(type)) {
+ LUKS2_reencrypt_free(cd, cd->u.luks2.rh);
+ LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
+ free(cd->u.luks2.keyslot_cipher);
+ } else if (isLUKS1(type)) {
+ free(cd->u.luks1.cipher_spec);
+ } else if (isLOOPAES(type)) {
+ free(CONST_CAST(void*)cd->u.loopaes.hdr.hash);
+ free(cd->u.loopaes.cipher);
+ free(cd->u.loopaes.cipher_spec);
+ } else if (isVERITY(type)) {
+ free(CONST_CAST(void*)cd->u.verity.hdr.hash_name);
+ free(CONST_CAST(void*)cd->u.verity.hdr.data_device);
+ free(CONST_CAST(void*)cd->u.verity.hdr.hash_device);
+ free(CONST_CAST(void*)cd->u.verity.hdr.fec_device);
+ free(CONST_CAST(void*)cd->u.verity.hdr.salt);
+ free(CONST_CAST(void*)cd->u.verity.root_hash);
+ free(cd->u.verity.uuid);
+ device_free(cd, cd->u.verity.fec_device);
+ } else if (isINTEGRITY(type)) {
+ free(CONST_CAST(void*)cd->u.integrity.params.integrity);
+ free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity);
+ free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt);
+ crypt_free_volume_key(cd->u.integrity.journal_crypt_key);
+ crypt_free_volume_key(cd->u.integrity.journal_mac_key);
+ } else if (isBITLK(type)) {
+ free(cd->u.bitlk.cipher_spec);
+ BITLK_bitlk_metadata_free(&cd->u.bitlk.params);
+ } else if (!type) {
+ free(cd->u.none.active_name);
+ cd->u.none.active_name = NULL;
+ }
+
+ crypt_set_null_type(cd);
+}
/* internal only */
struct crypt_pbkdf_type *crypt_get_pbkdf(struct crypt_device *cd)
return r;
}
-static void _luks2_reload(struct crypt_device *cd)
+static void _luks2_rollback(struct crypt_device *cd)
{
if (!cd || !isLUKS2(cd->type))
return;
- (void) _crypt_load_luks2(cd, 1, 0);
+ if (LUKS2_hdr_rollback(cd, &cd->u.luks2.hdr)) {
+ log_err(cd, _("Failed to rollback LUKS2 metadata in memory."));
+ return;
+ }
+
+ free(cd->u.luks2.keyslot_cipher);
+ cd->u.luks2.keyslot_cipher = NULL;
}
static int _crypt_load_luks(struct crypt_device *cd, const char *requested_type,
- int require_header, int repair)
+ bool quiet, bool repair)
{
char *cipher_spec;
struct luks_phdr hdr = {};
version = 0;
if (isLUKS1(requested_type) || version == 1) {
- if (cd->type && isLUKS2(cd->type)) {
+ if (isLUKS2(cd->type)) {
log_dbg(cd, "Context is already initialized to type %s", cd->type);
return -EINVAL;
}
return r;
}
- r = LUKS_read_phdr(&hdr, require_header, repair, cd);
+ r = LUKS_read_phdr(&hdr, !quiet, repair, cd);
if (r)
goto out;
memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr));
} else if (isLUKS2(requested_type) || version == 2 || version == 0) {
- if (cd->type && isLUKS1(cd->type)) {
+ if (isLUKS1(cd->type)) {
log_dbg(cd, "Context is already initialized to type %s", cd->type);
return -EINVAL;
}
* perform repair.
*/
r = _crypt_load_luks2(cd, cd->type != NULL, repair);
+ if (!r)
+ device_set_block_size(crypt_data_device(cd), LUKS2_get_sector_size(&cd->u.luks2.hdr));
+ else if (!quiet)
+ log_err(cd, _("Device %s is not a valid LUKS device."), mdata_device_path(cd));
} else {
if (version > 2)
log_err(cd, _("Unsupported LUKS version %d."), version);
cd->u.tcrypt.params.veracrypt_pim = 0;
if (r < 0)
- return r;
+ goto out;
if (!cd->type && !(cd->type = strdup(CRYPT_TCRYPT)))
- return -ENOMEM;
-
+ r = -ENOMEM;
+out:
+ if (r < 0)
+ crypt_free_type(cd, CRYPT_TCRYPT);
return r;
}
static int _crypt_load_verity(struct crypt_device *cd, struct crypt_params_verity *params)
{
int r;
- size_t sb_offset = 0;
+ uint64_t sb_offset = 0;
r = init_crypto(cd);
if (r < 0)
r = VERITY_read_sb(cd, sb_offset, &cd->u.verity.uuid, &cd->u.verity.hdr);
if (r < 0)
- return r;
+ goto out;
- //FIXME: use crypt_free
if (!cd->type && !(cd->type = strdup(CRYPT_VERITY))) {
- free(CONST_CAST(void*)cd->u.verity.hdr.hash_name);
- free(CONST_CAST(void*)cd->u.verity.hdr.salt);
- free(cd->u.verity.uuid);
- crypt_safe_memzero(&cd->u.verity.hdr, sizeof(cd->u.verity.hdr));
- return -ENOMEM;
+ r = -ENOMEM;
+ goto out;
}
if (params)
/* Hash availability checked in sb load */
cd->u.verity.root_hash_size = crypt_hash_size(cd->u.verity.hdr.hash_name);
- if (cd->u.verity.root_hash_size > 4096)
- return -EINVAL;
+ if (cd->u.verity.root_hash_size > 4096) {
+ r = -EINVAL;
+ goto out;
+ }
if (params && params->data_device &&
(r = crypt_set_data_device(cd, params->data_device)) < 0)
- return r;
+ goto out;
if (params && params->fec_device) {
r = device_alloc(cd, &cd->u.verity.fec_device, params->fec_device);
if (r < 0)
- return r;
+ goto out;
cd->u.verity.hdr.fec_area_offset = params->fec_area_offset;
cd->u.verity.hdr.fec_roots = params->fec_roots;
}
-
+out:
+ if (r < 0)
+ crypt_free_type(cd, CRYPT_VERITY);
return r;
}
r = INTEGRITY_read_sb(cd, &cd->u.integrity.params, &cd->u.integrity.sb_flags);
if (r < 0)
- return r;
+ goto out;
// FIXME: add checks for fields in integrity sb vs params
+ r = -ENOMEM;
if (params) {
cd->u.integrity.params.journal_watermark = params->journal_watermark;
cd->u.integrity.params.journal_commit_time = params->journal_commit_time;
cd->u.integrity.params.buffer_sectors = params->buffer_sectors;
- // FIXME: check ENOMEM
- if (params->integrity)
- cd->u.integrity.params.integrity = strdup(params->integrity);
+ if (params->integrity &&
+ !(cd->u.integrity.params.integrity = strdup(params->integrity)))
+ goto out;
cd->u.integrity.params.integrity_key_size = params->integrity_key_size;
- if (params->journal_integrity)
- cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity);
- if (params->journal_crypt)
- cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt);
+ if (params->journal_integrity &&
+ !(cd->u.integrity.params.journal_integrity = strdup(params->journal_integrity)))
+ goto out;
+ if (params->journal_crypt &&
+ !(cd->u.integrity.params.journal_crypt = strdup(params->journal_crypt)))
+ goto out;
if (params->journal_crypt_key) {
cd->u.integrity.journal_crypt_key =
crypt_alloc_volume_key(params->journal_crypt_key_size,
params->journal_crypt_key);
if (!cd->u.integrity.journal_crypt_key)
- return -ENOMEM;
+ goto out;
}
if (params->journal_integrity_key) {
cd->u.integrity.journal_mac_key =
crypt_alloc_volume_key(params->journal_integrity_key_size,
params->journal_integrity_key);
if (!cd->u.integrity.journal_mac_key)
- return -ENOMEM;
+ goto out;
}
}
- if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY))) {
- free(CONST_CAST(void*)cd->u.integrity.params.integrity);
- return -ENOMEM;
- }
-
- return 0;
+ if (!cd->type && !(cd->type = strdup(CRYPT_INTEGRITY)))
+ goto out;
+ r = 0;
+out:
+ if (r < 0)
+ crypt_free_type(cd, CRYPT_INTEGRITY);
+ return r;
}
-static int _crypt_load_bitlk(struct crypt_device *cd,
- struct bitlk_metadata *params)
+static int _crypt_load_bitlk(struct crypt_device *cd)
{
int r;
r = BITLK_read_sb(cd, &cd->u.bitlk.params);
if (r < 0)
- return r;
+ goto out;
if (asprintf(&cd->u.bitlk.cipher_spec, "%s-%s",
cd->u.bitlk.params.cipher, cd->u.bitlk.params.cipher_mode) < 0) {
cd->u.bitlk.cipher_spec = NULL;
- return -ENOMEM;
+ r = -ENOMEM;
+ goto out;
}
- if (!cd->type && !(cd->type = strdup(CRYPT_BITLK)))
- return -ENOMEM;
+ if (!cd->type && !(cd->type = strdup(CRYPT_BITLK))) {
+ r = -ENOMEM;
+ goto out;
+ }
- return 0;
+ device_set_block_size(crypt_data_device(cd), cd->u.bitlk.params.sector_size);
+out:
+ if (r < 0)
+ crypt_free_type(cd, CRYPT_BITLK);
+ return r;
+}
+
+static int _crypt_load_fvault2(struct crypt_device *cd)
+{
+ int r;
+
+ r = init_crypto(cd);
+ if (r < 0)
+ return r;
+
+ r = FVAULT2_read_metadata(cd, &cd->u.fvault2.params);
+ if (r < 0)
+ goto out;
+
+ if (!cd->type && !(cd->type = strdup(CRYPT_FVAULT2)))
+ r = -ENOMEM;
+out:
+ if (r < 0)
+ crypt_free_type(cd, CRYPT_FVAULT2);
+ return r;
}
int crypt_load(struct crypt_device *cd,
return -EINVAL;
}
- r = _crypt_load_luks(cd, requested_type, 1, 0);
+ r = _crypt_load_luks(cd, requested_type, true, false);
} else if (isVERITY(requested_type)) {
if (cd->type && !isVERITY(cd->type)) {
log_dbg(cd, "Context is already initialized to type %s", cd->type);
log_dbg(cd, "Context is already initialized to type %s", cd->type);
return -EINVAL;
}
- r = _crypt_load_bitlk(cd, params);
+ r = _crypt_load_bitlk(cd);
+ } else if (isFVAULT2(requested_type)) {
+ if (cd->type && !isFVAULT2(cd->type)) {
+ log_dbg(cd, "Context is already initialized to type %s", cd->type);
+ return -EINVAL;
+ }
+ r = _crypt_load_fvault2(cd);
} else
return -EINVAL;
return NULL;
}
-static void crypt_free_type(struct crypt_device *cd)
-{
- if (isPLAIN(cd->type)) {
- free(CONST_CAST(void*)cd->u.plain.hdr.hash);
- free(cd->u.plain.cipher);
- free(cd->u.plain.cipher_spec);
- } else if (isLUKS2(cd->type)) {
- LUKS2_reencrypt_free(cd, cd->u.luks2.rh);
- LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
- free(cd->u.luks2.keyslot_cipher);
- } else if (isLUKS1(cd->type)) {
- free(cd->u.luks1.cipher_spec);
- } else if (isLOOPAES(cd->type)) {
- free(CONST_CAST(void*)cd->u.loopaes.hdr.hash);
- free(cd->u.loopaes.cipher);
- free(cd->u.loopaes.cipher_spec);
- } else if (isVERITY(cd->type)) {
- free(CONST_CAST(void*)cd->u.verity.hdr.hash_name);
- free(CONST_CAST(void*)cd->u.verity.hdr.data_device);
- free(CONST_CAST(void*)cd->u.verity.hdr.hash_device);
- free(CONST_CAST(void*)cd->u.verity.hdr.fec_device);
- free(CONST_CAST(void*)cd->u.verity.hdr.salt);
- free(CONST_CAST(void*)cd->u.verity.root_hash);
- free(cd->u.verity.uuid);
- device_free(cd, cd->u.verity.fec_device);
- } else if (isINTEGRITY(cd->type)) {
- free(CONST_CAST(void*)cd->u.integrity.params.integrity);
- free(CONST_CAST(void*)cd->u.integrity.params.journal_integrity);
- free(CONST_CAST(void*)cd->u.integrity.params.journal_crypt);
- crypt_free_volume_key(cd->u.integrity.journal_crypt_key);
- crypt_free_volume_key(cd->u.integrity.journal_mac_key);
- } else if (isBITLK(cd->type)) {
- free(cd->u.bitlk.cipher_spec);
- BITLK_bitlk_metadata_free(&cd->u.bitlk.params);
- } else if (!cd->type) {
- free(cd->u.none.active_name);
- cd->u.none.active_name = NULL;
- }
-
- crypt_set_null_type(cd);
-}
-
static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
{
bool found = false;
- char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {};
+ char **dep, *cipher_spec = NULL, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
+ char deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = {};
const char *dev, *namei;
int key_nums, r;
struct crypt_dm_active_device dmd, dmdi = {}, dmdep = {};
cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums;
} else if (isLUKS1(cd->type) || isLUKS2(cd->type)) {
if (crypt_metadata_device(cd)) {
- r = _crypt_load_luks(cd, cd->type, 0, 0);
+ r = _crypt_load_luks(cd, cd->type, true, false);
if (r < 0) {
log_dbg(cd, "LUKS device header does not match active device.");
crypt_set_null_type(cd);
if (r < 0) {
log_dbg(cd, "LUKS device header uuid: %s mismatches DM returned uuid %s",
LUKS_UUID(cd), dmd.uuid);
- crypt_free_type(cd);
+ crypt_free_type(cd, NULL);
r = 0;
goto out;
}
r = TCRYPT_init_by_name(cd, name, dmd.uuid, tgt, &cd->device,
&cd->u.tcrypt.params, &cd->u.tcrypt.hdr);
} else if (isBITLK(cd->type)) {
- r = _crypt_load_bitlk(cd, NULL);
+ r = _crypt_load_bitlk(cd);
if (r < 0) {
log_dbg(cd, "BITLK device header not available.");
crypt_set_null_type(cd);
r = 0;
}
+ } else if (isFVAULT2(cd->type)) {
+ r = _crypt_load_fvault2(cd);
+ if (r < 0) {
+ log_dbg(cd, "FVAULT2 device header not available.");
+ crypt_set_null_type(cd);
+ r = 0;
+ }
}
out:
dm_targets_free(cd, &dmd);
(*cd)->type = strdup(CRYPT_INTEGRITY);
else if (!strncmp(CRYPT_BITLK, dmd.uuid, sizeof(CRYPT_BITLK)-1))
(*cd)->type = strdup(CRYPT_BITLK);
+ else if (!strncmp(CRYPT_FVAULT2, dmd.uuid, sizeof(CRYPT_FVAULT2)-1))
+ (*cd)->type = strdup(CRYPT_FVAULT2);
else
log_dbg(NULL, "Unknown UUID set, some parameters are not set.");
} else
log_err(cd, _("Device size is not aligned to requested sector size."));
return -EINVAL;
}
+ device_set_block_size(crypt_data_device(cd), sector_size);
}
if (!(cd->type = strdup(CRYPT_PLAIN)))
if (r < 0)
return r;
- if (!device_size(crypt_data_device(cd), &dev_size) &&
- dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE))
- log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n"));
if (asprintf(&cd->u.luks1.cipher_spec, "%s-%s", cipher, cipher_mode) < 0) {
cd->u.luks1.cipher_spec = NULL;
}
r = LUKS_write_phdr(&cd->u.luks1.hdr, cd);
- if (r)
+ if (r) {
free(cd->u.luks1.cipher_spec);
+ return r;
+ }
- return r;
+ if (!device_size(crypt_data_device(cd), &dev_size) &&
+ dev_size <= (crypt_get_data_offset(cd) * SECTOR_SIZE))
+ log_std(cd, _("Device %s is too small for activation, there is no remaining space for data.\n"),
+ device_path(crypt_data_device(cd)));
+
+ return 0;
}
static int _crypt_format_luks2(struct crypt_device *cd,
const char *uuid,
const char *volume_key,
size_t volume_key_size,
- struct crypt_params_luks2 *params)
+ struct crypt_params_luks2 *params,
+ bool sector_size_autodetect)
{
int r, integrity_key_size = 0;
unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT;
unsigned long alignment_offset = 0;
- unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE;
+ unsigned int sector_size;
const char *integrity = params ? params->integrity : NULL;
uint64_t dev_size;
uint32_t dmc_flags;
return -EINVAL;
}
+ if (params && params->sector_size)
+ sector_size_autodetect = false;
+
+ if (params && params->data_device) {
+ if (!cd->metadata_device)
+ cd->metadata_device = cd->device;
+ else
+ device_free(cd, cd->device);
+ cd->device = NULL;
+ if (device_alloc(cd, &cd->device, params->data_device) < 0)
+ return -ENOMEM;
+ }
+
+ if (sector_size_autodetect) {
+ sector_size = device_optimal_encryption_sector_size(cd, crypt_data_device(cd));
+ log_dbg(cd, "Auto-detected optimal encryption sector size for device %s is %d bytes.",
+ device_path(crypt_data_device(cd)), sector_size);
+ } else
+ sector_size = params ? params->sector_size : SECTOR_SIZE;
+
if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
NOTPOW2(sector_size)) {
log_err(cd, _("Unsupported encryption sector size."));
return -EINVAL;
}
if (sector_size != SECTOR_SIZE && !dm_flags(cd, DM_CRYPT, &dmc_flags) &&
- !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED))
- log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing "
- "support for requested encryption sector size.\n"));
+ !(dmc_flags & DM_SECTOR_SIZE_SUPPORTED)) {
+ if (sector_size_autodetect) {
+ log_dbg(cd, "dm-crypt does not support encryption sector size option. Reverting to 512 bytes.");
+ sector_size = SECTOR_SIZE;
+ } else
+ log_std(cd, _("WARNING: The device activation will fail, dm-crypt is missing "
+ "support for requested encryption sector size.\n"));
+ }
if (integrity) {
if (params->integrity_params) {
params->integrity_params->journal_integrity)
return -ENOTSUP;
}
- if (!INTEGRITY_tag_size(cd, integrity, cipher, cipher_mode)) {
+ if (!INTEGRITY_tag_size(integrity, cipher, cipher_mode)) {
if (!strcmp(integrity, "none"))
integrity = NULL;
else
return -EINVAL;
}
- integrity_key_size = INTEGRITY_key_size(cd, integrity);
+ integrity_key_size = INTEGRITY_key_size(integrity);
if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) {
log_err(cd, _("Volume key is too small for encryption with integrity extensions."));
return -EINVAL;
if (r < 0)
return r;
- if (params && params->data_device) {
- if (!cd->metadata_device)
- cd->metadata_device = cd->device;
- else
- device_free(cd, cd->device);
- cd->device = NULL;
- if (device_alloc(cd, &cd->device, params->data_device) < 0)
- return -ENOMEM;
- }
-
if (params && cd->metadata_device) {
/* For detached header the alignment is used directly as data offset */
if (!cd->data_offset)
&required_alignment,
&alignment_offset, DEFAULT_DISK_ALIGNMENT);
+ r = device_size(crypt_data_device(cd), &dev_size);
+ if (r < 0)
+ goto out;
+
+ if (sector_size_autodetect) {
+ if (cd->data_offset && MISALIGNED(cd->data_offset, sector_size)) {
+ log_dbg(cd, "Data offset not aligned to sector size. Reverting to 512 bytes.");
+ sector_size = SECTOR_SIZE;
+ } else if (MISALIGNED(dev_size - (uint64_t)required_alignment - (uint64_t)alignment_offset, sector_size)) {
+ /* underflow does not affect misalignment checks */
+ log_dbg(cd, "Device size is not aligned to sector size. Reverting to 512 bytes.");
+ sector_size = SECTOR_SIZE;
+ }
+ }
+
/* FIXME: allow this later also for normal ciphers (check AF_ALG availability. */
if (integrity && !integrity_key_size) {
r = crypt_cipher_check_kernel(cipher, cipher_mode, integrity, volume_key_size);
}
if ((!integrity || integrity_key_size) && !crypt_cipher_wrapped_key(cipher, cipher_mode) &&
- !INTEGRITY_tag_size(cd, NULL, cipher, cipher_mode)) {
+ !INTEGRITY_tag_size(NULL, cipher, cipher_mode)) {
r = LUKS_check_cipher(cd, volume_key_size - integrity_key_size,
cipher, cipher_mode);
if (r < 0)
if (r < 0)
goto out;
- r = device_size(crypt_data_device(cd), &dev_size);
- if (r < 0)
- goto out;
-
- if (dev_size < (crypt_get_data_offset(cd) * SECTOR_SIZE))
- log_std(cd, _("WARNING: Data offset is outside of currently available data device.\n"));
-
if (cd->metadata_size && (cd->metadata_size != LUKS2_metadata_size(&cd->u.luks2.hdr)))
log_std(cd, _("WARNING: LUKS2 metadata size changed to %" PRIu64 " bytes.\n"),
LUKS2_metadata_size(&cd->u.luks2.hdr));
goto out;
}
+ device_set_block_size(crypt_data_device(cd), sector_size);
+
r = LUKS2_wipe_header_areas(cd, &cd->u.luks2.hdr, cd->metadata_device != NULL);
if (r < 0) {
log_err(cd, _("Cannot wipe header on device %s."),
}
out:
- if (r)
+ if (r) {
LUKS2_hdr_free(cd, &cd->u.luks2.hdr);
+ return r;
+ }
- return r;
+ /* Device size can be larger now if it is a file container */
+ if (!device_size(crypt_data_device(cd), &dev_size) &&
+ dev_size <= (crypt_get_data_offset(cd) * SECTOR_SIZE))
+ log_std(cd, _("Device %s is too small for activation, there is no remaining space for data.\n"),
+ device_path(crypt_data_device(cd)));
+
+ return 0;
}
static int _crypt_format_loopaes(struct crypt_device *cd,
r = device_alloc(cd, &fec_device, params->fec_device);
if (r < 0) {
r = -ENOMEM;
- goto err;
+ goto out;
}
hash_blocks_size = VERITY_hash_blocks(cd, params) * params->hash_block_size;
(params->hash_area_offset + hash_blocks_size) > params->fec_area_offset) {
log_err(cd, _("Hash area overlaps with FEC area."));
r = -EINVAL;
- goto err;
+ goto out;
}
if (device_is_identical(crypt_data_device(cd), fec_device) > 0 &&
(cd->u.verity.hdr.data_size * params->data_block_size) > params->fec_area_offset) {
log_err(cd, _("Data area overlaps with FEC area."));
r = -EINVAL;
- goto err;
+ goto out;
}
}
if (!root_hash || !hash_name || !salt) {
r = -ENOMEM;
- goto err;
+ goto out;
}
cd->u.verity.hdr.flags = params->flags;
else
r = crypt_random_get(cd, salt, params->salt_size, CRYPT_RND_SALT);
if (r)
- goto err;
+ goto out;
if (params->flags & CRYPT_VERITY_CREATE_HASH) {
r = VERITY_create(cd, &cd->u.verity.hdr,
if (!r && params->fec_device)
r = VERITY_FEC_process(cd, &cd->u.verity.hdr, cd->u.verity.fec_device, 0, NULL);
if (r)
- goto err;
+ goto out;
}
if (!(params->flags & CRYPT_VERITY_NO_HEADER)) {
if (!(cd->u.verity.uuid = strdup(uuid)))
r = -ENOMEM;
} else
- r = VERITY_UUID_generate(cd, &cd->u.verity.uuid);
+ r = VERITY_UUID_generate(&cd->u.verity.uuid);
if (!r)
r = VERITY_write_sb(cd, cd->u.verity.hdr.hash_area_offset,
&cd->u.verity.hdr);
}
-err:
+out:
if (r) {
device_free(cd, fec_device);
free(root_hash);
params->journal_integrity_key);
if (!journal_mac_key) {
r = -ENOMEM;
- goto err;
+ goto out;
}
}
if (params->integrity && !(integrity = strdup(params->integrity))) {
r = -ENOMEM;
- goto err;
+ goto out;
}
if (params->journal_integrity && !(journal_integrity = strdup(params->journal_integrity))) {
r = -ENOMEM;
- goto err;
+ goto out;
}
if (params->journal_crypt && !(journal_crypt = strdup(params->journal_crypt))) {
r = -ENOMEM;
- goto err;
+ goto out;
}
integrity_tag_size = INTEGRITY_hash_tag_size(integrity);
if (r)
log_err(cd, _("Cannot format integrity for device %s."),
mdata_device_path(cd));
-err:
+out:
if (r) {
crypt_free_volume_key(journal_crypt_key);
crypt_free_volume_key(journal_mac_key);
return r;
}
-int crypt_format(struct crypt_device *cd,
+static int _crypt_format(struct crypt_device *cd,
const char *type,
const char *cipher,
const char *cipher_mode,
const char *uuid,
const char *volume_key,
size_t volume_key_size,
- void *params)
+ void *params,
+ bool sector_size_autodetect)
{
int r;
uuid, volume_key, volume_key_size, params);
else if (isLUKS2(type))
r = _crypt_format_luks2(cd, cipher, cipher_mode,
- uuid, volume_key, volume_key_size, params);
+ uuid, volume_key, volume_key_size, params, sector_size_autodetect);
else if (isLOOPAES(type))
r = _crypt_format_loopaes(cd, cipher, uuid, volume_key_size, params);
else if (isVERITY(type))
return r;
}
-int crypt_repair(struct crypt_device *cd,
- const char *requested_type,
- void *params __attribute__((unused)))
-{
- int r;
-
- if (!cd)
- return -EINVAL;
+CRYPT_SYMBOL_EXPORT_NEW(int, crypt_format, 2, 4,
+ /* crypt_format parameters follows */
+ struct crypt_device *cd,
+ const char *type,
+ const char *cipher,
+ const char *cipher_mode,
+ const char *uuid,
+ const char *volume_key,
+ size_t volume_key_size,
+ void *params)
+{
+ return _crypt_format(cd, type, cipher, cipher_mode, uuid, volume_key, volume_key_size, params, true);
+}
+
+
+CRYPT_SYMBOL_EXPORT_OLD(int, crypt_format, 2, 0,
+ /* crypt_format parameters follows */
+ struct crypt_device *cd,
+ const char *type,
+ const char *cipher,
+ const char *cipher_mode,
+ const char *uuid,
+ const char *volume_key,
+ size_t volume_key_size,
+ void *params)
+{
+ return _crypt_format(cd, type, cipher, cipher_mode, uuid, volume_key, volume_key_size, params, false);
+}
+
+int crypt_repair(struct crypt_device *cd,
+ const char *requested_type,
+ void *params __attribute__((unused)))
+{
+ int r;
+
+ if (!cd)
+ return -EINVAL;
log_dbg(cd, "Trying to repair %s crypt type from device %s.",
requested_type ?: "any", mdata_device_path(cd) ?: "(none)");
return -EINVAL;
/* Load with repair */
- r = _crypt_load_luks(cd, requested_type, 1, 1);
+ r = _crypt_load_luks(cd, requested_type, false, true);
if (r < 0)
return r;
}
/* compare volume keys */
-static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only, struct volume_key *tvk, unsigned tkeyring_only)
+static int _compare_volume_keys(struct volume_key *svk, unsigned skeyring_only,
+ struct volume_key *tvk, unsigned tkeyring_only)
{
if (!svk && !tvk)
return 0;
return 1;
if (!skeyring_only && !tkeyring_only)
- return memcmp(svk->key, tvk->key, svk->keylength);
+ return crypt_backend_memeq(svk->key, tvk->key, svk->keylength);
if (svk->key_description && tvk->key_description)
return strcmp(svk->key_description, tvk->key_description);
log_dbg(cd, "Unexpected uuid prefix %s in target device.", tgt->uuid);
return -EINVAL;
}
- } else {
+ } else if (!isINTEGRITY(cd->type)) {
log_dbg(cd, "Unsupported device type %s for reload.", cd->type ?: "<empty>");
return -ENOTSUP;
}
const struct dm_target *src,
const struct dm_target *tgt)
{
+ char *src_cipher = NULL, *src_integrity = NULL;
+ int r = -EINVAL;
+
/* for crypt devices keys are mandatory */
if (!src->u.crypt.vk || !tgt->u.crypt.vk)
return -EINVAL;
/* CIPHER checks */
if (!src->u.crypt.cipher || !tgt->u.crypt.cipher)
return -EINVAL;
- if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) {
- log_dbg(cd, "Cipher specs do not match.");
+
+ /*
+ * dm_query_target converts capi cipher specification to dm-crypt format.
+ * We need to do same for cipher specification requested in source
+ * device.
+ */
+ if (crypt_capi_to_cipher(&src_cipher, &src_integrity, src->u.crypt.cipher, src->u.crypt.integrity))
return -EINVAL;
+
+ if (strcmp(src_cipher, tgt->u.crypt.cipher)) {
+ log_dbg(cd, "Cipher specs do not match.");
+ goto out;
}
if (tgt->u.crypt.vk->keylength == 0 && crypt_is_cipher_null(tgt->u.crypt.cipher))
log_dbg(cd, "Existing device uses cipher null. Skipping key comparison.");
else if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
log_dbg(cd, "Keys in context and target device do not match.");
- return -EINVAL;
+ goto out;
}
- if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) {
+ if (crypt_strcmp(src_integrity, tgt->u.crypt.integrity)) {
log_dbg(cd, "Integrity parameters do not match.");
- return -EINVAL;
+ goto out;
}
if (src->u.crypt.offset != tgt->u.crypt.offset ||
src->u.crypt.iv_offset != tgt->u.crypt.iv_offset ||
src->u.crypt.tag_size != tgt->u.crypt.tag_size) {
log_dbg(cd, "Integer parameters do not match.");
- return -EINVAL;
+ goto out;
}
- if (device_is_identical(src->data_device, tgt->data_device) <= 0) {
+ if (device_is_identical(src->data_device, tgt->data_device) <= 0)
log_dbg(cd, "Data devices do not match.");
- return -EINVAL;
- }
+ else
+ r = 0;
- return 0;
+out:
+ free(src_cipher);
+ free(src_integrity);
+
+ return r;
}
static int _compare_integrity_devices(struct crypt_device *cd,
return -EINVAL;
}
- /* unsupported underneath dm-crypt with auth. encryption */
- if (src->u.integrity.meta_device || tgt->u.integrity.meta_device)
- return -ENOTSUP;
-
- if (src->size != tgt->size) {
- log_dbg(cd, "Device size parameters do not match.");
- return -EINVAL;
- }
-
if (device_is_identical(src->data_device, tgt->data_device) <= 0) {
log_dbg(cd, "Data devices do not match.");
return -EINVAL;
r = dm_query_device(cd, name, DM_ACTIVE_DEVICE | DM_ACTIVE_CRYPT_CIPHER |
DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
- DM_ACTIVE_CRYPT_KEY, &tdmd);
+ DM_ACTIVE_CRYPT_KEY | DM_ACTIVE_INTEGRITY_PARAMS |
+ DM_ACTIVE_JOURNAL_CRYPT_KEY | DM_ACTIVE_JOURNAL_MAC_KEY, &tdmd);
if (r < 0) {
log_err(cd, _("Device %s is not active."), name);
return -EINVAL;
}
- if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || tgt->u.crypt.tag_size) {
+ if (!single_segment(&tdmd) ||
+ (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY) ||
+ (tgt->type == DM_CRYPT && tgt->u.crypt.tag_size)) {
r = -ENOTSUP;
log_err(cd, _("Unsupported parameters on device %s."), name);
goto out;
else
sdmd->flags &= ~CRYPT_ACTIVATE_READONLY;
- if (sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
+ if (tgt->type == DM_CRYPT && sdmd->flags & CRYPT_ACTIVATE_KEYRING_KEY) {
r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
if (r)
goto out;
- } else {
+ } else if (tgt->type == DM_CRYPT) {
crypt_free_volume_key(tgt->u.crypt.vk);
tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
if (!tgt->u.crypt.vk) {
}
}
- r = device_block_adjust(cd, src->data_device, DEV_OK,
- src->u.crypt.offset, &sdmd->size, NULL);
+ if (tgt->type == DM_CRYPT)
+ r = device_block_adjust(cd, src->data_device, DEV_OK,
+ src->u.crypt.offset, &sdmd->size, NULL);
+ else if (tgt->type == DM_INTEGRITY)
+ r = device_block_adjust(cd, src->data_device, DEV_OK,
+ src->u.integrity.offset, &sdmd->size, NULL);
+ else
+ r = -EINVAL;
+
if (r)
goto out;
struct crypt_dm_active_device tdmd, tdmdi = {};
struct dm_target *src, *srci, *tgt = &tdmd.segment, *tgti = &tdmdi.segment;
struct device *data_device = NULL;
+ bool clear = false;
if (!cd || !cd->type || !name || !iname || !(sdmd->flags & CRYPT_ACTIVATE_REFRESH))
return -EINVAL;
}
if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || !tgt->u.crypt.tag_size) {
- r = -ENOTSUP;
log_err(cd, _("Unsupported parameters on device %s."), name);
+ r = -ENOTSUP;
goto out;
}
}
if (!single_segment(&tdmdi) || tgti->type != DM_INTEGRITY) {
- r = -ENOTSUP;
log_err(cd, _("Unsupported parameters on device %s."), iname);
+ r = -ENOTSUP;
goto out;
}
goto out;
}
+ /* unsupported underneath dm-crypt with auth. encryption */
+ if (sdmdi->segment.u.integrity.meta_device || tdmdi.segment.u.integrity.meta_device)
+ return -ENOTSUP;
+
src = &sdmd->segment;
srci = &sdmdi->segment;
if ((r = dm_reload_device(cd, name, &tdmd, 0, 0))) {
log_err(cd, _("Failed to reload device %s."), name);
- goto err_clear;
+ clear = true;
+ goto out;
}
if ((r = dm_suspend_device(cd, name, 0))) {
log_err(cd, _("Failed to suspend device %s."), name);
- goto err_clear;
+ clear = true;
+ goto out;
}
if ((r = dm_suspend_device(cd, iname, 0))) {
log_err(cd, _("Failed to suspend device %s."), iname);
- goto err_clear;
+ clear = true;
+ goto out;
}
if ((r = dm_resume_device(cd, iname, act2dmflags(sdmdi->flags)))) {
log_err(cd, _("Failed to resume device %s."), iname);
- goto err_clear;
+ clear = true;
+ goto out;
}
r = dm_resume_device(cd, name, act2dmflags(tdmd.flags));
log_err(cd, _("Failed to switch device %s to dm-error."), name);
if (dm_error_device(cd, iname))
log_err(cd, _("Failed to switch device %s to dm-error."), iname);
- goto out;
+out:
+ if (clear) {
+ dm_clear_device(cd, name);
+ dm_clear_device(cd, iname);
-err_clear:
- dm_clear_device(cd, name);
- dm_clear_device(cd, iname);
+ if (dm_status_suspended(cd, name) > 0)
+ dm_resume_device(cd, name, 0);
+ if (dm_status_suspended(cd, iname) > 0)
+ dm_resume_device(cd, iname, 0);
+ }
- if (dm_status_suspended(cd, name) > 0)
- dm_resume_device(cd, name, 0);
- if (dm_status_suspended(cd, iname) > 0)
- dm_resume_device(cd, iname, 0);
-out:
dm_targets_free(cd, &tdmd);
dm_targets_free(cd, &tdmdi);
free(CONST_CAST(void*)tdmdi.uuid);
{
struct crypt_dm_active_device dmdq, dmd = {};
struct dm_target *tgt = &dmdq.segment;
+ struct crypt_params_integrity params = {};
+ uint32_t supported_flags = 0;
+ uint64_t old_size;
int r;
/*
log_dbg(cd, "Resizing device %s to %" PRIu64 " sectors.", name, new_size);
- r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY, &dmdq);
+ r = dm_query_device(cd, name, DM_ACTIVE_CRYPT_KEYSIZE | DM_ACTIVE_CRYPT_KEY |
+ DM_ACTIVE_INTEGRITY_PARAMS | DM_ACTIVE_JOURNAL_CRYPT_KEY |
+ DM_ACTIVE_JOURNAL_MAC_KEY, &dmdq);
if (r < 0) {
log_err(cd, _("Device %s is not active."), name);
return -EINVAL;
}
- if (!single_segment(&dmdq) || tgt->type != DM_CRYPT) {
+ if (!single_segment(&dmdq) || (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY)) {
log_dbg(cd, "Unsupported device table detected in %s.", name);
r = -EINVAL;
goto out;
log_err(cd, _("Cannot resize loop device."));
}
+
+ /*
+ * Integrity device metadata are maintained by the kernel. We need to
+ * reload the device (with the same parameters) and let the kernel
+ * calculate the maximum size of integrity device and store it in the
+ * superblock.
+ */
+ if (!new_size && tgt->type == DM_INTEGRITY) {
+ r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd),
+ crypt_get_data_offset(cd) * SECTOR_SIZE, &old_size);
+ if (r < 0)
+ return r;
+
+ dmd.size = dmdq.size;
+ dmd.flags = dmdq.flags | CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_PRIVATE;
+
+ r = crypt_get_integrity_info(cd, ¶ms);
+ if (r)
+ goto out;
+
+ r = dm_integrity_target_set(cd, &dmd.segment, 0, dmdq.segment.size,
+ crypt_metadata_device(cd), crypt_data_device(cd),
+ crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd),
+ crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key,
+ tgt->u.integrity.journal_integrity_key, ¶ms);
+ if (r)
+ goto out;
+ r = _reload_device(cd, name, &dmd);
+ if (r)
+ goto out;
+
+ r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd),
+ crypt_get_data_offset(cd) * SECTOR_SIZE, &new_size);
+ if (r < 0)
+ return r;
+ log_dbg(cd, "Maximum integrity device size from kernel %" PRIu64, new_size);
+
+ if (old_size == new_size && new_size == dmdq.size &&
+ !dm_flags(cd, tgt->type, &supported_flags) &&
+ !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED))
+ log_std(cd, _("WARNING: Maximum size already set or kernel doesn't support resize.\n"));
+ }
+
r = device_block_adjust(cd, crypt_data_device(cd), DEV_OK,
- crypt_get_data_offset(cd), &new_size, &dmdq.flags);
+ crypt_get_data_offset(cd), &new_size, &dmdq.flags);
if (r)
goto out;
- if (MISALIGNED(new_size, tgt->u.crypt.sector_size >> SECTOR_SHIFT)) {
+ if (MISALIGNED(new_size, (tgt->type == DM_CRYPT ? tgt->u.crypt.sector_size : tgt->u.integrity.sector_size) >> SECTOR_SHIFT)) {
log_err(cd, _("Device size is not aligned to requested sector size."));
r = -EINVAL;
goto out;
dmd.uuid = crypt_get_uuid(cd);
dmd.size = new_size;
dmd.flags = dmdq.flags | CRYPT_ACTIVATE_REFRESH;
- r = dm_crypt_target_set(&dmd.segment, 0, new_size, crypt_data_device(cd),
- tgt->u.crypt.vk, crypt_get_cipher_spec(cd),
- crypt_get_iv_offset(cd), crypt_get_data_offset(cd),
- crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd),
- crypt_get_sector_size(cd));
- if (r < 0)
- goto out;
+
+ if (tgt->type == DM_CRYPT) {
+ r = dm_crypt_target_set(&dmd.segment, 0, new_size, crypt_data_device(cd),
+ tgt->u.crypt.vk, crypt_get_cipher_spec(cd),
+ crypt_get_iv_offset(cd), crypt_get_data_offset(cd),
+ crypt_get_integrity(cd), crypt_get_integrity_tag_size(cd),
+ crypt_get_sector_size(cd));
+ if (r < 0)
+ goto out;
+ } else if (tgt->type == DM_INTEGRITY) {
+ r = crypt_get_integrity_info(cd, ¶ms);
+ if (r)
+ goto out;
+
+ r = dm_integrity_target_set(cd, &dmd.segment, 0, new_size,
+ crypt_metadata_device(cd), crypt_data_device(cd),
+ crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd),
+ crypt_get_sector_size(cd), tgt->u.integrity.vk, tgt->u.integrity.journal_crypt_key,
+ tgt->u.integrity.journal_integrity_key, ¶ms);
+ if (r)
+ goto out;
+ }
if (new_size == dmdq.size) {
log_dbg(cd, "Device has already requested size %" PRIu64
r = LUKS2_unmet_requirements(cd, &cd->u.luks2.hdr, 0, 0);
if (!r)
r = _reload_device(cd, name, &dmd);
+
+ if (r && tgt->type == DM_INTEGRITY &&
+ !dm_flags(cd, tgt->type, &supported_flags) &&
+ !(supported_flags & DM_INTEGRITY_RESIZE_SUPPORTED))
+ log_err(cd, _("Resize failed, the kernel doesn't support it."));
}
out:
dm_targets_free(cd, &dmd);
return LUKS2_hdr_labels(cd, &cd->u.luks2.hdr, label, subsystem, 1);
}
+const char *crypt_get_label(struct crypt_device *cd)
+{
+ if (_onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))
+ return NULL;
+
+ return cd->u.luks2.hdr.label;
+}
+
+const char *crypt_get_subsystem(struct crypt_device *cd)
+{
+ if (_onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0))
+ return NULL;
+
+ return cd->u.luks2.hdr.subsystem;
+}
+
int crypt_header_backup(struct crypt_device *cd,
const char *requested_type,
const char *backup_file)
return -EINVAL;
/* Load with repair */
- r = _crypt_load_luks(cd, requested_type, 1, 0);
+ r = _crypt_load_luks(cd, requested_type, false, false);
if (r < 0)
return r;
} else if (isLUKS2(cd->type) && (!requested_type || isLUKS2(requested_type))) {
r = LUKS2_hdr_restore(cd, &cd->u.luks2.hdr, backup_file);
if (r)
- _luks2_reload(cd);
+ (void) _crypt_load_luks2(cd, 1, 0);
} else if (isLUKS1(cd->type) && (!requested_type || isLUKS1(requested_type)))
r = LUKS_hdr_restore(backup_file, &cd->u.luks1.hdr, cd);
else
r = -EINVAL;
if (!r)
- r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, 1, 1);
+ r = _crypt_load_luks(cd, version == 1 ? CRYPT_LUKS1 : CRYPT_LUKS2, false, true);
return r;
}
+int crypt_header_is_detached(struct crypt_device *cd)
+{
+ int r;
+
+ if (!cd || (cd->type && !isLUKS(cd->type)))
+ return -EINVAL;
+
+ r = device_is_identical(crypt_data_device(cd), crypt_metadata_device(cd));
+ if (r < 0) {
+ log_dbg(cd, "Failed to compare data and metadata devices path.");
+ return r;
+ }
+
+ return r ? 0 : 1;
+}
+
void crypt_free(struct crypt_device *cd)
{
if (!cd)
return;
- log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd));
+ log_dbg(cd, "Releasing crypt device %s context.", mdata_device_path(cd) ?: "empty");
dm_backend_exit(cd);
crypt_free_volume_key(cd->volume_key);
- crypt_free_type(cd);
+ crypt_free_type(cd, NULL);
device_free(cd, cd->device);
device_free(cd, cd->metadata_device);
digest = LUKS2_digest_by_segment(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
if (digest < 0)
return -EINVAL;
- r = LUKS2_volume_key_load_in_keyring_by_digest(cd,
- &cd->u.luks2.hdr, vk, digest);
+ r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, digest);
if (r < 0)
return r;
}
r = LUKS_open_key_with_hdr(keyslot, passphrase_read, passphrase_size_read,
&cd->u.luks1.hdr, &vk, cd);
else
- r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT, passphrase_read, passphrase_size_read, &vk);
+ r = LUKS2_keyslot_open(cd, keyslot, CRYPT_DEFAULT_SEGMENT,
+ passphrase_read, passphrase_size_read, &vk);
crypt_safe_free(passphrase_read);
if (r < 0)
return r;
}
-/*
- * Keyslot manipulation
- */
-int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
- int keyslot, // -1 any
- const char *passphrase,
- size_t passphrase_size,
- const char *new_passphrase,
- size_t new_passphrase_size)
+int crypt_resume_by_token_pin(struct crypt_device *cd, const char *name,
+ const char *type, int token, const char *pin, size_t pin_size,
+ void *usrptr)
{
- int digest, r, active_slots;
- struct luks2_keyslot_params params;
struct volume_key *vk = NULL;
+ int r, keyslot;
+
+ if (!name)
+ return -EINVAL;
- log_dbg(cd, "Adding new keyslot, existing passphrase %sprovided,"
- "new passphrase %sprovided.",
- passphrase ? "" : "not ", new_passphrase ? "" : "not ");
+ log_dbg(cd, "Resuming volume %s by token (%s type) %d.",
+ name, type ?: "any", token);
- if ((r = onlyLUKS(cd)))
+ if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET, 0)))
return r;
- if (!passphrase || !new_passphrase)
- return -EINVAL;
-
- r = keyslot_verify_or_find_empty(cd, &keyslot);
- if (r)
+ r = dm_status_suspended(cd, name);
+ if (r < 0)
return r;
- if (isLUKS1(cd->type))
- active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr);
- else
- active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
- if (active_slots == 0) {
- /* No slots used, try to use pre-generated key in header */
- if (cd->volume_key) {
- vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
- r = vk ? 0 : -ENOMEM;
- } else {
- log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
- return -EINVAL;
- }
- } else if (active_slots < 0)
+ if (!r) {
+ log_err(cd, _("Volume %s is not suspended."), name);
return -EINVAL;
- else {
- /* Passphrase provided, use it to unlock existing keyslot */
- if (isLUKS1(cd->type))
- r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, passphrase,
- passphrase_size, &cd->u.luks1.hdr, &vk, cd);
- else
- r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, passphrase,
- passphrase_size, &vk);
}
- if (r < 0)
- goto out;
+ r = LUKS2_token_unlock_key(cd, &cd->u.luks2.hdr, token, type,
+ pin, pin_size, CRYPT_DEFAULT_SEGMENT, usrptr, &vk);
+ keyslot = r;
+ if (r >= 0)
+ r = resume_by_volume_key(cd, vk, name);
- if (isLUKS1(cd->type))
- r = LUKS_set_key(keyslot, CONST_CAST(char*)new_passphrase,
- new_passphrase_size, &cd->u.luks1.hdr, vk, cd);
- else {
- r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
- digest = r;
+ crypt_free_volume_key(vk);
+ return r < 0 ? r : keyslot;
+}
- if (r >= 0)
- r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms);
+/*
+ * Keyslot manipulation
+ */
+int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
+ int keyslot, // -1 any
+ const char *passphrase,
+ size_t passphrase_size,
+ const char *new_passphrase,
+ size_t new_passphrase_size)
+{
+ int r;
+ struct crypt_keyslot_context kc, new_kc;
- if (r >= 0)
- r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
+ if (!passphrase || !new_passphrase)
+ return -EINVAL;
- if (r >= 0)
- r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot,
- CONST_CAST(char*)new_passphrase,
- new_passphrase_size, vk, ¶ms);
- }
+ crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size);
+ crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, new_passphrase, new_passphrase_size);
- if (r < 0)
- goto out;
+ r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0);
- r = 0;
-out:
- crypt_free_volume_key(vk);
- if (r < 0) {
- _luks2_reload(cd);
- return r;
- }
- return keyslot;
+ crypt_keyslot_context_destroy_internal(&kc);
+ crypt_keyslot_context_destroy_internal(&new_kc);
+
+ return r;
}
int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
const char *new_passphrase,
size_t new_passphrase_size)
{
- int digest = -1, r;
+ int digest = -1, r, keyslot_new_orig = keyslot_new;
struct luks2_keyslot_params params;
struct volume_key *vk = NULL;
if (isLUKS1(cd->type))
keyslot_new = LUKS_keyslot_find_empty(&cd->u.luks1.hdr);
else if (isLUKS2(cd->type))
- keyslot_new = LUKS2_keyslot_find_empty(&cd->u.luks2.hdr);
+ keyslot_new = LUKS2_keyslot_find_empty(cd, &cd->u.luks2.hdr, vk->keylength);
if (keyslot_new < 0)
keyslot_new = keyslot_old;
}
r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr,
keyslot_new, new_passphrase,
new_passphrase_size, vk, ¶ms);
+ if (r < 0)
+ goto out;
+
+ /* Swap old & new so the final keyslot number remains */
+ if (keyslot_new_orig == CRYPT_ANY_SLOT && keyslot_old != keyslot_new) {
+ r = LUKS2_keyslot_swap(cd, &cd->u.luks2.hdr, keyslot_old, keyslot_new);
+ if (r < 0)
+ goto out;
+
+ /* Swap slot id */
+ r = keyslot_old;
+ keyslot_old = keyslot_new;
+ keyslot_new = r;
+ }
} else
r = -EINVAL;
out:
crypt_free_volume_key(vk);
if (r < 0) {
- _luks2_reload(cd);
+ _luks2_rollback(cd);
return r;
}
return keyslot_new;
size_t new_keyfile_size,
uint64_t new_keyfile_offset)
{
- int digest, r, active_slots;
- size_t passwordLen, new_passwordLen;
- struct luks2_keyslot_params params;
- char *password = NULL, *new_password = NULL;
- struct volume_key *vk = NULL;
+ int r;
+ struct crypt_keyslot_context kc, new_kc;
if (!keyfile || !new_keyfile)
return -EINVAL;
- log_dbg(cd, "Adding new keyslot, existing keyfile %s, new keyfile %s.",
- keyfile, new_keyfile);
-
- if ((r = onlyLUKS(cd)))
- return r;
-
- r = keyslot_verify_or_find_empty(cd, &keyslot);
- if (r)
- return r;
-
- if (isLUKS1(cd->type))
- active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr);
- else
- active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
- if (active_slots == 0) {
- /* No slots used, try to use pre-generated key in header */
- if (cd->volume_key) {
- vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
- r = vk ? 0 : -ENOMEM;
- } else {
- log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
- return -EINVAL;
- }
- } else {
- r = crypt_keyfile_device_read(cd, keyfile,
- &password, &passwordLen,
- keyfile_offset, keyfile_size, 0);
- if (r < 0)
- goto out;
-
- if (isLUKS1(cd->type))
- r = LUKS_open_key_with_hdr(CRYPT_ANY_SLOT, password, passwordLen,
- &cd->u.luks1.hdr, &vk, cd);
- else
- r = LUKS2_keyslot_open(cd, CRYPT_ANY_SLOT, CRYPT_DEFAULT_SEGMENT, password, passwordLen, &vk);
- }
-
- if (r < 0)
- goto out;
-
- r = crypt_keyfile_device_read(cd, new_keyfile,
- &new_password, &new_passwordLen,
- new_keyfile_offset, new_keyfile_size, 0);
- if (r < 0)
- goto out;
-
- if (isLUKS1(cd->type))
- r = LUKS_set_key(keyslot, new_password, new_passwordLen,
- &cd->u.luks1.hdr, vk, cd);
- else {
- r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
- digest = r;
+ crypt_keyslot_unlock_by_keyfile_init_internal(&kc, keyfile, keyfile_size, keyfile_offset);
+ crypt_keyslot_unlock_by_keyfile_init_internal(&new_kc, new_keyfile, new_keyfile_size, new_keyfile_offset);
- if (r >= 0)
- r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms);
+ r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0);
- if (r >= 0)
- r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
+ crypt_keyslot_context_destroy_internal(&kc);
+ crypt_keyslot_context_destroy_internal(&new_kc);
- if (r >= 0)
- r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot,
- new_password, new_passwordLen, vk, ¶ms);
- }
-out:
- crypt_safe_free(password);
- crypt_safe_free(new_password);
- crypt_free_volume_key(vk);
- if (r < 0) {
- _luks2_reload(cd);
- return r;
- }
- return keyslot;
+ return r;
}
int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
const char *passphrase,
size_t passphrase_size)
{
- struct volume_key *vk = NULL;
int r;
+ struct crypt_keyslot_context kc, new_kc;
if (!passphrase)
return -EINVAL;
- log_dbg(cd, "Adding new keyslot %d using volume key.", keyslot);
-
- if ((r = onlyLUKS(cd)))
- return r;
-
- if (isLUKS2(cd->type))
- return crypt_keyslot_add_by_key(cd, keyslot,
- volume_key, volume_key_size, passphrase,
- passphrase_size, 0);
-
- r = keyslot_verify_or_find_empty(cd, &keyslot);
- if (r < 0)
- return r;
-
- if (volume_key)
- vk = crypt_alloc_volume_key(volume_key_size, volume_key);
- else if (cd->volume_key)
- vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
+ crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size);
+ crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, passphrase, passphrase_size);
- if (!vk)
- return -ENOMEM;
+ r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, 0);
- r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
- if (r < 0)
- log_err(cd, _("Volume key does not match the volume."));
- else
- r = LUKS_set_key(keyslot, passphrase, passphrase_size,
- &cd->u.luks1.hdr, vk, cd);
+ crypt_keyslot_context_destroy_internal(&kc);
+ crypt_keyslot_context_destroy_internal(&new_kc);
- crypt_free_volume_key(vk);
- return (r < 0) ? r : keyslot;
+ return r;
}
int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
if (kernel_version(&kversion))
return 1;
- return kversion < version(4,15,0,0);
+ return kversion < compact_version(4,15,0,0);
}
int create_or_reload_device(struct crypt_device *cd, const char *name,
return -EINVAL;
tgt = &dmd->segment;
- if (tgt->type != DM_CRYPT)
+ if (tgt->type != DM_CRYPT && tgt->type != DM_INTEGRITY)
return -EINVAL;
/* drop CRYPT_ACTIVATE_REFRESH flag if any device is inactive */
if (dmd->flags & CRYPT_ACTIVATE_REFRESH)
r = _reload_device(cd, name, dmd);
else {
- device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL;
+ if (tgt->type == DM_CRYPT) {
+ device_check = dmd->flags & CRYPT_ACTIVATE_SHARED ? DEV_OK : DEV_EXCL;
- r = device_block_adjust(cd, tgt->data_device, device_check,
+ r = device_block_adjust(cd, tgt->data_device, device_check,
tgt->u.crypt.offset, &dmd->size, &dmd->flags);
- if (!r) {
- tgt->size = dmd->size;
+ if (!r) {
+ tgt->size = dmd->size;
+ r = dm_create_device(cd, name, type, dmd);
+ }
+ } else if (tgt->type == DM_INTEGRITY) {
+ r = device_block_adjust(cd, tgt->data_device, DEV_EXCL,
+ tgt->u.integrity.offset, NULL, &dmd->flags);
+ if (r)
+ return r;
+
+ if (tgt->u.integrity.meta_device) {
+ r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL);
+ if (r)
+ return r;
+ }
+
r = dm_create_device(cd, name, type, dmd);
}
}
return r;
}
-/* See fixmes in _open_and_activate_luks2 */
-int update_reencryption_flag(struct crypt_device *cd, int enable, bool commit);
-
-/* TODO: This function should 1:1 with pre-reencryption code */
static int _open_and_activate(struct crypt_device *cd,
int keyslot,
const char *name,
struct volume_key *vk = vks;
while (vk) {
- r = LUKS2_volume_key_load_in_keyring_by_digest(cd, hdr, vk, crypt_volume_key_get_id(vk));
+ r = LUKS2_volume_key_load_in_keyring_by_digest(cd, vk, crypt_volume_key_get_id(vk));
if (r < 0)
return r;
vk = crypt_volume_key_next(vk);
}
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL)))
- goto err;
+ goto out;
ri = LUKS2_reencrypt_status(hdr);
if (ri == CRYPT_REENCRYPT_CRASH) {
r = LUKS2_reencrypt_locked_recovery_by_passphrase(cd, keyslot,
- keyslot, passphrase, passphrase_size, flags, &vks);
+ keyslot, passphrase, passphrase_size, &vks);
if (r < 0) {
log_err(cd, _("LUKS2 reencryption recovery failed."));
- goto err;
+ goto out;
}
keyslot = r;
if (ri > CRYPT_REENCRYPT_CLEAN) {
r = -EINVAL;
- goto err;
+ goto out;
}
if (LUKS2_get_data_size(hdr, &minimal_size, &dynamic_size))
- goto err;
+ goto out;
if (!vks) {
r = _open_all_keys(cd, hdr, keyslot, passphrase, passphrase_size, flags, &vks);
if (r >= 0) {
r = LUKS2_reencrypt_digest_verify(cd, hdr, vks);
if (r < 0)
- goto err;
+ goto out;
}
log_dbg(cd, "Entering clean reencryption state mode.");
if (r >= 0)
r = LUKS2_activate_multi(cd, name, vks, device_size >> SECTOR_SHIFT, flags);
-err:
+out:
LUKS2_reencrypt_unlock(cd, reencrypt_lock);
if (r < 0)
crypt_drop_keyring_key(cd, vks);
r = _open_and_activate_luks2(cd, keyslot, name, passphrase, passphrase_size, flags);
keyslot = r;
} else if (isBITLK(cd->type)) {
- r = BITLK_activate(cd, name, passphrase, passphrase_size,
- &cd->u.bitlk.params, flags);
+ r = BITLK_activate_by_passphrase(cd, name, passphrase, passphrase_size,
+ &cd->u.bitlk.params, flags);
+ keyslot = 0;
+ } else if (isFVAULT2(cd->type)) {
+ r = FVAULT2_activate_by_passphrase(cd, name, passphrase, passphrase_size,
+ &cd->u.fvault2.params, flags);
keyslot = 0;
} else {
log_err(cd, _("Device type is not properly initialized."));
if (!crypt_use_keyring_for_vk(cd))
use_keyring = false;
else
- use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) || (flags & CRYPT_ACTIVATE_KEYRING_KEY);
+ use_keyring = (name && !crypt_is_cipher_null(crypt_get_cipher(cd))) ||
+ (flags & CRYPT_ACTIVATE_KEYRING_KEY);
if (!r && use_keyring) {
r = LUKS2_key_description_by_segment(cd,
cd->u.integrity.journal_crypt_key,
cd->u.integrity.journal_mac_key, flags,
cd->u.integrity.sb_flags);
+ } else if (isBITLK(cd->type)) {
+ r = BITLK_activate_by_volume_key(cd, name, volume_key, volume_key_size,
+ &cd->u.bitlk.params, flags);
} else {
log_err(cd, _("Device type is not properly initialized."));
r = -EINVAL;
return -EINVAL;
}
- log_dbg(cd, "%s volume %s by %skey.", name ? "Activating" : "Checking", name ?: "", signature ? "signed " : "");
+ if (name)
+ log_dbg(cd, "Activating volume %s by %skey.", name, signature ? "signed " : "");
+ else
+ log_dbg(cd, "Checking volume by key.");
if (cd->u.verity.hdr.flags & CRYPT_VERITY_ROOT_HASH_SIGNATURE && !signature) {
log_err(cd, _("Root hash signature required."));
if (!name)
return -EINVAL;
+ if ((flags & CRYPT_DEACTIVATE_DEFERRED) && (flags & CRYPT_DEACTIVATE_DEFERRED_CANCEL))
+ return -EINVAL;
+
log_dbg(cd, "Deactivating volume %s.", name);
if (!cd) {
}
/* skip holders detection and early abort when some flags raised */
- if (flags & (CRYPT_DEACTIVATE_FORCE | CRYPT_DEACTIVATE_DEFERRED))
+ if (flags & (CRYPT_DEACTIVATE_FORCE | CRYPT_DEACTIVATE_DEFERRED | CRYPT_DEACTIVATE_DEFERRED_CANCEL))
get_flags &= ~DM_ACTIVE_HOLDERS;
switch (crypt_status(cd, name)) {
case CRYPT_ACTIVE:
case CRYPT_BUSY:
+ if (flags & CRYPT_DEACTIVATE_DEFERRED_CANCEL) {
+ r = dm_cancel_deferred_removal(name);
+ if (r < 0)
+ log_err(cd, _("Could not cancel deferred remove from device %s."), name);
+ break;
+ }
+
r = dm_query_device(cd, name, get_flags, &dmd);
if (r >= 0) {
if (dmd.holders) {
if (!name)
return 0;
- /* FIXME: LUKS2 / dm-crypt does not provide this count. */
+ /* LUKS2 / dm-crypt does not provide this count. */
if (dm_query_device(cd, name, 0, &dmd) < 0)
return 0;
int keyslot,
char *volume_key,
size_t *volume_key_size,
- const char *passphrase,
- size_t passphrase_size)
+ const char *passphrase,
+ size_t passphrase_size)
+{
+ int r;
+ struct crypt_keyslot_context kc;
+
+ if (!passphrase)
+ return crypt_volume_key_get_by_keyslot_context(cd, keyslot, volume_key, volume_key_size, NULL);
+
+ crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size);
+
+ r = crypt_volume_key_get_by_keyslot_context(cd, keyslot, volume_key, volume_key_size, &kc);
+
+ crypt_keyslot_context_destroy_internal(&kc);
+
+ return r;
+}
+
+int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd,
+ int keyslot,
+ char *volume_key,
+ size_t *volume_key_size,
+ struct crypt_keyslot_context *kc)
{
+ size_t passphrase_size;
+ int key_len, r;
+ const char *passphrase = NULL;
struct volume_key *vk = NULL;
- int key_len, r = -EINVAL;
- if (!cd || !volume_key || !volume_key_size || (!isTCRYPT(cd->type) && !isVERITY(cd->type) && !passphrase))
+ if (!cd || !volume_key || !volume_key_size ||
+ (!kc && !isLUKS(cd->type) && !isTCRYPT(cd->type) && !isVERITY(cd->type)))
return -EINVAL;
if (isLUKS2(cd->type) && keyslot != CRYPT_ANY_SLOT)
return -ENOMEM;
}
- if (isPLAIN(cd->type) && cd->u.plain.hdr.hash) {
- r = process_key(cd, cd->u.plain.hdr.hash, key_len,
- passphrase, passphrase_size, &vk);
+ if (kc && (!kc->get_passphrase || kc->type == CRYPT_KC_TYPE_KEY))
+ return -EINVAL;
+
+ if (kc) {
+ r = kc->get_passphrase(cd, kc, &passphrase, &passphrase_size);
if (r < 0)
- log_err(cd, _("Cannot retrieve volume key for plain device."));
+ return r;
+ }
+
+ r = -EINVAL;
+
+ if (isLUKS2(cd->type)) {
+ if (kc && !kc->get_luks2_key)
+ log_err(cd, _("Cannot retrieve volume key for LUKS2 device."));
+ else if (!kc)
+ r = -ENOENT;
+ else
+ r = kc->get_luks2_key(cd, kc, keyslot,
+ keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT,
+ &vk);
} else if (isLUKS1(cd->type)) {
- r = LUKS_open_key_with_hdr(keyslot, passphrase,
- passphrase_size, &cd->u.luks1.hdr, &vk, cd);
- } else if (isLUKS2(cd->type)) {
- r = LUKS2_keyslot_open(cd, keyslot,
- keyslot == CRYPT_ANY_SLOT ? CRYPT_DEFAULT_SEGMENT : CRYPT_ANY_SEGMENT,
- passphrase, passphrase_size, &vk);
- } else if (isTCRYPT(cd->type)) {
- r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk);
+ if (kc && !kc->get_luks1_volume_key)
+ log_err(cd, _("Cannot retrieve volume key for LUKS1 device."));
+ else if (!kc)
+ r = -ENOENT;
+ else
+ r = kc->get_luks1_volume_key(cd, kc, keyslot, &vk);
+ } else if (isPLAIN(cd->type)) {
+ if (passphrase && cd->u.plain.hdr.hash)
+ r = process_key(cd, cd->u.plain.hdr.hash, key_len,
+ passphrase, passphrase_size, &vk);
+ if (r < 0)
+ log_err(cd, _("Cannot retrieve volume key for plain device."));
} else if (isVERITY(cd->type)) {
/* volume_key == root hash */
if (cd->u.verity.root_hash) {
r = 0;
} else
log_err(cd, _("Cannot retrieve root hash for verity device."));
+ } else if (isTCRYPT(cd->type)) {
+ r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk);
+ } else if (isBITLK(cd->type)) {
+ if (passphrase)
+ r = BITLK_get_volume_key(cd, passphrase, passphrase_size, &cd->u.bitlk.params, &vk);
+ if (r < 0)
+ log_err(cd, _("Cannot retrieve volume key for BITLK device."));
+ } else if (isFVAULT2(cd->type)) {
+ if (passphrase)
+ r = FVAULT2_get_volume_key(cd, passphrase, passphrase_size, &cd->u.fvault2.params, &vk);
+ if (r < 0)
+ log_err(cd, _("Cannot retrieve volume key for FVAULT2 device."));
} else
log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)");
+ if (r == -ENOENT && isLUKS(cd->type) && cd->volume_key) {
+ vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
+ r = vk ? 0 : -ENOMEM;
+ }
+
if (r >= 0 && vk) {
memcpy(volume_key, vk->key, vk->keylength);
*volume_key_size = vk->keylength;
else
r = -EINVAL;
-
- if (r == -EPERM)
- log_err(cd, _("Volume key does not match the volume."));
-
crypt_free_volume_key(vk);
return r >= 0 ? 0 : r;
int crypt_memory_lock(struct crypt_device *cd, int lock)
{
- return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd);
+ return 0;
}
void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags)
return CRYPT_INACTIVE;
}
-static void hexprint(struct crypt_device *cd, const char *d, int n, const char *sep)
-{
- int i;
- for(i = 0; i < n; i++)
- log_std(cd, "%02hhx%s", (const char)d[i], sep);
-}
-
static int _luks_dump(struct crypt_device *cd)
{
int i;
log_std(cd, "Payload offset:\t%" PRIu32 "\n", cd->u.luks1.hdr.payloadOffset);
log_std(cd, "MK bits: \t%" PRIu32 "\n", cd->u.luks1.hdr.keyBytes * 8);
log_std(cd, "MK digest: \t");
- hexprint(cd, cd->u.luks1.hdr.mkDigest, LUKS_DIGESTSIZE, " ");
+ crypt_log_hex(cd, cd->u.luks1.hdr.mkDigest, LUKS_DIGESTSIZE, " ", 0, NULL);
log_std(cd, "\n");
log_std(cd, "MK salt: \t");
- hexprint(cd, cd->u.luks1.hdr.mkDigestSalt, LUKS_SALTSIZE/2, " ");
+ crypt_log_hex(cd, cd->u.luks1.hdr.mkDigestSalt, LUKS_SALTSIZE/2, " ", 0, NULL);
log_std(cd, "\n \t");
- hexprint(cd, cd->u.luks1.hdr.mkDigestSalt+LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ");
+ crypt_log_hex(cd, cd->u.luks1.hdr.mkDigestSalt+LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ", 0, NULL);
log_std(cd, "\n");
log_std(cd, "MK iterations: \t%" PRIu32 "\n", cd->u.luks1.hdr.mkDigestIterations);
log_std(cd, "UUID: \t%s\n\n", cd->u.luks1.hdr.uuid);
log_std(cd, "\tIterations: \t%" PRIu32 "\n",
cd->u.luks1.hdr.keyblock[i].passwordIterations);
log_std(cd, "\tSalt: \t");
- hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt,
- LUKS_SALTSIZE/2, " ");
+ crypt_log_hex(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt,
+ LUKS_SALTSIZE/2, " ", 0, NULL);
log_std(cd, "\n\t \t");
- hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt +
- LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ");
+ crypt_log_hex(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt +
+ LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ", 0, NULL);
log_std(cd, "\n");
log_std(cd, "\tKey material offset:\t%" PRIu32 "\n",
return 0;
}
-static int _verity_dump(struct crypt_device *cd)
-{
- log_std(cd, "VERITY header information for %s\n", mdata_device_path(cd));
- log_std(cd, "UUID: \t%s\n", cd->u.verity.uuid ?: "");
- log_std(cd, "Hash type: \t%u\n", cd->u.verity.hdr.hash_type);
- log_std(cd, "Data blocks: \t%" PRIu64 "\n", cd->u.verity.hdr.data_size);
- log_std(cd, "Data block size: \t%u\n", cd->u.verity.hdr.data_block_size);
- log_std(cd, "Hash block size: \t%u\n", cd->u.verity.hdr.hash_block_size);
- log_std(cd, "Hash algorithm: \t%s\n", cd->u.verity.hdr.hash_name);
- log_std(cd, "Salt: \t");
- if (cd->u.verity.hdr.salt_size)
- hexprint(cd, cd->u.verity.hdr.salt, cd->u.verity.hdr.salt_size, "");
- else
- log_std(cd, "-");
- log_std(cd, "\n");
- if (cd->u.verity.root_hash) {
- log_std(cd, "Root hash: \t");
- hexprint(cd, cd->u.verity.root_hash, cd->u.verity.root_hash_size, "");
- log_std(cd, "\n");
- }
- return 0;
-}
-
int crypt_dump(struct crypt_device *cd)
{
if (!cd)
else if (isLUKS2(cd->type))
return LUKS2_hdr_dump(cd, &cd->u.luks2.hdr);
else if (isVERITY(cd->type))
- return _verity_dump(cd);
+ return VERITY_dump(cd, &cd->u.verity.hdr,
+ cd->u.verity.root_hash, cd->u.verity.root_hash_size,
+ cd->u.verity.fec_device);
else if (isTCRYPT(cd->type))
return TCRYPT_dump(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params);
else if (isINTEGRITY(cd->type))
return INTEGRITY_dump(cd, crypt_data_device(cd), 0);
else if (isBITLK(cd->type))
return BITLK_dump(cd, crypt_data_device(cd), &cd->u.bitlk.params);
+ else if (isFVAULT2(cd->type))
+ return FVAULT2_dump(cd, crypt_data_device(cd), &cd->u.fvault2.params);
+
+ log_err(cd, _("Dump operation is not supported for this device type."));
+ return -EINVAL;
+}
+
+int crypt_dump_json(struct crypt_device *cd, const char **json, uint32_t flags)
+{
+ if (!cd || flags)
+ return -EINVAL;
+ if (isLUKS2(cd->type))
+ return LUKS2_hdr_dump_json(cd, &cd->u.luks2.hdr, json);
log_err(cd, _("Dump operation is not supported for this device type."));
return -EINVAL;
if (isBITLK(cd->type))
return cd->u.bitlk.params.cipher;
+ if (isFVAULT2(cd->type))
+ return cd->u.fvault2.params.cipher;
+
if (!cd->type && !_init_by_name_crypt_none(cd))
return cd->u.none.cipher;
if (isBITLK(cd->type))
return cd->u.bitlk.params.cipher_mode;
+ if (isFVAULT2(cd->type))
+ return cd->u.fvault2.params.cipher_mode;
+
if (!cd->type && !_init_by_name_crypt_none(cd))
return cd->u.none.cipher_mode;
/* INTERNAL only */
int crypt_get_integrity_key_size(struct crypt_device *cd)
{
+ int key_size = 0;
+
if (isINTEGRITY(cd->type))
- return INTEGRITY_key_size(cd, crypt_get_integrity(cd));
+ key_size = INTEGRITY_key_size(crypt_get_integrity(cd));
if (isLUKS2(cd->type))
- return INTEGRITY_key_size(cd, crypt_get_integrity(cd));
+ key_size = INTEGRITY_key_size(crypt_get_integrity(cd));
- return 0;
+ return key_size > 0 ? key_size : 0;
}
/* INTERNAL only */
return cd->u.integrity.params.tag_size;
if (isLUKS2(cd->type))
- return INTEGRITY_tag_size(cd, crypt_get_integrity(cd),
+ return INTEGRITY_tag_size(crypt_get_integrity(cd),
crypt_get_cipher(cd),
crypt_get_cipher_mode(cd));
return 0;
if (isBITLK(cd->type))
return cd->u.bitlk.params.guid;
+ if (isFVAULT2(cd->type))
+ return cd->u.fvault2.params.family_uuid;
+
return NULL;
}
if (isBITLK(cd->type))
return cd->u.bitlk.params.key_size / 8;
+ if (isFVAULT2(cd->type))
+ return cd->u.fvault2.params.key_size;
+
if (!cd->type && !_init_by_name_crypt_none(cd))
return cd->u.none.key_size;
{
char *tmp;
- if (!cd || !cipher || ! key_size || !isLUKS2(cd->type))
+ if (!cd || !cipher || !key_size || !isLUKS2(cd->type))
return -EINVAL;
if (LUKS2_keyslot_cipher_incompatible(cd, cipher))
return -EINVAL;
- tmp = strdup(cipher);
+ if (!(tmp = strdup(cipher)))
+ return -ENOMEM;
+
free(cd->u.luks2.keyslot_cipher);
cd->u.luks2.keyslot_cipher = tmp;
- if (!cd->u.luks2.keyslot_cipher)
- return -ENOMEM;
cd->u.luks2.keyslot_key_size = key_size;
return 0;
if (isBITLK(cd->type))
return cd->u.bitlk.params.volume_header_size / SECTOR_SIZE;
+ if (isFVAULT2(cd->type))
+ return cd->u.fvault2.params.log_vol_off / SECTOR_SIZE;
+
return cd->data_offset;
}
int crypt_keyslot_max(const char *type)
{
- if (type && isLUKS1(type))
+ if (isLUKS1(type))
return LUKS_NUMKEYS;
- if (type && isLUKS2(type))
+ if (isLUKS2(type))
return LUKS2_KEYSLOTS_MAX;
return -EINVAL;
return CRYPT_SLOT_PRIORITY_INVALID;
if (isLUKS2(cd->type))
- return LUKS2_keyslot_priority_get(cd, &cd->u.luks2.hdr, keyslot);
+ return LUKS2_keyslot_priority_get(&cd->u.luks2.hdr, keyslot);
return CRYPT_SLOT_PRIORITY_NORMAL;
}
ip->integrity = LUKS2_get_integrity(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
ip->integrity_key_size = crypt_get_integrity_key_size(cd);
- ip->tag_size = INTEGRITY_tag_size(cd, ip->integrity, crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
+ ip->tag_size = INTEGRITY_tag_size(ip->integrity, crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
ip->journal_integrity = NULL;
ip->journal_integrity_key_size = 0;
if (r < 0) {
/* in-memory header may be invalid after failed conversion */
- _luks2_reload(cd);
+ _luks2_rollback(cd);
if (r == -EBUSY)
log_err(cd, _("Cannot convert device %s which is still in use."), mdata_device_path(cd));
return r;
}
- crypt_free_type(cd);
+ crypt_free_type(cd, NULL);
return crypt_load(cd, type, params);
}
/*
* Token handling
*/
-int crypt_activate_by_token(struct crypt_device *cd,
- const char *name, int token, void *usrptr, uint32_t flags)
+int crypt_activate_by_token_pin(struct crypt_device *cd, const char *name,
+ const char *type, int token, const char *pin, size_t pin_size,
+ void *usrptr, uint32_t flags)
{
int r;
- log_dbg(cd, "%s volume %s using token %d.",
- name ? "Activating" : "Checking", name ?: "passphrase", token);
+ log_dbg(cd, "%s volume %s using token (%s type) %d.",
+ name ? "Activating" : "Checking", name ?: "passphrase",
+ type ?: "any", token);
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)))
return r;
if ((flags & CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY) && name)
return -EINVAL;
- if (token == CRYPT_ANY_TOKEN)
- return LUKS2_token_open_and_activate_any(cd, &cd->u.luks2.hdr, name, flags);
+ r = _activate_check_status(cd, name, flags & CRYPT_ACTIVATE_REFRESH);
+ if (r < 0)
+ return r;
+
+ return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, type,
+ pin, pin_size, flags, usrptr);
+}
- return LUKS2_token_open_and_activate(cd, &cd->u.luks2.hdr, token, name, flags, usrptr);
+int crypt_activate_by_token(struct crypt_device *cd,
+ const char *name, int token, void *usrptr, uint32_t flags)
+{
+ return crypt_activate_by_token_pin(cd, name, NULL, token, NULL, 0, usrptr, flags);
}
int crypt_token_json_get(struct crypt_device *cd, int token, const char **json)
if ((r = _onlyLUKS2(cd, CRYPT_CD_UNRESTRICTED, 0)))
return r;
- return LUKS2_token_json_get(cd, &cd->u.luks2.hdr, token, json) ?: token;
+ return LUKS2_token_json_get(&cd->u.luks2.hdr, token, json) ?: token;
}
int crypt_token_json_set(struct crypt_device *cd, int token, const char *json)
return LUKS2_token_status(cd, &cd->u.luks2.hdr, token, type);
}
+int crypt_token_max(const char *type)
+{
+ if (isLUKS2(type))
+ return LUKS2_TOKENS_MAX;
+
+ return -EINVAL;
+}
+
int crypt_token_luks2_keyring_get(struct crypt_device *cd,
int token,
struct crypt_token_params_luks2_keyring *params)
return -EINVAL;
}
- return LUKS2_builtin_token_get(cd, &cd->u.luks2.hdr, token, LUKS2_TOKEN_KEYRING, params);
+ return LUKS2_token_keyring_get(&cd->u.luks2.hdr, token, params);
}
int crypt_token_luks2_keyring_set(struct crypt_device *cd,
const struct crypt_token_params_luks2_keyring *params)
{
int r;
+ char json[4096];
- if (!params)
+ if (!params || !params->key_description)
return -EINVAL;
log_dbg(cd, "Creating new LUKS2 keyring token (%d).", token);
if ((r = onlyLUKS2(cd)))
return r;
- return LUKS2_builtin_token_create(cd, &cd->u.luks2.hdr, token, LUKS2_TOKEN_KEYRING, params, 1);
+ r = LUKS2_token_keyring_json(json, sizeof(json), params);
+ if (r < 0)
+ return r;
+
+ return LUKS2_token_create(cd, &cd->u.luks2.hdr, token, json, 1);
}
int crypt_token_assign_keyslot(struct crypt_device *cd, int token, int keyslot)
if ((r = _onlyLUKS2(cd, CRYPT_CD_QUIET | CRYPT_CD_UNRESTRICTED, 0)))
return r;
- return LUKS2_token_is_assigned(cd, &cd->u.luks2.hdr, keyslot, token);
+ return LUKS2_token_is_assigned(&cd->u.luks2.hdr, keyslot, token);
}
/* Internal only */
return _metadata_locking;
}
-int crypt_metadata_locking(struct crypt_device *cd, int enable)
+int crypt_metadata_locking(struct crypt_device *cd __attribute__((unused)), int enable)
{
if (enable && !_metadata_locking)
return -EPERM;
}
static int verify_and_update_segment_digest(struct crypt_device *cd,
- struct luks2_hdr *hdr, int keyslot,
- const char *volume_key, size_t volume_key_size,
- const char *password, size_t password_size)
+ struct luks2_hdr *hdr, int keyslot, struct crypt_keyslot_context *kc)
{
int digest, r;
struct volume_key *vk = NULL;
- if (keyslot < 0 || (volume_key && !volume_key_size))
- return -EINVAL;
-
- if (volume_key)
- vk = crypt_alloc_volume_key(volume_key_size, volume_key);
- else {
- r = LUKS2_keyslot_open(cd, keyslot, CRYPT_ANY_SEGMENT, password, password_size, &vk);
- if (r != keyslot) {
- r = -EINVAL;
- goto out;
- }
- }
+ assert(kc);
+ assert(kc->get_luks2_key);
+ assert(keyslot >= 0);
- if (!vk)
- return -ENOMEM;
+ r = kc->get_luks2_key(cd, kc, keyslot, CRYPT_ANY_SEGMENT, &vk);
+ if (r < 0)
+ return r;
/* check volume_key (param) digest matches keyslot digest */
r = LUKS2_digest_verify(cd, hdr, vk, keyslot);
log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot);
out:
crypt_free_volume_key(vk);
+
return r < 0 ? r : keyslot;
}
+static int luks2_keyslot_add_by_verified_volume_key(struct crypt_device *cd,
+ int keyslot_new,
+ const char *new_passphrase,
+ size_t new_passphrase_size,
+ struct volume_key *vk)
+{
+ int r;
+ struct luks2_keyslot_params params;
+
+ assert(cd);
+ assert(keyslot_new >= 0);
+ assert(new_passphrase);
+ assert(vk);
+ assert(crypt_volume_key_get_id(vk) >= 0);
+
+ r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms);
+ if (r < 0) {
+ log_err(cd, _("Failed to initialize default LUKS2 keyslot parameters."));
+ return r;
+ }
+
+ r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot_new, crypt_volume_key_get_id(vk), 1, 0);
+ if (r < 0) {
+ log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot_new);
+ return r;
+ }
+
+ r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot_new,
+ CONST_CAST(char*)new_passphrase,
+ new_passphrase_size, vk, ¶ms);
+
+ return r < 0 ? r : keyslot_new;
+}
+
+static int luks2_keyslot_add_by_volume_key(struct crypt_device *cd,
+ int keyslot_new,
+ const char *new_passphrase,
+ size_t new_passphrase_size,
+ struct volume_key *vk)
+{
+ int r;
+
+ assert(cd);
+ assert(keyslot_new >= 0);
+ assert(new_passphrase);
+ assert(vk);
+
+ r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
+ if (r >= 0)
+ crypt_volume_key_set_id(vk, r);
+
+ if (r < 0) {
+ log_err(cd, _("Volume key does not match the volume."));
+ return r;
+ }
+
+ return luks2_keyslot_add_by_verified_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk);
+}
+
+static int luks1_keyslot_add_by_volume_key(struct crypt_device *cd,
+ int keyslot_new,
+ const char *new_passphrase,
+ size_t new_passphrase_size,
+ struct volume_key *vk)
+{
+ int r;
+
+ assert(cd);
+ assert(keyslot_new >= 0);
+ assert(new_passphrase);
+ assert(vk);
+
+ r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
+ if (r < 0) {
+ log_err(cd, _("Volume key does not match the volume."));
+ return r;
+ }
+
+ r = LUKS_set_key(keyslot_new, CONST_CAST(char*)new_passphrase,
+ new_passphrase_size, &cd->u.luks1.hdr, vk, cd);
+
+ return r < 0 ? r : keyslot_new;
+}
+
+static int keyslot_add_by_key(struct crypt_device *cd,
+ bool is_luks1,
+ int keyslot_new,
+ const char *new_passphrase,
+ size_t new_passphrase_size,
+ struct volume_key *vk,
+ uint32_t flags)
+{
+ int r, digest;
+
+ assert(cd);
+ assert(keyslot_new >= 0);
+ assert(new_passphrase);
+ assert(vk);
+
+ if (!flags)
+ return is_luks1 ? luks1_keyslot_add_by_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk) :
+ luks2_keyslot_add_by_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk);
+
+ if (is_luks1)
+ return -EINVAL;
+
+ digest = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
+ if (digest >= 0) /* if key matches volume key digest tear down new vk flag */
+ flags &= ~CRYPT_VOLUME_KEY_SET;
+ else {
+ /* if key matches any existing digest, do not create new digest */
+ if ((flags & CRYPT_VOLUME_KEY_DIGEST_REUSE))
+ digest = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk);
+
+ /* no segment flag or new vk flag requires new key digest */
+ if (flags & (CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET)) {
+ if (digest < 0 || !(flags & CRYPT_VOLUME_KEY_DIGEST_REUSE))
+ digest = LUKS2_digest_create(cd, "pbkdf2", &cd->u.luks2.hdr, vk);
+ }
+ }
+
+ r = digest;
+ if (r < 0) {
+ log_err(cd, _("Volume key does not match the volume."));
+ return r;
+ }
+
+ crypt_volume_key_set_id(vk, digest);
+
+ if (flags & CRYPT_VOLUME_KEY_SET) {
+ r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 0);
+ if (r < 0)
+ log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot_new);
+ }
+
+ if (r >= 0)
+ r = luks2_keyslot_add_by_verified_volume_key(cd, keyslot_new, new_passphrase, new_passphrase_size, vk);
+
+ return r < 0 ? r : keyslot_new;
+}
int crypt_keyslot_add_by_key(struct crypt_device *cd,
int keyslot,
size_t passphrase_size,
uint32_t flags)
{
- int digest, r;
- struct luks2_keyslot_params params;
- struct volume_key *vk = NULL;
+ int r;
+ struct crypt_keyslot_context kc, new_kc;
if (!passphrase || ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) &&
(flags & CRYPT_VOLUME_KEY_SET)))
return -EINVAL;
- log_dbg(cd, "Adding new keyslot %d with volume key %sassigned to a crypt segment.",
- keyslot, flags & CRYPT_VOLUME_KEY_NO_SEGMENT ? "un" : "");
+ if ((r = onlyLUKS(cd)) < 0)
+ return r;
+
+ if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot) > CRYPT_SLOT_INACTIVE &&
+ isLUKS2(cd->type)) {
+ if (volume_key)
+ crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size);
+ else
+ crypt_keyslot_unlock_by_passphrase_init_internal(&kc, passphrase, passphrase_size);
+
+ r = verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, keyslot, &kc);
+
+ crypt_keyslot_context_destroy_internal(&kc);
- if ((r = onlyLUKS2(cd)))
return r;
+ }
- /* new volume key assignment */
- if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot) > CRYPT_SLOT_INACTIVE)
- return verify_and_update_segment_digest(cd, &cd->u.luks2.hdr,
- keyslot, volume_key, volume_key_size, passphrase, passphrase_size);
+ crypt_keyslot_unlock_by_key_init_internal(&kc, volume_key, volume_key_size);
+ crypt_keyslot_unlock_by_passphrase_init_internal(&new_kc, passphrase, passphrase_size);
- r = keyslot_verify_or_find_empty(cd, &keyslot);
- if (r < 0)
+ r = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, &kc, keyslot, &new_kc, flags);
+
+ crypt_keyslot_context_destroy_internal(&kc);
+ crypt_keyslot_context_destroy_internal(&new_kc);
+
+ return r;
+}
+
+int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd,
+ int keyslot_existing,
+ struct crypt_keyslot_context *kc,
+ int keyslot_new,
+ struct crypt_keyslot_context *new_kc,
+ uint32_t flags)
+{
+ bool is_luks1;
+ int active_slots, r;
+ const char *new_passphrase;
+ size_t new_passphrase_size;
+ struct volume_key *vk = NULL;
+
+ if (!kc || ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) &&
+ (flags & CRYPT_VOLUME_KEY_SET)))
+ return -EINVAL;
+
+ r = flags ? onlyLUKS2(cd) : onlyLUKS(cd);
+ if (r)
return r;
- if (volume_key)
- vk = crypt_alloc_volume_key(volume_key_size, volume_key);
- else if (flags & CRYPT_VOLUME_KEY_NO_SEGMENT)
- vk = crypt_generate_volume_key(cd, volume_key_size);
- else if (cd->volume_key)
- vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
- else
+ if ((flags & CRYPT_VOLUME_KEY_SET) && crypt_keyslot_status(cd, keyslot_existing) > CRYPT_SLOT_INACTIVE)
+ return verify_and_update_segment_digest(cd, &cd->u.luks2.hdr, keyslot_existing, kc);
+
+ if (!new_kc || !new_kc->get_passphrase)
return -EINVAL;
- if (!vk)
- return -ENOMEM;
+ log_dbg(cd, "Adding new keyslot %d by %s%s, volume key provided by %s (%d).",
+ keyslot_new, keyslot_context_type_string(new_kc),
+ (flags & CRYPT_VOLUME_KEY_NO_SEGMENT) ? " unassigned to a crypt segment" : "",
+ keyslot_context_type_string(kc), keyslot_existing);
- /* if key matches volume key digest tear down new vk flag */
- digest = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
- if (digest >= 0)
- flags &= ~CRYPT_VOLUME_KEY_SET;
+ r = keyslot_verify_or_find_empty(cd, &keyslot_new);
+ if (r < 0)
+ return r;
- /* if key matches any existing digest, do not create new digest */
- if (digest < 0 && (flags & CRYPT_VOLUME_KEY_DIGEST_REUSE))
- digest = LUKS2_digest_any_matching(cd, &cd->u.luks2.hdr, vk);
+ is_luks1 = isLUKS1(cd->type);
+ if (is_luks1)
+ active_slots = LUKS_keyslot_active_count(&cd->u.luks1.hdr);
+ else
+ active_slots = LUKS2_keyslot_active_count(&cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT);
- /* no segment flag or new vk flag requires new key digest */
- if (flags & (CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET)) {
- if (digest < 0 || !(flags & CRYPT_VOLUME_KEY_DIGEST_REUSE))
- digest = LUKS2_digest_create(cd, "pbkdf2", &cd->u.luks2.hdr, vk);
- }
+ if (active_slots < 0)
+ return -EINVAL;
- r = digest;
- if (r < 0) {
- log_err(cd, _("Volume key does not match the volume."));
- goto out;
- }
+ if (active_slots == 0 && kc->type != CRYPT_KC_TYPE_KEY)
+ r = -ENOENT;
+ else if (is_luks1 && kc->get_luks1_volume_key)
+ r = kc->get_luks1_volume_key(cd, kc, keyslot_existing, &vk);
+ else if (!is_luks1 && kc->get_luks2_volume_key)
+ r = kc->get_luks2_volume_key(cd, kc, keyslot_existing, &vk);
+ else
+ return -EINVAL;
- r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, ¶ms);
- if (r < 0) {
- log_err(cd, _("Failed to initialize default LUKS2 keyslot parameters."));
- goto out;
+ if (r == -ENOENT) {
+ if ((flags & CRYPT_VOLUME_KEY_NO_SEGMENT) && kc->type == CRYPT_KC_TYPE_KEY) {
+ if (!(vk = crypt_generate_volume_key(cd, kc->u.k.volume_key_size)))
+ return -ENOMEM;
+ r = 0;
+ } else if (cd->volume_key) {
+ if (!(vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key)))
+ return -ENOMEM;
+ r = 0;
+ } else if (active_slots == 0) {
+ log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
+ r = -EINVAL;
+ }
}
- r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
- if (r < 0) {
- log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot);
- goto out;
- }
+ if (r < 0)
+ return r;
- r = LUKS2_keyslot_store(cd, &cd->u.luks2.hdr, keyslot,
- passphrase, passphrase_size, vk, ¶ms);
+ r = new_kc->get_passphrase(cd, new_kc, &new_passphrase, &new_passphrase_size);
+ /* If new keyslot context is token just assign it to new keyslot */
+ if (r >= 0 && new_kc->type == CRYPT_KC_TYPE_TOKEN && !is_luks1)
+ r = LUKS2_token_assign(cd, &cd->u.luks2.hdr, keyslot_new, new_kc->u.t.id, 1, 0);
+ if (r >= 0)
+ r = keyslot_add_by_key(cd, is_luks1, keyslot_new, new_passphrase, new_passphrase_size, vk, flags);
- if (r >= 0 && (flags & CRYPT_VOLUME_KEY_SET))
- r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 1);
-out:
crypt_free_volume_key(vk);
+
if (r < 0) {
- _luks2_reload(cd);
+ _luks2_rollback(cd);
return r;
}
- return keyslot;
+
+ return keyslot_new;
}
/*
* Keyring handling
*/
-
int crypt_use_keyring_for_vk(struct crypt_device *cd)
{
uint32_t dmc_flags;
return (dmc_flags & DM_KERNEL_KEYRING_SUPPORTED);
}
-int crypt_volume_key_keyring(struct crypt_device *cd, int enable)
+int crypt_volume_key_keyring(struct crypt_device *cd __attribute__((unused)), int enable)
{
_vk_via_keyring = enable ? 1 : 0;
return 0;
r = _activate_by_passphrase(cd, name, keyslot, passphrase, passphrase_size, flags);
- crypt_safe_memzero(passphrase, passphrase_size);
- free(passphrase);
+ crypt_safe_free(passphrase);
return r;
}
crypt_reencrypt_info crypt_reencrypt_status(struct crypt_device *cd,
struct crypt_params_reencrypt *params)
{
- if (!cd || !isLUKS2(cd->type))
+ if (params)
+ memset(params, 0, sizeof(*params));
+
+ if (!cd || !isLUKS(cd->type))
+ return CRYPT_REENCRYPT_INVALID;
+
+ if (isLUKS1(cd->type))
return CRYPT_REENCRYPT_NONE;
if (_onlyLUKS2(cd, CRYPT_CD_QUIET, CRYPT_REQUIREMENT_ONLINE_REENCRYPT))
static void __attribute__((destructor)) libcryptsetup_exit(void)
{
+ crypt_token_unload_external_all(NULL);
+
crypt_backend_destroy();
crypt_random_exit();
}
/*
* TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <assert.h>
#include "libcryptsetup.h"
#include "tcrypt.h"
*/
static void TCRYPT_swab_le(char *buf)
{
- uint32_t *l = (uint32_t*)&buf[0];
- uint32_t *r = (uint32_t*)&buf[4];
+ uint32_t *l = VOIDP_CAST(uint32_t*)&buf[0];
+ uint32_t *r = VOIDP_CAST(uint32_t*)&buf[4];
*l = swab32(*l);
*r = swab32(*r);
}
const char *key, char *buf)
{
int bs = alg->iv_size;
- char iv[bs], iv_old[bs];
+ char iv[8], iv_old[8];
struct crypt_cipher *cipher = NULL;
int i, j, r;
- assert(bs == 2*sizeof(uint32_t));
+ assert(bs == 8);
r = crypt_cipher_init(&cipher, "blowfish", "ecb",
&key[alg->key_offset], alg->key_size);
static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers,
const char *key, struct tcrypt_phdr *hdr)
{
- struct crypt_cipher *cipher[ciphers->chain_count];
+ struct crypt_cipher *cipher[3];
unsigned int bs = ciphers->cipher[0].iv_size;
- char *buf = (char*)&hdr->e, iv[bs], iv_old[bs];
+ char *buf = (char*)&hdr->e, iv[16], iv_old[16];
unsigned int i, j;
int r = -EINVAL;
+ assert(ciphers->chain_count <= 3);
+ assert(bs <= 16);
+
TCRYPT_remove_whitening(buf, &key[8]);
memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs);
}
static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
- const char *key, uint32_t flags)
+ const char *key, struct crypt_params_tcrypt *params)
{
struct tcrypt_phdr hdr2;
int i, j, r = -EINVAL;
for (i = 0; tcrypt_cipher[i].chain_count; i++) {
- if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
+ if (params->cipher && !strstr(tcrypt_cipher[i].long_name, params->cipher))
+ continue;
+ if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
continue;
log_dbg(cd, "TCRYPT: trying cipher %s-%s",
tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
r = i;
break;
}
- if ((flags & CRYPT_TCRYPT_VERA_MODES) &&
+ if ((params->flags & CRYPT_TCRYPT_VERA_MODES) &&
!strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt).");
memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
pwd[i] += params->passphrase[i];
for (i = 0; tcrypt_kdf[i].name; i++) {
+ if (params->hash_name && strcmp(params->hash_name, tcrypt_kdf[i].hash))
+ continue;
if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i].legacy)
continue;
if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].veracrypt)
(tcrypt_kdf[i].veracrypt_pim_mult * params->veracrypt_pim);
} else
iterations = tcrypt_kdf[i].iterations;
-
/* Derive header key */
log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.",
tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations,
if (r < 0) {
log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping."),
tcrypt_kdf[i].hash);
+ skipped++;
+ r = -EPERM;
continue;
}
/* Decrypt header */
- r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags);
+ r = TCRYPT_decrypt_hdr(cd, hdr, key, params);
if (r == -ENOENT) {
skipped++;
r = -EPERM;
+ continue;
}
if (r != -EPERM)
break;
}
- if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) {
+ if ((r < 0 && skipped && skipped == i) || r == -ENOTSUP) {
log_err(cd, _("Required kernel crypto interface not available."));
#ifdef ENABLE_AF_ALG
log_err(cd, _("Ensure you have algif_skcipher kernel module loaded."));
#endif
+ r = -ENOTSUP;
}
if (r < 0)
goto out;
strncpy(dm_name, name, sizeof(dm_name)-1);
dmd.flags = flags;
} else {
- snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
+ if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1) < 0) {
+ r = -EINVAL;
+ break;
+ }
dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
}
vk->key, hdr->d.keys);
if (algs->chain_count != i) {
- snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
- dm_get_dir(), name, i);
+ if (snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d", dm_get_dir(), name, i) < 0) {
+ r = -EINVAL;
+ break;
+ }
r = device_alloc(cd, &device, dm_dev_name);
if (r)
break;
{
uint64_t size;
- /* No real header loaded, initialized by active device */
- if (!hdr->d.version)
- goto hdr_offset;
-
- /* Mapping through whole device, not partition! */
- if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
+ if (!hdr->d.version) {
+ /* No real header loaded, initialized by active device, use default mk_offset */
+ } else if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
+ /* Mapping through whole device, not partition! */
if (crypt_dev_is_partition(device_path(crypt_data_device(cd))))
return 0;
- goto hdr_offset;
- }
-
- if (params->mode && !strncmp(params->mode, "xts", 3)) {
+ } else if (params->mode && !strncmp(params->mode, "xts", 3)) {
if (hdr->d.version < 3)
return 1;
return (size - hdr->d.hidden_volume_size +
(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
}
- goto hdr_offset;
- }
-
- if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
+ } else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
if (device_size(crypt_metadata_device(cd), &size) < 0)
return 0;
return (size - hdr->d.hidden_volume_size +
(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / SECTOR_SIZE;
}
-hdr_offset:
return hdr->d.mk_offset / SECTOR_SIZE;
}
/*
* TCRYPT (TrueCrypt-compatible) header definition
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
struct crypt_device;
struct crypt_params_tcrypt;
-struct crypt_dm_active_device;
struct dm_target;
struct volume_key;
struct device;
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
return phys_memory_kb;
}
-/* MEMLOCK */
-#define DEFAULT_PROCESS_PRIORITY -18
-
-static int _priority;
-static int _memlock_count = 0;
-
-// return 1 if memory is locked
-int crypt_memlock_inc(struct crypt_device *ctx)
+void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
{
- if (!_memlock_count++) {
- log_dbg(ctx, "Locking memory.");
- if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
- log_dbg(ctx, "Cannot lock memory with mlockall.");
- _memlock_count--;
- return 0;
- }
- errno = 0;
- if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno)
- log_err(ctx, _("Cannot get process priority."));
+ int _priority, new_priority;
+
+ if (raise) {
+ _priority = getpriority(PRIO_PROCESS, 0);
+ if (_priority < 0)
+ _priority = 0;
+ if (priority)
+ *priority = _priority;
+
+ /*
+ * Do not bother checking CAP_SYS_NICE as device activation
+ * requires CAP_SYSADMIN later anyway.
+ */
+ if (getuid() || geteuid())
+ new_priority = 0;
else
- if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
- log_dbg(ctx, "setpriority %d failed: %s",
- DEFAULT_PROCESS_PRIORITY, strerror(errno));
- }
- return _memlock_count ? 1 : 0;
-}
+ new_priority = -18;
-int crypt_memlock_dec(struct crypt_device *ctx)
-{
- if (_memlock_count && (!--_memlock_count)) {
- log_dbg(ctx, "Unlocking memory.");
- if (munlockall() == -1)
- log_err(ctx, _("Cannot unlock memory."));
+ if (setpriority(PRIO_PROCESS, 0, new_priority))
+ log_dbg(cd, "Cannot raise process priority.");
+ } else {
+ _priority = priority ? *priority : 0;
if (setpriority(PRIO_PROCESS, 0, _priority))
- log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno));
+ log_dbg(cd, "Cannot reset process priority.");
}
- return _memlock_count ? 1 : 0;
}
/* Keyfile processing */
char tmp[BUFSIZ];
size_t next_read;
ssize_t bytes_r;
- off64_t r;
+ off_t r;
- r = lseek64(fd, bytes, SEEK_CUR);
+ r = lseek(fd, bytes, SEEK_CUR);
if (r > 0)
return 0;
if (r < 0 && errno != ESPIPE)
if (isatty(fd)) {
log_err(cd, _("Cannot read keyfile from a terminal."));
- r = -EINVAL;
- goto out_err;
+ goto out;
}
/* If not requested otherwise, we limit input to prevent memory exhaustion */
key_size = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
unlimited_read = 1;
/* use 4k for buffer (page divisor but avoid huge pages) */
- buflen = 4096 - sizeof(size_t); // sizeof(struct safe_allocation);
+ buflen = 4096 - 16; /* sizeof(struct safe_allocation); */
} else
buflen = key_size;
if (keyfile) {
if (stat(keyfile, &st) < 0) {
log_err(cd, _("Failed to stat key file."));
- goto out_err;
+ goto out;
}
if (S_ISREG(st.st_mode)) {
regular_file = 1;
if (keyfile_offset > file_read_size) {
log_err(cd, _("Cannot seek to requested keyfile offset."));
- goto out_err;
+ goto out;
}
file_read_size -= keyfile_offset;
pass = crypt_safe_alloc(buflen);
if (!pass) {
log_err(cd, _("Out of memory while reading passphrase."));
- goto out_err;
+ goto out;
}
/* Discard keyfile_offset bytes on input */
if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
log_err(cd, _("Cannot seek to requested keyfile offset."));
- goto out_err;
+ goto out;
}
for (i = 0, newline = 0; i < key_size; i += char_read) {
if (!pass) {
log_err(cd, _("Out of memory while reading passphrase."));
r = -ENOMEM;
- goto out_err;
+ goto out;
}
}
if (char_read < 0) {
log_err(cd, _("Error reading passphrase."));
r = -EPIPE;
- goto out_err;
+ goto out;
}
if (char_read == 0)
if (!i && !regular_file && !newline) {
log_err(cd, _("Nothing to read on input."));
r = -EPIPE;
- goto out_err;
+ goto out;
}
/* Fail if we exceeded internal default (no specified size) */
if (unlimited_read && i == key_size) {
log_err(cd, _("Maximum keyfile size exceeded."));
- goto out_err;
+ goto out;
}
if (!unlimited_read && i != key_size) {
log_err(cd, _("Cannot read requested amount of data."));
- goto out_err;
+ goto out;
}
*key = pass;
*key_size_read = i;
r = 0;
-out_err:
+out:
if (fd != STDIN_FILENO)
close(fd);
}
if (!r)
- *kversion = version(maj, min, patch, rel);
+ *kversion = compact_version(maj, min, patch, rel);
return r;
}
/*
* libcryptsetup - cryptsetup library, cipher benchmark
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
r = -ENOMEM;
if (posix_memalign(&buffer, crypt_getpagesize(), buffer_size))
goto out;
+ memset(buffer, 0, buffer_size);
r = crypt_cipher_ivsize(cipher, cipher_mode);
if (r >= 0 && iv_size != (size_t)r) {
int (*progress)(uint32_t time_ms, void *usrptr),
void *usrptr)
{
- int r;
+ int r, priority;
const char *kdf_opt;
if (!pbkdf || (!password && password_size))
log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
+ crypt_process_priority(cd, &priority, true);
r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
salt, salt_size, volume_key_size, pbkdf->time_ms,
pbkdf->max_memory_kb, pbkdf->parallel_threads,
&pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr);
+ crypt_process_priority(cd, &priority, false);
if (!r)
log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */
pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */
- r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "bar", 3,
+ r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8, "01234567890abcdef", 16,
volume_key_size, &benchmark_callback, &u);
pbkdf->time_ms = ms_tmp;
if (r < 0) {
PBKDF2_tmp = ((double)pbkdf->iterations * pbkdf->time_ms / 1000.);
if (PBKDF2_tmp > (double)UINT32_MAX)
return -EINVAL;
- pbkdf->iterations = at_least((uint32_t)PBKDF2_tmp, pbkdf_limits.min_iterations);
+ pbkdf->iterations = AT_LEAST((uint32_t)PBKDF2_tmp, pbkdf_limits.min_iterations);
} else {
/* Already benchmarked */
if (pbkdf->iterations) {
return 0;
}
- r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3,
+ r = crypt_benchmark_pbkdf(cd, pbkdf, "foobarfo", 8,
"0123456789abcdef0123456789abcdef", 32,
volume_key_size, &benchmark_callback, &u);
if (r < 0)
/*
* blkid probe utilities
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
#include <errno.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
blk_set_chains_for_wipes(h);
}
+void blk_set_chains_for_superblocks(struct blkid_handle *h)
+{
+#ifdef HAVE_BLKID
+ blkid_probe_enable_superblocks(h->pr, 1);
+ blkid_probe_set_superblocks_flags(h->pr, BLKID_SUBLKS_TYPE);
+#endif
+}
+
void blk_set_chains_for_fast_detection(struct blkid_handle *h)
{
#ifdef HAVE_BLKID
blkid_probe_enable_partitions(h->pr, 1);
blkid_probe_set_partitions_flags(h->pr, 0);
-
- blkid_probe_enable_superblocks(h->pr, 1);
- blkid_probe_set_superblocks_flags(h->pr, BLKID_SUBLKS_TYPE);
+ blk_set_chains_for_superblocks(h);
#endif
}
return r;
}
-int blk_superblocks_filter_luks(struct blkid_handle *h)
-{
- int r = -ENOTSUP;
#ifdef HAVE_BLKID
+static int blk_superblocks_luks(struct blkid_handle *h, bool enable)
+{
char luks[] = "crypto_LUKS";
char *luks_filter[] = {
luks,
NULL
};
- r = blkid_probe_filter_superblocks_type(h->pr, BLKID_FLTR_NOTIN, luks_filter);
+ return blkid_probe_filter_superblocks_type(h->pr,
+ enable ? BLKID_FLTR_ONLYIN : BLKID_FLTR_NOTIN,
+ luks_filter);
+}
+#endif
+
+int blk_superblocks_filter_luks(struct blkid_handle *h)
+{
+ int r = -ENOTSUP;
+#ifdef HAVE_BLKID
+ r = blk_superblocks_luks(h, false);
+#endif
+ return r;
+}
+
+int blk_superblocks_only_luks(struct blkid_handle *h)
+{
+ int r = -ENOTSUP;
+#ifdef HAVE_BLKID
+ r = blk_superblocks_luks(h, true);
#endif
return r;
}
return r;
}
-off_t blk_get_offset(struct blkid_handle *h)
+unsigned blk_get_block_size(struct blkid_handle *h)
{
- off_t offset_value = -1;
+ unsigned block_size = 0;
#ifdef HAVE_BLKID
- const char *offset;
- if (blk_is_superblock(h)) {
- if (!blkid_probe_lookup_value(h->pr, "SBMAGIC_OFFSET", &offset, NULL))
- offset_value = strtoll(offset, NULL, 10);
- } else if (blk_is_partition(h) && !blkid_probe_lookup_value(h->pr, "PTMAGIC_OFFSET", &offset, NULL))
- offset_value = strtoll(offset, NULL, 10);
+ const char *data;
+ if (!blk_is_superblock(h) || !blkid_probe_has_value(h->pr, "BLOCK_SIZE") ||
+ blkid_probe_lookup_value(h->pr, "BLOCK_SIZE", &data, NULL) ||
+ sscanf(data, "%u", &block_size) != 1)
+ block_size = 0;
#endif
- return offset_value;
+ return block_size;
}
/*
* blkid probe utilities
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
void blk_set_chains_for_full_print(struct blkid_handle *h);
+void blk_set_chains_for_superblocks(struct blkid_handle *h);
+
void blk_set_chains_for_fast_detection(struct blkid_handle *h);
int blk_superblocks_filter_luks(struct blkid_handle *h);
+int blk_superblocks_only_luks(struct blkid_handle *h);
blk_probe_status blk_safeprobe(struct blkid_handle *h);
int blk_supported(void);
-off_t blk_get_offset(struct blkid_handle *h);
+unsigned blk_get_block_size(struct blkid_handle *h);
#endif
* utils_crypt - cipher utilities for cryptsetup
*
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <strings.h>
+#include <unistd.h>
#include <ctype.h>
#include <errno.h>
#include "libcryptsetup.h"
#include "utils_crypt.h"
+#define MAX_CAPI_LEN_STR "143" /* for sscanf of crypto API string + 16 + \0 */
+
int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
char *cipher_mode)
{
if (!s || !integrity)
return -EINVAL;
- // FIXME: do not hardcode it here
-
/* AEAD modes */
if (!strcmp(s, "aead") ||
!strcmp(s, "poly1305") ||
return 0;
}
+/*
+ * Thanks Mikulas Patocka for these two char converting functions.
+ *
+ * This function is used to load cryptographic keys, so it is coded in such a
+ * way that there are no conditions or memory accesses that depend on data.
+ *
+ * Explanation of the logic:
+ * (ch - '9' - 1) is negative if ch <= '9'
+ * ('0' - 1 - ch) is negative if ch >= '0'
+ * we "and" these two values, so the result is negative if ch is in the range
+ * '0' ... '9'
+ * we are only interested in the sign, so we do a shift ">> 8"; note that right
+ * shift of a negative value is implementation-defined, so we cast the
+ * value to (unsigned) before the shift --- we have 0xffffff if ch is in
+ * the range '0' ... '9', 0 otherwise
+ * we "and" this value with (ch - '0' + 1) --- we have a value 1 ... 10 if ch is
+ * in the range '0' ... '9', 0 otherwise
+ * we add this value to -1 --- we have a value 0 ... 9 if ch is in the range '0'
+ * ... '9', -1 otherwise
+ * the next line is similar to the previous one, but we need to decode both
+ * uppercase and lowercase letters, so we use (ch & 0xdf), which converts
+ * lowercase to uppercase
+ */
+static int hex_to_bin(unsigned char ch)
+{
+ unsigned char cu = ch & 0xdf;
+ return -1 +
+ ((ch - '0' + 1) & (unsigned)((ch - '9' - 1) & ('0' - 1 - ch)) >> 8) +
+ ((cu - 'A' + 11) & (unsigned)((cu - 'F' - 1) & ('A' - 1 - cu)) >> 8);
+}
+
+static char hex2asc(unsigned char c)
+{
+ return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27);
+}
+
ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc)
{
- char buf[3] = "xx\0", *endp, *bytes;
+ char *bytes;
size_t i, len;
+ int bl, bh;
+
+ if (!hex || !result)
+ return -EINVAL;
len = strlen(hex);
if (len % 2)
return -ENOMEM;
for (i = 0; i < len; i++) {
- memcpy(buf, &hex[i * 2], 2);
- bytes[i] = strtoul(buf, &endp, 16);
- if (endp != &buf[2]) {
+ bh = hex_to_bin(hex[i * 2]);
+ bl = hex_to_bin(hex[i * 2 + 1]);
+ if (bh == -1 || bl == -1) {
safe_alloc ? crypt_safe_free(bytes) : free(bytes);
return -EINVAL;
}
+ bytes[i] = (bh << 4) | bl;
}
*result = bytes;
return i;
}
+char *crypt_bytes_to_hex(size_t size, const char *bytes)
+{
+ unsigned i;
+ char *hex;
+
+ if (size && !bytes)
+ return NULL;
+
+ /* Alloc adds trailing \0 */
+ if (size == 0)
+ hex = crypt_safe_alloc(2);
+ else
+ hex = crypt_safe_alloc(size * 2 + 1);
+ if (!hex)
+ return NULL;
+
+ if (size == 0)
+ hex[0] = '-';
+ else for (i = 0; i < size; i++) {
+ hex[i * 2] = hex2asc((const unsigned char)bytes[i] >> 4);
+ hex[i * 2 + 1] = hex2asc((const unsigned char)bytes[i] & 0xf);
+ }
+
+ return hex;
+}
+
+void crypt_log_hex(struct crypt_device *cd,
+ const char *bytes, size_t size,
+ const char *sep, int numwrap, const char *wrapsep)
+{
+ unsigned i;
+
+ for (i = 0; i < size; i++) {
+ if (wrapsep && numwrap && i && !(i % numwrap))
+ crypt_logf(cd, CRYPT_LOG_NORMAL, wrapsep);
+ crypt_logf(cd, CRYPT_LOG_NORMAL, "%c%c%s",
+ hex2asc((const unsigned char)bytes[i] >> 4),
+ hex2asc((const unsigned char)bytes[i] & 0xf), sep);
+ }
+}
+
bool crypt_is_cipher_null(const char *cipher_spec)
{
if (!cipher_spec)
return false;
return (strstr(cipher_spec, "cipher_null") || !strcmp(cipher_spec, "null"));
}
+
+int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm)
+{
+ char cipher[MAX_CAPI_ONE_LEN], mode[MAX_CAPI_ONE_LEN], iv[MAX_CAPI_ONE_LEN],
+ auth[MAX_CAPI_ONE_LEN], tmp[MAX_CAPI_LEN], dmcrypt_tmp[MAX_CAPI_LEN*2],
+ capi[MAX_CAPI_LEN+1];
+ size_t len;
+ int i;
+
+ if (!c_dm)
+ return -EINVAL;
+
+ /* legacy mode */
+ if (strncmp(c_dm, "capi:", 4)) {
+ if (!(*org_c = strdup(c_dm)))
+ return -ENOMEM;
+ if (i_dm) {
+ if (!(*org_i = strdup(i_dm))) {
+ free(*org_c);
+ *org_c = NULL;
+ return -ENOMEM;
+ }
+ } else
+ *org_i = NULL;
+ return 0;
+ }
+
+ /* modes with capi: prefix */
+ i = sscanf(c_dm, "capi:%" MAX_CAPI_LEN_STR "[^-]-%" MAX_CAPI_ONE_LEN_STR "s", tmp, iv);
+ if (i != 2)
+ return -EINVAL;
+
+ len = strlen(tmp);
+ if (len < 2)
+ return -EINVAL;
+
+ if (tmp[len-1] == ')')
+ tmp[len-1] = '\0';
+
+ if (sscanf(tmp, "rfc4309(%" MAX_CAPI_LEN_STR "s", capi) == 1) {
+ if (!(*org_i = strdup("aead")))
+ return -ENOMEM;
+ } else if (sscanf(tmp, "rfc7539(%" MAX_CAPI_LEN_STR "[^,],%" MAX_CAPI_ONE_LEN_STR "s", capi, auth) == 2) {
+ if (!(*org_i = strdup(auth)))
+ return -ENOMEM;
+ } else if (sscanf(tmp, "authenc(%" MAX_CAPI_ONE_LEN_STR "[^,],%" MAX_CAPI_LEN_STR "s", auth, capi) == 2) {
+ if (!(*org_i = strdup(auth)))
+ return -ENOMEM;
+ } else {
+ if (i_dm) {
+ if (!(*org_i = strdup(i_dm)))
+ return -ENOMEM;
+ } else
+ *org_i = NULL;
+ memset(capi, 0, sizeof(capi));
+ strncpy(capi, tmp, sizeof(capi)-1);
+ }
+
+ i = sscanf(capi, "%" MAX_CAPI_ONE_LEN_STR "[^(](%" MAX_CAPI_ONE_LEN_STR "[^)])", mode, cipher);
+ if (i == 2)
+ i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s-%s", cipher, mode, iv);
+ else
+ i = snprintf(dmcrypt_tmp, sizeof(dmcrypt_tmp), "%s-%s", capi, iv);
+ if (i < 0 || (size_t)i >= sizeof(dmcrypt_tmp)) {
+ free(*org_i);
+ *org_i = NULL;
+ return -EINVAL;
+ }
+
+ if (!(*org_c = strdup(dmcrypt_tmp))) {
+ free(*org_i);
+ *org_i = NULL;
+ return -ENOMEM;
+ }
+
+ return 0;
+}
* utils_crypt - cipher utilities for cryptsetup
*
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#define _UTILS_CRYPT_H
#include <stdbool.h>
-#include <unistd.h>
-#define MAX_CIPHER_LEN 32
-#define MAX_CIPHER_LEN_STR "31"
-#define MAX_KEYFILES 32
+struct crypt_device;
+
+#define MAX_CIPHER_LEN 32
+#define MAX_CIPHER_LEN_STR "31"
+#define MAX_KEYFILES 32
+#define MAX_CAPI_ONE_LEN 2 * MAX_CIPHER_LEN
+#define MAX_CAPI_ONE_LEN_STR "63" /* for sscanf length + '\0' */
+#define MAX_CAPI_LEN 144 /* should be enough to fit whole capi string */
int crypt_parse_name_and_mode(const char *s, char *cipher,
int *key_nums, char *cipher_mode);
int crypt_parse_pbkdf(const char *s, const char **pbkdf);
ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc);
+char *crypt_bytes_to_hex(size_t size, const char *bytes);
+void crypt_log_hex(struct crypt_device *cd,
+ const char *bytes, size_t size,
+ const char *sep, int numwrap, const char *wrapsep);
bool crypt_is_cipher_null(const char *cipher_spec);
+int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const char *i_dm);
+
#endif /* _UTILS_CRYPT_H */
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include <assert.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
/* cached values */
size_t alignment;
size_t block_size;
+ size_t loop_block_size;
};
static size_t device_fs_block_size_fd(int fd)
return bsize;
}
+static size_t device_block_phys_size_fd(int fd)
+{
+ struct stat st;
+ int arg;
+ size_t bsize = SECTOR_SIZE;
+
+ if (fstat(fd, &st) < 0)
+ return bsize;
+
+ if (S_ISREG(st.st_mode))
+ bsize = MAX_SECTOR_SIZE;
+ else if (ioctl(fd, BLKPBSZGET, &arg) >= 0)
+ bsize = (size_t)arg;
+
+ return bsize;
+}
+
static size_t device_alignment_fd(int devfd)
{
long alignment = DEFAULT_MEM_ALIGNMENT;
else {
/* open(2) with O_EXCL (w/o O_CREAT) on regular file is undefined behaviour according to man page */
/* coverity[toctou] */
- device->dev_fd_excl = open(path, O_RDONLY | O_EXCL);
+ device->dev_fd_excl = open(path, O_RDONLY | O_EXCL); /* lgtm[cpp/toctou-race-condition] */
if (device->dev_fd_excl < 0)
return errno == EBUSY ? -EBUSY : device->dev_fd_excl;
if (fstat(device->dev_fd_excl, &st) || !S_ISBLK(st.st_mode)) {
return device->block_size;
}
+size_t device_optimal_encryption_sector_size(struct crypt_device *cd, struct device *device)
+{
+ int fd;
+ size_t phys_block_size;
+
+ if (!device)
+ return SECTOR_SIZE;
+
+ fd = open(device->file_path ?: device->path, O_RDONLY);
+ if (fd < 0) {
+ log_dbg(cd, "Cannot get optimal encryption sector size for device %s.", device_path(device));
+ return SECTOR_SIZE;
+ }
+
+ /* cache device block size */
+ device->block_size = device_block_size_fd(fd, NULL);
+ if (!device->block_size) {
+ close(fd);
+ log_dbg(cd, "Cannot get block size for device %s.", device_path(device));
+ return SECTOR_SIZE;
+ }
+
+ if (device->block_size >= MAX_SECTOR_SIZE) {
+ close(fd);
+ return MISALIGNED(device->block_size, MAX_SECTOR_SIZE) ? SECTOR_SIZE : MAX_SECTOR_SIZE;
+ }
+
+ phys_block_size = device_block_phys_size_fd(fd);
+ close(fd);
+
+ if (device->block_size >= phys_block_size ||
+ phys_block_size <= SECTOR_SIZE ||
+ phys_block_size > MAX_SECTOR_SIZE ||
+ MISALIGNED(phys_block_size, device->block_size))
+ return device->block_size;
+
+ return phys_block_size;
+}
+
int device_read_ahead(struct device *device, uint32_t *read_ahead)
{
int fd, r = 0;
return -ENOTSUP;
}
- log_dbg(cd, "Allocating a free loop device.");
+ log_dbg(cd, "Allocating a free loop device (block size: %zu).",
+ device->loop_block_size ?: SECTOR_SIZE);
/* Keep the loop open, detached on last close. */
- loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly);
+ loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly, device->loop_block_size);
if (loop_fd == -1) {
log_err(cd, _("Attaching loopback device failed "
"(loop device with autoclear flag is required)."));
return r;
}
+ log_dbg(cd, "Attached loop device block size is %zu bytes.", device_block_size_fd(loop_fd, NULL));
+
device->loop_fd = loop_fd;
device->file_path = file_path;
device->init_done = 1;
device->dev_fd = -1;
}
}
+
+void device_set_block_size(struct device *device, size_t size)
+{
+ if (!device)
+ return;
+
+ device->loop_block_size = size;
+}
/*
* Metadata on-disk locking for processes serialization
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
# include <sys/sysmacros.h> /* for major, minor */
#endif
#include <libgen.h>
-#include <assert.h>
#include "internal.h"
#include "utils_device_locking.h"
lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
if (lockdfd < 0) {
if (errno == ENOENT) {
- log_dbg(cd, _("Locking directory %s/%s will be created with default compiled-in permissions."), dir, base);
+ log_dbg(cd, "Locking directory %s/%s will be created with default compiled-in permissions.", dir, base);
/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
h->u.bdev.devno = st.st_rdev;
h->mode = DEV_LOCK_BDEV;
} else if (S_ISREG(st.st_mode)) {
- // FIXME: workaround for nfsv4
+ /* workaround for nfsv4 */
fd = open(device_path(device), O_RDWR | O_NONBLOCK | O_CLOEXEC);
if (fd < 0)
h->flock_fd = dev_fd;
!stat(res, &buf_b) && /* does path file still exist? */
same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
/* coverity[toctou] */
- if (unlink(res)) /* yes? unlink the file */
+ if (unlink(res)) /* yes? unlink the file. lgtm[cpp/toctou-race-condition] */
log_dbg(cd, "Failed to unlink resource file: %s", res);
}
!stat(res, &buf_b) && /* does path file still exist? */
same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
/* coverity[toctou] */
- if (unlink(res)) /* yes? unlink the file */
+ if (unlink(res)) /* yes? unlink the file. lgtm[cpp/toctou-race-condition] */
log_dbg(cd, "Failed to unlink resource file: %s", res);
}
return (h && h->type == DEV_LOCK_READ);
}
-static int verify_lock_handle(const char *device_path, struct crypt_lock_handle *h)
+static int verify_lock_handle(struct crypt_lock_handle *h)
{
char res[PATH_MAX];
struct stat lck_st, res_st;
* check whether another libcryptsetup process removed resource file before this
* one managed to flock() it. See release_lock_handle() for details
*/
- r = verify_lock_handle(device_path(device), h);
+ r = verify_lock_handle(h);
if (r < 0) {
if (flock(h->flock_fd, LOCK_UN))
log_dbg(cd, "flock on fd %d failed.", h->flock_fd);
/* if device handle is regular file the handle must match the lock handle */
if (S_ISREG(dev_st.st_mode)) {
- log_dbg(cd, "Veryfing locked device handle (regular file)");
+ log_dbg(cd, "Verifying locked device handle (regular file)");
if (!same_inode(dev_st, lck_st))
return 1;
} else if (S_ISBLK(dev_st.st_mode)) {
- log_dbg(cd, "Veryfing locked device handle (bdev)");
+ log_dbg(cd, "Verifying locked device handle (bdev)");
if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) ||
stat(res, &st) ||
!same_inode(lck_st, st))
/*
* Metadata on-disk locking for processes serialization
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
return r;
}
-int lookup_by_sysfs_uuid_field(const char *dm_uuid, size_t max_len)
+int lookup_by_sysfs_uuid_field(const char *dm_uuid)
{
struct dirent *entry;
- char subpath[PATH_MAX], uuid[max_len];
+ char subpath[PATH_MAX], uuid[DM_UUID_LEN];
ssize_t s;
struct stat st;
int fd, len, r = 0; /* not found */
}
/* reads binary data */
- s = read_buffer(fd, uuid, max_len - 1);
+ s = read_buffer(fd, uuid, sizeof(uuid) - 1);
if (s > 0) {
uuid[s] = '\0';
if (!strncmp(uuid, dm_uuid, strlen(dm_uuid)))
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#define DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */
#define DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */
#define DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */
+#define DM_INTEGRITY_RESIZE_SUPPORTED (1 << 23) /* dm-integrity resize of the integrity device supported (introduced in the same version as discards)*/
#define DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption */
#define DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */
#define DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */
+#define DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */
+#define DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */
typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_ERROR, DM_ZERO, DM_UNKNOWN } dm_target_type;
-enum tdirection { TARGET_SET = 1, TARGET_QUERY };
+enum tdirection { TARGET_EMPTY = 0, TARGET_SET, TARGET_QUERY };
int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags);
#define DM_ACTIVE_INTEGRITY_PARAMS (1 << 9)
+#define DM_ACTIVE_JOURNAL_CRYPT_KEY (1 << 10)
+#define DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE (1 << 11)
+
+#define DM_ACTIVE_JOURNAL_MAC_KEY (1 << 12)
+#define DM_ACTIVE_JOURNAL_MAC_KEYSIZE (1 << 13)
+
struct dm_target {
dm_target_type type;
enum tdirection direction;
const struct volume_key *vk);
int dm_error_device(struct crypt_device *cd, const char *name);
int dm_clear_device(struct crypt_device *cd, const char *name);
+int dm_cancel_deferred_removal(const char *name);
const char *dm_get_dir(void);
+++ /dev/null
-/*
- * FIPS mode utilities
- *
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include "utils_fips.h"
-
-#if !ENABLE_FIPS
-int crypt_fips_mode(void) { return 0; }
-#else
-static int kernel_fips_mode(void)
-{
- int fd;
- char buf[1] = "";
-
- if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) {
- while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
- close(fd);
- }
-
- return (buf[0] == '1') ? 1 : 0;
-}
-
-int crypt_fips_mode(void)
-{
- return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
-}
-#endif /* ENABLE_FIPS */
+++ /dev/null
-/*
- * FIPS mode utilities
- *
- * Copyright (C) 2011-2021 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#ifndef _UTILS_FIPS_H
-#define _UTILS_FIPS_H
-
-int crypt_fips_mode(void);
-
-#endif /* _UTILS_FIPS_H */
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
-#include <sys/types.h>
#include "utils_io.h"
+/* coverity[ -taint_source : arg-1 ] */
static ssize_t _read_buffer(int fd, void *buf, size_t length, volatile int *quit)
{
size_t read_size = 0;
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#ifndef _CRYPTSETUP_UTILS_IO_H
#define _CRYPTSETUP_UTILS_IO_H
+#include <stddef.h>
#include <sys/types.h>
ssize_t read_buffer(int fd, void *buf, size_t length);
/*
* kernel keyring utilities
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <sys/syscall.h>
#include "libcryptsetup.h"
+#include "libcryptsetup_macros.h"
#include "utils_keyring.h"
#ifndef HAVE_KEY_SERIAL_T
typedef int32_t key_serial_t;
#endif
-#ifndef ARRAY_SIZE
-# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
-#endif
-
#ifdef KERNEL_KEYRING
static const struct {
ret = keyctl_read(kid, NULL, 0);
if (ret > 0) {
len = ret;
- buf = malloc(len);
+ buf = crypt_safe_alloc(len);
if (!buf)
return -ENOMEM;
if (ret < 0) {
err = errno;
- if (buf)
- crypt_safe_memzero(buf, len);
- free(buf);
+ crypt_safe_free(buf);
return -err;
}
/*
* kernel keyring syscall wrappers
*
- * Copyright (C) 2016-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2016-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
/*
* loopback block device utilities
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <limits.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
-#include <sys/types.h>
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* for major, minor */
#endif
+#include <linux/types.h>
#include <linux/loop.h>
#ifdef HAVE_SYS_SYSMACROS_H
#include <sys/sysmacros.h> /* for major, minor */
#endif
#include "utils_loop.h"
+#include "libcryptsetup_macros.h"
#define LOOP_DEV_MAJOR 7
#define LOOP_SET_CAPACITY 0x4C07
#endif
+#ifndef LOOP_SET_BLOCK_SIZE
+#define LOOP_SET_BLOCK_SIZE 0x4C09
+#endif
+
+#ifndef LOOP_CONFIGURE
+#define LOOP_CONFIGURE 0x4C0A
+struct loop_config {
+ __u32 fd;
+ __u32 block_size;
+ struct loop_info64 info;
+ __u64 __reserved[8];
+};
+#endif
+
static char *crypt_loop_get_device_old(void)
{
- char dev[20];
+ char dev[64];
int i, loop_fd;
struct loop_info64 lo64 = {0};
}
int crypt_loop_attach(char **loop, const char *file, int offset,
- int autoclear, int *readonly)
+ int autoclear, int *readonly, size_t blocksize)
{
- struct loop_info64 lo64 = {0};
+ struct loop_config config = {0};
char *lo_file_name;
int loop_fd = -1, file_fd = -1, r = 1;
+ int fallback = 0;
*loop = NULL;
if (file_fd < 0)
goto out;
- while (loop_fd < 0) {
+ config.fd = file_fd;
+
+ lo_file_name = (char*)config.info.lo_file_name;
+ lo_file_name[LO_NAME_SIZE-1] = '\0';
+ strncpy(lo_file_name, file, LO_NAME_SIZE-1);
+ config.info.lo_offset = offset;
+ if (autoclear)
+ config.info.lo_flags |= LO_FLAGS_AUTOCLEAR;
+ if (blocksize > SECTOR_SIZE)
+ config.block_size = blocksize;
+
+ while (loop_fd < 0) {
*loop = crypt_loop_get_device();
if (!*loop)
goto out;
loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
if (loop_fd < 0)
goto out;
-
- if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
+ if (ioctl(loop_fd, LOOP_CONFIGURE, &config) < 0) {
+ if (errno == EINVAL || errno == ENOTTY) {
+ free(*loop);
+ *loop = NULL;
+
+ close(loop_fd);
+ loop_fd = -1;
+
+ /* kernel doesn't support LOOP_CONFIGURE */
+ fallback = 1;
+ break;
+ }
if (errno != EBUSY)
goto out;
free(*loop);
}
}
- lo_file_name = (char*)lo64.lo_file_name;
- lo_file_name[LO_NAME_SIZE-1] = '\0';
- strncpy(lo_file_name, file, LO_NAME_SIZE-1);
- lo64.lo_offset = offset;
- if (autoclear)
- lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;
+ if (fallback) {
+ while (loop_fd < 0) {
+ *loop = crypt_loop_get_device();
+ if (!*loop)
+ goto out;
- if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) {
- (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
- goto out;
+ loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
+ if (loop_fd < 0)
+ goto out;
+ if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
+ if (errno != EBUSY)
+ goto out;
+ free(*loop);
+ *loop = NULL;
+
+ close(loop_fd);
+ loop_fd = -1;
+ }
+ }
+
+ if (blocksize > SECTOR_SIZE)
+ (void)ioctl(loop_fd, LOOP_SET_BLOCK_SIZE, (unsigned long)blocksize);
+
+ if (ioctl(loop_fd, LOOP_SET_STATUS64, &config.info) < 0) {
+ (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
+ goto out;
+ }
}
/* Verify that autoclear is really set */
if (autoclear) {
- memset(&lo64, 0, sizeof(lo64));
- if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) < 0 ||
- !(lo64.lo_flags & LO_FLAGS_AUTOCLEAR)) {
+ memset(&config.info, 0, sizeof(config.info));
+ if (ioctl(loop_fd, LOOP_GET_STATUS64, &config.info) < 0 ||
+ !(config.info.lo_flags & LO_FLAGS_AUTOCLEAR)) {
(void)ioctl(loop_fd, LOOP_CLR_FD, 0);
goto out;
}
/*
* loopback block device utilities
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
char *crypt_loop_backing_file(const char *loop);
int crypt_loop_device(const char *loop);
int crypt_loop_attach(char **loop, const char *file, int offset,
- int autoclear, int *readonly);
+ int autoclear, int *readonly, size_t blocksize);
int crypt_loop_detach(const char *loop);
int crypt_loop_resize(const char *loop);
/*
* utils_pbkdf - PBKDF settings for libcryptsetup
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
if (r < 0)
return r;
- if (!pbkdf->type ||
+ if (!pbkdf || !pbkdf->type ||
(!pbkdf->hash && !strcmp(pbkdf->type, "pbkdf2")))
return -EINVAL;
/*
* utils_safe_memory - safe memory helpers
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
+#include <sys/mman.h>
#include "libcryptsetup.h"
struct safe_allocation {
- size_t size;
- char data[0];
+ size_t size;
+ bool locked;
+ char data[0] __attribute__((aligned(8)));
};
+#define OVERHEAD offsetof(struct safe_allocation, data)
/*
* Replacement for memset(s, 0, n) on stack that can be optimized out
*/
void crypt_safe_memzero(void *data, size_t size)
{
+ if (!data)
+ return;
+
#ifdef HAVE_EXPLICIT_BZERO
explicit_bzero(data, size);
#else
{
struct safe_allocation *alloc;
- if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data)))
+ if (!size || size > (SIZE_MAX - OVERHEAD))
return NULL;
- alloc = malloc(size + offsetof(struct safe_allocation, data));
+ alloc = malloc(size + OVERHEAD);
if (!alloc)
return NULL;
+ crypt_safe_memzero(alloc, size + OVERHEAD);
alloc->size = size;
- crypt_safe_memzero(&alloc->data, size);
+
+ /* Ignore failure if it is over limit. */
+ if (!mlock(alloc, size + OVERHEAD))
+ alloc->locked = true;
/* coverity[leaked_storage] */
return &alloc->data;
{
struct safe_allocation *alloc;
volatile size_t *s;
+ void *p;
if (!data)
return;
- alloc = (struct safe_allocation *)
- ((char *)data - offsetof(struct safe_allocation, data));
+ p = (char *)data - OVERHEAD;
+ alloc = (struct safe_allocation *)p;
crypt_safe_memzero(data, alloc->size);
+ if (alloc->locked) {
+ munlock(alloc, alloc->size + OVERHEAD);
+ alloc->locked = false;
+ }
+
s = (volatile size_t *)&alloc->size;
*s = 0x55aa55aa;
free(alloc);
{
struct safe_allocation *alloc;
void *new_data;
+ void *p;
new_data = crypt_safe_alloc(size);
if (new_data && data) {
- alloc = (struct safe_allocation *)
- ((char *)data - offsetof(struct safe_allocation, data));
+ p = (char *)data - OVERHEAD;
+ alloc = (struct safe_allocation *)p;
if (size > alloc->size)
size = alloc->size;
* Generic wrapper for storage functions
* (experimental only)
*
- * Copyright (C) 2018-2021, Ondrej Kozina
+ * Copyright (C) 2018-2023 Ondrej Kozina
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* Generic wrapper for storage functions
* (experimental only)
*
- * Copyright (C) 2018-2021, Ondrej Kozina
+ * Copyright (C) 2018-2023 Ondrej Kozina
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* utils_wipe - wipe a device
*
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <errno.h>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <linux/fs.h>
#include "internal.h"
+/* block device zeroout ioctls, introduced in Linux kernel 3.7 */
+#ifndef BLKZEROOUT
+#define BLKZEROOUT _IO(0x12,127)
+#endif
+
+static int wipe_zeroout(struct crypt_device *cd, int devfd,
+ uint64_t offset, uint64_t length)
+{
+ static bool zeroout_available = true;
+ uint64_t range[2] = { offset, length };
+ int r;
+
+ if (!zeroout_available)
+ return -ENOTSUP;
+
+ r = ioctl(devfd, BLKZEROOUT, &range);
+ if (r < 0) {
+ log_dbg(cd, "BLKZEROOUT ioctl not available (error %i), disabling.", r);
+ zeroout_available = false;
+ return -ENOTSUP;
+ }
+
+ return 0;
+}
+
/*
* Wipe using Peter Gutmann method described in
* https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern,
char *sf, size_t device_block_size, size_t alignment,
- size_t wipe_block_size, uint64_t offset, bool *need_block_init)
+ size_t wipe_block_size, uint64_t offset, bool *need_block_init,
+ bool blockdev)
{
int r;
memset(sf, 0, wipe_block_size);
*need_block_init = false;
r = 0;
- } else if (pattern == CRYPT_WIPE_RANDOM) {
- r = crypt_random_get(cd, sf, wipe_block_size,
- CRYPT_RND_NORMAL) ? -EIO : 0;
- *need_block_init = true;
- } else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
- // FIXME
+ } else if (pattern == CRYPT_WIPE_RANDOM ||
+ pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
r = crypt_random_get(cd, sf, wipe_block_size,
CRYPT_RND_NORMAL) ? -EIO : 0;
*need_block_init = true;
return r;
}
+ if (blockdev && pattern == CRYPT_WIPE_ZERO &&
+ !wipe_zeroout(cd, devfd, offset, wipe_block_size)) {
+ /* zeroout ioctl does not move offset */
+ if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
+ log_err(cd, _("Cannot seek to device offset."));
+ return -EINVAL;
+ }
+ return 0;
+ }
+
if (write_blockwise(devfd, device_block_size, alignment, sf,
wipe_block_size) == (ssize_t)wipe_block_size)
return 0;
void *usrptr)
{
int r, devfd;
+ struct stat st;
size_t bsize, alignment;
char *sf = NULL;
uint64_t dev_size;
if (!bsize || !alignment || !wipe_block_size)
return -EINVAL;
- /* FIXME: if wipe_block_size < bsize, then a wipe is highly ineffective */
+ /* if wipe_block_size < bsize, then a wipe is highly ineffective */
/* Everything must be aligned to SECTOR_SIZE */
if (MISALIGNED_512(offset) || MISALIGNED_512(length) || MISALIGNED_512(wipe_block_size))
if (devfd < 0)
return errno ? -errno : -EINVAL;
+ if (fstat(devfd, &st) < 0) {
+ r = -EINVAL;
+ goto out;
+ }
+
if (length)
dev_size = offset + length;
else {
if (r)
goto out;
- if (lseek64(devfd, offset, SEEK_SET) < 0) {
+ if (lseek(devfd, offset, SEEK_SET) < 0) {
log_err(cd, _("Cannot seek to device offset."));
r = -EINVAL;
goto out;
if ((offset + wipe_block_size) > dev_size)
wipe_block_size = dev_size - offset;
- //log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size);
-
r = wipe_block(cd, devfd, pattern, sf, bsize, alignment,
- wipe_block_size, offset, &need_block_init);
+ wipe_block_size, offset, &need_block_init, S_ISBLK(st.st_mode));
if (r) {
log_err(cd,_("Device wipe error, offset %" PRIu64 "."), offset);
break;
if (!cd)
return -EINVAL;
+ r = init_crypto(cd);
+ if (r < 0)
+ return r;
+
if (!dev_path)
device = crypt_data_device(cd);
else {
if (flags & CRYPT_WIPE_NO_DIRECT_IO)
device_disable_direct_io(device);
}
+ if (!device)
+ return -EINVAL;
if (!wipe_block_size)
wipe_block_size = 1024*1024;
*
* Copyright (C) 2004 Phil Karn, KA9Q
* libcryptsetup modifications
- * Copyright (C) 2017-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
*
* Copyright (C) 2002, Phil Karn, KA9Q
* libcryptsetup modifications
- * Copyright (C) 2017-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "rs.h"
+#define MAX_NR_BUF 256
+
int decode_rs_char(struct rs* rs, data_t* data)
{
int deg_lambda, el, deg_omega, syn_error, count;
int i, j, r, k;
data_t q, tmp, num1, num2, den, discr_r;
- /* FIXME: remove VLAs here */
- data_t lambda[rs->nroots + 1], s[rs->nroots]; /* Err+Eras Locator poly and syndrome poly */
- data_t b[rs->nroots + 1], t[rs->nroots + 1], omega[rs->nroots + 1];
- data_t root[rs->nroots], reg[rs->nroots + 1], loc[rs->nroots];
+ data_t lambda[MAX_NR_BUF], s[MAX_NR_BUF]; /* Err+Eras Locator poly and syndrome poly */
+ data_t b[MAX_NR_BUF], t[MAX_NR_BUF], omega[MAX_NR_BUF];
+ data_t root[MAX_NR_BUF], reg[MAX_NR_BUF], loc[MAX_NR_BUF];
+
+ if (rs->nroots >= MAX_NR_BUF)
+ return -1;
memset(s, 0, rs->nroots * sizeof(data_t));
memset(b, 0, (rs->nroots + 1) * sizeof(data_t));
*
* Copyright (C) 2002, Phil Karn, KA9Q
* libcryptsetup modifications
- * Copyright (C) 2017-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/*
* dm-verity volume handling
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
-#include <netinet/in.h>
#include <uuid/uuid.h>
#include "libcryptsetup.h"
return -EIO;
if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
- log_err(cd, _("Device %s is not a valid VERITY device."),
- device_path(device));
+ log_dbg(cd, "No VERITY signature detected.");
return -EINVAL;
}
}
params->data_size = le64_to_cpu(sb.data_blocks);
+ /* Update block size to be used for loop devices */
+ device_set_block_size(crypt_metadata_device(cd), params->hash_block_size);
+ device_set_block_size(crypt_data_device(cd), params->data_block_size);
+
params->hash_name = strndup((const char*)sb.algorithm, sizeof(sb.algorithm));
if (!params->hash_name)
return -ENOMEM;
return hash_offset / params->hash_block_size;
}
-int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string)
+int VERITY_UUID_generate(char **uuid_string)
{
uuid_t uuid;
dm_targets_free(cd, &dmd);
return r;
}
+
+int VERITY_dump(struct crypt_device *cd,
+ struct crypt_params_verity *verity_hdr,
+ const char *root_hash,
+ unsigned int root_hash_size,
+ struct device *fec_device)
+{
+ uint64_t hash_blocks, verity_blocks, fec_blocks = 0, rs_blocks = 0;
+ bool fec_on_hash_device = false;
+
+ hash_blocks = VERITY_hash_blocks(cd, verity_hdr);
+ verity_blocks = VERITY_hash_offset_block(verity_hdr) + hash_blocks;
+
+ if (fec_device && verity_hdr->fec_roots) {
+ fec_blocks = VERITY_FEC_blocks(cd, fec_device, verity_hdr);
+ rs_blocks = VERITY_FEC_RS_blocks(fec_blocks, verity_hdr->fec_roots);
+ fec_on_hash_device = device_is_identical(crypt_metadata_device(cd), fec_device) > 0;
+ /*
+ * No way to access fec_area_offset directly.
+ * Assume FEC area starts directly after hash blocks.
+ */
+ if (fec_on_hash_device)
+ verity_blocks += rs_blocks;
+ }
+
+ log_std(cd, "VERITY header information for %s\n", device_path(crypt_metadata_device(cd)));
+ log_std(cd, "UUID: \t%s\n", crypt_get_uuid(cd) ?: "");
+ log_std(cd, "Hash type: \t%u\n", verity_hdr->hash_type);
+ log_std(cd, "Data blocks: \t%" PRIu64 "\n", verity_hdr->data_size);
+ log_std(cd, "Data block size: \t%u\n", verity_hdr->data_block_size);
+ log_std(cd, "Hash blocks: \t%" PRIu64 "\n", hash_blocks);
+ log_std(cd, "Hash block size: \t%u\n", verity_hdr->hash_block_size);
+ log_std(cd, "Hash algorithm: \t%s\n", verity_hdr->hash_name);
+ if (fec_device && fec_blocks) {
+ log_std(cd, "FEC RS roots: \t%" PRIu32 "\n", verity_hdr->fec_roots);
+ log_std(cd, "FEC blocks: \t%" PRIu64 "\n", rs_blocks);
+ }
+
+ log_std(cd, "Salt: \t");
+ if (verity_hdr->salt_size)
+ crypt_log_hex(cd, verity_hdr->salt, verity_hdr->salt_size, "", 0, NULL);
+ else
+ log_std(cd, "-");
+ log_std(cd, "\n");
+
+ if (root_hash) {
+ log_std(cd, "Root hash: \t");
+ crypt_log_hex(cd, root_hash, root_hash_size, "", 0, NULL);
+ log_std(cd, "\n");
+ }
+
+ /* As dump can take only hash device, we have no idea about offsets here. */
+ if (verity_hdr->hash_area_offset == 0)
+ log_std(cd, "Hash device size: \t%" PRIu64 " [bytes]\n", verity_blocks * verity_hdr->hash_block_size);
+
+ if (fec_device && verity_hdr->fec_area_offset == 0 && fec_blocks && !fec_on_hash_device)
+ log_std(cd, "FEC device size: \t%" PRIu64 " [bytes]\n", rs_blocks * verity_hdr->data_block_size);
+
+ return 0;
+}
/*
* dm-verity volume handling
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
uint64_t VERITY_FEC_blocks(struct crypt_device *cd,
struct device *fec_device,
struct crypt_params_verity *params);
+uint64_t VERITY_FEC_RS_blocks(uint64_t blocks, uint32_t roots);
-int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string);
+int VERITY_UUID_generate(char **uuid_string);
+
+int VERITY_dump(struct crypt_device *cd,
+ struct crypt_params_verity *verity_hdr,
+ const char *root_hash,
+ unsigned int root_hash_size,
+ struct device *fec_device);
#endif
* dm-verity Forward Error Correction (FEC) support
*
* Copyright (C) 2015 Google, Inc. All rights reserved.
- * Copyright (C) 2017-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
r = decode_rs_char(rs, rs_block);
if (r < 0) {
log_err(cd, _("Failed to repair parity for block %" PRIu64 "."), n);
+ r = -EPERM;
goto out;
}
/* return number of detected errors */
return r;
}
+static int VERITY_FEC_validate(struct crypt_device *cd, struct crypt_params_verity *params)
+{
+ if (params->data_block_size != params->hash_block_size) {
+ log_err(cd, _("Block sizes must match for FEC."));
+ return -EINVAL;
+ }
+
+ if (params->fec_roots > FEC_RSM - FEC_MIN_RSN ||
+ params->fec_roots < FEC_RSM - FEC_MAX_RSN) {
+ log_err(cd, _("Invalid number of parity bytes."));
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int VERITY_FEC_process(struct crypt_device *cd,
struct crypt_params_verity *params,
struct device *fec_device, int check_fec,
};
/* validate parameters */
- if (params->data_block_size != params->hash_block_size) {
- log_err(cd, _("Block sizes must match for FEC."));
- return -EINVAL;
- }
-
- if (params->fec_roots > FEC_RSM - FEC_MIN_RSN ||
- params->fec_roots < FEC_RSM - FEC_MAX_RSN) {
- log_err(cd, _("Invalid number of parity bytes."));
- return -EINVAL;
- }
+ r = VERITY_FEC_validate(cd, params);
+ if (r < 0)
+ return r;
if (!inputs[0].count) {
log_err(cd, _("Invalid FEC segment length."));
return r;
}
+/* All blocks that are covered by FEC */
uint64_t VERITY_FEC_blocks(struct crypt_device *cd,
struct device *fec_device,
struct crypt_params_verity *params)
{
uint64_t blocks = 0;
+ if (!fec_device || VERITY_FEC_validate(cd, params) < 0)
+ return 0;
+
/*
* FEC covers this data:
* | protected data | hash area | padding (optional foreign metadata) |
return blocks;
}
+
+/* Blocks needed to store FEC data, blocks must be validated/calculated by VERITY_FEC_blocks() */
+uint64_t VERITY_FEC_RS_blocks(uint64_t blocks, uint32_t roots)
+{
+ return FEC_div_round_up(blocks, FEC_RSM - roots) * roots;
+}
/*
* dm-verity volume handling
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "internal.h"
#define VERITY_MAX_LEVELS 63
+#define VERITY_MAX_DIGEST_SIZE 1024
static unsigned get_bits_up(size_t u)
{
static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
{
- char block[bytes];
+ char *block = NULL;
size_t i;
+ int r;
+
+ block = malloc(bytes);
+ if (!block)
+ return -ENOMEM;
if (fread(block, bytes, 1, wr) != 1) {
log_dbg(cd, "EIO while reading spare area.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
for (i = 0; i < bytes; i++)
if (block[i]) {
log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
ftello(wr) - bytes);
- return -EPERM;
+ r = -EPERM;
+ goto out;
}
- return 0;
+ r = 0;
+out:
+ free(block);
+ return r;
}
static int verify_hash_block(const char *hash_name, int version,
char *calculated_digest, size_t digest_size,
const char *salt, size_t salt_size)
{
- char left_block[hash_block_size];
- char data_buffer[data_block_size];
- char read_digest[digest_size];
+ char *left_block, *data_buffer;
+ char read_digest[VERITY_MAX_DIGEST_SIZE];
size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
size_t digest_size_full = 1 << get_bits_up(digest_size);
uint64_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
unsigned i;
int r;
+ if (digest_size > sizeof(read_digest))
+ return -EINVAL;
+
if (uint64_mult_overflow(&seek_rd, data_block, data_block_size) ||
uint64_mult_overflow(&seek_wr, hash_block, hash_block_size)) {
log_err(cd, _("Device offset overflow."));
return -EIO;
}
+ left_block = malloc(hash_block_size);
+ data_buffer = malloc(data_block_size);
+ if (!left_block || !data_buffer) {
+ r = -ENOMEM;
+ goto out;
+ }
+
memset(left_block, 0, hash_block_size);
while (blocks_to_write--) {
left_bytes = hash_block_size;
blocks--;
if (fread(data_buffer, data_block_size, 1, rd) != 1) {
log_dbg(cd, "Cannot read data device block.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
if (verify_hash_block(hash_name, version,
calculated_digest, digest_size,
data_buffer, data_block_size,
- salt, salt_size))
- return -EINVAL;
+ salt, salt_size)) {
+ r = -EINVAL;
+ goto out;
+ }
if (!wr)
break;
if (verify) {
if (fread(read_digest, digest_size, 1, wr) != 1) {
log_dbg(cd, "Cannot read digest form hash device.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
- if (memcmp(read_digest, calculated_digest, digest_size)) {
+ if (crypt_backend_memeq(read_digest, calculated_digest, digest_size)) {
log_err(cd, _("Verification failed at position %" PRIu64 "."),
ftello(rd) - data_block_size);
- return -EPERM;
+ r = -EPERM;
+ goto out;
}
} else {
if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
log_dbg(cd, "Cannot write digest to hash device.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
}
if (version == 0) {
if (verify) {
r = verify_zero(cd, wr, digest_size_full - digest_size);
if (r)
- return r;
+ goto out;
} else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
log_dbg(cd, "Cannot write spare area to hash device.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
}
left_bytes -= digest_size_full;
if (verify) {
r = verify_zero(cd , wr, left_bytes);
if (r)
- return r;
+ goto out;
} else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
log_dbg(cd, "Cannot write remaining spare area to hash device.");
- return -EIO;
+ r = -EIO;
+ goto out;
}
}
}
-
- return 0;
+ r = 0;
+out:
+ free(left_block);
+ free(data_buffer);
+ return r;
}
static int VERITY_create_or_verify_hash(struct crypt_device *cd, bool verify,
struct crypt_params_verity *params,
char *root_hash, size_t digest_size)
{
- char calculated_digest[digest_size];
+ char calculated_digest[VERITY_MAX_DIGEST_SIZE];
FILE *data_file = NULL;
FILE *hash_file = NULL, *hash_file_2;
uint64_t hash_level_block[VERITY_MAX_LEVELS];
device_path(crypt_data_device(cd)), params->data_size,
device_path(crypt_metadata_device(cd)), hash_position);
+ if (digest_size > sizeof(calculated_digest))
+ return -EINVAL;
+
if (!params->data_size) {
r = device_size(crypt_data_device(cd), &dev_size);
if (r < 0)
log_err(cd, _("Verification of data area failed."));
else {
log_dbg(cd, "Verification of data area succeeded.");
- r = memcmp(root_hash, calculated_digest, digest_size) ? -EFAULT : 0;
+ r = crypt_backend_memeq(root_hash, calculated_digest, digest_size) ? -EFAULT : 0;
if (r)
log_err(cd, _("Verification of root hash failed."));
else
* cryptsetup volume key implementation
*
* Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
+++ /dev/null
-#! /bin/sh
-## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
-## by inline-source v2014-01-03.01
-
-# libtool (GNU libtool) 2.4.6
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-
-# Copyright (C) 1996-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License,
-# if you distribute this file as part of a program or library that
-# is built using GNU Libtool, you may include this file under the
-# same distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-PROGRAM=libtool
-PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-15"
-package_revision=2.4.6
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# Run './libtool --help' for help with using this script from the
-# command line.
-
-
-## ------------------------------- ##
-## User overridable command paths. ##
-## ------------------------------- ##
-
-# After configure completes, it has a better idea of some of the
-# shell tools we need than the defaults used by the functions shared
-# with bootstrap, so set those here where they can still be over-
-# ridden by the user, but otherwise take precedence.
-
-: ${AUTOCONF="autoconf"}
-: ${AUTOMAKE="automake"}
-
-
-## -------------------------- ##
-## Source external libraries. ##
-## -------------------------- ##
-
-# Much of our low-level functionality needs to be sourced from external
-# libraries, which are installed to $pkgauxdir.
-
-# Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
-
-# General shell script boiler plate, and helper functions.
-# Written by Gary V. Vaughan, 2004
-
-# Copyright (C) 2004-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# As a special exception to the GNU General Public License, if you distribute
-# this file as part of a program or library that is built using GNU Libtool,
-# you may include this file under the same distribution terms that you use
-# for the rest of that program.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# Evaluate this file near the top of your script to gain access to
-# the functions and variables defined here:
-#
-# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh
-#
-# If you need to override any of the default environment variable
-# settings, do that before evaluating this file.
-
-
-## -------------------- ##
-## Shell normalisation. ##
-## -------------------- ##
-
-# Some shells need a little help to be as Bourne compatible as possible.
-# Before doing anything else, make sure all that help has been provided!
-
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac
-fi
-
-# NLS nuisances: We save the old values in case they are required later.
-_G_user_locale=
-_G_safe_locale=
-for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
-do
- eval "if test set = \"\${$_G_var+set}\"; then
- save_$_G_var=\$$_G_var
- $_G_var=C
- export $_G_var
- _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\"
- _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
- fi"
-done
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# Make sure IFS has a sensible default
-sp=' '
-nl='
-'
-IFS="$sp $nl"
-
-# There are apparently some retarded systems that use ';' as a PATH separator!
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-
-## ------------------------- ##
-## Locate command utilities. ##
-## ------------------------- ##
-
-
-# func_executable_p FILE
-# ----------------------
-# Check that FILE is an executable regular file.
-func_executable_p ()
-{
- test -f "$1" && test -x "$1"
-}
-
-
-# func_path_progs PROGS_LIST CHECK_FUNC [PATH]
-# --------------------------------------------
-# Search for either a program that responds to --version with output
-# containing "GNU", or else returned by CHECK_FUNC otherwise, by
-# trying all the directories in PATH with each of the elements of
-# PROGS_LIST.
-#
-# CHECK_FUNC should accept the path to a candidate program, and
-# set $func_check_prog_result if it truncates its output less than
-# $_G_path_prog_max characters.
-func_path_progs ()
-{
- _G_progs_list=$1
- _G_check_func=$2
- _G_PATH=${3-"$PATH"}
-
- _G_path_prog_max=0
- _G_path_prog_found=false
- _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:}
- for _G_dir in $_G_PATH; do
- IFS=$_G_save_IFS
- test -z "$_G_dir" && _G_dir=.
- for _G_prog_name in $_G_progs_list; do
- for _exeext in '' .EXE; do
- _G_path_prog=$_G_dir/$_G_prog_name$_exeext
- func_executable_p "$_G_path_prog" || continue
- case `"$_G_path_prog" --version 2>&1` in
- *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;;
- *) $_G_check_func $_G_path_prog
- func_path_progs_result=$func_check_prog_result
- ;;
- esac
- $_G_path_prog_found && break 3
- done
- done
- done
- IFS=$_G_save_IFS
- test -z "$func_path_progs_result" && {
- echo "no acceptable sed could be found in \$PATH" >&2
- exit 1
- }
-}
-
-
-# We want to be able to use the functions in this file before configure
-# has figured out where the best binaries are kept, which means we have
-# to search for them ourselves - except when the results are already set
-# where we skip the searches.
-
-# Unless the user overrides by setting SED, search the path for either GNU
-# sed, or the sed that truncates its output the least.
-test -z "$SED" && {
- _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for _G_i in 1 2 3 4 5 6 7; do
- _G_sed_script=$_G_sed_script$nl$_G_sed_script
- done
- echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed
- _G_sed_script=
-
- func_check_prog_sed ()
- {
- _G_path_prog=$1
-
- _G_count=0
- printf 0123456789 >conftest.in
- while :
- do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo '' >> conftest.nl
- "$_G_path_prog" -f conftest.sed <conftest.nl >conftest.out 2>/dev/null || break
- diff conftest.out conftest.nl >/dev/null 2>&1 || break
- _G_count=`expr $_G_count + 1`
- if test "$_G_count" -gt "$_G_path_prog_max"; then
- # Best one so far, save it but keep looking for a better one
- func_check_prog_result=$_G_path_prog
- _G_path_prog_max=$_G_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test 10 -lt "$_G_count" && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out
- }
-
- func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
- rm -f conftest.sed
- SED=$func_path_progs_result
-}
-
-
-# Unless the user overrides by setting GREP, search the path for either GNU
-# grep, or the grep that truncates its output the least.
-test -z "$GREP" && {
- func_check_prog_grep ()
- {
- _G_path_prog=$1
-
- _G_count=0
- _G_path_prog_max=0
- printf 0123456789 >conftest.in
- while :
- do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo 'GREP' >> conftest.nl
- "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' <conftest.nl >conftest.out 2>/dev/null || break
- diff conftest.out conftest.nl >/dev/null 2>&1 || break
- _G_count=`expr $_G_count + 1`
- if test "$_G_count" -gt "$_G_path_prog_max"; then
- # Best one so far, save it but keep looking for a better one
- func_check_prog_result=$_G_path_prog
- _G_path_prog_max=$_G_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test 10 -lt "$_G_count" && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out
- }
-
- func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
- GREP=$func_path_progs_result
-}
-
-
-## ------------------------------- ##
-## User overridable command paths. ##
-## ------------------------------- ##
-
-# All uppercase variable names are used for environment variables. These
-# variables can be overridden by the user before calling a script that
-# uses them if a suitable command of that name is not already available
-# in the command search PATH.
-
-: ${CP="cp -f"}
-: ${ECHO="printf %s\n"}
-: ${EGREP="$GREP -E"}
-: ${FGREP="$GREP -F"}
-: ${LN_S="ln -s"}
-: ${MAKE="make"}
-: ${MKDIR="mkdir"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
-
-
-## -------------------- ##
-## Useful sed snippets. ##
-## -------------------- ##
-
-sed_dirname='s|/[^/]*$||'
-sed_basename='s|^.*/||'
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s|\([`"$\\]\)|\\\1|g'
-
-# Same as above, but do not quote variable references.
-sed_double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution that turns a string into a regex matching for the
-# string literally.
-sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g'
-
-# Sed substitution that converts a w32 file name or path
-# that contains forward slashes, into one that contains
-# (escaped) backslashes. A very naive implementation.
-sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
-
-# Re-'\' parameter expansions in output of sed_double_quote_subst that
-# were '\'-ed in input to the same. If an odd number of '\' preceded a
-# '$' in input to sed_double_quote_subst, that '$' was protected from
-# expansion. Since each input '\' is now two '\'s, look for any number
-# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'.
-_G_bs='\\'
-_G_bs2='\\\\'
-_G_bs4='\\\\\\\\'
-_G_dollar='\$'
-sed_double_backslash="\
- s/$_G_bs4/&\\
-/g
- s/^$_G_bs2$_G_dollar/$_G_bs&/
- s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
- s/\n//g"
-
-
-## ----------------- ##
-## Global variables. ##
-## ----------------- ##
-
-# Except for the global variables explicitly listed below, the following
-# functions in the '^func_' namespace, and the '^require_' namespace
-# variables initialised in the 'Resource management' section, sourcing
-# this file will not pollute your global namespace with anything
-# else. There's no portable way to scope variables in Bourne shell
-# though, so actually running these functions will sometimes place
-# results into a variable named after the function, and often use
-# temporary variables in the '^_G_' namespace. If you are careful to
-# avoid using those namespaces casually in your sourcing script, things
-# should continue to work as you expect. And, of course, you can freely
-# overwrite any of the functions or variables defined here before
-# calling anything to customize them.
-
-EXIT_SUCCESS=0
-EXIT_FAILURE=1
-EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
-EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
-
-# Allow overriding, eg assuming that you follow the convention of
-# putting '$debug_cmd' at the start of all your functions, you can get
-# bash to show function call trace with:
-#
-# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
-debug_cmd=${debug_cmd-":"}
-exit_cmd=:
-
-# By convention, finish your script with:
-#
-# exit $exit_status
-#
-# so that you can set exit_status to non-zero if you want to indicate
-# something went wrong during execution without actually bailing out at
-# the point of failure.
-exit_status=$EXIT_SUCCESS
-
-# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
-# is ksh but when the shell is invoked as "sh" and the current value of
-# the _XPG environment variable is not equal to 1 (one), the special
-# positional parameter $0, within a function call, is the name of the
-# function.
-progpath=$0
-
-# The name of this program.
-progname=`$ECHO "$progpath" |$SED "$sed_basename"`
-
-# Make sure we have an absolute progpath for reexecution:
-case $progpath in
- [\\/]*|[A-Za-z]:\\*) ;;
- *[\\/]*)
- progdir=`$ECHO "$progpath" |$SED "$sed_dirname"`
- progdir=`cd "$progdir" && pwd`
- progpath=$progdir/$progname
- ;;
- *)
- _G_IFS=$IFS
- IFS=${PATH_SEPARATOR-:}
- for progdir in $PATH; do
- IFS=$_G_IFS
- test -x "$progdir/$progname" && break
- done
- IFS=$_G_IFS
- test -n "$progdir" || progdir=`pwd`
- progpath=$progdir/$progname
- ;;
-esac
-
-
-## ----------------- ##
-## Standard options. ##
-## ----------------- ##
-
-# The following options affect the operation of the functions defined
-# below, and should be set appropriately depending on run-time para-
-# meters passed on the command line.
-
-opt_dry_run=false
-opt_quiet=false
-opt_verbose=false
-
-# Categories 'all' and 'none' are always available. Append any others
-# you will pass as the first argument to func_warning from your own
-# code.
-warning_categories=
-
-# By default, display warnings according to 'opt_warning_types'. Set
-# 'warning_func' to ':' to elide all warnings, or func_fatal_error to
-# treat the next displayed warning as a fatal error.
-warning_func=func_warn_and_continue
-
-# Set to 'all' to display all warnings, 'none' to suppress all
-# warnings, or a space delimited list of some subset of
-# 'warning_categories' to display only the listed warnings.
-opt_warning_types=all
-
-
-## -------------------- ##
-## Resource management. ##
-## -------------------- ##
-
-# This section contains definitions for functions that each ensure a
-# particular resource (a file, or a non-empty configuration variable for
-# example) is available, and if appropriate to extract default values
-# from pertinent package files. Call them using their associated
-# 'require_*' variable to ensure that they are executed, at most, once.
-#
-# It's entirely deliberate that calling these functions can set
-# variables that don't obey the namespace limitations obeyed by the rest
-# of this file, in order that that they be as useful as possible to
-# callers.
-
-
-# require_term_colors
-# -------------------
-# Allow display of bold text on terminals that support it.
-require_term_colors=func_require_term_colors
-func_require_term_colors ()
-{
- $debug_cmd
-
- test -t 1 && {
- # COLORTERM and USE_ANSI_COLORS environment variables take
- # precedence, because most terminfo databases neglect to describe
- # whether color sequences are supported.
- test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"}
-
- if test 1 = "$USE_ANSI_COLORS"; then
- # Standard ANSI escape sequences
- tc_reset='\e[0m'
- tc_bold='\e[1m'; tc_standout='\e[7m'
- tc_red='\e[31m'; tc_green='\e[32m'
- tc_blue='\e[34m'; tc_cyan='\e[36m'
- else
- # Otherwise trust the terminfo database after all.
- test -n "`tput sgr0 2>/dev/null`" && {
- tc_reset=`tput sgr0`
- test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold`
- tc_standout=$tc_bold
- test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso`
- test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1`
- test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2`
- test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4`
- test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5`
- }
- fi
- }
-
- require_term_colors=:
-}
-
-
-## ----------------- ##
-## Function library. ##
-## ----------------- ##
-
-# This section contains a variety of useful functions to call in your
-# scripts. Take note of the portable wrappers for features provided by
-# some modern shells, which will fall back to slower equivalents on
-# less featureful shells.
-
-
-# func_append VAR VALUE
-# ---------------------
-# Append VALUE onto the existing contents of VAR.
-
- # We should try to minimise forks, especially on Windows where they are
- # unreasonably slow, so skip the feature probes when bash or zsh are
- # being used:
- if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
- : ${_G_HAVE_ARITH_OP="yes"}
- : ${_G_HAVE_XSI_OPS="yes"}
- # The += operator was introduced in bash 3.1
- case $BASH_VERSION in
- [12].* | 3.0 | 3.0*) ;;
- *)
- : ${_G_HAVE_PLUSEQ_OP="yes"}
- ;;
- esac
- fi
-
- # _G_HAVE_PLUSEQ_OP
- # Can be empty, in which case the shell is probed, "yes" if += is
- # useable or anything else if it does not work.
- test -z "$_G_HAVE_PLUSEQ_OP" \
- && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
- && _G_HAVE_PLUSEQ_OP=yes
-
-if test yes = "$_G_HAVE_PLUSEQ_OP"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_append ()
- {
- $debug_cmd
-
- eval "$1+=\$2"
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_append ()
- {
- $debug_cmd
-
- eval "$1=\$$1\$2"
- }
-fi
-
-
-# func_append_quoted VAR VALUE
-# ----------------------------
-# Quote VALUE and append to the end of shell variable VAR, separated
-# by a space.
-if test yes = "$_G_HAVE_PLUSEQ_OP"; then
- eval 'func_append_quoted ()
- {
- $debug_cmd
-
- func_quote_for_eval "$2"
- eval "$1+=\\ \$func_quote_for_eval_result"
- }'
-else
- func_append_quoted ()
- {
- $debug_cmd
-
- func_quote_for_eval "$2"
- eval "$1=\$$1\\ \$func_quote_for_eval_result"
- }
-fi
-
-
-# func_append_uniq VAR VALUE
-# --------------------------
-# Append unique VALUE onto the existing contents of VAR, assuming
-# entries are delimited by the first character of VALUE. For example:
-#
-# func_append_uniq options " --another-option option-argument"
-#
-# will only append to $options if " --another-option option-argument "
-# is not already present somewhere in $options already (note spaces at
-# each end implied by leading space in second argument).
-func_append_uniq ()
-{
- $debug_cmd
-
- eval _G_current_value='`$ECHO $'$1'`'
- _G_delim=`expr "$2" : '\(.\)'`
-
- case $_G_delim$_G_current_value$_G_delim in
- *"$2$_G_delim"*) ;;
- *) func_append "$@" ;;
- esac
-}
-
-
-# func_arith TERM...
-# ------------------
-# Set func_arith_result to the result of evaluating TERMs.
- test -z "$_G_HAVE_ARITH_OP" \
- && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \
- && _G_HAVE_ARITH_OP=yes
-
-if test yes = "$_G_HAVE_ARITH_OP"; then
- eval 'func_arith ()
- {
- $debug_cmd
-
- func_arith_result=$(( $* ))
- }'
-else
- func_arith ()
- {
- $debug_cmd
-
- func_arith_result=`expr "$@"`
- }
-fi
-
-
-# func_basename FILE
-# ------------------
-# Set func_basename_result to FILE with everything up to and including
-# the last / stripped.
-if test yes = "$_G_HAVE_XSI_OPS"; then
- # If this shell supports suffix pattern removal, then use it to avoid
- # forking. Hide the definitions single quotes in case the shell chokes
- # on unsupported syntax...
- _b='func_basename_result=${1##*/}'
- _d='case $1 in
- */*) func_dirname_result=${1%/*}$2 ;;
- * ) func_dirname_result=$3 ;;
- esac'
-
-else
- # ...otherwise fall back to using sed.
- _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`'
- _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"`
- if test "X$func_dirname_result" = "X$1"; then
- func_dirname_result=$3
- else
- func_append func_dirname_result "$2"
- fi'
-fi
-
-eval 'func_basename ()
-{
- $debug_cmd
-
- '"$_b"'
-}'
-
-
-# func_dirname FILE APPEND NONDIR_REPLACEMENT
-# -------------------------------------------
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-eval 'func_dirname ()
-{
- $debug_cmd
-
- '"$_d"'
-}'
-
-
-# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT
-# --------------------------------------------------------
-# Perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# For efficiency, we do not delegate to the functions above but instead
-# duplicate the functionality here.
-eval 'func_dirname_and_basename ()
-{
- $debug_cmd
-
- '"$_b"'
- '"$_d"'
-}'
-
-
-# func_echo ARG...
-# ----------------
-# Echo program name prefixed message.
-func_echo ()
-{
- $debug_cmd
-
- _G_message=$*
-
- func_echo_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_IFS
- $ECHO "$progname: $_G_line"
- done
- IFS=$func_echo_IFS
-}
-
-
-# func_echo_all ARG...
-# --------------------
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO "$*"
-}
-
-
-# func_echo_infix_1 INFIX ARG...
-# ------------------------------
-# Echo program name, followed by INFIX on the first line, with any
-# additional lines not showing INFIX.
-func_echo_infix_1 ()
-{
- $debug_cmd
-
- $require_term_colors
-
- _G_infix=$1; shift
- _G_indent=$_G_infix
- _G_prefix="$progname: $_G_infix: "
- _G_message=$*
-
- # Strip color escape sequences before counting printable length
- for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan"
- do
- test -n "$_G_tc" && {
- _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"`
- _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"`
- }
- done
- _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes
-
- func_echo_infix_1_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_infix_1_IFS
- $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2
- _G_prefix=$_G_indent
- done
- IFS=$func_echo_infix_1_IFS
-}
-
-
-# func_error ARG...
-# -----------------
-# Echo program name prefixed message to standard error.
-func_error ()
-{
- $debug_cmd
-
- $require_term_colors
-
- func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2
-}
-
-
-# func_fatal_error ARG...
-# -----------------------
-# Echo program name prefixed message to standard error, and exit.
-func_fatal_error ()
-{
- $debug_cmd
-
- func_error "$*"
- exit $EXIT_FAILURE
-}
-
-
-# func_grep EXPRESSION FILENAME
-# -----------------------------
-# Check whether EXPRESSION matches any line of FILENAME, without output.
-func_grep ()
-{
- $debug_cmd
-
- $GREP "$1" "$2" >/dev/null 2>&1
-}
-
-
-# func_len STRING
-# ---------------
-# Set func_len_result to the length of STRING. STRING may not
-# start with a hyphen.
- test -z "$_G_HAVE_XSI_OPS" \
- && (eval 'x=a/b/c;
- test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
- && _G_HAVE_XSI_OPS=yes
-
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_len ()
- {
- $debug_cmd
-
- func_len_result=${#1}
- }'
-else
- func_len ()
- {
- $debug_cmd
-
- func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
- }
-fi
-
-
-# func_mkdir_p DIRECTORY-PATH
-# ---------------------------
-# Make sure the entire path to DIRECTORY-PATH is available.
-func_mkdir_p ()
-{
- $debug_cmd
-
- _G_directory_path=$1
- _G_dir_list=
-
- if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then
-
- # Protect directory names starting with '-'
- case $_G_directory_path in
- -*) _G_directory_path=./$_G_directory_path ;;
- esac
-
- # While some portion of DIR does not yet exist...
- while test ! -d "$_G_directory_path"; do
- # ...make a list in topmost first order. Use a colon delimited
- # list incase some portion of path contains whitespace.
- _G_dir_list=$_G_directory_path:$_G_dir_list
-
- # If the last portion added has no slash in it, the list is done
- case $_G_directory_path in */*) ;; *) break ;; esac
-
- # ...otherwise throw away the child directory and loop
- _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"`
- done
- _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'`
-
- func_mkdir_p_IFS=$IFS; IFS=:
- for _G_dir in $_G_dir_list; do
- IFS=$func_mkdir_p_IFS
- # mkdir can fail with a 'File exist' error if two processes
- # try to create one of the directories concurrently. Don't
- # stop in that case!
- $MKDIR "$_G_dir" 2>/dev/null || :
- done
- IFS=$func_mkdir_p_IFS
-
- # Bail out if we (or some other process) failed to create a directory.
- test -d "$_G_directory_path" || \
- func_fatal_error "Failed to create '$1'"
- fi
-}
-
-
-# func_mktempdir [BASENAME]
-# -------------------------
-# Make a temporary directory that won't clash with other running
-# libtool processes, and avoids race conditions if possible. If
-# given, BASENAME is the basename for that directory.
-func_mktempdir ()
-{
- $debug_cmd
-
- _G_template=${TMPDIR-/tmp}/${1-$progname}
-
- if test : = "$opt_dry_run"; then
- # Return a directory name, but don't create it in dry-run mode
- _G_tmpdir=$_G_template-$$
- else
-
- # If mktemp works, use that first and foremost
- _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null`
-
- if test ! -d "$_G_tmpdir"; then
- # Failing that, at least try and use $RANDOM to avoid a race
- _G_tmpdir=$_G_template-${RANDOM-0}$$
-
- func_mktempdir_umask=`umask`
- umask 0077
- $MKDIR "$_G_tmpdir"
- umask $func_mktempdir_umask
- fi
-
- # If we're not in dry-run mode, bomb out on failure
- test -d "$_G_tmpdir" || \
- func_fatal_error "cannot create temporary directory '$_G_tmpdir'"
- fi
-
- $ECHO "$_G_tmpdir"
-}
-
-
-# func_normal_abspath PATH
-# ------------------------
-# Remove doubled-up and trailing slashes, "." path components,
-# and cancel out any ".." path components in PATH after making
-# it an absolute path.
-func_normal_abspath ()
-{
- $debug_cmd
-
- # These SED scripts presuppose an absolute path with a trailing slash.
- _G_pathcar='s|^/\([^/]*\).*$|\1|'
- _G_pathcdr='s|^/[^/]*||'
- _G_removedotparts=':dotsl
- s|/\./|/|g
- t dotsl
- s|/\.$|/|'
- _G_collapseslashes='s|/\{1,\}|/|g'
- _G_finalslash='s|/*$|/|'
-
- # Start from root dir and reassemble the path.
- func_normal_abspath_result=
- func_normal_abspath_tpath=$1
- func_normal_abspath_altnamespace=
- case $func_normal_abspath_tpath in
- "")
- # Empty path, that just means $cwd.
- func_stripname '' '/' "`pwd`"
- func_normal_abspath_result=$func_stripname_result
- return
- ;;
- # The next three entries are used to spot a run of precisely
- # two leading slashes without using negated character classes;
- # we take advantage of case's first-match behaviour.
- ///*)
- # Unusual form of absolute path, do nothing.
- ;;
- //*)
- # Not necessarily an ordinary path; POSIX reserves leading '//'
- # and for example Cygwin uses it to access remote file shares
- # over CIFS/SMB, so we conserve a leading double slash if found.
- func_normal_abspath_altnamespace=/
- ;;
- /*)
- # Absolute path, do nothing.
- ;;
- *)
- # Relative path, prepend $cwd.
- func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
- ;;
- esac
-
- # Cancel out all the simple stuff to save iterations. We also want
- # the path to end with a slash for ease of parsing, so make sure
- # there is one (and only one) here.
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"`
- while :; do
- # Processed it all yet?
- if test / = "$func_normal_abspath_tpath"; then
- # If we ascended to the root using ".." the result may be empty now.
- if test -z "$func_normal_abspath_result"; then
- func_normal_abspath_result=/
- fi
- break
- fi
- func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_pathcar"`
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_pathcdr"`
- # Figure out what to do with it
- case $func_normal_abspath_tcomponent in
- "")
- # Trailing empty path component, ignore it.
- ;;
- ..)
- # Parent dir; strip last assembled component from result.
- func_dirname "$func_normal_abspath_result"
- func_normal_abspath_result=$func_dirname_result
- ;;
- *)
- # Actual path component, append it.
- func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent"
- ;;
- esac
- done
- # Restore leading double-slash if one was found on entry.
- func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
-}
-
-
-# func_notquiet ARG...
-# --------------------
-# Echo program name prefixed message only when not in quiet mode.
-func_notquiet ()
-{
- $debug_cmd
-
- $opt_quiet || func_echo ${1+"$@"}
-
- # A bug in bash halts the script if the last line of a function
- # fails when set -e is in force, so we need another command to
- # work around that:
- :
-}
-
-
-# func_relative_path SRCDIR DSTDIR
-# --------------------------------
-# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR.
-func_relative_path ()
-{
- $debug_cmd
-
- func_relative_path_result=
- func_normal_abspath "$1"
- func_relative_path_tlibdir=$func_normal_abspath_result
- func_normal_abspath "$2"
- func_relative_path_tbindir=$func_normal_abspath_result
-
- # Ascend the tree starting from libdir
- while :; do
- # check if we have found a prefix of bindir
- case $func_relative_path_tbindir in
- $func_relative_path_tlibdir)
- # found an exact match
- func_relative_path_tcancelled=
- break
- ;;
- $func_relative_path_tlibdir*)
- # found a matching prefix
- func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
- func_relative_path_tcancelled=$func_stripname_result
- if test -z "$func_relative_path_result"; then
- func_relative_path_result=.
- fi
- break
- ;;
- *)
- func_dirname $func_relative_path_tlibdir
- func_relative_path_tlibdir=$func_dirname_result
- if test -z "$func_relative_path_tlibdir"; then
- # Have to descend all the way to the root!
- func_relative_path_result=../$func_relative_path_result
- func_relative_path_tcancelled=$func_relative_path_tbindir
- break
- fi
- func_relative_path_result=../$func_relative_path_result
- ;;
- esac
- done
-
- # Now calculate path; take care to avoid doubling-up slashes.
- func_stripname '' '/' "$func_relative_path_result"
- func_relative_path_result=$func_stripname_result
- func_stripname '/' '/' "$func_relative_path_tcancelled"
- if test -n "$func_stripname_result"; then
- func_append func_relative_path_result "/$func_stripname_result"
- fi
-
- # Normalisation. If bindir is libdir, return '.' else relative path.
- if test -n "$func_relative_path_result"; then
- func_stripname './' '' "$func_relative_path_result"
- func_relative_path_result=$func_stripname_result
- fi
-
- test -n "$func_relative_path_result" || func_relative_path_result=.
-
- :
-}
-
-
-# func_quote_for_eval ARG...
-# --------------------------
-# Aesthetically quote ARGs to be evaled later.
-# This function returns two values:
-# i) func_quote_for_eval_result
-# double-quoted, suitable for a subsequent eval
-# ii) func_quote_for_eval_unquoted_result
-# has all characters that are still active within double
-# quotes backslashified.
-func_quote_for_eval ()
-{
- $debug_cmd
-
- func_quote_for_eval_unquoted_result=
- func_quote_for_eval_result=
- while test 0 -lt $#; do
- case $1 in
- *[\\\`\"\$]*)
- _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
- *)
- _G_unquoted_arg=$1 ;;
- esac
- if test -n "$func_quote_for_eval_unquoted_result"; then
- func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
- else
- func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
- fi
-
- case $_G_unquoted_arg in
- # Double-quote args containing shell metacharacters to delay
- # word splitting, command substitution and variable expansion
- # for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- _G_quoted_arg=\"$_G_unquoted_arg\"
- ;;
- *)
- _G_quoted_arg=$_G_unquoted_arg
- ;;
- esac
-
- if test -n "$func_quote_for_eval_result"; then
- func_append func_quote_for_eval_result " $_G_quoted_arg"
- else
- func_append func_quote_for_eval_result "$_G_quoted_arg"
- fi
- shift
- done
-}
-
-
-# func_quote_for_expand ARG
-# -------------------------
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
-{
- $debug_cmd
-
- case $1 in
- *[\\\`\"]*)
- _G_arg=`$ECHO "$1" | $SED \
- -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
- *)
- _G_arg=$1 ;;
- esac
-
- case $_G_arg in
- # Double-quote args containing shell metacharacters to delay
- # word splitting and command substitution for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- _G_arg=\"$_G_arg\"
- ;;
- esac
-
- func_quote_for_expand_result=$_G_arg
-}
-
-
-# func_stripname PREFIX SUFFIX NAME
-# ---------------------------------
-# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_stripname ()
- {
- $debug_cmd
-
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary variable first.
- func_stripname_result=$3
- func_stripname_result=${func_stripname_result#"$1"}
- func_stripname_result=${func_stripname_result%"$2"}
- }'
-else
- func_stripname ()
- {
- $debug_cmd
-
- case $2 in
- .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;;
- *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;;
- esac
- }
-fi
-
-
-# func_show_eval CMD [FAIL_EXP]
-# -----------------------------
-# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it.
-func_show_eval ()
-{
- $debug_cmd
-
- _G_cmd=$1
- _G_fail_exp=${2-':'}
-
- func_quote_for_expand "$_G_cmd"
- eval "func_notquiet $func_quote_for_expand_result"
-
- $opt_dry_run || {
- eval "$_G_cmd"
- _G_status=$?
- if test 0 -ne "$_G_status"; then
- eval "(exit $_G_status); $_G_fail_exp"
- fi
- }
-}
-
-
-# func_show_eval_locale CMD [FAIL_EXP]
-# ------------------------------------
-# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it. Use the saved locale for evaluation.
-func_show_eval_locale ()
-{
- $debug_cmd
-
- _G_cmd=$1
- _G_fail_exp=${2-':'}
-
- $opt_quiet || {
- func_quote_for_expand "$_G_cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
-
- $opt_dry_run || {
- eval "$_G_user_locale
- $_G_cmd"
- _G_status=$?
- eval "$_G_safe_locale"
- if test 0 -ne "$_G_status"; then
- eval "(exit $_G_status); $_G_fail_exp"
- fi
- }
-}
-
-
-# func_tr_sh
-# ----------
-# Turn $1 into a string suitable for a shell variable name.
-# Result is stored in $func_tr_sh_result. All characters
-# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
-# if $1 begins with a digit, a '_' is prepended as well.
-func_tr_sh ()
-{
- $debug_cmd
-
- case $1 in
- [0-9]* | *[!a-zA-Z0-9_]*)
- func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'`
- ;;
- * )
- func_tr_sh_result=$1
- ;;
- esac
-}
-
-
-# func_verbose ARG...
-# -------------------
-# Echo program name prefixed message in verbose mode only.
-func_verbose ()
-{
- $debug_cmd
-
- $opt_verbose && func_echo "$*"
-
- :
-}
-
-
-# func_warn_and_continue ARG...
-# -----------------------------
-# Echo program name prefixed warning message to standard error.
-func_warn_and_continue ()
-{
- $debug_cmd
-
- $require_term_colors
-
- func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2
-}
-
-
-# func_warning CATEGORY ARG...
-# ----------------------------
-# Echo program name prefixed warning message to standard error. Warning
-# messages can be filtered according to CATEGORY, where this function
-# elides messages where CATEGORY is not listed in the global variable
-# 'opt_warning_types'.
-func_warning ()
-{
- $debug_cmd
-
- # CATEGORY must be in the warning_categories list!
- case " $warning_categories " in
- *" $1 "*) ;;
- *) func_internal_error "invalid warning category '$1'" ;;
- esac
-
- _G_category=$1
- shift
-
- case " $opt_warning_types " in
- *" $_G_category "*) $warning_func ${1+"$@"} ;;
- esac
-}
-
-
-# func_sort_ver VER1 VER2
-# -----------------------
-# 'sort -V' is not generally available.
-# Note this deviates from the version comparison in automake
-# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a
-# but this should suffice as we won't be specifying old
-# version formats or redundant trailing .0 in bootstrap.conf.
-# If we did want full compatibility then we should probably
-# use m4_version_compare from autoconf.
-func_sort_ver ()
-{
- $debug_cmd
-
- printf '%s\n%s\n' "$1" "$2" \
- | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n
-}
-
-# func_lt_ver PREV CURR
-# ---------------------
-# Return true if PREV and CURR are in the correct order according to
-# func_sort_ver, otherwise false. Use it like this:
-#
-# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..."
-func_lt_ver ()
-{
- $debug_cmd
-
- test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q`
-}
-
-
-# Local variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
-# time-stamp-time-zone: "UTC"
-# End:
-#! /bin/sh
-
-# Set a version string for this script.
-scriptversion=2015-10-07.11; # UTC
-
-# A portable, pluggable option parser for Bourne shell.
-# Written by Gary V. Vaughan, 2010
-
-# Copyright (C) 2010-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# This file is a library for parsing options in your shell scripts along
-# with assorted other useful supporting features that you can make use
-# of too.
-#
-# For the simplest scripts you might need only:
-#
-# #!/bin/sh
-# . relative/path/to/funclib.sh
-# . relative/path/to/options-parser
-# scriptversion=1.0
-# func_options ${1+"$@"}
-# eval set dummy "$func_options_result"; shift
-# ...rest of your script...
-#
-# In order for the '--version' option to work, you will need to have a
-# suitably formatted comment like the one at the top of this file
-# starting with '# Written by ' and ending with '# warranty; '.
-#
-# For '-h' and '--help' to work, you will also need a one line
-# description of your script's purpose in a comment directly above the
-# '# Written by ' line, like the one at the top of this file.
-#
-# The default options also support '--debug', which will turn on shell
-# execution tracing (see the comment above debug_cmd below for another
-# use), and '--verbose' and the func_verbose function to allow your script
-# to display verbose messages only when your user has specified
-# '--verbose'.
-#
-# After sourcing this file, you can plug processing for additional
-# options by amending the variables from the 'Configuration' section
-# below, and following the instructions in the 'Option parsing'
-# section further down.
-
-## -------------- ##
-## Configuration. ##
-## -------------- ##
-
-# You should override these variables in your script after sourcing this
-# file so that they reflect the customisations you have added to the
-# option parser.
-
-# The usage line for option parsing errors and the start of '-h' and
-# '--help' output messages. You can embed shell variables for delayed
-# expansion at the time the message is displayed, but you will need to
-# quote other shell meta-characters carefully to prevent them being
-# expanded when the contents are evaled.
-usage='$progpath [OPTION]...'
-
-# Short help message in response to '-h' and '--help'. Add to this or
-# override it after sourcing this library to reflect the full set of
-# options your script accepts.
-usage_message="\
- --debug enable verbose shell tracing
- -W, --warnings=CATEGORY
- report the warnings falling in CATEGORY [all]
- -v, --verbose verbosely report processing
- --version print version information and exit
- -h, --help print short or long help message and exit
-"
-
-# Additional text appended to 'usage_message' in response to '--help'.
-long_help_message="
-Warning categories include:
- 'all' show all warnings
- 'none' turn off all the warnings
- 'error' warnings are treated as fatal errors"
-
-# Help message printed before fatal option parsing errors.
-fatal_help="Try '\$progname --help' for more information."
-
-
-
-## ------------------------- ##
-## Hook function management. ##
-## ------------------------- ##
-
-# This section contains functions for adding, removing, and running hooks
-# to the main code. A hook is just a named list of of function, that can
-# be run in order later on.
-
-# func_hookable FUNC_NAME
-# -----------------------
-# Declare that FUNC_NAME will run hooks added with
-# 'func_add_hook FUNC_NAME ...'.
-func_hookable ()
-{
- $debug_cmd
-
- func_append hookable_fns " $1"
-}
-
-
-# func_add_hook FUNC_NAME HOOK_FUNC
-# ---------------------------------
-# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must
-# first have been declared "hookable" by a call to 'func_hookable'.
-func_add_hook ()
-{
- $debug_cmd
-
- case " $hookable_fns " in
- *" $1 "*) ;;
- *) func_fatal_error "'$1' does not accept hook functions." ;;
- esac
-
- eval func_append ${1}_hooks '" $2"'
-}
-
-
-# func_remove_hook FUNC_NAME HOOK_FUNC
-# ------------------------------------
-# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
-func_remove_hook ()
-{
- $debug_cmd
-
- eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`'
-}
-
-
-# func_run_hooks FUNC_NAME [ARG]...
-# ---------------------------------
-# Run all hook functions registered to FUNC_NAME.
-# It is assumed that the list of hook functions contains nothing more
-# than a whitespace-delimited list of legal shell function names, and
-# no effort is wasted trying to catch shell meta-characters or preserve
-# whitespace.
-func_run_hooks ()
-{
- $debug_cmd
-
- _G_rc_run_hooks=false
-
- case " $hookable_fns " in
- *" $1 "*) ;;
- *) func_fatal_error "'$1' does not support hook funcions.n" ;;
- esac
-
- eval _G_hook_fns=\$$1_hooks; shift
-
- for _G_hook in $_G_hook_fns; do
- if eval $_G_hook '"$@"'; then
- # store returned options list back into positional
- # parameters for next 'cmd' execution.
- eval _G_hook_result=\$${_G_hook}_result
- eval set dummy "$_G_hook_result"; shift
- _G_rc_run_hooks=:
- fi
- done
-
- $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
-}
-
-
-
-## --------------- ##
-## Option parsing. ##
-## --------------- ##
-
-# In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, you may remove/edit
-# any options that you action, and then pass back the remaining unprocessed
-# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'. In this case you also must return $EXIT_SUCCESS to let the
-# hook's caller know that it should pay attention to
-# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that
-# arguments are left untouched by the hook and therefore caller will ignore the
-# result variable.
-#
-# Like this:
-#
-# my_options_prep ()
-# {
-# $debug_cmd
-#
-# # Extend the existing usage message.
-# usage_message=$usage_message'
-# -s, --silent don'\''t print informational messages
-# '
-# # No change in '$@' (ignored completely by this hook). There is
-# # no need to do the equivalent (but slower) action:
-# # func_quote_for_eval ${1+"$@"}
-# # my_options_prep_result=$func_quote_for_eval_result
-# false
-# }
-# func_add_hook func_options_prep my_options_prep
-#
-#
-# my_silent_option ()
-# {
-# $debug_cmd
-#
-# args_changed=false
-#
-# # Note that for efficiency, we parse as many options as we can
-# # recognise in a loop before passing the remainder back to the
-# # caller on the first unrecognised argument we encounter.
-# while test $# -gt 0; do
-# opt=$1; shift
-# case $opt in
-# --silent|-s) opt_silent=:
-# args_changed=:
-# ;;
-# # Separate non-argument short options:
-# -s*) func_split_short_opt "$_G_opt"
-# set dummy "$func_split_short_opt_name" \
-# "-$func_split_short_opt_arg" ${1+"$@"}
-# shift
-# args_changed=:
-# ;;
-# *) # Make sure the first unrecognised option "$_G_opt"
-# # is added back to "$@", we could need that later
-# # if $args_changed is true.
-# set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
-# esac
-# done
-#
-# if $args_changed; then
-# func_quote_for_eval ${1+"$@"}
-# my_silent_option_result=$func_quote_for_eval_result
-# fi
-#
-# $args_changed
-# }
-# func_add_hook func_parse_options my_silent_option
-#
-#
-# my_option_validation ()
-# {
-# $debug_cmd
-#
-# $opt_silent && $opt_verbose && func_fatal_help "\
-# '--silent' and '--verbose' options are mutually exclusive."
-#
-# false
-# }
-# func_add_hook func_validate_options my_option_validation
-#
-# You'll also need to manually amend $usage_message to reflect the extra
-# options you parse. It's preferable to append if you can, so that
-# multiple option parsing hooks can be added safely.
-
-
-# func_options_finish [ARG]...
-# ----------------------------
-# Finishing the option parse loop (call 'func_options' hooks ATM).
-func_options_finish ()
-{
- $debug_cmd
-
- _G_func_options_finish_exit=false
- if func_run_hooks func_options ${1+"$@"}; then
- func_options_finish_result=$func_run_hooks_result
- _G_func_options_finish_exit=:
- fi
-
- $_G_func_options_finish_exit
-}
-
-
-# func_options [ARG]...
-# ---------------------
-# All the functions called inside func_options are hookable. See the
-# individual implementations for details.
-func_hookable func_options
-func_options ()
-{
- $debug_cmd
-
- _G_rc_options=false
-
- for my_func in options_prep parse_options validate_options options_finish
- do
- if eval func_$my_func '${1+"$@"}'; then
- eval _G_res_var='$'"func_${my_func}_result"
- eval set dummy "$_G_res_var" ; shift
- _G_rc_options=:
- fi
- done
-
- # Save modified positional parameters for caller. As a top-level
- # options-parser function we always need to set the 'func_options_result'
- # variable (regardless the $_G_rc_options value).
- if $_G_rc_options; then
- func_options_result=$_G_res_var
- else
- func_quote_for_eval ${1+"$@"}
- func_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_options
-}
-
-
-# func_options_prep [ARG]...
-# --------------------------
-# All initialisations required before starting the option parse loop.
-# Note that when calling hook functions, we pass through the list of
-# positional parameters. If a hook function modifies that list, and
-# needs to propagate that back to rest of this script, then the complete
-# modified list must be put in 'func_run_hooks_result' before
-# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
-func_hookable func_options_prep
-func_options_prep ()
-{
- $debug_cmd
-
- # Option defaults:
- opt_verbose=false
- opt_warning_types=
-
- _G_rc_options_prep=false
- if func_run_hooks func_options_prep ${1+"$@"}; then
- _G_rc_options_prep=:
- # save modified positional parameters for caller
- func_options_prep_result=$func_run_hooks_result
- fi
-
- $_G_rc_options_prep
-}
-
-
-# func_parse_options [ARG]...
-# ---------------------------
-# The main option parsing loop.
-func_hookable func_parse_options
-func_parse_options ()
-{
- $debug_cmd
-
- func_parse_options_result=
-
- _G_rc_parse_options=false
- # this just eases exit handling
- while test $# -gt 0; do
- # Defer to hook functions for initial option parsing, so they
- # get priority in the event of reusing an option name.
- if func_run_hooks func_parse_options ${1+"$@"}; then
- eval set dummy "$func_run_hooks_result"; shift
- _G_rc_parse_options=:
- fi
-
- # Break out of the loop if we already parsed every option.
- test $# -gt 0 || break
-
- _G_match_parse_options=:
- _G_opt=$1
- shift
- case $_G_opt in
- --debug|-x) debug_cmd='set -x'
- func_echo "enabling shell trace mode"
- $debug_cmd
- ;;
-
- --no-warnings|--no-warning|--no-warn)
- set dummy --warnings none ${1+"$@"}
- shift
- ;;
-
- --warnings|--warning|-W)
- if test $# = 0 && func_missing_arg $_G_opt; then
- _G_rc_parse_options=:
- break
- fi
- case " $warning_categories $1" in
- *" $1 "*)
- # trailing space prevents matching last $1 above
- func_append_uniq opt_warning_types " $1"
- ;;
- *all)
- opt_warning_types=$warning_categories
- ;;
- *none)
- opt_warning_types=none
- warning_func=:
- ;;
- *error)
- opt_warning_types=$warning_categories
- warning_func=func_fatal_error
- ;;
- *)
- func_fatal_error \
- "unsupported warning category: '$1'"
- ;;
- esac
- shift
- ;;
-
- --verbose|-v) opt_verbose=: ;;
- --version) func_version ;;
- -\?|-h) func_usage ;;
- --help) func_help ;;
-
- # Separate optargs to long options (plugins may need this):
- --*=*) func_split_equals "$_G_opt"
- set dummy "$func_split_equals_lhs" \
- "$func_split_equals_rhs" ${1+"$@"}
- shift
- ;;
-
- # Separate optargs to short options:
- -W*)
- func_split_short_opt "$_G_opt"
- set dummy "$func_split_short_opt_name" \
- "$func_split_short_opt_arg" ${1+"$@"}
- shift
- ;;
-
- # Separate non-argument short options:
- -\?*|-h*|-v*|-x*)
- func_split_short_opt "$_G_opt"
- set dummy "$func_split_short_opt_name" \
- "-$func_split_short_opt_arg" ${1+"$@"}
- shift
- ;;
-
- --) _G_rc_parse_options=: ; break ;;
- -*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
- *) set dummy "$_G_opt" ${1+"$@"}; shift
- _G_match_parse_options=false
- break
- ;;
- esac
-
- $_G_match_parse_options && _G_rc_parse_options=:
- done
-
-
- if $_G_rc_parse_options; then
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- func_parse_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_parse_options
-}
-
-
-# func_validate_options [ARG]...
-# ------------------------------
-# Perform any sanity checks on option settings and/or unconsumed
-# arguments.
-func_hookable func_validate_options
-func_validate_options ()
-{
- $debug_cmd
-
- _G_rc_validate_options=false
-
- # Display all warnings if -W was not given.
- test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
-
- if func_run_hooks func_validate_options ${1+"$@"}; then
- # save modified positional parameters for caller
- func_validate_options_result=$func_run_hooks_result
- _G_rc_validate_options=:
- fi
-
- # Bail if the options were screwed!
- $exit_cmd $EXIT_FAILURE
-
- $_G_rc_validate_options
-}
-
-
-
-## ----------------- ##
-## Helper functions. ##
-## ----------------- ##
-
-# This section contains the helper functions used by the rest of the
-# hookable option parser framework in ascii-betical order.
-
-
-# func_fatal_help ARG...
-# ----------------------
-# Echo program name prefixed message to standard error, followed by
-# a help hint, and exit.
-func_fatal_help ()
-{
- $debug_cmd
-
- eval \$ECHO \""Usage: $usage"\"
- eval \$ECHO \""$fatal_help"\"
- func_error ${1+"$@"}
- exit $EXIT_FAILURE
-}
-
-
-# func_help
-# ---------
-# Echo long help message to standard output and exit.
-func_help ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "$long_help_message"
- exit 0
-}
-
-
-# func_missing_arg ARGNAME
-# ------------------------
-# Echo program name prefixed message to standard error and set global
-# exit_cmd.
-func_missing_arg ()
-{
- $debug_cmd
-
- func_error "Missing argument for '$1'."
- exit_cmd=exit
-}
-
-
-# func_split_equals STRING
-# ------------------------
-# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
-# splitting STRING at the '=' sign.
-test -z "$_G_HAVE_XSI_OPS" \
- && (eval 'x=a/b/c;
- test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
- && _G_HAVE_XSI_OPS=yes
-
-if test yes = "$_G_HAVE_XSI_OPS"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_split_equals ()
- {
- $debug_cmd
-
- func_split_equals_lhs=${1%%=*}
- func_split_equals_rhs=${1#*=}
- test "x$func_split_equals_lhs" = "x$1" \
- && func_split_equals_rhs=
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_split_equals ()
- {
- $debug_cmd
-
- func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
- func_split_equals_rhs=
- test "x$func_split_equals_lhs" = "x$1" \
- || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
- }
-fi #func_split_equals
-
-
-# func_split_short_opt SHORTOPT
-# -----------------------------
-# Set func_split_short_opt_name and func_split_short_opt_arg shell
-# variables after splitting SHORTOPT after the 2nd character.
-if test yes = "$_G_HAVE_XSI_OPS"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_split_short_opt ()
- {
- $debug_cmd
-
- func_split_short_opt_arg=${1#??}
- func_split_short_opt_name=${1%"$func_split_short_opt_arg"}
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_split_short_opt ()
- {
- $debug_cmd
-
- func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
- func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
- }
-fi #func_split_short_opt
-
-
-# func_usage
-# ----------
-# Echo short help message to standard output and exit.
-func_usage ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "Run '$progname --help |${PAGER-more}' for full usage"
- exit 0
-}
-
-
-# func_usage_message
-# ------------------
-# Echo short help message to standard output.
-func_usage_message ()
-{
- $debug_cmd
-
- eval \$ECHO \""Usage: $usage"\"
- echo
- $SED -n 's|^# ||
- /^Written by/{
- x;p;x
- }
- h
- /^Written by/q' < "$progpath"
- echo
- eval \$ECHO \""$usage_message"\"
-}
-
-
-# func_version
-# ------------
-# Echo version message to standard output and exit.
-func_version ()
-{
- $debug_cmd
-
- printf '%s\n' "$progname $scriptversion"
- $SED -n '
- /(C)/!b go
- :more
- /\./!{
- N
- s|\n# | |
- b more
- }
- :go
- /^# Written by /,/# warranty; / {
- s|^# ||
- s|^# *$||
- s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
- p
- }
- /^# Written by / {
- s|^# ||
- p
- }
- /^warranty; /q' < "$progpath"
-
- exit $?
-}
-
-
-# Local variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
-# time-stamp-time-zone: "UTC"
-# End:
-
-# Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
-
-
-# func_echo ARG...
-# ----------------
-# Libtool also displays the current mode in messages, so override
-# funclib.sh func_echo with this custom definition.
-func_echo ()
-{
- $debug_cmd
-
- _G_message=$*
-
- func_echo_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_IFS
- $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line"
- done
- IFS=$func_echo_IFS
-}
-
-
-# func_warning ARG...
-# -------------------
-# Libtool warnings are not categorized, so override funclib.sh
-# func_warning with this simpler definition.
-func_warning ()
-{
- $debug_cmd
-
- $warning_func ${1+"$@"}
-}
-
-
-## ---------------- ##
-## Options parsing. ##
-## ---------------- ##
-
-# Hook in the functions to make sure our own options are parsed during
-# the option parsing loop.
-
-usage='$progpath [OPTION]... [MODE-ARG]...'
-
-# Short help message in response to '-h'.
-usage_message="Options:
- --config show all configuration variables
- --debug enable verbose shell tracing
- -n, --dry-run display commands without modifying any files
- --features display basic configuration information and exit
- --mode=MODE use operation mode MODE
- --no-warnings equivalent to '-Wnone'
- --preserve-dup-deps don't remove duplicate dependency libraries
- --quiet, --silent don't print informational messages
- --tag=TAG use configuration variables from tag TAG
- -v, --verbose print more informational messages than default
- --version print version information
- -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all]
- -h, --help, --help-all print short, long, or detailed help message
-"
-
-# Additional text appended to 'usage_message' in response to '--help'.
-func_help ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "$long_help_message
-
-MODE must be one of the following:
-
- clean remove files from the build directory
- compile compile a source file into a libtool object
- execute automatically set library path, then run a program
- finish complete the installation of libtool libraries
- install install libraries or executables
- link create a library or an executable
- uninstall remove libraries from an installed directory
-
-MODE-ARGS vary depending on the MODE. When passed as first option,
-'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that.
-Try '$progname --help --mode=MODE' for a more detailed description of MODE.
-
-When reporting a bug, please describe a test case to reproduce it and
-include the following information:
-
- host-triplet: $host
- shell: $SHELL
- compiler: $LTCC
- compiler flags: $LTCFLAGS
- linker: $LD (gnu? $with_gnu_ld)
- version: $progname $scriptversion Debian-2.4.6-15
- automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
- autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
-
-Report bugs to <bug-libtool@gnu.org>.
-GNU libtool home page: <http://www.gnu.org/s/libtool/>.
-General help using GNU software: <http://www.gnu.org/gethelp/>."
- exit 0
-}
-
-
-# func_lo2o OBJECT-NAME
-# ---------------------
-# Transform OBJECT-NAME from a '.lo' suffix to the platform specific
-# object suffix.
-
-lo2o=s/\\.lo\$/.$objext/
-o2lo=s/\\.$objext\$/.lo/
-
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_lo2o ()
- {
- case $1 in
- *.lo) func_lo2o_result=${1%.lo}.$objext ;;
- * ) func_lo2o_result=$1 ;;
- esac
- }'
-
- # func_xform LIBOBJ-OR-SOURCE
- # ---------------------------
- # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise)
- # suffix to a '.lo' libtool-object suffix.
- eval 'func_xform ()
- {
- func_xform_result=${1%.*}.lo
- }'
-else
- # ...otherwise fall back to using sed.
- func_lo2o ()
- {
- func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"`
- }
-
- func_xform ()
- {
- func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'`
- }
-fi
-
-
-# func_fatal_configuration ARG...
-# -------------------------------
-# Echo program name prefixed message to standard error, followed by
-# a configuration failure hint, and exit.
-func_fatal_configuration ()
-{
- func__fatal_error ${1+"$@"} \
- "See the $PACKAGE documentation for more information." \
- "Fatal configuration error."
-}
-
-
-# func_config
-# -----------
-# Display the configuration for all the tags in this script.
-func_config ()
-{
- re_begincf='^# ### BEGIN LIBTOOL'
- re_endcf='^# ### END LIBTOOL'
-
- # Default configuration.
- $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
-
- # Now print the configurations for the tags.
- for tagname in $taglist; do
- $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
- done
-
- exit $?
-}
-
-
-# func_features
-# -------------
-# Display the features supported by this script.
-func_features ()
-{
- echo "host: $host"
- if test yes = "$build_libtool_libs"; then
- echo "enable shared libraries"
- else
- echo "disable shared libraries"
- fi
- if test yes = "$build_old_libs"; then
- echo "enable static libraries"
- else
- echo "disable static libraries"
- fi
-
- exit $?
-}
-
-
-# func_enable_tag TAGNAME
-# -----------------------
-# Verify that TAGNAME is valid, and either flag an error and exit, or
-# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
-# variable here.
-func_enable_tag ()
-{
- # Global variable:
- tagname=$1
-
- re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
- re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
- sed_extractcf=/$re_begincf/,/$re_endcf/p
-
- # Validate tagname.
- case $tagname in
- *[!-_A-Za-z0-9,/]*)
- func_fatal_error "invalid tag name: $tagname"
- ;;
- esac
-
- # Don't test for the "default" C tag, as we know it's
- # there but not specially marked.
- case $tagname in
- CC) ;;
- *)
- if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
- taglist="$taglist $tagname"
-
- # Evaluate the configuration. Be careful to quote the path
- # and the sed script, to avoid splitting on whitespace, but
- # also don't use non-portable quotes within backquotes within
- # quotes we have to do it in 2 steps:
- extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
- eval "$extractedcf"
- else
- func_error "ignoring unknown tag $tagname"
- fi
- ;;
- esac
-}
-
-
-# func_check_version_match
-# ------------------------
-# Ensure that we are using m4 macros, and libtool script from the same
-# release of libtool.
-func_check_version_match ()
-{
- if test "$package_revision" != "$macro_revision"; then
- if test "$VERSION" != "$macro_version"; then
- if test -z "$macro_version"; then
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
-$progname: definition of this LT_INIT comes from an older release.
-$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
-$progname: and run autoconf again.
-_LT_EOF
- else
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
-$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
-$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
-$progname: and run autoconf again.
-_LT_EOF
- fi
- else
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
-$progname: but the definition of this LT_INIT comes from revision $macro_revision.
-$progname: You should recreate aclocal.m4 with macros from revision $package_revision
-$progname: of $PACKAGE $VERSION and run autoconf again.
-_LT_EOF
- fi
-
- exit $EXIT_MISMATCH
- fi
-}
-
-
-# libtool_options_prep [ARG]...
-# -----------------------------
-# Preparation for options parsed by libtool.
-libtool_options_prep ()
-{
- $debug_mode
-
- # Option defaults:
- opt_config=false
- opt_dlopen=
- opt_dry_run=false
- opt_help=false
- opt_mode=
- opt_preserve_dup_deps=false
- opt_quiet=false
-
- nonopt=
- preserve_args=
-
- _G_rc_lt_options_prep=:
-
- # Shorthand for --mode=foo, only valid as the first argument
- case $1 in
- clean|clea|cle|cl)
- shift; set dummy --mode clean ${1+"$@"}; shift
- ;;
- compile|compil|compi|comp|com|co|c)
- shift; set dummy --mode compile ${1+"$@"}; shift
- ;;
- execute|execut|execu|exec|exe|ex|e)
- shift; set dummy --mode execute ${1+"$@"}; shift
- ;;
- finish|finis|fini|fin|fi|f)
- shift; set dummy --mode finish ${1+"$@"}; shift
- ;;
- install|instal|insta|inst|ins|in|i)
- shift; set dummy --mode install ${1+"$@"}; shift
- ;;
- link|lin|li|l)
- shift; set dummy --mode link ${1+"$@"}; shift
- ;;
- uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
- shift; set dummy --mode uninstall ${1+"$@"}; shift
- ;;
- *)
- _G_rc_lt_options_prep=false
- ;;
- esac
-
- if $_G_rc_lt_options_prep; then
- # Pass back the list of options.
- func_quote_for_eval ${1+"$@"}
- libtool_options_prep_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_lt_options_prep
-}
-func_add_hook func_options_prep libtool_options_prep
-
-
-# libtool_parse_options [ARG]...
-# ---------------------------------
-# Provide handling for libtool specific options.
-libtool_parse_options ()
-{
- $debug_cmd
-
- _G_rc_lt_parse_options=false
-
- # Perform our own loop to consume as many options as possible in
- # each iteration.
- while test $# -gt 0; do
- _G_match_lt_parse_options=:
- _G_opt=$1
- shift
- case $_G_opt in
- --dry-run|--dryrun|-n)
- opt_dry_run=:
- ;;
-
- --config) func_config ;;
-
- --dlopen|-dlopen)
- opt_dlopen="${opt_dlopen+$opt_dlopen
-}$1"
- shift
- ;;
-
- --preserve-dup-deps)
- opt_preserve_dup_deps=: ;;
-
- --features) func_features ;;
-
- --finish) set dummy --mode finish ${1+"$@"}; shift ;;
-
- --help) opt_help=: ;;
-
- --help-all) opt_help=': help-all' ;;
-
- --mode) test $# = 0 && func_missing_arg $_G_opt && break
- opt_mode=$1
- case $1 in
- # Valid mode arguments:
- clean|compile|execute|finish|install|link|relink|uninstall) ;;
-
- # Catch anything else as an error
- *) func_error "invalid argument for $_G_opt"
- exit_cmd=exit
- break
- ;;
- esac
- shift
- ;;
-
- --no-silent|--no-quiet)
- opt_quiet=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --no-warnings|--no-warning|--no-warn)
- opt_warning=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --no-verbose)
- opt_verbose=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --silent|--quiet)
- opt_quiet=:
- opt_verbose=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --tag) test $# = 0 && func_missing_arg $_G_opt && break
- opt_tag=$1
- func_append preserve_args " $_G_opt $1"
- func_enable_tag "$1"
- shift
- ;;
-
- --verbose|-v) opt_quiet=false
- opt_verbose=:
- func_append preserve_args " $_G_opt"
- ;;
-
- # An option not handled by this hook function:
- *) set dummy "$_G_opt" ${1+"$@"} ; shift
- _G_match_lt_parse_options=false
- break
- ;;
- esac
- $_G_match_lt_parse_options && _G_rc_lt_parse_options=:
- done
-
- if $_G_rc_lt_parse_options; then
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- libtool_parse_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_lt_parse_options
-}
-func_add_hook func_parse_options libtool_parse_options
-
-
-
-# libtool_validate_options [ARG]...
-# ---------------------------------
-# Perform any sanity checks on option settings and/or unconsumed
-# arguments.
-libtool_validate_options ()
-{
- # save first non-option argument
- if test 0 -lt $#; then
- nonopt=$1
- shift
- fi
-
- # preserve --debug
- test : = "$debug_cmd" || func_append preserve_args " --debug"
-
- case $host in
- # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
- # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
- *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
- # don't eliminate duplications in $postdeps and $predeps
- opt_duplicate_compiler_generated_deps=:
- ;;
- *)
- opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
- ;;
- esac
-
- $opt_help || {
- # Sanity checks first:
- func_check_version_match
-
- test yes != "$build_libtool_libs" \
- && test yes != "$build_old_libs" \
- && func_fatal_configuration "not configured to build any kind of library"
-
- # Darwin sucks
- eval std_shrext=\"$shrext_cmds\"
-
- # Only execute mode is allowed to have -dlopen flags.
- if test -n "$opt_dlopen" && test execute != "$opt_mode"; then
- func_error "unrecognized option '-dlopen'"
- $ECHO "$help" 1>&2
- exit $EXIT_FAILURE
- fi
-
- # Change the help message to a mode-specific one.
- generic_help=$help
- help="Try '$progname --help --mode=$opt_mode' for more information."
- }
-
- # Pass back the unparsed argument list
- func_quote_for_eval ${1+"$@"}
- libtool_validate_options_result=$func_quote_for_eval_result
-}
-func_add_hook func_validate_options libtool_validate_options
-
-
-# Process options as early as possible so that --help and --version
-# can return quickly.
-func_options ${1+"$@"}
-eval set dummy "$func_options_result"; shift
-
-
-
-## ----------- ##
-## Main. ##
-## ----------- ##
-
-magic='%%%MAGIC variable%%%'
-magic_exe='%%%MAGIC EXE variable%%%'
-
-# Global variables.
-extracted_archives=
-extracted_serial=0
-
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end. This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
-}
-
-# func_generated_by_libtool
-# True iff stdin has been generated by Libtool. This function is only
-# a basic sanity check; it will hardly flush out determined imposters.
-func_generated_by_libtool_p ()
-{
- $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
-}
-
-# func_lalib_p file
-# True iff FILE is a libtool '.la' library or '.lo' object file.
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_lalib_p ()
-{
- test -f "$1" &&
- $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p
-}
-
-# func_lalib_unsafe_p file
-# True iff FILE is a libtool '.la' library or '.lo' object file.
-# This function implements the same check as func_lalib_p without
-# resorting to external programs. To this end, it redirects stdin and
-# closes it afterwards, without saving the original file descriptor.
-# As a safety measure, use it only where a negative result would be
-# fatal anyway. Works if 'file' does not exist.
-func_lalib_unsafe_p ()
-{
- lalib_p=no
- if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
- for lalib_p_l in 1 2 3 4
- do
- read lalib_p_line
- case $lalib_p_line in
- \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
- esac
- done
- exec 0<&5 5<&-
- fi
- test yes = "$lalib_p"
-}
-
-# func_ltwrapper_script_p file
-# True iff FILE is a libtool wrapper script
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_script_p ()
-{
- test -f "$1" &&
- $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p
-}
-
-# func_ltwrapper_executable_p file
-# True iff FILE is a libtool wrapper executable
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_executable_p ()
-{
- func_ltwrapper_exec_suffix=
- case $1 in
- *.exe) ;;
- *) func_ltwrapper_exec_suffix=.exe ;;
- esac
- $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
-}
-
-# func_ltwrapper_scriptname file
-# Assumes file is an ltwrapper_executable
-# uses $file to determine the appropriate filename for a
-# temporary ltwrapper_script.
-func_ltwrapper_scriptname ()
-{
- func_dirname_and_basename "$1" "" "."
- func_stripname '' '.exe' "$func_basename_result"
- func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper
-}
-
-# func_ltwrapper_p file
-# True iff FILE is a libtool wrapper script or wrapper executable
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_p ()
-{
- func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
-}
-
-
-# func_execute_cmds commands fail_cmd
-# Execute tilde-delimited COMMANDS.
-# If FAIL_CMD is given, eval that upon failure.
-# FAIL_CMD may read-access the current command in variable CMD!
-func_execute_cmds ()
-{
- $debug_cmd
-
- save_ifs=$IFS; IFS='~'
- for cmd in $1; do
- IFS=$sp$nl
- eval cmd=\"$cmd\"
- IFS=$save_ifs
- func_show_eval "$cmd" "${2-:}"
- done
- IFS=$save_ifs
-}
-
-
-# func_source file
-# Source FILE, adding directory component if necessary.
-# Note that it is not necessary on cygwin/mingw to append a dot to
-# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
-# behavior happens only for exec(3), not for open(2)! Also, sourcing
-# 'FILE.' does not work on cygwin managed mounts.
-func_source ()
-{
- $debug_cmd
-
- case $1 in
- */* | *\\*) . "$1" ;;
- *) . "./$1" ;;
- esac
-}
-
-
-# func_resolve_sysroot PATH
-# Replace a leading = in PATH with a sysroot. Store the result into
-# func_resolve_sysroot_result
-func_resolve_sysroot ()
-{
- func_resolve_sysroot_result=$1
- case $func_resolve_sysroot_result in
- =*)
- func_stripname '=' '' "$func_resolve_sysroot_result"
- func_resolve_sysroot_result=$lt_sysroot$func_stripname_result
- ;;
- esac
-}
-
-# func_replace_sysroot PATH
-# If PATH begins with the sysroot, replace it with = and
-# store the result into func_replace_sysroot_result.
-func_replace_sysroot ()
-{
- case $lt_sysroot:$1 in
- ?*:"$lt_sysroot"*)
- func_stripname "$lt_sysroot" '' "$1"
- func_replace_sysroot_result='='$func_stripname_result
- ;;
- *)
- # Including no sysroot.
- func_replace_sysroot_result=$1
- ;;
- esac
-}
-
-# func_infer_tag arg
-# Infer tagged configuration to use if any are available and
-# if one wasn't chosen via the "--tag" command line option.
-# Only attempt this if the compiler in the base compile
-# command doesn't match the default compiler.
-# arg is usually of the form 'gcc ...'
-func_infer_tag ()
-{
- $debug_cmd
-
- if test -n "$available_tags" && test -z "$tagname"; then
- CC_quoted=
- for arg in $CC; do
- func_append_quoted CC_quoted "$arg"
- done
- CC_expanded=`func_echo_all $CC`
- CC_quoted_expanded=`func_echo_all $CC_quoted`
- case $@ in
- # Blanks in the command may have been stripped by the calling shell,
- # but not from the CC environment variable when configure was run.
- " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
- " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;;
- # Blanks at the start of $base_compile will cause this to fail
- # if we don't check for them as well.
- *)
- for z in $available_tags; do
- if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
- # Evaluate the configuration.
- eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
- CC_quoted=
- for arg in $CC; do
- # Double-quote args containing other shell metacharacters.
- func_append_quoted CC_quoted "$arg"
- done
- CC_expanded=`func_echo_all $CC`
- CC_quoted_expanded=`func_echo_all $CC_quoted`
- case "$@ " in
- " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
- " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*)
- # The compiler in the base compile command matches
- # the one in the tagged configuration.
- # Assume this is the tagged configuration we want.
- tagname=$z
- break
- ;;
- esac
- fi
- done
- # If $tagname still isn't set, then no tagged configuration
- # was found and let the user know that the "--tag" command
- # line option must be used.
- if test -z "$tagname"; then
- func_echo "unable to infer tagged configuration"
- func_fatal_error "specify a tag with '--tag'"
-# else
-# func_verbose "using $tagname tagged configuration"
- fi
- ;;
- esac
- fi
-}
-
-
-
-# func_write_libtool_object output_name pic_name nonpic_name
-# Create a libtool object file (analogous to a ".la" file),
-# but don't create it if we're doing a dry run.
-func_write_libtool_object ()
-{
- write_libobj=$1
- if test yes = "$build_libtool_libs"; then
- write_lobj=\'$2\'
- else
- write_lobj=none
- fi
-
- if test yes = "$build_old_libs"; then
- write_oldobj=\'$3\'
- else
- write_oldobj=none
- fi
-
- $opt_dry_run || {
- cat >${write_libobj}T <<EOF
-# $write_libobj - a libtool object file
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# Name of the PIC object.
-pic_object=$write_lobj
-
-# Name of the non-PIC object
-non_pic_object=$write_oldobj
-
-EOF
- $MV "${write_libobj}T" "$write_libobj"
- }
-}
-
-
-##################################################
-# FILE NAME AND PATH CONVERSION HELPER FUNCTIONS #
-##################################################
-
-# func_convert_core_file_wine_to_w32 ARG
-# Helper function used by file name conversion functions when $build is *nix,
-# and $host is mingw, cygwin, or some other w32 environment. Relies on a
-# correctly configured wine environment available, with the winepath program
-# in $build's $PATH.
-#
-# ARG is the $build file name to be converted to w32 format.
-# Result is available in $func_convert_core_file_wine_to_w32_result, and will
-# be empty on error (or when ARG is empty)
-func_convert_core_file_wine_to_w32 ()
-{
- $debug_cmd
-
- func_convert_core_file_wine_to_w32_result=$1
- if test -n "$1"; then
- # Unfortunately, winepath does not exit with a non-zero error code, so we
- # are forced to check the contents of stdout. On the other hand, if the
- # command is not found, the shell will set an exit code of 127 and print
- # *an error message* to stdout. So we must check for both error code of
- # zero AND non-empty stdout, which explains the odd construction:
- func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null`
- if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then
- func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" |
- $SED -e "$sed_naive_backslashify"`
- else
- func_convert_core_file_wine_to_w32_result=
- fi
- fi
-}
-# end: func_convert_core_file_wine_to_w32
-
-
-# func_convert_core_path_wine_to_w32 ARG
-# Helper function used by path conversion functions when $build is *nix, and
-# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly
-# configured wine environment available, with the winepath program in $build's
-# $PATH. Assumes ARG has no leading or trailing path separator characters.
-#
-# ARG is path to be converted from $build format to win32.
-# Result is available in $func_convert_core_path_wine_to_w32_result.
-# Unconvertible file (directory) names in ARG are skipped; if no directory names
-# are convertible, then the result may be empty.
-func_convert_core_path_wine_to_w32 ()
-{
- $debug_cmd
-
- # unfortunately, winepath doesn't convert paths, only file names
- func_convert_core_path_wine_to_w32_result=
- if test -n "$1"; then
- oldIFS=$IFS
- IFS=:
- for func_convert_core_path_wine_to_w32_f in $1; do
- IFS=$oldIFS
- func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f"
- if test -n "$func_convert_core_file_wine_to_w32_result"; then
- if test -z "$func_convert_core_path_wine_to_w32_result"; then
- func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result
- else
- func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result"
- fi
- fi
- done
- IFS=$oldIFS
- fi
-}
-# end: func_convert_core_path_wine_to_w32
-
-
-# func_cygpath ARGS...
-# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when
-# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2)
-# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or
-# (2), returns the Cygwin file name or path in func_cygpath_result (input
-# file name or path is assumed to be in w32 format, as previously converted
-# from $build's *nix or MSYS format). In case (3), returns the w32 file name
-# or path in func_cygpath_result (input file name or path is assumed to be in
-# Cygwin format). Returns an empty string on error.
-#
-# ARGS are passed to cygpath, with the last one being the file name or path to
-# be converted.
-#
-# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH
-# environment variable; do not put it in $PATH.
-func_cygpath ()
-{
- $debug_cmd
-
- if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then
- func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null`
- if test "$?" -ne 0; then
- # on failure, ensure result is empty
- func_cygpath_result=
- fi
- else
- func_cygpath_result=
- func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'"
- fi
-}
-#end: func_cygpath
-
-
-# func_convert_core_msys_to_w32 ARG
-# Convert file name or path ARG from MSYS format to w32 format. Return
-# result in func_convert_core_msys_to_w32_result.
-func_convert_core_msys_to_w32 ()
-{
- $debug_cmd
-
- # awkward: cmd appends spaces to result
- func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null |
- $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"`
-}
-#end: func_convert_core_msys_to_w32
-
-
-# func_convert_file_check ARG1 ARG2
-# Verify that ARG1 (a file name in $build format) was converted to $host
-# format in ARG2. Otherwise, emit an error message, but continue (resetting
-# func_to_host_file_result to ARG1).
-func_convert_file_check ()
-{
- $debug_cmd
-
- if test -z "$2" && test -n "$1"; then
- func_error "Could not determine host file name corresponding to"
- func_error " '$1'"
- func_error "Continuing, but uninstalled executables may not work."
- # Fallback:
- func_to_host_file_result=$1
- fi
-}
-# end func_convert_file_check
-
-
-# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH
-# Verify that FROM_PATH (a path in $build format) was converted to $host
-# format in TO_PATH. Otherwise, emit an error message, but continue, resetting
-# func_to_host_file_result to a simplistic fallback value (see below).
-func_convert_path_check ()
-{
- $debug_cmd
-
- if test -z "$4" && test -n "$3"; then
- func_error "Could not determine the host path corresponding to"
- func_error " '$3'"
- func_error "Continuing, but uninstalled executables may not work."
- # Fallback. This is a deliberately simplistic "conversion" and
- # should not be "improved". See libtool.info.
- if test "x$1" != "x$2"; then
- lt_replace_pathsep_chars="s|$1|$2|g"
- func_to_host_path_result=`echo "$3" |
- $SED -e "$lt_replace_pathsep_chars"`
- else
- func_to_host_path_result=$3
- fi
- fi
-}
-# end func_convert_path_check
-
-
-# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG
-# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT
-# and appending REPL if ORIG matches BACKPAT.
-func_convert_path_front_back_pathsep ()
-{
- $debug_cmd
-
- case $4 in
- $1 ) func_to_host_path_result=$3$func_to_host_path_result
- ;;
- esac
- case $4 in
- $2 ) func_append func_to_host_path_result "$3"
- ;;
- esac
-}
-# end func_convert_path_front_back_pathsep
-
-
-##################################################
-# $build to $host FILE NAME CONVERSION FUNCTIONS #
-##################################################
-# invoked via '$to_host_file_cmd ARG'
-#
-# In each case, ARG is the path to be converted from $build to $host format.
-# Result will be available in $func_to_host_file_result.
-
-
-# func_to_host_file ARG
-# Converts the file name ARG from $build format to $host format. Return result
-# in func_to_host_file_result.
-func_to_host_file ()
-{
- $debug_cmd
-
- $to_host_file_cmd "$1"
-}
-# end func_to_host_file
-
-
-# func_to_tool_file ARG LAZY
-# converts the file name ARG from $build format to toolchain format. Return
-# result in func_to_tool_file_result. If the conversion in use is listed
-# in (the comma separated) LAZY, no conversion takes place.
-func_to_tool_file ()
-{
- $debug_cmd
-
- case ,$2, in
- *,"$to_tool_file_cmd",*)
- func_to_tool_file_result=$1
- ;;
- *)
- $to_tool_file_cmd "$1"
- func_to_tool_file_result=$func_to_host_file_result
- ;;
- esac
-}
-# end func_to_tool_file
-
-
-# func_convert_file_noop ARG
-# Copy ARG to func_to_host_file_result.
-func_convert_file_noop ()
-{
- func_to_host_file_result=$1
-}
-# end func_convert_file_noop
-
-
-# func_convert_file_msys_to_w32 ARG
-# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic
-# conversion to w32 is not available inside the cwrapper. Returns result in
-# func_to_host_file_result.
-func_convert_file_msys_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_msys_to_w32 "$1"
- func_to_host_file_result=$func_convert_core_msys_to_w32_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_msys_to_w32
-
-
-# func_convert_file_cygwin_to_w32 ARG
-# Convert file name ARG from Cygwin to w32 format. Returns result in
-# func_to_host_file_result.
-func_convert_file_cygwin_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- # because $build is cygwin, we call "the" cygpath in $PATH; no need to use
- # LT_CYGPATH in this case.
- func_to_host_file_result=`cygpath -m "$1"`
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_cygwin_to_w32
-
-
-# func_convert_file_nix_to_w32 ARG
-# Convert file name ARG from *nix to w32 format. Requires a wine environment
-# and a working winepath. Returns result in func_to_host_file_result.
-func_convert_file_nix_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_file_wine_to_w32 "$1"
- func_to_host_file_result=$func_convert_core_file_wine_to_w32_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_nix_to_w32
-
-
-# func_convert_file_msys_to_cygwin ARG
-# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
-# Returns result in func_to_host_file_result.
-func_convert_file_msys_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_msys_to_w32 "$1"
- func_cygpath -u "$func_convert_core_msys_to_w32_result"
- func_to_host_file_result=$func_cygpath_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_msys_to_cygwin
-
-
-# func_convert_file_nix_to_cygwin ARG
-# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed
-# in a wine environment, working winepath, and LT_CYGPATH set. Returns result
-# in func_to_host_file_result.
-func_convert_file_nix_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- # convert from *nix to w32, then use cygpath to convert from w32 to cygwin.
- func_convert_core_file_wine_to_w32 "$1"
- func_cygpath -u "$func_convert_core_file_wine_to_w32_result"
- func_to_host_file_result=$func_cygpath_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_nix_to_cygwin
-
-
-#############################################
-# $build to $host PATH CONVERSION FUNCTIONS #
-#############################################
-# invoked via '$to_host_path_cmd ARG'
-#
-# In each case, ARG is the path to be converted from $build to $host format.
-# The result will be available in $func_to_host_path_result.
-#
-# Path separators are also converted from $build format to $host format. If
-# ARG begins or ends with a path separator character, it is preserved (but
-# converted to $host format) on output.
-#
-# All path conversion functions are named using the following convention:
-# file name conversion function : func_convert_file_X_to_Y ()
-# path conversion function : func_convert_path_X_to_Y ()
-# where, for any given $build/$host combination the 'X_to_Y' value is the
-# same. If conversion functions are added for new $build/$host combinations,
-# the two new functions must follow this pattern, or func_init_to_host_path_cmd
-# will break.
-
-
-# func_init_to_host_path_cmd
-# Ensures that function "pointer" variable $to_host_path_cmd is set to the
-# appropriate value, based on the value of $to_host_file_cmd.
-to_host_path_cmd=
-func_init_to_host_path_cmd ()
-{
- $debug_cmd
-
- if test -z "$to_host_path_cmd"; then
- func_stripname 'func_convert_file_' '' "$to_host_file_cmd"
- to_host_path_cmd=func_convert_path_$func_stripname_result
- fi
-}
-
-
-# func_to_host_path ARG
-# Converts the path ARG from $build format to $host format. Return result
-# in func_to_host_path_result.
-func_to_host_path ()
-{
- $debug_cmd
-
- func_init_to_host_path_cmd
- $to_host_path_cmd "$1"
-}
-# end func_to_host_path
-
-
-# func_convert_path_noop ARG
-# Copy ARG to func_to_host_path_result.
-func_convert_path_noop ()
-{
- func_to_host_path_result=$1
-}
-# end func_convert_path_noop
-
-
-# func_convert_path_msys_to_w32 ARG
-# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic
-# conversion to w32 is not available inside the cwrapper. Returns result in
-# func_to_host_path_result.
-func_convert_path_msys_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # Remove leading and trailing path separator characters from ARG. MSYS
- # behavior is inconsistent here; cygpath turns them into '.;' and ';.';
- # and winepath ignores them completely.
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result=$func_convert_core_msys_to_w32_result
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_msys_to_w32
-
-
-# func_convert_path_cygwin_to_w32 ARG
-# Convert path ARG from Cygwin to w32 format. Returns result in
-# func_to_host_file_result.
-func_convert_path_cygwin_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"`
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_cygwin_to_w32
-
-
-# func_convert_path_nix_to_w32 ARG
-# Convert path ARG from *nix to w32 format. Requires a wine environment and
-# a working winepath. Returns result in func_to_host_file_result.
-func_convert_path_nix_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result=$func_convert_core_path_wine_to_w32_result
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_nix_to_w32
-
-
-# func_convert_path_msys_to_cygwin ARG
-# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
-# Returns result in func_to_host_file_result.
-func_convert_path_msys_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
- func_cygpath -u -p "$func_convert_core_msys_to_w32_result"
- func_to_host_path_result=$func_cygpath_result
- func_convert_path_check : : \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" : "$1"
- fi
-}
-# end func_convert_path_msys_to_cygwin
-
-
-# func_convert_path_nix_to_cygwin ARG
-# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a
-# a wine environment, working winepath, and LT_CYGPATH set. Returns result in
-# func_to_host_file_result.
-func_convert_path_nix_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # Remove leading and trailing path separator characters from
- # ARG. msys behavior is inconsistent here, cygpath turns them
- # into '.;' and ';.', and winepath ignores them completely.
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
- func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result"
- func_to_host_path_result=$func_cygpath_result
- func_convert_path_check : : \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" : "$1"
- fi
-}
-# end func_convert_path_nix_to_cygwin
-
-
-# func_dll_def_p FILE
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with _LT_DLL_DEF_P in libtool.m4
-func_dll_def_p ()
-{
- $debug_cmd
-
- func_dll_def_p_tmp=`$SED -n \
- -e 's/^[ ]*//' \
- -e '/^\(;.*\)*$/d' \
- -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \
- -e q \
- "$1"`
- test DEF = "$func_dll_def_p_tmp"
-}
-
-
-# func_mode_compile arg...
-func_mode_compile ()
-{
- $debug_cmd
-
- # Get the compilation command and the source file.
- base_compile=
- srcfile=$nonopt # always keep a non-empty value in "srcfile"
- suppress_opt=yes
- suppress_output=
- arg_mode=normal
- libobj=
- later=
- pie_flag=
-
- for arg
- do
- case $arg_mode in
- arg )
- # do not "continue". Instead, add this to base_compile
- lastarg=$arg
- arg_mode=normal
- ;;
-
- target )
- libobj=$arg
- arg_mode=normal
- continue
- ;;
-
- normal )
- # Accept any command-line options.
- case $arg in
- -o)
- test -n "$libobj" && \
- func_fatal_error "you cannot specify '-o' more than once"
- arg_mode=target
- continue
- ;;
-
- -pie | -fpie | -fPIE)
- func_append pie_flag " $arg"
- continue
- ;;
-
- -shared | -static | -prefer-pic | -prefer-non-pic)
- func_append later " $arg"
- continue
- ;;
-
- -no-suppress)
- suppress_opt=no
- continue
- ;;
-
- -Xcompiler)
- arg_mode=arg # the next one goes into the "base_compile" arg list
- continue # The current "srcfile" will either be retained or
- ;; # replaced later. I would guess that would be a bug.
-
- -Wc,*)
- func_stripname '-Wc,' '' "$arg"
- args=$func_stripname_result
- lastarg=
- save_ifs=$IFS; IFS=,
- for arg in $args; do
- IFS=$save_ifs
- func_append_quoted lastarg "$arg"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$lastarg"
- lastarg=$func_stripname_result
-
- # Add the arguments to base_compile.
- func_append base_compile " $lastarg"
- continue
- ;;
-
- *)
- # Accept the current argument as the source file.
- # The previous "srcfile" becomes the current argument.
- #
- lastarg=$srcfile
- srcfile=$arg
- ;;
- esac # case $arg
- ;;
- esac # case $arg_mode
-
- # Aesthetically quote the previous argument.
- func_append_quoted base_compile "$lastarg"
- done # for arg
-
- case $arg_mode in
- arg)
- func_fatal_error "you must specify an argument for -Xcompile"
- ;;
- target)
- func_fatal_error "you must specify a target with '-o'"
- ;;
- *)
- # Get the name of the library object.
- test -z "$libobj" && {
- func_basename "$srcfile"
- libobj=$func_basename_result
- }
- ;;
- esac
-
- # Recognize several different file suffixes.
- # If the user specifies -o file.o, it is replaced with file.lo
- case $libobj in
- *.[cCFSifmso] | \
- *.ada | *.adb | *.ads | *.asm | \
- *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
- *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
- func_xform "$libobj"
- libobj=$func_xform_result
- ;;
- esac
-
- case $libobj in
- *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
- *)
- func_fatal_error "cannot determine name of library object from '$libobj'"
- ;;
- esac
-
- func_infer_tag $base_compile
-
- for arg in $later; do
- case $arg in
- -shared)
- test yes = "$build_libtool_libs" \
- || func_fatal_configuration "cannot build a shared library"
- build_old_libs=no
- continue
- ;;
-
- -static)
- build_libtool_libs=no
- build_old_libs=yes
- continue
- ;;
-
- -prefer-pic)
- pic_mode=yes
- continue
- ;;
-
- -prefer-non-pic)
- pic_mode=no
- continue
- ;;
- esac
- done
-
- func_quote_for_eval "$libobj"
- test "X$libobj" != "X$func_quote_for_eval_result" \
- && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
- && func_warning "libobj name '$libobj' may not contain shell special characters."
- func_dirname_and_basename "$obj" "/" ""
- objname=$func_basename_result
- xdir=$func_dirname_result
- lobj=$xdir$objdir/$objname
-
- test -z "$base_compile" && \
- func_fatal_help "you must specify a compilation command"
-
- # Delete any leftover library objects.
- if test yes = "$build_old_libs"; then
- removelist="$obj $lobj $libobj ${libobj}T"
- else
- removelist="$lobj $libobj ${libobj}T"
- fi
-
- # On Cygwin there's no "real" PIC flag so we must build both object types
- case $host_os in
- cygwin* | mingw* | pw32* | os2* | cegcc*)
- pic_mode=default
- ;;
- esac
- if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then
- # non-PIC code in shared libraries is not supported
- pic_mode=default
- fi
-
- # Calculate the filename of the output object if compiler does
- # not support -o with -c
- if test no = "$compiler_c_o"; then
- output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext
- lockfile=$output_obj.lock
- else
- output_obj=
- need_locks=no
- lockfile=
- fi
-
- # Lock this critical section if it is needed
- # We use this script file to make the link, it avoids creating a new file
- if test yes = "$need_locks"; then
- until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
- func_echo "Waiting for $lockfile to be removed"
- sleep 2
- done
- elif test warn = "$need_locks"; then
- if test -f "$lockfile"; then
- $ECHO "\
-*** ERROR, $lockfile exists and contains:
-`cat $lockfile 2>/dev/null`
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
- func_append removelist " $output_obj"
- $ECHO "$srcfile" > "$lockfile"
- fi
-
- $opt_dry_run || $RM $removelist
- func_append removelist " $lockfile"
- trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
-
- func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
- srcfile=$func_to_tool_file_result
- func_quote_for_eval "$srcfile"
- qsrcfile=$func_quote_for_eval_result
-
- # Only build a PIC object if we are building libtool libraries.
- if test yes = "$build_libtool_libs"; then
- # Without this assignment, base_compile gets emptied.
- fbsd_hideous_sh_bug=$base_compile
-
- if test no != "$pic_mode"; then
- command="$base_compile $qsrcfile $pic_flag"
- else
- # Don't build PIC code
- command="$base_compile $qsrcfile"
- fi
-
- func_mkdir_p "$xdir$objdir"
-
- if test -z "$output_obj"; then
- # Place PIC objects in $objdir
- func_append command " -o $lobj"
- fi
-
- func_show_eval_locale "$command" \
- 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
-
- if test warn = "$need_locks" &&
- test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
- $ECHO "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
-
- # Just move the object if needed, then go on to compile the next one
- if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
- func_show_eval '$MV "$output_obj" "$lobj"' \
- 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
- fi
-
- # Allow error messages only from the first compilation.
- if test yes = "$suppress_opt"; then
- suppress_output=' >/dev/null 2>&1'
- fi
- fi
-
- # Only build a position-dependent object if we build old libraries.
- if test yes = "$build_old_libs"; then
- if test yes != "$pic_mode"; then
- # Don't build PIC code
- command="$base_compile $qsrcfile$pie_flag"
- else
- command="$base_compile $qsrcfile $pic_flag"
- fi
- if test yes = "$compiler_c_o"; then
- func_append command " -o $obj"
- fi
-
- # Suppress compiler output if we already did a PIC compilation.
- func_append command "$suppress_output"
- func_show_eval_locale "$command" \
- '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
-
- if test warn = "$need_locks" &&
- test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
- $ECHO "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
-
- # Just move the object if needed
- if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
- func_show_eval '$MV "$output_obj" "$obj"' \
- 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
- fi
- fi
-
- $opt_dry_run || {
- func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
-
- # Unlock the critical section if it was locked
- if test no != "$need_locks"; then
- removelist=$lockfile
- $RM "$lockfile"
- fi
- }
-
- exit $EXIT_SUCCESS
-}
-
-$opt_help || {
- test compile = "$opt_mode" && func_mode_compile ${1+"$@"}
-}
-
-func_mode_help ()
-{
- # We need to display help for each of the modes.
- case $opt_mode in
- "")
- # Generic help is extracted from the usage comments
- # at the start of this file.
- func_help
- ;;
-
- clean)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
-
-Remove files from the build directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
-to RM.
-
-If FILE is a libtool library, object or program, all the files associated
-with it are deleted. Otherwise, only FILE itself is deleted using RM."
- ;;
-
- compile)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
-
-Compile a source file into a libtool library object.
-
-This mode accepts the following additional options:
-
- -o OUTPUT-FILE set the output file name to OUTPUT-FILE
- -no-suppress do not suppress compiler output for multiple passes
- -prefer-pic try to build PIC objects only
- -prefer-non-pic try to build non-PIC objects only
- -shared do not build a '.o' file suitable for static linking
- -static only build a '.o' file suitable for static linking
- -Wc,FLAG pass FLAG directly to the compiler
-
-COMPILE-COMMAND is a command to be used in creating a 'standard' object file
-from the given SOURCEFILE.
-
-The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix '.c' with the
-library object suffix, '.lo'."
- ;;
-
- execute)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
-
-Automatically set library path, then run a program.
-
-This mode accepts the following additional options:
-
- -dlopen FILE add the directory containing FILE to the library path
-
-This mode sets the library path environment variable according to '-dlopen'
-flags.
-
-If any of the ARGS are libtool executable wrappers, then they are translated
-into their corresponding uninstalled binary, and any of their required library
-directories are added to the library path.
-
-Then, COMMAND is executed, with ARGS as arguments."
- ;;
-
- finish)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
-
-Complete the installation of libtool libraries.
-
-Each LIBDIR is a directory that contains libtool libraries.
-
-The commands that this mode executes may require superuser privileges. Use
-the '--dry-run' option if you just want to see what would be executed."
- ;;
-
- install)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
-
-Install executables or libraries.
-
-INSTALL-COMMAND is the installation command. The first component should be
-either the 'install' or 'cp' program.
-
-The following components of INSTALL-COMMAND are treated specially:
-
- -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation
-
-The rest of the components are interpreted as arguments to that command (only
-BSD-compatible install options are recognized)."
- ;;
-
- link)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
-
-Link object files or libraries together to form another library, or to
-create an executable program.
-
-LINK-COMMAND is a command using the C compiler that you would use to create
-a program from several object files.
-
-The following components of LINK-COMMAND are treated specially:
-
- -all-static do not do any dynamic linking at all
- -avoid-version do not add a version suffix if possible
- -bindir BINDIR specify path to binaries directory (for systems where
- libraries must be found in the PATH setting at runtime)
- -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime
- -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
- -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
- -export-symbols SYMFILE
- try to export only the symbols listed in SYMFILE
- -export-symbols-regex REGEX
- try to export only the symbols matching REGEX
- -LLIBDIR search LIBDIR for required installed libraries
- -lNAME OUTPUT-FILE requires the installed library libNAME
- -module build a library that can dlopened
- -no-fast-install disable the fast-install mode
- -no-install link a not-installable executable
- -no-undefined declare that a library does not refer to external symbols
- -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
- -objectlist FILE use a list of object files found in FILE to specify objects
- -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes)
- -precious-files-regex REGEX
- don't remove output files matching REGEX
- -release RELEASE specify package release information
- -rpath LIBDIR the created library will eventually be installed in LIBDIR
- -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
- -shared only do dynamic linking of libtool libraries
- -shrext SUFFIX override the standard shared library file extension
- -static do not do any dynamic linking of uninstalled libtool libraries
- -static-libtool-libs
- do not do any dynamic linking of libtool libraries
- -version-info CURRENT[:REVISION[:AGE]]
- specify library version info [each variable defaults to 0]
- -weak LIBNAME declare that the target provides the LIBNAME interface
- -Wc,FLAG
- -Xcompiler FLAG pass linker-specific FLAG directly to the compiler
- -Wl,FLAG
- -Xlinker FLAG pass linker-specific FLAG directly to the linker
- -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC)
-
-All other options (arguments beginning with '-') are ignored.
-
-Every other argument is treated as a filename. Files ending in '.la' are
-treated as uninstalled libtool libraries, other files are standard or library
-object files.
-
-If the OUTPUT-FILE ends in '.la', then a libtool library is created,
-only library objects ('.lo' files) may be specified, and '-rpath' is
-required, except when creating a convenience library.
-
-If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created
-using 'ar' and 'ranlib', or on Windows using 'lib'.
-
-If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file
-is created, otherwise an executable program is created."
- ;;
-
- uninstall)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
-
-Remove libraries from an installation directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
-to RM.
-
-If FILE is a libtool library, all the files associated with it are deleted.
-Otherwise, only FILE itself is deleted using RM."
- ;;
-
- *)
- func_fatal_help "invalid operation mode '$opt_mode'"
- ;;
- esac
-
- echo
- $ECHO "Try '$progname --help' for more information about other modes."
-}
-
-# Now that we've collected a possible --mode arg, show help if necessary
-if $opt_help; then
- if test : = "$opt_help"; then
- func_mode_help
- else
- {
- func_help noexit
- for opt_mode in compile link execute install finish uninstall clean; do
- func_mode_help
- done
- } | $SED -n '1p; 2,$s/^Usage:/ or: /p'
- {
- func_help noexit
- for opt_mode in compile link execute install finish uninstall clean; do
- echo
- func_mode_help
- done
- } |
- $SED '1d
- /^When reporting/,/^Report/{
- H
- d
- }
- $x
- /information about other modes/d
- /more detailed .*MODE/d
- s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/'
- fi
- exit $?
-fi
-
-
-# func_mode_execute arg...
-func_mode_execute ()
-{
- $debug_cmd
-
- # The first argument is the command name.
- cmd=$nonopt
- test -z "$cmd" && \
- func_fatal_help "you must specify a COMMAND"
-
- # Handle -dlopen flags immediately.
- for file in $opt_dlopen; do
- test -f "$file" \
- || func_fatal_help "'$file' is not a file"
-
- dir=
- case $file in
- *.la)
- func_resolve_sysroot "$file"
- file=$func_resolve_sysroot_result
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$file" \
- || func_fatal_help "'$lib' is not a valid libtool archive"
-
- # Read the libtool library.
- dlname=
- library_names=
- func_source "$file"
-
- # Skip this library if it cannot be dlopened.
- if test -z "$dlname"; then
- # Warn if it was a shared library.
- test -n "$library_names" && \
- func_warning "'$file' was not linked with '-export-dynamic'"
- continue
- fi
-
- func_dirname "$file" "" "."
- dir=$func_dirname_result
-
- if test -f "$dir/$objdir/$dlname"; then
- func_append dir "/$objdir"
- else
- if test ! -f "$dir/$dlname"; then
- func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'"
- fi
- fi
- ;;
-
- *.lo)
- # Just add the directory containing the .lo file.
- func_dirname "$file" "" "."
- dir=$func_dirname_result
- ;;
-
- *)
- func_warning "'-dlopen' is ignored for non-libtool libraries and objects"
- continue
- ;;
- esac
-
- # Get the absolute pathname.
- absdir=`cd "$dir" && pwd`
- test -n "$absdir" && dir=$absdir
-
- # Now add the directory to shlibpath_var.
- if eval "test -z \"\$$shlibpath_var\""; then
- eval "$shlibpath_var=\"\$dir\""
- else
- eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
- fi
- done
-
- # This variable tells wrapper scripts just to set shlibpath_var
- # rather than running their programs.
- libtool_execute_magic=$magic
-
- # Check if any of the arguments is a wrapper script.
- args=
- for file
- do
- case $file in
- -* | *.la | *.lo ) ;;
- *)
- # Do a test to see if this is really a libtool program.
- if func_ltwrapper_script_p "$file"; then
- func_source "$file"
- # Transform arg to wrapped name.
- file=$progdir/$program
- elif func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- func_source "$func_ltwrapper_scriptname_result"
- # Transform arg to wrapped name.
- file=$progdir/$program
- fi
- ;;
- esac
- # Quote arguments (to preserve shell metacharacters).
- func_append_quoted args "$file"
- done
-
- if $opt_dry_run; then
- # Display what would be done.
- if test -n "$shlibpath_var"; then
- eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
- echo "export $shlibpath_var"
- fi
- $ECHO "$cmd$args"
- exit $EXIT_SUCCESS
- else
- if test -n "$shlibpath_var"; then
- # Export the shlibpath_var.
- eval "export $shlibpath_var"
- fi
-
- # Restore saved environment variables
- for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
- do
- eval "if test \"\${save_$lt_var+set}\" = set; then
- $lt_var=\$save_$lt_var; export $lt_var
- else
- $lt_unset $lt_var
- fi"
- done
-
- # Now prepare to actually exec the command.
- exec_cmd=\$cmd$args
- fi
-}
-
-test execute = "$opt_mode" && func_mode_execute ${1+"$@"}
-
-
-# func_mode_finish arg...
-func_mode_finish ()
-{
- $debug_cmd
-
- libs=
- libdirs=
- admincmds=
-
- for opt in "$nonopt" ${1+"$@"}
- do
- if test -d "$opt"; then
- func_append libdirs " $opt"
-
- elif test -f "$opt"; then
- if func_lalib_unsafe_p "$opt"; then
- func_append libs " $opt"
- else
- func_warning "'$opt' is not a valid libtool archive"
- fi
-
- else
- func_fatal_error "invalid argument '$opt'"
- fi
- done
-
- if test -n "$libs"; then
- if test -n "$lt_sysroot"; then
- sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"`
- sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;"
- else
- sysroot_cmd=
- fi
-
- # Remove sysroot references
- if $opt_dry_run; then
- for lib in $libs; do
- echo "removing references to $lt_sysroot and '=' prefixes from $lib"
- done
- else
- tmpdir=`func_mktempdir`
- for lib in $libs; do
- $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
- > $tmpdir/tmp-la
- mv -f $tmpdir/tmp-la $lib
- done
- ${RM}r "$tmpdir"
- fi
- fi
-
- if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
- for libdir in $libdirs; do
- if test -n "$finish_cmds"; then
- # Do each command in the finish commands.
- func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
-'"$cmd"'"'
- fi
- if test -n "$finish_eval"; then
- # Do the single finish_eval.
- eval cmds=\"$finish_eval\"
- $opt_dry_run || eval "$cmds" || func_append admincmds "
- $cmds"
- fi
- done
- fi
-
- # Exit here if they wanted silent mode.
- $opt_quiet && exit $EXIT_SUCCESS
-
- if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
- echo "----------------------------------------------------------------------"
- echo "Libraries have been installed in:"
- for libdir in $libdirs; do
- $ECHO " $libdir"
- done
- echo
- echo "If you ever happen to want to link against installed libraries"
- echo "in a given directory, LIBDIR, you must either use libtool, and"
- echo "specify the full pathname of the library, or use the '-LLIBDIR'"
- echo "flag during linking and do at least one of the following:"
- if test -n "$shlibpath_var"; then
- echo " - add LIBDIR to the '$shlibpath_var' environment variable"
- echo " during execution"
- fi
- if test -n "$runpath_var"; then
- echo " - add LIBDIR to the '$runpath_var' environment variable"
- echo " during linking"
- fi
- if test -n "$hardcode_libdir_flag_spec"; then
- libdir=LIBDIR
- eval flag=\"$hardcode_libdir_flag_spec\"
-
- $ECHO " - use the '$flag' linker flag"
- fi
- if test -n "$admincmds"; then
- $ECHO " - have your system administrator run these commands:$admincmds"
- fi
- if test -f /etc/ld.so.conf; then
- echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'"
- fi
- echo
-
- echo "See any operating system documentation about shared libraries for"
- case $host in
- solaris2.[6789]|solaris2.1[0-9])
- echo "more information, such as the ld(1), crle(1) and ld.so(8) manual"
- echo "pages."
- ;;
- *)
- echo "more information, such as the ld(1) and ld.so(8) manual pages."
- ;;
- esac
- echo "----------------------------------------------------------------------"
- fi
- exit $EXIT_SUCCESS
-}
-
-test finish = "$opt_mode" && func_mode_finish ${1+"$@"}
-
-
-# func_mode_install arg...
-func_mode_install ()
-{
- $debug_cmd
-
- # There may be an optional sh(1) argument at the beginning of
- # install_prog (especially on Windows NT).
- if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" ||
- # Allow the use of GNU shtool's install command.
- case $nonopt in *shtool*) :;; *) false;; esac
- then
- # Aesthetically quote it.
- func_quote_for_eval "$nonopt"
- install_prog="$func_quote_for_eval_result "
- arg=$1
- shift
- else
- install_prog=
- arg=$nonopt
- fi
-
- # The real first argument should be the name of the installation program.
- # Aesthetically quote it.
- func_quote_for_eval "$arg"
- func_append install_prog "$func_quote_for_eval_result"
- install_shared_prog=$install_prog
- case " $install_prog " in
- *[\\\ /]cp\ *) install_cp=: ;;
- *) install_cp=false ;;
- esac
-
- # We need to accept at least all the BSD install flags.
- dest=
- files=
- opts=
- prev=
- install_type=
- isdir=false
- stripme=
- no_mode=:
- for arg
- do
- arg2=
- if test -n "$dest"; then
- func_append files " $dest"
- dest=$arg
- continue
- fi
-
- case $arg in
- -d) isdir=: ;;
- -f)
- if $install_cp; then :; else
- prev=$arg
- fi
- ;;
- -g | -m | -o)
- prev=$arg
- ;;
- -s)
- stripme=" -s"
- continue
- ;;
- -*)
- ;;
- *)
- # If the previous option needed an argument, then skip it.
- if test -n "$prev"; then
- if test X-m = "X$prev" && test -n "$install_override_mode"; then
- arg2=$install_override_mode
- no_mode=false
- fi
- prev=
- else
- dest=$arg
- continue
- fi
- ;;
- esac
-
- # Aesthetically quote the argument.
- func_quote_for_eval "$arg"
- func_append install_prog " $func_quote_for_eval_result"
- if test -n "$arg2"; then
- func_quote_for_eval "$arg2"
- fi
- func_append install_shared_prog " $func_quote_for_eval_result"
- done
-
- test -z "$install_prog" && \
- func_fatal_help "you must specify an install program"
-
- test -n "$prev" && \
- func_fatal_help "the '$prev' option requires an argument"
-
- if test -n "$install_override_mode" && $no_mode; then
- if $install_cp; then :; else
- func_quote_for_eval "$install_override_mode"
- func_append install_shared_prog " -m $func_quote_for_eval_result"
- fi
- fi
-
- if test -z "$files"; then
- if test -z "$dest"; then
- func_fatal_help "no file or destination specified"
- else
- func_fatal_help "you must specify a destination"
- fi
- fi
-
- # Strip any trailing slash from the destination.
- func_stripname '' '/' "$dest"
- dest=$func_stripname_result
-
- # Check to see that the destination is a directory.
- test -d "$dest" && isdir=:
- if $isdir; then
- destdir=$dest
- destname=
- else
- func_dirname_and_basename "$dest" "" "."
- destdir=$func_dirname_result
- destname=$func_basename_result
-
- # Not a directory, so check to see that there is only one file specified.
- set dummy $files; shift
- test "$#" -gt 1 && \
- func_fatal_help "'$dest' is not a directory"
- fi
- case $destdir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- for file in $files; do
- case $file in
- *.lo) ;;
- *)
- func_fatal_help "'$destdir' must be an absolute directory name"
- ;;
- esac
- done
- ;;
- esac
-
- # This variable tells wrapper scripts just to set variables rather
- # than running their programs.
- libtool_install_magic=$magic
-
- staticlibs=
- future_libdirs=
- current_libdirs=
- for file in $files; do
-
- # Do each installation.
- case $file in
- *.$libext)
- # Do the static libraries later.
- func_append staticlibs " $file"
- ;;
-
- *.la)
- func_resolve_sysroot "$file"
- file=$func_resolve_sysroot_result
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$file" \
- || func_fatal_help "'$file' is not a valid libtool archive"
-
- library_names=
- old_library=
- relink_command=
- func_source "$file"
-
- # Add the libdir to current_libdirs if it is the destination.
- if test "X$destdir" = "X$libdir"; then
- case "$current_libdirs " in
- *" $libdir "*) ;;
- *) func_append current_libdirs " $libdir" ;;
- esac
- else
- # Note the libdir as a future libdir.
- case "$future_libdirs " in
- *" $libdir "*) ;;
- *) func_append future_libdirs " $libdir" ;;
- esac
- fi
-
- func_dirname "$file" "/" ""
- dir=$func_dirname_result
- func_append dir "$objdir"
-
- if test -n "$relink_command"; then
- # Determine the prefix the user has applied to our future dir.
- inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
-
- # Don't allow the user to place us outside of our expected
- # location b/c this prevents finding dependent libraries that
- # are installed to the same prefix.
- # At present, this check doesn't affect windows .dll's that
- # are installed into $libdir/../bin (currently, that works fine)
- # but it's something to keep an eye on.
- test "$inst_prefix_dir" = "$destdir" && \
- func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir"
-
- if test -n "$inst_prefix_dir"; then
- # Stick the inst_prefix_dir data into the link command.
- relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
- else
- relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
- fi
-
- func_warning "relinking '$file'"
- func_show_eval "$relink_command" \
- 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"'
- fi
-
- # See the names of the shared library.
- set dummy $library_names; shift
- if test -n "$1"; then
- realname=$1
- shift
-
- srcname=$realname
- test -n "$relink_command" && srcname=${realname}T
-
- # Install the shared library and build the symlinks.
- func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \
- 'exit $?'
- tstripme=$stripme
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- case $realname in
- *.dll.a)
- tstripme=
- ;;
- esac
- ;;
- os2*)
- case $realname in
- *_dll.a)
- tstripme=
- ;;
- esac
- ;;
- esac
- if test -n "$tstripme" && test -n "$striplib"; then
- func_show_eval "$striplib $destdir/$realname" 'exit $?'
- fi
-
- if test "$#" -gt 0; then
- # Delete the old symlinks, and create new ones.
- # Try 'ln -sf' first, because the 'ln' binary might depend on
- # the symlink we replace! Solaris /bin/ln does not understand -f,
- # so we also need to try rm && ln -s.
- for linkname
- do
- test "$linkname" != "$realname" \
- && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
- done
- fi
-
- # Do each command in the postinstall commands.
- lib=$destdir/$realname
- func_execute_cmds "$postinstall_cmds" 'exit $?'
- fi
-
- # Install the pseudo-library for information purposes.
- func_basename "$file"
- name=$func_basename_result
- instname=$dir/${name}i
- func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
-
- # Maybe install the static library, too.
- test -n "$old_library" && func_append staticlibs " $dir/$old_library"
- ;;
-
- *.lo)
- # Install (i.e. copy) a libtool object.
-
- # Figure out destination file name, if it wasn't already specified.
- if test -n "$destname"; then
- destfile=$destdir/$destname
- else
- func_basename "$file"
- destfile=$func_basename_result
- destfile=$destdir/$destfile
- fi
-
- # Deduce the name of the destination old-style object file.
- case $destfile in
- *.lo)
- func_lo2o "$destfile"
- staticdest=$func_lo2o_result
- ;;
- *.$objext)
- staticdest=$destfile
- destfile=
- ;;
- *)
- func_fatal_help "cannot copy a libtool object to '$destfile'"
- ;;
- esac
-
- # Install the libtool object if requested.
- test -n "$destfile" && \
- func_show_eval "$install_prog $file $destfile" 'exit $?'
-
- # Install the old object if enabled.
- if test yes = "$build_old_libs"; then
- # Deduce the name of the old-style object file.
- func_lo2o "$file"
- staticobj=$func_lo2o_result
- func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
- fi
- exit $EXIT_SUCCESS
- ;;
-
- *)
- # Figure out destination file name, if it wasn't already specified.
- if test -n "$destname"; then
- destfile=$destdir/$destname
- else
- func_basename "$file"
- destfile=$func_basename_result
- destfile=$destdir/$destfile
- fi
-
- # If the file is missing, and there is a .exe on the end, strip it
- # because it is most likely a libtool script we actually want to
- # install
- stripped_ext=
- case $file in
- *.exe)
- if test ! -f "$file"; then
- func_stripname '' '.exe' "$file"
- file=$func_stripname_result
- stripped_ext=.exe
- fi
- ;;
- esac
-
- # Do a test to see if this is really a libtool program.
- case $host in
- *cygwin* | *mingw*)
- if func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- wrapper=$func_ltwrapper_scriptname_result
- else
- func_stripname '' '.exe' "$file"
- wrapper=$func_stripname_result
- fi
- ;;
- *)
- wrapper=$file
- ;;
- esac
- if func_ltwrapper_script_p "$wrapper"; then
- notinst_deplibs=
- relink_command=
-
- func_source "$wrapper"
-
- # Check the variables that should have been set.
- test -z "$generated_by_libtool_version" && \
- func_fatal_error "invalid libtool wrapper script '$wrapper'"
-
- finalize=:
- for lib in $notinst_deplibs; do
- # Check to see that each library is installed.
- libdir=
- if test -f "$lib"; then
- func_source "$lib"
- fi
- libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'`
- if test -n "$libdir" && test ! -f "$libfile"; then
- func_warning "'$lib' has not been installed in '$libdir'"
- finalize=false
- fi
- done
-
- relink_command=
- func_source "$wrapper"
-
- outputname=
- if test no = "$fast_install" && test -n "$relink_command"; then
- $opt_dry_run || {
- if $finalize; then
- tmpdir=`func_mktempdir`
- func_basename "$file$stripped_ext"
- file=$func_basename_result
- outputname=$tmpdir/$file
- # Replace the output file specification.
- relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
-
- $opt_quiet || {
- func_quote_for_expand "$relink_command"
- eval "func_echo $func_quote_for_expand_result"
- }
- if eval "$relink_command"; then :
- else
- func_error "error: relink '$file' with the above command before installing it"
- $opt_dry_run || ${RM}r "$tmpdir"
- continue
- fi
- file=$outputname
- else
- func_warning "cannot relink '$file'"
- fi
- }
- else
- # Install the binary that we compiled earlier.
- file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"`
- fi
- fi
-
- # remove .exe since cygwin /usr/bin/install will append another
- # one anyway
- case $install_prog,$host in
- */usr/bin/install*,*cygwin*)
- case $file:$destfile in
- *.exe:*.exe)
- # this is ok
- ;;
- *.exe:*)
- destfile=$destfile.exe
- ;;
- *:*.exe)
- func_stripname '' '.exe' "$destfile"
- destfile=$func_stripname_result
- ;;
- esac
- ;;
- esac
- func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
- $opt_dry_run || if test -n "$outputname"; then
- ${RM}r "$tmpdir"
- fi
- ;;
- esac
- done
-
- for file in $staticlibs; do
- func_basename "$file"
- name=$func_basename_result
-
- # Set up the ranlib parameters.
- oldlib=$destdir/$name
- func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
- tool_oldlib=$func_to_tool_file_result
-
- func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
-
- if test -n "$stripme" && test -n "$old_striplib"; then
- func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
- fi
-
- # Do each command in the postinstall commands.
- func_execute_cmds "$old_postinstall_cmds" 'exit $?'
- done
-
- test -n "$future_libdirs" && \
- func_warning "remember to run '$progname --finish$future_libdirs'"
-
- if test -n "$current_libdirs"; then
- # Maybe just do a dry run.
- $opt_dry_run && current_libdirs=" -n$current_libdirs"
- exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs'
- else
- exit $EXIT_SUCCESS
- fi
-}
-
-test install = "$opt_mode" && func_mode_install ${1+"$@"}
-
-
-# func_generate_dlsyms outputname originator pic_p
-# Extract symbols from dlprefiles and create ${outputname}S.o with
-# a dlpreopen symbol table.
-func_generate_dlsyms ()
-{
- $debug_cmd
-
- my_outputname=$1
- my_originator=$2
- my_pic_p=${3-false}
- my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'`
- my_dlsyms=
-
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- if test -n "$NM" && test -n "$global_symbol_pipe"; then
- my_dlsyms=${my_outputname}S.c
- else
- func_error "not configured to extract global symbols from dlpreopened files"
- fi
- fi
-
- if test -n "$my_dlsyms"; then
- case $my_dlsyms in
- "") ;;
- *.c)
- # Discover the nlist of each of the dlfiles.
- nlist=$output_objdir/$my_outputname.nm
-
- func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
-
- # Parse the name list into a source file.
- func_verbose "creating $output_objdir/$my_dlsyms"
-
- $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
-/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */
-/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */
-
-#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
-#pragma GCC diagnostic ignored \"-Wstrict-prototypes\"
-#endif
-
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT_DLSYM_CONST
-#else
-# define LT_DLSYM_CONST const
-#endif
-
-#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
-
-/* External symbol declarations for the compiler. */\
-"
-
- if test yes = "$dlself"; then
- func_verbose "generating symbol list for '$output'"
-
- $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
-
- # Add our own program objects to the symbol list.
- progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP`
- for progfile in $progfiles; do
- func_to_tool_file "$progfile" func_convert_file_msys_to_w32
- func_verbose "extracting global C symbols from '$func_to_tool_file_result'"
- $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'"
- done
-
- if test -n "$exclude_expsyms"; then
- $opt_dry_run || {
- eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- }
- fi
-
- if test -n "$export_symbols_regex"; then
- $opt_dry_run || {
- eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- }
- fi
-
- # Prepare the list of exported symbols
- if test -z "$export_symbols"; then
- export_symbols=$output_objdir/$outputname.exp
- $opt_dry_run || {
- $RM $export_symbols
- eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
- eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
- ;;
- esac
- }
- else
- $opt_dry_run || {
- eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
- eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
- eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
- ;;
- esac
- }
- fi
- fi
-
- for dlprefile in $dlprefiles; do
- func_verbose "extracting global C symbols from '$dlprefile'"
- func_basename "$dlprefile"
- name=$func_basename_result
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- # if an import library, we need to obtain dlname
- if func_win32_import_lib_p "$dlprefile"; then
- func_tr_sh "$dlprefile"
- eval "curr_lafile=\$libfile_$func_tr_sh_result"
- dlprefile_dlbasename=
- if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then
- # Use subshell, to avoid clobbering current variable values
- dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"`
- if test -n "$dlprefile_dlname"; then
- func_basename "$dlprefile_dlname"
- dlprefile_dlbasename=$func_basename_result
- else
- # no lafile. user explicitly requested -dlpreopen <import library>.
- $sharedlib_from_linklib_cmd "$dlprefile"
- dlprefile_dlbasename=$sharedlib_from_linklib_result
- fi
- fi
- $opt_dry_run || {
- if test -n "$dlprefile_dlbasename"; then
- eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"'
- else
- func_warning "Could not compute DLL name from $name"
- eval '$ECHO ": $name " >> "$nlist"'
- fi
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
- $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
- }
- else # not an import lib
- $opt_dry_run || {
- eval '$ECHO ": $name " >> "$nlist"'
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
- }
- fi
- ;;
- *)
- $opt_dry_run || {
- eval '$ECHO ": $name " >> "$nlist"'
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
- }
- ;;
- esac
- done
-
- $opt_dry_run || {
- # Make sure we have at least an empty file.
- test -f "$nlist" || : > "$nlist"
-
- if test -n "$exclude_expsyms"; then
- $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
- $MV "$nlist"T "$nlist"
- fi
-
- # Try sorting and uniquifying the output.
- if $GREP -v "^: " < "$nlist" |
- if sort -k 3 </dev/null >/dev/null 2>&1; then
- sort -k 3
- else
- sort +2
- fi |
- uniq > "$nlist"S; then
- :
- else
- $GREP -v "^: " < "$nlist" > "$nlist"S
- fi
-
- if test -f "$nlist"S; then
- eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
- else
- echo '/* NONE */' >> "$output_objdir/$my_dlsyms"
- fi
-
- func_show_eval '$RM "${nlist}I"'
- if test -n "$global_symbol_to_import"; then
- eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I'
- fi
-
- echo >> "$output_objdir/$my_dlsyms" "\
-
-/* The mapping between symbol names and symbols. */
-typedef struct {
- const char *name;
- void *address;
-} lt_dlsymlist;
-extern LT_DLSYM_CONST lt_dlsymlist
-lt_${my_prefix}_LTX_preloaded_symbols[];\
-"
-
- if test -s "$nlist"I; then
- echo >> "$output_objdir/$my_dlsyms" "\
-static void lt_syminit(void)
-{
- LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols;
- for (; symbol->name; ++symbol)
- {"
- $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms"
- echo >> "$output_objdir/$my_dlsyms" "\
- }
-}"
- fi
- echo >> "$output_objdir/$my_dlsyms" "\
-LT_DLSYM_CONST lt_dlsymlist
-lt_${my_prefix}_LTX_preloaded_symbols[] =
-{ {\"$my_originator\", (void *) 0},"
-
- if test -s "$nlist"I; then
- echo >> "$output_objdir/$my_dlsyms" "\
- {\"@INIT@\", (void *) <_syminit},"
- fi
-
- case $need_lib_prefix in
- no)
- eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
- ;;
- *)
- eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
- ;;
- esac
- echo >> "$output_objdir/$my_dlsyms" "\
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt_${my_prefix}_LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif\
-"
- } # !$opt_dry_run
-
- pic_flag_for_symtable=
- case "$compile_command " in
- *" -static "*) ;;
- *)
- case $host in
- # compiling the symbol table file with pic_flag works around
- # a FreeBSD bug that causes programs to crash when -lm is
- # linked before any other PIC object. But we must not use
- # pic_flag when linking with -static. The problem exists in
- # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
- *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
- pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
- *-*-hpux*)
- pic_flag_for_symtable=" $pic_flag" ;;
- *)
- $my_pic_p && pic_flag_for_symtable=" $pic_flag"
- ;;
- esac
- ;;
- esac
- symtab_cflags=
- for arg in $LTCFLAGS; do
- case $arg in
- -pie | -fpie | -fPIE) ;;
- *) func_append symtab_cflags " $arg" ;;
- esac
- done
-
- # Now compile the dynamic symbol file.
- func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
-
- # Clean up the generated files.
- func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"'
-
- # Transform the symbol file into the correct name.
- symfileobj=$output_objdir/${my_outputname}S.$objext
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- if test -f "$output_objdir/$my_outputname.def"; then
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
- else
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- fi
- ;;
- *)
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- ;;
- esac
- ;;
- *)
- func_fatal_error "unknown suffix for '$my_dlsyms'"
- ;;
- esac
- else
- # We keep going just in case the user didn't refer to
- # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
- # really was required.
-
- # Nullify the symbol file.
- compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"`
- fi
-}
-
-# func_cygming_gnu_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is a GNU/binutils-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_gnu_implib_p ()
-{
- $debug_cmd
-
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
- test -n "$func_cygming_gnu_implib_tmp"
-}
-
-# func_cygming_ms_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is an MS-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_ms_implib_p ()
-{
- $debug_cmd
-
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
- test -n "$func_cygming_ms_implib_tmp"
-}
-
-# func_win32_libid arg
-# return the library type of file 'arg'
-#
-# Need a lot of goo to handle *both* DLLs and import libs
-# Has to be a shell function in order to 'eat' the argument
-# that is supplied when $file_magic_command is called.
-# Despite the name, also deal with 64 bit binaries.
-func_win32_libid ()
-{
- $debug_cmd
-
- win32_libid_type=unknown
- win32_fileres=`file -L $1 2>/dev/null`
- case $win32_fileres in
- *ar\ archive\ import\ library*) # definitely import
- win32_libid_type="x86 archive import"
- ;;
- *ar\ archive*) # could be an import, or static
- # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
- if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
- $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
- case $nm_interface in
- "MS dumpbin")
- if func_cygming_ms_implib_p "$1" ||
- func_cygming_gnu_implib_p "$1"
- then
- win32_nmres=import
- else
- win32_nmres=
- fi
- ;;
- *)
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
- $SED -n -e '
- 1,100{
- / I /{
- s|.*|import|
- p
- q
- }
- }'`
- ;;
- esac
- case $win32_nmres in
- import*) win32_libid_type="x86 archive import";;
- *) win32_libid_type="x86 archive static";;
- esac
- fi
- ;;
- *DLL*)
- win32_libid_type="x86 DLL"
- ;;
- *executable*) # but shell scripts are "executable" too...
- case $win32_fileres in
- *MS\ Windows\ PE\ Intel*)
- win32_libid_type="x86 DLL"
- ;;
- esac
- ;;
- esac
- $ECHO "$win32_libid_type"
-}
-
-# func_cygming_dll_for_implib ARG
-#
-# Platform-specific function to extract the
-# name of the DLL associated with the specified
-# import library ARG.
-# Invoked by eval'ing the libtool variable
-# $sharedlib_from_linklib_cmd
-# Result is available in the variable
-# $sharedlib_from_linklib_result
-func_cygming_dll_for_implib ()
-{
- $debug_cmd
-
- sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"`
-}
-
-# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs
-#
-# The is the core of a fallback implementation of a
-# platform-specific function to extract the name of the
-# DLL associated with the specified import library LIBNAME.
-#
-# SECTION_NAME is either .idata$6 or .idata$7, depending
-# on the platform and compiler that created the implib.
-#
-# Echos the name of the DLL associated with the
-# specified import library.
-func_cygming_dll_for_implib_fallback_core ()
-{
- $debug_cmd
-
- match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"`
- $OBJDUMP -s --section "$1" "$2" 2>/dev/null |
- $SED '/^Contents of section '"$match_literal"':/{
- # Place marker at beginning of archive member dllname section
- s/.*/====MARK====/
- p
- d
- }
- # These lines can sometimes be longer than 43 characters, but
- # are always uninteresting
- /:[ ]*file format pe[i]\{,1\}-/d
- /^In archive [^:]*:/d
- # Ensure marker is printed
- /^====MARK====/p
- # Remove all lines with less than 43 characters
- /^.\{43\}/!d
- # From remaining lines, remove first 43 characters
- s/^.\{43\}//' |
- $SED -n '
- # Join marker and all lines until next marker into a single line
- /^====MARK====/ b para
- H
- $ b para
- b
- :para
- x
- s/\n//g
- # Remove the marker
- s/^====MARK====//
- # Remove trailing dots and whitespace
- s/[\. \t]*$//
- # Print
- /./p' |
- # we now have a list, one entry per line, of the stringified
- # contents of the appropriate section of all members of the
- # archive that possess that section. Heuristic: eliminate
- # all those that have a first or second character that is
- # a '.' (that is, objdump's representation of an unprintable
- # character.) This should work for all archives with less than
- # 0x302f exports -- but will fail for DLLs whose name actually
- # begins with a literal '.' or a single character followed by
- # a '.'.
- #
- # Of those that remain, print the first one.
- $SED -e '/^\./d;/^.\./d;q'
-}
-
-# func_cygming_dll_for_implib_fallback ARG
-# Platform-specific function to extract the
-# name of the DLL associated with the specified
-# import library ARG.
-#
-# This fallback implementation is for use when $DLLTOOL
-# does not support the --identify-strict option.
-# Invoked by eval'ing the libtool variable
-# $sharedlib_from_linklib_cmd
-# Result is available in the variable
-# $sharedlib_from_linklib_result
-func_cygming_dll_for_implib_fallback ()
-{
- $debug_cmd
-
- if func_cygming_gnu_implib_p "$1"; then
- # binutils import library
- sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"`
- elif func_cygming_ms_implib_p "$1"; then
- # ms-generated import library
- sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"`
- else
- # unknown
- sharedlib_from_linklib_result=
- fi
-}
-
-
-# func_extract_an_archive dir oldlib
-func_extract_an_archive ()
-{
- $debug_cmd
-
- f_ex_an_ar_dir=$1; shift
- f_ex_an_ar_oldlib=$1
- if test yes = "$lock_old_archive_extraction"; then
- lockfile=$f_ex_an_ar_oldlib.lock
- until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
- func_echo "Waiting for $lockfile to be removed"
- sleep 2
- done
- fi
- func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \
- 'stat=$?; rm -f "$lockfile"; exit $stat'
- if test yes = "$lock_old_archive_extraction"; then
- $opt_dry_run || rm -f "$lockfile"
- fi
- if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
- :
- else
- func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
- fi
-}
-
-
-# func_extract_archives gentop oldlib ...
-func_extract_archives ()
-{
- $debug_cmd
-
- my_gentop=$1; shift
- my_oldlibs=${1+"$@"}
- my_oldobjs=
- my_xlib=
- my_xabs=
- my_xdir=
-
- for my_xlib in $my_oldlibs; do
- # Extract the objects.
- case $my_xlib in
- [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;;
- *) my_xabs=`pwd`"/$my_xlib" ;;
- esac
- func_basename "$my_xlib"
- my_xlib=$func_basename_result
- my_xlib_u=$my_xlib
- while :; do
- case " $extracted_archives " in
- *" $my_xlib_u "*)
- func_arith $extracted_serial + 1
- extracted_serial=$func_arith_result
- my_xlib_u=lt$extracted_serial-$my_xlib ;;
- *) break ;;
- esac
- done
- extracted_archives="$extracted_archives $my_xlib_u"
- my_xdir=$my_gentop/$my_xlib_u
-
- func_mkdir_p "$my_xdir"
-
- case $host in
- *-darwin*)
- func_verbose "Extracting $my_xabs"
- # Do not bother doing anything if just a dry run
- $opt_dry_run || {
- darwin_orig_dir=`pwd`
- cd $my_xdir || exit $?
- darwin_archive=$my_xabs
- darwin_curdir=`pwd`
- func_basename "$darwin_archive"
- darwin_base_archive=$func_basename_result
- darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
- if test -n "$darwin_arches"; then
- darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
- darwin_arch=
- func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
- for darwin_arch in $darwin_arches; do
- func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch"
- $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive"
- cd "unfat-$$/$darwin_base_archive-$darwin_arch"
- func_extract_an_archive "`pwd`" "$darwin_base_archive"
- cd "$darwin_curdir"
- $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive"
- done # $darwin_arches
- ## Okay now we've a bunch of thin objects, gotta fatten them up :)
- darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u`
- darwin_file=
- darwin_files=
- for darwin_file in $darwin_filelist; do
- darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
- $LIPO -create -output "$darwin_file" $darwin_files
- done # $darwin_filelist
- $RM -rf unfat-$$
- cd "$darwin_orig_dir"
- else
- cd $darwin_orig_dir
- func_extract_an_archive "$my_xdir" "$my_xabs"
- fi # $darwin_arches
- } # !$opt_dry_run
- ;;
- *)
- func_extract_an_archive "$my_xdir" "$my_xabs"
- ;;
- esac
- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
- done
-
- func_extract_archives_result=$my_oldobjs
-}
-
-
-# func_emit_wrapper [arg=no]
-#
-# Emit a libtool wrapper script on stdout.
-# Don't directly open a file because we may want to
-# incorporate the script contents within a cygwin/mingw
-# wrapper executable. Must ONLY be called from within
-# func_mode_link because it depends on a number of variables
-# set therein.
-#
-# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
-# variable will take. If 'yes', then the emitted script
-# will assume that the directory where it is stored is
-# the $objdir directory. This is a cygwin/mingw-specific
-# behavior.
-func_emit_wrapper ()
-{
- func_emit_wrapper_arg1=${1-no}
-
- $ECHO "\
-#! $SHELL
-
-# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# The $output program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='$sed_quote_subst'
-
-# Be Bourne compatible
-if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else
- case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
-fi
-BIN_SH=xpg4; export BIN_SH # for Tru64
-DUALCASE=1; export DUALCASE # for MKS sh
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-relink_command=\"$relink_command\"
-
-# This environment variable determines our operation mode.
-if test \"\$libtool_install_magic\" = \"$magic\"; then
- # install mode needs the following variables:
- generated_by_libtool_version='$macro_version'
- notinst_deplibs='$notinst_deplibs'
-else
- # When we are sourced in execute mode, \$file and \$ECHO are already set.
- if test \"\$libtool_execute_magic\" != \"$magic\"; then
- file=\"\$0\""
-
- qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
- $ECHO "\
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
- ECHO=\"$qECHO\"
- fi
-
-# Very basic option parsing. These options are (a) specific to
-# the libtool wrapper, (b) are identical between the wrapper
-# /script/ and the wrapper /executable/ that is used only on
-# windows platforms, and (c) all begin with the string "--lt-"
-# (application programs are unlikely to have options that match
-# this pattern).
-#
-# There are only two supported options: --lt-debug and
-# --lt-dump-script. There is, deliberately, no --lt-help.
-#
-# The first argument to this parsing function should be the
-# script's $0 value, followed by "$@".
-lt_option_debug=
-func_parse_lt_options ()
-{
- lt_script_arg0=\$0
- shift
- for lt_opt
- do
- case \"\$lt_opt\" in
- --lt-debug) lt_option_debug=1 ;;
- --lt-dump-script)
- lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\`
- test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=.
- lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\`
- cat \"\$lt_dump_D/\$lt_dump_F\"
- exit 0
- ;;
- --lt-*)
- \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2
- exit 1
- ;;
- esac
- done
-
- # Print the debug banner immediately:
- if test -n \"\$lt_option_debug\"; then
- echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2
- fi
-}
-
-# Used when --lt-debug. Prints its arguments to stdout
-# (redirection is the responsibility of the caller)
-func_lt_dump_args ()
-{
- lt_dump_args_N=1;
- for lt_arg
- do
- \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\"
- lt_dump_args_N=\`expr \$lt_dump_args_N + 1\`
- done
-}
-
-# Core function for launching the target application
-func_exec_program_core ()
-{
-"
- case $host in
- # Backslashes separate directories on plain windows
- *-*-mingw | *-*-os2* | *-cegcc*)
- $ECHO "\
- if test -n \"\$lt_option_debug\"; then
- \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2
- func_lt_dump_args \${1+\"\$@\"} 1>&2
- fi
- exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
-"
- ;;
-
- *)
- $ECHO "\
- if test -n \"\$lt_option_debug\"; then
- \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2
- func_lt_dump_args \${1+\"\$@\"} 1>&2
- fi
- exec \"\$progdir/\$program\" \${1+\"\$@\"}
-"
- ;;
- esac
- $ECHO "\
- \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
- exit 1
-}
-
-# A function to encapsulate launching the target application
-# Strips options in the --lt-* namespace from \$@ and
-# launches target application with the remaining arguments.
-func_exec_program ()
-{
- case \" \$* \" in
- *\\ --lt-*)
- for lt_wr_arg
- do
- case \$lt_wr_arg in
- --lt-*) ;;
- *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
- esac
- shift
- done ;;
- esac
- func_exec_program_core \${1+\"\$@\"}
-}
-
- # Parse options
- func_parse_lt_options \"\$0\" \${1+\"\$@\"}
-
- # Find the directory that this script lives in.
- thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\`
- test \"x\$thisdir\" = \"x\$file\" && thisdir=.
-
- # Follow symbolic links until we get to the real thisdir.
- file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\`
- while test -n \"\$file\"; do
- destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\`
-
- # If there was a directory component, then change thisdir.
- if test \"x\$destdir\" != \"x\$file\"; then
- case \"\$destdir\" in
- [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
- *) thisdir=\"\$thisdir/\$destdir\" ;;
- esac
- fi
-
- file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\`
- file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\`
- done
-
- # Usually 'no', except on cygwin/mingw when embedded into
- # the cwrapper.
- WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1
- if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
- # special case for '.'
- if test \"\$thisdir\" = \".\"; then
- thisdir=\`pwd\`
- fi
- # remove .libs from thisdir
- case \"\$thisdir\" in
- *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;;
- $objdir ) thisdir=. ;;
- esac
- fi
-
- # Try to get the absolute directory name.
- absdir=\`cd \"\$thisdir\" && pwd\`
- test -n \"\$absdir\" && thisdir=\"\$absdir\"
-"
-
- if test yes = "$fast_install"; then
- $ECHO "\
- program=lt-'$outputname'$exeext
- progdir=\"\$thisdir/$objdir\"
-
- if test ! -f \"\$progdir/\$program\" ||
- { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\
- test \"X\$file\" != \"X\$progdir/\$program\"; }; then
-
- file=\"\$\$-\$program\"
-
- if test ! -d \"\$progdir\"; then
- $MKDIR \"\$progdir\"
- else
- $RM \"\$progdir/\$file\"
- fi"
-
- $ECHO "\
-
- # relink executable if necessary
- if test -n \"\$relink_command\"; then
- if relink_command_output=\`eval \$relink_command 2>&1\`; then :
- else
- \$ECHO \"\$relink_command_output\" >&2
- $RM \"\$progdir/\$file\"
- exit 1
- fi
- fi
-
- $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
- { $RM \"\$progdir/\$program\";
- $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
- $RM \"\$progdir/\$file\"
- fi"
- else
- $ECHO "\
- program='$outputname'
- progdir=\"\$thisdir/$objdir\"
-"
- fi
-
- $ECHO "\
-
- if test -f \"\$progdir/\$program\"; then"
-
- # fixup the dll searchpath if we need to.
- #
- # Fix the DLL searchpath if we need to. Do this before prepending
- # to shlibpath, because on Windows, both are PATH and uninstalled
- # libraries must come first.
- if test -n "$dllsearchpath"; then
- $ECHO "\
- # Add the dll search path components to the executable PATH
- PATH=$dllsearchpath:\$PATH
-"
- fi
-
- # Export our shlibpath_var if we have one.
- if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
- $ECHO "\
- # Add our own library path to $shlibpath_var
- $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
-
- # Some systems cannot cope with colon-terminated $shlibpath_var
- # The second colon is a workaround for a bug in BeOS R4 sed
- $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\`
-
- export $shlibpath_var
-"
- fi
-
- $ECHO "\
- if test \"\$libtool_execute_magic\" != \"$magic\"; then
- # Run the actual program with our arguments.
- func_exec_program \${1+\"\$@\"}
- fi
- else
- # The program doesn't exist.
- \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2
- \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
- \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
- exit 1
- fi
-fi\
-"
-}
-
-
-# func_emit_cwrapperexe_src
-# emit the source code for a wrapper executable on stdout
-# Must ONLY be called from within func_mode_link because
-# it depends on a number of variable set therein.
-func_emit_cwrapperexe_src ()
-{
- cat <<EOF
-
-/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
- Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-
- The $output program cannot be directly executed until all the libtool
- libraries that it depends on are installed.
-
- This wrapper executable should never be moved out of the build directory.
- If it is, it will not operate correctly.
-*/
-EOF
- cat <<"EOF"
-#ifdef _MSC_VER
-# define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef _MSC_VER
-# include <direct.h>
-# include <process.h>
-# include <io.h>
-#else
-# include <unistd.h>
-# include <stdint.h>
-# ifdef __CYGWIN__
-# include <io.h>
-# endif
-#endif
-#include <malloc.h>
-#include <stdarg.h>
-#include <assert.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
-
-/* declarations of non-ANSI functions */
-#if defined __MINGW32__
-# ifdef __STRICT_ANSI__
-int _putenv (const char *);
-# endif
-#elif defined __CYGWIN__
-# ifdef __STRICT_ANSI__
-char *realpath (const char *, char *);
-int putenv (char *);
-int setenv (const char *, const char *, int);
-# endif
-/* #elif defined other_platform || defined ... */
-#endif
-
-/* portability defines, excluding path handling macros */
-#if defined _MSC_VER
-# define setmode _setmode
-# define stat _stat
-# define chmod _chmod
-# define getcwd _getcwd
-# define putenv _putenv
-# define S_IXUSR _S_IEXEC
-#elif defined __MINGW32__
-# define setmode _setmode
-# define stat _stat
-# define chmod _chmod
-# define getcwd _getcwd
-# define putenv _putenv
-#elif defined __CYGWIN__
-# define HAVE_SETENV
-# define FOPEN_WB "wb"
-/* #elif defined other platforms ... */
-#endif
-
-#if defined PATH_MAX
-# define LT_PATHMAX PATH_MAX
-#elif defined MAXPATHLEN
-# define LT_PATHMAX MAXPATHLEN
-#else
-# define LT_PATHMAX 1024
-#endif
-
-#ifndef S_IXOTH
-# define S_IXOTH 0
-#endif
-#ifndef S_IXGRP
-# define S_IXGRP 0
-#endif
-
-/* path handling portability macros */
-#ifndef DIR_SEPARATOR
-# define DIR_SEPARATOR '/'
-# define PATH_SEPARATOR ':'
-#endif
-
-#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \
- defined __OS2__
-# define HAVE_DOS_BASED_FILE_SYSTEM
-# define FOPEN_WB "wb"
-# ifndef DIR_SEPARATOR_2
-# define DIR_SEPARATOR_2 '\\'
-# endif
-# ifndef PATH_SEPARATOR_2
-# define PATH_SEPARATOR_2 ';'
-# endif
-#endif
-
-#ifndef DIR_SEPARATOR_2
-# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
-#else /* DIR_SEPARATOR_2 */
-# define IS_DIR_SEPARATOR(ch) \
- (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
-#endif /* DIR_SEPARATOR_2 */
-
-#ifndef PATH_SEPARATOR_2
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
-#else /* PATH_SEPARATOR_2 */
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
-#endif /* PATH_SEPARATOR_2 */
-
-#ifndef FOPEN_WB
-# define FOPEN_WB "w"
-#endif
-#ifndef _O_BINARY
-# define _O_BINARY 0
-#endif
-
-#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
-#define XFREE(stale) do { \
- if (stale) { free (stale); stale = 0; } \
-} while (0)
-
-#if defined LT_DEBUGWRAPPER
-static int lt_debug = 1;
-#else
-static int lt_debug = 0;
-#endif
-
-const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */
-
-void *xmalloc (size_t num);
-char *xstrdup (const char *string);
-const char *base_name (const char *name);
-char *find_executable (const char *wrapper);
-char *chase_symlinks (const char *pathspec);
-int make_executable (const char *path);
-int check_executable (const char *path);
-char *strendzap (char *str, const char *pat);
-void lt_debugprintf (const char *file, int line, const char *fmt, ...);
-void lt_fatal (const char *file, int line, const char *message, ...);
-static const char *nonnull (const char *s);
-static const char *nonempty (const char *s);
-void lt_setenv (const char *name, const char *value);
-char *lt_extend_str (const char *orig_value, const char *add, int to_end);
-void lt_update_exe_path (const char *name, const char *value);
-void lt_update_lib_path (const char *name, const char *value);
-char **prepare_spawn (char **argv);
-void lt_dump_script (FILE *f);
-EOF
-
- cat <<EOF
-#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
-# define externally_visible volatile
-#else
-# define externally_visible __attribute__((externally_visible)) volatile
-#endif
-externally_visible const char * MAGIC_EXE = "$magic_exe";
-const char * LIB_PATH_VARNAME = "$shlibpath_var";
-EOF
-
- if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
- func_to_host_path "$temp_rpath"
- cat <<EOF
-const char * LIB_PATH_VALUE = "$func_to_host_path_result";
-EOF
- else
- cat <<"EOF"
-const char * LIB_PATH_VALUE = "";
-EOF
- fi
-
- if test -n "$dllsearchpath"; then
- func_to_host_path "$dllsearchpath:"
- cat <<EOF
-const char * EXE_PATH_VARNAME = "PATH";
-const char * EXE_PATH_VALUE = "$func_to_host_path_result";
-EOF
- else
- cat <<"EOF"
-const char * EXE_PATH_VARNAME = "";
-const char * EXE_PATH_VALUE = "";
-EOF
- fi
-
- if test yes = "$fast_install"; then
- cat <<EOF
-const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
-EOF
- else
- cat <<EOF
-const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
-EOF
- fi
-
-
- cat <<"EOF"
-
-#define LTWRAPPER_OPTION_PREFIX "--lt-"
-
-static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
-static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
-static const char *debug_opt = LTWRAPPER_OPTION_PREFIX "debug";
-
-int
-main (int argc, char *argv[])
-{
- char **newargz;
- int newargc;
- char *tmp_pathspec;
- char *actual_cwrapper_path;
- char *actual_cwrapper_name;
- char *target_name;
- char *lt_argv_zero;
- int rval = 127;
-
- int i;
-
- program_name = (char *) xstrdup (base_name (argv[0]));
- newargz = XMALLOC (char *, (size_t) argc + 1);
-
- /* very simple arg parsing; don't want to rely on getopt
- * also, copy all non cwrapper options to newargz, except
- * argz[0], which is handled differently
- */
- newargc=0;
- for (i = 1; i < argc; i++)
- {
- if (STREQ (argv[i], dumpscript_opt))
- {
-EOF
- case $host in
- *mingw* | *cygwin* )
- # make stdout use "unix" line endings
- echo " setmode(1,_O_BINARY);"
- ;;
- esac
-
- cat <<"EOF"
- lt_dump_script (stdout);
- return 0;
- }
- if (STREQ (argv[i], debug_opt))
- {
- lt_debug = 1;
- continue;
- }
- if (STREQ (argv[i], ltwrapper_option_prefix))
- {
- /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
- namespace, but it is not one of the ones we know about and
- have already dealt with, above (inluding dump-script), then
- report an error. Otherwise, targets might begin to believe
- they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
- namespace. The first time any user complains about this, we'll
- need to make LTWRAPPER_OPTION_PREFIX a configure-time option
- or a configure.ac-settable value.
- */
- lt_fatal (__FILE__, __LINE__,
- "unrecognized %s option: '%s'",
- ltwrapper_option_prefix, argv[i]);
- }
- /* otherwise ... */
- newargz[++newargc] = xstrdup (argv[i]);
- }
- newargz[++newargc] = NULL;
-
-EOF
- cat <<EOF
- /* The GNU banner must be the first non-error debug message */
- lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE) $VERSION\n");
-EOF
- cat <<"EOF"
- lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]);
- lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name);
-
- tmp_pathspec = find_executable (argv[0]);
- if (tmp_pathspec == NULL)
- lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]);
- lt_debugprintf (__FILE__, __LINE__,
- "(main) found exe (before symlink chase) at: %s\n",
- tmp_pathspec);
-
- actual_cwrapper_path = chase_symlinks (tmp_pathspec);
- lt_debugprintf (__FILE__, __LINE__,
- "(main) found exe (after symlink chase) at: %s\n",
- actual_cwrapper_path);
- XFREE (tmp_pathspec);
-
- actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path));
- strendzap (actual_cwrapper_path, actual_cwrapper_name);
-
- /* wrapper name transforms */
- strendzap (actual_cwrapper_name, ".exe");
- tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
- XFREE (actual_cwrapper_name);
- actual_cwrapper_name = tmp_pathspec;
- tmp_pathspec = 0;
-
- /* target_name transforms -- use actual target program name; might have lt- prefix */
- target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
- strendzap (target_name, ".exe");
- tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
- XFREE (target_name);
- target_name = tmp_pathspec;
- tmp_pathspec = 0;
-
- lt_debugprintf (__FILE__, __LINE__,
- "(main) libtool target name: %s\n",
- target_name);
-EOF
-
- cat <<EOF
- newargz[0] =
- XMALLOC (char, (strlen (actual_cwrapper_path) +
- strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
- strcpy (newargz[0], actual_cwrapper_path);
- strcat (newargz[0], "$objdir");
- strcat (newargz[0], "/");
-EOF
-
- cat <<"EOF"
- /* stop here, and copy so we don't have to do this twice */
- tmp_pathspec = xstrdup (newargz[0]);
-
- /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
- strcat (newargz[0], actual_cwrapper_name);
-
- /* DO want the lt- prefix here if it exists, so use target_name */
- lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
- XFREE (tmp_pathspec);
- tmp_pathspec = NULL;
-EOF
-
- case $host_os in
- mingw*)
- cat <<"EOF"
- {
- char* p;
- while ((p = strchr (newargz[0], '\\')) != NULL)
- {
- *p = '/';
- }
- while ((p = strchr (lt_argv_zero, '\\')) != NULL)
- {
- *p = '/';
- }
- }
-EOF
- ;;
- esac
-
- cat <<"EOF"
- XFREE (target_name);
- XFREE (actual_cwrapper_path);
- XFREE (actual_cwrapper_name);
-
- lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
- lt_setenv ("DUALCASE", "1"); /* for MSK sh */
- /* Update the DLL searchpath. EXE_PATH_VALUE ($dllsearchpath) must
- be prepended before (that is, appear after) LIB_PATH_VALUE ($temp_rpath)
- because on Windows, both *_VARNAMEs are PATH but uninstalled
- libraries must come first. */
- lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
- lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
-
- lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n",
- nonnull (lt_argv_zero));
- for (i = 0; i < newargc; i++)
- {
- lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n",
- i, nonnull (newargz[i]));
- }
-
-EOF
-
- case $host_os in
- mingw*)
- cat <<"EOF"
- /* execv doesn't actually work on mingw as expected on unix */
- newargz = prepare_spawn (newargz);
- rval = (int) _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
- if (rval == -1)
- {
- /* failed to start process */
- lt_debugprintf (__FILE__, __LINE__,
- "(main) failed to launch target \"%s\": %s\n",
- lt_argv_zero, nonnull (strerror (errno)));
- return 127;
- }
- return rval;
-EOF
- ;;
- *)
- cat <<"EOF"
- execv (lt_argv_zero, newargz);
- return rval; /* =127, but avoids unused variable warning */
-EOF
- ;;
- esac
-
- cat <<"EOF"
-}
-
-void *
-xmalloc (size_t num)
-{
- void *p = (void *) malloc (num);
- if (!p)
- lt_fatal (__FILE__, __LINE__, "memory exhausted");
-
- return p;
-}
-
-char *
-xstrdup (const char *string)
-{
- return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
- string) : NULL;
-}
-
-const char *
-base_name (const char *name)
-{
- const char *base;
-
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- /* Skip over the disk name in MSDOS pathnames. */
- if (isalpha ((unsigned char) name[0]) && name[1] == ':')
- name += 2;
-#endif
-
- for (base = name; *name; name++)
- if (IS_DIR_SEPARATOR (*name))
- base = name + 1;
- return base;
-}
-
-int
-check_executable (const char *path)
-{
- struct stat st;
-
- lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n",
- nonempty (path));
- if ((!path) || (!*path))
- return 0;
-
- if ((stat (path, &st) >= 0)
- && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
- return 1;
- else
- return 0;
-}
-
-int
-make_executable (const char *path)
-{
- int rval = 0;
- struct stat st;
-
- lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n",
- nonempty (path));
- if ((!path) || (!*path))
- return 0;
-
- if (stat (path, &st) >= 0)
- {
- rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
- }
- return rval;
-}
-
-/* Searches for the full path of the wrapper. Returns
- newly allocated full path name if found, NULL otherwise
- Does not chase symlinks, even on platforms that support them.
-*/
-char *
-find_executable (const char *wrapper)
-{
- int has_slash = 0;
- const char *p;
- const char *p_next;
- /* static buffer for getcwd */
- char tmp[LT_PATHMAX + 1];
- size_t tmp_len;
- char *concat_name;
-
- lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n",
- nonempty (wrapper));
-
- if ((wrapper == NULL) || (*wrapper == '\0'))
- return NULL;
-
- /* Absolute path? */
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
- {
- concat_name = xstrdup (wrapper);
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
- else
- {
-#endif
- if (IS_DIR_SEPARATOR (wrapper[0]))
- {
- concat_name = xstrdup (wrapper);
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- }
-#endif
-
- for (p = wrapper; *p; p++)
- if (*p == '/')
- {
- has_slash = 1;
- break;
- }
- if (!has_slash)
- {
- /* no slashes; search PATH */
- const char *path = getenv ("PATH");
- if (path != NULL)
- {
- for (p = path; *p; p = p_next)
- {
- const char *q;
- size_t p_len;
- for (q = p; *q; q++)
- if (IS_PATH_SEPARATOR (*q))
- break;
- p_len = (size_t) (q - p);
- p_next = (*q == '\0' ? q : q + 1);
- if (p_len == 0)
- {
- /* empty path: current directory */
- if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
- nonnull (strerror (errno)));
- tmp_len = strlen (tmp);
- concat_name =
- XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, tmp, tmp_len);
- concat_name[tmp_len] = '/';
- strcpy (concat_name + tmp_len + 1, wrapper);
- }
- else
- {
- concat_name =
- XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, p, p_len);
- concat_name[p_len] = '/';
- strcpy (concat_name + p_len + 1, wrapper);
- }
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
- }
- /* not found in PATH; assume curdir */
- }
- /* Relative path | not found in path: prepend cwd */
- if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
- nonnull (strerror (errno)));
- tmp_len = strlen (tmp);
- concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, tmp, tmp_len);
- concat_name[tmp_len] = '/';
- strcpy (concat_name + tmp_len + 1, wrapper);
-
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- return NULL;
-}
-
-char *
-chase_symlinks (const char *pathspec)
-{
-#ifndef S_ISLNK
- return xstrdup (pathspec);
-#else
- char buf[LT_PATHMAX];
- struct stat s;
- char *tmp_pathspec = xstrdup (pathspec);
- char *p;
- int has_symlinks = 0;
- while (strlen (tmp_pathspec) && !has_symlinks)
- {
- lt_debugprintf (__FILE__, __LINE__,
- "checking path component for symlinks: %s\n",
- tmp_pathspec);
- if (lstat (tmp_pathspec, &s) == 0)
- {
- if (S_ISLNK (s.st_mode) != 0)
- {
- has_symlinks = 1;
- break;
- }
-
- /* search backwards for last DIR_SEPARATOR */
- p = tmp_pathspec + strlen (tmp_pathspec) - 1;
- while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
- p--;
- if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
- {
- /* no more DIR_SEPARATORS left */
- break;
- }
- *p = '\0';
- }
- else
- {
- lt_fatal (__FILE__, __LINE__,
- "error accessing file \"%s\": %s",
- tmp_pathspec, nonnull (strerror (errno)));
- }
- }
- XFREE (tmp_pathspec);
-
- if (!has_symlinks)
- {
- return xstrdup (pathspec);
- }
-
- tmp_pathspec = realpath (pathspec, buf);
- if (tmp_pathspec == 0)
- {
- lt_fatal (__FILE__, __LINE__,
- "could not follow symlinks for %s", pathspec);
- }
- return xstrdup (tmp_pathspec);
-#endif
-}
-
-char *
-strendzap (char *str, const char *pat)
-{
- size_t len, patlen;
-
- assert (str != NULL);
- assert (pat != NULL);
-
- len = strlen (str);
- patlen = strlen (pat);
-
- if (patlen <= len)
- {
- str += len - patlen;
- if (STREQ (str, pat))
- *str = '\0';
- }
- return str;
-}
-
-void
-lt_debugprintf (const char *file, int line, const char *fmt, ...)
-{
- va_list args;
- if (lt_debug)
- {
- (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line);
- va_start (args, fmt);
- (void) vfprintf (stderr, fmt, args);
- va_end (args);
- }
-}
-
-static void
-lt_error_core (int exit_status, const char *file,
- int line, const char *mode,
- const char *message, va_list ap)
-{
- fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode);
- vfprintf (stderr, message, ap);
- fprintf (stderr, ".\n");
-
- if (exit_status >= 0)
- exit (exit_status);
-}
-
-void
-lt_fatal (const char *file, int line, const char *message, ...)
-{
- va_list ap;
- va_start (ap, message);
- lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap);
- va_end (ap);
-}
-
-static const char *
-nonnull (const char *s)
-{
- return s ? s : "(null)";
-}
-
-static const char *
-nonempty (const char *s)
-{
- return (s && !*s) ? "(empty)" : nonnull (s);
-}
-
-void
-lt_setenv (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_setenv) setting '%s' to '%s'\n",
- nonnull (name), nonnull (value));
- {
-#ifdef HAVE_SETENV
- /* always make a copy, for consistency with !HAVE_SETENV */
- char *str = xstrdup (value);
- setenv (name, str, 1);
-#else
- size_t len = strlen (name) + 1 + strlen (value) + 1;
- char *str = XMALLOC (char, len);
- sprintf (str, "%s=%s", name, value);
- if (putenv (str) != EXIT_SUCCESS)
- {
- XFREE (str);
- }
-#endif
- }
-}
-
-char *
-lt_extend_str (const char *orig_value, const char *add, int to_end)
-{
- char *new_value;
- if (orig_value && *orig_value)
- {
- size_t orig_value_len = strlen (orig_value);
- size_t add_len = strlen (add);
- new_value = XMALLOC (char, add_len + orig_value_len + 1);
- if (to_end)
- {
- strcpy (new_value, orig_value);
- strcpy (new_value + orig_value_len, add);
- }
- else
- {
- strcpy (new_value, add);
- strcpy (new_value + add_len, orig_value);
- }
- }
- else
- {
- new_value = xstrdup (add);
- }
- return new_value;
-}
-
-void
-lt_update_exe_path (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
- nonnull (name), nonnull (value));
-
- if (name && *name && value && *value)
- {
- char *new_value = lt_extend_str (getenv (name), value, 0);
- /* some systems can't cope with a ':'-terminated path #' */
- size_t len = strlen (new_value);
- while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
- {
- new_value[--len] = '\0';
- }
- lt_setenv (name, new_value);
- XFREE (new_value);
- }
-}
-
-void
-lt_update_lib_path (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
- nonnull (name), nonnull (value));
-
- if (name && *name && value && *value)
- {
- char *new_value = lt_extend_str (getenv (name), value, 0);
- lt_setenv (name, new_value);
- XFREE (new_value);
- }
-}
-
-EOF
- case $host_os in
- mingw*)
- cat <<"EOF"
-
-/* Prepares an argument vector before calling spawn().
- Note that spawn() does not by itself call the command interpreter
- (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") :
- ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
- GetVersionEx(&v);
- v.dwPlatformId == VER_PLATFORM_WIN32_NT;
- }) ? "cmd.exe" : "command.com").
- Instead it simply concatenates the arguments, separated by ' ', and calls
- CreateProcess(). We must quote the arguments since Win32 CreateProcess()
- interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a
- special way:
- - Space and tab are interpreted as delimiters. They are not treated as
- delimiters if they are surrounded by double quotes: "...".
- - Unescaped double quotes are removed from the input. Their only effect is
- that within double quotes, space and tab are treated like normal
- characters.
- - Backslashes not followed by double quotes are not special.
- - But 2*n+1 backslashes followed by a double quote become
- n backslashes followed by a double quote (n >= 0):
- \" -> "
- \\\" -> \"
- \\\\\" -> \\"
- */
-#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
-#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
-char **
-prepare_spawn (char **argv)
-{
- size_t argc;
- char **new_argv;
- size_t i;
-
- /* Count number of arguments. */
- for (argc = 0; argv[argc] != NULL; argc++)
- ;
-
- /* Allocate new argument vector. */
- new_argv = XMALLOC (char *, argc + 1);
-
- /* Put quoted arguments into the new argument vector. */
- for (i = 0; i < argc; i++)
- {
- const char *string = argv[i];
-
- if (string[0] == '\0')
- new_argv[i] = xstrdup ("\"\"");
- else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL)
- {
- int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL);
- size_t length;
- unsigned int backslashes;
- const char *s;
- char *quoted_string;
- char *p;
-
- length = 0;
- backslashes = 0;
- if (quote_around)
- length++;
- for (s = string; *s != '\0'; s++)
- {
- char c = *s;
- if (c == '"')
- length += backslashes + 1;
- length++;
- if (c == '\\')
- backslashes++;
- else
- backslashes = 0;
- }
- if (quote_around)
- length += backslashes + 1;
-
- quoted_string = XMALLOC (char, length + 1);
-
- p = quoted_string;
- backslashes = 0;
- if (quote_around)
- *p++ = '"';
- for (s = string; *s != '\0'; s++)
- {
- char c = *s;
- if (c == '"')
- {
- unsigned int j;
- for (j = backslashes + 1; j > 0; j--)
- *p++ = '\\';
- }
- *p++ = c;
- if (c == '\\')
- backslashes++;
- else
- backslashes = 0;
- }
- if (quote_around)
- {
- unsigned int j;
- for (j = backslashes; j > 0; j--)
- *p++ = '\\';
- *p++ = '"';
- }
- *p = '\0';
-
- new_argv[i] = quoted_string;
- }
- else
- new_argv[i] = (char *) string;
- }
- new_argv[argc] = NULL;
-
- return new_argv;
-}
-EOF
- ;;
- esac
-
- cat <<"EOF"
-void lt_dump_script (FILE* f)
-{
-EOF
- func_emit_wrapper yes |
- $SED -n -e '
-s/^\(.\{79\}\)\(..*\)/\1\
-\2/
-h
-s/\([\\"]\)/\\\1/g
-s/$/\\n/
-s/\([^\n]*\).*/ fputs ("\1", f);/p
-g
-D'
- cat <<"EOF"
-}
-EOF
-}
-# end: func_emit_cwrapperexe_src
-
-# func_win32_import_lib_p ARG
-# True if ARG is an import lib, as indicated by $file_magic_cmd
-func_win32_import_lib_p ()
-{
- $debug_cmd
-
- case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in
- *import*) : ;;
- *) false ;;
- esac
-}
-
-# func_suncc_cstd_abi
-# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!!
-# Several compiler flags select an ABI that is incompatible with the
-# Cstd library. Avoid specifying it if any are in CXXFLAGS.
-func_suncc_cstd_abi ()
-{
- $debug_cmd
-
- case " $compile_command " in
- *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*)
- suncc_use_cstd_abi=no
- ;;
- *)
- suncc_use_cstd_abi=yes
- ;;
- esac
-}
-
-# func_mode_link arg...
-func_mode_link ()
-{
- $debug_cmd
-
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- # It is impossible to link a dll without this setting, and
- # we shouldn't force the makefile maintainer to figure out
- # what system we are compiling for in order to pass an extra
- # flag for every libtool invocation.
- # allow_undefined=no
-
- # FIXME: Unfortunately, there are problems with the above when trying
- # to make a dll that has undefined symbols, in which case not
- # even a static library is built. For now, we need to specify
- # -no-undefined on the libtool link line when we can be certain
- # that all symbols are satisfied, otherwise we get a static library.
- allow_undefined=yes
- ;;
- *)
- allow_undefined=yes
- ;;
- esac
- libtool_args=$nonopt
- base_compile="$nonopt $@"
- compile_command=$nonopt
- finalize_command=$nonopt
-
- compile_rpath=
- finalize_rpath=
- compile_shlibpath=
- finalize_shlibpath=
- convenience=
- old_convenience=
- deplibs=
- old_deplibs=
- compiler_flags=
- linker_flags=
- dllsearchpath=
- lib_search_path=`pwd`
- inst_prefix_dir=
- new_inherited_linker_flags=
-
- avoid_version=no
- bindir=
- dlfiles=
- dlprefiles=
- dlself=no
- export_dynamic=no
- export_symbols=
- export_symbols_regex=
- generated=
- libobjs=
- ltlibs=
- module=no
- no_install=no
- objs=
- os2dllname=
- non_pic_objects=
- precious_files_regex=
- prefer_static_libs=no
- preload=false
- prev=
- prevarg=
- release=
- rpath=
- xrpath=
- perm_rpath=
- temp_rpath=
- thread_safe=no
- vinfo=
- vinfo_number=no
- weak_libs=
- single_module=$wl-single_module
- func_infer_tag $base_compile
-
- # We need to know -static, to get the right output filenames.
- for arg
- do
- case $arg in
- -shared)
- test yes != "$build_libtool_libs" \
- && func_fatal_configuration "cannot build a shared library"
- build_old_libs=no
- break
- ;;
- -all-static | -static | -static-libtool-libs)
- case $arg in
- -all-static)
- if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then
- func_warning "complete static linking is impossible in this configuration"
- fi
- if test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=yes
- ;;
- -static)
- if test -z "$pic_flag" && test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=built
- ;;
- -static-libtool-libs)
- if test -z "$pic_flag" && test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=yes
- ;;
- esac
- build_libtool_libs=no
- build_old_libs=yes
- break
- ;;
- esac
- done
-
- # See if our shared archives depend on static archives.
- test -n "$old_archive_from_new_cmds" && build_old_libs=yes
-
- # Go through the arguments, transforming them on the way.
- while test "$#" -gt 0; do
- arg=$1
- shift
- func_quote_for_eval "$arg"
- qarg=$func_quote_for_eval_unquoted_result
- func_append libtool_args " $func_quote_for_eval_result"
-
- # If the previous option needs an argument, assign it.
- if test -n "$prev"; then
- case $prev in
- output)
- func_append compile_command " @OUTPUT@"
- func_append finalize_command " @OUTPUT@"
- ;;
- esac
-
- case $prev in
- bindir)
- bindir=$arg
- prev=
- continue
- ;;
- dlfiles|dlprefiles)
- $preload || {
- # Add the symbol object into the linking commands.
- func_append compile_command " @SYMFILE@"
- func_append finalize_command " @SYMFILE@"
- preload=:
- }
- case $arg in
- *.la | *.lo) ;; # We handle these cases below.
- force)
- if test no = "$dlself"; then
- dlself=needless
- export_dynamic=yes
- fi
- prev=
- continue
- ;;
- self)
- if test dlprefiles = "$prev"; then
- dlself=yes
- elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then
- dlself=yes
- else
- dlself=needless
- export_dynamic=yes
- fi
- prev=
- continue
- ;;
- *)
- if test dlfiles = "$prev"; then
- func_append dlfiles " $arg"
- else
- func_append dlprefiles " $arg"
- fi
- prev=
- continue
- ;;
- esac
- ;;
- expsyms)
- export_symbols=$arg
- test -f "$arg" \
- || func_fatal_error "symbol file '$arg' does not exist"
- prev=
- continue
- ;;
- expsyms_regex)
- export_symbols_regex=$arg
- prev=
- continue
- ;;
- framework)
- case $host in
- *-*-darwin*)
- case "$deplibs " in
- *" $qarg.ltframework "*) ;;
- *) func_append deplibs " $qarg.ltframework" # this is fixed later
- ;;
- esac
- ;;
- esac
- prev=
- continue
- ;;
- inst_prefix)
- inst_prefix_dir=$arg
- prev=
- continue
- ;;
- mllvm)
- # Clang does not use LLVM to link, so we can simply discard any
- # '-mllvm $arg' options when doing the link step.
- prev=
- continue
- ;;
- objectlist)
- if test -f "$arg"; then
- save_arg=$arg
- moreargs=
- for fil in `cat "$save_arg"`
- do
-# func_append moreargs " $fil"
- arg=$fil
- # A libtool-controlled object.
-
- # Check to see that this really is a libtool object.
- if func_lalib_unsafe_p "$arg"; then
- pic_object=
- non_pic_object=
-
- # Read the .lo file
- func_source "$arg"
-
- if test -z "$pic_object" ||
- test -z "$non_pic_object" ||
- test none = "$pic_object" &&
- test none = "$non_pic_object"; then
- func_fatal_error "cannot find name of object for '$arg'"
- fi
-
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- if test none != "$pic_object"; then
- # Prepend the subdirectory the object is found in.
- pic_object=$xdir$pic_object
-
- if test dlfiles = "$prev"; then
- if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
- func_append dlfiles " $pic_object"
- prev=
- continue
- else
- # If libtool objects are unsupported, then we need to preload.
- prev=dlprefiles
- fi
- fi
-
- # CHECK ME: I think I busted this. -Ossama
- if test dlprefiles = "$prev"; then
- # Preload the old-style object.
- func_append dlprefiles " $pic_object"
- prev=
- fi
-
- # A PIC object.
- func_append libobjs " $pic_object"
- arg=$pic_object
- fi
-
- # Non-PIC object.
- if test none != "$non_pic_object"; then
- # Prepend the subdirectory the object is found in.
- non_pic_object=$xdir$non_pic_object
-
- # A standard non-PIC object
- func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test none = "$pic_object"; then
- arg=$non_pic_object
- fi
- else
- # If the PIC object exists, use it instead.
- # $xdir was prepended to $pic_object above.
- non_pic_object=$pic_object
- func_append non_pic_objects " $non_pic_object"
- fi
- else
- # Only an error if not doing a dry-run.
- if $opt_dry_run; then
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- func_lo2o "$arg"
- pic_object=$xdir$objdir/$func_lo2o_result
- non_pic_object=$xdir$func_lo2o_result
- func_append libobjs " $pic_object"
- func_append non_pic_objects " $non_pic_object"
- else
- func_fatal_error "'$arg' is not a valid libtool object"
- fi
- fi
- done
- else
- func_fatal_error "link input file '$arg' does not exist"
- fi
- arg=$save_arg
- prev=
- continue
- ;;
- os2dllname)
- os2dllname=$arg
- prev=
- continue
- ;;
- precious_regex)
- precious_files_regex=$arg
- prev=
- continue
- ;;
- release)
- release=-$arg
- prev=
- continue
- ;;
- rpath | xrpath)
- # We need an absolute path.
- case $arg in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- func_fatal_error "only absolute run-paths are allowed"
- ;;
- esac
- if test rpath = "$prev"; then
- case "$rpath " in
- *" $arg "*) ;;
- *) func_append rpath " $arg" ;;
- esac
- else
- case "$xrpath " in
- *" $arg "*) ;;
- *) func_append xrpath " $arg" ;;
- esac
- fi
- prev=
- continue
- ;;
- shrext)
- shrext_cmds=$arg
- prev=
- continue
- ;;
- weak)
- func_append weak_libs " $arg"
- prev=
- continue
- ;;
- xcclinker)
- func_append linker_flags " $qarg"
- func_append compiler_flags " $qarg"
- prev=
- func_append compile_command " $qarg"
- func_append finalize_command " $qarg"
- continue
- ;;
- xcompiler)
- func_append compiler_flags " $qarg"
- prev=
- func_append compile_command " $qarg"
- func_append finalize_command " $qarg"
- continue
- ;;
- xlinker)
- func_append linker_flags " $qarg"
- func_append compiler_flags " $wl$qarg"
- prev=
- func_append compile_command " $wl$qarg"
- func_append finalize_command " $wl$qarg"
- continue
- ;;
- *)
- eval "$prev=\"\$arg\""
- prev=
- continue
- ;;
- esac
- fi # test -n "$prev"
-
- prevarg=$arg
-
- case $arg in
- -all-static)
- if test -n "$link_static_flag"; then
- # See comment for -static flag below, for more details.
- func_append compile_command " $link_static_flag"
- func_append finalize_command " $link_static_flag"
- fi
- continue
- ;;
-
- -allow-undefined)
- # FIXME: remove this flag sometime in the future.
- func_fatal_error "'-allow-undefined' must not be used because it is the default"
- ;;
-
- -avoid-version)
- avoid_version=yes
- continue
- ;;
-
- -bindir)
- prev=bindir
- continue
- ;;
-
- -dlopen)
- prev=dlfiles
- continue
- ;;
-
- -dlpreopen)
- prev=dlprefiles
- continue
- ;;
-
- -export-dynamic)
- export_dynamic=yes
- continue
- ;;
-
- -export-symbols | -export-symbols-regex)
- if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
- func_fatal_error "more than one -exported-symbols argument is not allowed"
- fi
- if test X-export-symbols = "X$arg"; then
- prev=expsyms
- else
- prev=expsyms_regex
- fi
- continue
- ;;
-
- -framework)
- prev=framework
- continue
- ;;
-
- -inst-prefix-dir)
- prev=inst_prefix
- continue
- ;;
-
- # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
- # so, if we see these flags be careful not to treat them like -L
- -L[A-Z][A-Z]*:*)
- case $with_gcc/$host in
- no/*-*-irix* | /*-*-irix*)
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- ;;
- esac
- continue
- ;;
-
- -L*)
- func_stripname "-L" '' "$arg"
- if test -z "$func_stripname_result"; then
- if test "$#" -gt 0; then
- func_fatal_error "require no space between '-L' and '$1'"
- else
- func_fatal_error "need path for '-L' option"
- fi
- fi
- func_resolve_sysroot "$func_stripname_result"
- dir=$func_resolve_sysroot_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- absdir=`cd "$dir" && pwd`
- test -z "$absdir" && \
- func_fatal_error "cannot determine absolute directory name of '$dir'"
- dir=$absdir
- ;;
- esac
- case "$deplibs " in
- *" -L$dir "* | *" $arg "*)
- # Will only happen for absolute or sysroot arguments
- ;;
- *)
- # Preserve sysroot, but never include relative directories
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;;
- *) func_append deplibs " -L$dir" ;;
- esac
- func_append lib_search_path " $dir"
- ;;
- esac
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'`
- case :$dllsearchpath: in
- *":$dir:"*) ;;
- ::) dllsearchpath=$dir;;
- *) func_append dllsearchpath ":$dir";;
- esac
- case :$dllsearchpath: in
- *":$testbindir:"*) ;;
- ::) dllsearchpath=$testbindir;;
- *) func_append dllsearchpath ":$testbindir";;
- esac
- ;;
- esac
- continue
- ;;
-
- -l*)
- if test X-lc = "X$arg" || test X-lm = "X$arg"; then
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
- # These systems don't actually have a C or math library (as such)
- continue
- ;;
- *-*-os2*)
- # These systems don't actually have a C library (as such)
- test X-lc = "X$arg" && continue
- ;;
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
- # Do not include libc due to us having libc/libc_r.
- test X-lc = "X$arg" && continue
- ;;
- *-*-rhapsody* | *-*-darwin1.[012])
- # Rhapsody C and math libraries are in the System framework
- func_append deplibs " System.ltframework"
- continue
- ;;
- *-*-sco3.2v5* | *-*-sco5v6*)
- # Causes problems with __ctype
- test X-lc = "X$arg" && continue
- ;;
- *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
- # Compiler inserts libc in the correct place for threads to work
- test X-lc = "X$arg" && continue
- ;;
- esac
- elif test X-lc_r = "X$arg"; then
- case $host in
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
- # Do not include libc_r directly, use -pthread flag.
- continue
- ;;
- esac
- fi
- func_append deplibs " $arg"
- continue
- ;;
-
- -mllvm)
- prev=mllvm
- continue
- ;;
-
- -module)
- module=yes
- continue
- ;;
-
- # Tru64 UNIX uses -model [arg] to determine the layout of C++
- # classes, name mangling, and exception handling.
- # Darwin uses the -arch flag to determine output architecture.
- -model|-arch|-isysroot|--sysroot)
- func_append compiler_flags " $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- prev=xcompiler
- continue
- ;;
-
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
- |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- func_append compiler_flags " $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- case "$new_inherited_linker_flags " in
- *" $arg "*) ;;
- * ) func_append new_inherited_linker_flags " $arg" ;;
- esac
- continue
- ;;
-
- -multi_module)
- single_module=$wl-multi_module
- continue
- ;;
-
- -no-fast-install)
- fast_install=no
- continue
- ;;
-
- -no-install)
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
- # The PATH hackery in wrapper scripts is required on Windows
- # and Darwin in order for the loader to find any dlls it needs.
- func_warning "'-no-install' is ignored for $host"
- func_warning "assuming '-no-fast-install' instead"
- fast_install=no
- ;;
- *) no_install=yes ;;
- esac
- continue
- ;;
-
- -no-undefined)
- allow_undefined=no
- continue
- ;;
-
- -objectlist)
- prev=objectlist
- continue
- ;;
-
- -os2dllname)
- prev=os2dllname
- continue
- ;;
-
- -o) prev=output ;;
-
- -precious-files-regex)
- prev=precious_regex
- continue
- ;;
-
- -release)
- prev=release
- continue
- ;;
-
- -rpath)
- prev=rpath
- continue
- ;;
-
- -R)
- prev=xrpath
- continue
- ;;
-
- -R*)
- func_stripname '-R' '' "$arg"
- dir=$func_stripname_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- =*)
- func_stripname '=' '' "$dir"
- dir=$lt_sysroot$func_stripname_result
- ;;
- *)
- func_fatal_error "only absolute run-paths are allowed"
- ;;
- esac
- case "$xrpath " in
- *" $dir "*) ;;
- *) func_append xrpath " $dir" ;;
- esac
- continue
- ;;
-
- -shared)
- # The effects of -shared are defined in a previous loop.
- continue
- ;;
-
- -shrext)
- prev=shrext
- continue
- ;;
-
- -static | -static-libtool-libs)
- # The effects of -static are defined in a previous loop.
- # We used to do the same as -all-static on platforms that
- # didn't have a PIC flag, but the assumption that the effects
- # would be equivalent was wrong. It would break on at least
- # Digital Unix and AIX.
- continue
- ;;
-
- -thread-safe)
- thread_safe=yes
- continue
- ;;
-
- -version-info)
- prev=vinfo
- continue
- ;;
-
- -version-number)
- prev=vinfo
- vinfo_number=yes
- continue
- ;;
-
- -weak)
- prev=weak
- continue
- ;;
-
- -Wc,*)
- func_stripname '-Wc,' '' "$arg"
- args=$func_stripname_result
- arg=
- save_ifs=$IFS; IFS=,
- for flag in $args; do
- IFS=$save_ifs
- func_quote_for_eval "$flag"
- func_append arg " $func_quote_for_eval_result"
- func_append compiler_flags " $func_quote_for_eval_result"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$arg"
- arg=$func_stripname_result
- ;;
-
- -Wl,*)
- func_stripname '-Wl,' '' "$arg"
- args=$func_stripname_result
- arg=
- save_ifs=$IFS; IFS=,
- for flag in $args; do
- IFS=$save_ifs
- func_quote_for_eval "$flag"
- func_append arg " $wl$func_quote_for_eval_result"
- func_append compiler_flags " $wl$func_quote_for_eval_result"
- func_append linker_flags " $func_quote_for_eval_result"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$arg"
- arg=$func_stripname_result
- ;;
-
- -Xcompiler)
- prev=xcompiler
- continue
- ;;
-
- -Xlinker)
- prev=xlinker
- continue
- ;;
-
- -XCClinker)
- prev=xcclinker
- continue
- ;;
-
- # -msg_* for osf cc
- -msg_*)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
-
- # Flags to be passed through unchanged, with rationale:
- # -64, -mips[0-9] enable 64-bit mode for the SGI compiler
- # -r[0-9][0-9]* specify processor for the SGI compiler
- # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler
- # +DA*, +DD* enable 64-bit mode for the HP compiler
- # -q* compiler args for the IBM compiler
- # -m*, -t[45]*, -txscale* architecture-specific flags for GCC
- # -F/path path to uninstalled frameworks, gcc on darwin
- # -p, -pg, --coverage, -fprofile-* profiling flags for GCC
- # -fstack-protector* stack protector flags for GCC
- # @file GCC response files
- # -tp=* Portland pgcc target processor selection
- # --sysroot=* for sysroot support
- # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
- # -specs=* GCC specs files
- # -stdlib=* select c++ std lib with clang
- # -fsanitize=* Clang/GCC memory and address sanitizer
- # -fuse-ld=* Linker select flags for GCC
- # -static-* direct GCC to link specific libraries statically
- # -fcilkplus Cilk Plus language extension features for C/C++
- -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
- -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
- -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
- -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- func_append compiler_flags " $arg"
- continue
- ;;
-
- -Z*)
- if test os2 = "`expr $host : '.*\(os2\)'`"; then
- # OS/2 uses -Zxxx to specify OS/2-specific options
- compiler_flags="$compiler_flags $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- case $arg in
- -Zlinker | -Zstack)
- prev=xcompiler
- ;;
- esac
- continue
- else
- # Otherwise treat like 'Some other compiler flag' below
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- fi
- ;;
-
- # Some other compiler flag.
- -* | +*)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
-
- *.$objext)
- # A standard object.
- func_append objs " $arg"
- ;;
-
- *.lo)
- # A libtool-controlled object.
-
- # Check to see that this really is a libtool object.
- if func_lalib_unsafe_p "$arg"; then
- pic_object=
- non_pic_object=
-
- # Read the .lo file
- func_source "$arg"
-
- if test -z "$pic_object" ||
- test -z "$non_pic_object" ||
- test none = "$pic_object" &&
- test none = "$non_pic_object"; then
- func_fatal_error "cannot find name of object for '$arg'"
- fi
-
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- test none = "$pic_object" || {
- # Prepend the subdirectory the object is found in.
- pic_object=$xdir$pic_object
-
- if test dlfiles = "$prev"; then
- if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
- func_append dlfiles " $pic_object"
- prev=
- continue
- else
- # If libtool objects are unsupported, then we need to preload.
- prev=dlprefiles
- fi
- fi
-
- # CHECK ME: I think I busted this. -Ossama
- if test dlprefiles = "$prev"; then
- # Preload the old-style object.
- func_append dlprefiles " $pic_object"
- prev=
- fi
-
- # A PIC object.
- func_append libobjs " $pic_object"
- arg=$pic_object
- }
-
- # Non-PIC object.
- if test none != "$non_pic_object"; then
- # Prepend the subdirectory the object is found in.
- non_pic_object=$xdir$non_pic_object
-
- # A standard non-PIC object
- func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test none = "$pic_object"; then
- arg=$non_pic_object
- fi
- else
- # If the PIC object exists, use it instead.
- # $xdir was prepended to $pic_object above.
- non_pic_object=$pic_object
- func_append non_pic_objects " $non_pic_object"
- fi
- else
- # Only an error if not doing a dry-run.
- if $opt_dry_run; then
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- func_lo2o "$arg"
- pic_object=$xdir$objdir/$func_lo2o_result
- non_pic_object=$xdir$func_lo2o_result
- func_append libobjs " $pic_object"
- func_append non_pic_objects " $non_pic_object"
- else
- func_fatal_error "'$arg' is not a valid libtool object"
- fi
- fi
- ;;
-
- *.$libext)
- # An archive.
- func_append deplibs " $arg"
- func_append old_deplibs " $arg"
- continue
- ;;
-
- *.la)
- # A libtool-controlled library.
-
- func_resolve_sysroot "$arg"
- if test dlfiles = "$prev"; then
- # This library was specified with -dlopen.
- func_append dlfiles " $func_resolve_sysroot_result"
- prev=
- elif test dlprefiles = "$prev"; then
- # The library was specified with -dlpreopen.
- func_append dlprefiles " $func_resolve_sysroot_result"
- prev=
- else
- func_append deplibs " $func_resolve_sysroot_result"
- fi
- continue
- ;;
-
- # Some other compiler argument.
- *)
- # Unknown arguments in both finalize_command and compile_command need
- # to be aesthetically quoted because they are evaled later.
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
- esac # arg
-
- # Now actually substitute the argument into the commands.
- if test -n "$arg"; then
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- fi
- done # argument parsing loop
-
- test -n "$prev" && \
- func_fatal_help "the '$prevarg' option requires an argument"
-
- if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then
- eval arg=\"$export_dynamic_flag_spec\"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- fi
-
- oldlibs=
- # calculate the name of the file, without its directory
- func_basename "$output"
- outputname=$func_basename_result
- libobjs_save=$libobjs
-
- if test -n "$shlibpath_var"; then
- # get the directories listed in $shlibpath_var
- eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\`
- else
- shlib_search_path=
- fi
- eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
- eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
-
- # Definition is injected by LT_CONFIG during libtool generation.
- func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH"
-
- func_dirname "$output" "/" ""
- output_objdir=$func_dirname_result$objdir
- func_to_tool_file "$output_objdir/"
- tool_output_objdir=$func_to_tool_file_result
- # Create the object directory.
- func_mkdir_p "$output_objdir"
-
- # Determine the type of output
- case $output in
- "")
- func_fatal_help "you must specify an output file"
- ;;
- *.$libext) linkmode=oldlib ;;
- *.lo | *.$objext) linkmode=obj ;;
- *.la) linkmode=lib ;;
- *) linkmode=prog ;; # Anything else should be a program.
- esac
-
- specialdeplibs=
-
- libs=
- # Find all interdependent deplibs by searching for libraries
- # that are linked more than once (e.g. -la -lb -la)
- for deplib in $deplibs; do
- if $opt_preserve_dup_deps; then
- case "$libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append libs " $deplib"
- done
-
- if test lib = "$linkmode"; then
- libs="$predeps $libs $compiler_lib_search_path $postdeps"
-
- # Compute libraries that are listed more than once in $predeps
- # $postdeps and mark them as special (i.e., whose duplicates are
- # not to be eliminated).
- pre_post_deps=
- if $opt_duplicate_compiler_generated_deps; then
- for pre_post_dep in $predeps $postdeps; do
- case "$pre_post_deps " in
- *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;;
- esac
- func_append pre_post_deps " $pre_post_dep"
- done
- fi
- pre_post_deps=
- fi
-
- deplibs=
- newdependency_libs=
- newlib_search_path=
- need_relink=no # whether we're linking any uninstalled libtool libraries
- notinst_deplibs= # not-installed libtool libraries
- notinst_path= # paths that contain not-installed libtool libraries
-
- case $linkmode in
- lib)
- passes="conv dlpreopen link"
- for file in $dlfiles $dlprefiles; do
- case $file in
- *.la) ;;
- *)
- func_fatal_help "libraries can '-dlopen' only libtool libraries: $file"
- ;;
- esac
- done
- ;;
- prog)
- compile_deplibs=
- finalize_deplibs=
- alldeplibs=false
- newdlfiles=
- newdlprefiles=
- passes="conv scan dlopen dlpreopen link"
- ;;
- *) passes="conv"
- ;;
- esac
-
- for pass in $passes; do
- # The preopen pass in lib mode reverses $deplibs; put it back here
- # so that -L comes before libs that need it for instance...
- if test lib,link = "$linkmode,$pass"; then
- ## FIXME: Find the place where the list is rebuilt in the wrong
- ## order, and fix it there properly
- tmp_deplibs=
- for deplib in $deplibs; do
- tmp_deplibs="$deplib $tmp_deplibs"
- done
- deplibs=$tmp_deplibs
- fi
-
- if test lib,link = "$linkmode,$pass" ||
- test prog,scan = "$linkmode,$pass"; then
- libs=$deplibs
- deplibs=
- fi
- if test prog = "$linkmode"; then
- case $pass in
- dlopen) libs=$dlfiles ;;
- dlpreopen) libs=$dlprefiles ;;
- link)
- libs="$deplibs %DEPLIBS%"
- test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
- ;;
- esac
- fi
- if test lib,dlpreopen = "$linkmode,$pass"; then
- # Collect and forward deplibs of preopened libtool libs
- for lib in $dlprefiles; do
- # Ignore non-libtool-libs
- dependency_libs=
- func_resolve_sysroot "$lib"
- case $lib in
- *.la) func_source "$func_resolve_sysroot_result" ;;
- esac
-
- # Collect preopened libtool deplibs, except any this library
- # has declared as weak libs
- for deplib in $dependency_libs; do
- func_basename "$deplib"
- deplib_base=$func_basename_result
- case " $weak_libs " in
- *" $deplib_base "*) ;;
- *) func_append deplibs " $deplib" ;;
- esac
- done
- done
- libs=$dlprefiles
- fi
- if test dlopen = "$pass"; then
- # Collect dlpreopened libraries
- save_deplibs=$deplibs
- deplibs=
- fi
-
- for deplib in $libs; do
- lib=
- found=false
- case $deplib in
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
- |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- func_append compiler_flags " $deplib"
- if test lib = "$linkmode"; then
- case "$new_inherited_linker_flags " in
- *" $deplib "*) ;;
- * ) func_append new_inherited_linker_flags " $deplib" ;;
- esac
- fi
- fi
- continue
- ;;
- -l*)
- if test lib != "$linkmode" && test prog != "$linkmode"; then
- func_warning "'-l' is ignored for archives/objects"
- continue
- fi
- func_stripname '-l' '' "$deplib"
- name=$func_stripname_result
- if test lib = "$linkmode"; then
- searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
- else
- searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
- fi
- for searchdir in $searchdirs; do
- for search_ext in .la $std_shrext .so .a; do
- # Search the libtool library
- lib=$searchdir/lib$name$search_ext
- if test -f "$lib"; then
- if test .la = "$search_ext"; then
- found=:
- else
- found=false
- fi
- break 2
- fi
- done
- done
- if $found; then
- # deplib is a libtool library
- # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
- # We need to do some special things here, and not later.
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $deplib "*)
- if func_lalib_p "$lib"; then
- library_names=
- old_library=
- func_source "$lib"
- for l in $old_library $library_names; do
- ll=$l
- done
- if test "X$ll" = "X$old_library"; then # only static version available
- found=false
- func_dirname "$lib" "" "."
- ladir=$func_dirname_result
- lib=$ladir/$old_library
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
- fi
- continue
- fi
- fi
- ;;
- *) ;;
- esac
- fi
- else
- # deplib doesn't seem to be a libtool library
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
- fi
- continue
- fi
- ;; # -l
- *.ltframework)
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- if test lib = "$linkmode"; then
- case "$new_inherited_linker_flags " in
- *" $deplib "*) ;;
- * ) func_append new_inherited_linker_flags " $deplib" ;;
- esac
- fi
- fi
- continue
- ;;
- -L*)
- case $linkmode in
- lib)
- deplibs="$deplib $deplibs"
- test conv = "$pass" && continue
- newdependency_libs="$deplib $newdependency_libs"
- func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- prog)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- continue
- fi
- if test scan = "$pass"; then
- deplibs="$deplib $deplibs"
- else
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- fi
- func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- *)
- func_warning "'-L' is ignored for archives/objects"
- ;;
- esac # linkmode
- continue
- ;; # -L
- -R*)
- if test link = "$pass"; then
- func_stripname '-R' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- dir=$func_resolve_sysroot_result
- # Make sure the xrpath contains only unique directories.
- case "$xrpath " in
- *" $dir "*) ;;
- *) func_append xrpath " $dir" ;;
- esac
- fi
- deplibs="$deplib $deplibs"
- continue
- ;;
- *.la)
- func_resolve_sysroot "$deplib"
- lib=$func_resolve_sysroot_result
- ;;
- *.$libext)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- continue
- fi
- case $linkmode in
- lib)
- # Linking convenience modules into shared libraries is allowed,
- # but linking other static libraries is non-portable.
- case " $dlpreconveniencelibs " in
- *" $deplib "*) ;;
- *)
- valid_a_lib=false
- case $deplibs_check_method in
- match_pattern*)
- set dummy $deplibs_check_method; shift
- match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \
- | $EGREP "$match_pattern_regex" > /dev/null; then
- valid_a_lib=:
- fi
- ;;
- pass_all)
- valid_a_lib=:
- ;;
- esac
- if $valid_a_lib; then
- echo
- $ECHO "*** Warning: Linking the shared library $output against the"
- $ECHO "*** static library $deplib is not portable!"
- deplibs="$deplib $deplibs"
- else
- echo
- $ECHO "*** Warning: Trying to link with static lib archive $deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because the file extensions .$libext of this argument makes me believe"
- echo "*** that it is just a static archive that I should not use here."
- fi
- ;;
- esac
- continue
- ;;
- prog)
- if test link != "$pass"; then
- deplibs="$deplib $deplibs"
- else
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- fi
- continue
- ;;
- esac # linkmode
- ;; # *.$libext
- *.lo | *.$objext)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- elif test prog = "$linkmode"; then
- if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then
- # If there is no dlopen support or we're linking statically,
- # we need to preload.
- func_append newdlprefiles " $deplib"
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- func_append newdlfiles " $deplib"
- fi
- fi
- continue
- ;;
- %DEPLIBS%)
- alldeplibs=:
- continue
- ;;
- esac # case $deplib
-
- $found || test -f "$lib" \
- || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'"
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$lib" \
- || func_fatal_error "'$lib' is not a valid libtool archive"
-
- func_dirname "$lib" "" "."
- ladir=$func_dirname_result
-
- dlname=
- dlopen=
- dlpreopen=
- libdir=
- library_names=
- old_library=
- inherited_linker_flags=
- # If the library was installed with an old release of libtool,
- # it will not redefine variables installed, or shouldnotlink
- installed=yes
- shouldnotlink=no
- avoidtemprpath=
-
-
- # Read the .la file
- func_source "$lib"
-
- # Convert "-framework foo" to "foo.ltframework"
- if test -n "$inherited_linker_flags"; then
- tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'`
- for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
- case " $new_inherited_linker_flags " in
- *" $tmp_inherited_linker_flag "*) ;;
- *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";;
- esac
- done
- fi
- dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- if test lib,link = "$linkmode,$pass" ||
- test prog,scan = "$linkmode,$pass" ||
- { test prog != "$linkmode" && test lib != "$linkmode"; }; then
- test -n "$dlopen" && func_append dlfiles " $dlopen"
- test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen"
- fi
-
- if test conv = "$pass"; then
- # Only check for convenience libraries
- deplibs="$lib $deplibs"
- if test -z "$libdir"; then
- if test -z "$old_library"; then
- func_fatal_error "cannot find name of link library for '$lib'"
- fi
- # It is a libtool convenience library, so add in its objects.
- func_append convenience " $ladir/$objdir/$old_library"
- func_append old_convenience " $ladir/$objdir/$old_library"
- tmp_libs=
- for deplib in $dependency_libs; do
- deplibs="$deplib $deplibs"
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append tmp_libs " $deplib"
- done
- elif test prog != "$linkmode" && test lib != "$linkmode"; then
- func_fatal_error "'$lib' is not a convenience library"
- fi
- continue
- fi # $pass = conv
-
-
- # Get the name of the library we link against.
- linklib=
- if test -n "$old_library" &&
- { test yes = "$prefer_static_libs" ||
- test built,no = "$prefer_static_libs,$installed"; }; then
- linklib=$old_library
- else
- for l in $old_library $library_names; do
- linklib=$l
- done
- fi
- if test -z "$linklib"; then
- func_fatal_error "cannot find name of link library for '$lib'"
- fi
-
- # This library was specified with -dlopen.
- if test dlopen = "$pass"; then
- test -z "$libdir" \
- && func_fatal_error "cannot -dlopen a convenience library: '$lib'"
- if test -z "$dlname" ||
- test yes != "$dlopen_support" ||
- test no = "$build_libtool_libs"
- then
- # If there is no dlname, no dlopen support or we're linking
- # statically, we need to preload. We also need to preload any
- # dependent libraries so libltdl's deplib preloader doesn't
- # bomb out in the load deplibs phase.
- func_append dlprefiles " $lib $dependency_libs"
- else
- func_append newdlfiles " $lib"
- fi
- continue
- fi # $pass = dlopen
-
- # We need an absolute path.
- case $ladir in
- [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;;
- *)
- abs_ladir=`cd "$ladir" && pwd`
- if test -z "$abs_ladir"; then
- func_warning "cannot determine absolute directory name of '$ladir'"
- func_warning "passing it literally to the linker, although it might fail"
- abs_ladir=$ladir
- fi
- ;;
- esac
- func_basename "$lib"
- laname=$func_basename_result
-
- # Find the relevant object directory and library name.
- if test yes = "$installed"; then
- if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- func_warning "library '$lib' was moved."
- dir=$ladir
- absdir=$abs_ladir
- libdir=$abs_ladir
- else
- dir=$lt_sysroot$libdir
- absdir=$lt_sysroot$libdir
- fi
- test yes = "$hardcode_automatic" && avoidtemprpath=yes
- else
- if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- dir=$ladir
- absdir=$abs_ladir
- # Remove this search path later
- func_append notinst_path " $abs_ladir"
- else
- dir=$ladir/$objdir
- absdir=$abs_ladir/$objdir
- # Remove this search path later
- func_append notinst_path " $abs_ladir"
- fi
- fi # $installed = yes
- func_stripname 'lib' '.la' "$laname"
- name=$func_stripname_result
-
- # This library was specified with -dlpreopen.
- if test dlpreopen = "$pass"; then
- if test -z "$libdir" && test prog = "$linkmode"; then
- func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'"
- fi
- case $host in
- # special handling for platforms with PE-DLLs.
- *cygwin* | *mingw* | *cegcc* )
- # Linker will automatically link against shared library if both
- # static and shared are present. Therefore, ensure we extract
- # symbols from the import library if a shared library is present
- # (otherwise, the dlopen module name will be incorrect). We do
- # this by putting the import library name into $newdlprefiles.
- # We recover the dlopen module name by 'saving' the la file
- # name in a special purpose variable, and (later) extracting the
- # dlname from the la file.
- if test -n "$dlname"; then
- func_tr_sh "$dir/$linklib"
- eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname"
- func_append newdlprefiles " $dir/$linklib"
- else
- func_append newdlprefiles " $dir/$old_library"
- # Keep a list of preopened convenience libraries to check
- # that they are being used correctly in the link pass.
- test -z "$libdir" && \
- func_append dlpreconveniencelibs " $dir/$old_library"
- fi
- ;;
- * )
- # Prefer using a static library (so that no silly _DYNAMIC symbols
- # are required to link).
- if test -n "$old_library"; then
- func_append newdlprefiles " $dir/$old_library"
- # Keep a list of preopened convenience libraries to check
- # that they are being used correctly in the link pass.
- test -z "$libdir" && \
- func_append dlpreconveniencelibs " $dir/$old_library"
- # Otherwise, use the dlname, so that lt_dlopen finds it.
- elif test -n "$dlname"; then
- func_append newdlprefiles " $dir/$dlname"
- else
- func_append newdlprefiles " $dir/$linklib"
- fi
- ;;
- esac
- fi # $pass = dlpreopen
-
- if test -z "$libdir"; then
- # Link the convenience library
- if test lib = "$linkmode"; then
- deplibs="$dir/$old_library $deplibs"
- elif test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$dir/$old_library $compile_deplibs"
- finalize_deplibs="$dir/$old_library $finalize_deplibs"
- else
- deplibs="$lib $deplibs" # used for prog,scan pass
- fi
- continue
- fi
-
-
- if test prog = "$linkmode" && test link != "$pass"; then
- func_append newlib_search_path " $ladir"
- deplibs="$lib $deplibs"
-
- linkalldeplibs=false
- if test no != "$link_all_deplibs" || test -z "$library_names" ||
- test no = "$build_libtool_libs"; then
- linkalldeplibs=:
- fi
-
- tmp_libs=
- for deplib in $dependency_libs; do
- case $deplib in
- -L*) func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- esac
- # Need to link against all dependency_libs?
- if $linkalldeplibs; then
- deplibs="$deplib $deplibs"
- else
- # Need to hardcode shared library paths
- # or/and link against static libraries
- newdependency_libs="$deplib $newdependency_libs"
- fi
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append tmp_libs " $deplib"
- done # for deplib
- continue
- fi # $linkmode = prog...
-
- if test prog,link = "$linkmode,$pass"; then
- if test -n "$library_names" &&
- { { test no = "$prefer_static_libs" ||
- test built,yes = "$prefer_static_libs,$installed"; } ||
- test -z "$old_library"; }; then
- # We need to hardcode the library path
- if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then
- # Make sure the rpath contains only unique directories.
- case $temp_rpath: in
- *"$absdir:"*) ;;
- *) func_append temp_rpath "$absdir:" ;;
- esac
- fi
-
- # Hardcode the library path.
- # Skip directories that are in the system default run-time
- # search path.
- case " $sys_lib_dlsearch_path " in
- *" $absdir "*) ;;
- *)
- case "$compile_rpath " in
- *" $absdir "*) ;;
- *) func_append compile_rpath " $absdir" ;;
- esac
- ;;
- esac
- case " $sys_lib_dlsearch_path " in
- *" $libdir "*) ;;
- *)
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- ;;
- esac
- fi # $linkmode,$pass = prog,link...
-
- if $alldeplibs &&
- { test pass_all = "$deplibs_check_method" ||
- { test yes = "$build_libtool_libs" &&
- test -n "$library_names"; }; }; then
- # We only need to search for static libraries
- continue
- fi
- fi
-
- link_static=no # Whether the deplib will be linked statically
- use_static_libs=$prefer_static_libs
- if test built = "$use_static_libs" && test yes = "$installed"; then
- use_static_libs=no
- fi
- if test -n "$library_names" &&
- { test no = "$use_static_libs" || test -z "$old_library"; }; then
- case $host in
- *cygwin* | *mingw* | *cegcc* | *os2*)
- # No point in relinking DLLs because paths are not encoded
- func_append notinst_deplibs " $lib"
- need_relink=no
- ;;
- *)
- if test no = "$installed"; then
- func_append notinst_deplibs " $lib"
- need_relink=yes
- fi
- ;;
- esac
- # This is a shared library
-
- # Warn about portability, can't link against -module's on some
- # systems (darwin). Don't bleat about dlopened modules though!
- dlopenmodule=
- for dlpremoduletest in $dlprefiles; do
- if test "X$dlpremoduletest" = "X$lib"; then
- dlopenmodule=$dlpremoduletest
- break
- fi
- done
- if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then
- echo
- if test prog = "$linkmode"; then
- $ECHO "*** Warning: Linking the executable $output against the loadable module"
- else
- $ECHO "*** Warning: Linking the shared library $output against the loadable module"
- fi
- $ECHO "*** $linklib is not portable!"
- fi
- if test lib = "$linkmode" &&
- test yes = "$hardcode_into_libs"; then
- # Hardcode the library path.
- # Skip directories that are in the system default run-time
- # search path.
- case " $sys_lib_dlsearch_path " in
- *" $absdir "*) ;;
- *)
- case "$compile_rpath " in
- *" $absdir "*) ;;
- *) func_append compile_rpath " $absdir" ;;
- esac
- ;;
- esac
- case " $sys_lib_dlsearch_path " in
- *" $libdir "*) ;;
- *)
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- ;;
- esac
- fi
-
- if test -n "$old_archive_from_expsyms_cmds"; then
- # figure out the soname
- set dummy $library_names
- shift
- realname=$1
- shift
- libname=`eval "\\$ECHO \"$libname_spec\""`
- # use dlname if we got it. it's perfectly good, no?
- if test -n "$dlname"; then
- soname=$dlname
- elif test -n "$soname_spec"; then
- # bleh windows
- case $host in
- *cygwin* | mingw* | *cegcc* | *os2*)
- func_arith $current - $age
- major=$func_arith_result
- versuffix=-$major
- ;;
- esac
- eval soname=\"$soname_spec\"
- else
- soname=$realname
- fi
-
- # Make a new name for the extract_expsyms_cmds to use
- soroot=$soname
- func_basename "$soroot"
- soname=$func_basename_result
- func_stripname 'lib' '.dll' "$soname"
- newlib=libimp-$func_stripname_result.a
-
- # If the library has no export list, then create one now
- if test -f "$output_objdir/$soname-def"; then :
- else
- func_verbose "extracting exported symbol list from '$soname'"
- func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
- fi
-
- # Create $newlib
- if test -f "$output_objdir/$newlib"; then :; else
- func_verbose "generating import library for '$soname'"
- func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
- fi
- # make sure the library variables are pointing to the new library
- dir=$output_objdir
- linklib=$newlib
- fi # test -n "$old_archive_from_expsyms_cmds"
-
- if test prog = "$linkmode" || test relink != "$opt_mode"; then
- add_shlibpath=
- add_dir=
- add=
- lib_linked=yes
- case $hardcode_action in
- immediate | unsupported)
- if test no = "$hardcode_direct"; then
- add=$dir/$linklib
- case $host in
- *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;;
- *-*-sysv4*uw2*) add_dir=-L$dir ;;
- *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
- *-*-unixware7*) add_dir=-L$dir ;;
- *-*-darwin* )
- # if the lib is a (non-dlopened) module then we cannot
- # link against it, someone is ignoring the earlier warnings
- if /usr/bin/file -L $add 2> /dev/null |
- $GREP ": [^:]* bundle" >/dev/null; then
- if test "X$dlopenmodule" != "X$lib"; then
- $ECHO "*** Warning: lib $linklib is a module, not a shared library"
- if test -z "$old_library"; then
- echo
- echo "*** And there doesn't seem to be a static archive available"
- echo "*** The link will probably fail, sorry"
- else
- add=$dir/$old_library
- fi
- elif test -n "$old_library"; then
- add=$dir/$old_library
- fi
- fi
- esac
- elif test no = "$hardcode_minus_L"; then
- case $host in
- *-*-sunos*) add_shlibpath=$dir ;;
- esac
- add_dir=-L$dir
- add=-l$name
- elif test no = "$hardcode_shlibpath_var"; then
- add_shlibpath=$dir
- add=-l$name
- else
- lib_linked=no
- fi
- ;;
- relink)
- if test yes = "$hardcode_direct" &&
- test no = "$hardcode_direct_absolute"; then
- add=$dir/$linklib
- elif test yes = "$hardcode_minus_L"; then
- add_dir=-L$absdir
- # Try looking first in the location we're being installed to.
- if test -n "$inst_prefix_dir"; then
- case $libdir in
- [\\/]*)
- func_append add_dir " -L$inst_prefix_dir$libdir"
- ;;
- esac
- fi
- add=-l$name
- elif test yes = "$hardcode_shlibpath_var"; then
- add_shlibpath=$dir
- add=-l$name
- else
- lib_linked=no
- fi
- ;;
- *) lib_linked=no ;;
- esac
-
- if test yes != "$lib_linked"; then
- func_fatal_configuration "unsupported hardcode properties"
- fi
-
- if test -n "$add_shlibpath"; then
- case :$compile_shlibpath: in
- *":$add_shlibpath:"*) ;;
- *) func_append compile_shlibpath "$add_shlibpath:" ;;
- esac
- fi
- if test prog = "$linkmode"; then
- test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
- test -n "$add" && compile_deplibs="$add $compile_deplibs"
- else
- test -n "$add_dir" && deplibs="$add_dir $deplibs"
- test -n "$add" && deplibs="$add $deplibs"
- if test yes != "$hardcode_direct" &&
- test yes != "$hardcode_minus_L" &&
- test yes = "$hardcode_shlibpath_var"; then
- case :$finalize_shlibpath: in
- *":$libdir:"*) ;;
- *) func_append finalize_shlibpath "$libdir:" ;;
- esac
- fi
- fi
- fi
-
- if test prog = "$linkmode" || test relink = "$opt_mode"; then
- add_shlibpath=
- add_dir=
- add=
- # Finalize command for both is simple: just hardcode it.
- if test yes = "$hardcode_direct" &&
- test no = "$hardcode_direct_absolute"; then
- add=$libdir/$linklib
- elif test yes = "$hardcode_minus_L"; then
- add_dir=-L$libdir
- add=-l$name
- elif test yes = "$hardcode_shlibpath_var"; then
- case :$finalize_shlibpath: in
- *":$libdir:"*) ;;
- *) func_append finalize_shlibpath "$libdir:" ;;
- esac
- add=-l$name
- elif test yes = "$hardcode_automatic"; then
- if test -n "$inst_prefix_dir" &&
- test -f "$inst_prefix_dir$libdir/$linklib"; then
- add=$inst_prefix_dir$libdir/$linklib
- else
- add=$libdir/$linklib
- fi
- else
- # We cannot seem to hardcode it, guess we'll fake it.
- add_dir=-L$libdir
- # Try looking first in the location we're being installed to.
- if test -n "$inst_prefix_dir"; then
- case $libdir in
- [\\/]*)
- func_append add_dir " -L$inst_prefix_dir$libdir"
- ;;
- esac
- fi
- add=-l$name
- fi
-
- if test prog = "$linkmode"; then
- test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
- test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
- else
- test -n "$add_dir" && deplibs="$add_dir $deplibs"
- test -n "$add" && deplibs="$add $deplibs"
- fi
- fi
- elif test prog = "$linkmode"; then
- # Here we assume that one of hardcode_direct or hardcode_minus_L
- # is not unsupported. This is valid on all known static and
- # shared platforms.
- if test unsupported != "$hardcode_direct"; then
- test -n "$old_library" && linklib=$old_library
- compile_deplibs="$dir/$linklib $compile_deplibs"
- finalize_deplibs="$dir/$linklib $finalize_deplibs"
- else
- compile_deplibs="-l$name -L$dir $compile_deplibs"
- finalize_deplibs="-l$name -L$dir $finalize_deplibs"
- fi
- elif test yes = "$build_libtool_libs"; then
- # Not a shared library
- if test pass_all != "$deplibs_check_method"; then
- # We're trying link a shared library against a static one
- # but the system doesn't support it.
-
- # Just print a warning and add the library to dependency_libs so
- # that the program can be linked against the static library.
- echo
- $ECHO "*** Warning: This system cannot link to static lib archive $lib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have."
- if test yes = "$module"; then
- echo "*** But as you try to build a module library, libtool will still create "
- echo "*** a static module, that should work as long as the dlopening application"
- echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
- if test -z "$global_symbol_pipe"; then
- echo
- echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
- echo "*** not find such a program. So, this module is probably useless."
- echo "*** 'nm' from GNU binutils and a full rebuild may help."
- fi
- if test no = "$build_old_libs"; then
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- fi
- else
- deplibs="$dir/$old_library $deplibs"
- link_static=yes
- fi
- fi # link shared/static library?
-
- if test lib = "$linkmode"; then
- if test -n "$dependency_libs" &&
- { test yes != "$hardcode_into_libs" ||
- test yes = "$build_old_libs" ||
- test yes = "$link_static"; }; then
- # Extract -R from dependency_libs
- temp_deplibs=
- for libdir in $dependency_libs; do
- case $libdir in
- -R*) func_stripname '-R' '' "$libdir"
- temp_xrpath=$func_stripname_result
- case " $xrpath " in
- *" $temp_xrpath "*) ;;
- *) func_append xrpath " $temp_xrpath";;
- esac;;
- *) func_append temp_deplibs " $libdir";;
- esac
- done
- dependency_libs=$temp_deplibs
- fi
-
- func_append newlib_search_path " $absdir"
- # Link against this library
- test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
- # ... and its dependency_libs
- tmp_libs=
- for deplib in $dependency_libs; do
- newdependency_libs="$deplib $newdependency_libs"
- case $deplib in
- -L*) func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result";;
- *) func_resolve_sysroot "$deplib" ;;
- esac
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $func_resolve_sysroot_result "*)
- func_append specialdeplibs " $func_resolve_sysroot_result" ;;
- esac
- fi
- func_append tmp_libs " $func_resolve_sysroot_result"
- done
-
- if test no != "$link_all_deplibs"; then
- # Add the search paths of all dependency libraries
- for deplib in $dependency_libs; do
- path=
- case $deplib in
- -L*) path=$deplib ;;
- *.la)
- func_resolve_sysroot "$deplib"
- deplib=$func_resolve_sysroot_result
- func_dirname "$deplib" "" "."
- dir=$func_dirname_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;;
- *)
- absdir=`cd "$dir" && pwd`
- if test -z "$absdir"; then
- func_warning "cannot determine absolute directory name of '$dir'"
- absdir=$dir
- fi
- ;;
- esac
- if $GREP "^installed=no" $deplib > /dev/null; then
- case $host in
- *-*-darwin*)
- depdepl=
- eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
- if test -n "$deplibrary_names"; then
- for tmp in $deplibrary_names; do
- depdepl=$tmp
- done
- if test -f "$absdir/$objdir/$depdepl"; then
- depdepl=$absdir/$objdir/$depdepl
- darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
- if test -z "$darwin_install_name"; then
- darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
- fi
- func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl"
- func_append linker_flags " -dylib_file $darwin_install_name:$depdepl"
- path=
- fi
- fi
- ;;
- *)
- path=-L$absdir/$objdir
- ;;
- esac
- else
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
- test -z "$libdir" && \
- func_fatal_error "'$deplib' is not a valid libtool archive"
- test "$absdir" != "$libdir" && \
- func_warning "'$deplib' seems to be moved"
-
- path=-L$absdir
- fi
- ;;
- esac
- case " $deplibs " in
- *" $path "*) ;;
- *) deplibs="$path $deplibs" ;;
- esac
- done
- fi # link_all_deplibs != no
- fi # linkmode = lib
- done # for deplib in $libs
- if test link = "$pass"; then
- if test prog = "$linkmode"; then
- compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
- finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
- else
- compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- fi
- fi
- dependency_libs=$newdependency_libs
- if test dlpreopen = "$pass"; then
- # Link the dlpreopened libraries before other libraries
- for deplib in $save_deplibs; do
- deplibs="$deplib $deplibs"
- done
- fi
- if test dlopen != "$pass"; then
- test conv = "$pass" || {
- # Make sure lib_search_path contains only unique directories.
- lib_search_path=
- for dir in $newlib_search_path; do
- case "$lib_search_path " in
- *" $dir "*) ;;
- *) func_append lib_search_path " $dir" ;;
- esac
- done
- newlib_search_path=
- }
-
- if test prog,link = "$linkmode,$pass"; then
- vars="compile_deplibs finalize_deplibs"
- else
- vars=deplibs
- fi
- for var in $vars dependency_libs; do
- # Add libraries to $var in reverse order
- eval tmp_libs=\"\$$var\"
- new_libs=
- for deplib in $tmp_libs; do
- # FIXME: Pedantically, this is the right thing to do, so
- # that some nasty dependency loop isn't accidentally
- # broken:
- #new_libs="$deplib $new_libs"
- # Pragmatically, this seems to cause very few problems in
- # practice:
- case $deplib in
- -L*) new_libs="$deplib $new_libs" ;;
- -R*) ;;
- *)
- # And here is the reason: when a library appears more
- # than once as an explicit dependence of a library, or
- # is implicitly linked in more than once by the
- # compiler, it is considered special, and multiple
- # occurrences thereof are not removed. Compare this
- # with having the same library being listed as a
- # dependency of multiple other libraries: in this case,
- # we know (pedantically, we assume) the library does not
- # need to be listed more than once, so we keep only the
- # last copy. This is not always right, but it is rare
- # enough that we require users that really mean to play
- # such unportable linking tricks to link the library
- # using -Wl,-lname, so that libtool does not consider it
- # for duplicate removal.
- case " $specialdeplibs " in
- *" $deplib "*) new_libs="$deplib $new_libs" ;;
- *)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) new_libs="$deplib $new_libs" ;;
- esac
- ;;
- esac
- ;;
- esac
- done
- tmp_libs=
- for deplib in $new_libs; do
- case $deplib in
- -L*)
- case " $tmp_libs " in
- *" $deplib "*) ;;
- *) func_append tmp_libs " $deplib" ;;
- esac
- ;;
- *) func_append tmp_libs " $deplib" ;;
- esac
- done
- eval $var=\"$tmp_libs\"
- done # for var
- fi
-
- # Add Sun CC postdeps if required:
- test CXX = "$tagname" && {
- case $host_os in
- linux*)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C++ 5.9
- func_suncc_cstd_abi
-
- if test no != "$suncc_use_cstd_abi"; then
- func_append postdeps ' -library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
-
- solaris*)
- func_cc_basename "$CC"
- case $func_cc_basename_result in
- CC* | sunCC*)
- func_suncc_cstd_abi
-
- if test no != "$suncc_use_cstd_abi"; then
- func_append postdeps ' -library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
- esac
- }
-
- # Last step: remove runtime libs from dependency_libs
- # (they stay in deplibs)
- tmp_libs=
- for i in $dependency_libs; do
- case " $predeps $postdeps $compiler_lib_search_path " in
- *" $i "*)
- i=
- ;;
- esac
- if test -n "$i"; then
- func_append tmp_libs " $i"
- fi
- done
- dependency_libs=$tmp_libs
- done # for pass
- if test prog = "$linkmode"; then
- dlfiles=$newdlfiles
- fi
- if test prog = "$linkmode" || test lib = "$linkmode"; then
- dlprefiles=$newdlprefiles
- fi
-
- case $linkmode in
- oldlib)
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- func_warning "'-dlopen' is ignored for archives"
- fi
-
- case " $deplibs" in
- *\ -l* | *\ -L*)
- func_warning "'-l' and '-L' are ignored for archives" ;;
- esac
-
- test -n "$rpath" && \
- func_warning "'-rpath' is ignored for archives"
-
- test -n "$xrpath" && \
- func_warning "'-R' is ignored for archives"
-
- test -n "$vinfo" && \
- func_warning "'-version-info/-version-number' is ignored for archives"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for archives"
-
- test -n "$export_symbols$export_symbols_regex" && \
- func_warning "'-export-symbols' is ignored for archives"
-
- # Now set the variables for building old libraries.
- build_libtool_libs=no
- oldlibs=$output
- func_append objs "$old_deplibs"
- ;;
-
- lib)
- # Make sure we only generate libraries of the form 'libNAME.la'.
- case $outputname in
- lib*)
- func_stripname 'lib' '.la' "$outputname"
- name=$func_stripname_result
- eval shared_ext=\"$shrext_cmds\"
- eval libname=\"$libname_spec\"
- ;;
- *)
- test no = "$module" \
- && func_fatal_help "libtool library '$output' must begin with 'lib'"
-
- if test no != "$need_lib_prefix"; then
- # Add the "lib" prefix for modules if required
- func_stripname '' '.la' "$outputname"
- name=$func_stripname_result
- eval shared_ext=\"$shrext_cmds\"
- eval libname=\"$libname_spec\"
- else
- func_stripname '' '.la' "$outputname"
- libname=$func_stripname_result
- fi
- ;;
- esac
-
- if test -n "$objs"; then
- if test pass_all != "$deplibs_check_method"; then
- func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs"
- else
- echo
- $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
- $ECHO "*** objects $objs is not portable!"
- func_append libobjs " $objs"
- fi
- fi
-
- test no = "$dlself" \
- || func_warning "'-dlopen self' is ignored for libtool libraries"
-
- set dummy $rpath
- shift
- test 1 -lt "$#" \
- && func_warning "ignoring multiple '-rpath's for a libtool library"
-
- install_libdir=$1
-
- oldlibs=
- if test -z "$rpath"; then
- if test yes = "$build_libtool_libs"; then
- # Building a libtool convenience library.
- # Some compilers have problems with a '.al' extension so
- # convenience libraries should have the same extension an
- # archive normally would.
- oldlibs="$output_objdir/$libname.$libext $oldlibs"
- build_libtool_libs=convenience
- build_old_libs=yes
- fi
-
- test -n "$vinfo" && \
- func_warning "'-version-info/-version-number' is ignored for convenience libraries"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for convenience libraries"
- else
-
- # Parse the version information argument.
- save_ifs=$IFS; IFS=:
- set dummy $vinfo 0 0 0
- shift
- IFS=$save_ifs
-
- test -n "$7" && \
- func_fatal_help "too many parameters to '-version-info'"
-
- # convert absolute version numbers to libtool ages
- # this retains compatibility with .la files and attempts
- # to make the code below a bit more comprehensible
-
- case $vinfo_number in
- yes)
- number_major=$1
- number_minor=$2
- number_revision=$3
- #
- # There are really only two kinds -- those that
- # use the current revision as the major version
- # and those that subtract age and use age as
- # a minor version. But, then there is irix
- # that has an extra 1 added just for fun
- #
- case $version_type in
- # correct linux to gnu/linux during the next big refactor
- darwin|freebsd-elf|linux|osf|windows|none)
- func_arith $number_major + $number_minor
- current=$func_arith_result
- age=$number_minor
- revision=$number_revision
- ;;
- freebsd-aout|qnx|sunos)
- current=$number_major
- revision=$number_minor
- age=0
- ;;
- irix|nonstopux)
- func_arith $number_major + $number_minor
- current=$func_arith_result
- age=$number_minor
- revision=$number_minor
- lt_irix_increment=no
- ;;
- *)
- func_fatal_configuration "$modename: unknown library version type '$version_type'"
- ;;
- esac
- ;;
- no)
- current=$1
- revision=$2
- age=$3
- ;;
- esac
-
- # Check that each of the things are valid numbers.
- case $current in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "CURRENT '$current' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- case $revision in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "REVISION '$revision' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- case $age in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "AGE '$age' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- if test "$age" -gt "$current"; then
- func_error "AGE '$age' is greater than the current interface number '$current'"
- func_fatal_error "'$vinfo' is not valid version information"
- fi
-
- # Calculate the version variables.
- major=
- versuffix=
- verstring=
- case $version_type in
- none) ;;
-
- darwin)
- # Like Linux, but with the current version available in
- # verstring for coding it into the library header
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- # Darwin ld doesn't like 0 for these options...
- func_arith $current + 1
- minor_current=$func_arith_result
- xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
- verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
- # On Darwin other compilers
- case $CC in
- nagfor*)
- verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
- ;;
- *)
- verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
- ;;
- esac
- ;;
-
- freebsd-aout)
- major=.$current
- versuffix=.$current.$revision
- ;;
-
- freebsd-elf)
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- ;;
-
- irix | nonstopux)
- if test no = "$lt_irix_increment"; then
- func_arith $current - $age
- else
- func_arith $current - $age + 1
- fi
- major=$func_arith_result
-
- case $version_type in
- nonstopux) verstring_prefix=nonstopux ;;
- *) verstring_prefix=sgi ;;
- esac
- verstring=$verstring_prefix$major.$revision
-
- # Add in all the interfaces that we are compatible with.
- loop=$revision
- while test 0 -ne "$loop"; do
- func_arith $revision - $loop
- iface=$func_arith_result
- func_arith $loop - 1
- loop=$func_arith_result
- verstring=$verstring_prefix$major.$iface:$verstring
- done
-
- # Before this point, $major must not contain '.'.
- major=.$major
- versuffix=$major.$revision
- ;;
-
- linux) # correct to gnu/linux during the next big refactor
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- ;;
-
- osf)
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=.$current.$age.$revision
- verstring=$current.$age.$revision
-
- # Add in all the interfaces that we are compatible with.
- loop=$age
- while test 0 -ne "$loop"; do
- func_arith $current - $loop
- iface=$func_arith_result
- func_arith $loop - 1
- loop=$func_arith_result
- verstring=$verstring:$iface.0
- done
-
- # Make executables depend on our current version.
- func_append verstring ":$current.0"
- ;;
-
- qnx)
- major=.$current
- versuffix=.$current
- ;;
-
- sco)
- major=.$current
- versuffix=.$current
- ;;
-
- sunos)
- major=.$current
- versuffix=.$current.$revision
- ;;
-
- windows)
- # Use '-' rather than '.', since we only want one
- # extension on DOS 8.3 file systems.
- func_arith $current - $age
- major=$func_arith_result
- versuffix=-$major
- ;;
-
- *)
- func_fatal_configuration "unknown library version type '$version_type'"
- ;;
- esac
-
- # Clear the version info if we defaulted, and they specified a release.
- if test -z "$vinfo" && test -n "$release"; then
- major=
- case $version_type in
- darwin)
- # we can't check for "0.0" in archive_cmds due to quoting
- # problems, so we reset it completely
- verstring=
- ;;
- *)
- verstring=0.0
- ;;
- esac
- if test no = "$need_version"; then
- versuffix=
- else
- versuffix=.0.0
- fi
- fi
-
- # Remove version info from name if versioning should be avoided
- if test yes,no = "$avoid_version,$need_version"; then
- major=
- versuffix=
- verstring=
- fi
-
- # Check to see if the archive will have undefined symbols.
- if test yes = "$allow_undefined"; then
- if test unsupported = "$allow_undefined_flag"; then
- if test yes = "$build_old_libs"; then
- func_warning "undefined symbols not allowed in $host shared libraries; building static only"
- build_libtool_libs=no
- else
- func_fatal_error "can't build $host shared library unless -no-undefined is specified"
- fi
- fi
- else
- # Don't allow undefined symbols.
- allow_undefined_flag=$no_undefined_flag
- fi
-
- fi
-
- func_generate_dlsyms "$libname" "$libname" :
- func_append libobjs " $symfileobj"
- test " " = "$libobjs" && libobjs=
-
- if test relink != "$opt_mode"; then
- # Remove our outputs, but don't remove object files since they
- # may have been created when compiling PIC objects.
- removelist=
- tempremovelist=`$ECHO "$output_objdir/*"`
- for p in $tempremovelist; do
- case $p in
- *.$objext | *.gcno)
- ;;
- $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*)
- if test -n "$precious_files_regex"; then
- if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
- then
- continue
- fi
- fi
- func_append removelist " $p"
- ;;
- *) ;;
- esac
- done
- test -n "$removelist" && \
- func_show_eval "${RM}r \$removelist"
- fi
-
- # Now set the variables for building old libraries.
- if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then
- func_append oldlibs " $output_objdir/$libname.$libext"
-
- # Transform .lo files to .o files.
- oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP`
- fi
-
- # Eliminate all temporary directories.
- #for path in $notinst_path; do
- # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"`
- # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"`
- # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"`
- #done
-
- if test -n "$xrpath"; then
- # If the user specified any rpath flags, then add them.
- temp_xrpath=
- for libdir in $xrpath; do
- func_replace_sysroot "$libdir"
- func_append temp_xrpath " -R$func_replace_sysroot_result"
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- done
- if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then
- dependency_libs="$temp_xrpath $dependency_libs"
- fi
- fi
-
- # Make sure dlfiles contains only unique files that won't be dlpreopened
- old_dlfiles=$dlfiles
- dlfiles=
- for lib in $old_dlfiles; do
- case " $dlprefiles $dlfiles " in
- *" $lib "*) ;;
- *) func_append dlfiles " $lib" ;;
- esac
- done
-
- # Make sure dlprefiles contains only unique files
- old_dlprefiles=$dlprefiles
- dlprefiles=
- for lib in $old_dlprefiles; do
- case "$dlprefiles " in
- *" $lib "*) ;;
- *) func_append dlprefiles " $lib" ;;
- esac
- done
-
- if test yes = "$build_libtool_libs"; then
- if test -n "$rpath"; then
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
- # these systems don't actually have a c library (as such)!
- ;;
- *-*-rhapsody* | *-*-darwin1.[012])
- # Rhapsody C library is in the System framework
- func_append deplibs " System.ltframework"
- ;;
- *-*-netbsd*)
- # Don't link with libc until the a.out ld.so is fixed.
- ;;
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
- # Do not include libc due to us having libc/libc_r.
- ;;
- *-*-sco3.2v5* | *-*-sco5v6*)
- # Causes problems with __ctype
- ;;
- *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
- # Compiler inserts libc in the correct place for threads to work
- ;;
- *)
- # Add libc to deplibs on all other systems if necessary.
- if test yes = "$build_libtool_need_lc"; then
- func_append deplibs " -lc"
- fi
- ;;
- esac
- fi
-
- # Transform deplibs into only deplibs that can be linked in shared.
- name_save=$name
- libname_save=$libname
- release_save=$release
- versuffix_save=$versuffix
- major_save=$major
- # I'm not sure if I'm treating the release correctly. I think
- # release should show up in the -l (ie -lgmp5) so we don't want to
- # add it in twice. Is that correct?
- release=
- versuffix=
- major=
- newdeplibs=
- droppeddeps=no
- case $deplibs_check_method in
- pass_all)
- # Don't check for shared/static. Everything works.
- # This might be a little naive. We might want to check
- # whether the library exists or not. But this is on
- # osf3 & osf4 and I'm not really sure... Just
- # implementing what was already the behavior.
- newdeplibs=$deplibs
- ;;
- test_compile)
- # This code stresses the "libraries are programs" paradigm to its
- # limits. Maybe even breaks it. We compile a program, linking it
- # against the deplibs as a proxy for the library. Then we can check
- # whether they linked in statically or dynamically with ldd.
- $opt_dry_run || $RM conftest.c
- cat > conftest.c <<EOF
- int main() { return 0; }
-EOF
- $opt_dry_run || $RM conftest
- if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
- ldd_output=`ldd conftest`
- for i in $deplibs; do
- case $i in
- -l*)
- func_stripname -l '' "$i"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $i "*)
- func_append newdeplibs " $i"
- i=
- ;;
- esac
- fi
- if test -n "$i"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
- set dummy $deplib_matches; shift
- deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
- func_append newdeplibs " $i"
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning: dynamic linker does not accept needed library $i."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which I believe you do not have"
- echo "*** because a test_compile did reveal that the linker did not use it for"
- echo "*** its dynamic dependency list that programs get resolved with at runtime."
- fi
- fi
- ;;
- *)
- func_append newdeplibs " $i"
- ;;
- esac
- done
- else
- # Error occurred in the first compile. Let's try to salvage
- # the situation: Compile a separate program for each library.
- for i in $deplibs; do
- case $i in
- -l*)
- func_stripname -l '' "$i"
- name=$func_stripname_result
- $opt_dry_run || $RM conftest
- if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
- ldd_output=`ldd conftest`
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $i "*)
- func_append newdeplibs " $i"
- i=
- ;;
- esac
- fi
- if test -n "$i"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
- set dummy $deplib_matches; shift
- deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
- func_append newdeplibs " $i"
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning: dynamic linker does not accept needed library $i."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because a test_compile did reveal that the linker did not use this one"
- echo "*** as a dynamic dependency that programs can get resolved with at runtime."
- fi
- fi
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning! Library $i is needed by this library but I was not able to"
- echo "*** make it link in! You will probably need to install it or some"
- echo "*** library that it depends on before this library will be fully"
- echo "*** functional. Installing it before continuing would be even better."
- fi
- ;;
- *)
- func_append newdeplibs " $i"
- ;;
- esac
- done
- fi
- ;;
- file_magic*)
- set dummy $deplibs_check_method; shift
- file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- for a_deplib in $deplibs; do
- case $a_deplib in
- -l*)
- func_stripname -l '' "$a_deplib"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $a_deplib "*)
- func_append newdeplibs " $a_deplib"
- a_deplib=
- ;;
- esac
- fi
- if test -n "$a_deplib"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- if test -n "$file_magic_glob"; then
- libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob`
- else
- libnameglob=$libname
- fi
- test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob`
- for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- if test yes = "$want_nocaseglob"; then
- shopt -s nocaseglob
- potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
- $nocaseglob
- else
- potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
- fi
- for potent_lib in $potential_libs; do
- # Follow soft links.
- if ls -lLd "$potent_lib" 2>/dev/null |
- $GREP " -> " >/dev/null; then
- continue
- fi
- # The statement above tries to avoid entering an
- # endless loop below, in case of cyclic links.
- # We might still enter an endless loop, since a link
- # loop can be closed while we follow links,
- # but so what?
- potlib=$potent_lib
- while test -h "$potlib" 2>/dev/null; do
- potliblink=`ls -ld $potlib | $SED 's/.* -> //'`
- case $potliblink in
- [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;;
- *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";;
- esac
- done
- if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
- $SED -e 10q |
- $EGREP "$file_magic_regex" > /dev/null; then
- func_append newdeplibs " $a_deplib"
- a_deplib=
- break 2
- fi
- done
- done
- fi
- if test -n "$a_deplib"; then
- droppeddeps=yes
- echo
- $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib"; then
- $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
- else
- $ECHO "*** with $libname and none of the candidates passed a file format test"
- $ECHO "*** using a file magic. Last file checked: $potlib"
- fi
- fi
- ;;
- *)
- # Add a -L argument.
- func_append newdeplibs " $a_deplib"
- ;;
- esac
- done # Gone through all deplibs.
- ;;
- match_pattern*)
- set dummy $deplibs_check_method; shift
- match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- for a_deplib in $deplibs; do
- case $a_deplib in
- -l*)
- func_stripname -l '' "$a_deplib"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $a_deplib "*)
- func_append newdeplibs " $a_deplib"
- a_deplib=
- ;;
- esac
- fi
- if test -n "$a_deplib"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
- for potent_lib in $potential_libs; do
- potlib=$potent_lib # see symlink-check above in file_magic test
- if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \
- $EGREP "$match_pattern_regex" > /dev/null; then
- func_append newdeplibs " $a_deplib"
- a_deplib=
- break 2
- fi
- done
- done
- fi
- if test -n "$a_deplib"; then
- droppeddeps=yes
- echo
- $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib"; then
- $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
- else
- $ECHO "*** with $libname and none of the candidates passed a file format test"
- $ECHO "*** using a regex pattern. Last file checked: $potlib"
- fi
- fi
- ;;
- *)
- # Add a -L argument.
- func_append newdeplibs " $a_deplib"
- ;;
- esac
- done # Gone through all deplibs.
- ;;
- none | unknown | *)
- newdeplibs=
- tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'`
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- for i in $predeps $postdeps; do
- # can't use Xsed below, because $i might contain '/'
- tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"`
- done
- fi
- case $tmp_deplibs in
- *[!\ \ ]*)
- echo
- if test none = "$deplibs_check_method"; then
- echo "*** Warning: inter-library dependencies are not supported in this platform."
- else
- echo "*** Warning: inter-library dependencies are not known to be supported."
- fi
- echo "*** All declared inter-library dependencies are being dropped."
- droppeddeps=yes
- ;;
- esac
- ;;
- esac
- versuffix=$versuffix_save
- major=$major_save
- release=$release_save
- libname=$libname_save
- name=$name_save
-
- case $host in
- *-*-rhapsody* | *-*-darwin1.[012])
- # On Rhapsody replace the C library with the System framework
- newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'`
- ;;
- esac
-
- if test yes = "$droppeddeps"; then
- if test yes = "$module"; then
- echo
- echo "*** Warning: libtool could not satisfy all declared inter-library"
- $ECHO "*** dependencies of module $libname. Therefore, libtool will create"
- echo "*** a static module, that should work as long as the dlopening"
- echo "*** application is linked with the -dlopen flag."
- if test -z "$global_symbol_pipe"; then
- echo
- echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
- echo "*** not find such a program. So, this module is probably useless."
- echo "*** 'nm' from GNU binutils and a full rebuild may help."
- fi
- if test no = "$build_old_libs"; then
- oldlibs=$output_objdir/$libname.$libext
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- else
- echo "*** The inter-library dependencies that have been dropped here will be"
- echo "*** automatically added whenever a program is linked with this library"
- echo "*** or is declared to -dlopen it."
-
- if test no = "$allow_undefined"; then
- echo
- echo "*** Since this library must not contain undefined symbols,"
- echo "*** because either the platform does not support them or"
- echo "*** it was explicitly requested with -no-undefined,"
- echo "*** libtool will only create a static version of it."
- if test no = "$build_old_libs"; then
- oldlibs=$output_objdir/$libname.$libext
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- fi
- fi
- fi
- # Done checking deplibs!
- deplibs=$newdeplibs
- fi
- # Time to change all our "foo.ltframework" stuff back to "-framework foo"
- case $host in
- *-*-darwin*)
- newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- ;;
- esac
-
- # move library search paths that coincide with paths to not yet
- # installed libraries to the beginning of the library search list
- new_libs=
- for path in $notinst_path; do
- case " $new_libs " in
- *" -L$path/$objdir "*) ;;
- *)
- case " $deplibs " in
- *" -L$path/$objdir "*)
- func_append new_libs " -L$path/$objdir" ;;
- esac
- ;;
- esac
- done
- for deplib in $deplibs; do
- case $deplib in
- -L*)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) func_append new_libs " $deplib" ;;
- esac
- ;;
- *) func_append new_libs " $deplib" ;;
- esac
- done
- deplibs=$new_libs
-
- # All the library-specific variables (install_libdir is set above).
- library_names=
- old_library=
- dlname=
-
- # Test again, we may have decided not to build it any more
- if test yes = "$build_libtool_libs"; then
- # Remove $wl instances when linking with ld.
- # FIXME: should test the right _cmds variable.
- case $archive_cmds in
- *\$LD\ *) wl= ;;
- esac
- if test yes = "$hardcode_into_libs"; then
- # Hardcode the library paths
- hardcode_libdirs=
- dep_rpath=
- rpath=$finalize_rpath
- test relink = "$opt_mode" || rpath=$compile_rpath$rpath
- for libdir in $rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- func_replace_sysroot "$libdir"
- libdir=$func_replace_sysroot_result
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append dep_rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$perm_rpath " in
- *" $libdir "*) ;;
- *) func_append perm_rpath " $libdir" ;;
- esac
- fi
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
- fi
- if test -n "$runpath_var" && test -n "$perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $perm_rpath; do
- func_append rpath "$dir:"
- done
- eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
- fi
- test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
- fi
-
- shlibpath=$finalize_shlibpath
- test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath
- if test -n "$shlibpath"; then
- eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
- fi
-
- # Get the real and link names of the library.
- eval shared_ext=\"$shrext_cmds\"
- eval library_names=\"$library_names_spec\"
- set dummy $library_names
- shift
- realname=$1
- shift
-
- if test -n "$soname_spec"; then
- eval soname=\"$soname_spec\"
- else
- soname=$realname
- fi
- if test -z "$dlname"; then
- dlname=$soname
- fi
-
- lib=$output_objdir/$realname
- linknames=
- for link
- do
- func_append linknames " $link"
- done
-
- # Use standard objects if they are pic
- test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP`
- test "X$libobjs" = "X " && libobjs=
-
- delfiles=
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
- export_symbols=$output_objdir/$libname.uexp
- func_append delfiles " $export_symbols"
- fi
-
- orig_export_symbols=
- case $host_os in
- cygwin* | mingw* | cegcc*)
- if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
- # exporting using user supplied symfile
- func_dll_def_p "$export_symbols" || {
- # and it's NOT already a .def file. Must figure out
- # which of the given symbols are data symbols and tag
- # them as such. So, trigger use of export_symbols_cmds.
- # export_symbols gets reassigned inside the "prepare
- # the list of exported symbols" if statement, so the
- # include_expsyms logic still works.
- orig_export_symbols=$export_symbols
- export_symbols=
- always_export_symbols=yes
- }
- fi
- ;;
- esac
-
- # Prepare the list of exported symbols
- if test -z "$export_symbols"; then
- if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then
- func_verbose "generating symbol list for '$libname.la'"
- export_symbols=$output_objdir/$libname.exp
- $opt_dry_run || $RM $export_symbols
- cmds=$export_symbols_cmds
- save_ifs=$IFS; IFS='~'
- for cmd1 in $cmds; do
- IFS=$save_ifs
- # Take the normal branch if the nm_file_list_spec branch
- # doesn't work or if tool conversion is not needed.
- case $nm_file_list_spec~$to_tool_file_cmd in
- *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*)
- try_normal_branch=yes
- eval cmd=\"$cmd1\"
- func_len " $cmd"
- len=$func_len_result
- ;;
- *)
- try_normal_branch=no
- ;;
- esac
- if test yes = "$try_normal_branch" \
- && { test "$len" -lt "$max_cmd_len" \
- || test "$max_cmd_len" -le -1; }
- then
- func_show_eval "$cmd" 'exit $?'
- skipped_export=false
- elif test -n "$nm_file_list_spec"; then
- func_basename "$output"
- output_la=$func_basename_result
- save_libobjs=$libobjs
- save_output=$output
- output=$output_objdir/$output_la.nm
- func_to_tool_file "$output"
- libobjs=$nm_file_list_spec$func_to_tool_file_result
- func_append delfiles " $output"
- func_verbose "creating $NM input file list: $output"
- for obj in $save_libobjs; do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result"
- done > "$output"
- eval cmd=\"$cmd1\"
- func_show_eval "$cmd" 'exit $?'
- output=$save_output
- libobjs=$save_libobjs
- skipped_export=false
- else
- # The command line is too long to execute in one step.
- func_verbose "using reloadable object file for export list..."
- skipped_export=:
- # Break out early, otherwise skipped_export may be
- # set to false by a later but shorter cmd.
- break
- fi
- done
- IFS=$save_ifs
- if test -n "$export_symbols_regex" && test : != "$skipped_export"; then
- func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
- func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
- fi
- fi
- fi
-
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols=$export_symbols
- test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
- $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
- fi
-
- if test : != "$skipped_export" && test -n "$orig_export_symbols"; then
- # The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
- # FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands, which not all seds can handle. GNU sed should be fine
- # though. Also, the filter scales superlinearly with the number of
- # global variables. join(1) would be nice here, but unfortunately
- # isn't a blessed tool.
- $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- func_append delfiles " $export_symbols $output_objdir/$libname.filter"
- export_symbols=$output_objdir/$libname.def
- $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
- fi
-
- tmp_deplibs=
- for test_deplib in $deplibs; do
- case " $convenience " in
- *" $test_deplib "*) ;;
- *)
- func_append tmp_deplibs " $test_deplib"
- ;;
- esac
- done
- deplibs=$tmp_deplibs
-
- if test -n "$convenience"; then
- if test -n "$whole_archive_flag_spec" &&
- test yes = "$compiler_needs_object" &&
- test -z "$libobjs"; then
- # extract the archives, so we have objects to list.
- # TODO: could optimize this to just extract one archive.
- whole_archive_flag_spec=
- fi
- if test -n "$whole_archive_flag_spec"; then
- save_libobjs=$libobjs
- eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
- test "X$libobjs" = "X " && libobjs=
- else
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $convenience
- func_append libobjs " $func_extract_archives_result"
- test "X$libobjs" = "X " && libobjs=
- fi
- fi
-
- if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then
- eval flag=\"$thread_safe_flag_spec\"
- func_append linker_flags " $flag"
- fi
-
- # Make a backup of the uninstalled library when relinking
- if test relink = "$opt_mode"; then
- $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
- fi
-
- # Do each of the archive commands.
- if test yes = "$module" && test -n "$module_cmds"; then
- if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
- eval test_cmds=\"$module_expsym_cmds\"
- cmds=$module_expsym_cmds
- else
- eval test_cmds=\"$module_cmds\"
- cmds=$module_cmds
- fi
- else
- if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
- eval test_cmds=\"$archive_expsym_cmds\"
- cmds=$archive_expsym_cmds
- else
- eval test_cmds=\"$archive_cmds\"
- cmds=$archive_cmds
- fi
- fi
-
- if test : != "$skipped_export" &&
- func_len " $test_cmds" &&
- len=$func_len_result &&
- test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
- :
- else
- # The command line is too long to link in one step, link piecewise
- # or, if using GNU ld and skipped_export is not :, use a linker
- # script.
-
- # Save the value of $output and $libobjs because we want to
- # use them later. If we have whole_archive_flag_spec, we
- # want to use save_libobjs as it was before
- # whole_archive_flag_spec was expanded, because we can't
- # assume the linker understands whole_archive_flag_spec.
- # This may have to be revisited, in case too many
- # convenience libraries get linked in and end up exceeding
- # the spec.
- if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
- save_libobjs=$libobjs
- fi
- save_output=$output
- func_basename "$output"
- output_la=$func_basename_result
-
- # Clear the reloadable object creation command queue and
- # initialize k to one.
- test_cmds=
- concat_cmds=
- objlist=
- last_robj=
- k=1
-
- if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
- output=$output_objdir/$output_la.lnkscript
- func_verbose "creating GNU ld script: $output"
- echo 'INPUT (' > $output
- for obj in $save_libobjs
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result" >> $output
- done
- echo ')' >> $output
- func_append delfiles " $output"
- func_to_tool_file "$output"
- output=$func_to_tool_file_result
- elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
- output=$output_objdir/$output_la.lnk
- func_verbose "creating linker input file list: $output"
- : > $output
- set x $save_libobjs
- shift
- firstobj=
- if test yes = "$compiler_needs_object"; then
- firstobj="$1 "
- shift
- fi
- for obj
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result" >> $output
- done
- func_append delfiles " $output"
- func_to_tool_file "$output"
- output=$firstobj\"$file_list_spec$func_to_tool_file_result\"
- else
- if test -n "$save_libobjs"; then
- func_verbose "creating reloadable object files..."
- output=$output_objdir/$output_la-$k.$objext
- eval test_cmds=\"$reload_cmds\"
- func_len " $test_cmds"
- len0=$func_len_result
- len=$len0
-
- # Loop over the list of objects to be linked.
- for obj in $save_libobjs
- do
- func_len " $obj"
- func_arith $len + $func_len_result
- len=$func_arith_result
- if test -z "$objlist" ||
- test "$len" -lt "$max_cmd_len"; then
- func_append objlist " $obj"
- else
- # The command $test_cmds is almost too long, add a
- # command to the queue.
- if test 1 -eq "$k"; then
- # The first file doesn't have a previous command to add.
- reload_objs=$objlist
- eval concat_cmds=\"$reload_cmds\"
- else
- # All subsequent reloadable object files will link in
- # the last one created.
- reload_objs="$objlist $last_robj"
- eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\"
- fi
- last_robj=$output_objdir/$output_la-$k.$objext
- func_arith $k + 1
- k=$func_arith_result
- output=$output_objdir/$output_la-$k.$objext
- objlist=" $obj"
- func_len " $last_robj"
- func_arith $len0 + $func_len_result
- len=$func_arith_result
- fi
- done
- # Handle the remaining objects by creating one last
- # reloadable object file. All subsequent reloadable object
- # files will link in the last one created.
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- reload_objs="$objlist $last_robj"
- eval concat_cmds=\"\$concat_cmds$reload_cmds\"
- if test -n "$last_robj"; then
- eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
- fi
- func_append delfiles " $output"
-
- else
- output=
- fi
-
- ${skipped_export-false} && {
- func_verbose "generating symbol list for '$libname.la'"
- export_symbols=$output_objdir/$libname.exp
- $opt_dry_run || $RM $export_symbols
- libobjs=$output
- # Append the command to create the export file.
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
- if test -n "$last_robj"; then
- eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
- fi
- }
-
- test -n "$save_libobjs" &&
- func_verbose "creating a temporary reloadable object file: $output"
-
- # Loop through the commands generated above and execute them.
- save_ifs=$IFS; IFS='~'
- for cmd in $concat_cmds; do
- IFS=$save_ifs
- $opt_quiet || {
- func_quote_for_expand "$cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
- $opt_dry_run || eval "$cmd" || {
- lt_exit=$?
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- ( cd "$output_objdir" && \
- $RM "${realname}T" && \
- $MV "${realname}U" "$realname" )
- fi
-
- exit $lt_exit
- }
- done
- IFS=$save_ifs
-
- if test -n "$export_symbols_regex" && ${skipped_export-false}; then
- func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
- func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
- fi
- fi
-
- ${skipped_export-false} && {
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols=$export_symbols
- test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
- $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
- fi
-
- if test -n "$orig_export_symbols"; then
- # The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
- # FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands, which not all seds can handle. GNU sed should be fine
- # though. Also, the filter scales superlinearly with the number of
- # global variables. join(1) would be nice here, but unfortunately
- # isn't a blessed tool.
- $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- func_append delfiles " $export_symbols $output_objdir/$libname.filter"
- export_symbols=$output_objdir/$libname.def
- $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
- fi
- }
-
- libobjs=$output
- # Restore the value of output.
- output=$save_output
-
- if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
- eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
- test "X$libobjs" = "X " && libobjs=
- fi
- # Expand the library linking commands again to reset the
- # value of $libobjs for piecewise linking.
-
- # Do each of the archive commands.
- if test yes = "$module" && test -n "$module_cmds"; then
- if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
- cmds=$module_expsym_cmds
- else
- cmds=$module_cmds
- fi
- else
- if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
- cmds=$archive_expsym_cmds
- else
- cmds=$archive_cmds
- fi
- fi
- fi
-
- if test -n "$delfiles"; then
- # Append the command to remove temporary files to $cmds.
- eval cmds=\"\$cmds~\$RM $delfiles\"
- fi
-
- # Add any objects from preloaded convenience libraries
- if test -n "$dlprefiles"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $dlprefiles
- func_append libobjs " $func_extract_archives_result"
- test "X$libobjs" = "X " && libobjs=
- fi
-
- save_ifs=$IFS; IFS='~'
- for cmd in $cmds; do
- IFS=$sp$nl
- eval cmd=\"$cmd\"
- IFS=$save_ifs
- $opt_quiet || {
- func_quote_for_expand "$cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
- $opt_dry_run || eval "$cmd" || {
- lt_exit=$?
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- ( cd "$output_objdir" && \
- $RM "${realname}T" && \
- $MV "${realname}U" "$realname" )
- fi
-
- exit $lt_exit
- }
- done
- IFS=$save_ifs
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
-
- if test -n "$convenience"; then
- if test -z "$whole_archive_flag_spec"; then
- func_show_eval '${RM}r "$gentop"'
- fi
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- # Create links to the real library.
- for linkname in $linknames; do
- if test "$realname" != "$linkname"; then
- func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
- fi
- done
-
- # If -module or -export-dynamic was specified, set the dlname.
- if test yes = "$module" || test yes = "$export_dynamic"; then
- # On all known operating systems, these are identical.
- dlname=$soname
- fi
- fi
- ;;
-
- obj)
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- func_warning "'-dlopen' is ignored for objects"
- fi
-
- case " $deplibs" in
- *\ -l* | *\ -L*)
- func_warning "'-l' and '-L' are ignored for objects" ;;
- esac
-
- test -n "$rpath" && \
- func_warning "'-rpath' is ignored for objects"
-
- test -n "$xrpath" && \
- func_warning "'-R' is ignored for objects"
-
- test -n "$vinfo" && \
- func_warning "'-version-info' is ignored for objects"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for objects"
-
- case $output in
- *.lo)
- test -n "$objs$old_deplibs" && \
- func_fatal_error "cannot build library object '$output' from non-libtool objects"
-
- libobj=$output
- func_lo2o "$libobj"
- obj=$func_lo2o_result
- ;;
- *)
- libobj=
- obj=$output
- ;;
- esac
-
- # Delete the old objects.
- $opt_dry_run || $RM $obj $libobj
-
- # Objects from convenience libraries. This assumes
- # single-version convenience libraries. Whenever we create
- # different ones for PIC/non-PIC, this we'll have to duplicate
- # the extraction.
- reload_conv_objs=
- gentop=
- # if reload_cmds runs $LD directly, get rid of -Wl from
- # whole_archive_flag_spec and hope we can get by with turning comma
- # into space.
- case $reload_cmds in
- *\$LD[\ \$]*) wl= ;;
- esac
- if test -n "$convenience"; then
- if test -n "$whole_archive_flag_spec"; then
- eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
- test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
- reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags
- else
- gentop=$output_objdir/${obj}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $convenience
- reload_conv_objs="$reload_objs $func_extract_archives_result"
- fi
- fi
-
- # If we're not building shared, we need to use non_pic_objs
- test yes = "$build_libtool_libs" || libobjs=$non_pic_objects
-
- # Create the old-style object.
- reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs
-
- output=$obj
- func_execute_cmds "$reload_cmds" 'exit $?'
-
- # Exit if we aren't doing a library object file.
- if test -z "$libobj"; then
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- test yes = "$build_libtool_libs" || {
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- # Create an invalid libtool object if no PIC, so that we don't
- # accidentally link it into a program.
- # $show "echo timestamp > $libobj"
- # $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
- exit $EXIT_SUCCESS
- }
-
- if test -n "$pic_flag" || test default != "$pic_mode"; then
- # Only do commands if we really have different PIC objects.
- reload_objs="$libobjs $reload_conv_objs"
- output=$libobj
- func_execute_cmds "$reload_cmds" 'exit $?'
- fi
-
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- exit $EXIT_SUCCESS
- ;;
-
- prog)
- case $host in
- *cygwin*) func_stripname '' '.exe' "$output"
- output=$func_stripname_result.exe;;
- esac
- test -n "$vinfo" && \
- func_warning "'-version-info' is ignored for programs"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for programs"
-
- $preload \
- && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \
- && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support."
-
- case $host in
- *-*-rhapsody* | *-*-darwin1.[012])
- # On Rhapsody replace the C library is the System framework
- compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'`
- finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'`
- ;;
- esac
-
- case $host in
- *-*-darwin*)
- # Don't allow lazy linking, it breaks C++ global constructors
- # But is supposedly fixed on 10.4 or later (yay!).
- if test CXX = "$tagname"; then
- case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
- 10.[0123])
- func_append compile_command " $wl-bind_at_load"
- func_append finalize_command " $wl-bind_at_load"
- ;;
- esac
- fi
- # Time to change all our "foo.ltframework" stuff back to "-framework foo"
- compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- ;;
- esac
-
-
- # move library search paths that coincide with paths to not yet
- # installed libraries to the beginning of the library search list
- new_libs=
- for path in $notinst_path; do
- case " $new_libs " in
- *" -L$path/$objdir "*) ;;
- *)
- case " $compile_deplibs " in
- *" -L$path/$objdir "*)
- func_append new_libs " -L$path/$objdir" ;;
- esac
- ;;
- esac
- done
- for deplib in $compile_deplibs; do
- case $deplib in
- -L*)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) func_append new_libs " $deplib" ;;
- esac
- ;;
- *) func_append new_libs " $deplib" ;;
- esac
- done
- compile_deplibs=$new_libs
-
-
- func_append compile_command " $compile_deplibs"
- func_append finalize_command " $finalize_deplibs"
-
- if test -n "$rpath$xrpath"; then
- # If the user specified any rpath flags, then add them.
- for libdir in $rpath $xrpath; do
- # This is the magic to use -rpath.
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- done
- fi
-
- # Now hardcode the library paths
- rpath=
- hardcode_libdirs=
- for libdir in $compile_rpath $finalize_rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$perm_rpath " in
- *" $libdir "*) ;;
- *) func_append perm_rpath " $libdir" ;;
- esac
- fi
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'`
- case :$dllsearchpath: in
- *":$libdir:"*) ;;
- ::) dllsearchpath=$libdir;;
- *) func_append dllsearchpath ":$libdir";;
- esac
- case :$dllsearchpath: in
- *":$testbindir:"*) ;;
- ::) dllsearchpath=$testbindir;;
- *) func_append dllsearchpath ":$testbindir";;
- esac
- ;;
- esac
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval rpath=\" $hardcode_libdir_flag_spec\"
- fi
- compile_rpath=$rpath
-
- rpath=
- hardcode_libdirs=
- for libdir in $finalize_rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$finalize_perm_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_perm_rpath " $libdir" ;;
- esac
- fi
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval rpath=\" $hardcode_libdir_flag_spec\"
- fi
- finalize_rpath=$rpath
-
- if test -n "$libobjs" && test yes = "$build_old_libs"; then
- # Transform all the library objects into standard objects.
- compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
- finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
- fi
-
- func_generate_dlsyms "$outputname" "@PROGRAM@" false
-
- # template prelinking step
- if test -n "$prelink_cmds"; then
- func_execute_cmds "$prelink_cmds" 'exit $?'
- fi
-
- wrappers_required=:
- case $host in
- *cegcc* | *mingw32ce*)
- # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
- wrappers_required=false
- ;;
- *cygwin* | *mingw* )
- test yes = "$build_libtool_libs" || wrappers_required=false
- ;;
- *)
- if test no = "$need_relink" || test yes != "$build_libtool_libs"; then
- wrappers_required=false
- fi
- ;;
- esac
- $wrappers_required || {
- # Replace the output file specification.
- compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
- link_command=$compile_command$compile_rpath
-
- # We have no uninstalled library dependencies, so finalize right now.
- exit_status=0
- func_show_eval "$link_command" 'exit_status=$?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- # Delete the generated files.
- if test -f "$output_objdir/${outputname}S.$objext"; then
- func_show_eval '$RM "$output_objdir/${outputname}S.$objext"'
- fi
-
- exit $exit_status
- }
-
- if test -n "$compile_shlibpath$finalize_shlibpath"; then
- compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
- fi
- if test -n "$finalize_shlibpath"; then
- finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
- fi
-
- compile_var=
- finalize_var=
- if test -n "$runpath_var"; then
- if test -n "$perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $perm_rpath; do
- func_append rpath "$dir:"
- done
- compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
- fi
- if test -n "$finalize_perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $finalize_perm_rpath; do
- func_append rpath "$dir:"
- done
- finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
- fi
- fi
-
- if test yes = "$no_install"; then
- # We don't need to create a wrapper script.
- link_command=$compile_var$compile_command$compile_rpath
- # Replace the output file specification.
- link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
- # Delete the old output file.
- $opt_dry_run || $RM $output
- # Link the executable and exit
- func_show_eval "$link_command" 'exit $?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- case $hardcode_action,$fast_install in
- relink,*)
- # Fast installation is not supported
- link_command=$compile_var$compile_command$compile_rpath
- relink_command=$finalize_var$finalize_command$finalize_rpath
-
- func_warning "this platform does not like uninstalled shared libraries"
- func_warning "'$output' will be relinked during installation"
- ;;
- *,yes)
- link_command=$finalize_var$compile_command$finalize_rpath
- relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
- ;;
- *,no)
- link_command=$compile_var$compile_command$compile_rpath
- relink_command=$finalize_var$finalize_command$finalize_rpath
- ;;
- *,needless)
- link_command=$finalize_var$compile_command$finalize_rpath
- relink_command=
- ;;
- esac
-
- # Replace the output file specification.
- link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
-
- # Delete the old output files.
- $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
-
- func_show_eval "$link_command" 'exit $?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output_objdir/$outputname"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- # Now create the wrapper script.
- func_verbose "creating $output"
-
- # Quote the relink command for shipping.
- if test -n "$relink_command"; then
- # Preserve any variables that may affect compiler behavior
- for var in $variables_saved_for_relink; do
- if eval test -z \"\${$var+set}\"; then
- relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
- elif eval var_value=\$$var; test -z "$var_value"; then
- relink_command="$var=; export $var; $relink_command"
- else
- func_quote_for_eval "$var_value"
- relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
- fi
- done
- relink_command="(cd `pwd`; $relink_command)"
- relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
- fi
-
- # Only actually do things if not in dry run mode.
- $opt_dry_run || {
- # win32 will think the script is a binary if it has
- # a .exe suffix, so we strip it off here.
- case $output in
- *.exe) func_stripname '' '.exe' "$output"
- output=$func_stripname_result ;;
- esac
- # test for cygwin because mv fails w/o .exe extensions
- case $host in
- *cygwin*)
- exeext=.exe
- func_stripname '' '.exe' "$outputname"
- outputname=$func_stripname_result ;;
- *) exeext= ;;
- esac
- case $host in
- *cygwin* | *mingw* )
- func_dirname_and_basename "$output" "" "."
- output_name=$func_basename_result
- output_path=$func_dirname_result
- cwrappersource=$output_path/$objdir/lt-$output_name.c
- cwrapper=$output_path/$output_name.exe
- $RM $cwrappersource $cwrapper
- trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
-
- func_emit_cwrapperexe_src > $cwrappersource
-
- # The wrapper executable is built using the $host compiler,
- # because it contains $host paths and files. If cross-
- # compiling, it, like the target executable, must be
- # executed on the $host or under an emulation environment.
- $opt_dry_run || {
- $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
- $STRIP $cwrapper
- }
-
- # Now, create the wrapper script for func_source use:
- func_ltwrapper_scriptname $cwrapper
- $RM $func_ltwrapper_scriptname_result
- trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
- $opt_dry_run || {
- # note: this script will not be executed, so do not chmod.
- if test "x$build" = "x$host"; then
- $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
- else
- func_emit_wrapper no > $func_ltwrapper_scriptname_result
- fi
- }
- ;;
- * )
- $RM $output
- trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
-
- func_emit_wrapper no > $output
- chmod +x $output
- ;;
- esac
- }
- exit $EXIT_SUCCESS
- ;;
- esac
-
- # See if we need to build an old-fashioned archive.
- for oldlib in $oldlibs; do
-
- case $build_libtool_libs in
- convenience)
- oldobjs="$libobjs_save $symfileobj"
- addlibs=$convenience
- build_libtool_libs=no
- ;;
- module)
- oldobjs=$libobjs_save
- addlibs=$old_convenience
- build_libtool_libs=no
- ;;
- *)
- oldobjs="$old_deplibs $non_pic_objects"
- $preload && test -f "$symfileobj" \
- && func_append oldobjs " $symfileobj"
- addlibs=$old_convenience
- ;;
- esac
-
- if test -n "$addlibs"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $addlibs
- func_append oldobjs " $func_extract_archives_result"
- fi
-
- # Do each command in the archive commands.
- if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then
- cmds=$old_archive_from_new_cmds
- else
-
- # Add any objects from preloaded convenience libraries
- if test -n "$dlprefiles"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $dlprefiles
- func_append oldobjs " $func_extract_archives_result"
- fi
-
- # POSIX demands no paths to be encoded in archives. We have
- # to avoid creating archives with duplicate basenames if we
- # might have to extract them afterwards, e.g., when creating a
- # static archive out of a convenience library, or when linking
- # the entirety of a libtool archive into another (currently
- # not supported by libtool).
- if (for obj in $oldobjs
- do
- func_basename "$obj"
- $ECHO "$func_basename_result"
- done | sort | sort -uc >/dev/null 2>&1); then
- :
- else
- echo "copying selected object files to avoid basename conflicts..."
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
- func_mkdir_p "$gentop"
- save_oldobjs=$oldobjs
- oldobjs=
- counter=1
- for obj in $save_oldobjs
- do
- func_basename "$obj"
- objbase=$func_basename_result
- case " $oldobjs " in
- " ") oldobjs=$obj ;;
- *[\ /]"$objbase "*)
- while :; do
- # Make sure we don't pick an alternate name that also
- # overlaps.
- newobj=lt$counter-$objbase
- func_arith $counter + 1
- counter=$func_arith_result
- case " $oldobjs " in
- *[\ /]"$newobj "*) ;;
- *) if test ! -f "$gentop/$newobj"; then break; fi ;;
- esac
- done
- func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
- func_append oldobjs " $gentop/$newobj"
- ;;
- *) func_append oldobjs " $obj" ;;
- esac
- done
- fi
- func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
- tool_oldlib=$func_to_tool_file_result
- eval cmds=\"$old_archive_cmds\"
-
- func_len " $cmds"
- len=$func_len_result
- if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
- cmds=$old_archive_cmds
- elif test -n "$archiver_list_spec"; then
- func_verbose "using command file archive linking..."
- for obj in $oldobjs
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result"
- done > $output_objdir/$libname.libcmd
- func_to_tool_file "$output_objdir/$libname.libcmd"
- oldobjs=" $archiver_list_spec$func_to_tool_file_result"
- cmds=$old_archive_cmds
- else
- # the command line is too long to link in one step, link in parts
- func_verbose "using piecewise archive linking..."
- save_RANLIB=$RANLIB
- RANLIB=:
- objlist=
- concat_cmds=
- save_oldobjs=$oldobjs
- oldobjs=
- # Is there a better way of finding the last object in the list?
- for obj in $save_oldobjs
- do
- last_oldobj=$obj
- done
- eval test_cmds=\"$old_archive_cmds\"
- func_len " $test_cmds"
- len0=$func_len_result
- len=$len0
- for obj in $save_oldobjs
- do
- func_len " $obj"
- func_arith $len + $func_len_result
- len=$func_arith_result
- func_append objlist " $obj"
- if test "$len" -lt "$max_cmd_len"; then
- :
- else
- # the above command should be used before it gets too long
- oldobjs=$objlist
- if test "$obj" = "$last_oldobj"; then
- RANLIB=$save_RANLIB
- fi
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\$concat_cmds$old_archive_cmds\"
- objlist=
- len=$len0
- fi
- done
- RANLIB=$save_RANLIB
- oldobjs=$objlist
- if test -z "$oldobjs"; then
- eval cmds=\"\$concat_cmds\"
- else
- eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
- fi
- fi
- fi
- func_execute_cmds "$cmds" 'exit $?'
- done
-
- test -n "$generated" && \
- func_show_eval "${RM}r$generated"
-
- # Now create the libtool archive.
- case $output in
- *.la)
- old_library=
- test yes = "$build_old_libs" && old_library=$libname.$libext
- func_verbose "creating $output"
-
- # Preserve any variables that may affect compiler behavior
- for var in $variables_saved_for_relink; do
- if eval test -z \"\${$var+set}\"; then
- relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
- elif eval var_value=\$$var; test -z "$var_value"; then
- relink_command="$var=; export $var; $relink_command"
- else
- func_quote_for_eval "$var_value"
- relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
- fi
- done
- # Quote the link command for shipping.
- relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
- relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
- if test yes = "$hardcode_automatic"; then
- relink_command=
- fi
-
- # Only create the output if not a dry run.
- $opt_dry_run || {
- for installed in no yes; do
- if test yes = "$installed"; then
- if test -z "$install_libdir"; then
- break
- fi
- output=$output_objdir/${outputname}i
- # Replace all uninstalled libtool libraries with the installed ones
- newdependency_libs=
- for deplib in $dependency_libs; do
- case $deplib in
- *.la)
- func_basename "$deplib"
- name=$func_basename_result
- func_resolve_sysroot "$deplib"
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
- test -z "$libdir" && \
- func_fatal_error "'$deplib' is not a valid libtool archive"
- func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
- ;;
- -L*)
- func_stripname -L '' "$deplib"
- func_replace_sysroot "$func_stripname_result"
- func_append newdependency_libs " -L$func_replace_sysroot_result"
- ;;
- -R*)
- func_stripname -R '' "$deplib"
- func_replace_sysroot "$func_stripname_result"
- func_append newdependency_libs " -R$func_replace_sysroot_result"
- ;;
- *) func_append newdependency_libs " $deplib" ;;
- esac
- done
- dependency_libs=$newdependency_libs
- newdlfiles=
-
- for lib in $dlfiles; do
- case $lib in
- *.la)
- func_basename "$lib"
- name=$func_basename_result
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
- test -z "$libdir" && \
- func_fatal_error "'$lib' is not a valid libtool archive"
- func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name"
- ;;
- *) func_append newdlfiles " $lib" ;;
- esac
- done
- dlfiles=$newdlfiles
- newdlprefiles=
- for lib in $dlprefiles; do
- case $lib in
- *.la)
- # Only pass preopened files to the pseudo-archive (for
- # eventual linking with the app. that links it) if we
- # didn't already link the preopened objects directly into
- # the library:
- func_basename "$lib"
- name=$func_basename_result
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
- test -z "$libdir" && \
- func_fatal_error "'$lib' is not a valid libtool archive"
- func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name"
- ;;
- esac
- done
- dlprefiles=$newdlprefiles
- else
- newdlfiles=
- for lib in $dlfiles; do
- case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
- *) abs=`pwd`"/$lib" ;;
- esac
- func_append newdlfiles " $abs"
- done
- dlfiles=$newdlfiles
- newdlprefiles=
- for lib in $dlprefiles; do
- case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
- *) abs=`pwd`"/$lib" ;;
- esac
- func_append newdlprefiles " $abs"
- done
- dlprefiles=$newdlprefiles
- fi
- $RM $output
- # place dlname in correct position for cygwin
- # In fact, it would be nice if we could use this code for all target
- # systems that can't hard-code library paths into their executables
- # and that have no shared library path variable independent of PATH,
- # but it turns out we can't easily determine that from inspecting
- # libtool variables, so we have to hard-code the OSs to which it
- # applies here; at the moment, that means platforms that use the PE
- # object format with DLL files. See the long comment at the top of
- # tests/bindir.at for full details.
- tdlname=$dlname
- case $host,$output,$installed,$module,$dlname in
- *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
- # If a -bindir argument was supplied, place the dll there.
- if test -n "$bindir"; then
- func_relative_path "$install_libdir" "$bindir"
- tdlname=$func_relative_path_result/$dlname
- else
- # Otherwise fall back on heuristic.
- tdlname=../bin/$dlname
- fi
- ;;
- esac
- $ECHO > $output "\
-# $outputname - a libtool library file
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='$tdlname'
-
-# Names of this library.
-library_names='$library_names'
-
-# The name of the static archive.
-old_library='$old_library'
-
-# Linker flags that cannot go in dependency_libs.
-inherited_linker_flags='$new_inherited_linker_flags'
-
-# Libraries that this one depends upon.
-dependency_libs='$dependency_libs'
-
-# Names of additional weak libraries provided by this library
-weak_library_names='$weak_libs'
-
-# Version information for $libname.
-current=$current
-age=$age
-revision=$revision
-
-# Is this an already installed library?
-installed=$installed
-
-# Should we warn about portability when linking against -modules?
-shouldnotlink=$module
-
-# Files to dlopen/dlpreopen
-dlopen='$dlfiles'
-dlpreopen='$dlprefiles'
-
-# Directory that this library needs to be installed in:
-libdir='$install_libdir'"
- if test no,yes = "$installed,$need_relink"; then
- $ECHO >> $output "\
-relink_command=\"$relink_command\""
- fi
- done
- }
-
- # Do a symbolic link so that the libtool archive can be found in
- # LD_LIBRARY_PATH before the program is installed.
- func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
- ;;
- esac
- exit $EXIT_SUCCESS
-}
-
-if test link = "$opt_mode" || test relink = "$opt_mode"; then
- func_mode_link ${1+"$@"}
-fi
-
-
-# func_mode_uninstall arg...
-func_mode_uninstall ()
-{
- $debug_cmd
-
- RM=$nonopt
- files=
- rmforce=false
- exit_status=0
-
- # This variable tells wrapper scripts just to set variables rather
- # than running their programs.
- libtool_install_magic=$magic
-
- for arg
- do
- case $arg in
- -f) func_append RM " $arg"; rmforce=: ;;
- -*) func_append RM " $arg" ;;
- *) func_append files " $arg" ;;
- esac
- done
-
- test -z "$RM" && \
- func_fatal_help "you must specify an RM program"
-
- rmdirs=
-
- for file in $files; do
- func_dirname "$file" "" "."
- dir=$func_dirname_result
- if test . = "$dir"; then
- odir=$objdir
- else
- odir=$dir/$objdir
- fi
- func_basename "$file"
- name=$func_basename_result
- test uninstall = "$opt_mode" && odir=$dir
-
- # Remember odir for removal later, being careful to avoid duplicates
- if test clean = "$opt_mode"; then
- case " $rmdirs " in
- *" $odir "*) ;;
- *) func_append rmdirs " $odir" ;;
- esac
- fi
-
- # Don't error if the file doesn't exist and rm -f was used.
- if { test -L "$file"; } >/dev/null 2>&1 ||
- { test -h "$file"; } >/dev/null 2>&1 ||
- test -f "$file"; then
- :
- elif test -d "$file"; then
- exit_status=1
- continue
- elif $rmforce; then
- continue
- fi
-
- rmfiles=$file
-
- case $name in
- *.la)
- # Possibly a libtool archive, so verify it.
- if func_lalib_p "$file"; then
- func_source $dir/$name
-
- # Delete the libtool libraries and symlinks.
- for n in $library_names; do
- func_append rmfiles " $odir/$n"
- done
- test -n "$old_library" && func_append rmfiles " $odir/$old_library"
-
- case $opt_mode in
- clean)
- case " $library_names " in
- *" $dlname "*) ;;
- *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;;
- esac
- test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i"
- ;;
- uninstall)
- if test -n "$library_names"; then
- # Do each command in the postuninstall commands.
- func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1'
- fi
-
- if test -n "$old_library"; then
- # Do each command in the old_postuninstall commands.
- func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1'
- fi
- # FIXME: should reinstall the best remaining shared library.
- ;;
- esac
- fi
- ;;
-
- *.lo)
- # Possibly a libtool object, so verify it.
- if func_lalib_p "$file"; then
-
- # Read the .lo file
- func_source $dir/$name
-
- # Add PIC object to the list of files to remove.
- if test -n "$pic_object" && test none != "$pic_object"; then
- func_append rmfiles " $dir/$pic_object"
- fi
-
- # Add non-PIC object to the list of files to remove.
- if test -n "$non_pic_object" && test none != "$non_pic_object"; then
- func_append rmfiles " $dir/$non_pic_object"
- fi
- fi
- ;;
-
- *)
- if test clean = "$opt_mode"; then
- noexename=$name
- case $file in
- *.exe)
- func_stripname '' '.exe' "$file"
- file=$func_stripname_result
- func_stripname '' '.exe' "$name"
- noexename=$func_stripname_result
- # $file with .exe has already been added to rmfiles,
- # add $file without .exe
- func_append rmfiles " $file"
- ;;
- esac
- # Do a test to see if this is a libtool program.
- if func_ltwrapper_p "$file"; then
- if func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- relink_command=
- func_source $func_ltwrapper_scriptname_result
- func_append rmfiles " $func_ltwrapper_scriptname_result"
- else
- relink_command=
- func_source $dir/$noexename
- fi
-
- # note $name still contains .exe if it was in $file originally
- # as does the version of $file that was added into $rmfiles
- func_append rmfiles " $odir/$name $odir/${name}S.$objext"
- if test yes = "$fast_install" && test -n "$relink_command"; then
- func_append rmfiles " $odir/lt-$name"
- fi
- if test "X$noexename" != "X$name"; then
- func_append rmfiles " $odir/lt-$noexename.c"
- fi
- fi
- fi
- ;;
- esac
- func_show_eval "$RM $rmfiles" 'exit_status=1'
- done
-
- # Try to remove the $objdir's in the directories where we deleted files
- for dir in $rmdirs; do
- if test -d "$dir"; then
- func_show_eval "rmdir $dir >/dev/null 2>&1"
- fi
- done
-
- exit $exit_status
-}
-
-if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then
- func_mode_uninstall ${1+"$@"}
-fi
-
-test -z "$opt_mode" && {
- help=$generic_help
- func_fatal_help "you must specify a MODE"
-}
-
-test -z "$exec_cmd" && \
- func_fatal_help "invalid operation mode '$opt_mode'"
-
-if test -n "$exec_cmd"; then
- eval exec "$exec_cmd"
- exit $EXIT_FAILURE
-fi
-
-exit $exit_status
-
-
-# The TAGs below are defined such that we never get into a situation
-# where we disable both kinds of libraries. Given conflicting
-# choices, we go for a static library, that is the most portable,
-# since we can't tell whether shared libraries were disabled because
-# the user asked for that or because the platform doesn't support
-# them. This is particularly important on AIX, because we don't
-# support having both static and shared libraries enabled at the same
-# time on that platform, so we default to a shared-only configuration.
-# If a disable-shared tag is given, we'll fallback to a static-only
-# configuration. But we'll never go from static-only to shared-only.
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
-build_libtool_libs=no
-build_old_libs=yes
-# ### END LIBTOOL TAG CONFIG: disable-shared
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-static
-build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
-# ### END LIBTOOL TAG CONFIG: disable-static
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
--- /dev/null
+# ===========================================================================
+# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+# Check whether the given FLAG works with the current language's compiler
+# or gives an error. (Warnings, however, are ignored)
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# If EXTRA-FLAGS is defined, it is added to the current language's default
+# flags (e.g. CFLAGS) when the check is done. The check is thus made with
+# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
+# force the compiler to issue an error when a bad flag is given.
+#
+# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 6
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+ AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+ [AS_VAR_SET(CACHEVAR,[yes])],
+ [AS_VAR_SET(CACHEVAR,[no])])
+ _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_VAR_IF(CACHEVAR,yes,
+ [m4_default([$2], :)],
+ [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
+++ /dev/null
-# gettext.m4 serial 66 (gettext-0.18.2)
-dnl Copyright (C) 1995-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-dnl
-dnl This file can can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
-dnl License but which still want to provide support for the GNU gettext
-dnl functionality.
-dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
-dnl They are *not* in the public domain.
-
-dnl Authors:
-dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
-dnl Bruno Haible <haible@clisp.cons.org>, 2000-2006, 2008-2010.
-
-dnl Macro to add for using GNU gettext.
-
-dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
-dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
-dnl default (if it is not specified or empty) is 'no-libtool'.
-dnl INTLSYMBOL should be 'external' for packages with no intl directory,
-dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory.
-dnl If INTLSYMBOL is 'use-libtool', then a libtool library
-dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static,
-dnl depending on --{enable,disable}-{shared,static} and on the presence of
-dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
-dnl $(top_builddir)/intl/libintl.a will be created.
-dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
-dnl implementations (in libc or libintl) without the ngettext() function
-dnl will be ignored. If NEEDSYMBOL is specified and is
-dnl 'need-formatstring-macros', then GNU gettext implementations that don't
-dnl support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
-dnl INTLDIR is used to find the intl libraries. If empty,
-dnl the value '$(top_builddir)/intl/' is used.
-dnl
-dnl The result of the configuration is one of three cases:
-dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
-dnl and used.
-dnl Catalog format: GNU --> install in $(datadir)
-dnl Catalog extension: .mo after installation, .gmo in source tree
-dnl 2) GNU gettext has been found in the system's C library.
-dnl Catalog format: GNU --> install in $(datadir)
-dnl Catalog extension: .mo after installation, .gmo in source tree
-dnl 3) No internationalization, always use English msgid.
-dnl Catalog format: none
-dnl Catalog extension: none
-dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur.
-dnl The use of .gmo is historical (it was needed to avoid overwriting the
-dnl GNU format catalogs when building on a platform with an X/Open gettext),
-dnl but we keep it in order not to force irrelevant filename changes on the
-dnl maintainers.
-dnl
-AC_DEFUN([AM_GNU_GETTEXT],
-[
- dnl Argument checking.
- ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
- [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
-])])])])])
- ifelse(ifelse([$1], [], [old])[]ifelse([$1], [no-libtool], [old]), [old],
- [AC_DIAGNOSE([obsolete], [Use of AM_GNU_GETTEXT without [external] argument is deprecated.])])
- ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
- [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
-])])])])
- define([gt_included_intl],
- ifelse([$1], [external],
- ifdef([AM_GNU_GETTEXT_][INTL_SUBDIR], [yes], [no]),
- [yes]))
- define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
- gt_NEEDS_INIT
- AM_GNU_GETTEXT_NEED([$2])
-
- AC_REQUIRE([AM_PO_SUBDIRS])dnl
- ifelse(gt_included_intl, yes, [
- AC_REQUIRE([AM_INTL_SUBDIR])dnl
- ])
-
- dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
- AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
- AC_REQUIRE([AC_LIB_RPATH])
-
- dnl Sometimes libintl requires libiconv, so first search for libiconv.
- dnl Ideally we would do this search only after the
- dnl if test "$USE_NLS" = "yes"; then
- dnl if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
- dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT
- dnl the configure script would need to contain the same shell code
- dnl again, outside any 'if'. There are two solutions:
- dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
- dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
- dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
- dnl documented, we avoid it.
- ifelse(gt_included_intl, yes, , [
- AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
- ])
-
- dnl Sometimes, on Mac OS X, libintl requires linking with CoreFoundation.
- gt_INTL_MACOSX
-
- dnl Set USE_NLS.
- AC_REQUIRE([AM_NLS])
-
- ifelse(gt_included_intl, yes, [
- BUILD_INCLUDED_LIBINTL=no
- USE_INCLUDED_LIBINTL=no
- ])
- LIBINTL=
- LTLIBINTL=
- POSUB=
-
- dnl Add a version number to the cache macros.
- case " $gt_needs " in
- *" need-formatstring-macros "*) gt_api_version=3 ;;
- *" need-ngettext "*) gt_api_version=2 ;;
- *) gt_api_version=1 ;;
- esac
- gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
- gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
-
- dnl If we use NLS figure out what method
- if test "$USE_NLS" = "yes"; then
- gt_use_preinstalled_gnugettext=no
- ifelse(gt_included_intl, yes, [
- AC_MSG_CHECKING([whether included gettext is requested])
- AC_ARG_WITH([included-gettext],
- [ --with-included-gettext use the GNU gettext library included here],
- nls_cv_force_use_gnu_gettext=$withval,
- nls_cv_force_use_gnu_gettext=no)
- AC_MSG_RESULT([$nls_cv_force_use_gnu_gettext])
-
- nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
- if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
- ])
- dnl User does not insist on using GNU NLS library. Figure out what
- dnl to use. If GNU gettext is available we use this. Else we have
- dnl to fall back to GNU NLS library.
-
- if test $gt_api_version -ge 3; then
- gt_revision_test_code='
-#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
-#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
-#endif
-changequote(,)dnl
-typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
-changequote([,])dnl
-'
- else
- gt_revision_test_code=
- fi
- if test $gt_api_version -ge 2; then
- gt_expression_test_code=' + * ngettext ("", "", 0)'
- else
- gt_expression_test_code=
- fi
-
- AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc],
- [AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern int *_nl_domain_bindings;
- ]],
- [[
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
- ]])],
- [eval "$gt_func_gnugettext_libc=yes"],
- [eval "$gt_func_gnugettext_libc=no"])])
-
- if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
- dnl Sometimes libintl requires libiconv, so first search for libiconv.
- ifelse(gt_included_intl, yes, , [
- AM_ICONV_LINK
- ])
- dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL
- dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv])
- dnl because that would add "-liconv" to LIBINTL and LTLIBINTL
- dnl even if libiconv doesn't exist.
- AC_LIB_LINKFLAGS_BODY([intl])
- AC_CACHE_CHECK([for GNU gettext in libintl],
- [$gt_func_gnugettext_libintl],
- [gt_save_CPPFLAGS="$CPPFLAGS"
- CPPFLAGS="$CPPFLAGS $INCINTL"
- gt_save_LIBS="$LIBS"
- LIBS="$LIBS $LIBINTL"
- dnl Now see whether libintl exists and does not depend on libiconv.
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
- ]],
- [[
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
- ]])],
- [eval "$gt_func_gnugettext_libintl=yes"],
- [eval "$gt_func_gnugettext_libintl=no"])
- dnl Now see whether libintl exists and depends on libiconv.
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
- LIBS="$LIBS $LIBICONV"
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <libintl.h>
-$gt_revision_test_code
-extern int _nl_msg_cat_cntr;
-extern
-#ifdef __cplusplus
-"C"
-#endif
-const char *_nl_expand_alias (const char *);
- ]],
- [[
-bindtextdomain ("", "");
-return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
- ]])],
- [LIBINTL="$LIBINTL $LIBICONV"
- LTLIBINTL="$LTLIBINTL $LTLIBICONV"
- eval "$gt_func_gnugettext_libintl=yes"
- ])
- fi
- CPPFLAGS="$gt_save_CPPFLAGS"
- LIBS="$gt_save_LIBS"])
- fi
-
- dnl If an already present or preinstalled GNU gettext() is found,
- dnl use it. But if this macro is used in GNU gettext, and GNU
- dnl gettext is already preinstalled in libintl, we update this
- dnl libintl. (Cf. the install rule in intl/Makefile.in.)
- if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
- || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
- && test "$PACKAGE" != gettext-runtime \
- && test "$PACKAGE" != gettext-tools; }; then
- gt_use_preinstalled_gnugettext=yes
- else
- dnl Reset the values set by searching for libintl.
- LIBINTL=
- LTLIBINTL=
- INCINTL=
- fi
-
- ifelse(gt_included_intl, yes, [
- if test "$gt_use_preinstalled_gnugettext" != "yes"; then
- dnl GNU gettext is not found in the C library.
- dnl Fall back on included GNU gettext library.
- nls_cv_use_gnu_gettext=yes
- fi
- fi
-
- if test "$nls_cv_use_gnu_gettext" = "yes"; then
- dnl Mark actions used to generate GNU NLS library.
- BUILD_INCLUDED_LIBINTL=yes
- USE_INCLUDED_LIBINTL=yes
- LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV $LIBTHREAD"
- LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV $LTLIBTHREAD"
- LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'`
- fi
-
- CATOBJEXT=
- if test "$gt_use_preinstalled_gnugettext" = "yes" \
- || test "$nls_cv_use_gnu_gettext" = "yes"; then
- dnl Mark actions to use GNU gettext tools.
- CATOBJEXT=.gmo
- fi
- ])
-
- if test -n "$INTL_MACOSX_LIBS"; then
- if test "$gt_use_preinstalled_gnugettext" = "yes" \
- || test "$nls_cv_use_gnu_gettext" = "yes"; then
- dnl Some extra flags are needed during linking.
- LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
- LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
- fi
- fi
-
- if test "$gt_use_preinstalled_gnugettext" = "yes" \
- || test "$nls_cv_use_gnu_gettext" = "yes"; then
- AC_DEFINE([ENABLE_NLS], [1],
- [Define to 1 if translation of program messages to the user's native language
- is requested.])
- else
- USE_NLS=no
- fi
- fi
-
- AC_MSG_CHECKING([whether to use NLS])
- AC_MSG_RESULT([$USE_NLS])
- if test "$USE_NLS" = "yes"; then
- AC_MSG_CHECKING([where the gettext function comes from])
- if test "$gt_use_preinstalled_gnugettext" = "yes"; then
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
- gt_source="external libintl"
- else
- gt_source="libc"
- fi
- else
- gt_source="included intl directory"
- fi
- AC_MSG_RESULT([$gt_source])
- fi
-
- if test "$USE_NLS" = "yes"; then
-
- if test "$gt_use_preinstalled_gnugettext" = "yes"; then
- if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
- AC_MSG_CHECKING([how to link with libintl])
- AC_MSG_RESULT([$LIBINTL])
- AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL])
- fi
-
- dnl For backward compatibility. Some packages may be using this.
- AC_DEFINE([HAVE_GETTEXT], [1],
- [Define if the GNU gettext() function is already present or preinstalled.])
- AC_DEFINE([HAVE_DCGETTEXT], [1],
- [Define if the GNU dcgettext() function is already present or preinstalled.])
- fi
-
- dnl We need to process the po/ directory.
- POSUB=po
- fi
-
- ifelse(gt_included_intl, yes, [
- dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL
- dnl to 'yes' because some of the testsuite requires it.
- if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then
- BUILD_INCLUDED_LIBINTL=yes
- fi
-
- dnl Make all variables we use known to autoconf.
- AC_SUBST([BUILD_INCLUDED_LIBINTL])
- AC_SUBST([USE_INCLUDED_LIBINTL])
- AC_SUBST([CATOBJEXT])
-
- dnl For backward compatibility. Some configure.ins may be using this.
- nls_cv_header_intl=
- nls_cv_header_libgt=
-
- dnl For backward compatibility. Some Makefiles may be using this.
- DATADIRNAME=share
- AC_SUBST([DATADIRNAME])
-
- dnl For backward compatibility. Some Makefiles may be using this.
- INSTOBJEXT=.mo
- AC_SUBST([INSTOBJEXT])
-
- dnl For backward compatibility. Some Makefiles may be using this.
- GENCAT=gencat
- AC_SUBST([GENCAT])
-
- dnl For backward compatibility. Some Makefiles may be using this.
- INTLOBJS=
- if test "$USE_INCLUDED_LIBINTL" = yes; then
- INTLOBJS="\$(GETTOBJS)"
- fi
- AC_SUBST([INTLOBJS])
-
- dnl Enable libtool support if the surrounding package wishes it.
- INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix
- AC_SUBST([INTL_LIBTOOL_SUFFIX_PREFIX])
- ])
-
- dnl For backward compatibility. Some Makefiles may be using this.
- INTLLIBS="$LIBINTL"
- AC_SUBST([INTLLIBS])
-
- dnl Make all documented variables known to autoconf.
- AC_SUBST([LIBINTL])
- AC_SUBST([LTLIBINTL])
- AC_SUBST([POSUB])
-])
-
-
-dnl gt_NEEDS_INIT ensures that the gt_needs variable is initialized.
-m4_define([gt_NEEDS_INIT],
-[
- m4_divert_text([DEFAULTS], [gt_needs=])
- m4_define([gt_NEEDS_INIT], [])
-])
-
-
-dnl Usage: AM_GNU_GETTEXT_NEED([NEEDSYMBOL])
-AC_DEFUN([AM_GNU_GETTEXT_NEED],
-[
- m4_divert_text([INIT_PREPARE], [gt_needs="$gt_needs $1"])
-])
-
-
-dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version])
-AC_DEFUN([AM_GNU_GETTEXT_VERSION], [])
+++ /dev/null
-# iconv.m4 serial 18 (gettext-0.18.2)
-dnl Copyright (C) 2000-2002, 2007-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-
-dnl From Bruno Haible.
-
-AC_DEFUN([AM_ICONV_LINKFLAGS_BODY],
-[
- dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
- AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
- AC_REQUIRE([AC_LIB_RPATH])
-
- dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
- dnl accordingly.
- AC_LIB_LINKFLAGS_BODY([iconv])
-])
-
-AC_DEFUN([AM_ICONV_LINK],
-[
- dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and
- dnl those with the standalone portable GNU libiconv installed).
- AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
-
- dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
- dnl accordingly.
- AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
-
- dnl Add $INCICONV to CPPFLAGS before performing the following checks,
- dnl because if the user has installed libiconv and not disabled its use
- dnl via --without-libiconv-prefix, he wants to use it. The first
- dnl AC_LINK_IFELSE will then fail, the second AC_LINK_IFELSE will succeed.
- am_save_CPPFLAGS="$CPPFLAGS"
- AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
-
- AC_CACHE_CHECK([for iconv], [am_cv_func_iconv], [
- am_cv_func_iconv="no, consider installing GNU libiconv"
- am_cv_lib_iconv=no
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <stdlib.h>
-#include <iconv.h>
- ]],
- [[iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);]])],
- [am_cv_func_iconv=yes])
- if test "$am_cv_func_iconv" != yes; then
- am_save_LIBS="$LIBS"
- LIBS="$LIBS $LIBICONV"
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <stdlib.h>
-#include <iconv.h>
- ]],
- [[iconv_t cd = iconv_open("","");
- iconv(cd,NULL,NULL,NULL,NULL);
- iconv_close(cd);]])],
- [am_cv_lib_iconv=yes]
- [am_cv_func_iconv=yes])
- LIBS="$am_save_LIBS"
- fi
- ])
- if test "$am_cv_func_iconv" = yes; then
- AC_CACHE_CHECK([for working iconv], [am_cv_func_iconv_works], [
- dnl This tests against bugs in AIX 5.1, AIX 6.1..7.1, HP-UX 11.11,
- dnl Solaris 10.
- am_save_LIBS="$LIBS"
- if test $am_cv_lib_iconv = yes; then
- LIBS="$LIBS $LIBICONV"
- fi
- AC_RUN_IFELSE(
- [AC_LANG_SOURCE([[
-#include <iconv.h>
-#include <string.h>
-int main ()
-{
- int result = 0;
- /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
- returns. */
- {
- iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
- if (cd_utf8_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\342\202\254"; /* EURO SIGN */
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_utf8_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 1;
- iconv_close (cd_utf8_to_88591);
- }
- }
- /* Test against Solaris 10 bug: Failures are not distinguishable from
- successful returns. */
- {
- iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646");
- if (cd_ascii_to_88591 != (iconv_t)(-1))
- {
- static const char input[] = "\263";
- char buf[10];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_ascii_to_88591,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res == 0)
- result |= 2;
- iconv_close (cd_ascii_to_88591);
- }
- }
- /* Test against AIX 6.1..7.1 bug: Buffer overrun. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304";
- static char buf[2] = { (char)0xDE, (char)0xAD };
- const char *inptr = input;
- size_t inbytesleft = 1;
- char *outptr = buf;
- size_t outbytesleft = 1;
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD)
- result |= 4;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#if 0 /* This bug could be worked around by the caller. */
- /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
- {
- iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
- if (cd_88591_to_utf8 != (iconv_t)(-1))
- {
- static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
- char buf[50];
- const char *inptr = input;
- size_t inbytesleft = strlen (input);
- char *outptr = buf;
- size_t outbytesleft = sizeof (buf);
- size_t res = iconv (cd_88591_to_utf8,
- (char **) &inptr, &inbytesleft,
- &outptr, &outbytesleft);
- if ((int)res > 0)
- result |= 8;
- iconv_close (cd_88591_to_utf8);
- }
- }
-#endif
- /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
- provided. */
- if (/* Try standardized names. */
- iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
- /* Try IRIX, OSF/1 names. */
- && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
- /* Try AIX names. */
- && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
- /* Try HP-UX names. */
- && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
- result |= 16;
- return result;
-}]])],
- [am_cv_func_iconv_works=yes],
- [am_cv_func_iconv_works=no],
- [
-changequote(,)dnl
- case "$host_os" in
- aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
- *) am_cv_func_iconv_works="guessing yes" ;;
- esac
-changequote([,])dnl
- ])
- LIBS="$am_save_LIBS"
- ])
- case "$am_cv_func_iconv_works" in
- *no) am_func_iconv=no am_cv_lib_iconv=no ;;
- *) am_func_iconv=yes ;;
- esac
- else
- am_func_iconv=no am_cv_lib_iconv=no
- fi
- if test "$am_func_iconv" = yes; then
- AC_DEFINE([HAVE_ICONV], [1],
- [Define if you have the iconv() function and it works.])
- fi
- if test "$am_cv_lib_iconv" = yes; then
- AC_MSG_CHECKING([how to link with libiconv])
- AC_MSG_RESULT([$LIBICONV])
- else
- dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV
- dnl either.
- CPPFLAGS="$am_save_CPPFLAGS"
- LIBICONV=
- LTLIBICONV=
- fi
- AC_SUBST([LIBICONV])
- AC_SUBST([LTLIBICONV])
-])
-
-dnl Define AM_ICONV using AC_DEFUN_ONCE for Autoconf >= 2.64, in order to
-dnl avoid warnings like
-dnl "warning: AC_REQUIRE: `AM_ICONV' was expanded before it was required".
-dnl This is tricky because of the way 'aclocal' is implemented:
-dnl - It requires defining an auxiliary macro whose name ends in AC_DEFUN.
-dnl Otherwise aclocal's initial scan pass would miss the macro definition.
-dnl - It requires a line break inside the AC_DEFUN_ONCE and AC_DEFUN expansions.
-dnl Otherwise aclocal would emit many "Use of uninitialized value $1"
-dnl warnings.
-m4_define([gl_iconv_AC_DEFUN],
- m4_version_prereq([2.64],
- [[AC_DEFUN_ONCE(
- [$1], [$2])]],
- [m4_ifdef([gl_00GNULIB],
- [[AC_DEFUN_ONCE(
- [$1], [$2])]],
- [[AC_DEFUN(
- [$1], [$2])]])]))
-gl_iconv_AC_DEFUN([AM_ICONV],
-[
- AM_ICONV_LINK
- if test "$am_cv_func_iconv" = yes; then
- AC_MSG_CHECKING([for iconv declaration])
- AC_CACHE_VAL([am_cv_proto_iconv], [
- AC_COMPILE_IFELSE(
- [AC_LANG_PROGRAM(
- [[
-#include <stdlib.h>
-#include <iconv.h>
-extern
-#ifdef __cplusplus
-"C"
-#endif
-#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus)
-size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
-#else
-size_t iconv();
-#endif
- ]],
- [[]])],
- [am_cv_proto_iconv_arg1=""],
- [am_cv_proto_iconv_arg1="const"])
- am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"])
- am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
- AC_MSG_RESULT([
- $am_cv_proto_iconv])
- AC_DEFINE_UNQUOTED([ICONV_CONST], [$am_cv_proto_iconv_arg1],
- [Define as const if the declaration of iconv() needs const.])
- dnl Also substitute ICONV_CONST in the gnulib generated <iconv.h>.
- m4_ifdef([gl_ICONV_H_DEFAULTS],
- [AC_REQUIRE([gl_ICONV_H_DEFAULTS])
- if test -n "$am_cv_proto_iconv_arg1"; then
- ICONV_CONST="const"
- fi
- ])
- fi
-])
+++ /dev/null
-# intlmacosx.m4 serial 5 (gettext-0.18.2)
-dnl Copyright (C) 2004-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-dnl
-dnl This file can can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
-dnl License but which still want to provide support for the GNU gettext
-dnl functionality.
-dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
-dnl They are *not* in the public domain.
-
-dnl Checks for special options needed on Mac OS X.
-dnl Defines INTL_MACOSX_LIBS.
-AC_DEFUN([gt_INTL_MACOSX],
-[
- dnl Check for API introduced in Mac OS X 10.2.
- AC_CACHE_CHECK([for CFPreferencesCopyAppValue],
- [gt_cv_func_CFPreferencesCopyAppValue],
- [gt_save_LIBS="$LIBS"
- LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[#include <CoreFoundation/CFPreferences.h>]],
- [[CFPreferencesCopyAppValue(NULL, NULL)]])],
- [gt_cv_func_CFPreferencesCopyAppValue=yes],
- [gt_cv_func_CFPreferencesCopyAppValue=no])
- LIBS="$gt_save_LIBS"])
- if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
- AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], [1],
- [Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in the CoreFoundation framework.])
- fi
- dnl Check for API introduced in Mac OS X 10.3.
- AC_CACHE_CHECK([for CFLocaleCopyCurrent], [gt_cv_func_CFLocaleCopyCurrent],
- [gt_save_LIBS="$LIBS"
- LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM(
- [[#include <CoreFoundation/CFLocale.h>]],
- [[CFLocaleCopyCurrent();]])],
- [gt_cv_func_CFLocaleCopyCurrent=yes],
- [gt_cv_func_CFLocaleCopyCurrent=no])
- LIBS="$gt_save_LIBS"])
- if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
- AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], [1],
- [Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the CoreFoundation framework.])
- fi
- INTL_MACOSX_LIBS=
- if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
- INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
- fi
- AC_SUBST([INTL_MACOSX_LIBS])
-])
+++ /dev/null
-# lib-ld.m4 serial 6
-dnl Copyright (C) 1996-2003, 2009-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-
-dnl Subroutines of libtool.m4,
-dnl with replacements s/_*LT_PATH/AC_LIB_PROG/ and s/lt_/acl_/ to avoid
-dnl collision with libtool.m4.
-
-dnl From libtool-2.4. Sets the variable with_gnu_ld to yes or no.
-AC_DEFUN([AC_LIB_PROG_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], [acl_cv_prog_gnu_ld],
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- acl_cv_prog_gnu_ld=yes
- ;;
-*)
- acl_cv_prog_gnu_ld=no
- ;;
-esac])
-with_gnu_ld=$acl_cv_prog_gnu_ld
-])
-
-dnl From libtool-2.4. Sets the variable LD.
-AC_DEFUN([AC_LIB_PROG_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-
-AC_ARG_WITH([gnu-ld],
- [AS_HELP_STRING([--with-gnu-ld],
- [assume the C compiler uses GNU ld [default=no]])],
- [test "$withval" = no || with_gnu_ld=yes],
- [with_gnu_ld=no])dnl
-
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-ac_prog=ld
-if test "$GCC" = yes; then
- # Check if gcc -print-prog-name=ld gives a path.
- AC_MSG_CHECKING([for ld used by $CC])
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [[\\/]]* | ?:[[\\/]]*)
- re_direlt='/[[^/]][[^/]]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'`
- while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD="$ac_prog"
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test "$with_gnu_ld" = yes; then
- AC_MSG_CHECKING([for GNU ld])
-else
- AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL([acl_cv_path_LD],
-[if test -z "$LD"; then
- acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS="$acl_save_ifs"
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- acl_cv_path_LD="$ac_dir/$ac_prog"
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$acl_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test "$with_gnu_ld" != no && break
- ;;
- *)
- test "$with_gnu_ld" != yes && break
- ;;
- esac
- fi
- done
- IFS="$acl_save_ifs"
-else
- acl_cv_path_LD="$LD" # Let the user override the test with a path.
-fi])
-LD="$acl_cv_path_LD"
-if test -n "$LD"; then
- AC_MSG_RESULT([$LD])
-else
- AC_MSG_RESULT([no])
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-AC_LIB_PROG_LD_GNU
-])
+++ /dev/null
-# lib-link.m4 serial 26 (gettext-0.18.2)
-dnl Copyright (C) 2001-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-
-dnl From Bruno Haible.
-
-AC_PREREQ([2.54])
-
-dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
-dnl the libraries corresponding to explicit and implicit dependencies.
-dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
-dnl augments the CPPFLAGS variable.
-dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
-dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
-AC_DEFUN([AC_LIB_LINKFLAGS],
-[
- AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
- AC_REQUIRE([AC_LIB_RPATH])
- pushdef([Name],[m4_translit([$1],[./+-], [____])])
- pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
- AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
- AC_LIB_LINKFLAGS_BODY([$1], [$2])
- ac_cv_lib[]Name[]_libs="$LIB[]NAME"
- ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
- ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
- ac_cv_lib[]Name[]_prefix="$LIB[]NAME[]_PREFIX"
- ])
- LIB[]NAME="$ac_cv_lib[]Name[]_libs"
- LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
- INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
- LIB[]NAME[]_PREFIX="$ac_cv_lib[]Name[]_prefix"
- AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
- AC_SUBST([LIB]NAME)
- AC_SUBST([LTLIB]NAME)
- AC_SUBST([LIB]NAME[_PREFIX])
- dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
- dnl results of this search when this library appears as a dependency.
- HAVE_LIB[]NAME=yes
- popdef([NAME])
- popdef([Name])
-])
-
-dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode, [missing-message])
-dnl searches for libname and the libraries corresponding to explicit and
-dnl implicit dependencies, together with the specified include files and
-dnl the ability to compile and link the specified testcode. The missing-message
-dnl defaults to 'no' and may contain additional hints for the user.
-dnl If found, it sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME}
-dnl and LTLIB${NAME} variables and augments the CPPFLAGS variable, and
-dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
-dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
-dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
-dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
-AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
-[
- AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
- AC_REQUIRE([AC_LIB_RPATH])
- pushdef([Name],[m4_translit([$1],[./+-], [____])])
- pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
-
- dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
- dnl accordingly.
- AC_LIB_LINKFLAGS_BODY([$1], [$2])
-
- dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
- dnl because if the user has installed lib[]Name and not disabled its use
- dnl via --without-lib[]Name-prefix, he wants to use it.
- ac_save_CPPFLAGS="$CPPFLAGS"
- AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
-
- AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
- ac_save_LIBS="$LIBS"
- dnl If $LIB[]NAME contains some -l options, add it to the end of LIBS,
- dnl because these -l options might require -L options that are present in
- dnl LIBS. -l options benefit only from the -L options listed before it.
- dnl Otherwise, add it to the front of LIBS, because it may be a static
- dnl library that depends on another static library that is present in LIBS.
- dnl Static libraries benefit only from the static libraries listed after
- dnl it.
- case " $LIB[]NAME" in
- *" -l"*) LIBS="$LIBS $LIB[]NAME" ;;
- *) LIBS="$LIB[]NAME $LIBS" ;;
- esac
- AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([[$3]], [[$4]])],
- [ac_cv_lib[]Name=yes],
- [ac_cv_lib[]Name='m4_if([$5], [], [no], [[$5]])'])
- LIBS="$ac_save_LIBS"
- ])
- if test "$ac_cv_lib[]Name" = yes; then
- HAVE_LIB[]NAME=yes
- AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the lib][$1 library.])
- AC_MSG_CHECKING([how to link with lib[]$1])
- AC_MSG_RESULT([$LIB[]NAME])
- else
- HAVE_LIB[]NAME=no
- dnl If $LIB[]NAME didn't lead to a usable library, we don't need
- dnl $INC[]NAME either.
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIB[]NAME=
- LTLIB[]NAME=
- LIB[]NAME[]_PREFIX=
- fi
- AC_SUBST([HAVE_LIB]NAME)
- AC_SUBST([LIB]NAME)
- AC_SUBST([LTLIB]NAME)
- AC_SUBST([LIB]NAME[_PREFIX])
- popdef([NAME])
- popdef([Name])
-])
-
-dnl Determine the platform dependent parameters needed to use rpath:
-dnl acl_libext,
-dnl acl_shlibext,
-dnl acl_libname_spec,
-dnl acl_library_names_spec,
-dnl acl_hardcode_libdir_flag_spec,
-dnl acl_hardcode_libdir_separator,
-dnl acl_hardcode_direct,
-dnl acl_hardcode_minus_L.
-AC_DEFUN([AC_LIB_RPATH],
-[
- dnl Tell automake >= 1.10 to complain if config.rpath is missing.
- m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])])
- AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
- AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
- AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
- AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
- AC_CACHE_CHECK([for shared library run path origin], [acl_cv_rpath], [
- CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
- ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
- . ./conftest.sh
- rm -f ./conftest.sh
- acl_cv_rpath=done
- ])
- wl="$acl_cv_wl"
- acl_libext="$acl_cv_libext"
- acl_shlibext="$acl_cv_shlibext"
- acl_libname_spec="$acl_cv_libname_spec"
- acl_library_names_spec="$acl_cv_library_names_spec"
- acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
- acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
- acl_hardcode_direct="$acl_cv_hardcode_direct"
- acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
- dnl Determine whether the user wants rpath handling at all.
- AC_ARG_ENABLE([rpath],
- [ --disable-rpath do not hardcode runtime library paths],
- :, enable_rpath=yes)
-])
-
-dnl AC_LIB_FROMPACKAGE(name, package)
-dnl declares that libname comes from the given package. The configure file
-dnl will then not have a --with-libname-prefix option but a
-dnl --with-package-prefix option. Several libraries can come from the same
-dnl package. This declaration must occur before an AC_LIB_LINKFLAGS or similar
-dnl macro call that searches for libname.
-AC_DEFUN([AC_LIB_FROMPACKAGE],
-[
- pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
- define([acl_frompackage_]NAME, [$2])
- popdef([NAME])
- pushdef([PACK],[$2])
- pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
- define([acl_libsinpackage_]PACKUP,
- m4_ifdef([acl_libsinpackage_]PACKUP, [m4_defn([acl_libsinpackage_]PACKUP)[, ]],)[lib$1])
- popdef([PACKUP])
- popdef([PACK])
-])
-
-dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
-dnl the libraries corresponding to explicit and implicit dependencies.
-dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
-dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found
-dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
-AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
-[
- AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
- pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
- pushdef([PACK],[m4_ifdef([acl_frompackage_]NAME, [acl_frompackage_]NAME, lib[$1])])
- pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-],
- [ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
- pushdef([PACKLIBS],[m4_ifdef([acl_frompackage_]NAME, [acl_libsinpackage_]PACKUP, lib[$1])])
- dnl Autoconf >= 2.61 supports dots in --with options.
- pushdef([P_A_C_K],[m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.61]),[-1],[m4_translit(PACK,[.],[_])],PACK)])
- dnl By default, look in $includedir and $libdir.
- use_additional=yes
- AC_LIB_WITH_FINAL_PREFIX([
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
- ])
- AC_ARG_WITH(P_A_C_K[-prefix],
-[[ --with-]]P_A_C_K[[-prefix[=DIR] search for ]PACKLIBS[ in DIR/include and DIR/lib
- --without-]]P_A_C_K[[-prefix don't search for ]PACKLIBS[ in includedir and libdir]],
-[
- if test "X$withval" = "Xno"; then
- use_additional=no
- else
- if test "X$withval" = "X"; then
- AC_LIB_WITH_FINAL_PREFIX([
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
- ])
- else
- additional_includedir="$withval/include"
- additional_libdir="$withval/$acl_libdirstem"
- if test "$acl_libdirstem2" != "$acl_libdirstem" \
- && ! test -d "$withval/$acl_libdirstem"; then
- additional_libdir="$withval/$acl_libdirstem2"
- fi
- fi
- fi
-])
- dnl Search the library and its dependencies in $additional_libdir and
- dnl $LDFLAGS. Using breadth-first-seach.
- LIB[]NAME=
- LTLIB[]NAME=
- INC[]NAME=
- LIB[]NAME[]_PREFIX=
- dnl HAVE_LIB${NAME} is an indicator that LIB${NAME}, LTLIB${NAME} have been
- dnl computed. So it has to be reset here.
- HAVE_LIB[]NAME=
- rpathdirs=
- ltrpathdirs=
- names_already_handled=
- names_next_round='$1 $2'
- while test -n "$names_next_round"; do
- names_this_round="$names_next_round"
- names_next_round=
- for name in $names_this_round; do
- already_handled=
- for n in $names_already_handled; do
- if test "$n" = "$name"; then
- already_handled=yes
- break
- fi
- done
- if test -z "$already_handled"; then
- names_already_handled="$names_already_handled $name"
- dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
- dnl or AC_LIB_HAVE_LINKFLAGS call.
- uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
- eval value=\"\$HAVE_LIB$uppername\"
- if test -n "$value"; then
- if test "$value" = yes; then
- eval value=\"\$LIB$uppername\"
- test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
- eval value=\"\$LTLIB$uppername\"
- test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
- else
- dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
- dnl that this library doesn't exist. So just drop it.
- :
- fi
- else
- dnl Search the library lib$name in $additional_libdir and $LDFLAGS
- dnl and the already constructed $LIBNAME/$LTLIBNAME.
- found_dir=
- found_la=
- found_so=
- found_a=
- eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
- if test -n "$acl_shlibext"; then
- shrext=".$acl_shlibext" # typically: shrext=.so
- else
- shrext=
- fi
- if test $use_additional = yes; then
- dir="$additional_libdir"
- dnl The same code as in the loop below:
- dnl First look for a shared library.
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- dnl Then look for a static library.
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- fi
- if test "X$found_dir" = "X"; then
- for x in $LDFLAGS $LTLIB[]NAME; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- case "$x" in
- -L*)
- dir=`echo "X$x" | sed -e 's/^X-L//'`
- dnl First look for a shared library.
- if test -n "$acl_shlibext"; then
- if test -f "$dir/$libname$shrext"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext"
- else
- if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
- ver=`(cd "$dir" && \
- for f in "$libname$shrext".*; do echo "$f"; done \
- | sed -e "s,^$libname$shrext\\\\.,," \
- | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
- | sed 1q ) 2>/dev/null`
- if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
- found_dir="$dir"
- found_so="$dir/$libname$shrext.$ver"
- fi
- else
- eval library_names=\"$acl_library_names_spec\"
- for f in $library_names; do
- if test -f "$dir/$f"; then
- found_dir="$dir"
- found_so="$dir/$f"
- break
- fi
- done
- fi
- fi
- fi
- dnl Then look for a static library.
- if test "X$found_dir" = "X"; then
- if test -f "$dir/$libname.$acl_libext"; then
- found_dir="$dir"
- found_a="$dir/$libname.$acl_libext"
- fi
- fi
- if test "X$found_dir" != "X"; then
- if test -f "$dir/$libname.la"; then
- found_la="$dir/$libname.la"
- fi
- fi
- ;;
- esac
- if test "X$found_dir" != "X"; then
- break
- fi
- done
- fi
- if test "X$found_dir" != "X"; then
- dnl Found the library.
- LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
- if test "X$found_so" != "X"; then
- dnl Linking with a shared library. We attempt to hardcode its
- dnl directory into the executable's runpath, unless it's the
- dnl standard /usr/lib.
- if test "$enable_rpath" = no \
- || test "X$found_dir" = "X/usr/$acl_libdirstem" \
- || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then
- dnl No hardcoding is needed.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
- else
- dnl Use an explicit option to hardcode DIR into the resulting
- dnl binary.
- dnl Potentially add DIR to ltrpathdirs.
- dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $found_dir"
- fi
- dnl The hardcoding into $LIBNAME is system dependent.
- if test "$acl_hardcode_direct" = yes; then
- dnl Using DIR/libNAME.so during linking hardcodes DIR into the
- dnl resulting binary.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
- else
- if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
- dnl Use an explicit option to hardcode DIR into the resulting
- dnl binary.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
- dnl Potentially add DIR to rpathdirs.
- dnl The rpathdirs will be appended to $LIBNAME at the end.
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $found_dir"
- fi
- else
- dnl Rely on "-L$found_dir".
- dnl But don't add it if it's already contained in the LDFLAGS
- dnl or the already constructed $LIBNAME
- haveit=
- for x in $LDFLAGS $LIB[]NAME; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-L$found_dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
- fi
- if test "$acl_hardcode_minus_L" != no; then
- dnl FIXME: Not sure whether we should use
- dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
- dnl here.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
- else
- dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH
- dnl here, because this doesn't fit in flags passed to the
- dnl compiler. So give up. No hardcoding. This affects only
- dnl very old systems.
- dnl FIXME: Not sure whether we should use
- dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
- dnl here.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
- fi
- fi
- fi
- fi
- else
- if test "X$found_a" != "X"; then
- dnl Linking with a static library.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
- else
- dnl We shouldn't come here, but anyway it's good to have a
- dnl fallback.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
- fi
- fi
- dnl Assume the include files are nearby.
- additional_includedir=
- case "$found_dir" in
- */$acl_libdirstem | */$acl_libdirstem/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
- if test "$name" = '$1'; then
- LIB[]NAME[]_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- */$acl_libdirstem2 | */$acl_libdirstem2/)
- basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
- if test "$name" = '$1'; then
- LIB[]NAME[]_PREFIX="$basedir"
- fi
- additional_includedir="$basedir/include"
- ;;
- esac
- if test "X$additional_includedir" != "X"; then
- dnl Potentially add $additional_includedir to $INCNAME.
- dnl But don't add it
- dnl 1. if it's the standard /usr/include,
- dnl 2. if it's /usr/local/include and we are using GCC on Linux,
- dnl 3. if it's already present in $CPPFLAGS or the already
- dnl constructed $INCNAME,
- dnl 4. if it doesn't exist as a directory.
- if test "X$additional_includedir" != "X/usr/include"; then
- haveit=
- if test "X$additional_includedir" = "X/usr/local/include"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- for x in $CPPFLAGS $INC[]NAME; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-I$additional_includedir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_includedir"; then
- dnl Really add $additional_includedir to $INCNAME.
- INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
- fi
- fi
- fi
- fi
- fi
- dnl Look for dependencies.
- if test -n "$found_la"; then
- dnl Read the .la file. It defines the variables
- dnl dlname, library_names, old_library, dependency_libs, current,
- dnl age, revision, installed, dlopen, dlpreopen, libdir.
- save_libdir="$libdir"
- case "$found_la" in
- */* | *\\*) . "$found_la" ;;
- *) . "./$found_la" ;;
- esac
- libdir="$save_libdir"
- dnl We use only dependency_libs.
- for dep in $dependency_libs; do
- case "$dep" in
- -L*)
- additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
- dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME.
- dnl But don't add it
- dnl 1. if it's the standard /usr/lib,
- dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
- dnl 3. if it's already present in $LDFLAGS or the already
- dnl constructed $LIBNAME,
- dnl 4. if it doesn't exist as a directory.
- if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \
- && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then
- haveit=
- if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \
- || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- haveit=
- for x in $LDFLAGS $LIB[]NAME; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- dnl Really add $additional_libdir to $LIBNAME.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir"
- fi
- fi
- haveit=
- for x in $LDFLAGS $LTLIB[]NAME; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- dnl Really add $additional_libdir to $LTLIBNAME.
- LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir"
- fi
- fi
- fi
- fi
- ;;
- -R*)
- dir=`echo "X$dep" | sed -e 's/^X-R//'`
- if test "$enable_rpath" != no; then
- dnl Potentially add DIR to rpathdirs.
- dnl The rpathdirs will be appended to $LIBNAME at the end.
- haveit=
- for x in $rpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- rpathdirs="$rpathdirs $dir"
- fi
- dnl Potentially add DIR to ltrpathdirs.
- dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
- haveit=
- for x in $ltrpathdirs; do
- if test "X$x" = "X$dir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- ltrpathdirs="$ltrpathdirs $dir"
- fi
- fi
- ;;
- -l*)
- dnl Handle this in the next round.
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
- ;;
- *.la)
- dnl Handle this in the next round. Throw away the .la's
- dnl directory; it is already contained in a preceding -L
- dnl option.
- names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
- ;;
- *)
- dnl Most likely an immediate library name.
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
- LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
- ;;
- esac
- done
- fi
- else
- dnl Didn't find the library; assume it is in the system directories
- dnl known to the linker and runtime loader. (All the system
- dnl directories known to the linker should also be known to the
- dnl runtime loader, otherwise the system is severely misconfigured.)
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
- LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
- fi
- fi
- fi
- done
- done
- if test "X$rpathdirs" != "X"; then
- if test -n "$acl_hardcode_libdir_separator"; then
- dnl Weird platform: only the last -rpath option counts, the user must
- dnl pass all path elements in one option. We can arrange that for a
- dnl single library, but not when more than one $LIBNAMEs are used.
- alldirs=
- for found_dir in $rpathdirs; do
- alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
- done
- dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl.
- acl_save_libdir="$libdir"
- libdir="$alldirs"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
- else
- dnl The -rpath options are cumulative.
- for found_dir in $rpathdirs; do
- acl_save_libdir="$libdir"
- libdir="$found_dir"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
- done
- fi
- fi
- if test "X$ltrpathdirs" != "X"; then
- dnl When using libtool, the option that works for both libraries and
- dnl executables is -R. The -R options are cumulative.
- for found_dir in $ltrpathdirs; do
- LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
- done
- fi
- popdef([P_A_C_K])
- popdef([PACKLIBS])
- popdef([PACKUP])
- popdef([PACK])
- popdef([NAME])
-])
-
-dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
-dnl unless already present in VAR.
-dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
-dnl contains two or three consecutive elements that belong together.
-AC_DEFUN([AC_LIB_APPENDTOVAR],
-[
- for element in [$2]; do
- haveit=
- for x in $[$1]; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X$element"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- [$1]="${[$1]}${[$1]:+ }$element"
- fi
- done
-])
-
-dnl For those cases where a variable contains several -L and -l options
-dnl referring to unknown libraries and directories, this macro determines the
-dnl necessary additional linker options for the runtime path.
-dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL])
-dnl sets LDADDVAR to linker options needed together with LIBSVALUE.
-dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed,
-dnl otherwise linking without libtool is assumed.
-AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS],
-[
- AC_REQUIRE([AC_LIB_RPATH])
- AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
- $1=
- if test "$enable_rpath" != no; then
- if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
- dnl Use an explicit option to hardcode directories into the resulting
- dnl binary.
- rpathdirs=
- next=
- for opt in $2; do
- if test -n "$next"; then
- dir="$next"
- dnl No need to hardcode the standard /usr/lib.
- if test "X$dir" != "X/usr/$acl_libdirstem" \
- && test "X$dir" != "X/usr/$acl_libdirstem2"; then
- rpathdirs="$rpathdirs $dir"
- fi
- next=
- else
- case $opt in
- -L) next=yes ;;
- -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'`
- dnl No need to hardcode the standard /usr/lib.
- if test "X$dir" != "X/usr/$acl_libdirstem" \
- && test "X$dir" != "X/usr/$acl_libdirstem2"; then
- rpathdirs="$rpathdirs $dir"
- fi
- next= ;;
- *) next= ;;
- esac
- fi
- done
- if test "X$rpathdirs" != "X"; then
- if test -n ""$3""; then
- dnl libtool is used for linking. Use -R options.
- for dir in $rpathdirs; do
- $1="${$1}${$1:+ }-R$dir"
- done
- else
- dnl The linker is used for linking directly.
- if test -n "$acl_hardcode_libdir_separator"; then
- dnl Weird platform: only the last -rpath option counts, the user
- dnl must pass all path elements in one option.
- alldirs=
- for dir in $rpathdirs; do
- alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir"
- done
- acl_save_libdir="$libdir"
- libdir="$alldirs"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- $1="$flag"
- else
- dnl The -rpath options are cumulative.
- for dir in $rpathdirs; do
- acl_save_libdir="$libdir"
- libdir="$dir"
- eval flag=\"$acl_hardcode_libdir_flag_spec\"
- libdir="$acl_save_libdir"
- $1="${$1}${$1:+ }$flag"
- done
- fi
- fi
- fi
- fi
- fi
- AC_SUBST([$1])
-])
+++ /dev/null
-# lib-prefix.m4 serial 7 (gettext-0.18)
-dnl Copyright (C) 2001-2005, 2008-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-
-dnl From Bruno Haible.
-
-dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and
-dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't
-dnl require excessive bracketing.
-ifdef([AC_HELP_STRING],
-[AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])],
-[AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])])
-
-dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
-dnl to access previously installed libraries. The basic assumption is that
-dnl a user will want packages to use other packages he previously installed
-dnl with the same --prefix option.
-dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
-dnl libraries, but is otherwise very convenient.
-AC_DEFUN([AC_LIB_PREFIX],
-[
- AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
- AC_REQUIRE([AC_PROG_CC])
- AC_REQUIRE([AC_CANONICAL_HOST])
- AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
- AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
- dnl By default, look in $includedir and $libdir.
- use_additional=yes
- AC_LIB_WITH_FINAL_PREFIX([
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
- ])
- AC_LIB_ARG_WITH([lib-prefix],
-[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
- --without-lib-prefix don't search for libraries in includedir and libdir],
-[
- if test "X$withval" = "Xno"; then
- use_additional=no
- else
- if test "X$withval" = "X"; then
- AC_LIB_WITH_FINAL_PREFIX([
- eval additional_includedir=\"$includedir\"
- eval additional_libdir=\"$libdir\"
- ])
- else
- additional_includedir="$withval/include"
- additional_libdir="$withval/$acl_libdirstem"
- fi
- fi
-])
- if test $use_additional = yes; then
- dnl Potentially add $additional_includedir to $CPPFLAGS.
- dnl But don't add it
- dnl 1. if it's the standard /usr/include,
- dnl 2. if it's already present in $CPPFLAGS,
- dnl 3. if it's /usr/local/include and we are using GCC on Linux,
- dnl 4. if it doesn't exist as a directory.
- if test "X$additional_includedir" != "X/usr/include"; then
- haveit=
- for x in $CPPFLAGS; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-I$additional_includedir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test "X$additional_includedir" = "X/usr/local/include"; then
- if test -n "$GCC"; then
- case $host_os in
- linux* | gnu* | k*bsd*-gnu) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- if test -d "$additional_includedir"; then
- dnl Really add $additional_includedir to $CPPFLAGS.
- CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
- fi
- fi
- fi
- fi
- dnl Potentially add $additional_libdir to $LDFLAGS.
- dnl But don't add it
- dnl 1. if it's the standard /usr/lib,
- dnl 2. if it's already present in $LDFLAGS,
- dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
- dnl 4. if it doesn't exist as a directory.
- if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
- haveit=
- for x in $LDFLAGS; do
- AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
- if test "X$x" = "X-L$additional_libdir"; then
- haveit=yes
- break
- fi
- done
- if test -z "$haveit"; then
- if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
- if test -n "$GCC"; then
- case $host_os in
- linux*) haveit=yes;;
- esac
- fi
- fi
- if test -z "$haveit"; then
- if test -d "$additional_libdir"; then
- dnl Really add $additional_libdir to $LDFLAGS.
- LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
- fi
- fi
- fi
- fi
- fi
-])
-
-dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
-dnl acl_final_exec_prefix, containing the values to which $prefix and
-dnl $exec_prefix will expand at the end of the configure script.
-AC_DEFUN([AC_LIB_PREPARE_PREFIX],
-[
- dnl Unfortunately, prefix and exec_prefix get only finally determined
- dnl at the end of configure.
- if test "X$prefix" = "XNONE"; then
- acl_final_prefix="$ac_default_prefix"
- else
- acl_final_prefix="$prefix"
- fi
- if test "X$exec_prefix" = "XNONE"; then
- acl_final_exec_prefix='${prefix}'
- else
- acl_final_exec_prefix="$exec_prefix"
- fi
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
- prefix="$acl_save_prefix"
-])
-
-dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
-dnl variables prefix and exec_prefix bound to the values they will have
-dnl at the end of the configure script.
-AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
-[
- acl_save_prefix="$prefix"
- prefix="$acl_final_prefix"
- acl_save_exec_prefix="$exec_prefix"
- exec_prefix="$acl_final_exec_prefix"
- $1
- exec_prefix="$acl_save_exec_prefix"
- prefix="$acl_save_prefix"
-])
-
-dnl AC_LIB_PREPARE_MULTILIB creates
-dnl - a variable acl_libdirstem, containing the basename of the libdir, either
-dnl "lib" or "lib64" or "lib/64",
-dnl - a variable acl_libdirstem2, as a secondary possible value for
-dnl acl_libdirstem, either the same as acl_libdirstem or "lib/sparcv9" or
-dnl "lib/amd64".
-AC_DEFUN([AC_LIB_PREPARE_MULTILIB],
-[
- dnl There is no formal standard regarding lib and lib64.
- dnl On glibc systems, the current practice is that on a system supporting
- dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under
- dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. We determine
- dnl the compiler's default mode by looking at the compiler's library search
- dnl path. If at least one of its elements ends in /lib64 or points to a
- dnl directory whose absolute pathname ends in /lib64, we assume a 64-bit ABI.
- dnl Otherwise we use the default, namely "lib".
- dnl On Solaris systems, the current practice is that on a system supporting
- dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under
- dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or
- dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib.
- AC_REQUIRE([AC_CANONICAL_HOST])
- acl_libdirstem=lib
- acl_libdirstem2=
- case "$host_os" in
- solaris*)
- dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment
- dnl <http://docs.sun.com/app/docs/doc/816-5138/dev-env?l=en&a=view>.
- dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link."
- dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the
- dnl symlink is missing, so we set acl_libdirstem2 too.
- AC_CACHE_CHECK([for 64-bit host], [gl_cv_solaris_64bit],
- [AC_EGREP_CPP([sixtyfour bits], [
-#ifdef _LP64
-sixtyfour bits
-#endif
- ], [gl_cv_solaris_64bit=yes], [gl_cv_solaris_64bit=no])
- ])
- if test $gl_cv_solaris_64bit = yes; then
- acl_libdirstem=lib/64
- case "$host_cpu" in
- sparc*) acl_libdirstem2=lib/sparcv9 ;;
- i*86 | x86_64) acl_libdirstem2=lib/amd64 ;;
- esac
- fi
- ;;
- *)
- searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
- if test -n "$searchpath"; then
- acl_save_IFS="${IFS= }"; IFS=":"
- for searchdir in $searchpath; do
- if test -d "$searchdir"; then
- case "$searchdir" in
- */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
- */../ | */.. )
- # Better ignore directories of this form. They are misleading.
- ;;
- *) searchdir=`cd "$searchdir" && pwd`
- case "$searchdir" in
- */lib64 ) acl_libdirstem=lib64 ;;
- esac ;;
- esac
- fi
- done
- IFS="$acl_save_IFS"
- fi
- ;;
- esac
- test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem"
-])
+++ /dev/null
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-# Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
- [m4_default([$3],
- [m4_fatal([Libtool version $1 or higher is required],
- 63)])],
- [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
- *\ * | *\ *)
- AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
- distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- _LT_PATH_MAGIC
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
- [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
- [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
- [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
- [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
- [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME. Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
- [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
- [m4_ifval([$1], [$1], [$2])])
- lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
- m4_ifval([$4],
- [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
- lt_dict_add_subkey([lt_decl_dict], [$2],
- [tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
- [0], [m4_fatal([$0: too few arguments: $#])],
- [1], [m4_fatal([$0: too few arguments: $#: $1])],
- [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
- [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
- [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
- m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
- m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
- m4_if([$2], [],
- m4_quote(lt_decl_varnames),
- m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
- lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'. VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly. In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-# <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
- [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-# # Some comment about what VAR is for.
-# visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
- [description])))[]dnl
-m4_pushdef([_libtool_name],
- m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
- [0], [_libtool_name=[$]$1],
- [1], [_libtool_name=$lt_[]$1],
- [2], [_libtool_name=$lt_[]$1],
- [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
- m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
- [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
- [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'. Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
- dnl If the libtool generation code has been placed in $CONFIG_LT,
- dnl instead of duplicating it all over again into config.status,
- dnl then we will have config.status run $CONFIG_LT later, so it
- dnl needs to know what name is stored there:
- [AC_CONFIG_COMMANDS([libtool],
- [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
- dnl If the libtool generation code is destined for config.status,
- dnl expand the accumulated commands and init code now:
- [AC_CONFIG_COMMANDS([libtool],
- [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable. If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins. After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script. The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
- echo
- AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
- -h, --help print this help, then exit
- -V, --version print version number, then exit
- -q, --quiet do not print progress messages
- -d, --debug don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
- case $[1] in
- --version | --v* | -V )
- echo "$lt_cl_version"; exit 0 ;;
- --help | --h* | -h )
- echo "$lt_cl_help"; exit 0 ;;
- --debug | --d* | -d )
- debug=: ;;
- --quiet | --q* | --silent | --s* | -q )
- lt_cl_silent=: ;;
-
- -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
- *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
- esac
- shift
-done
-
-if $lt_cl_silent; then
- exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure. Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
- lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars. Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
- m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
- m4_if(_LT_TAG, [C], [
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
- _LT_PROG_LTMAIN
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-# autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
- [C], [_LT_LANG(C)],
- [C++], [_LT_LANG(CXX)],
- [Go], [_LT_LANG(GO)],
- [Java], [_LT_LANG(GCJ)],
- [Fortran 77], [_LT_LANG(F77)],
- [Fortran], [_LT_LANG(FC)],
- [Windows Resource], [_LT_LANG(RC)],
- [m4_ifdef([_LT_LANG_]$1[_CONFIG],
- [_LT_LANG($1)],
- [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
- [LT_SUPPORTED_TAG([$1])dnl
- m4_append([_LT_TAGS], [$1 ])dnl
- m4_define([_LT_LANG_]$1[_enabled], [])dnl
- _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into #
-# GNU Autoconf as AC_PROG_GO. When it is available in #
-# a released version of Autoconf we should remove this #
-# macro and use it instead. #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC], [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
- if test -n "$ac_tool_prefix"; then
- AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
- fi
-fi
-if test -z "$GOC"; then
- AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [LT_LANG(CXX)],
- [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
- [LT_LANG(F77)],
- [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
- [LT_LANG(FC)],
- [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
- [LT_LANG(GCJ)],
- [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
- [LT_LANG(GCJ)],
- [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
- [LT_LANG(GCJ)],
- [m4_ifdef([AC_PROG_GCJ],
- [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
- m4_ifdef([A][M_PROG_GCJ],
- [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
- m4_ifdef([LT_PROG_GCJ],
- [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
- [LT_LANG(GO)],
- [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
- [LT_LANG(RC)],
- [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
- case $host_os in
- rhapsody* | darwin*)
- AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
- AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
- AC_CHECK_TOOL([LIPO], [lipo], [:])
- AC_CHECK_TOOL([OTOOL], [otool], [:])
- AC_CHECK_TOOL([OTOOL64], [otool64], [:])
- _LT_DECL([], [DSYMUTIL], [1],
- [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
- _LT_DECL([], [NMEDIT], [1],
- [Tool to change global to local symbols on Mac OS X])
- _LT_DECL([], [LIPO], [1],
- [Tool to manipulate fat objects and archives on Mac OS X])
- _LT_DECL([], [OTOOL], [1],
- [ldd/readelf like tool for Mach-O binaries on Mac OS X])
- _LT_DECL([], [OTOOL64], [1],
- [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
- AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
- [lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&AS_MESSAGE_LOG_FD
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&AS_MESSAGE_LOG_FD
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi])
-
- AC_CACHE_CHECK([for -exported_symbols_list linker flag],
- [lt_cv_ld_exported_symbols_list],
- [lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
- [lt_cv_ld_exported_symbols_list=yes],
- [lt_cv_ld_exported_symbols_list=no])
- LDFLAGS=$save_LDFLAGS
- ])
-
- AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
- [lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
- echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
- $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&AS_MESSAGE_LOG_FD
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&AS_MESSAGE_LOG_FD
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
- ])
- case $host_os in
- rhapsody* | darwin1.[[012]])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[[012]][[,.]]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
- m4_require([_LT_REQUIRED_DARWIN_CHECKS])
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_automatic, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
- m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
- [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=''
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
- m4_if([$1], [CXX],
-[ if test yes != "$lt_cv_apple_cc_single_mod"; then
- _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
- fi
-],[])
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
- [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
- lt_aix_libpath_sed='[
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }]'
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi],[])
- if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
- fi
- ])
- aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO "$*"
-}
-
-case $ECHO in
- printf*) AC_MSG_RESULT([printf]) ;;
- print*) AC_MSG_RESULT([print -r]) ;;
- *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
- test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
- ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test "X`printf %s $ECHO`" = "X$ECHO" \
- || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
- [Search for dependent libraries within DIR (or the compiler's sysroot
- if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted. We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- AC_MSG_RESULT([$with_sysroot])
- AC_MSG_ERROR([The sysroot must be an absolute path.])
- ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
- [AS_HELP_STRING([--disable-libtool-lock],
- [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
- [AC_LANG_PUSH(C)
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
- AC_LANG_POP])
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
- [lt_cv_ar_at_file=no
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
- [echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
- AC_TRY_EVAL([lt_ar_try])
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- AC_TRY_EVAL([lt_ar_try])
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
- ])
- ])
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
- [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
- [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
- [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
- [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- fi
- $RM conftest*
-])
-
-if test yes = "[$]$2"; then
- m4_if([$5], , :, [$5])
-else
- m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-# [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $3"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&AS_MESSAGE_LOG_FD
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- else
- $2=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
- m4_if([$4], , :, [$4])
-else
- m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
- AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
- AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
- [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
- [$4]
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}]
-_LT_EOF
- if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) $1 ;;
- x$lt_dlneed_uscore) $2 ;;
- x$lt_dlunknown|x*) $3 ;;
- esac
- else :
- # compilation failed
- $3
- fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ])
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- AC_CHECK_FUNC([shl_load],
- [lt_cv_dlopen=shl_load],
- [AC_CHECK_LIB([dld], [shl_load],
- [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
- [AC_CHECK_FUNC([dlopen],
- [lt_cv_dlopen=dlopen],
- [AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
- [AC_CHECK_LIB([svld], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
- [AC_CHECK_LIB([dld], [dld_link],
- [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
- ])
- ])
- ])
- ])
- ])
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- AC_CACHE_CHECK([whether a program can dlopen itself],
- lt_cv_dlopen_self, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
- lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
- ])
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
- lt_cv_dlopen_self_static, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
- lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
- ])
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
- [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
- [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
- [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
- [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
- [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
- fi
- fi
- chmod u+w . 2>&AS_MESSAGE_LOG_FD
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
- [Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- AC_MSG_CHECKING([if we can lock with hard links])
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- AC_MSG_RESULT([$hard_links])
- if test no = "$hard_links"; then
- AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
- [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
- [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
- test -n "$_LT_TAGVAR(runpath_var, $1)" ||
- test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
- # We can hardcode non-existent directories.
- if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
- test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
- # Linking always hardcodes the temporary library directory.
- _LT_TAGVAR(hardcode_action, $1)=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- _LT_TAGVAR(hardcode_action, $1)=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
- test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
- [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
- ;;
- *)
- AC_MSG_RESULT([no])
- ;;
- esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
- [], [
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[[lt_foo]]++; }
- if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[[4-9]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[[01]] | aix4.[[01]].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a[(]lib.so.V[)]'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[[45]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[[23]].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[[01]]* | freebsdelf3.[[01]]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
- freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[[3-9]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
- [lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
- LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
- AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
- [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
- [lt_cv_shlibpath_overrides_runpath=yes])])
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
- ])
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
- [Variables whose values should be saved in libtool wrapper scripts and
- restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
- [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
- [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
- [[List of archive names. First name is the real one, the rest are links.
- The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
- [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
- [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
- [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
- [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
- [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
- [[As "finish_cmds", except a single script fragment to be evaled but
- not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
- [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
- [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
- [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
- [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] | ?:[\\/]*])
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word. This closes a longstanding sh security hole.
- ac_dummy="m4_if([$2], , $PATH, [$2])"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$1"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- AC_MSG_RESULT($MAGIC_CMD)
-else
- AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
- [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
- else
- MAGIC_CMD=:
- fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
- [AS_HELP_STRING([--with-gnu-ld],
- [assume the C compiler uses GNU ld @<:@default=no@:>@])],
- [test no = "$withval" || with_gnu_ld=yes],
- [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- AC_MSG_CHECKING([for ld used by $CC])
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [[\\/]]* | ?:[[\\/]]*)
- re_direlt='/[[^/]][[^/]]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- AC_MSG_CHECKING([for GNU ld])
-else
- AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- AC_MSG_RESULT($LD)
-else
- AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-# -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
- lt_cv_ld_reload_flag,
- [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
- [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-# -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[[45]]*)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[[3-9]]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
- [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
- [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
- [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
- [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
- AC_SUBST([DUMPBIN])
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
- [lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
- cat conftest.out >&AS_MESSAGE_LOG_FD
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-# -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
- [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
- [lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&AS_MESSAGE_LOG_FD
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
- test DEF = "`$SED -n dnl
- -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace
- -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments
- -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl
- -e q dnl Only consider the first "real" line
- $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
- # These system don't have libm, or don't need it
- ;;
-*-ncr-sysv4.3*)
- AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
- AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
- ;;
-*)
- AC_CHECK_LIB(m, cos, LIBM=-lm)
- ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
- esac
-
- _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
- lt_cv_prog_compiler_rtti_exceptions,
- [-fno-rtti -fno-exceptions], [],
- [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
- [Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[[BCDT]]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[[ABCDGISTW]]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[[ABCDEGRST]]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[[BCDEGRST]]'
- ;;
-osf*)
- symcode='[[BCDEGQRST]]'
- ;;
-solaris*)
- symcode='[[BDRT]]'
- ;;
-sco3.2v5*)
- symcode='[[DT]]'
- ;;
-sysv4.2uw2*)
- symcode='[[DT]]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[[ABDT]]'
- ;;
-sysv4)
- symcode='[[DFNSTU]]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK ['"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx]"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if AC_TRY_EVAL(ac_compile); then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT@&t@_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
- if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- AC_MSG_RESULT(failed)
-else
- AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
- [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
- [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
- [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
- [lt_cv_sys_global_symbol_to_c_name_address], [1],
- [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
- [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
- [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
- [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
- [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
- # C++ specific cases for pic, static, wl, etc.
- if test yes = "$GXX"; then
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
- mingw* | cygwin* | os2* | pw32* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- ;;
- *djgpp*)
- # DJGPP does not support shared libraries at all
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- ;;
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- _LT_TAGVAR(lt_prog_compiler_static, $1)=
- ;;
- interix[[3-9]]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
- fi
- ;;
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- else
- case $host_os in
- aix[[4-9]]*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- else
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
- chorus*)
- case $cc_basename in
- cxch68*)
- # Green Hills C++ Compiler
- # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
- ;;
- esac
- ;;
- mingw* | cygwin* | os2* | pw32* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- ;;
- dgux*)
- case $cc_basename in
- ec++*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- freebsd* | dragonfly*)
- # FreeBSD uses GNU C++
- ;;
- hpux9* | hpux10* | hpux11*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- if test ia64 != "$host_cpu"; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- fi
- ;;
- aCC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- ;;
- esac
- ;;
- *)
- ;;
- esac
- ;;
- interix*)
- # This is c89, which is MS Visual C++ (no shared libs)
- # Anyone wants to do a port?
- ;;
- irix5* | irix6* | nonstopux*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- # CC pic flag -KPIC is the default.
- ;;
- *)
- ;;
- esac
- ;;
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- KCC*)
- # KAI C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- ecpc* )
- # old Intel C++ for x86_64, which still supported -KPIC.
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- icpc* )
- # Intel C++, used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- cxx*)
- # Compaq C++
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
- # IBM XL 8.0, 9.0 on PPC and BlueGene
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- esac
- ;;
- esac
- ;;
- lynxos*)
- ;;
- m88k*)
- ;;
- mvs*)
- case $cc_basename in
- cxx*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
- ;;
- *)
- ;;
- esac
- ;;
- netbsd* | netbsdelf*-gnu)
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
- ;;
- RCC*)
- # Rational C++ 2.4.1
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- cxx*)
- # Digital/Compaq C++
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- *)
- ;;
- esac
- ;;
- psos*)
- ;;
- solaris*)
- case $cc_basename in
- CC* | sunCC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- gcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- ;;
- *)
- ;;
- esac
- ;;
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- lcc*)
- # Lucid
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- ;;
- *)
- ;;
- esac
- ;;
- vxworks*)
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
- esac
- fi
-],
-[
- if test yes = "$GCC"; then
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- _LT_TAGVAR(lt_prog_compiler_static, $1)=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- ;;
-
- interix[[3-9]]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
- fi
- ;;
-
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
- if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- else
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # PIC (with -KPIC) is the default.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- ccc*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # All Alpha code is PIC.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- ;;
- *Intel*\ [[CF]]*Compiler*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- *Portland\ Group*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # All OSF/1 code is PIC.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- rdos*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- solaris*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
- *)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
- esac
- ;;
-
- sunos4*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- unicos*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
-
- uts4*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- *)
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
- esac
- fi
-])
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
- ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
- _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
- [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
- [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
- "" | " "*) ;;
- *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
- esac],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
- [Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
- [How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
- _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
- $lt_tmp_static_flag,
- [],
- [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
- [Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
- case $host_os in
- aix[[4-9]]*)
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- ;;
- pw32*)
- _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
- ;;
- cygwin* | mingw* | cegcc*)
- case $cc_basename in
- cl*)
- _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- ;;
- *)
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
- ;;
- esac
- ;;
- linux* | k*bsd*-gnu | gnu*)
- _LT_TAGVAR(link_all_deplibs, $1)=no
- ;;
- *)
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
- esac
-], [
- runpath_var=
- _LT_TAGVAR(allow_undefined_flag, $1)=
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(archive_cmds, $1)=
- _LT_TAGVAR(archive_expsym_cmds, $1)=
- _LT_TAGVAR(compiler_needs_object, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(hardcode_automatic, $1)=no
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- _LT_TAGVAR(hardcode_minus_L, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- _LT_TAGVAR(inherit_rpath, $1)=no
- _LT_TAGVAR(link_all_deplibs, $1)=unknown
- _LT_TAGVAR(module_cmds, $1)=
- _LT_TAGVAR(module_expsym_cmds, $1)=
- _LT_TAGVAR(old_archive_from_new_cmds, $1)=
- _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
- _LT_TAGVAR(thread_safe_flag_spec, $1)=
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- _LT_TAGVAR(include_expsyms, $1)=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- _LT_TAGVAR(link_all_deplibs, $1)=no
- ;;
- esac
-
- _LT_TAGVAR(ld_shlibs, $1)=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
- *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[[3-9]]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)=''
- ;;
- m68k)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
- # as there is no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- interix[[3-9]]*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
-
- if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
- runpath_var=
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- fi
- ;;
-
- aix[[4-9]]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- _LT_TAGVAR(archive_cmds, $1)=''
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[[012]]|aix4.[[012]].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- _LT_TAGVAR(always_export_symbols, $1)=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
- _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)=''
- ;;
- m68k)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- ;;
-
- bsdi[[45]]*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
- _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- # FIXME: Should let the user specify the lib program.
- _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- _LT_DARWIN_LINKER_FEATURES($1)
- ;;
-
- dgux*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_direct, $1)=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- m4_if($1, [], [
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- _LT_LINKER_OPTION([if $CC understands -b],
- _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
- [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
- *)
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
- [lt_cv_irix_exported_symbol],
- [save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- AC_LINK_IFELSE(
- [AC_LANG_SOURCE(
- [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
- [C++], [[int foo (void) { return 0; }]],
- [Fortran 77], [[
- subroutine foo
- end]],
- [Fortran], [[
- subroutine foo
- end]])])],
- [lt_cv_irix_exported_symbol=yes],
- [lt_cv_irix_exported_symbol=no])
- LDFLAGS=$save_LDFLAGS])
- if test yes = "$lt_cv_irix_exported_symbol"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=no
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(inherit_rpath, $1)=yes
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- _LT_TAGVAR(ld_shlibs, $1)=yes
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- newsos6)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- fi
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- else
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- ;;
-
- solaris*)
- _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
- _LT_TAGVAR(hardcode_direct, $1)=no
- ;;
- motorola)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- sysv4.3*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- _LT_TAGVAR(ld_shlibs, $1)=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *)
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
- [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
- # Assume -lc should be added
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $_LT_TAGVAR(archive_cmds, $1) in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- AC_CACHE_CHECK([whether -lc should be explicitly linked in],
- [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
- [$RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
- pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
- _LT_TAGVAR(allow_undefined_flag, $1)=
- if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
- then
- lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
- else
- lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- fi
- _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- ])
- _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
- ;;
- esac
- fi
- ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
- [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
- [enable_shared_with_static_runtimes], [0],
- [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
- [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
- [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
- [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
- [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
- [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
- [Commands used to build a loadable module if different from building
- a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
- [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
- [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
- [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
- [Flag to hardcode $libdir into a binary during linking.
- This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
- [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
- [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
- DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
- [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
- DIR into the resulting binary and the resulting library dependency is
- "absolute", i.e impossible to change by setting $shlibpath_var if the
- library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
- [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
- into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
- [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
- into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
- [Set to "yes" if building a shared library automatically hardcodes DIR
- into the library and all subsequent libraries and executables linked
- against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
- [Set to yes if linker adds runtime paths of dependent libraries
- to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
- [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
- [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
- [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
- [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
- [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
- [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
- [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
- [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
- LT_SYS_DLOPEN_SELF
- _LT_CMD_STRIPLIB
-
- # Report what library types will actually be built
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
- ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
- (test g++ != "$CXX"))); then
- AC_PROG_CXXCPP
-else
- _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="int some_variable = 0;"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_CFLAGS=$CFLAGS
- lt_save_LD=$LD
- lt_save_GCC=$GCC
- GCC=$GXX
- lt_save_with_gnu_ld=$with_gnu_ld
- lt_save_path_LD=$lt_cv_path_LD
- if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
- lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
- else
- $as_unset lt_cv_prog_gnu_ld
- fi
- if test -n "${lt_cv_path_LDCXX+set}"; then
- lt_cv_path_LD=$lt_cv_path_LDCXX
- else
- $as_unset lt_cv_path_LD
- fi
- test -z "${LDCXX+set}" || LD=$LDCXX
- CC=${CXX-"c++"}
- CFLAGS=$CXXFLAGS
- compiler=$CC
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
-
- if test -n "$compiler"; then
- # We don't want -fno-exception when compiling C++ code, so set the
- # no_builtin_flag separately
- if test yes = "$GXX"; then
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
- else
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
- fi
-
- if test yes = "$GXX"; then
- # Set up default GNU C++ configuration
-
- LT_PATH_LD
-
- # Check if GNU C++ uses GNU ld as the underlying linker, since the
- # archiving commands below assume that GNU ld is being used.
- if test yes = "$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
- # If archive_cmds runs LD, not CC, wlarc should be empty
- # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
- # investigate it a little bit more. (MM)
- wlarc='$wl'
-
- # ancient GNU ld didn't support --whole-archive et. al.
- if eval "`$CC -print-prog-name=ld` --help 2>&1" |
- $GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- else
- with_gnu_ld=no
- wlarc=
-
- # A generic and very simple default shared library creation
- # command for GNU C++ for the case where it uses the native
- # linker, instead of GNU ld. If possible, this setting should
- # overridden to take advantage of the native linker features on
- # the platform it is being used on.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- fi
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
-
- else
- GXX=no
- with_gnu_ld=no
- wlarc=
- fi
-
- # PORTME: fill in a description of your system's C++ link characteristics
- AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
- _LT_TAGVAR(ld_shlibs, $1)=yes
- case $host_os in
- aix3*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aix[[4-9]]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
- for ld_flag in $LDFLAGS; do
- case $ld_flag in
- *-brtl*)
- aix_use_runtimelinking=yes
- break
- ;;
- esac
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- _LT_TAGVAR(archive_cmds, $1)=''
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- ;;
- esac
-
- if test yes = "$GXX"; then
- case $host_os in aix4.[[012]]|aix4.[[012]].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- fi
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag=$shared_flag' $wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to
- # export.
- _LT_TAGVAR(always_export_symbols, $1)=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- # The "-G" linker flag allows undefined symbols.
- _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
- # Determine the default libpath from the value encoded in an empty
- # executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
- _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared
- # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- chorus*)
- case $cc_basename in
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- case $GXX,$cc_basename in
- ,cl* | no,cl*)
- # Native MSVC
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- # Don't use ranlib
- _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
- _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- func_to_tool_file "$lt_outputfile"~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # g++
- # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
- # as there is no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
- darwin* | rhapsody*)
- _LT_DARWIN_LINKER_FEATURES($1)
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- dgux*)
- case $cc_basename in
- ec++*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- freebsd2.*)
- # C++ shared libraries reported to be fairly broken before
- # switch to ELF
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- freebsd-elf*)
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- ;;
-
- freebsd* | dragonfly*)
- # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
- # conventions
- _LT_TAGVAR(ld_shlibs, $1)=yes
- ;;
-
- haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- hpux9*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
- # but as the default
- # location of the library.
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aCC*)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes = "$GXX"; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- hpux10*|hpux11*)
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- ;;
- *)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- ;;
- esac
- fi
- case $host_cpu in
- hppa*64*|ia64*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
- *)
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
- # but as the default
- # location of the library.
- ;;
- esac
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aCC*)
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes = "$GXX"; then
- if test no = "$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- fi
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- interix[[3-9]]*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
- irix5* | irix6*)
- case $cc_basename in
- CC*)
- # SGI C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
- # Archives containing C++ object files must be created using
- # "CC -ar", where "CC" is the IRIX C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
- ;;
- *)
- if test yes = "$GXX"; then
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
- fi
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
- esac
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(inherit_rpath, $1)=yes
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
- # Archives containing C++ object files must be created using
- # "CC -Bstatic", where "CC" is the KAI C++ compiler.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
- ;;
- icpc* | ecpc* )
- # Intel C++
- with_gnu_ld=yes
- # version 8.0 and above of icpc choke on multiply defined symbols
- # if we add $predep_objects and $postdep_objects, however 7.1 and
- # earlier do not add the objects themselves.
- case `$CC -V 2>&1` in
- *"Version 7."*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- *) # Version 8.0 or newer
- tmp_idyn=
- case $host_cpu in
- ia64*) tmp_idyn=' -i_dynamic';;
- esac
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- esac
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- case `$CC -V` in
- *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
- _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
- compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
- _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
- $RANLIB $oldlib'
- _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- *) # Version 6 and above use weak symbols
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- ;;
- cxx*)
- # Compaq C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
- runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
- ;;
- xl* | mpixl* | bgxl*)
- # IBM XL 8.0 on PPC, with GNU ld
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
-
- # Not sure whether something based on
- # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
- # would be better.
- output_verbose_link_cmd='func_echo_all'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
- ;;
- esac
- ;;
- esac
- ;;
-
- lynxos*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- m88k*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- mvs*)
- case $cc_basename in
- cxx*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
- wlarc=
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- fi
- # Workaround some broken pre-1.5 toolchains
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
- ;;
-
- *nto* | *qnx*)
- _LT_TAGVAR(ld_shlibs, $1)=yes
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- fi
- output_verbose_link_cmd=func_echo_all
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Archives containing C++ object files must be created using
- # the KAI C++ compiler.
- case $host in
- osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
- *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
- esac
- ;;
- RCC*)
- # Rational C++ 2.4.1
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- cxx*)
- case $host in
- osf3*)
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- ;;
- *)
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
- echo "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
- $RM $lib.exp'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes,no = "$GXX,$with_gnu_ld"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- case $host in
- osf3*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
-
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- psos*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- lcc*)
- # Lucid
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- solaris*)
- case $cc_basename in
- CC* | sunCC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
- _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
- ;;
- esac
- _LT_TAGVAR(link_all_deplibs, $1)=yes
-
- output_verbose_link_cmd='func_echo_all'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
- ;;
- gcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
- # The C++ compiler must be used to create the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
- ;;
- *)
- # GNU C++ compiler with Solaris linker
- if test yes,no = "$GXX,$with_gnu_ld"; then
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
- if $CC --version | $GREP -v '^2\.7' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
- else
- # g++ 2.7 appears to require '-G' NOT '-shared' on this
- # platform.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
- fi
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- ;;
- esac
- fi
- ;;
- esac
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
- '"$_LT_TAGVAR(old_archive_cmds, $1)"
- _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
- '"$_LT_TAGVAR(reload_cmds, $1)"
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- vxworks*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
-
- AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
- test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
- _LT_TAGVAR(GCC, $1)=$GXX
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_SYS_HIDDEN_LIBDEPS($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
- LDCXX=$LD
- LD=$lt_save_LD
- GCC=$lt_save_GCC
- with_gnu_ld=$lt_save_with_gnu_ld
- lt_cv_path_LDCXX=$lt_cv_path_LD
- lt_cv_path_LD=$lt_save_path_LD
- lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
- lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
- case @S|@2 in
- .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
- *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
- esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library. It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
- Foo (void) { a = 0; }
-private:
- int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
- subroutine foo
- implicit none
- integer*4 a
- a=0
- return
- end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
- subroutine foo
- implicit none
- integer a
- a=0
- return
- end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
- private int a;
- public void bar (void) {
- a = 0;
- }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
- # Parse the compiler output and extract the necessary
- # objects, libraries and library flags.
-
- # Sentinel used to keep track of whether or not we are before
- # the conftest object file.
- pre_test_object_deps_done=no
-
- for p in `eval "$output_verbose_link_cmd"`; do
- case $prev$p in
-
- -L* | -R* | -l*)
- # Some compilers place space between "-{L,R}" and the path.
- # Remove the space.
- if test x-L = "$p" ||
- test x-R = "$p"; then
- prev=$p
- continue
- fi
-
- # Expand the sysroot to ease extracting the directories later.
- if test -z "$prev"; then
- case $p in
- -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
- -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
- -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
- esac
- fi
- case $p in
- =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
- esac
- if test no = "$pre_test_object_deps_done"; then
- case $prev in
- -L | -R)
- # Internal compiler library paths should come after those
- # provided the user. The postdeps already come after the
- # user supplied libs so there is no need to process them.
- if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
- _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
- else
- _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
- fi
- ;;
- # The "-l" case would never come before the object being
- # linked, so don't bother handling this case.
- esac
- else
- if test -z "$_LT_TAGVAR(postdeps, $1)"; then
- _LT_TAGVAR(postdeps, $1)=$prev$p
- else
- _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
- fi
- fi
- prev=
- ;;
-
- *.lto.$objext) ;; # Ignore GCC LTO objects
- *.$objext)
- # This assumes that the test object file only shows up
- # once in the compiler output.
- if test "$p" = "conftest.$objext"; then
- pre_test_object_deps_done=yes
- continue
- fi
-
- if test no = "$pre_test_object_deps_done"; then
- if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
- _LT_TAGVAR(predep_objects, $1)=$p
- else
- _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
- fi
- else
- if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
- _LT_TAGVAR(postdep_objects, $1)=$p
- else
- _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
- fi
- fi
- ;;
-
- *) ;; # Ignore the rest.
-
- esac
- done
-
- # Clean up.
- rm -f a.out a.exe
-else
- echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
- # Interix 3.5 installs completely hosed .la files for C++, so rather than
- # hack all around it, let's just trust "g++" to DTRT.
- _LT_TAGVAR(predep_objects,$1)=
- _LT_TAGVAR(postdep_objects,$1)=
- _LT_TAGVAR(postdeps,$1)=
- ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
- [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
- [Dependencies to place before and after the objects being linked to
- create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
- [The library search path used internally by the compiler when linking
- a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
- _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="\
- subroutine t
- return
- end
-"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code="\
- program t
- end
-"
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_GCC=$GCC
- lt_save_CFLAGS=$CFLAGS
- CC=${F77-"f77"}
- CFLAGS=$FFLAGS
- compiler=$CC
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
- GCC=$G77
- if test -n "$compiler"; then
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_TAGVAR(GCC, $1)=$G77
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- GCC=$lt_save_GCC
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
- _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="\
- subroutine t
- return
- end
-"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code="\
- program t
- end
-"
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_GCC=$GCC
- lt_save_CFLAGS=$CFLAGS
- CC=${FC-"f95"}
- CFLAGS=$FCFLAGS
- compiler=$CC
- GCC=$ac_cv_fc_compiler_gnu
-
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
-
- if test -n "$compiler"; then
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_SYS_HIDDEN_LIBDEPS($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- GCC=$lt_save_GCC
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
- :
- _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
- [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
- [AC_CHECK_TOOL(GCJ, gcj,)
- test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
- AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible. Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
- [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into #
-# GNU Autoconf as AC_PROG_SED. When it is available in #
-# a released version of Autoconf we should remove this #
-# macro and use it instead. #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for lt_ac_prog in sed gsed; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
- lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
- fi
- done
- done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
- test ! -f "$lt_ac_sed" && continue
- cat /dev/null > conftest.in
- lt_ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >conftest.in
- # Check for GNU sed and select it if it is found.
- if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
- lt_cv_path_SED=$lt_ac_sed
- break
- fi
- while true; do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo >>conftest.nl
- $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
- cmp -s conftest.out conftest.nl || break
- # 10000 chars as input seems more than enough
- test 10 -lt "$lt_ac_count" && break
- lt_ac_count=`expr $lt_ac_count + 1`
- if test "$lt_ac_count" -gt "$lt_ac_max"; then
- lt_ac_max=$lt_ac_count
- lt_cv_path_SED=$lt_ac_sed
- fi
- done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path). These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
- [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
- [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
+++ /dev/null
-# Helper functions for option handling. -*- Autoconf -*-
-#
-# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it. Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
- _LT_MANGLE_DEFUN([$1], [$2]),
- [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
- [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
- [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME. If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
- [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
- dnl
- dnl Simply set some default values (i.e off) if boolean options were not
- dnl specified:
- _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
- ])
- _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
- ])
- dnl
- dnl If no reference was made to various pairs of opposing options, then
- dnl we run the default mode handler for the pair. For example, if neither
- dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
- dnl archives by default:
- _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
- _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
- _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
- _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
- [_LT_ENABLE_FAST_INSTALL])
- _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
- [_LT_WITH_AIX_SONAME([aix])])
- ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
- AC_CHECK_TOOL(AS, as, false)
- AC_CHECK_TOOL(DLLTOOL, dlltool, false)
- AC_CHECK_TOOL(OBJDUMP, objdump, false)
- ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS], [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
- [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
- [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
- _LT_DECL([build_libtool_libs], [enable_shared], [0],
- [Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
- [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
- [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
- _LT_DECL([build_old_libs], [enable_static], [0],
- [Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
- [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
- [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
- [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
- AC_MSG_CHECKING([which variant of shared library versioning to provide])
- AC_ARG_WITH([aix-soname],
- [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
- [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
- [case $withval in
- aix|svr4|both)
- ;;
- *)
- AC_MSG_ERROR([Unknown argument to --with-aix-soname])
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname],
- [AC_CACHE_VAL([lt_cv_with_aix_soname],
- [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
- with_aix_soname=$lt_cv_with_aix_soname])
- AC_MSG_RESULT([$with_aix_soname])
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
- [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
- [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
- [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
- [lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
- [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
- [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
- [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
- [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
- [m4_define([_LTDL_TYPE], [convenience])])
+++ /dev/null
-# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
- [$#], [2], [[$2]],
- [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
- [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
- [$#], 1, [],
- [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
- m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
- [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
- [m4_foreach([_Lt_suffix],
- ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
- [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
- [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
- [lt_append([$1], [$2], [$3])$4],
- [$5])],
- [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
- m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
- m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
- [$5],
- [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
- [lt_join(m4_quote(m4_default([$4], [[, ]])),
- lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
- [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
+++ /dev/null
-# ltversion.m4 -- version numbers -*- Autoconf -*-
-#
-# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-# Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
+++ /dev/null
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else. This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
+++ /dev/null
-# nls.m4 serial 5 (gettext-0.18)
-dnl Copyright (C) 1995-2003, 2005-2006, 2008-2013 Free Software Foundation,
-dnl Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-dnl
-dnl This file can can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
-dnl License but which still want to provide support for the GNU gettext
-dnl functionality.
-dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
-dnl They are *not* in the public domain.
-
-dnl Authors:
-dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
-dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
-
-AC_PREREQ([2.50])
-
-AC_DEFUN([AM_NLS],
-[
- AC_MSG_CHECKING([whether NLS is requested])
- dnl Default is enabled NLS
- AC_ARG_ENABLE([nls],
- [ --disable-nls do not use Native Language Support],
- USE_NLS=$enableval, USE_NLS=yes)
- AC_MSG_RESULT([$USE_NLS])
- AC_SUBST([USE_NLS])
-])
+++ /dev/null
-# po.m4 serial 21 (gettext-0.18.3)
-dnl Copyright (C) 1995-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-dnl
-dnl This file can can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
-dnl License but which still want to provide support for the GNU gettext
-dnl functionality.
-dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
-dnl They are *not* in the public domain.
-
-dnl Authors:
-dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
-dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
-
-AC_PREREQ([2.60])
-
-dnl Checks for all prerequisites of the po subdirectory.
-AC_DEFUN([AM_PO_SUBDIRS],
-[
- AC_REQUIRE([AC_PROG_MAKE_SET])dnl
- AC_REQUIRE([AC_PROG_INSTALL])dnl
- AC_REQUIRE([AC_PROG_MKDIR_P])dnl
- AC_REQUIRE([AC_PROG_SED])dnl
- AC_REQUIRE([AM_NLS])dnl
-
- dnl Release version of the gettext macros. This is used to ensure that
- dnl the gettext macros and po/Makefile.in.in are in sync.
- AC_SUBST([GETTEXT_MACRO_VERSION], [0.18])
-
- dnl Perform the following tests also if --disable-nls has been given,
- dnl because they are needed for "make dist" to work.
-
- dnl Search for GNU msgfmt in the PATH.
- dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions.
- dnl The second test excludes FreeBSD msgfmt.
- AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
- [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
- (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
- :)
- AC_PATH_PROG([GMSGFMT], [gmsgfmt], [$MSGFMT])
-
- dnl Test whether it is GNU msgfmt >= 0.15.
-changequote(,)dnl
- case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
- *) MSGFMT_015=$MSGFMT ;;
- esac
-changequote([,])dnl
- AC_SUBST([MSGFMT_015])
-changequote(,)dnl
- case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
- *) GMSGFMT_015=$GMSGFMT ;;
- esac
-changequote([,])dnl
- AC_SUBST([GMSGFMT_015])
-
- dnl Search for GNU xgettext 0.12 or newer in the PATH.
- dnl The first test excludes Solaris xgettext and early GNU xgettext versions.
- dnl The second test excludes FreeBSD xgettext.
- AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
- [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
- (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
- :)
- dnl Remove leftover from FreeBSD xgettext call.
- rm -f messages.po
-
- dnl Test whether it is GNU xgettext >= 0.15.
-changequote(,)dnl
- case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
- *) XGETTEXT_015=$XGETTEXT ;;
- esac
-changequote([,])dnl
- AC_SUBST([XGETTEXT_015])
-
- dnl Search for GNU msgmerge 0.11 or newer in the PATH.
- AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge,
- [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :)
-
- dnl Installation directories.
- dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we
- dnl have to define it here, so that it can be used in po/Makefile.
- test -n "$localedir" || localedir='${datadir}/locale'
- AC_SUBST([localedir])
-
- dnl Support for AM_XGETTEXT_OPTION.
- test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
- AC_SUBST([XGETTEXT_EXTRA_OPTIONS])
-
- AC_CONFIG_COMMANDS([po-directories], [[
- for ac_file in $CONFIG_FILES; do
- # Support "outfile[:infile[:infile...]]"
- case "$ac_file" in
- *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
- esac
- # PO directories have a Makefile.in generated from Makefile.in.in.
- case "$ac_file" in */Makefile.in)
- # Adjust a relative srcdir.
- ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
- ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'`
- ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
- # In autoconf-2.13 it is called $ac_given_srcdir.
- # In autoconf-2.50 it is called $srcdir.
- test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
- case "$ac_given_srcdir" in
- .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
- /*) top_srcdir="$ac_given_srcdir" ;;
- *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
- esac
- # Treat a directory as a PO directory if and only if it has a
- # POTFILES.in file. This allows packages to have multiple PO
- # directories under different names or in different locations.
- if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
- rm -f "$ac_dir/POTFILES"
- test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
- gt_tab=`printf '\t'`
- cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
- POMAKEFILEDEPS="POTFILES.in"
- # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
- # on $ac_dir but don't depend on user-specified configuration
- # parameters.
- if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
- # The LINGUAS file contains the set of available languages.
- if test -n "$OBSOLETE_ALL_LINGUAS"; then
- test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
- fi
- ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
- # Hide the ALL_LINGUAS assignment from automake < 1.5.
- eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
- POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
- else
- # The set of available languages was given in configure.in.
- # Hide the ALL_LINGUAS assignment from automake < 1.5.
- eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
- fi
- # Compute POFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
- # Compute UPDATEPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
- # Compute DUMMYPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
- # Compute GMOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
- case "$ac_given_srcdir" in
- .) srcdirpre= ;;
- *) srcdirpre='$(srcdir)/' ;;
- esac
- POFILES=
- UPDATEPOFILES=
- DUMMYPOFILES=
- GMOFILES=
- for lang in $ALL_LINGUAS; do
- POFILES="$POFILES $srcdirpre$lang.po"
- UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
- DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
- GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
- done
- # CATALOGS depends on both $ac_dir and the user's LINGUAS
- # environment variable.
- INST_LINGUAS=
- if test -n "$ALL_LINGUAS"; then
- for presentlang in $ALL_LINGUAS; do
- useit=no
- if test "%UNSET%" != "$LINGUAS"; then
- desiredlanguages="$LINGUAS"
- else
- desiredlanguages="$ALL_LINGUAS"
- fi
- for desiredlang in $desiredlanguages; do
- # Use the presentlang catalog if desiredlang is
- # a. equal to presentlang, or
- # b. a variant of presentlang (because in this case,
- # presentlang can be used as a fallback for messages
- # which are not translated in the desiredlang catalog).
- case "$desiredlang" in
- "$presentlang"*) useit=yes;;
- esac
- done
- if test $useit = yes; then
- INST_LINGUAS="$INST_LINGUAS $presentlang"
- fi
- done
- fi
- CATALOGS=
- if test -n "$INST_LINGUAS"; then
- for lang in $INST_LINGUAS; do
- CATALOGS="$CATALOGS $lang.gmo"
- done
- fi
- test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
- sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
- for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
- if test -f "$f"; then
- case "$f" in
- *.orig | *.bak | *~) ;;
- *) cat "$f" >> "$ac_dir/Makefile" ;;
- esac
- fi
- done
- fi
- ;;
- esac
- done]],
- [# Capture the value of obsolete ALL_LINGUAS because we need it to compute
- # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
- # from automake < 1.5.
- eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
- # Capture the value of LINGUAS because we need it to compute CATALOGS.
- LINGUAS="${LINGUAS-%UNSET%}"
- ])
-])
-
-dnl Postprocesses a Makefile in a directory containing PO files.
-AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE],
-[
- # When this code is run, in config.status, two variables have already been
- # set:
- # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in,
- # - LINGUAS is the value of the environment variable LINGUAS at configure
- # time.
-
-changequote(,)dnl
- # Adjust a relative srcdir.
- ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
- ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'`
- ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
- # In autoconf-2.13 it is called $ac_given_srcdir.
- # In autoconf-2.50 it is called $srcdir.
- test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
- case "$ac_given_srcdir" in
- .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
- /*) top_srcdir="$ac_given_srcdir" ;;
- *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
- esac
-
- # Find a way to echo strings without interpreting backslash.
- if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then
- gt_echo='echo'
- else
- if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then
- gt_echo='printf %s\n'
- else
- echo_func () {
- cat <<EOT
-$*
-EOT
- }
- gt_echo='echo_func'
- fi
- fi
-
- # A sed script that extracts the value of VARIABLE from a Makefile.
- tab=`printf '\t'`
- sed_x_variable='
-# Test if the hold space is empty.
-x
-s/P/P/
-x
-ta
-# Yes it was empty. Look if we have the expected variable definition.
-/^['"${tab}"' ]*VARIABLE['"${tab}"' ]*=/{
- # Seen the first line of the variable definition.
- s/^['"${tab}"' ]*VARIABLE['"${tab}"' ]*=//
- ba
-}
-bd
-:a
-# Here we are processing a line from the variable definition.
-# Remove comment, more precisely replace it with a space.
-s/#.*$/ /
-# See if the line ends in a backslash.
-tb
-:b
-s/\\$//
-# Print the line, without the trailing backslash.
-p
-tc
-# There was no trailing backslash. The end of the variable definition is
-# reached. Clear the hold space.
-s/^.*$//
-x
-bd
-:c
-# A trailing backslash means that the variable definition continues in the
-# next line. Put a nonempty string into the hold space to indicate this.
-s/^.*$/P/
-x
-:d
-'
-changequote([,])dnl
-
- # Set POTFILES to the value of the Makefile variable POTFILES.
- sed_x_POTFILES=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/POTFILES/g'`
- POTFILES=`sed -n -e "$sed_x_POTFILES" < "$ac_file"`
- # Compute POTFILES_DEPS as
- # $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
- POTFILES_DEPS=
- for file in $POTFILES; do
- POTFILES_DEPS="$POTFILES_DEPS "'$(top_srcdir)/'"$file"
- done
- POMAKEFILEDEPS=""
-
- if test -n "$OBSOLETE_ALL_LINGUAS"; then
- test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
- fi
- if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
- # The LINGUAS file contains the set of available languages.
- ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
- POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
- else
- # Set ALL_LINGUAS to the value of the Makefile variable LINGUAS.
- sed_x_LINGUAS=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'`
- ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"`
- fi
- # Hide the ALL_LINGUAS assignment from automake < 1.5.
- eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
- # Compute POFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
- # Compute UPDATEPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
- # Compute DUMMYPOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
- # Compute GMOFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
- # Compute PROPERTIESFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).properties)
- # Compute CLASSFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).class)
- # Compute QMFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).qm)
- # Compute MSGFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang)).msg)
- # Compute RESOURCESDLLFILES
- # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang))/$(DOMAIN).resources.dll)
- case "$ac_given_srcdir" in
- .) srcdirpre= ;;
- *) srcdirpre='$(srcdir)/' ;;
- esac
- POFILES=
- UPDATEPOFILES=
- DUMMYPOFILES=
- GMOFILES=
- PROPERTIESFILES=
- CLASSFILES=
- QMFILES=
- MSGFILES=
- RESOURCESDLLFILES=
- for lang in $ALL_LINGUAS; do
- POFILES="$POFILES $srcdirpre$lang.po"
- UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
- DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
- GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
- PROPERTIESFILES="$PROPERTIESFILES \$(top_srcdir)/\$(DOMAIN)_$lang.properties"
- CLASSFILES="$CLASSFILES \$(top_srcdir)/\$(DOMAIN)_$lang.class"
- QMFILES="$QMFILES $srcdirpre$lang.qm"
- frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
- MSGFILES="$MSGFILES $srcdirpre$frobbedlang.msg"
- frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
- RESOURCESDLLFILES="$RESOURCESDLLFILES $srcdirpre$frobbedlang/\$(DOMAIN).resources.dll"
- done
- # CATALOGS depends on both $ac_dir and the user's LINGUAS
- # environment variable.
- INST_LINGUAS=
- if test -n "$ALL_LINGUAS"; then
- for presentlang in $ALL_LINGUAS; do
- useit=no
- if test "%UNSET%" != "$LINGUAS"; then
- desiredlanguages="$LINGUAS"
- else
- desiredlanguages="$ALL_LINGUAS"
- fi
- for desiredlang in $desiredlanguages; do
- # Use the presentlang catalog if desiredlang is
- # a. equal to presentlang, or
- # b. a variant of presentlang (because in this case,
- # presentlang can be used as a fallback for messages
- # which are not translated in the desiredlang catalog).
- case "$desiredlang" in
- "$presentlang"*) useit=yes;;
- esac
- done
- if test $useit = yes; then
- INST_LINGUAS="$INST_LINGUAS $presentlang"
- fi
- done
- fi
- CATALOGS=
- JAVACATALOGS=
- QTCATALOGS=
- TCLCATALOGS=
- CSHARPCATALOGS=
- if test -n "$INST_LINGUAS"; then
- for lang in $INST_LINGUAS; do
- CATALOGS="$CATALOGS $lang.gmo"
- JAVACATALOGS="$JAVACATALOGS \$(DOMAIN)_$lang.properties"
- QTCATALOGS="$QTCATALOGS $lang.qm"
- frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
- TCLCATALOGS="$TCLCATALOGS $frobbedlang.msg"
- frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
- CSHARPCATALOGS="$CSHARPCATALOGS $frobbedlang/\$(DOMAIN).resources.dll"
- done
- fi
-
- sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp"
- tab=`printf '\t'`
- if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then
- # Add dependencies that cannot be formulated as a simple suffix rule.
- for lang in $ALL_LINGUAS; do
- frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
- cat >> "$ac_file.tmp" <<EOF
-$frobbedlang.msg: $lang.po
-${tab}@echo "\$(MSGFMT) -c --tcl -d \$(srcdir) -l $lang $srcdirpre$lang.po"; \
-${tab}\$(MSGFMT) -c --tcl -d "\$(srcdir)" -l $lang $srcdirpre$lang.po || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
-EOF
- done
- fi
- if grep -l '@CSHARPCATALOGS@' "$ac_file" > /dev/null; then
- # Add dependencies that cannot be formulated as a simple suffix rule.
- for lang in $ALL_LINGUAS; do
- frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
- cat >> "$ac_file.tmp" <<EOF
-$frobbedlang/\$(DOMAIN).resources.dll: $lang.po
-${tab}@echo "\$(MSGFMT) -c --csharp -d \$(srcdir) -l $lang $srcdirpre$lang.po -r \$(DOMAIN)"; \
-${tab}\$(MSGFMT) -c --csharp -d "\$(srcdir)" -l $lang $srcdirpre$lang.po -r "\$(DOMAIN)" || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
-EOF
- done
- fi
- if test -n "$POMAKEFILEDEPS"; then
- cat >> "$ac_file.tmp" <<EOF
-Makefile: $POMAKEFILEDEPS
-EOF
- fi
- mv "$ac_file.tmp" "$ac_file"
-])
-
-dnl Initializes the accumulator used by AM_XGETTEXT_OPTION.
-AC_DEFUN([AM_XGETTEXT_OPTION_INIT],
-[
- XGETTEXT_EXTRA_OPTIONS=
-])
-
-dnl Registers an option to be passed to xgettext in the po subdirectory.
-AC_DEFUN([AM_XGETTEXT_OPTION],
-[
- AC_REQUIRE([AM_XGETTEXT_OPTION_INIT])
- XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS $1"
-])
+++ /dev/null
-# progtest.m4 serial 7 (gettext-0.18.2)
-dnl Copyright (C) 1996-2003, 2005, 2008-2013 Free Software Foundation, Inc.
-dnl This file is free software; the Free Software Foundation
-dnl gives unlimited permission to copy and/or distribute it,
-dnl with or without modifications, as long as this notice is preserved.
-dnl
-dnl This file can can be used in projects which are not available under
-dnl the GNU General Public License or the GNU Library General Public
-dnl License but which still want to provide support for the GNU gettext
-dnl functionality.
-dnl Please note that the actual code of the GNU gettext library is covered
-dnl by the GNU Library General Public License, and the rest of the GNU
-dnl gettext package package is covered by the GNU General Public License.
-dnl They are *not* in the public domain.
-
-dnl Authors:
-dnl Ulrich Drepper <drepper@cygnus.com>, 1996.
-
-AC_PREREQ([2.50])
-
-# Search path for a program which passes the given test.
-
-dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR,
-dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]])
-AC_DEFUN([AM_PATH_PROG_WITH_TEST],
-[
-# Prepare PATH_SEPARATOR.
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
- # contains only /bin. Note that ksh looks also at the FPATH variable,
- # so we have to set that as well for the test.
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
- || PATH_SEPARATOR=';'
- }
-fi
-
-# Find out how to test for executable files. Don't use a zero-byte file,
-# as systems may use methods other than mode bits to determine executability.
-cat >conf$$.file <<_ASEOF
-#! /bin/sh
-exit 0
-_ASEOF
-chmod +x conf$$.file
-if test -x conf$$.file >/dev/null 2>&1; then
- ac_executable_p="test -x"
-else
- ac_executable_p="test -f"
-fi
-rm -f conf$$.file
-
-# Extract the first word of "$2", so it can be a program name with args.
-set dummy $2; ac_word=[$]2
-AC_MSG_CHECKING([for $ac_word])
-AC_CACHE_VAL([ac_cv_path_$1],
-[case "[$]$1" in
- [[\\/]]* | ?:[[\\/]]*)
- ac_cv_path_$1="[$]$1" # Let the user override the test with a path.
- ;;
- *)
- ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
- for ac_dir in ifelse([$5], , $PATH, [$5]); do
- IFS="$ac_save_IFS"
- test -z "$ac_dir" && ac_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
- echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD
- if [$3]; then
- ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext"
- break 2
- fi
- fi
- done
- done
- IFS="$ac_save_IFS"
-dnl If no 4th arg is given, leave the cache variable unset,
-dnl so AC_PATH_PROGS will keep looking.
-ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4"
-])dnl
- ;;
-esac])dnl
-$1="$ac_cv_path_$1"
-if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then
- AC_MSG_RESULT([$][$1])
-else
- AC_MSG_RESULT([no])
-fi
-AC_SUBST([$1])dnl
-])
-EXTRA_DIST += man/cryptsetup.8 man/integritysetup.8 man/veritysetup.8 man/cryptsetup-reencrypt.8
+ADOCFILES_COMMON = \
+ man/common_options.adoc \
+ man/common_footer.adoc
-man8_MANS += man/cryptsetup.8
+ADOCFILES = $(ADOCFILES_COMMON) \
+ man/cryptsetup.8.adoc \
+ man/cryptsetup-open.8.adoc \
+ man/cryptsetup-close.8.adoc \
+ man/cryptsetup-reencrypt.8.adoc \
+ man/cryptsetup-status.8.adoc \
+ man/cryptsetup-resize.8.adoc \
+ man/cryptsetup-refresh.8.adoc \
+ man/cryptsetup-luksFormat.8.adoc \
+ man/cryptsetup-luksSuspend.8.adoc \
+ man/cryptsetup-luksResume.8.adoc \
+ man/cryptsetup-luksAddKey.8.adoc \
+ man/cryptsetup-luksRemoveKey.8.adoc \
+ man/cryptsetup-luksConvertKey.8.adoc \
+ man/cryptsetup-luksKillSlot.8.adoc \
+ man/cryptsetup-luksChangeKey.8.adoc \
+ man/cryptsetup-erase.8.adoc \
+ man/cryptsetup-luksUUID.8.adoc \
+ man/cryptsetup-isLuks.8.adoc \
+ man/cryptsetup-luksDump.8.adoc \
+ man/cryptsetup-luksHeaderBackup.8.adoc \
+ man/cryptsetup-luksHeaderRestore.8.adoc \
+ man/cryptsetup-token.8.adoc \
+ man/cryptsetup-convert.8.adoc \
+ man/cryptsetup-config.8.adoc \
+ man/cryptsetup-tcryptDump.8.adoc \
+ man/cryptsetup-bitlkDump.8.adoc \
+ man/cryptsetup-fvault2Dump.8.adoc \
+ man/cryptsetup-repair.8.adoc \
+ man/cryptsetup-benchmark.8.adoc \
+ man/cryptsetup-ssh.8.adoc \
+ man/veritysetup.8.adoc \
+ man/integritysetup.8.adoc
+dist_noinst_DATA += $(ADOCFILES)
+
+CRYPTSETUP_MANPAGES = \
+ man/cryptsetup.8 \
+ man/cryptsetup-open.8 \
+ man/cryptsetup-close.8 \
+ man/cryptsetup-reencrypt.8 \
+ man/cryptsetup-status.8 \
+ man/cryptsetup-resize.8 \
+ man/cryptsetup-refresh.8 \
+ man/cryptsetup-luksFormat.8 \
+ man/cryptsetup-luksSuspend.8 \
+ man/cryptsetup-luksResume.8 \
+ man/cryptsetup-luksAddKey.8 \
+ man/cryptsetup-luksRemoveKey.8 \
+ man/cryptsetup-luksConvertKey.8 \
+ man/cryptsetup-luksKillSlot.8 \
+ man/cryptsetup-luksChangeKey.8 \
+ man/cryptsetup-erase.8 \
+ man/cryptsetup-luksUUID.8 \
+ man/cryptsetup-isLuks.8 \
+ man/cryptsetup-luksDump.8 \
+ man/cryptsetup-luksHeaderBackup.8 \
+ man/cryptsetup-luksHeaderRestore.8 \
+ man/cryptsetup-token.8 \
+ man/cryptsetup-convert.8 \
+ man/cryptsetup-config.8 \
+ man/cryptsetup-tcryptDump.8 \
+ man/cryptsetup-bitlkDump.8 \
+ man/cryptsetup-fvault2Dump.8 \
+ man/cryptsetup-repair.8 \
+ man/cryptsetup-benchmark.8
+
+CRYPTSETUP_MANLINKS = \
+ man/cryptsetup-create.8 \
+ man/cryptsetup-plainOpen.8 \
+ man/cryptsetup-luksOpen.8 \
+ man/cryptsetup-loopaesOpen.8 \
+ man/cryptsetup-tcryptOpen.8 \
+ man/cryptsetup-bitlkOpen.8 \
+ man/cryptsetup-fvault2Open.8 \
+ man/cryptsetup-luksErase.8
+
+VERITYSETUP_MANPAGES = man/veritysetup.8
+INTEGRITYSETUP_MANPAGES = man/integritysetup.8
+SSHPLUGIN_MANPAGES = man/cryptsetup-ssh.8
+
+MANPAGES_ALL = \
+ $(CRYPTSETUP_MANPAGES) \
+ $(CRYPTSETUP_MANLINKS) \
+ $(VERITYSETUP_MANPAGES) \
+ $(INTEGRITYSETUP_MANPAGES) \
+ $(SSHPLUGIN_MANPAGES)
+
+MANPAGES =
+MANLINKS =
+
+if CRYPTSETUP
+MANPAGES += $(CRYPTSETUP_MANPAGES)
+MANLINKS += $(CRYPTSETUP_MANLINKS)
+endif
if VERITYSETUP
-man8_MANS += man/veritysetup.8
+MANPAGES += $(VERITYSETUP_MANPAGES)
+endif
+if INTEGRITYSETUP
+MANPAGES += $(INTEGRITYSETUP_MANPAGES)
endif
+if SSHPLUGIN_TOKEN
+MANPAGES += $(SSHPLUGIN_MANPAGES)
+endif
+
+if ENABLE_ASCIIDOC
+EXTRA_DIST += $(MANPAGES_ALL)
+man8_MANS += $(MANPAGES) $(MANLINKS)
+
+$(MANPAGES): $(ADOCFILES_COMMON)
+
+SUFFIXES = .8.adoc .8
+.8.adoc.8:
+ $(AM_V_GEN) $(ASCIIDOCTOR) -b manpage \
+ -a 'release-version=$(VERSION)' \
+ --base-dir=$(abs_srcdir) \
+ --destination-dir $(abs_builddir)/man $<
+
+$(MANLINKS): $(MANPAGES)
+gen-man: $(man8_MANS)
-if REENCRYPT
-man8_MANS += man/cryptsetup-reencrypt.8
+gen-man-dist:
+ @list=`find -name *.adoc -not -path "*/man/common_*" | sed -e 's/\.adoc//g'`; \
+ missing=`for p in $$list; do test -f $$p || echo $$p; done`; \
+ if test -n "$$missing"; then \
+ $(MAKE) $(AM_MAKEFLAGS) $$missing; \
+ fi;
+
+# !ENABLE_ASCIIDOC
+else
+
+if HAVE_MANPAGES
+EXTRA_DIST += $(MANPAGES_ALL)
+man8_MANS += $(MANPAGES) $(MANLINKS)
endif
-if INTEGRITYSETUP
-man8_MANS += man/integritysetup.8
+gen-man:
+gen-man-dist:
endif
+
+dist-hook: gen-man-dist
--- /dev/null
+
+== REPORTING BUGS
+
+Report bugs at mailto:cryptsetup@lists.linux.dev[*cryptsetup mailing list*]
+or in https://gitlab.com/cryptsetup/cryptsetup/-/issues/new[*Issues project section*].
+
+Please attach output of the failed command with --debug option added.
+
+== SEE ALSO
+
+https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions[*Cryptsetup FAQ*]
+
+*cryptsetup*(8), *integritysetup*(8) and *veritysetup*(8)
+
+== CRYPTSETUP
+
+Part of https://gitlab.com/cryptsetup/cryptsetup/[*cryptsetup project*].
--- /dev/null
+== OPTIONS
+
+ifdef::ACTION_REENCRYPT[]
+*--block-size* _value_ *(LUKS1 only)*::
+Use re-encryption block size of _value_ in MiB.
++
+Values can be between 1 and 64 MiB.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--use-directio (LUKS1 only)*::
+Use direct-io (O_DIRECT) for all read/write data operations related
+to block device undergoing reencryption.
++
+Useful if direct-io operations perform better than normal buffered
+operations (e.g. in virtual environments).
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--use-fsync (LUKS1 only)*::
+Use fsync call after every written block. This applies for reencryption
+log files as well.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--write-log (LUKS1 only)*::
+Update log file after every block write. This can slow down reencryption
+but will minimize data loss in the case of system crash.
+endif::[]
+
+ifdef::ACTION_ISLUKS[]
+*--verbose, -v*::
+Print more information on command execution.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSKILLSLOT,ACTION_ISLUKS,ACTION_LUKSDUMP,ACTION_LUKSUUID,ACTION_CONVERT,ACTION_REPAIR,ACTION_REENCRYPT[]
+*--type <device-type>*::
+ifndef::ACTION_REENCRYPT[]
+Specifies required device type, for more info read _BASIC ACTIONS_ section in *cryptsetup*(8).
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Specifies required (encryption mode) or expected (other modes) LUKS format. Accepts only _luks1_ or _luks2_.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_TCRYPTDUMP,ACTION_BENCHMARK,ACTION_REENCRYPT[]
+*--hash, -h* _<hash-spec>_::
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Specifies the passphrase hash. Applies to _plain_ and _loopaes_ device types only.
++
+For _tcrypt_ device type, it restricts checked PBKDF2 variants when looking for header.
+endif::[]
+ifdef::ACTION_LUKSFORMAT[]
+Specifies the hash used in the LUKS key setup scheme and volume key
+digest.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_TCRYPTDUMP[]
+The specified hash is used for PBKDF2 and AF splitter.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS1:*
+Specifies the hash used in the LUKS1 key setup scheme and volume key digest.
++
+*NOTE*: if this parameter is not specified, default hash algorithm is always used
+for new LUKS1 device header.
++
+*LUKS2:* Ignored unless new keyslot pbkdf algorithm is set to PBKDF2 (see --pbkdf).
+endif::[]
++
+ifdef::ACTION_LUKSFORMAT[]
+The hash algorithm must provide at least 160 bits of output.
+Do not use a non-crypto hash like *xxhash* as this breaks security.
+Use _cryptsetup --help_ to show the defaults.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT,ACTION_TCRYPTDUMP,ACTION_BENCHMARK[]
+*--cipher, -c* _<cipher-spec>_::
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Set the cipher specification string for _plain_ device type.
++
+For _tcrypt_ device type it restricts checked cipher chains when looking for header.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_TCRYPTDUMP[]
+Set the cipher specification string.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS2*:
+Set the cipher specification string for data segment only.
++
+*LUKS1*:
+Set the cipher specification string for data segment and keyslots.
++
+*NOTE*: In encrypt mode, if cipher specification is omitted the default cipher is applied.
+In reencrypt mode, if no new cipher specification is requested, the existing cipher will remain
+in use. Unless the existing cipher was "cipher_null". In that case default cipher would
+be applied as in encrypt mode.
+endif::[]
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
++
+_cryptsetup --help_ shows the compiled-in defaults.
++
+If a hash is part of the cipher specification, then it is used as part
+of the IV generation. For example, ESSIV needs a hash function, while
+"plain64" does not and hence none is specified.
++
+For XTS mode you can optionally set a key size of 512 bits with the -s
+option. Key size for XTS mode is twice that for other modes for the same
+security level.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_REPAIR,ACTION_TCRYPTDUMP,ACTION_REENCRYPT[]
+*--verify-passphrase, -y*::
+When interactively asking for a passphrase, ask for it twice and
+complain if both inputs do not match.
+ifdef::ACTION_OPEN[]
+Advised when creating a _plain_ type mapping for the first time.
+endif::[]
+Ignored on input from file or stdin.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--key-file, -d* _name_::
+Read the passphrase from file.
++
+If the name given is "-", then the passphrase will be read from stdin.
+In this case, reading will not stop at newline characters.
++
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY[]
+The passphrase supplied via --key-file is always the passphrase for existing
+keyslot requested by the command.
++
+If you want to set a new passphrase via key file, you have to use a
+positional argument or parameter --new-keyfile.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+*NOTE:* With _plain_ device type, the passphrase obtained via --key-file option is
+passed directly in dm-crypt. Unlike the interactive mode (stdin)
+where digest (--hash option) of the passphrase is passed in dm-crypt instead.
++
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+See section _NOTES ON PASSPHRASE PROCESSING_ in *cryptsetup*(8) for more information.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*WARNING:* --key-file option can be used only if there is only one active keyslot,
+or alternatively, also if --key-slot option is specified (then all other keyslots
+will be disabled in new LUKS device).
++
+If this option is not used, cryptsetup will ask for all active keyslot
+passphrases.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--keyfile-offset* _value_::
+Skip _value_ bytes at the beginning of the key file.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_LUKSADDKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_BITLKDUMP[]
+*--keyfile-size, -l* _value_::
+Read a maximum of _value_ bytes from the key file. The default is to
+read the whole file up to the compiled-in maximum that can be queried
+with --help. Supplying more data than the compiled-in maximum aborts
+the operation.
++
+This option is useful to cut trailing newlines, for example. If
+--keyfile-offset is also given, the size count starts after the offset.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-keyfile* _name_::
+Read the passphrase for a new keyslot from file.
++
+If the name given is "-", then the passphrase will be read from stdin.
+In this case, reading will not stop at newline characters.
++
+This is alternative method to positional argument when adding new
+passphrase via kefile.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[]
+*--new-keyfile-offset* _value_::
+Skip _value_ bytes at the start when adding a new passphrase from key
+file.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY[]
+*--new-keyfile-size* _value_::
+Read a maximum of _value_ bytes when adding a new passphrase from key
+file. The default is to read the whole file up to
+the compiled-in maximum length that can be queried with --help.
+Supplying more than the compiled in maximum aborts the operation. When
+--new-keyfile-offset is also given, reading starts after the offset.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_BITLKDUMP,ACTION_REENCRYPT[]
+*--volume-key-file, --master-key-file (OBSOLETE alias)*::
+ifndef::ACTION_REENCRYPT[]
+Use a volume key stored in a file.
+endif::[]
+ifdef::ACTION_FORMAT[]
++
+This allows creating a LUKS header with this specific
+volume key. If the volume key was taken from an existing LUKS header and
+all other parameters are the same, then the new header decrypts the data
+encrypted with the header the volume key was taken from. +
+endif::[]
+ifdef::ACTION_LUKSDUMP,ACTION_BITLKDUMP[]
+The volume key is stored in a file instead of being printed out to standard output. +
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+This allows adding a new keyslot without having to know passphrase to existing one.
+It may be also used when no keyslot is active.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+This allows one to open _luks_ and _bitlk_ device types without giving a passphrase. +
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Use (set) new volume key stored in a file. +
+endif::[]
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_REENCRYPT[]
+*WARNING:* If you create your own volume key, you need to make sure to
+do it right. Otherwise, you can end up with a low-entropy or otherwise
+partially predictable volume key which will compromise security.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSDUMP[]
+*--dump-json-metadata*::
+For _luksDump_ (LUKS2 only) this option prints content of LUKS2 header
+JSON metadata area.
+endif::[]
+
+ifdef::ACTION_LUKSDUMP,ACTION_TCRYPTDUMP,ACTION_BITLKDUMP[]
+*--dump-volume-key, --dump-master-key (OBSOLETE alias)*::
+Print the volume key in the displayed information. Use with care,
+as the volume key can be used to bypass
+the passphrases, see also option --volume-key-file.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--json-file*::
+Read token JSON from a file or write token to it. --json-file=- reads JSON from
+standard input or writes it to standard output respectively.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--token-replace*::
+Replace an existing token when adding or importing a token with the
+--token-id option.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--use-random*::
+*--use-urandom*::
+ifdef::ACTION_REENCRYPT[]
+Define which kernel random number generator will be used to create the volume key.
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+For _luksFormat_ these options define which kernel random number
+generator will be used to create the volume key (which is a long-term
+key).
++
+See *NOTES ON RANDOM NUMBER GENERATORS* in *cryptsetup*(8) for more
+information. Use _cryptsetup --help_ to show the compiled-in default random
+number generator.
++
+*WARNING:* In a low-entropy situation (e.g. in an embedded system) and older
+kernels, both selections are problematic. Using /dev/urandom can lead to weak keys.
+Using /dev/random can block a long time, potentially forever, if not
+enough entropy can be harvested by the kernel.
+endif::[]
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--keep-key*::
+*LUKS2*:
+Do not change effective volume key and change other parameters provided
+it is requested.
++
+*LUKS1*:
+Reencrypt only the LUKS1 header and keyslots. Skips data in-place reencryption.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSDUMP,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_CONFIG,ACTION_TOKEN,ACTION_REPAIR,ACTION_REENCRYPT[]
+*--key-slot, -S <0-N>*::
+ifdef::ACTION_LUKSADDKEY[]
+When used together with parameter --new-key-slot this option allows you to specify which
+key slot is selected for unlocking volume key.
++
+*NOTE:* This option is ignored if existing volume key gets unlocked
+via LUKS2 token (--token-id, --token-type or --token-only parameters) or
+when volume key is provided directly via --volume-key-file parameter.
++
+*NOTE:* To maintain backward compatibility, without --new-key-slot parameter,
+this option allows you to specify which key slot is selected for the new key.
+endif::[]
+ifndef::ACTION_OPEN,ACTION_LUKSADDKEY[]
+For LUKS operations that add key material, this option allows you to
+specify which key slot is selected for the new key.
+endif::[]
+ifdef::ACTION_OPEN[]
+This option selects a specific key-slot to
+compare the passphrase against. If the given passphrase would only
+match a different key-slot, the operation fails.
+endif::[]
++
+ifdef::ACTION_REENCRYPT[]
+For reencryption mode it selects specific keyslot (and passphrase) that can be used to unlock new volume key.
+If used all other keyslots get removed after reencryption operation is finished.
++
+endif::[]
+The maximum number of key slots depends on the LUKS version. LUKS1 can have up
+to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area
+size and key size, but a valid key slot ID can always be between 0 and
+31 for LUKS2.
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-key-slot <0-N>*::
+This option allows you to specify which key slot is selected for
+the new key.
++
+*NOTE:* When used this option affects --key-slot option.
++
+The maximum number of key slots depends on the LUKS version. LUKS1 can have up
+to 8 key slots. LUKS2 can have up to 32 key slots based on key slot area
+size and key size, but a valid key slot ID can always be between 0 and
+31 for LUKS2.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT,ACTION_BENCHMARK,ACTION_LUKSADDKEY[]
+*--key-size, -s* _bits_::
+ifndef::ACTION_LUKSADDKEY[]
+Sets key size in _bits_. The argument has to be a multiple of 8. The
+possible key-sizes are limited by the cipher and mode used.
++
+See /proc/crypto for more information. Note that key-size in
+/proc/crypto is stated in bytes.
++
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Provide volume key size in _bits_. The argument has to be a multiple of 8.
++
+This option is required when parameter --volume-key-file is used to provide
+current volume key. Also, it is used when new unbound keyslot is created by
+specifying --unbound parameter.
+endif::[]
+ifdef::ACTION_OPEN[]
+This option can be used for _plain_ device type only.
+endif::[]
+ifndef::ACTION_REENCRYPT,ACTION_OPEN,ACTION_LUKSADDKEY[]
+This option can be used for _open --type plain_ or _luksFormat_. All
+other LUKS actions will use the key-size specified in the LUKS header.
+Use _cryptsetup --help_ to show the compiled-in defaults.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*LUKS1*:
+If you are increasing key size, there must be enough space in the LUKS header
+for enlarged keyslots (data offset must be large enough) or reencryption
+cannot be performed.
++
+If there is not enough space for keyslots with new key size,
+you can destructively shrink device with --reduce-device-size option.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE[]
+*--size, -b <number of 512 byte sectors>*::
+Set the size of the device in sectors of 512 bytes.
+ifdef::ACTION_OPEN[]
+Usable only with _plain_ device type.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--offset, -o <number of 512 byte sectors>*::
+Start offset in the backend device in 512-byte sectors.
+ifdef::ACTION_OPEN[]
+This option is only relevant with plain or loopaes device types.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+This option is only relevant for the encrypt mode.
+endif::[]
++
+ifndef::ACTION_OPEN[]
+The --offset option sets the data offset (payload) of data
+device and must be aligned to 4096-byte sectors (must be multiple of
+8). This option cannot be combined with --align-payload option.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--skip, -p <number of 512 byte sectors>*::
+Start offset used in IV calculation in 512-byte sectors (how many
+sectors of the encrypted data to skip at the beginning). This option
+is only relevant with plain or loopaes device types.
++
+Hence, if --offset _n_, and --skip _s_, sector _n_ (the first sector of
+the encrypted device) will get a sector number of _s_ for the IV
+calculation.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REENCRYPT,ACTION_RESIZE[]
+*--device-size* _size[units]_::
+ifndef::ACTION_RESIZE[]
+Instead of real device size, use specified value.
+endif::[]
+ifdef::ACTION_RESIZE[]
+Sets new size of the device. If unset real device size is used.
+endif::[]
+ifdef::ACTION_OPEN[]
+Usable only with _plain_ device type.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+It means that only specified area (from the start of the device
+to the specified size) will be reencrypted.
++
+*WARNING:* This is destructive operation. Data beyond --device-size limit may
+be lost after operation gets finished.
+endif::[]
++
+If no unit suffix is specified, the size is in bytes.
++
+Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
+for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--readonly, -r*::
+set up a read-only mapping.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--shared*::
+Creates an additional mapping for one common ciphertext device.
+Arbitrary mappings are supported. This option is only relevant for the
+_plain_ device type. Use --offset, --size and --skip to specify
+the mapped area.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf <PBKDF spec>*::
+Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS
+keyslot. The PBKDF can be: _pbkdf2_ (for PBKDF2 according to RFC2898),
+_argon2i_ for Argon2i or _argon2id_ for Argon2id (see
+https://www.cryptolux.org/index.php/Argon2[Argon2] for more info).
++
+For LUKS1, only PBKDF2 is accepted (no need to use this option). The
+default PBKDF for LUKS2 is set during compilation time and is available
+in _cryptsetup --help_ output.
++
+A PBKDF is used for increasing dictionary and brute-force attack cost
+for keyslot passwords. The parameters can be time, memory and parallel
+cost.
++
+For PBKDF2, only time cost (number of iterations) applies. For
+Argon2i/id, there is also memory cost (memory required during the
+process of key derivation) and parallel cost (number of threads that run
+in parallel during the key derivation.
++
+Note that increasing memory cost also increases time, so the final
+parameter values are measured by a benchmark. The benchmark tries to
+find iteration time (_--iter-time_) with required memory cost
+_--pbkdf-memory_. If it is not possible, the memory cost is decreased as
+well. The parallel cost _--pbkdf-parallel_ is constant and is checked
+against available CPU cores.
++
+You can see all PBKDF parameters for particular LUKS2 keyslot with
+*cryptsetup-luksDump*(8) command.
++
+*NOTE:* If you do not want to use benchmark and want to specify all
+parameters directly, use _--pbkdf-force-iterations_ with
+_--pbkdf-memory_ and _--pbkdf-parallel_. This will override the values
+without benchmarking. Note it can cause extremely long unlocking time.
+Use only in specific cases, for example, if you know that the formatted
+device will be used on some small embedded system.
++
+*MINIMAL AND MAXIMAL PBKDF COSTS:* For *PBKDF2*, the minimum iteration
+count is 1000 and maximum is 4294967295 (maximum for 32bit unsigned
+integer). Memory and parallel costs are unused for PBKDF2. For *Argon2i*
+and *Argon2id*, minimum iteration count (CPU cost) is 4 and maximum is
+4294967295 (maximum for 32bit unsigned integer). Minimum memory cost is
+32 KiB and maximum is 4 GiB. (Limited by addressable memory on some CPU
+platforms.) If the memory cost parameter is benchmarked (not specified
+by a parameter) it is always in range from 64 MiB to 1 GiB. The parallel
+cost minimum is 1 and maximum 4 (if enough CPUs cores are available,
+otherwise it is decreased).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--iter-time, -i <number of milliseconds>*::
+ifndef::ACTION_REENCRYPT[]
+The number of milliseconds to spend with PBKDF passphrase processing.
+Specifying 0 as parameter selects the compiled-in default.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+The number of milliseconds to spend with PBKDF passphrase processing for the
+new LUKS header.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf-memory <number>*::
+Set the memory cost for PBKDF (for Argon2i/id the number represents
+kilobytes). Note that it is maximal value, PBKDF benchmark or
+available physical memory can decrease it. This option is not
+available for PBKDF2.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT,ACTION_BENCHMARK[]
+*--pbkdf-parallel <number>*::
+Set the parallel cost for PBKDF (number of threads, up to 4). Note
+that it is maximal value, it is decreased automatically if CPU online
+count is lower. This option is not available for PBKDF2.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--pbkdf-force-iterations <num>*::
+Avoid PBKDF benchmark and set time cost (iterations) directly. It can
+be used for LUKS/LUKS2 device only. See _--pbkdf_ option for more
+info.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--progress-frequency* _seconds_::
+ifndef::ACTION_REENCRYPT[]
+Print separate line every _seconds_ with wipe progress.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+Print separate line every _seconds_ with reencryption progress.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--progress-json*::
+Prints progress data in JSON format suitable mostly for machine
+processing. It prints separate line every half second (or based on
+_--progress-frequency_ value). The JSON output looks as follows during
+progress (except it's compact single line):
++
+....
+{
+ "device":"/dev/sda" // backing device or file
+ "device_bytes":"8192", // bytes of I/O so far
+ "device_size":"44040192", // total bytes of I/O to go
+ "speed":"126877696", // calculated speed in bytes per second (based on progress so far)
+ "eta_ms":"2520012" // estimated time to finish an operation in milliseconds
+ "time_ms":"5561235" // total time spent in IO operation in milliseconds
+}
+....
++
+Note on numbers in JSON output: Due to JSON parsers limitations all
+numbers are represented in a string format due to need of full 64bit
+unsigned integers.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_LUKSREMOVEKEY,ACTION_LUKSKILLSLOT,ACTION_LUKSDUMP,ACTION_REENCRYPT,ACTION_REPAIR,ACTION_LUKSRESUME,ACTION_RESIZE,ACTION_TCRYPTDUMP,ACTION_BITLKDUMP[]
+*--timeout, -t <number of seconds>*::
+The number of seconds to wait before timeout on passphrase input via
+terminal. It is relevant every time a passphrase is asked.
+It has no effect if used in conjunction with --key-file.
++
+This option is useful when the system should not stall if the user
+does not input a passphrase, e.g. during boot. The default is a value
+of 0 seconds, which means to wait forever.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_REENCRYPT[]
+*--tries, -T*::
+How often the input of the passphrase shall be retried. The default is 3 tries.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--align-payload <number of 512 byte sectors>*::
+Align payload at a boundary of _value_ 512-byte sectors.
++
+If not specified, cryptsetup tries to use the topology info provided by
+the kernel for the underlying device to get the optimal alignment. If
+not available (or the calculated value is a multiple of the default)
+data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte
+sectors).
++
+For a detached LUKS header, this option specifies the offset on the data
+device. See also the --header option.
++
+*WARNING:* This option is DEPRECATED and has often unexpected impact to
+the data offset and keyslot area size (for LUKS2) due to the complex
+rounding. For fixed data device offset use _--offset_ option instead.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSUUID,ACTION_REENCRYPT[]
+*--uuid <UUID>*::
+ifndef::ACTION_REENCRYPT[]
+Use the provided _UUID_ for the _luksFormat_ command instead of
+generating a new one. Changes the existing _UUID_ when used with the
+_luksUUID_ command.
++
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+When used in encryption mode use the provided _UUID_ for the new LUKS header
+instead of generating a new one.
++
+*LUKS1 (only in decryption mode)*:
+To find out what _UUID_ to pass look for temporary files LUKS-_UUID_.[|log|org|new]
+of the interrupted decryption process.
++
+endif::[]
+The _UUID_ must be provided in the standard UUID format, e.g.
+12345678-1234-1234-1234-123456789abc.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REFRESH[]
+*--allow-discards*::
+Allow the use of discard (TRIM) requests for the device. This is also not
+supported for LUKS2 devices with data integrity protection.
++
+*WARNING:* This command can have a negative security impact because it
+can make filesystem-level operations visible on the physical device. For
+example, information leaking filesystem type, used space, etc. may be
+extractable from the physical device if the discarded blocks can be
+located later. If in doubt, do not use it.
++
+A kernel version of 3.1 or later is needed. For earlier kernels, this
+option is ignored.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-same_cpu_crypt*::
+Perform encryption using the same cpu that IO was submitted on. The
+default is to use an unbound workqueue so that encryption work is
+automatically balanced between available CPUs.
++
+*NOTE:* This option is available only for low-level dm-crypt performance
+tuning, use only if you need a change to default dm-crypt behaviour.
+Needs kernel 4.0 or later.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-submit_from_crypt_cpus*::
+Disable offloading writes to a separate thread after encryption. There
+are some situations where offloading write bios from the encryption
+threads to a single thread degrades performance significantly. The
+default is to offload write bios to the same thread.
++
+*NOTE:* This option is available only for low-level dm-crypt performance
+tuning, use only if you need a change to default dm-crypt behaviour.
+Needs kernel 4.0 or later.
+endif::[]
+
+ifdef::ACTION_REFRESH,ACTION_OPEN[]
+*--perf-no_read_workqueue, --perf-no_write_workqueue*::
+Bypass dm-crypt internal workqueue and process read or write requests
+synchronously.
++
+*NOTE:* These options are available only for low-level dm-crypt
+performance tuning, use only if you need a change to default dm-crypt
+behaviour. Needs kernel 5.9 or later.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--test-passphrase*::
+Do not activate the device, just verify passphrase. The device mapping name is
+not mandatory if this option is used.
+endif::[]
+
+ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP[]
+*--header <device or file storing the LUKS header>*::
+ifndef::ACTION_OPEN[]
+Use a detached (separated) metadata device or file where the LUKS
+header is stored. This option allows one to store ciphertext and LUKS
+header on different devices.
++
+endif::[]
+ifdef::ACTION_OPEN[]
+Specify detached (separated) metadata device or file where the header is stored.
++
+*WARNING:* There is no check whether the ciphertext device specified
+actually belongs to the header given. In fact, you can specify an
+arbitrary device as the ciphertext device with the --header option.
+Use with care.
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+ifdef::ACTION_LUKSFORMAT[]
+With a file name as the argument to --header, the file
+will be automatically created if it does not exist. See the cryptsetup
+FAQ for header size calculation.
++
+The --align-payload option is taken as absolute sector alignment on ciphertext
+device and can be zero.
+endif::[]
+ifndef::ACTION_LUKSFORMAT,ACTION_OPEN[]
+For commands that change the LUKS header (e.g. _luksAddKey_),
+specify the device or file with the LUKS header directly as the LUKS
+device.
+endif::[]
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+If used with --encrypt/--new option, the header file will be created (or overwritten).
+Use with care.
++
+*LUKS2*:
+For decryption mode the option may be used to export original LUKS2 header
+to a detached file. The passed future file must not exist at the time
+of initializing the decryption operation. This frees space in head of data
+device so that data can be moved at original LUKS2 header location. Later on
+decryption operation continues as if the ordinary detached header was passed.
++
+*WARNING:* Never put exported header file in a filesystem on top of device
+you are about to decrypt! It would cause a deadlock.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSHEADERBACKUP,ACTION_LUKSHEADERRESTORE[]
+*--header-backup-file <file>*::
+Specify file with header backup file.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--force-offline-reencrypt (LUKS2 only)*::
+Bypass active device auto-detection and enforce offline reencryption.
++
+This option is useful especially for reencryption of LUKS2 images put in
+files (auto-detection is not reliable in this scenario).
++
+It may also help in case active device auto-detection on particular
+data device does not work or report errors.
++
+*WARNING:* Use with extreme caution! This may destroy data if the device
+is activated and/or actively used.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--force-password*::
+Do not use password quality checking for new LUKS passwords.
++
+This option is ignored if cryptsetup is built without password
+quality checking support.
++
+For more info about password quality check, see the manual page for
+*pwquality.conf(5)* and *passwdqc.conf(5)*.
+endif::[]
+
+ifdef::ACTION_CLOSE[]
+*--deferred*::
+Defers device removal in _close_ command until the last user closes
+it.
+endif::[]
+
+ifdef::ACTION_CLOSE[]
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in _close_
+command.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSRESUME,ACTION_RESIZE,ACTION_TOKEN[]
+*--disable-external-tokens*::
+Disable loading of plugins for external LUKS2 tokens.
+endif::[]
+
+ifndef::ACTION_BENCHMARK,ACTION_BITLKDUMP,ACTION_TCRYPTDUMP[]
+*--disable-locks*::
+Disable lock protection for metadata on disk. This option is valid
+only for LUKS2 and ignored for other formats.
++
+ifdef::ACTION_REENCRYPT[]
+*NOTE:* With locking disabled LUKS2 images in files can be fully (re)encrypted
+offline without need for super user privileges provided used block ciphers are
+available in crypto backend.
++
+endif::[]
+*WARNING:* Do not use this option unless you run cryptsetup in a
+restricted environment where locking is impossible to perform (where
+/run directory cannot be used).
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_REFRESH,ACTION_LUKSFORMAT,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_REENCRYPT[]
+*--disable-keyring*::
+Do not load volume key in kernel keyring and store it directly in the
+dm-crypt target instead. This option is supported only for the LUKS2 type.
+endif::[]
+
+ifdef::ACTION_TOKEN[]
+*--key-description <text>*::
+Set key description in keyring for use with _token_ command.
+endif::[]
+
+ifdef::ACTION_CONFIG[]
+*--priority <normal|prefer|ignore>*::
+Set a priority for LUKS2 keyslot. The _prefer_ priority marked slots
+are tried before _normal_ priority. The _ignored_ priority means, that
+slot is never used, if not explicitly requested by _--key-slot_
+option.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_TOKEN,ACTION_LUKSADDKEY[]
+*--token-id*::
+ifndef::ACTION_TOKEN,ACTION_LUKSADDKEY[]
+Specify what token to use and allow token PIN prompt to take precedence over interative
+keyslot passphrase prompt. If omitted, all available tokens (not protected by PIN)
+will be checked before proceeding further with passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Specify what token to use when unlocking existing keyslot to get volume key.
+endif::[]
+ifdef::ACTION_TOKEN[]
+Specify token number. If omitted, first unused token id is used when adding or importing
+new token.
+endif::[]
+endif::[]
+
+ifdef::ACTION_LUKSADDKEY[]
+*--new-token-id*::
+Specify what token to use to get the passphrase for a new keyslot.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[]
+*--token-only*::
+ifndef::ACTION_LUKSADDKEY[]
+Do not proceed further with action if token based keyslot unlock failed. Without the
+option, action asks for passphrase to proceed further.
++
+It allows LUKS2 tokens protected by PIN to take precedence over interactive keyslot
+passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Use only LUKS2 tokens to unlock existing volume key.
++
+*NOTE*: To create a new keyslot using passphrase provided by a token use --new-token-id parameter.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_RESIZE,ACTION_LUKSRESUME,ACTION_LUKSADDKEY[]
+*--token-type* _type_::
+ifndef::ACTION_LUKSADDKEY[]
+Restrict tokens eligible for operation to specific token _type_.
+Mostly useful when no --token-id is specified.
++
+It allows LUKS2 _type_ tokens protected by PIN to take precedence over interactive keyslot
+passphrase prompt.
+endif::[]
+ifdef::ACTION_LUKSADDKEY[]
+Specify what token type (all _type_ tokens) to use when unlocking existing keyslot to get volume key.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+ifndef::ACTION_REENCRYPT[]
+*--sector-size* _bytes_::
+endif::[]
+ifndef::ACTION_REENCRYPT[]
+ifdef::ACTION_OPEN[]
+Set encryption sector size for use with _plain_ device type. It must be power of two
+and in range 512 - 4096 bytes. The default mode is 512 bytes.
++
+Note that if sector size is higher than underlying device hardware
+sector, using this option can increase risk on incomplete sector writes during a
+power fail.
+endif::[]
+ifdef::ACTION_LUKSFORMAT[]
+Set sector size for use with disk encryption. It must be power of two
+and in range 512 - 4096 bytes. This option is available only with LUKS2
+format.
++
+For LUKS2 devices it's established based on parameters provided by
+underlying data device. For native 4K block devices it's 4096 bytes.
+For 4K/512e (4K physical sector size with 512 bytes emulation) it's
+4096 bytes. For drives reporting only 512 bytes block size it remains
+512 bytes. If data device is regular file put in filesystem it's 4096
+bytes.
++
+Note that if sector size is higher than underlying device hardware
+sector and there is not integrity protection that uses data journal,
+using this option can increase risk on incomplete sector writes during a
+power fail.
++
+If used together with _--integrity_ option and dm-integrity journal, the
+atomicity of writes is guaranteed in all cases (but it cost write
+performance - data has to be written twice).
+endif::[]
++
+Increasing sector size from 512 bytes to 4096 bytes can provide better
+performance on most of the modern storage devices and also with some hw
+encryption accelerators.
+endif::[]
+ifdef::ACTION_REENCRYPT[]
+*--sector-size* _bytes_ *(LUKS2 only)*::
+Reencrypt device with new encryption sector size enforced.
++
+*WARNING:* Increasing encryption sector size may break hosted filesystem. Do not
+run reencryption with --force-offline-reencrypt if unsure what block size
+was filesystem formatted with.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--iv-large-sectors*::
+Count Initialization Vector (IV) in larger sector size (if set)
+instead of 512 bytes sectors. This option can be used only with _plain_
+device type.
++
+*NOTE:* This option does not have any performance or security impact,
+use it only for accessing incompatible existing disk images from other
+systems that require this option.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_REFRESH[]
+*--persistent*::
+If used with LUKS2 devices and activation commands like _open_ or
+_refresh_, the specified activation flags are persistently written
+into metadata and used next time automatically even for normal
+activation. (No need to use cryptab or other system configuration
+files.)
++
+If you need to remove a persistent flag, use _--persistent_ without the
+flag you want to remove (e.g. to disable persistently stored discard
+flag, use _--persistent_ without _--allow-discards_).
++
+Only _--allow-discards_, _--perf-same_cpu_crypt_,
+_--perf-submit_from_crypt_cpus_, _--perf-no_read_workqueue_,
+_--perf-no_write_workqueue_ and _--integrity-no-journal_ can be stored
+persistently.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--refresh*::
+Refreshes an active device with new set of parameters. See
+*cryptsetup-refresh*(8) for more details.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_CONFIG,ACTION_REENCRYPT[]
+*--label <LABEL> --subsystem <SUBSYSTEM>*::
+Set label and subsystem description for LUKS2 device.
+The label and subsystem are optional fields and can be later used
+in udev scripts for triggering user actions once the device marked
+by these labels is detected.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity <integrity algorithm>*::
+Specify integrity algorithm to be used for authenticated disk
+encryption in LUKS2.
++
+*WARNING: This extension is EXPERIMENTAL* and requires dm-integrity
+kernel target (available since kernel version 4.12). For native AEAD
+modes, also enable "User-space interface for AEAD cipher algorithms" in
+"Cryptographic API" section (CONFIG_CRYPTO_USER_API_AEAD .config
+option).
++
+For more info, see _AUTHENTICATED DISK ENCRYPTION_ section in *cryptsetup*(8).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity-legacy-padding*::
+Use inefficient legacy padding.
++
+*WARNING*: Do not use this option until you need compatibility with specific
+old kernel.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--luks2-metadata-size <size>*::
+This option can be used to enlarge the LUKS2 metadata (JSON) area. The
+size includes 4096 bytes for binary metadata (usable JSON area is
+smaller of the binary area). According to LUKS2 specification, only
+these values are valid: 16, 32, 64, 128, 256, 512, 1024, 2048 and 4096
+kB The <size> can be specified with unit suffix (for example 128k).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_REENCRYPT[]
+*--luks2-keyslots-size <size>*::
+This option can be used to set specific size of the LUKS2 binary
+keyslot area (key material is encrypted there). The value must be
+aligned to multiple of 4096 bytes with maximum size 128MB. The <size>
+can be specified with unit suffix (for example 128k).
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--keyslot-cipher <cipher-spec>*::
+This option can be used to set specific cipher encryption for the
+LUKS2 keyslot area.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT,ACTION_LUKSADDKEY,ACTION_LUKSCHANGEKEY,ACTION_LUKSCONVERTKEY,ACTION_REENCRYPT[]
+*--keyslot-key-size <bits>*::
+This option can be used to set specific key size for the LUKS2 keyslot
+area.
+endif::[]
+
+ifdef::ACTION_REFRESH[]
+*--integrity-no-journal*::
+Activate device with integrity protection without using data journal
+(direct write of data and integrity tags). Note that without journal
+power fail can cause non-atomic write and data corruption. Use only if
+journalling is performed on a different storage layer.
+endif::[]
+
+ifdef::ACTION_LUKSFORMAT[]
+*--integrity-no-wipe*::
+Skip wiping of device authentication (integrity) tags. If you skip
+this step, sectors will report invalid integrity tag until an
+application write to the sector.
++
+*NOTE:* Even some writes to the device can fail if the write is not
+aligned to page size and page-cache initiates read of a sector with
+invalid integrity tag.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_LUKSADDKEY,ACTION_LUKSDUMP,ACTION_TOKEN[]
+*--unbound*::
+ifdef::ACTION_LUKSADDKEY[]
+Creates new LUKS2 unbound keyslot.
+endif::[]
+ifdef::ACTION_LUKSDUMP[]
+Dumps existing LUKS2 unbound keyslot.
+endif::[]
+ifdef::ACTION_OPEN[]
+Allowed only together with --test-passphrase parameter, it allows one to test
+passphrase for unbound LUKS2 keyslot. Otherwise, unbound keyslot passphrase
+can be tested only when specific keyslot is selected via --key-slot parameter.
+endif::[]
+ifdef::ACTION_TOKEN[]
+Creates new LUKS2 keyring token assigned to no keyslot. Usable only with _add_ action.
+endif::[]
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--tcrypt-hidden*::
+*--tcrypt-system*::
+*--tcrypt-backup*::
+Specify which TrueCrypt on-disk
+header will be used to open the device. See _TCRYPT_ section in
+*cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_TCRYPTDUMP,ACTION_OPEN[]
+*--veracrypt*::
+This option is ignored as VeraCrypt compatible mode is supported by
+default.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--disable-veracrypt*::
+This option can be used to disable VeraCrypt compatible mode (only
+TrueCrypt devices are recognized). Only for TCRYPT extension. See
+_TCRYPT_ section in *cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_OPEN,ACTION_TCRYPTDUMP[]
+*--veracrypt-pim*::
+*--veracrypt-query-pim*::
+Use a custom Personal Iteration Multiplier (PIM) for
+VeraCrypt device. See _TCRYPT_ section in *cryptsetup*(8) for more info.
+endif::[]
+
+ifdef::ACTION_OPEN[]
+*--serialize-memory-hard-pbkdf*::
+Use a global lock to serialize unlocking of keyslots using memory-hard
+PBKDF.
++
+*NOTE:* This is (ugly) workaround for a specific situation when multiple
+devices are activated in parallel and system instead of reporting out of
+memory starts unconditionally stop processes using out-of-memory killer.
++
+*DO NOT USE* this switch until you are implementing boot environment
+with parallel devices activation!
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--encrypt, --new, -N*::
+Initialize (and run) device in-place encryption mode.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--decrypt*::
+Initialize (and run) device decryption mode.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--init-only (LUKS2 only)*::
+Initialize reencryption (any mode) operation in LUKS2 metadata only
+and exit. If any reencrypt operation is already initialized in
+metadata, the command with --init-only parameter fails.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resume-only (LUKS2 only)*::
+Resume reencryption (any mode) operation already described in LUKS2
+metadata. If no reencrypt operation is initialized, the command with
+--resume-only parameter fails. Useful for resuming reencrypt operation
+without accidentally triggering new reencryption operation.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resilience* _mode_ *(LUKS2 only)*::
+Reencryption resilience _mode_ can be one of _checksum_, _journal_ or
+_none_.
++
+_checksum_: default mode, where individual checksums of ciphertext
+hotzone sectors are stored, so the recovery process can detect which
+sectors were already reencrypted. It requires that the device sector
+write is atomic.
++
+_journal_: the hotzone is journaled in the binary area (so the data are
+written twice).
++
+_none_: performance mode. There is no protection and the only way it's
+safe to interrupt the reencryption is similar to old offline
+reencryption utility.
++
+Resilience modes can be changed unless _datashift_ mode is used for
+operation initialization (encryption with --reduce-device-size option)
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--resilience-hash* _hash_ *(LUKS2 only)*::
+The _hash_ algorithm used with "--resilience checksum" only. The default
+hash is sha256. With other resilience modes, the hash parameter is
+ignored.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--hotzone-size* _size_ *(LUKS2 only)*::
+This option can be used to set an upper limit on the size of
+reencryption area (hotzone). The _size_ can be specified with unit
+suffix (for example 50M). Note that actual hotzone size may be less
+than specified <size> due to other limitations (free space in keyslots
+area or available memory).
++
+With decryption mode for devices with LUKS2 header placed in head of data
+device, the option specifies how large is the first data segment moved
+from original data offset pointer.
+endif::[]
+
+ifdef::ACTION_REENCRYPT[]
+*--reduce-device-size* _size_::
+This means that last _size_ sectors on the original device will be lost,
+data will be effectively shifted by specified number of sectors.
++
+It could be useful if you added some space to underlying partition or
+logical volume (so last _size_ sectors contains no data).
++
+For units suffix see --device-size parameter description.
++
+*WARNING:* This is a destructive operation and cannot be reverted. Use
+with extreme care - accidentally overwritten filesystems are usually
+unrecoverable.
++
+*LUKS2*:
+Initialize LUKS2 reencryption with data device size reduction
+(currently only encryption mode is supported).
++
+Recommended minimal size is twice the default LUKS2 header size
+(--reduce-device-size 32M) for encryption mode.
++
+*LUKS1*:
+Enlarge data offset to specified value by shrinking device size.
++
+You cannot shrink device more than by 64 MiB (131072 sectors).
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--batch-mode, -q*::
+Suppresses all confirmation questions. Use with care!
++
+If the --verify-passphrase option is not specified, this option also
+switches off the passphrase verification.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--debug or --debug-json*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
++
+If --debug-json is used, additional LUKS2 JSON data structures are printed.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--version, -V*::
+Show the program version.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--usage*::
+Show short option help.
+endif::[]
+
+ifdef::COMMON_OPTIONS[]
+*--help, -?*::
+Show help text and default parameters.
+endif::[]
--- /dev/null
+= cryptsetup-benchmark(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BENCHMARK:
+
+== Name
+
+cryptsetup-benchmark - benchmarks ciphers and KDF
+
+== SYNOPSIS
+
+*cryptsetup _benchmark_ [<options>]*
+
+== DESCRIPTION
+
+Benchmarks ciphers and KDF (key derivation function). Without
+parameters, it tries to measure few common configurations.
+
+To benchmark other ciphers or modes, you need to specify *--cipher* and
+*--key-size* options.
+
+To benchmark PBKDF you need to specify *--pbkdf* or *--hash* with optional
+cost parameters *--iter-time*, *--pbkdf-memory* or *--pbkdf-parallel*.
+
+*NOTE:* This benchmark uses memory only and is only informative. You
+cannot directly predict real storage encryption speed from it.
+
+For testing block ciphers, this benchmark requires kernel userspace
+crypto API to be available (introduced in Linux kernel 2.6.38). If you
+are configuring kernel yourself, enable "User-space interface for
+symmetric key cipher algorithms" in "Cryptographic API" section
+(CRYPTO_USER_API_SKCIPHER .config option).
+
+*<options>* can be [--cipher, --key-size, --hash, --pbkdf, --iter-time,
+--pbkdf-memory, --pbkdf-parallel].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-bitlkDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BITLKDUMP:
+
+== Name
+
+cryptsetup-bitlkDump - dump the header information of a BITLK (BitLocker compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _bitlkDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a BITLK (BitLocker compatible) device.
+
+If the --dump-volume-key option is used, the BITLK device volume key
+is dumped instead of header information. You have to provide password
+or keyfile to dump volume key.
+
+Beware that the volume key can be used to decrypt the data stored in
+the container without a passphrase.
+This means that if the volume key is compromised, the whole device has
+to be erased to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --volume-key-file, --key-file,
+--keyfile-offset, --keyfile-size, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-close(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CLOSE:
+
+== Name
+
+cryptsetup-close - removes the existing mapping <name> (and the associated key)
+
+== SYNOPSIS
+
+*cryptsetup _close_ [<options>] <name>*
+
+== DESCRIPTION
+
+Removes the existing mapping <name> and wipes the key from kernel
+memory.
+
+For backward compatibility, there are *close* command aliases: *remove*,
+*plainClose*, *luksClose*, *loopaesClose*, *tcryptClose*, *bitlkClose*
+(all behave exactly the same, device type is determined automatically
+from the active device).
+
+*<options>* can be [--deferred, --cancel-deferred, --header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-config(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CONFIG:
+
+== Name
+
+cryptsetup-config - set permanent configuration options (store to LUKS header)
+
+== SYNOPSIS
+
+*cryptsetup _config_ <options> <device>*
+
+== DESCRIPTION
+
+Set permanent configuration options (store to LUKS header). The _config_
+command is supported only for LUKS2.
+
+The permanent options can be _--priority_ to set priority (normal,
+prefer, ignore) for keyslot (specified by _--key-slot_) or _--label_ and
+_--subsystem_.
+
+*<options>* can be [--priority, --label, --subsystem, --key-slot,
+--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-convert(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_CONVERT:
+
+== Name
+
+cryptsetup-convert - converts the device between LUKS1 and LUKS2 format
+
+== SYNOPSIS
+
+*cryptsetup _convert_ --type <format> [<options>] <device>*
+
+== DESCRIPTION
+
+Converts the device between LUKS1 and LUKS2 format (if possible). The
+conversion will not be performed if there is an additional LUKS2 feature
+or LUKS1 has unsupported header size.
+
+Conversion (both directions) must be performed on inactive device. There
+must not be active dm-crypt mapping established for LUKS header
+requested for conversion.
+
+The *--type* option is mandatory with the following accepted values: _luks1_ or
+_luks2_.
+
+*WARNING:* The _convert_ action can destroy the LUKS header in the case
+of a crash during conversion or if a media error occurs. Always create a
+header backup before performing this operation!
+
+*<options>* can be [--header, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-erase(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_ERASE:
+
+== Name
+
+cryptsetup-erase, cryptsetup-luksErase - erase all keyslots
+
+== SYNOPSIS
+
+*cryptsetup _erase_ [<options>] <device>* +
+*cryptsetup _luksErase_ [<options>] <device>*
+
+== DESCRIPTION
+
+Erase all keyslots and make the LUKS container permanently inaccessible.
+You do not need to provide any password for this operation.
+
+*WARNING:* This operation is irreversible.
+
+*<options>* can be [--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-fvault2Dump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_BITLKDUMP:
+
+== Name
+
+cryptsetup-fvault2Dump - dump the header information of a FVAULT2 (FileVault2 compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _fvault2Dump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a FVAULT2 (FileVault2 compatible) device.
+
+If the --dump-volume-key option is used, the FVAULT2 device volume key
+is dumped instead of header information. You have to provide password
+or keyfile to dump volume key.
+
+Beware that the volume key can be used to decrypt the data stored in
+the container without a passphrase.
+This means that if the volume key is compromised, the whole device has
+to be erased to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --volume-key-file, --key-file,
+--keyfile-offset, --keyfile-size, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-isLuks(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_ISLUKS:
+
+== Name
+
+cryptsetup-isLuks - check if a device is a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _isLuks_ [<options>] <device>*
+
+== DESCRIPTION
+
+Returns true, if <device> is a LUKS device, false otherwise.
+
+Use option -v to get human-readable feedback.
+'Command successful.' means the device is a LUKS device.
+
+By specifying --type you may query for specific LUKS version.
+
+*<options>* can be [--header, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksAddKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSADDKEY:
+
+== Name
+
+cryptsetup-luksAddKey - add a new passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksAddKey_ [<options>] <device> [<key file with new key>]*
+
+== DESCRIPTION
+
+Adds a keyslot protected by a new passphrase. An existing passphrase
+must be supplied interactively, via --key-file or LUKS2 token (plugin).
+Alternatively to existing passphrase user may pass directly volume key
+(via --volume-key-file). The new passphrase to be added can be specified
+interactively, read from the file given as the positional argument (also
+via --new-keyfile parameter) or via LUKS2 token.
+
+*NOTE:* with --unbound option the action creates new unbound LUKS2
+keyslot. The keyslot cannot be used for device activation. If you don't
+pass new key via --volume-key-file option, new random key is generated.
+Existing passphrase for any active keyslot is not required.
+
+*NOTE:* some parameters are effective only if used with LUKS2 format
+that supports per-keyslot parameters. For LUKS1, PBKDF type and hash
+algorithm is always the same for all keyslots.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--new-keyfile, --new-keyfile-offset, --new-keyfile-size, --key-slot,
+--new-key-slot, --volume-key-file, --force-password, --hash, --header,
+--disable-locks, --iter-time, --pbkdf, --pbkdf-force-iterations,
+--pbkdf-memory, --pbkdf-parallel, --unbound, --type, --keyslot-cipher,
+--keyslot-key-size, --key-size, --timeout, --token-id, --token-type,
+--token-only, --new-token-id, --verify-passphrase].
+
+include::man/common_options.adoc[]
+
+== EXAMPLES
+
+*NOTE*: When not specified otherwise interactive passphrase prompt is always default method.
+
+Add new keyslot using interactive passphrase prompt for both existing and new passphrase:
+
+*cryptsetup luksAddKey /dev/device*
+
+Add new keyslot using LUKS2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase:
+
+*cryptsetup luksAddKey --token-only /dev/device*
+
+Add new keyslot using LUKS2 systemd-tpm2 tokens to unlock existing keyslot with interactive passphrase prompt for new passphrase (systemd-tpm2 token plugin must be available):
+
+*cryptsetup luksAddKey --token-type systemd-tpm2 /dev/device*
+
+Add new keyslot using interactive passphrase prompt for existing keyslot, reading new passphrase from key_file:
+
+*cryptsetup luksAddKey --new-keyfile key_file /dev/device* or
+*cryptsetup luksAddKey /dev/device key_file*
+
+Add new keyslot using volume stored in volume_key_file and LUKS2 token in slot 5 to get new keyslot passphrase (token in slot 5 must exist
+and respective token plugin must be available):
+
+*cryptsetup luksAddKey --volume-key-file volume_key_file --new-token-id 5 /dev/device*
+
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksChangeKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSCHANGEKEY:
+
+== Name
+
+cryptsetup-luksChangeKey - change an existing passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksChangeKey_ [<options>] <device> [<new key file>]*
+
+== DESCRIPTION
+
+Changes an existing passphrase. The passphrase to be changed must be
+supplied interactively or via --key-file. The new passphrase can be
+supplied interactively or in a file given as the positional argument.
+
+If a key-slot is specified (via --key-slot), the passphrase for that
+key-slot must be given and the new passphrase will overwrite the
+specified key-slot. If no key-slot is specified and there is still a
+free key-slot, then the new passphrase will be put into a free key-slot
+before the key-slot containing the old passphrase is purged. If there is
+no free key-slot, then the key-slot with the old passphrase is
+overwritten directly.
+
+*WARNING:* If a key-slot is overwritten, a media failure during this
+operation can cause the overwrite to fail after the old passphrase has
+been wiped and make the LUKS container inaccessible.
+
+*NOTE:* some parameters are effective only if used with LUKS2 format
+that supports per-keyslot parameters. For LUKS1, PBKDF type and hash
+algorithm is always the same for all keyslots.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--new-keyfile-offset, --iter-time, --pbkdf, --pbkdf-force-iterations,
+--pbkdf-memory, --pbkdf-parallel, --new-keyfile-size, --key-slot,
+--force-password, --hash, --header, --disable-locks, --type,
+--keyslot-cipher, --keyslot-key-size, --timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksConvertKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSCONVERTKEY:
+
+== Name
+
+cryptsetup-luksConvertKey - converts an existing LUKS2 keyslot to new PBKDF parameters
+
+== SYNOPSIS
+
+*cryptsetup _luksConvertKey_ [<options>] <device>*
+
+== DESCRIPTION
+
+Converts an existing LUKS2 keyslot to new PBKDF parameters. The
+passphrase for keyslot to be converted must be supplied interactively or
+via --key-file. If no --pbkdf parameters are specified LUKS2 default
+PBKDF values will apply.
+
+If a keyslot is specified (via --key-slot), the passphrase for that
+keyslot must be given. If no keyslot is specified and there is still a
+free keyslot, then the new parameters will be put into a free keyslot
+before the keyslot containing the old parameters is purged. If there is
+no free keyslot, then the keyslot with the old parameters is overwritten
+directly.
+
+*WARNING:* If a keyslot is overwritten, a media failure during this
+operation can cause the overwrite to fail after the old parameters have
+been wiped and make the LUKS container inaccessible.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--key-slot, --hash, --header, --disable-locks, --iter-time, --pbkdf,
+--pbkdf-force-iterations, --pbkdf-memory, --pbkdf-parallel,
+--keyslot-cipher, --keyslot-key-size, --timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSDUMP:
+
+== Name
+
+cryptsetup-luksDump - dump the header information of a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a LUKS device.
+
+If the --dump-volume-key option is used, the LUKS device volume key is
+dumped instead of the keyslot info. Together with the --volume-key-file
+option, volume key is dumped to a file instead of standard output.
+Beware that the volume key cannot be changed without reencryption and
+can be used to decrypt the data stored in the LUKS container without a
+passphrase and even without the LUKS header. This means that if the
+volume key is compromised, the whole device has to be erased or
+reencrypted to prevent further access. Use this option carefully.
+
+To dump the volume key, a passphrase has to be supplied, either
+interactively or via --key-file.
+
+To dump unbound key (LUKS2 format only), --unbound parameter, specific
+--key-slot id and proper passphrase has to be supplied, either
+interactively or via --key-file. Optional --volume-key-file parameter
+enables unbound keyslot dump to a file.
+
+To dump LUKS2 JSON metadata (without basic header information like UUID)
+use --dump-json-metadata option.
+
+*<options>* can be [--dump-volume-key, --dump-json-metadata, --key-file,
+--keyfile-offset, --keyfile-size, --header, --disable-locks,
+--volume-key-file, --type, --unbound, --key-slot, --timeout].
+
+*WARNING:* If --dump-volume-key is used with --key-file and the argument
+to --key-file is '-', no validation question will be asked and no
+warning given.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksFormat(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSFORMAT:
+
+== Name
+
+cryptsetup-luksFormat - initialize a LUKS partition and set the initial passphrase
+
+== SYNOPSIS
+
+*cryptsetup _luksFormat_ [<options>] <device> [<key file>]*
+
+== DESCRIPTION
+
+Initializes a LUKS partition and sets the initial passphrase (for
+key-slot 0), either via prompting or via <key file>. Note that if the
+second argument is present, then the passphrase is taken from the file
+given there, without the need to use the --key-file option. Also note
+that for both forms of reading the passphrase from a file you can give
+'-' as file name, which results in the passphrase being read from stdin
+and the safety-question being skipped.
+
+You cannot call luksFormat on a device or filesystem that is mapped or
+in use, e.g., mounted filesystem, used in LVM, active RAID member, etc. The
+device or filesystem has to be un-mounted in order to call luksFormat.
+
+To use specific version of LUKS format, use _--type luks1_ or _type luks2_.
+
+*<options>* can be [--hash, --cipher, --verify-passphrase, --key-size,
+--key-slot, --key-file (takes precedence over optional second argument),
+--keyfile-offset, --keyfile-size, --use-random, --use-urandom, --uuid,
+--volume-key-file, --iter-time, --header, --pbkdf-force-iterations,
+--force-password, --disable-locks, --timeout, --type, --offset,
+--align-payload (deprecated)].
+
+For LUKS2, additional *<options>* can be [--integrity,
+--integrity-no-wipe, --sector-size, --label, --subsystem, --pbkdf,
+--pbkdf-memory, --pbkdf-parallel, --disable-locks, --disable-keyring,
+--luks2-metadata-size, --luks2-keyslots-size, --keyslot-cipher,
+--keyslot-key-size, --integrity-legacy-padding].
+
+*WARNING:* Doing a luksFormat on an existing LUKS container will make
+all data in the old container permanently irretrievable unless you have a
+header backup.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksHeaderBackup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSHEADERBACKUP:
+
+== Name
+
+cryptsetup-luksHeaderBackup - store a binary backup of the LUKS header and keyslot area
+
+== SYNOPSIS
+
+*cryptsetup _luksHeaderBackup_ --header-backup-file <file> [<options>] <device>*
+
+== DESCRIPTION
+
+Stores a binary backup of the LUKS header and keyslot area. +
+*NOTE:* Using '-' as filename writes the header backup to a file named
+'-'.
+
+*<options>* can be [--header, --header-backup-file, --disable-locks].
+
+*WARNING:* This backup file and a passphrase valid at the time of backup
+allows decryption of the LUKS data area, even if the passphrase was
+later changed or removed from the LUKS device. Also note that with a
+header backup you lose the ability to securely wipe the LUKS device by
+just overwriting the header and key-slots. You either need to securely
+erase all header backups in addition or overwrite the encrypted data
+area as well. The second option is less secure, as some sectors can
+survive, e.g., due to defect management.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksHeaderRestore(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSHEADERRESTORE:
+
+== Name
+
+cryptsetup-luksHeaderRestore - restore a binary backup of the LUKS header and keyslot area
+
+== SYNOPSIS
+
+*cryptsetup _luksHeaderRestore_ --header-backup-file <file> [<options>] <device>*
+
+== DESCRIPTION
+
+Restores a binary backup of the LUKS header and keyslot area from the
+specified file. +
+*NOTE:* Using '-' as filename reads the header backup from a file named '-'.
+
+*<options>* can be [--header, --header-backup-file, --disable-locks].
+
+*WARNING:* Header and keyslots will be replaced, only the passphrases
+from the backup will work afterward.
+
+This command requires that the volume key size and data offset of the
+LUKS header already on the device and of the header backup match.
+Alternatively, if there is no LUKS header on the device, the backup will
+also be written to it.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksKillSlot(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSKILLSLOT:
+
+== Name
+
+cryptsetup-luksKillSlot - wipe a key-slot from the LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksKillSlot_ [<options>] <device> <key slot number>*
+
+== DESCRIPTION
+
+Wipe the key-slot number <key slot> from the LUKS device. Except running
+in batch-mode (-q) a remaining passphrase must be supplied, either
+interactively or via --key-file. This command can remove the last
+remaining key-slot, but requires an interactive confirmation when doing
+so. Removing the last passphrase makes a LUKS container permanently
+inaccessible.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--header, --disable-locks, --type, --verify-passphrase, --timeout].
+
+*WARNING:* If you read the passphrase from stdin (without further
+argument or with '-' as an argument to --key-file), batch-mode (-q) will
+be implicitly switched on and no warning will be given when you remove
+the last remaining passphrase from a LUKS container. Removing the last
+passphrase makes the LUKS container permanently inaccessible.
+
+*NOTE:* If there is no passphrase provided (on stdin or through
+--key-file argument) and batch-mode (-q) is active, the key-slot is
+removed without any other warning.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksRemoveKey(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSREMOVEKEY:
+
+== Name
+
+cryptsetup-luksRemoveKey - remove the supplied passphrase from the LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksRemoveKey_ [<options>] <device> [<key file with passphrase to be removed>]*
+
+== DESCRIPTION
+
+Removes the supplied passphrase from the LUKS device. The passphrase to
+be removed can be specified interactively, as the positional argument or
+via --key-file.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--header, --disable-locks, --type, --timeout, --verify-passphrase].
+
+*WARNING:* If you read the passphrase from stdin (without further
+argument or with '-' as an argument to --key-file), batch-mode (-q) will
+be implicitly switched on and no warning will be given when you remove
+the last remaining passphrase from a LUKS container. Removing the last
+passphrase makes the LUKS container permanently inaccessible.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksResume(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSRESUME:
+
+== Name
+
+cryptsetup-luksResume - resume a suspended device and reinstate the key
+
+== SYNOPSIS
+
+*cryptsetup _luksResume_ [<options>] <name>*
+
+== DESCRIPTION
+
+Resumes a suspended device and reinstates the encryption key. Prompts
+interactively for a passphrase if no token is usable (LUKS2 only) or
+--key-file is not given.
+
+*<options>* can be [--key-file, --keyfile-size, --keyfile-offset,
+--key-slot, --header, --disable-keyring, --disable-locks, --token-id,
+--token-only, --token-type, --disable-external-tokens, --type, --tries,
+--timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksSuspend(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSSUSPEND:
+
+== Name
+
+cryptsetup-luksSuspend - suspends an active device and wipes the key
+
+== SYNOPSIS
+
+*cryptsetup _luksSuspend_ [<options>] <name>*
+
+== DESCRIPTION
+
+Suspends an active device (all IO operations will block and accesses to
+the device will wait indefinitely) and wipes the encryption key from
+kernel memory. Needs kernel 2.6.19 or later.
+
+After this operation, you have to use _luksResume_ to reinstate the
+encryption key and unblock the device or _close_ to remove the mapped
+device.
+
+*<options>* can be [--header, --disable-locks].
+
+*WARNING:* Never suspend the device on which the cryptsetup binary
+resides.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-luksUUID(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_LUKSUUID:
+
+== Name
+
+cryptsetup-luksUUID - print or set the UUID of a LUKS device
+
+== SYNOPSIS
+
+*cryptsetup _luksUUID_ [<options>] <device>*
+
+== DESCRIPTION
+
+Print the UUID of a LUKS device. +
+Set new UUID if _--uuid_ option is specified.
+
+*<options>* can be [--header, --uuid, --type, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-open(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_OPEN:
+
+== Name
+
+cryptsetup-open, cryptsetup-create, cryptsetup-plainOpen, cryptsetup-luksOpen, cryptsetup-loopaesOpen, cryptsetup-tcryptOpen, cryptsetup-bitlkOpen, cryptsetup-fvault2Open - open an encrypted device and create a mapping with a specified name
+
+== SYNOPSIS
+
+*cryptsetup _open_ --type <device_type> [<options>] <device> <name>*
+
+== DESCRIPTION
+Opens (creates a mapping with) <name> backed by device <device>.
+
+Device type can be _plain_, _luks_ (default), _luks1_, _luks2_,
+_loopaes_ or _tcrypt_.
+
+For backward compatibility there are *open* command aliases:
+
+*create* (argument-order <name> <device>): open --type plain +
+*plainOpen*: open --type plain +
+*luksOpen*: open --type luks +
+*loopaesOpen*: open --type loopaes +
+*tcryptOpen*: open --type tcrypt +
+*bitlkOpen*: open --type bitlk
+
+*<options>* are type specific and are described below for individual
+device types. For *create*, the order of the <name> and <device> options
+is inverted for historical reasons, all other aliases use the standard
+*<device> <name>* order.
+
+=== PLAIN
+*open --type plain <device> <name>* +
+plainOpen <device> <name> (*old syntax*) +
+create <name> <device> (*OBSOLETE syntax*)
+
+Opens (creates a mapping with) <name> backed by device <device>.
+
+*<options>* can be [--hash, --cipher, --verify-passphrase, --sector-size,
+--key-file, --keyfile-size, --keyfile-offset, --key-size, --offset,
+--skip, --device-size, --size, --readonly, --shared, --allow-discards,
+--refresh, --timeout, --verify-passphrase, --iv-large-sectors].
+
+Example: 'cryptsetup open --type plain /dev/sda10 e1' maps the raw
+encrypted device /dev/sda10 to the mapped (decrypted) device
+/dev/mapper/e1, which can then be mounted, fsck-ed or have a filesystem
+created on it.
+
+=== LUKS
+*open <device> <name>* +
+open --type <luks1|luks2> <device> <name> (*explicit version request*) +
+luksOpen <device> <name> (*old syntax*)
+
+Opens the LUKS device <device> and sets up a mapping <name> after
+successful verification of the supplied passphrase.
+
+First, the passphrase is searched in LUKS2 tokens unprotected by PIN.
+If such token does not exist (or fails to unlock keyslot) and
+also the passphrase is not supplied via --key-file, the command
+prompts for passphrase interactively.
+
+If there is valid LUKS2 token but it requires PIN to unlock assigned keyslot,
+it is not used unless one of following options is added: --token-only,
+--token-type where type matches desired PIN protected token or --token-id with id
+matching PIN protected token.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size,
+--readonly, --test-passphrase, --allow-discards, --header, --key-slot,
+--volume-key-file, --token-id, --token-only, --token-type,
+--disable-external-tokens, --disable-keyring, --disable-locks, --type,
+--refresh, --serialize-memory-hard-pbkdf, --unbound, --tries, --timeout,
+--verify-passphrase, --persistent].
+
+=== loopAES
+*open --type loopaes <device> <name> --key-file <keyfile>* +
+loopaesOpen <device> <name> --key-file <keyfile> (*old syntax*)
+
+Opens the loop-AES <device> and sets up a mapping <name>.
+
+If the key file is encrypted with GnuPG, then you have to use
+--key-file=- and decrypt it before use, e.g., like this: +
+gpg --decrypt <keyfile> | cryptsetup loopaesOpen --key-file=- <device>
+<name>
+
+*WARNING:* The loop-AES extension cannot use the direct input of the key
+file on the real terminal because the keys are separated by end-of-line and
+only part of the multi-key file would be read. +
+If you need it in script, just use the pipe redirection: +
+echo $keyfile | cryptsetup loopaesOpen --key-file=- <device> <name>
+
+Use *--keyfile-size* to specify the proper key length if needed.
+
+Use *--offset* to specify device offset. Note that the units need to be
+specified in number of 512 byte sectors.
+
+Use *--skip* to specify the IV offset. If the original device used an
+offset and but did not use it in IV sector calculations, you have to
+explicitly use *--skip 0* in addition to the offset parameter.
+
+Use *--hash* to override the default hash function for passphrase
+hashing (otherwise it is detected according to key size).
+
+*<options>* can be [--cipher, --key-file, --keyfile-size, --keyfile-offset,
+--key-size, --offset, --skip, --hash, --readonly, --allow-discards, --refresh].
+
+=== TrueCrypt and VeraCrypt
+*open --type tcrypt <device> <name>* +
+tcryptOpen <device> <name> (*old syntax*)
+
+Opens the TCRYPT (TrueCrypt and VeraCrypt compatible) <device> and sets
+up a mapping <name>.
+
+*<options>* can be [--key-file, --tcrypt-hidden, --tcrypt-system,
+--tcrypt-backup, --readonly, --test-passphrase, --allow-discards,
+--veracrypt (ignored), --disable-veracrypt, --veracrypt-pim,
+--veracrypt-query-pim, --header,
+--cipher, --hash, --tries, --timeout, --verify-passphrase].
+
+The keyfile parameter allows a combination of file content with the
+passphrase and can be repeated. Note that using keyfiles is compatible
+with TCRYPT and is different from LUKS keyfile logic.
+
+If *--cipher* or *--hash* options are used, only cipher chains or PBKDF2
+variants with the specified hash algorithms are checked. This could
+speed up unlocking the device (but also it reveals some information
+about the container).
+
+If you use *--header* in combination with hidden or system options, the
+header file must contain specific headers on the same positions as the
+original encrypted container.
+
+*WARNING:* Option *--allow-discards* cannot be combined with option
+*--tcrypt-hidden*. For normal mapping, it can cause the *destruction of
+hidden volume* (hidden volume appears as unused space for outer volume
+so this space can be discarded).
+
+=== BitLocker
+*open --type bitlk <device> <name>* +
+bitlkOpen <device> <name> (*old syntax*)
+
+Opens the BITLK (a BitLocker compatible) <device> and sets up a mapping
+<name>.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size, --key-size,
+--readonly, --test-passphrase, --allow-discards --volume-key-file, --tries,
+--timeout, --verify-passphrase].
+
+=== FileVault2
+*open --type fvault2 <device> <name>* +
+fvault2Open <device> <name> (*old syntax*)
+
+Opens the FVAULT2 (a FileVault2 compatible) <device> and sets up a mapping
+<name>.
+
+*<options>* can be [--key-file, --keyfile-offset, --keyfile-size, --key-size,
+--readonly, --test-passphrase, --allow-discards --volume-key-file, --tries,
+--timeout, --verify-passphrase].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
+++ /dev/null
-.TH CRYPTSETUP-REENCRYPT "8" "January 2021" "cryptsetup-reencrypt" "Maintenance Commands"
-.SH NAME
-cryptsetup-reencrypt - tool for offline LUKS device re-encryption
-.SH SYNOPSIS
-.B cryptsetup-reencrypt <options> <device>
-.SH DESCRIPTION
-.PP
-Cryptsetup-reencrypt can be used to change reencryption parameters
-which otherwise require full on-disk data change (re-encryption).
-
-You can regenerate \fBvolume key\fR (the real key used in on-disk encryption
-unclocked by passphrase), \fBcipher\fR, \fBcipher mode\fR.
-
-Cryptsetup-reencrypt reencrypts data on LUKS device in-place. During
-reencryption process the LUKS device is marked unavailable.
-
-\fINOTE\fR: If you're looking for LUKS2 online reencryption manual please read cryptsetup(8)
-man page instead (see reencrypt action). This page is for legacy offline reencryption
-utility only.
-
-\fIWARNING\fR: The cryptsetup-reencrypt program is not resistant to hardware
-or kernel failures during reencryption (you can lose your data in this case).
-
-\fIALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL.\fR
-.br
-The reencryption can be temporarily suspended (by TERM signal or by
-using ctrl+c) but you need to retain temporary files named LUKS-<uuid>.[log|org|new].
-LUKS device is unavailable until reencryption is finished though.
-
-Current working directory must be writable and temporary
-files created during reencryption must be present.
-
-For more info about LUKS see cryptsetup(8).
-.PP
-.SH OPTIONS
-.TP
-To start (or continue) re-encryption for <device> use:
-.PP
-\fIcryptsetup-reencrypt\fR <device>
-
-\fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher | \-\-keep-key,
-\-\-debug, \-\-device-size, \-\-hash, \-\-header, \-\-iter-time | \-\-pbkdf\-force\-iterations,
-\-\-key-file, \-\-key-size, \-\-key-slot, \-\-keyfile-offset, \-\-keyfile-size,
-\-\-master\-key\-file, \-\-tries, \-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-progress-frequency, \-\-use-directio, \-\-use-random | \-\-use-urandom, \-\-use-fsync,
-\-\-uuid, \-\-verbose, \-\-write-log]
-
-To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR in combination
-with \fI\-\-reduce-device-size\fR or with \fI\-\-header\fR option for detached header.
-
-To remove encryption from device, use \fI\-\-decrypt\fR.
-
-For detailed description of encryption and key file options see \fIcryptsetup(8)\fR
-man page.
-.TP
-.B "\-\-batch-mode, \-q"
-Suppresses all warnings and reencryption progress output.
-.TP
-.B "\-\-block-size, \-B \fIvalue\fR"
-Use re-encryption block size of <value> in MiB.
-
-Values can be between 1 and 64 MiB.
-.TP
-.B "\-\-cipher, \-c" \fI<cipher-spec>\fR
-Set the cipher specification string.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-decrypt"
-Remove encryption (decrypt already encrypted device and remove LUKS header).
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-.TP
-.B "\-\-device-size \fIsize[units]\fR"
-Instead of real device size, use specified value.
-
-It means that only specified area (from the start of the device
-to the specified size) will be reencrypted.
-
-If no unit suffix is specified, the size is in bytes.
-
-Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
-for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
-
-\fBWARNING:\fR This is destructive operation.
-.TP
-.B "\-\-hash, \-h \fI<hash-spec>\fR"
-Specifies the hash used in the LUKS1 key setup scheme and volume key digest.
-
-\fBNOTE:\fR if this parameter is not specified, default hash algorithm is always used
-for new LUKS1 device header.
-
-\fBNOTE:\fR with LUKS2 format this option is only relevant when new keyslot pbkdf algorithm
-is set to PBKDF2 (see \fI\-\-pbkdf\fR).
-.TP
-.B "\-\-header\fR \fI<LUKS header file>\fR"
-Use a detached (separated) metadata device or file where the
-LUKS header is stored. This option allows one to store ciphertext
-and LUKS header on different devices.
-
-\fBWARNING:\fR There is no check whether the ciphertext device specified
-actually belongs to the header given.
-If used with \fI\-\-new\fR option, the header file will created (or overwritten).
-Use with care.
-.TP
-.B "\-\-iter-time, \-i \fI<milliseconds>\fR"
-The number of milliseconds to spend with PBKDF2 passphrase processing for the
-new LUKS header.
-.TP
-.B "\-\-keep-key"
-Do not change encryption key, just reencrypt the LUKS header and keyslots.
-
-This option can be combined only with \fI\-\-hash\fR, \fI\-\-iter-time\fR,
-\fI\-\-pbkdf\-force\-iterations\fR, \fI\-\-pbkdf\fR (LUKS2 only),
-\fI\-\-pbkdf\-memory\fR (Argon2i/id and LUKS2 only) and \fI\-\-pbkdf\-parallel\fR
-(Argon2i/id and LUKS2 only) options.
-.TP
-.B "\-\-key-file, \-d \fIname\fR"
-Read the passphrase from file.
-
-\fBWARNING:\fR \-\-key-file option can be used only if there is only one active keyslot,
-or alternatively, also if \-\-key-slot option is specified (then all other keyslots
-will be disabled in new LUKS device).
-
-If this option is not used, cryptsetup-reencrypt will ask for all active keyslot
-passphrases.
-.TP
-.B "\-\-key-size, \-s \fI<bits>\fR"
-Set key size in bits. The argument has to be a multiple of 8.
-
-The possible key-sizes are limited by the cipher and mode used.
-
-If you are increasing key size, there must be enough space in the LUKS header
-for enlarged keyslots (data offset must be large enough) or reencryption
-cannot be performed.
-
-If there is not enough space for keyslots with new key size,
-you can destructively shrink device with \-\-reduce-device-size option.
-.TP
-.B "\-\-key-slot, \-S <0-MAX>"
-Specify which key slot is used. For LUKS1, max keyslot number is 7. For LUKS2, it's 31.
-
-\fBWARNING:\fR All other keyslots will be disabled if this option is used.
-.TP
-.B "\-\-keyfile-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the beginning of the key file.
-.TP
-.B "\-\-keyfile-size, \-l"
-Read a maximum of \fIvalue\fR bytes from the key file.
-Default is to read the whole file up to the compiled-in
-maximum.
-.TP
-.B "\-\-master\-key\-file"
-Use new volume (master) key stored in a file.
-.TP
-.B "\-\-new, \-N"
-Create new header (encrypt not yet encrypted device).
-
-This option must be used together with \-\-reduce-device-size.
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-.TP
-.B "\-\-pbkdf"
-Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot.
-The PBKDF can be: \fIpbkdf2\fR, \fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id.
-
-For LUKS1, only \fIpbkdf2\fR is accepted (no need to use this option).
-.TP
-.B "\-\-pbkdf\-force\-iterations <num>"
-Avoid PBKDF benchmark and set time cost (iterations) directly.
-.TP
-.B "\-\-pbkdf\-memory <number>"
-Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes).
-Note that it is maximal value, PBKDF benchmark or available physical memory
-can decrease it.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-parallel <number>"
-Set the parallel cost for PBKDF (number of threads, up to 4).
-Note that it is maximal value, it is decreased automatically if
-CPU online count is lower.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with reencryption progress.
-.TP
-.B "\-\-reduce-device-size \fIsize[units]\fR"
-Enlarge data offset to specified value by shrinking device size.
-
-This means that last sectors on the original device will be lost,
-ciphertext data will be effectively shifted by specified
-number of sectors.
-
-It can be useful if you e.g. added some space to underlying
-partition (so last sectors contains no data).
-
-For units suffix see \-\-device-size parameter description.
-
-You cannot shrink device more than by 64 MiB (131072 sectors).
-
-\fBWARNING:\fR This is destructive operation and cannot be reverted.
-Use with extreme care - shrunk filesystems are usually unrecoverable.
-.TP
-.B "\-\-tries, \-T"
-Number of retries for invalid passphrase entry.
-.TP
-.B "\-\-type <type>"
-Use only while encrypting not yet encrypted device (see \-\-new).
-
-Specify LUKS version when performing in-place encryption. If the parameter
-is omitted default value (LUKS1) is used. Type may be one of: \fBluks\fR (default),
-\fBluks1\fR or \fBluks2\fR.
-.TP
-.B "\-\-use-directio"
-Use direct-io (O_DIRECT) for all read/write data operations related
-to block device undergoing reencryption.
-
-Useful if direct-io operations perform better than normal buffered
-operations (e.g. in virtual environments).
-.TP
-.B "\-\-use-fsync"
-Use fsync call after every written block. This applies for reencryption
-log files as well.
-.TP
-.B "\-\-use-random"
-.TP
-.B "\-\-use-urandom"
-Define which kernel random number generator will be used to create the volume key.
-.TP
-.B "\-\-uuid" \fI<uuid>\fR
-Use only while resuming an interrupted decryption process (see \-\-decrypt).
-
-To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new]
-of the interrupted decryption process.
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-write-log"
-Update log file after every block write. This can slow down reencryption
-but will minimize data loss in the case of system crash.
-
-.SH RETURN CODES
-Cryptsetup-reencrypt returns 0 on success and a non-zero value on error.
-
-Error codes are: 1 wrong parameters, 2 no permission,
-3 out of memory, 4 wrong device specified, 5 device already exists
-or device is busy.
-.SH EXAMPLES
-.TP
-Reencrypt /dev/sdb1 (change volume key)
-cryptsetup-reencrypt /dev/sdb1
-.TP
-Reencrypt and also change cipher and cipher mode
-cryptsetup-reencrypt /dev/sdb1 \-c aes-xts-plain64
-.TP
-Add LUKS encryption to not yet encrypted device
-
-First, be sure you have space added to disk.
-
-Or alternatively shrink filesystem in advance.
-.br
-Here we need 4096 512-bytes sectors (enough for 2x128 bit key).
-
-fdisk \-u /dev/sdb # move sdb1 partition end + 4096 sectors
-(or use resize2fs or tool for your filesystem and shrink it)
-
-cryptsetup-reencrypt /dev/sdb1 \-\-new \-\-reduce-device-size 4096S
-.TP
-Remove LUKS encryption completely
-
-cryptsetup-reencrypt /dev/sdb1 \-\-decrypt
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
-.SH COPYRIGHT
-Copyright \(co 2012-2021 Milan Broz
-.br
-Copyright \(co 2012-2021 Red Hat, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
--- /dev/null
+= cryptsetup-reencrypt(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REENCRYPT:
+
+== Name
+
+cryptsetup-reencrypt - reencrypt LUKS encrypted volumes in-place
+
+== SYNOPSIS
+
+*cryptsetup _reencrypt_ [<options>] <device> or --active-name <name> [<new_name>]*
+
+== DESCRIPTION
+
+Run LUKS device reencryption.
+
+There are 3 basic modes of operation:
+
+* device reencryption (_reencrypt_)
+* device encryption (_reencrypt_ --encrypt/--new/-N)
+* device decryption (_reencrypt_ --decrypt)
+
+<device> or --active-name <name> (LUKS2 only) is mandatory parameter.
+
+Cryptsetup _reencrypt_ action can be used to change reencryption parameters
+which otherwise require full on-disk data change (re-encryption). The
+_reencrypt_ action reencrypts data on LUKS device in-place.
+
+You can regenerate *volume key* (the real key used in on-disk encryption
+unclocked by passphrase), *cipher*, *cipher mode* or *encryption sector size*
+(LUKS2 only).
+
+Reencryption process may be safely interrupted by a user via SIGINT
+signal (ctrl+c). Same applies to SIGTERM signal (i.e. issued by systemd
+during system shutdown).
+
+For in-place encryption mode, the _reencrypt_ action additionally takes all
+options available for _luksFormat_ action for respective LUKS version (see
+cryptsetup-luksFormat man page for more details). See *cryptsetup-luksFormat*(8).
+
+*NOTE* that for encrypt and decrypt mode, the whole device must be
+treated as unencrypted -- there are no quarantees of confidentiality as
+part of the device contains plaintext.
+
+*ALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS ACTION ON LUKS DEVICE.*
+
+*<options>* can be [--batch-mode,
+--block-size,
+--cipher,
+--debug,
+--debug-json,
+--decrypt,
+--device-size,
+--disable-locks,
+--encrypt,
+--force-offline-reencrypt,
+--hash,
+--header,
+--hotzone-size,
+--iter-time,
+--init-only,
+--keep-key,
+--key-file,
+--key-size,
+--key-slot,
+--keyfile-offset,
+--keyfile-size,
+--tries,
+--timeout,
+--pbkdf,
+--pbkdf-force-iterations,
+--pbkdf-memory,
+--pbkdf-parallel,
+--progress-frequency,
+--progress-json,
+--reduce-device-size,
+--resilience,
+--resilience-hash,
+--resume-only,
+--sector-size,
+--use-directio,
+--use-random,
+--use-urandom,
+--use-fsync,
+--uuid,
+--verbose,
+--volume-key-file,
+--write-log].
+
+== LUKS2 REENCRYPTION
+
+With <device> parameter cryptsetup looks up active <device> dm mapping.
+If no active mapping is detected, it starts offline LUKS2 reencryption
+otherwise online reencryption takes place.
+
+To resume already initialized or interrupted reencryption, just run the
+cryptsetup _reencrypt_ command again to continue the reencryption
+operation. Reencryption may be resumed with different --resilience or
+--hotzone-size unless implicit datashift resilience mode is used: either
+encrypt mode with --reduce-device-size option or decrypt mode with
+original LUKS2 header exported in --header file.
+
+If the reencryption process was interrupted abruptly (reencryption
+process crash, system crash, poweroff) it may require recovery. The
+recovery is currently run automatically on next activation (action
+_open_) when needed or explicitly by user (action _repair_).
+
+Optional parameter <new_name> takes effect only with encrypt option
+and it activates device <new_name> immediately after encryption
+initialization gets finished. That's useful when device needs to be
+ready as soon as possible and mounted (used) before full data area
+encryption is completed.
+
+== LUKS1 REENCRYPTION
+
+Current working directory must be writable and temporary files created during
+reencryption must be present. During reencryption process the LUKS1 device is
+marked unavailable and must be offline (no dm-crypt mapping or mounted
+filesystem).
+
+*WARNING*: The LUKS1 reencryption code is not resistant to hardware
+or kernel failures during reencryption (you can lose your data in this case).
+
+include::man/common_options.adoc[]
+
+== EXAMPLES
+
+*NOTE*: You may drop *--type luks2* option as long as LUKS2 format is
+default.
+
+=== LUKS2 ENCRYPTION EXAMPLES
+
+Encrypt LUKS2 device (in-place). Make sure last 32 MiB on _/dev/plaintext_
+is unused (e.g.: does not contain filesystem data):
+
+*cryptsetup reencrypt --encrypt --type luks2 --reduce-device-size 32m /dev/plaintext_device*
+
+Encrypt LUKS2 device (in-place) with detached header put in a file:
+
+*cryptsetup reencrypt --encrypt --type luks2 --header my_luks2_header /dev/plaintext_device*
+
+Initialize LUKS2 in-place encryption operation only and activate the device (not yet encrypted):
+
+*cryptsetup reencrypt --encrypt --type luks2 --init-only --reduce-device-size 32m /dev/plaintext_device my_future_luks_device*
+
+Resume online encryption on device initialized in example above:
+
+*cryptsetup reencrypt --resume-only /dev/plaintext_device* or
+*cryptsetup reencrypt --active-name my_future_luks_device*
+
+=== LUKS2 REENCRYPTION EXAMPLES
+
+Reencrypt LUKS2 device (refresh volume key only):
+
+*cryptsetup reencrypt /dev/encrypted_device*
+
+=== LUKS2 DECRYPTION EXAMPLES
+
+Decrypt LUKS2 device with header put in head of data device (header file does not exist):
+
+*cryptsetup reencrypt --decrypt --header /export/header/to/file /dev/encrypted_device*
+
+Decrypt LUKS2 device with detached header (header file exists):
+
+*cryptsetup reencrypt --decrypt --header detached-luks2-header /dev/encrypted_device*
+
+Resume interrupted LUKS2 decryption:
+
+*cryptsetup reencrypt --resume-only --header luks2-hdr-file /dev/encrypted_device*
+
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-refresh(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REFRESH:
+
+== Name
+
+cryptsetup-refresh - refresh parameters of an active mapping
+
+== SYNOPSIS
+
+*cryptsetup _refresh_ [<options>] <name>*
+
+== DESCRIPTION
+
+Refreshes parameters of active mapping <name>.
+
+Updates parameters of active device <name> without the need to deactivate
+the device (and umount filesystem). Currently, it supports parameters
+refresh on following devices: LUKS1, LUKS2 (including authenticated
+encryption), plain crypt and loop-AES.
+
+Mandatory parameters are identical to those of an open action for
+the respective device type.
+
+You may change following parameters on all devices
+--perf-same_cpu_crypt, --perf-submit_from_crypt_cpus,
+--perf-no_read_workqueue, --perf-no_write_workqueue and
+--allow-discards.
+
+Refreshing the device without any optional parameter will refresh the device
+with default setting (respective to device type).
+
+*LUKS2 only:*
+
+The --integrity-no-journal parameter affects only LUKS2 devices with
+the underlying dm-integrity device.
+
+Adding option --persistent stores any combination of device parameters
+above in LUKS2 metadata (only after successful refresh operation).
+
+The --disable-keyring parameter refreshes a device with volume key passed in
+dm-crypt driver.
+
+*<options>* can be [--allow-discards, --perf-same_cpu_crypt, --perf-submit_from_crypt_cpus,
+--perf-no_read_workqueue, --perf-no_write_workqueue, --header, --disable-keyring,
+--disable-locks, --persistent, --integrity-no-journal].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-repair(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_REPAIR:
+
+== Name
+
+cryptsetup-repair - repair the device metadata
+
+== SYNOPSIS
+
+*cryptsetup _repair_ [<options>] <device>*
+
+== DESCRIPTION
+
+Tries to repair the device metadata if possible. Currently supported
+only for LUKS device type.
+
+This command is useful to fix some known benign LUKS metadata header
+corruptions. Only basic corruptions of unused keyslot are fixable. This
+command will only change the LUKS header, not any key-slot data. You may
+enforce LUKS version by adding --type option.
+
+It also repairs (upgrades) LUKS2 reencryption metadata by adding
+a metadata digest that protects it against malicious changes.
+
+If LUKS2 reencryption was interrupted in the middle of writing
+reencryption segment the repair command can be used to perform
+reencryption recovery so that reencryption can continue later.
+Repairing reencryption requires verification of reencryption
+keyslot so passphrase or keyfile is needed.
+
+*<options>* can be [--timeout, --verify-passphrase, --disable-locks,
+--type, --header, --key-file, --keyfile-size, --keyfile-offset, --key-slot].
+
+*WARNING:* Always create a binary backup of the original header before
+calling this command.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-resize(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_RESIZE:
+
+== Name
+
+cryptsetup-resize - resize an active mapping
+
+== SYNOPSIS
+
+*cryptsetup _resize_ [<options>] <name>*
+
+== DESCRIPTION
+
+Resizes an active mapping <name>.
+
+If --size (in 512-bytes sectors) or --device-size are not specified, the
+size is computed from the underlying device. For LUKS it is the size of
+the underlying device without the area reserved for LUKS header (see
+data payload offset in *luksDump* command). For plain crypt device, the
+whole device size is used.
+
+Note that this does not change the raw device geometry, it just changes
+how many sectors of the raw device are represented in the mapped device.
+
+If cryptsetup detected volume key for active device loaded in kernel
+keyring service, resize action would first try to retrieve the key using
+a token. Only if it failed, it'd ask for a passphrase to unlock a
+keyslot (LUKS) or to derive a volume key again (plain mode). The kernel
+keyring is used by default for LUKS2 devices.
+
+*<options>* can be [--size, --device-size, --token-id, --token-only,
+--token-type, --key-slot, --key-file, --keyfile-size, --keyfile-offset,
+--timeout, --disable-external-tokens, --disable-locks, --disable-keyring,
+--verify-passphrase, --timeout].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-ssh(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup-ssh {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+cryptsetup-ssh - manage LUKS2 SSH token
+
+== SYNOPSIS
+
+*cryptsetup-ssh <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Experimental cryptsetup plugin for unlocking LUKS2 devices with token
+connected to an SSH server.
+
+This plugin currently allows only adding a token to an existing key
+slot. See *cryptsetup(8)* for instructions on how to remove, import or
+export the token.
+
+=== Add operation
+
+*add <options> <device>*
+
+Adds the SSH token to *<device>*.
+
+The specified SSH server must contain a key file on the specified path with
+a passphrase for an existing key slot on the device. Provided
+credentials will be used by cryptsetup to get the password when opening
+the device using the token.
+
+Options --ssh-server, --ssh-user, --ssh-keypath and --ssh-path are
+required for this operation.
+
+== OPTIONS
+
+**--key-slot**=_NUM_::
+Keyslot to assign the token to. If not specified, the token will be
+assigned to the first key slot matching provided passphrase.
+
+**--ssh-keypath**=_STRING_::
+Path to the SSH key for connecting to the remote server.
+
+**--ssh-path**=_STRING_::
+Path to the key file on the remote server.
+
+**--ssh-server**=_STRING_::
+IP address/URL of the remote server for this token.
+
+**--ssh-user**=_STRING_::
+Username used for the remote server.
+
+*--debug*::
+Show debug messages
+
+*--debug-json*::
+Show debug messages including JSON metadata
+
+*--verbose, -v*::
+Shows more detailed error messages
+
+*--help, -?*::
+Show help
+
+*--version, -V*::
+Print program version
+
+== NOTES
+
+The information provided when adding the token (SSH server address, user
+and paths) will be stored in the LUKS2 header in plaintext.
+
+== AUTHORS
+
+The cryptsetup-ssh tool is written by Vojtech Trefny.
+
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-status(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_STATUS:
+
+== Name
+
+cryptsetup-status - report the status for a mapping
+
+== SYNOPSIS
+
+*cryptsetup _status_ [<options>] <name>*
+
+== DESCRIPTION
+
+Reports the status for the mapping <name>.
+
+*<options>* can be [--header, --disable-locks].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-tcryptDump(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_TCRYPTDUMP:
+
+== Name
+
+cryptsetup-tcryptDump - dump the header information of a TCRYPT (TrueCrypt or VeraCrypt compatible) device
+
+== SYNOPSIS
+
+*cryptsetup _tcryptDump_ [<options>] <device>*
+
+== DESCRIPTION
+
+Dump the header information of a TCRYPT (TrueCrypt or VeraCrypt compatible) device.
+
+If the --dump-volume-key option is used, the TCRYPT device volume key is
+dumped instead of TCRYPT header info. Beware that the volume key (or
+concatenated volume keys if cipher chain is used) can be used to decrypt
+the data stored in the TCRYPT container without a passphrase. This means
+that if the volume key is compromised, the whole device has to be erased
+to prevent further access. Use this option carefully.
+
+*<options>* can be [--dump-volume-key, --key-file, --tcrypt-hidden,
+--tcrypt-system, --tcrypt-backup, --veracrypt (ignored), --disable-veracrypt,
+--veracrypt-pim, --veracrypt-query-pim, --cipher, --hash, --header,
+--verify-passphrase, --timeout].
+
+The keyfile parameter allows a combination of file content with the
+passphrase and can be repeated.
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
--- /dev/null
+= cryptsetup-token(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+:COMMON_OPTIONS:
+:ACTION_TOKEN:
+
+== Name
+
+cryptsetup-token - manage LUKS2 tokens
+
+== SYNOPSIS
+
+*cryptsetup _token_ <add|remove|import|export|unassign> [<options>] <device>*
+
+== DESCRIPTION
+
+Action _add_ creates a new keyring token to enable auto-activation of the
+device. For the auto-activation, the passphrase must be stored in
+keyring with the specified description. Usually, the passphrase should
+be stored in _user_ or _user-session_ keyring. The _token_ command is
+supported only for LUKS2.
+
+For adding new keyring token, option --key-description is mandatory.
+Also, new token is assigned to key slot specified with --key-slot option
+or to all active key slots in the case --key-slot option is omitted.
+
+To remove existing token, specify the token ID which should be removed
+with --token-id option.
+
+*WARNING:* The action _token remove_ removes any token type, not just
+_keyring_ type from token slot specified by --token-id option.
+
+Action _import_ can store arbitrary valid token json in LUKS2 header. It
+may be passed via standard input or via file passed in --json-file
+option. If you specify --key-slot then successfully imported token is
+also assigned to the key slot.
+
+Action _export_ writes requested token JSON to a file passed with
+--json-file or to standard output.
+
+Action _unassign_ removes token binding to specified keyslot. Both token
+and keyslot must be specified by --token-id and --key-slot parameters.
+
+If --token-id is used with action _add_ or action _import_ and a token
+with that ID already exists, option --token-replace can be used to
+replace the existing token.
+
+*<options>* can be [--header, --token-id, --key-slot, --key-description,
+--disable-external-tokens, --disable-locks, --disable-keyring,
+--json-file, --token-replace, --unbound].
+
+include::man/common_options.adoc[]
+include::man/common_footer.adoc[]
+++ /dev/null
-.TH CRYPTSETUP "8" "January 2021" "cryptsetup" "Maintenance Commands"
-.SH NAME
-cryptsetup - manage plain dm-crypt and LUKS encrypted volumes
-.SH SYNOPSIS
-.B cryptsetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-cryptsetup is used to conveniently setup dm-crypt managed
-device-mapper mappings. These include plain dm-crypt volumes and
-LUKS volumes. The difference is that LUKS uses a metadata header
-and can hence offer more features than plain dm-crypt. On the other
-hand, the header is visible and vulnerable to damage.
-
-In addition, cryptsetup provides limited support for the use of
-loop-AES volumes, TrueCrypt, VeraCrypt and BitLocker compatible volumes.
-
-.SH PLAIN DM-CRYPT OR LUKS?
-.PP
-Unless you understand the cryptographic background well, use LUKS.
-With plain dm-crypt there are a number of possible user errors
-that massively decrease security. While LUKS cannot fix them
-all, it can lessen the impact for many of them.
-.SH WARNINGS
-.PP
-A lot of good information on the risks of using encrypted storage,
-on handling problems and on security aspects can be found in the
-\fICryptsetup FAQ\fR. Read it. Nonetheless, some risks deserve
-to be mentioned here.
-
-\fBBackup:\fR Storage media die. Encryption has no influence on that.
-Backup is mandatory for encrypted data as well, if the data has any
-worth. See the Cryptsetup FAQ for advice on how to do a backup of an
-encrypted volume.
-
-\fBCharacter encoding:\fR If you enter a
-passphrase with special symbols, the passphrase can change
-depending on character encoding. Keyboard settings can also change,
-which can make blind input hard or impossible. For
-example, switching from some ASCII 8-bit variant to UTF-8
-can lead to a different binary encoding and hence different
-passphrase seen by cryptsetup, even if what you see on
-the terminal is exactly the same. It is therefore highly
-recommended to select passphrase characters only from 7-bit
-ASCII, as the encoding for 7-bit ASCII stays the same for
-all ASCII variants and UTF-8.
-
-\fBLUKS header:\fR If the header of a LUKS volume gets damaged,
-all data is permanently lost unless you have a header-backup.
-If a key-slot is damaged, it can only be restored from a header-backup
-or if another active key-slot with known passphrase is undamaged.
-Damaging the LUKS header is something people manage to do with
-surprising frequency. This risk is the result of a trade-off
-between security and safety, as LUKS is designed for fast and
-secure wiping by just overwriting header and key-slot area.
-
-\fBPreviously used partitions:\fR If a partition was previously used,
-it is a very good idea to wipe filesystem signatures, data, etc. before
-creating a LUKS or plain dm-crypt container on it.
-For a quick removal of filesystem signatures, use "wipefs". Take care
-though that this may not remove everything. In particular, MD RAID
-signatures at the end of a device may survive. It also does not
-remove data. For a full wipe, overwrite the whole partition before
-container creation. If you do not know how to do that, the
-cryptsetup FAQ describes several options.
-
-.SH BASIC ACTIONS
-The following are valid actions for all supported device types.
-
-\fIopen\fR <device> <name> \-\-type <device_type>
-.IP
-Opens (creates a mapping with) <name> backed by device <device>.
-
-Device type can be \fIplain\fR, \fIluks\fR (default), \fIluks1\fR, \fIluks2\fR,
-\fIloopaes\fR or \fItcrypt\fR.
-
-For backward compatibility there are \fBopen\fR command aliases:
-
-\fBcreate\fR (argument-order <name> <device>): open \-\-type plain
-.br
-\fBplainOpen\fR: open \-\-type plain
-.br
-\fBluksOpen\fR: open \-\-type luks
-.br
-\fBloopaesOpen\fR: open \-\-type loopaes
-.br
-\fBtcryptOpen\fR: open \-\-type tcrypt
-.br
-\fBbitlkOpen\fR: open \-\-type bitlk
-
-\fB<options>\fR are type specific and are described below
-for individual device types. For \fBcreate\fR, the order of the <name>
-and <device> options is inverted for historical reasons, all other
-aliases use the standard \fB<device> <name>\fR order.
-.PP
-\fIclose\fR <name>
-.IP
-Removes the existing mapping <name> and wipes the key from kernel memory.
-
-For backward compatibility there are \fBclose\fR command aliases:
-\fBremove\fR, \fBplainClose\fR, \fBluksClose\fR, \fBloopaesClose\fR,
-\fBtcryptClose\fR (all behaves exactly the same, device type is
-determined automatically from active device).
-
-\fB<options>\fR can be [\-\-deferred]
-
-.PP
-\fIstatus\fR <name>
-.IP
-Reports the status for the mapping <name>.
-.PP
-\fIresize\fR <name>
-.IP
-Resizes an active mapping <name>.
-
-If \-\-size (in 512-bytes sectors) or \-\-device\-size are not specified,
-the size is computed from the underlying device. For LUKS it is the size
-of the underlying device without the area reserved for LUKS header
-(see data payload offset in \fBluksDump\fR command).
-For plain crypt device, the whole device size is used.
-
-Note that this does not change the raw device geometry, it just
-changes how many sectors of the raw device are represented
-in the mapped device.
-
-If cryptsetup detected volume key for active device loaded in kernel keyring
-service, resize action would first try to retrieve
-the key using a token and only if it failed it'd ask for a passphrase
-to unlock a keyslot (LUKS) or to derive a volume key again (plain mode).
-The kernel keyring is used by default for LUKS2 devices.
-
-With LUKS2 device additional \fB<options>\fR can be [\-\-token\-id, \-\-token\-only,
-\-\-key\-slot, \-\-key\-file, \-\-keyfile\-size, \-\-keyfile\-offset, \-\-timeout,
-\-\-disable\-locks, \-\-disable\-keyring].
-
-.PP
-\fIrefresh\fR <name>
-.IP
-Refreshes parameters of active mapping <name>.
-
-Updates parameters of active device <name> without need to deactivate the device
-(and umount filesystem). Currently it supports parameters refresh on following
-devices: LUKS1, LUKS2 (including authenticated encryption), plain crypt
-and loopaes.
-
-Mandatory parameters are identical to those of an open action for respective
-device type.
-
-You may change following parameters on all devices \-\-perf\-same_cpu_crypt,
-\-\-perf\-submit_from_crypt_cpus, \-\-perf-no_read_workqueue, \-\-perf-no_write_workqueue
-and \-\-allow\-discards.
-
-Refreshing device without any optional parameter will refresh the device
-with default setting (respective to device type).
-
-\fBLUKS2 only:\fR
-
-\-\-integrity\-no\-journal parameter affects only LUKS2 devices with
-underlying dm-integrity device.
-
-Adding option \-\-persistent stores any combination of device parameters
-above in LUKS2 metadata (only after successful refresh operation).
-
-\-\-disable\-keyring parameter refreshes a device with volume key passed
-in dm-crypt driver.
-
-.PP
-\fIreencrypt\fR <device> or --active-name <name> [<new_name>]
-.IP
-Run resilient reencryption (LUKS2 device only).
-
-There are 3 basic modes of operation:
-
-\(bu device reencryption (\fIreencrypt\fR)
-
-\(bu device encryption (\fIreencrypt\fR \-\-encrypt)
-
-\(bu device decryption (\fIreencrypt\fR \-\-decrypt)
-
-<device> or --active-name <name> is mandatory parameter.
-
-With <device> parameter cryptsetup looks up active <device> dm mapping.
-If no active mapping is detected, it starts offline reencryption otherwise online
-reencryption takes place.
-
-Reencryption process may be safely interrupted by a user via SIGTERM signal (ctrl+c).
-
-To resume already initialized or interrupted reencryption, just run the cryptsetup
-\fIreencrypt\fR command again to continue the reencryption operation.
-Reencryption may be resumed with different \-\-resilience or \-\-hotzone\-size unless
-implicit datashift resilience mode is used (reencrypt \-\-encrypt with \-\-reduce-device-size
-option).
-
-If the reencryption process was interrupted abruptly (reencryption process crash, system crash, poweroff)
-it may require recovery. The recovery is currently run automatically on next activation (action \fIopen\fR)
-when needed.
-
-Optional parameter <new_name> takes effect only with \-\-encrypt option and it activates device <new_name>
-immediately after encryption initialization gets finished. That's useful when device needs to be ready
-as soon as possible and mounted (used) before full data area encryption is completed.
-
-Action supports following additional \fB<options>\fR [\-\-encrypt, \-\-decrypt, \-\-device\-size,
-\-\-resilience, \-\-resilience-hash, \-\-hotzone-size, \-\-init\-only, \-\-resume\-only,
-\-\-reduce\-device\-size, \-\-master\-key\-file, \-\-key\-size].
-
-.SH PLAIN MODE
-Plain dm-crypt encrypts the device sector-by-sector with a
-single, non-salted hash of the passphrase. No checks
-are performed, no metadata is used. There is no formatting operation.
-When the raw device is mapped (opened), the usual device operations
-can be used on the mapped device, including filesystem creation.
-Mapped devices usually reside in /dev/mapper/<name>.
-
-The following are valid plain device type actions:
-
-\fIopen\fR \-\-type plain <device> <name>
-.br
-\fIcreate\fR <name> <device> (\fBOBSOLETE syntax\fR)
-.IP
-Opens (creates a mapping with) <name> backed by device <device>.
-
-\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase,
-\-\-sector\-size, \-\-key-file, \-\-keyfile-offset, \-\-key-size,
-\-\-offset, \-\-skip, \-\-size, \-\-readonly, \-\-shared, \-\-allow\-discards,
-\-\-refresh]
-
-Example: 'cryptsetup open \-\-type plain /dev/sda10 e1' maps the raw
-encrypted device /dev/sda10 to the mapped (decrypted) device
-/dev/mapper/e1, which can then be mounted, fsck-ed or have a
-filesystem created on it.
-.SH LUKS EXTENSION
-LUKS, the Linux Unified Key Setup, is a standard for disk encryption.
-It adds a standardized header at the start of the device,
-a key-slot area directly behind the header and the bulk
-data area behind that. The whole set is called a 'LUKS container'.
-The device that a LUKS container resides on is called a 'LUKS device'.
-For most purposes, both terms can be used interchangeably. But
-note that when the LUKS header is at a nonzero offset
-in a device, then the device is not a LUKS device anymore, but
-has a LUKS container stored in it at an offset.
-
-LUKS can manage multiple passphrases that can be individually revoked
-or changed and that can be securely scrubbed from persistent
-media due to the use of anti-forensic stripes. Passphrases
-are protected against brute-force and dictionary
-attacks by PBKDF2, which implements hash iteration and salting
-in one function.
-
-LUKS2 is a new version of header format that allows additional
-extensions like different PBKDF algorithm or authenticated encryption.
-You can format device with LUKS2 header if you specify
-\fI\-\-type luks2\fR in \fIluksFormat\fR command.
-For activation, the format is already recognized automatically.
-
-Each passphrase, also called a
-.B key
-in this document, is associated with one of 8 key-slots.
-Key operations that do not specify a slot affect the first slot
-that matches the supplied passphrase or the first empty slot if
-a new passphrase is added.
-
-The \fB<device>\fR parameter can also be specified by a LUKS UUID in the
-format UUID=<uuid>. Translation to real device name uses symlinks
-in /dev/disk/by-uuid directory.
-
-To specify a detached header, the \fB\-\-header\fR parameter can be used
-in all LUKS commands and always takes precedence over the positional
-\fB<device>\fR parameter.
-
-The following are valid LUKS actions:
-
-\fIluksFormat\fR <device> [<key file>]
-.IP
-Initializes a LUKS partition and sets the initial passphrase
-(for key-slot 0),
-either via prompting or via <key file>. Note that
-if the second argument is present, then the passphrase
-is taken from the file given there, without the need
-to use the \-\-key-file option. Also note that for both forms
-of reading the passphrase from a file you can
-give '-' as file name, which results in the passphrase being read
-from stdin and the safety-question being skipped.
-
-You cannot call luksFormat on a device or filesystem that is mapped or in use,
-e.g. mounted filesysem, used in LVM, active RAID member etc.
-The device or filesystem has to be un-mounted in order to call luksFormat.
-
-To use LUKS2, specify \fI\-\-type luks2\fR.
-
-\fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify\-passphrase,
-\-\-key\-size, \-\-key\-slot,
-\-\-key\-file (takes precedence over optional second argument),
-\-\-keyfile\-offset, \-\-keyfile\-size, \-\-use\-random | \-\-use\-urandom,
-\-\-uuid, \-\-master\-key\-file, \-\-iter\-time, \-\-header,
-\-\-pbkdf\-force\-iterations,
-\-\-force\-password, \-\-disable-locks].
-
-For LUKS2, additional \fB<options>\fR can be
-[\-\-integrity, \-\-integrity\-no\-wipe, \-\-sector\-size,
-\-\-label, \-\-subsystem,
-\-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-disable\-locks, \-\-disable\-keyring,
-\-\-luks2\-metadata\-size, \-\-luks2\-keyslots\-size,
-\-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-
-\fBWARNING:\fR Doing a luksFormat on an existing LUKS container will
-make all data the old container permanently irretrievable unless
-you have a header backup.
-.PP
-\fIopen\fR \-\-type luks <device> <name>
-.br
-\fIluksOpen\fR <device> <name> (\fBold syntax\fR)
-.IP
-Opens the LUKS device <device> and sets up a mapping <name> after
-successful verification of the supplied passphrase.
-
-First, the passphrase is searched in LUKS tokens. If it's not
-found in any token and also the passphrase is not supplied via \-\-key-file,
-the command prompts for it interactively.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
-\-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
-\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh,
-\-\-serialize\-memory\-hard\-pbkdf].
-.PP
-\fIluksSuspend\fR <name>
-.IP
-Suspends an active device (all IO operations will block
-and accesses to the device will wait indefinitely)
-and wipes the encryption
-key from kernel memory. Needs kernel 2.6.19 or later.
-
-After this operation you have to use \fIluksResume\fR to reinstate
-the encryption key and unblock the device or \fIclose\fR to remove
-the mapped device.
-
-\fBWARNING:\fR never suspend the device on which the cryptsetup binary resides.
-
-\fB<options>\fR can be [\-\-header, \-\-disable\-locks].
-.PP
-\fIluksResume\fR <name>
-.IP
-Resumes a suspended device and reinstates the encryption key.
-Prompts interactively for a passphrase if \-\-key-file is not given.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-size, \-\-header,
-\-\-disable\-keyring, \-\-disable\-locks, \-\-type]
-.PP
-\fIluksAddKey\fR <device> [<key file with new key>]
-.IP
-Adds a new passphrase. An existing passphrase must be supplied
-interactively or via \-\-key-file.
-The new passphrase to be added can be specified interactively
-or read from the file given as positional argument.
-
-\fBNOTE:\fR with \-\-unbound option the action creates new unbound
-LUKS2 keyslot. The keyslot cannot be used for device activation.
-If you don't pass new key via \-\-master\-key\-file option,
-new random key is generated. Existing passphrase for any active keyslot
-is not required.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-new\-keyfile\-offset,
-\-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
-\-\-force\-password, \-\-header, \-\-disable\-locks,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-unbound, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-\fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
-.IP
-Removes the supplied passphrase from the LUKS device. The
-passphrase to be removed can be specified interactively,
-as the positional argument or via \-\-key-file.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type]
-
-\fBWARNING:\fR If you read the passphrase from stdin
-(without further argument or with '-' as an argument
-to \-\-key\-file), batch-mode (\-q) will be implicitly
-switched on and no warning will be given when you remove the
-last remaining passphrase from a LUKS container. Removing
-the last passphrase makes the LUKS container permanently
-inaccessible.
-.PP
-\fIluksChangeKey\fR <device> [<new key file>]
-.IP
-Changes an existing passphrase. The passphrase
-to be changed must be supplied interactively or via \-\-key\-file.
-The new passphrase can be supplied interactively or in
-a file given as positional argument.
-
-If a key-slot is specified (via \-\-key-slot), the passphrase
-for that key-slot must be given and the new passphrase
-will overwrite the specified key-slot. If no key-slot
-is specified and there is still a free key-slot, then
-the new passphrase will be put into a free key-slot before the
-key-slot containing the old passphrase is purged. If there is
-no free key-slot, then the key-slot with the old passphrase is
-overwritten directly.
-
-\fBWARNING:\fR If a key-slot is overwritten, a media failure
-during this operation can cause the overwrite to fail after
-the old passphrase has been wiped and make the LUKS container
-inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-new\-keyfile\-offset,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header,
-\-\-disable\-locks, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-.PP
-\fIluksConvertKey\fR <device>
-.IP
-Converts an existing LUKS2 keyslot to new pbkdf parameters. The
-passphrase for keyslot to be converted must be supplied interactively
-or via \-\-key\-file. If no \-\-pbkdf parameters are specified LUKS2
-default pbkdf values will apply.
-
-If a keyslot is specified (via \-\-key\-slot), the passphrase for that
-keyslot must be given. If no keyslot is specified and there is still
-a free keyslot, then the new parameters will be put into a free
-keyslot before the keyslot containing the old parameters is
-purged. If there is no free keyslot, then the keyslot with the old
-parameters is overwritten directly.
-
-\fBWARNING:\fR If a keyslot is overwritten, a media failure during
-this operation can cause the overwrite to fail after the old
-parameters have been wiped and make the LUKS container inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-key\-slot, \-\-header, \-\-disable\-locks,
-\-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-keyslot\-cipher, \-\-keyslot\-key\-size].
-.PP
-\fIluksKillSlot\fR <device> <key slot number>
-.IP
-Wipe the key-slot number <key slot> from the LUKS device. Except running
-in batch-mode (\-q) a remaining passphrase must be supplied,
-either interactively or via \-\-key-file.
-This command can remove the last remaining key-slot, but requires
-an interactive confirmation when doing so. Removing the last
-passphrase makes a LUKS container permanently inaccessible.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size, \-\-header, \-\-disable\-locks, \-\-type].
-
-\fBWARNING:\fR If you read the passphrase from stdin
-(without further argument or with '-' as an argument
-to \-\-key-file), batch-mode (\-q) will be implicitly
-switched on and no warning will be given when you remove the
-last remaining passphrase from a LUKS container. Removing
-the last passphrase makes the LUKS container permanently
-inaccessible.
-
-\fBNOTE:\fR If there is no passphrase provided (on stdin or through
-\-\-key-file argument) and batch-mode (\-q) is active, the
-key-slot is removed without any other warning.
-
-.PP
-\fIerase\fR <device>
-.br
-\fIluksErase\fR <device>
-.IP
-Erase all keyslots and make the LUKS container permanently inaccessible.
-You do not need to provide any password for this operation.
-
-\fBWARNING:\fR This operation is irreversible.
-.PP
-\fIluksUUID\fR <device>
-.IP
-Print the UUID of a LUKS device.
-.br
-Set new UUID if \fI\-\-uuid\fR option is specified.
-.PP
-\fIisLuks\fR <device>
-.IP
-Returns true, if <device> is a LUKS device, false otherwise.
-Use option \-v to get human-readable feedback. 'Command successful.'
-means the device is a LUKS device.
-
-By specifying \-\-type you may query for specific LUKS version.
-.PP
-\fIluksDump\fR <device>
-.IP
-Dump the header information of a LUKS device.
-
-If the \-\-dump\-master\-key option is used, the LUKS device master key is
-dumped instead of the keyslot info. Together with \-\-master\-key\-file option,
-master key is dumped to a file instead of standard output. Beware that the
-master key cannot be changed without reencryption and can be used to decrypt
-the data stored in the LUKS container without a passphrase and even without the
-LUKS header. This means that if the master key is compromised, the whole device
-has to be erased or reencrypted to prevent further access. Use this option carefully.
-
-To dump the master key, a passphrase has to be supplied,
-either interactively or via \-\-key\-file.
-
-To dump unbound key (LUKS2 format only), \-\-unbound parameter, specific \-\-key-slot
-id and proper passphrase has to be supplied, either interactively or via \-\-key\-file.
-Optional \-\-master\-key\-file parameter enables unbound keyslot dump to a file.
-
-\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
-\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header, \-\-disable\-locks,
-\-\-master\-key\-file, \-\-type, \-\-unbound, \-\-key-slot].
-
-\fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
-and the argument to \-\-key\-file is '-', no validation question
-will be asked and no warning given.
-.PP
-\fIluksHeaderBackup\fR <device> \-\-header\-backup\-file <file>
-.IP
-Stores a binary backup of the LUKS header and keyslot area.
-.br
-Note: Using '-' as filename writes the header backup to a file named '-'.
-
-\fBWARNING:\fR This backup file and a passphrase valid
-at the time of backup allows decryption of the
-LUKS data area, even if the passphrase was later changed or
-removed from the LUKS device. Also note that with a header
-backup you lose the ability to securely wipe the LUKS
-device by just overwriting the header and key-slots. You
-either need to securely erase all header backups in
-addition or overwrite the encrypted data area as well.
-The second option is less secure, as some sectors
-can survive, e.g. due to defect management.
-.PP
-\fIluksHeaderRestore\fR <device> \-\-header\-backup\-file <file>
-.IP
-Restores a binary backup of the LUKS header and keyslot area
-from the specified file.
-.br
-Note: Using '-' as filename reads the header backup from a file named '-'.
-
-\fBWARNING:\fR Header and keyslots will be replaced, only
-the passphrases from the backup will work afterward.
-
-This command requires that the master key size and data offset
-of the LUKS header already on the device and of the header backup
-match. Alternatively, if there is no LUKS header on the device,
-the backup will also be written to it.
-.PP
-\fItoken\fR <add|remove|import|export> <device>
-.IP
-Action \fIadd\fR creates new keyring token to enable auto-activation of the device.
-For the auto-activation, the passphrase must be stored in keyring with the specified
-description. Usually, the passphrase should be stored in \fIuser\fR or
-\fIuser-session\fR keyring.
-The \fItoken\fR command is supported only for LUKS2.
-
-For adding new keyring token, option \-\-key\-description is mandatory.
-Also, new token is assigned to key slot specified with \-\-key\-slot option or to all
-active key slots in the case \-\-key\-slot option is omitted.
-
-To remove existing token, specify the token ID which should be removed with
-\-\-token\-id option.
-
-\fBWARNING:\fR The action \fItoken remove\fR removes any token type, not just \fIkeyring\fR
-type from token slot specified by \-\-token\-id option.
-
-Action \fIimport\fR can store arbitrary valid token json in LUKS2 header. It may be passed via
-standard input or via file passed in \-\-json\-file option. If you specify \-\-key\-slot then
-successfully imported token is also assigned to the key slot.
-
-Action \fIexport\fR writes requested token json to a file passed with \-\-json\-file or
-to standard output.
-
-\fB<options>\fR can be [\-\-header, \-\-token\-id, \-\-key\-slot, \-\-key\-description,
-\-\-disable\-locks, \-\-disable\-keyring, \-\-json\-file].
-.PP
-\fIconvert\fR <device> \-\-type <format>
-.IP
-Converts the device between LUKS1 and LUKS2 format (if possible).
-The conversion will not be performed if there is an additional LUKS2 feature or LUKS1 has
-unsupported header size.
-
-Conversion (both directions) must be performed on inactive device. There must not be active
-dm-crypt mapping established for LUKS header requested for conversion.
-
-\fB\-\-type\fR option is mandatory with following accepted values: \fIluks1\fR or \fIluks2\fR.
-
-\fBWARNING:\fR The \fIconvert\fR action can destroy the LUKS header in the case of a crash
-during conversion or if a media error occurs.
-Always create a header backup before performing this operation!
-
-\fB<options>\fR can be [\-\-header, \-\-type].
-.PP
-\fIconfig\fR <device>
-.IP
-Set permanent configuration options (store to LUKS header).
-The \fIconfig\fR command is supported only for LUKS2.
-
-The permanent options can be \fI\-\-priority\fR to set priority (normal, prefer, ignore)
-for keyslot (specified by \fI\-\-key\-slot\fR) or \fI\-\-label\fR and \fI\-\-subsystem\fR.
-
-\fB<options>\fR can be [\-\-priority, \-\-label, \-\-subsystem, \-\-key\-slot, \-\-header].
-
-.SH loop-AES EXTENSION
-cryptsetup supports mapping loop-AES encrypted partition using
-a compatibility mode.
-.PP
-\fIopen\fR \-\-type loopaes <device> <name> \-\-key\-file <keyfile>
-.br
-\fIloopaesOpen\fR <device> <name> \-\-key\-file <keyfile> (\fBold syntax\fR)
-.IP
-Opens the loop-AES <device> and sets up a mapping <name>.
-
-If the key file is encrypted with GnuPG, then you have to use
-\-\-key\-file=\- and decrypt it before use, e.g. like this:
-.br
-gpg \-\-decrypt <keyfile> | cryptsetup loopaesOpen \-\-key\-file=\-
-<device> <name>
-
-\fBWARNING:\fR The loop-AES extension cannot use the direct input of key file
-on real terminal because the keys are separated by end-of-line and only part
-of the multi-key file would be read.
-.br
-If you need it in script, just use the pipe redirection:
-.br
-echo $keyfile | cryptsetup loopaesOpen \-\-key\-file=\- <device> <name>
-
-Use \fB\-\-keyfile\-size\fR to specify the proper key length if needed.
-
-Use \fB\-\-offset\fR to specify device offset. Note that the units
-need to be specified in number of 512 byte sectors.
-
-Use \fB\-\-skip\fR to specify the IV offset. If the original device
-used an offset and but did not use it in IV sector calculations,
-you have to explicitly use \fB\-\-skip 0\fR in addition to the offset
-parameter.
-
-Use \fB\-\-hash\fR to override the default hash function for
-passphrase hashing (otherwise it is detected according to key
-size).
-
-\fB<options>\fR can be [\-\-key\-file, \-\-key\-size, \-\-offset, \-\-skip,
-\-\-hash, \-\-readonly, \-\-allow\-discards, \-\-refresh].
-.PP
-See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR
-for more information regarding loop-AES.
-.SH TCRYPT (TrueCrypt-compatible and VeraCrypt) EXTENSION
-cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt
-(with \fB\-\-veracrypt\fR option) encrypted partition
-using a native Linux kernel API.
-Header formatting and TCRYPT header change is not supported, cryptsetup
-never changes TCRYPT header on-device.
-
-TCRYPT extension requires kernel userspace
-crypto API to be available (introduced in Linux kernel 2.6.38).
-If you are configuring kernel yourself, enable
-"User-space interface for symmetric key cipher algorithms" in
-"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
-
-Because TCRYPT header is encrypted, you have to always provide valid
-passphrase and keyfiles.
-
-Cryptsetup should recognize all header variants, except legacy cipher chains
-using LRW encryption mode with 64 bits encryption block (namely Blowfish
-in LRW mode is not recognized, this is limitation of kernel crypto API).
-
-To recognize a VeraCrypt device use the \fB\-\-veracrypt\fR option.
-VeraCrypt is just extension of TrueCrypt header with increased
-iteration count so unlocking can take quite a lot of time (in comparison
-with TCRYPT device).
-
-To open a VeraCrypt device with a custom Personal Iteration Multiplier (PIM)
-value, \fBadditionally to \-\-veracrypt \fR use either the
-\fB\-\-veracrypt\-pim=<PIM>\fR option to directly specify the PIM on the command-
-line or use \fB\-\-veracrypt\-query\-pim\fR to be prompted for the PIM.
-
-The PIM value affects the number of iterations applied during key derivation. Please refer to
-\fBhttps://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html\fR
-for more detailed information.
-
-\fBNOTE:\fR Activation with \fBtcryptOpen\fR is supported only for cipher chains
-using LRW or XTS encryption modes.
-
-The \fBtcryptDump\fR command should work for all recognized TCRYPT devices
-and doesn't require superuser privilege.
-
-To map system device (device with boot loader where the whole encrypted
-system resides) use \fB\-\-tcrypt\-system\fR option.
-You can use partition device as the parameter (parameter must be real partition
-device, not an image in a file), then only this partition is mapped.
-
-If you have the whole TCRYPT device as a file image and you want to map multiple
-partition encrypted with system encryption, please create loopback mapping
-with partitions first (\fBlosetup \-P\fR, see \fPlosetup(8)\fR man page for more info),
-and use loop partition as the device parameter.
-
-If you use the whole base device as a parameter, one device for the whole system
-encryption is mapped. This mode is available only for backward compatibility
-with older cryptsetup versions which mapped TCRYPT system encryption
-using the whole device.
-
-To use hidden header (and map hidden device, if available),
-use \fB\-\-tcrypt\-hidden\fR option.
-
-To explicitly use backup (secondary) header, use \fB\-\-tcrypt\-backup\fR
-option.
-
-\fBNOTE:\fR There is no protection for a hidden volume if
-the outer volume is mounted. The reason is that if there
-were any protection, it would require some metadata describing
-what to protect in the outer volume and the hidden volume would
-become detectable.
-
-.PP
-\fIopen\fR \-\-type tcrypt <device> <name>
-.br
-\fItcryptOpen\fR <device> <name> (\fBold syntax\fR)
-.IP
-Opens the TCRYPT (a TrueCrypt-compatible) <device> and sets up
-a mapping <name>.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-tcrypt\-hidden,
-\-\-tcrypt\-system, \-\-tcrypt\-backup, \-\-readonly, \-\-test\-passphrase,
-\-\-allow-discards, \-\-veracrypt, \-\-veracrypt\-pim, \-\-veracrypt\-query\-pim,
-\-\-header].
-
-The keyfile parameter allows a combination of file content with the
-passphrase and can be repeated. Note that using keyfiles is compatible
-with TCRYPT and is different from LUKS keyfile logic.
-
-If you use \fB\-\-header\fR in combination with hidden or system options,
-the header file must contain specific headers on the same positions as the original
-encrypted container.
-
-\fBWARNING:\fR Option \fB\-\-allow\-discards\fR cannot be combined with
-option \fB\-\-tcrypt\-hidden\fR. For normal mapping, it can cause
-the \fBdestruction of hidden volume\fR (hidden volume appears as unused space
-for outer volume so this space can be discarded).
-
-.PP
-\fItcryptDump\fR <device>
-.IP
-Dump the header information of a TCRYPT device.
-
-If the \-\-dump\-master\-key option is used, the TCRYPT device master key
-is dumped instead of TCRYPT header info. Beware that the master key
-(or concatenated master keys if cipher chain is used)
-can be used to decrypt the data stored in the TCRYPT container without
-a passphrase.
-This means that if the master key is compromised, the whole device has
-to be erased to prevent further access. Use this option carefully.
-
-\fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
-\-\-tcrypt\-hidden, \-\-tcrypt\-system, \-\-tcrypt\-backup].
-
-The keyfile parameter allows a combination of file content with the
-passphrase and can be repeated.
-.PP
-See also \fBhttps://en.wikipedia.org/wiki/TrueCrypt\fR for more information regarding
-TrueCrypt.
-
-Please note that cryptsetup does not use TrueCrypt code, please report
-all problems related to this compatibility extension to the cryptsetup project.
-
-.SH BITLK (Windows BitLocker-compatible) EXTENSION (EXPERIMENTAL)
-cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted partition
-using a native Linux kernel API.
-Header formatting and BITLK header changes are not supported, cryptsetup
-never changes BITLK header on-device.
-
-\fBWARNING:\fR This extension is EXPERIMENTAL.
-
-BITLK extension requires kernel userspace crypto API to be available
-(for details see TCRYPT section).
-
-Cryptsetup should recognize all BITLK header variants, except legacy
-header used in Windows Vista systems and partially decrypted BitLocker devices.
-Activation of legacy devices encrypted in CBC mode requires at least
-Linux kernel version 5.3 and for devices using Elephant diffuser kernel 5.6.
-
-The \fBbitlkDump\fR command should work for all recognized BITLK devices
-and doesn't require superuser privilege.
-
-For unlocking with the \fBopen\fR a password or a recovery passphrase must
-be provided. Other unlocking methods (TPM, SmartCard) are not supported.
-
-.PP
-\fIopen\fR \-\-type bitlk <device> <name>
-.br
-\fIbitlkOpen\fR <device> <name> (\fBold syntax\fR)
-.IP
-Opens the BITLK (a BitLocker-compatible) <device> and sets up
-a mapping <name>.
-
-\fB<options>\fR can be [\-\-key\-file, \-\-readonly, \-\-test\-passphrase,
-\-\-allow-discards].
-
-.PP
-\fIbitlkDump\fR <device>
-.IP
-Dump the header information of a BITLK device.
-
-Please note that cryptsetup does not use any Windows BitLocker code, please report
-all problems related to this compatibility extension to the cryptsetup project.
-.SH MISCELLANEOUS
-.PP
-\fIrepair\fR <device>
-.IP
-Tries to repair the device metadata if possible. Currently supported only
-for LUKS device type.
-
-This command is useful to fix some known benign LUKS metadata
-header corruptions. Only basic corruptions of unused keyslot
-are fixable. This command will only change the LUKS header, not
-any key-slot data. You may enforce LUKS version by adding \-\-type
-option.
-
-It also repairs (upgrades) LUKS2 reencryption metadata by adding
-metadata digest that protects it against malicious changes.
-
-If LUKS2 reencryption was interrupted in the middle of writting
-reencryption segment the repair command can be used to perform
-reencryption recovery so that reencryption can continue later.
-
-\fBWARNING:\fR Always create a binary backup of the original
-header before calling this command.
-.PP
-\fIbenchmark\fR <options>
-.IP
-Benchmarks ciphers and KDF (key derivation function).
-Without parameters, it tries to measure few common configurations.
-
-To benchmark other ciphers or modes, you need to specify \fB\-\-cipher\fR
-and \fB\-\-key\-size\fR options or \fB\-\-hash\fR for KDF test.
-
-\fBNOTE:\fR This benchmark is using memory only and is only informative.
-You cannot directly predict real storage encryption speed from it.
-
-For testing block ciphers, this benchmark requires kernel userspace
-crypto API to be available (introduced in Linux kernel 2.6.38).
-If you are configuring kernel yourself, enable
-"User-space interface for symmetric key cipher algorithms" in
-"Cryptographic API" section (CRYPTO_USER_API_SKCIPHER .config option).
-
-\fB<options>\fR can be [\-\-cipher, \-\-key\-size, \-\-hash].
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug or \-\-debug\-json"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed.
-.TP
-.B "\-\-type <device-type>
-Specifies required device type, for more info read \fIBASIC ACTIONS\fR section.
-.TP
-.B "\-\-hash, \-h \fI<hash\-spec>\fR"
-Specifies the passphrase hash for \fIopen\fR (for plain and
-loopaes device types).
-
-Specifies the hash used in the LUKS key setup scheme and volume key digest
-for \fIluksFormat\fR. The specified hash is used as hash-parameter
-for PBKDF2 and for the AF splitter.
-
-The specified hash name is passed to the compiled-in crypto backend.
-Different backends may support different hashes.
-For \fIluksFormat\fR, the hash
-algorithm must provide at least 160 bits of output, which
-excludes, e.g., MD5. Do not use a non-crypto hash like
-\fB"crc32"\fR as this breaks security.
-
-Values compatible with old version of cryptsetup are
-\fB"ripemd160"\fR for \fIopen \-\-type plain\fR and
-\fB"sha1"\fR for \fIluksFormat\fR.
-
-Use \fIcryptsetup \-\-help\fR to show the defaults.
-.TP
-.B "\-\-cipher, \-c \fI<cipher\-spec>\fR"
-Set the cipher specification string.
-
-\fIcryptsetup \-\-help\fR shows the compiled-in defaults.
-The current default in the distributed sources is
-"aes-cbc-essiv:sha256" for plain dm-crypt and
-"aes-xts-plain64" for LUKS.
-
-If a hash is part of the cipher specification, then it is
-used as part of the IV generation. For example, ESSIV
-needs a hash function, while "plain64" does not and
-hence none is specified.
-
-For XTS mode you can optionally set a key size of
-512 bits with the \-s option. Key size for XTS
-mode is twice that for other modes for the same
-security level.
-
-XTS mode requires kernel 2.6.24 or later and plain64 requires
-kernel 2.6.33 or later. More information can be found in the FAQ.
-.TP
-.B "\-\-verify-passphrase, \-y"
-When interactively asking for a passphrase, ask for it twice
-and complain if both inputs do not match. Advised when creating
-a regular mapping for the first time, or when running
-\fIluksFormat\fR. Ignored on input from file or stdin.
-.TP
-.B "\-\-key-file, \-d \fIname\fR"
-Read the passphrase from file.
-
-If the name given is "-", then the passphrase will be read from stdin.
-In this case, reading will not stop at newline characters.
-
-With LUKS, passphrases supplied via \-\-key\-file are always
-the existing passphrases requested by a command, except in
-the case of \fIluksFormat\fR where \-\-key\-file is equivalent
-to the positional key file argument.
-
-If you want to set a new passphrase via key file, you have to
-use a positional argument to \fIluksAddKey\fR.
-
-See section \fBNOTES ON PASSPHRASE PROCESSING\fR for more information.
-.TP
-.B "\-\-keyfile\-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the beginning of the key file.
-Works with all commands that accept key files.
-.TP
-.B "\-\-keyfile\-size, \-l \fIvalue\fR"
-Read a maximum of \fIvalue\fR bytes from the key file.
-The default is to read the whole file up to the compiled-in
-maximum that can be queried with \-\-help. Supplying more
-data than the compiled-in maximum aborts the operation.
-
-This option is useful
-to cut trailing newlines, for example. If \-\-keyfile\-offset
-is also given, the size count starts after the offset.
-Works with all commands that accept key files.
-.TP
-.B "\-\-new\-keyfile\-offset \fIvalue\fR"
-Skip \fIvalue\fR bytes at the start when
-adding a new passphrase from key file with
-\fIluksAddKey\fR.
-.TP
-.B "\-\-new\-keyfile\-size \fIvalue\fR"
-Read a maximum of \fIvalue\fR bytes when adding
-a new passphrase from key file with \fIluksAddKey\fR.
-The default is to read the whole file up to the compiled-in
-maximum length that can be queried with \-\-help.
-Supplying more than the compiled in maximum aborts the
-operation.
-When \-\-new\-keyfile\-offset is also given, reading starts
-after the offset.
-.TP
-.B "\-\-master\-key\-file"
-Use a master key stored in a file.
-
-For \fIluksFormat\fR this
-allows creating a LUKS header with this specific
-master key. If the master key was taken from an existing
-LUKS header and all other parameters are the same,
-then the new header decrypts the data encrypted with the
-header the master key was taken from.
-
-Action \fIluksDump\fR together with \-\-dump\-master\-key
-option: The volume (master) key is stored in a file instead of
-being printed out to standard output.
-
-\fBWARNING:\fR If you create your own master key, you
-need to make sure to do it right. Otherwise, you can end
-up with a low-entropy or otherwise partially predictable
-master key which will compromise security.
-
-For \fIluksAddKey\fR this allows adding a new passphrase
-without having to know an existing one.
-
-For \fIopen\fR this allows one to open the LUKS device
-without giving a passphrase.
-.TP
-.B "\-\-dump\-master\-key"
-For \fIluksDump\fR this option includes the master key in the displayed
-information. Use with care, as the master key can be used to
-bypass the passphrases, see also option \-\-master\-key\-file.
-.TP
-.B "\-\-json\-file"
-Read token json from a file or write token to it. See \fItoken\fR action for more
-information. \-\-json\-file=- reads json from standard input or writes it to
-standard output respectively.
-.TP
-.B "\-\-use\-random"
-.TP
-.B "\-\-use\-urandom"
-For \fIluksFormat\fR these options define which kernel random number
-generator will be used to create the master key (which is a
-long-term key).
-
-See \fBNOTES ON RANDOM NUMBER GENERATORS\fR for more
-information. Use \fIcryptsetup \-\-help\fR
-to show the compiled-in default random number generator.
-
-\fBWARNING:\fR In a low-entropy situation (e.g. in an
-embedded system), both selections are problematic.
-Using /dev/urandom can lead to weak keys.
-Using /dev/random can block a long time, potentially
-forever, if not enough entropy can be harvested by
-the kernel.
-.TP
-.B "\-\-key\-slot, \-S <0\-7>"
-For LUKS operations that add key material, this options allows you
-to specify which key slot is selected for the new key.
-This option can be used for \fIluksFormat\fR,
-and \fIluksAddKey\fR.
-.br
-In addition, for \fIopen\fR, this option selects a
-specific key-slot to compare the passphrase against.
-If the given passphrase would only match a different key-slot,
-the operation fails.
-.TP
-.B "\-\-key\-size, \-s <bits>"
-Sets key size in bits. The argument has to be a multiple of
-8. The possible key-sizes are limited by the cipher and
-mode used.
-
-See /proc/crypto for more information. Note that key-size
-in /proc/crypto is stated in bytes.
-
-This option can be used for \fIopen \-\-type plain\fR or \fIluksFormat\fR.
-All other LUKS actions will use the key-size specified in the LUKS header.
-Use \fIcryptsetup \-\-help\fR to show the compiled-in defaults.
-.TP
-.B "\-\-size, \-b <number of 512 byte sectors>"
-Set the size of the device in sectors of 512 bytes.
-This option is only relevant for the \fIopen\fR and \fIresize\fR
-actions.
-.TP
-.B "\-\-offset, \-o <number of 512 byte sectors>"
-Start offset in the backend device in 512-byte sectors.
-This option is only relevant for the \fIopen\fR action with plain
-or loopaes device types or for LUKS devices in \fIluksFormat\fR.
-
-For LUKS, the \-\-offset option sets the data offset (payload) of data
-device and must be be aligned to 4096-byte sectors (must be multiple of 8).
-This option cannot be combined with \-\-align\-payload option.
-.TP
-.B "\-\-skip, \-p <number of 512 byte sectors>"
-Start offset used in IV calculation in 512-byte sectors
-(how many sectors of the encrypted data to skip at the beginning).
-This option is only relevant for the \fIopen\fR action with plain
-or loopaes device types.
-
-Hence, if \-\-offset \fIn\fR, and \-\-skip \fIs\fR, sector \fIn\fR
-(the first sector of the encrypted device) will get a sector number
-of \fIs\fR for the IV calculation.
-.TP
-.B "\-\-device\-size \fIsize[units]\fR"
-Instead of real device size, use specified value.
-
-With \fIreencrypt\fR action it means that only specified area
-(from the start of the device to the specified size) will be
-reencrypted.
-
-With \fIresize\fR action it sets new size of the device.
-
-If no unit suffix is specified, the size is in bytes.
-
-Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
-for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
-
-\fBWARNING:\fR This is destructive operation when used with reencrypt command.
-.TP
-.B "\-\-readonly, \-r"
-set up a read-only mapping.
-.TP
-.B "\-\-shared"
-Creates an additional mapping for one common
-ciphertext device. Arbitrary mappings are supported.
-This option is only relevant for the
-\fIopen \-\-type plain\fR action. Use \-\-offset, \-\-size and \-\-skip to
-specify the mapped area.
-.TP
-.B "\-\-pbkdf <PBKDF spec>"
-Set Password-Based Key Derivation Function (PBKDF) algorithm for LUKS keyslot.
-The PBKDF can be: \fIpbkdf2\fR (for PBKDF2 according to RFC2898),
-\fIargon2i\fR for Argon2i or \fIargon2id\fR for Argon2id
-(see https://www.cryptolux.org/index.php/Argon2 for more info).
-
-For LUKS1, only PBKDF2 is accepted (no need to use this option).
-The default PBKDF2 for LUKS2 is set during compilation time
-and is available in \fIcryptsetup \-\-help\fR output.
-
-A PBKDF is used for increasing dictionary and brute-force attack cost
-for keyslot passwords. The parameters can be time, memory and parallel cost.
-
-For PBKDF2, only time cost (number of iterations) applies.
-For Argon2i/id, there is also memory cost (memory required during
-the process of key derivation) and parallel cost (number of threads
-that run in parallel during the key derivation.
-
-Note that increasing memory cost also increases time, so the final
-parameter values are measured by a benchmark. The benchmark
-tries to find iteration time (\fI\-\-iter\-time\fR) with required
-memory cost \fI\-\-pbkdf\-memory\fR. If it is not possible,
-the memory cost is decreased as well.
-The parallel cost \fI\-\-pbkdf\-parallel\fR is constant, is is checked
-against available CPU cores (if not available, it is decreased) and the maximum
-parallel cost is 4.
-
-You can see all PBKDF parameters for particular LUKS2 keyslot with
-\fIluksDump\fR command.
-
-\fBNOTE:\fR If you do not want to use benchmark and want to specify
-all parameters directly, use \fI\-\-pbkdf\-force\-iterations\fR with
-\fI\-\-pbkdf\-memory\fR and \fI\-\-pbkdf\-parallel\fR.
-This will override the values without benchmarking.
-Note it can cause extremely long unlocking time. Use only in specific
-cases, for example, if you know that the formatted device will
-be used on some small embedded system.
-In this case, the LUKS PBKDF2 digest will be set to the minimum iteration count.
-.TP
-.B "\-\-iter\-time, \-i <number of milliseconds>"
-The number of milliseconds to spend with PBKDF passphrase processing.
-This option is only relevant for LUKS operations that set or change
-passphrases, such as \fIluksFormat\fR or \fIluksAddKey\fR.
-Specifying 0 as parameter selects the compiled-in default.
-.TP
-.B "\-\-pbkdf\-memory <number>"
-Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes).
-Note that it is maximal value, PBKDF benchmark or available physical memory
-can decrease it.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-parallel <number>"
-Set the parallel cost for PBKDF (number of threads, up to 4).
-Note that it is maximal value, it is decreased automatically if
-CPU online count is lower.
-This option is not available for PBKDF2.
-.TP
-.B "\-\-pbkdf\-force\-iterations <num>"
-Avoid PBKDF benchmark and set time cost (iterations) directly.
-It can be used for LUKS/LUKS2 device only.
-See \fI\-\-pbkdf\fR option for more info.
-.TP
-.B "\-\-batch\-mode, \-q"
-Suppresses all confirmation questions. Use with care!
-
-If the \-y option is not specified, this option also switches off
-the passphrase verification for \fIluksFormat\fR.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with wipe progress.
-.TP
-.B "\-\-timeout, \-t <number of seconds>"
-The number of seconds to wait before timeout on passphrase input
-via terminal. It is relevant every time a passphrase is asked,
-for example for \fIopen\fR, \fIluksFormat\fR or \fIluksAddKey\fR.
-It has no effect if used in conjunction with \-\-key-file.
-.br
-This option is useful when the system
-should not stall if the user does not input a passphrase,
-e.g. during boot. The default is a value of 0 seconds,
-which means to wait forever.
-.TP
-.B "\-\-tries, \-T"
-How often the input of the passphrase shall be retried.
-This option is relevant
-every time a passphrase is asked, for example for
-\fIopen\fR, \fIluksFormat\fR or \fIluksAddKey\fR.
-The default is 3 tries.
-.TP
-.B "\-\-align\-payload <number of 512 byte sectors>"
-Align payload at a boundary of \fIvalue\fR 512-byte sectors.
-This option is relevant for \fIluksFormat\fR.
-
-If not specified, cryptsetup tries to use the topology info
-provided by the kernel for the underlying device to get the optimal alignment.
-If not available (or the calculated value is a multiple of the default)
-data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte sectors).
-
-For a detached LUKS header, this option specifies the offset on the
-data device. See also the \-\-header option.
-
-\fBWARNING:\fR This option is DEPRECATED and has often unexpected impact
-to the data offset and keyslot area size (for LUKS2) due to the complex rounding.
-For fixed data device offset use \fI\-\-offset\fR option instead.
-
-.TP
-.B "\-\-uuid=\fIUUID\fR"
-Use the provided \fIUUID\fR for the \fIluksFormat\fR command
-instead of generating a new one. Changes the existing UUID when
-used with the \fIluksUUID\fR command.
-
-The UUID must be provided in the standard UUID format,
-e.g. 12345678-1234-1234-1234-123456789abc.
-.TP
-.B "\-\-allow\-discards\fR"
-Allow the use of discard (TRIM) requests for the device.
-This option is only relevant for \fIopen\fR action.
-This is also not supported for LUKS2 devices with data integrity protection.
-
-\fBWARNING:\fR This command can have a negative security impact
-because it can make filesystem-level operations visible on
-the physical device. For example, information leaking
-filesystem type, used space, etc. may be extractable from
-the physical device if the discarded blocks can be located
-later. If in doubt, do not use it.
-
-A kernel version of 3.1 or later is needed. For earlier kernels,
-this option is ignored.
-.TP
-.B "\-\-perf\-same_cpu_crypt\fR"
-Perform encryption using the same cpu that IO was submitted on.
-The default is to use an unbound workqueue so that encryption work
-is automatically balanced between available CPUs.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR This option is available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 4.0 or later.
-.TP
-.B "\-\-perf\-submit_from_crypt_cpus\fR"
-Disable offloading writes to a separate thread after encryption.
-There are some situations where offloading write bios from the
-encryption threads to a single thread degrades performance
-significantly. The default is to offload write bios to the same
-thread.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR This option is available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 4.0 or later.
-.TP
-.B "\-\-perf\-no_read_workqueue, \-\-perf\-no_write_workqueue\fR"
-Bypass dm-crypt internal workqueue and process read or write requests
-synchronously.
-This option is only relevant for \fIopen\fR action.
-
-\fBNOTE:\fR These options are available only for low-level dm-crypt
-performance tuning, use only if you need a change to default dm-crypt
-behaviour. Needs kernel 5.9 or later.
-.TP
-.B "\-\-test\-passphrase\fR"
-Do not activate the device, just verify passphrase.
-This option is only relevant for \fIopen\fR action (the device
-mapping name is not mandatory if this option is used).
-.TP
-.B "\-\-header\fR <device or file storing the LUKS header>"
-Use a detached (separated) metadata device or file where the
-LUKS header is stored. This option allows one to store ciphertext
-and LUKS header on different devices.
-
-This option is only relevant for LUKS devices and can be
-used with the \fIluksFormat\fR, \fIopen\fR, \fIluksSuspend\fR,
-\fIluksResume\fR, \fIstatus\fR and \fIresize\fR commands.
-
-For \fIluksFormat\fR with a file name as the argument to \-\-header,
-the file will be automatically created if it does not exist.
-See the cryptsetup FAQ for header size calculation.
-
-For other commands that change the LUKS header (e.g. \fIluksAddKey\fR),
-specify the device or file with the LUKS header directly as the
-LUKS device.
-
-If used with \fIluksFormat\fR, the \-\-align\-payload option is taken
-as absolute sector alignment on ciphertext device and can be zero.
-
-\fBWARNING:\fR There is no check whether the ciphertext device specified
-actually belongs to the header given. In fact, you can specify an
-arbitrary device as the ciphertext device for \fIopen\fR
-with the \-\-header option. Use with care.
-.TP
-.B "\-\-header\-backup\-file <file>"
-Specify file with header backup for \fIluksHeaderBackup\fR or
-\fIluksHeaderRestore\fR actions.
-.TP
-.B "\-\-force\-password"
-Do not use password quality checking for new LUKS passwords.
-
-This option applies only to \fIluksFormat\fR, \fIluksAddKey\fR and
-\fIluksChangeKey\fR and is ignored if cryptsetup is built without
-password quality checking support.
-
-For more info about password quality check, see the manual page
-for \fBpwquality.conf(5)\fR and \fBpasswdqc.conf(5)\fR.
-.TP
-.B "\-\-deferred"
-Defers device removal in \fIclose\fR command until the last user closes it.
-.TP
-.B "\-\-disable\-locks"
-Disable lock protection for metadata on disk.
-This option is valid only for LUKS2 and ignored for other formats.
-
-\fBWARNING:\fR Do not use this option unless you run cryptsetup in
-a restricted environment where locking is impossible to perform
-(where /run directory cannot be used).
-.TP
-.B "\-\-disable\-keyring"
-Do not load volume key in kernel keyring and store it directly
-in the dm-crypt target instead.
-This option is supported only for the LUKS2 format.
-.TP
-.B "\-\-key\-description <text>"
-Set key description in keyring for use with \fItoken\fR command.
-.TP
-.B "\-\-priority <normal|prefer|ignore>"
-Set a priority for LUKS2 keyslot.
-The \fIprefer\fR priority marked slots are tried before \fInormal\fR priority.
-The \fIignored\fR priority means, that slot is never used, if not explicitly
-requested by \fI\-\-key\-slot\fR option.
-.TP
-.B "\-\-token\-id"
-Specify what token to use in actions \fItoken\fR, \fIopen\fR or \fIresize\fR.
-If omitted, all available tokens will be checked before proceeding further with
-passphrase prompt.
-.TP
-.B "\-\-token\-only"
-Do not proceed further with action (any of \fItoken\fR, \fIopen\fR or
-\fIresize\fR) if token activation failed. Without the option,
-action asks for passphrase to proceed further.
-.TP
-.B "\-\-sector\-size <bytes>"
-Set sector size for use with disk encryption. It must be power of two
-and in range 512 - 4096 bytes. The default is 512 bytes sectors.
-This option is available only in the LUKS2 mode.
-
-Note that if sector size is higher than underlying device hardware sector
-and there is not integrity protection that uses data journal, using
-this option can increase risk on incomplete sector writes during a power fail.
-
-If used together with \fI\-\-integrity\fR option and dm-integrity journal,
-the atomicity of writes is guaranteed in all cases (but it cost write
-performance - data has to be written twice).
-
-Increasing sector size from 512 bytes to 4096 bytes can provide better
-performance on most of the modern storage devices and also with some
-hw encryption accelerators.
-.TP
-.B "\-\-iv-large-sectors"
-Count Initialization Vector (IV) in larger sector size (if set) instead
-of 512 bytes sectors. This option can be used only for \fIopen\fR command
-and \fIplain\fR encryption type.
-
-\fBNOTE:\fR This option does not have any performance or security impact,
-use it only for accessing incompatible existing disk images from other systems
-that require this option.
-.TP
-.B "\-\-persistent"
-If used with LUKS2 devices and activation commands like \fIopen\fR or \fIrefresh\fR,
-the specified activation flags are persistently written into metadata
-and used next time automatically even for normal activation.
-(No need to use cryptab or other system configuration files.)
-
-If you need to remove a persistent flag, use \fI\-\-persistent\fR without
-the flag you want to remove (e.g. to disable persistently stored discard flag,
-use \fI\-\-persistent\fR without \fI\-\-allow-discards\fR).
-
-Only \fI\-\-allow-discards\fR, \fI\-\-perf\-same_cpu_crypt\fR,
-\fI\-\-perf\-submit_from_crypt_cpus\fR, \fI\-\-perf\-no_read_workqueue\fR,
-\fI\-\-perf\-no_write_workqueue\fR and \fI\-\-integrity\-no\-journal\fR
-can be stored persistently.
-.TP
-.B "\-\-refresh"
-Refreshes an active device with new set of parameters. See action \fIrefresh\fR description
-for more details.
-.TP
-.B "\-\-label <LABEL>"
-.B "\-\-subsystem <SUBSYSTEM>"
-Set label and subsystem description for LUKS2 device, can be used
-in \fIconfig\fR and \fIformat\fR actions.
-The label and subsystem are optional fields and can be later used in udev scripts
-for triggering user actions once device marked by these labels is detected.
-.TP
-.B "\-\-integrity <integrity algorithm>"
-Specify integrity algorithm to be used for authenticated disk encryption in LUKS2.
-
-\fBWARNING: This extension is EXPERIMENTAL\fR and requires dm-integrity
-kernel target (available since kernel version 4.12).
-For native AEAD modes, also enable "User-space interface for AEAD cipher algorithms"
-in "Cryptographic API" section (CONFIG_CRYPTO_USER_API_AEAD .config option).
-
-For more info, see \fIAUTHENTICATED DISK ENCRYPTION\fR section.
-.TP
-.B "\-\-luks2\-metadata\-size <size>"
-This option can be used to enlarge the LUKS2 metadata (JSON) area.
-The size includes 4096 bytes for binary metadata (usable JSON area is smaller
-of the binary area).
-According to LUKS2 specification, only these values are valid:
-16, 32, 64, 128, 256, 512, 1024, 2048 and 4096 kB
-The <size> can be specified with unit suffix (for example 128k).
-.TP
-.B "\-\-luks2\-keyslots\-size <size>"
-This option can be used to set specific size of the LUKS2 binary keyslot area
-(key material is encrypted there). The value must be aligned to multiple
-of 4096 bytes with maximum size 128MB.
-The <size> can be specified with unit suffix (for example 128k).
-.TP
-.B "\-\-keyslot\-cipher <cipher\-spec>"
-This option can be used to set specific cipher encryption for the LUKS2 keyslot area.
-.TP
-.B "\-\-keyslot\-key\-size <bits>"
-This option can be used to set specific key size for the LUKS2 keyslot area.
-.TP
-.B "\-\-integrity\-no\-journal"
-Activate device with integrity protection without using data journal (direct
-write of data and integrity tags).
-Note that without journal power fail can cause non-atomic write and data corruption.
-Use only if journalling is performed on a different storage layer.
-.TP
-.B "\-\-integrity\-no\-wipe"
-Skip wiping of device authentication (integrity) tags. If you skip this
-step, sectors will report invalid integrity tag until an application write
-to the sector.
-
-\fBNOTE:\fR Even some writes to the device can fail if the write is not
-aligned to page size and page-cache initiates read of a sector with invalid
-integrity tag.
-.TP
-.B "\-\-unbound"
-
-Creates new or dumps existing LUKS2 unbound keyslot. See \fIluksAddKey\fR or
-\fIluksDump\fR actions for more details.
-
-.TP
-.B "\-\-tcrypt\-hidden"
-.B "\-\-tcrypt\-system"
-.B "\-\-tcrypt\-backup"
-Specify which TrueCrypt on-disk header will be used to open the device.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-veracrypt"
-Allow VeraCrypt compatible mode. Only for TCRYPT extension.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-veracrypt\-pim"
-.B "\-\-veracrypt\-query\-pim"
-Use a custom Personal Iteration Multiplier (PIM) for VeraCrypt device.
-See \fITCRYPT\fR section for more info.
-.TP
-.B "\-\-serialize\-memory\-hard\-pbkdf"
-Use a global lock to serialize unlocking of keyslots using memory-hard PBKDF.
-
-\fBNOTE:\fR This is (ugly) workaround for a specific situation when multiple
-devices are activated in parallel and system instead of reporting out of memory
-starts unconditionally stop processes using out-of-memory killer.
-
-\fBDO NOT USE\fR this switch until you are implementing boot environment
-with parallel devices activation!
-.TP
-.B "\-\-encrypt"
-Initialize (and run) device encryption (\fIreencrypt\fR action parameter)
-.TP
-.B "\-\-decrypt"
-Initialize (and run) device decryption (\fIreencrypt\fR action parameter)
-.TP
-.B "\-\-init\-only"
-Initialize reencryption (any variant) operation in LUKS2 metadata only and exit. If any
-reencrypt operation is already initialized in metadata, the command with \-\-init\-only
-parameter fails.
-.TP
-.B "\-\-resume\-only"
-Resume reencryption (any variant) operation already described in LUKS2 metadata. If no
-reencrypt operation is initialized, the command with \-\-resume\-only
-parameter fails. Useful for resuming reencrypt operation without accidentally triggering
-new reencryption operation.
-.TP
-.B "\-\-resilience <mode>"
-Reencryption resilience mode can be one of \fIchecksum\fR, \fIjournal\fR or \fInone\fR.
-
-\fIchecksum\fR: default mode, where individual checksums of ciphertext hotzone sectors are stored,
-so the recovery process can detect which sectors where already reencrypted.
-It requires that the device sector write is atomic.
-
-\fIjournal\fR: the hotzone is journaled in the binary area (so the data are written twice).
-
-\fInone\fR: performance mode. There is no protection and the only way it's safe to interrupt
-the reencryption is similar to old offline reencryption utility. (ctrl+c).
-
-The option is ignored if reencryption with datashift mode is in progress.
-.TP
-.B "\-\-resilience-hash <hash>"
-The hash algorithm used with "\-\-resilience checksum" only.
-The default hash is sha256. With other resilience modes, the hash parameter is ignored.
-.TP
-.B "\-\-hotzone-size <size>"
-This option can be used to set an upper limit on the size of reencryption area (hotzone).
-The <size> can be specified with unit suffix (for example 50M). Note that actual hotzone
-size may be less than specified <size> due to other limitations (free space in keyslots area or
-available memory).
-.TP
-.B "\-\-reduce\-device\-size <size>"
-Initialize LUKS2 reencryption with data device size reduction
-(currently only \-\-encrypt variant is supported).
-
-Last <size> sectors of <device> will be used to properly initialize device reencryption.
-That means any data at last <size> sectors will be lost.
-
-It could be useful if you added some space to underlying partition or logical volume
-(so last <size> sectors contains no data).
-
-Recommended minimal size is twice the default LUKS2 header size (\-\-reduce\-device\-size 32M)
-for \-\-encrypt use case. Be sure to have enough (at least \-\-reduce\-device\-size value
- of free space at the end of <device>).
-
-WARNING: This is a destructive operation and cannot be reverted.
-Use with extreme care - accidentally overwritten filesystems are usually unrecoverable.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-usage"
-Show short option help.
-.TP
-.B "\-\-help, \-?"
-Show help text and default parameters.
-.SH EXAMPLE
-.TP
-Example 1: Create LUKS 2 container on block device /dev/sdX.
-sudo cryptsetup --type luks2 luksFormat /dev/sdX
-.TP
-Example 2: Add an additional passphrase to key slot 5.
-sudo cryptsetup luksAddKey --key-slot 5 /dev/sdX
-.TP
-Example 3: Create LUKS header backup and save it to file.
-sudo cryptsetup luksHeaderBackup /dev/sdX --header-backup-file /var/tmp/NameOfBackupFile
-.TP
-Example 4: Open LUKS contaner on /dev/sdX and map it to sdX_crypt.
-sudo cryptsetup open /dev/sdX sdX_crypt
-.TP
-.B WARNING: The command in example 5 will erase all key slots.
-Your cannot use your luks container afterwards anymore unless you have a backup to restore.
-.TP
-Example 5: Erase all key slots on /dev/sdX.
-sudo cryptsetup erase /dev/sdX
-.TP
-Example 6: Restore LUKS header from backup file.
-sudo cryptsetup luksHeaderRestore /dev/sdX --header-backup-file /var/tmp/NameOfBackupFile
-.SH RETURN CODES
-Cryptsetup returns 0 on success and a non-zero value on error.
-
-Error codes are: 1 wrong parameters, 2 no permission (bad passphrase),
-3 out of memory, 4 wrong device specified, 5 device already exists
-or device is busy.
-.SH NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE
-Note that no iterated hashing or salting is done in plain mode.
-If hashing is done, it is a single direct hash. This means that
-low-entropy passphrases are easy to attack in plain mode.
-
-\fBFrom a terminal\fR: The passphrase is read until the
-first newline, i.e. '\\n'.
-The input without the newline character is processed with
-the default hash or the hash specified with \-\-hash.
-The hash result will be truncated to the key size
-of the used cipher, or the size specified with \-s.
-
-\fBFrom stdin\fR: Reading will continue until a newline (or until
-the maximum input size is reached), with the trailing newline
-stripped. The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and can
-be overwritten using \-\-keyfile-size option.
-
-The data read will be hashed with the default hash
-or the hash specified with \-\-hash.
-The hash result will be truncated to the key size
-of the used cipher, or the size specified with \-s.
-
-Note that if \-\-key-file=- is used for reading the key
-from stdin, trailing newlines are not stripped from the input.
-
-If "plain" is used as argument to \-\-hash, the input
-data will not be hashed. Instead, it will be zero padded (if
-shorter than the key size) or truncated (if longer than the
-key size) and used directly as the binary key. This is useful for
-directly specifying a binary key.
-No warning will be given if the amount of data read from stdin is
-less than the key size.
-
-\fBFrom a key file\fR: It will be truncated to the
-key size of the used cipher or the size given by \-s
-and directly used as a binary key.
-
-\fBWARNING\fR: The \-\-hash argument is being ignored.
-The \-\-hash option is usable only for stdin input in plain mode.
-
-If the key file is shorter than the key, cryptsetup
-will quit with an error.
-The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and can
-be overwritten using \-\-keyfile-size option.
-
-
-.SH NOTES ON PASSPHRASE PROCESSING FOR LUKS
-LUKS uses PBKDF2 to protect against dictionary attacks
-and to give some protection to low-entropy passphrases
-(see RFC 2898 and the cryptsetup FAQ).
-
-\fBFrom a terminal\fR: The passphrase is read until the
-first newline and then processed by PBKDF2 without
-the newline character.
-
-\fBFrom stdin\fR:
-LUKS will read passphrases from stdin up to the
-first newline character or the compiled-in
-maximum key file length. If \-\-keyfile\-size is
-given, it is ignored.
-
-\fBFrom key file\fR:
-The complete keyfile is read up to the compiled-in
-maximum size. Newline characters do not terminate the
-input. The \-\-keyfile\-size option can be used to limit
-what is read.
-
-\fBPassphrase processing\fR:
-Whenever a passphrase is added to a LUKS header (luksAddKey, luksFormat),
-the user may specify how much the time the passphrase processing
-should consume. The time is used to determine the iteration count
-for PBKDF2 and higher times will offer better protection for
-low-entropy passphrases, but open will take longer to
-complete. For passphrases that have entropy higher than the
-used key length, higher iteration times will not increase security.
-
-The default setting of one or two seconds is sufficient for most
-practical cases. The only exception is a low-entropy
-passphrase used on a device with a slow CPU, as this will
-result in a low iteration count. On a slow device, it may
-be advisable to increase the iteration time using the
-\-\-iter\-time option in order to obtain a higher
-iteration count. This does slow down all later luksOpen
-operations accordingly.
-.SH INCOHERENT BEHAVIOR FOR INVALID PASSPHRASES/KEYS
-LUKS checks for a valid passphrase when an encrypted partition
-is unlocked. The behavior of plain dm-crypt is different.
-It will always decrypt with the passphrase given. If the
-given passphrase is wrong, the device mapped by plain
-dm-crypt will essentially still contain encrypted data and
-will be unreadable.
-.SH NOTES ON SUPPORTED CIPHERS, MODES, HASHES AND KEY SIZES
-The available combinations of ciphers, modes, hashes and key sizes
-depend on kernel support. See /proc/crypto for a list of available
-options. You might need to load additional kernel crypto modules
-in order to get more options.
-
-For the \-\-hash option, if the crypto backend is libgcrypt,
-then all algorithms supported by the gcrypt library are available.
-For other crypto backends, some algorithms may be missing.
-.SH NOTES ON PASSPHRASES
-Mathematics can't be bribed. Make sure you keep your passphrases safe.
-There are a few nice tricks for constructing a fallback, when suddenly
-out of the blue, your brain refuses to cooperate.
-These fallbacks need LUKS, as it's only possible with LUKS
-to have multiple passphrases. Still, if your attacker model does
-not prevent it, storing your passphrase in a sealed envelope somewhere
-may be a good idea as well.
-.SH NOTES ON RANDOM NUMBER GENERATORS
-Random Number Generators (RNG) used in cryptsetup are always the
-kernel RNGs without any modifications or additions to data stream
-produced.
-
-There are two types of randomness cryptsetup/LUKS needs. One type
-(which always uses /dev/urandom) is used for salts, the AF splitter
-and for wiping deleted keyslots.
-
-The second type is used for the volume (master) key. You can switch
-between using /dev/random and /dev/urandom here, see
-\fP\-\-use\-random\fR and \fP\-\-use\-urandom\fR
-options. Using /dev/random on a system without enough entropy sources
-can cause \fPluksFormat\fR to block until the requested amount of
-random data is gathered. In a low-entropy situation (embedded system),
-this can take a very long time and potentially forever. At the same
-time, using /dev/urandom in a low-entropy situation will
-produce low-quality keys. This is a serious problem, but solving
-it is out of scope for a mere man-page.
-See \fPurandom(4)\fR for more information.
-.SH AUTHENTICATED DISK ENCRYPTION (EXPERIMENTAL)
-Since Linux kernel version 4.12 dm-crypt supports authenticated
-disk encryption.
-
-Normal disk encryption modes are length-preserving (plaintext sector
-is of the same size as a ciphertext sector) and can provide only
-confidentiality protection, but not cryptographically sound
-data integrity protection.
-
-Authenticated modes require additional space per-sector for
-authentication tag and use Authenticated Encryption with Additional
-Data (AEAD) algorithms.
-
-If you configure LUKS2 device with data integrity protection,
-there will be an underlying dm-integrity device, which provides
-additional per-sector metadata space and also provide data
-journal protection to ensure atomicity of data and metadata update.
-Because there must be additional space for metadata and journal,
-the available space for the device will be smaller than for
-length-preserving modes.
-
-The dm-crypt device then resides on top of such a dm-integrity device.
-All activation and deactivation of this device stack is performed
-by cryptsetup, there is no difference in using \fIluksOpen\fR
-for integrity protected devices.
-If you want to format LUKS2 device with data integrity protection,
-use \fI\-\-integrity\fR option.
-
-Since dm-integrity doesn't support discards (TRIM), dm-crypt device on top of it
-inherits this, so integrity protection mode doesn't support discards either.
-
-Some integrity modes requires two independent keys (key for encryption
-and for authentication). Both these keys are stored in one LUKS keyslot.
-
-\fBWARNING:\fR All support for authenticated modes is experimental
-and there are only some modes available for now. Note that there
-are a very few authenticated encryption algorithms that are suitable
-for disk encryption. You also cannot use CRC32 or any other non-cryptographic
-checksums (other than the special integrity mode "none"). If for some reason
-you want to have integrity control without using authentication mode, then you
-should separately configure dm-integrity independently of LUKS2.
-
-.SH NOTES ON LOOPBACK DEVICE USE
-Cryptsetup is usually used directly on a block device (disk
-partition or LVM volume). However, if the device argument is a
-file, cryptsetup tries to allocate a loopback device
-and map it into this file. This mode requires Linux kernel 2.6.25
-or more recent which supports the loop autoclear flag (loop device is
-cleared on the last close automatically). Of course, you can
-always map a file to a loop-device manually. See the
-cryptsetup FAQ for an example.
-
-When device mapping is active, you can see the loop backing file in
-the status command output. Also see losetup(8).
-.SH LUKS2 header locking
-.PP
-The LUKS2 on-disk metadata is updated in several steps and
-to achieve proper atomic update, there is a locking mechanism.
-For an image in file, code uses \fIflock(2)\fR system call.
-For a block device, lock is performed over a special file stored
-in a locking directory (by default \fI/run/lock/cryptsetup\fR).
-The locking directory should be created with the proper security
-context by the distribution during the boot-up phase.
-Only LUKS2 uses locks, other formats do not use this mechanism.
-.SH DEPRECATED ACTIONS
-.PP
-The \fIreload\fR action is no longer supported.
-Please use \fIdmsetup(8)\fR if you need to
-directly manipulate with the device mapping table.
-.PP
-The \fIluksDelKey\fR was replaced with \fIluksKillSlot\fR.
-.PP
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-cryptsetup originally written by Jana Saout <jana@saout.de>
-.br
-The LUKS extensions and original man page were written by
-Clemens Fruhwirth <clemens@endorphin.org>.
-.br
-Man page extensions by Milan Broz <gmazyland@gmail.com>.
-.br
-Man page rewrite and extension by Arno Wagner <arno@wagner.name>.
-.SH COPYRIGHT
-Copyright \(co 2004 Jana Saout
-.br
-Copyright \(co 2004-2006 Clemens Fruhwirth
-.br
-Copyright \(co 2012-2014 Arno Wagner
-.br
-Copyright \(co 2009-2021 Red Hat, Inc.
-.br
-Copyright \(co 2009-2021 Milan Broz
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The LUKS website at \fBhttps://gitlab.com/cryptsetup/cryptsetup/\fR
-
-The cryptsetup FAQ, contained in the distribution package and
-online at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions\fR
-
-The cryptsetup mailing list and list archive, see FAQ entry 1.6.
-
-The LUKS version 1 on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/Specification\fR and
-LUKS version 2 at \fBhttps://gitlab.com/cryptsetup/LUKS2-docs\fR.
--- /dev/null
+= cryptsetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: cryptsetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== Name
+
+cryptsetup - manage plain dm-crypt, LUKS, and other encrypted volumes
+
+== SYNOPSIS
+
+*cryptsetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+cryptsetup is used to conveniently setup dm-crypt managed device-mapper
+mappings. These include plain dm-crypt volumes and LUKS volumes. The
+difference is that LUKS uses a metadata header and can hence offer more
+features than plain dm-crypt. On the other hand, the header is visible
+and vulnerable to damage.
+
+In addition, cryptsetup provides limited support for the use of loop-AES
+volumes, TrueCrypt, VeraCrypt, BitLocker and FileVault2 compatible volumes.
+
+For more information about specific cryptsetup action see
+*cryptsetup-<action>*(8), where *<action>* is the name of the
+cryptsetup action.
+
+== BASIC ACTIONS
+
+The following are valid actions for all supported device types.
+
+=== OPEN
+*open <device> <name> --type <device_type>*
+
+Opens (creates a mapping with) <name> backed by device <device>. +
+See *cryptsetup-open*(8).
+
+=== CLOSE
+*close <name>*
+
+Removes the existing mapping <name> and wipes the key from kernel memory. +
+See *cryptsetup-close*(8).
+
+=== STATUS
+*status <name>*
+
+Reports the status for the mapping <name>. +
+See *cryptsetup-status*(8).
+
+=== RESIZE
+*resize <name>*
+
+Resizes an active mapping <name>. +
+See *cryptsetup-resize*(8).
+
+=== REFRESH
+*refresh <name>*
+
+Refreshes parameters of active mapping <name>. +
+See *cryptsetup-refresh*(8).
+
+=== REENCRYPT
+*reencrypt <device> or --active-name <name> [<new_name>]*
+
+Run LUKS device reencryption. +
+See *cryptsetup-reencrypt*(8).
+
+== PLAIN MODE
+
+Plain dm-crypt encrypts the device sector-by-sector with a single,
+non-salted hash of the passphrase. No checks are performed, no metadata
+is used. There is no formatting operation. When the raw device is mapped
+(opened), the usual device operations can be used on the mapped device,
+including filesystem creation. Mapped devices usually reside in
+/dev/mapper/<name>.
+
+The following are valid plain device type actions:
+
+=== OPEN
+*open --type plain <device> <name>* +
+create <name> <device> (*OBSOLETE syntax*)
+
+Opens (creates a mapping with) <name> backed by device <device>. +
+See *cryptsetup-open*(8).
+
+== LUKS EXTENSION
+
+LUKS, the Linux Unified Key Setup, is a standard for disk encryption. It
+adds a standardized header at the start of the device, a key-slot area
+directly behind the header and the bulk data area behind that. The whole
+set is called a 'LUKS container'. The device that a LUKS container
+resides on is called a 'LUKS device'. For most purposes, both terms can
+be used interchangeably. But note that when the LUKS header is at a
+nonzero offset in a device, then the device is not a LUKS device
+anymore, but has a LUKS container stored in it at an offset.
+
+LUKS can manage multiple passphrases that can be individually revoked or
+changed and that can be securely scrubbed from persistent media due to
+the use of anti-forensic stripes. Passphrases are protected against
+brute-force and dictionary attacks by Password-Based Key Derivation
+Function (PBKDF).
+
+LUKS2 is a new version of header format that allows additional
+extensions like different PBKDF algorithm or authenticated encryption.
+You can format device with LUKS2 header if you specify *--type luks2* in
+*luksFormat* command. For activation, the format is already recognized
+automatically.
+
+Each passphrase, also called a *key* in this document, is associated
+with one of 8 key-slots. Key operations that do not specify a slot
+affect the first slot that matches the supplied passphrase or the first
+empty slot if a new passphrase is added.
+
+The *<device>* parameter can also be specified by a LUKS UUID in the
+format UUID=<uuid>. Translation to real device name uses symlinks in
+/dev/disk/by-uuid directory.
+
+To specify a detached header, the *--header* parameter can be used in
+all LUKS commands and always takes precedence over the positional
+*<device>* parameter.
+
+The following are valid LUKS actions:
+
+=== FORMAT
+*luksFormat <device> [<key file>]*
+
+Initializes a LUKS partition and sets the initial passphrase (for key-slot 0). +
+See *cryptsetup-luksFormat*(8).
+
+=== OPEN
+*open --type luks <device> <name>* +
+luksOpen <device> <name> (*old syntax*)
+
+Opens the LUKS device <device> and sets up a mapping <name> after
+successful verification of the supplied passphrase. +
+See *cryptsetup-open*(8).
+
+=== SUSPEND
+*luksSuspend <name>*
+
+Suspends an active device (all IO operations will block and accesses to
+the device will wait indefinitely) and wipes the encryption key from
+kernel memory. +
+See *cryptsetup-luksSuspend*(8).
+
+=== RESUME
+*luksResume <name>*
+
+Resumes a suspended device and reinstates the encryption key. +
+See *cryptsetup-luksResume*(8).
+
+=== ADD KEY
+*luksAddKey <device> [<key file with new key>]*
+
+Adds a new passphrase using an existing passphrase. +
+See *cryptsetup-luksAddKey*(8).
+
+=== REMOVE KEY
+*luksRemoveKey <device> [<key file with passphrase to be removed>]*
+
+Removes the supplied passphrase from the LUKS device. +
+See *cryptsetup-luksRemoveKey*(8).
+
+=== CHANGE KEY
+*luksChangeKey <device> [<new key file>]*
+
+Changes an existing passphrase. +
+See *cryptsetup-luksChangeKey*(8).
+
+=== CONVERT KEY
+*luksConvertKey <device>*
+
+Converts an existing LUKS2 keyslot to new PBKDF parameters. +
+See *cryptsetup-luksConvertKey*(8).
+
+=== KILL SLOT
+*luksKillSlot <device> <key slot number>*
+
+Wipe the key-slot number <key slot> from the LUKS device. +
+See *cryptsetup-luksKillSlot*(8).
+
+=== ERASE
+*erase <device>* +
+luksErase <device> (*old syntax*)
+
+Erase all keyslots and make the LUKS container permanently inaccessible. +
+See *cryptsetup-erase*(8).
+
+=== UUID
+*luksUUID <device>*
+
+Print or set the UUID of a LUKS device. +
+See *cryptsetup-luksUUID*(8).
+
+=== IS LUKS
+*isLuks <device>*
+
+Returns true, if <device> is a LUKS device, false otherwise. +
+See *cryptsetup-isLuks*(8).
+
+=== DUMP
+*luksDump <device>*
+
+Dump the header information of a LUKS device. +
+See *cryptsetup-luksDump*(8).
+
+=== HEADER BACKUP
+*luksHeaderBackup <device> --header-backup-file <file>*
+
+Stores a binary backup of the LUKS header and keyslot area. +
+See *cryptsetup-luksHeaderBackup*(8).
+
+=== HEADER RESTORE
+*luksHeaderRestore <device> --header-backup-file <file>*
+
+Restores a binary backup of the LUKS header and keyslot area from the
+specified file. +
+See *cryptsetup-luksHeaderRestore*(8).
+
+=== TOKEN
+*token <add|remove|import|export> <device>*
+
+Manipulate token objects used for obtaining passphrases. +
+See *cryptsetup-token*(8).
+
+=== CONVERT
+*convert <device> --type <format>*
+
+Converts the device between LUKS1 and LUKS2 format (if possible). +
+See *cryptsetup-convert*(8).
+
+=== CONFIG
+*config <device>*
+
+Set permanent configuration options (store to LUKS header). +
+See *cryptsetup-config*(8).
+
+== loop-AES EXTENSION
+
+cryptsetup supports mapping loop-AES encrypted partition using a
+compatibility mode.
+
+=== OPEN
+*open --type loopaes <device> <name> --key-file <keyfile>* +
+loopaesOpen <device> <name> --key-file <keyfile> (*old syntax*)
+
+Opens the loop-AES <device> and sets up a mapping <name>. +
+See *cryptsetup-open*(8).
+
+See also section 7 of the FAQ and http://loop-aes.sourceforge.net[loop-AES]
+for more information regarding loop-AES.
+
+== TCRYPT (TrueCrypt and VeraCrypt compatible) EXTENSION
+
+cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt encrypted
+partition using a native Linux kernel API. Header formatting and TCRYPT
+header change is not supported, cryptsetup never changes TCRYPT header
+on-device.
+
+TCRYPT extension requires kernel userspace crypto API to be available
+(introduced in Linux kernel 2.6.38). If you are configuring kernel
+yourself, enable "User-space interface for symmetric key cipher
+algorithms" in "Cryptographic API" section
+(CRYPTO_USER_API_SKCIPHER .config option).
+
+Because TCRYPT header is encrypted, you have to always provide valid
+passphrase and keyfiles.
+
+Cryptsetup should recognize all header variants, except legacy cipher
+chains using LRW encryption mode with 64 bits encryption block (namely
+Blowfish in LRW mode is not recognized, this is limitation of kernel
+crypto API).
+
+VeraCrypt is extension of TrueCrypt header with increased iteration
+count so unlocking can take quite a lot of time.
+
+To open a VeraCrypt device with a custom Personal Iteration Multiplier
+(PIM) value, use either the *--veracrypt-pim=<PIM>* option to directly
+specify the PIM on the command- line or use *--veracrypt-query-pim* to
+be prompted for the PIM.
+
+The PIM value affects the number of iterations applied during key
+derivation. Please refer to
+https://www.veracrypt.fr/en/Personal%20Iterations%20Multiplier%20%28PIM%29.html[PIM]
+for more detailed information.
+
+If you need to disable VeraCrypt device support, use
+*--disable-veracrypt* option.
+
+*NOTE:* Activation with *tcryptOpen* is supported only for cipher chains
+using LRW or XTS encryption modes.
+
+The *tcryptDump* command should work for all recognized TCRYPT devices
+and doesn't require superuser privilege.
+
+To map system device (device with boot loader where the whole encrypted
+system resides) use *--tcrypt-system* option. You can use partition
+device as the parameter (parameter must be real partition device, not an
+image in a file), then only this partition is mapped.
+
+If you have the whole TCRYPT device as a file image and you want to map
+multiple partition encrypted with system encryption, please create
+loopback mapping with partitions first (*losetup -P*, see *losetup(8)*
+man page for more info), and use loop partition as the device parameter.
+
+If you use the whole base device as a parameter, one device for the
+whole system encryption is mapped. This mode is available only for
+backward compatibility with older cryptsetup versions which mapped
+TCRYPT system encryption using the whole device.
+
+To use hidden header (and map hidden device, if available), use
+*--tcrypt-hidden* option.
+
+To explicitly use backup (secondary) header, use *--tcrypt-backup*
+option.
+
+*NOTE:* There is no protection for a hidden volume if the outer volume
+is mounted. The reason is that if there were any protection, it would
+require some metadata describing what to protect in the outer volume and
+the hidden volume would become detectable.
+
+=== OPEN
+*open --type tcrypt <device> <name>* +
+tcryptOpen_ <device> <name> (*old syntax*)
+
+Opens the TCRYPT (a TrueCrypt-compatible) <device> and sets up a mapping
+<name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*tcryptDump <device>*
+
+Dump the header information of a TCRYPT device. +
+See *cryptsetup-tcryptDump*(8).
+
+See also https://en.wikipedia.org/wiki/TrueCrypt[*TrueCrypt*] and
+https://en.wikipedia.org/wiki/VeraCrypt[*VeraCrypt*] pages for more information.
+
+Please note that cryptsetup does not use TrueCrypt or VeraCrypt code, please
+report all problems related to this compatibility extension to the cryptsetup
+project.
+
+== BITLK (Windows BitLocker compatible) EXTENSION
+
+cryptsetup supports mapping of BitLocker and BitLocker to Go encrypted
+partition using a native Linux kernel API. Header formatting and BITLK
+header changes are not supported, cryptsetup never changes BITLK header
+on-device.
+
+BITLK extension requires kernel userspace crypto API to be available
+(for details see TCRYPT section).
+
+Cryptsetup should recognize all BITLK header variants, except legacy
+header used in Windows Vista systems and partially decrypted BitLocker
+devices. Activation of legacy devices encrypted in CBC mode requires at
+least Linux kernel version 5.3 and for devices using Elephant diffuser
+kernel 5.6.
+
+The *bitlkDump* command should work for all recognized BITLK devices and
+doesn't require superuser privilege.
+
+For unlocking with the *open* a password or a recovery passphrase or a
+startup key must be provided.
+
+Additionally unlocking using volume key is supported. You must provide
+BitLocker Full Volume Encryption Key (FVEK) using the --volume-key-file
+option. The key must be decrypted and without the header (only
+128/256/512 bits of key data depending on used cipher and mode).
+
+Other unlocking methods (TPM, SmartCard) are not supported.
+
+=== OPEN
+*open --type bitlk <device> <name>* +
+bitlkOpen <device> <name> (*old syntax*)
+
+Opens the BITLK (a BitLocker-compatible) <device> and sets up a mapping
+<name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*bitlkDump <device>*
+
+Dump the header information of a BITLK device. +
+See *cryptsetup-bitlkDump*(8).
+
+Please note that cryptsetup does not use any Windows BitLocker code,
+please report all problems related to this compatibility extension to
+the cryptsetup project.
+
+== FVAULT2 (Apple macOS FileVault2 compatible) EXTENSION
+
+cryptsetup supports the mapping of FileVault2 (FileVault2 full-disk
+encryption) by Apple for the macOS operating system using a native Linux
+kernel API.
+
+*NOTE:* cryptsetup supports only FileVault2 based on Core Storage and HFS+
+filesystem (introduced in MacOS X 10.7 Lion).
+It does NOT support the new version of FileVault based on the APFS
+filesystem used in recent macOS versions.
+
+Header formatting and FVAULT2 header changes are not supported;
+cryptsetup never changes the FVAULT2 header on-device.
+
+FVAULT2 extension requires kernel userspace crypto API to be available
+(for details, see TCRYPT section) and kernel driver for HFS+ (hfsplus)
+filesystem.
+
+Cryptsetup should recognize the basic configuration for portable drives.
+
+The *fvault2Dump* command should work for all recognized FVAULT2 devices
+and doesn't require superuser privilege.
+
+For unlocking with the *open*, a password must be provided.
+Other unlocking methods are not supported.
+
+=== OPEN
+*open --type fvault2 <device> <name>* +
+fvault2Open <device> <name> (*old syntax*)
+
+Opens the FVAULT2 (a FileVault2-compatible) <device> (usually the second
+partition on the device) and sets up a mapping <name>. +
+See *cryptsetup-open*(8).
+
+=== DUMP
+*fvault2Dump <device>*
+
+Dump the header information of an FVAULT2 device. +
+See *cryptsetup-fvault2Dump*(8).
+
+Note that cryptsetup does not use any macOS code or proprietary
+specifications. Please report all problems related to this compatibility
+extension to the cryptsetup project.
+
+== MISCELLANEOUS ACTIONS
+
+=== REPAIR
+*repair <device>*
+
+Tries to repair the device metadata if possible. Currently supported
+only for LUKS device type. +
+See *cryptsetup-repair*(8).
+
+=== BENCHMARK
+*benchmark <options>*
+
+Benchmarks ciphers and KDF (key derivation function). +
+See *cryptsetup-benchmark*(8).
+
+== PLAIN DM-CRYPT OR LUKS?
+
+Unless you understand the cryptographic background well, use LUKS. With
+plain dm-crypt there are a number of possible user errors that massively
+decrease security. While LUKS cannot fix them all, it can lessen the
+impact for many of them.
+
+== WARNINGS
+
+A lot of good information on the risks of using encrypted storage, on
+handling problems and on security aspects can be found in the
+Cryptsetup FAQ. Read it. Nonetheless, some risks deserve to be
+mentioned here.
+
+*Backup:* Storage media die. Encryption has no influence on that. Backup
+is mandatory for encrypted data as well, if the data has any worth. See
+the Cryptsetup FAQ for advice on how to do a backup of an encrypted
+volume.
+
+*Character encoding:* If you enter a passphrase with special symbols,
+the passphrase can change depending on character encoding. Keyboard
+settings can also change, which can make blind input hard or impossible.
+For example, switching from some ASCII 8-bit variant to UTF-8 can lead
+to a different binary encoding and hence different passphrase seen by
+cryptsetup, even if what you see on the terminal is exactly the same. It
+is therefore highly recommended to select passphrase characters only
+from 7-bit ASCII, as the encoding for 7-bit ASCII stays the same for all
+ASCII variants and UTF-8.
+
+*LUKS header:* If the header of a LUKS volume gets damaged, all data is
+permanently lost unless you have a header-backup. If a key-slot is
+damaged, it can only be restored from a header-backup or if another
+active key-slot with known passphrase is undamaged. Damaging the LUKS
+header is something people manage to do with surprising frequency. This
+risk is the result of a trade-off between security and safety, as LUKS
+is designed for fast and secure wiping by just overwriting header and
+key-slot area.
+
+*Previously used partitions:* If a partition was previously used, it is
+a very good idea to wipe filesystem signatures, data, etc. before
+creating a LUKS or plain dm-crypt container on it. For a quick removal
+of filesystem signatures, use *wipefs*(8). Take care though that this may
+not remove everything. In particular, MD RAID signatures at the end of a
+device may survive. It also does not remove data. For a full wipe,
+overwrite the whole partition before container creation. If you do not
+know how to do that, the cryptsetup FAQ describes several options.
+
+== EXAMPLES
+
+Example 1: Create LUKS 2 container on block device /dev/sdX.::
+ sudo cryptsetup --type luks2 luksFormat /dev/sdX
+Example 2: Add an additional passphrase to key slot 5.::
+ sudo cryptsetup luksAddKey --key-slot 5 /dev/sdX
+Example 3: Create LUKS header backup and save it to file.::
+ sudo cryptsetup luksHeaderBackup /dev/sdX --header-backup-file
+ /var/tmp/NameOfBackupFile
+Example 4: Open LUKS container on /dev/sdX and map it to sdX_crypt.::
+ sudo cryptsetup open /dev/sdX sdX_crypt
+*WARNING: The command in example 5 will erase all key slots.*::
+ Your cannot use your LUKS container afterward anymore unless you have
+ a backup to restore.
+Example 5: Erase all key slots on /dev/sdX.::
+ sudo cryptsetup erase /dev/sdX
+Example 6: Restore LUKS header from backup file.::
+ sudo cryptsetup luksHeaderRestore /dev/sdX --header-backup-file
+ /var/tmp/NameOfBackupFile
+
+== RETURN CODES
+
+Cryptsetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission (bad passphrase),
+*3* out of memory, *4* wrong device specified, *5* device already exists
+or device is busy.
+
+== NOTES
+
+=== Passphrase processing for PLAIN mode
+
+Note that no iterated hashing or salting is done in plain mode. If
+hashing is done, it is a single direct hash. This means that low-entropy
+passphrases are easy to attack in plain mode.
+
+*From a terminal*: The passphrase is read until the first newline, i.e.
+'\n'. The input without the newline character is processed with the
+default hash or the hash specified with --hash. The hash result will be
+truncated to the key size of the used cipher, or the size specified with
+-s.
+
+*From stdin*: Reading will continue until a newline (or until the
+maximum input size is reached), with the trailing newline stripped. The
+maximum input size is defined by the same compiled-in default as for the
+maximum key file size and can be overwritten using --keyfile-size
+option.
+
+The data read will be hashed with the default hash or the hash specified
+with --hash. The hash result will be truncated to the key size of the
+used cipher, or the size specified with -s.
+
+Note that if --key-file=- is used for reading the key from stdin,
+trailing newlines are not stripped from the input.
+
+If "plain" is used as argument to --hash, the input data will not be
+hashed. Instead, it will be zero padded (if shorter than the key size)
+or truncated (if longer than the key size) and used directly as the
+binary key. This is useful for directly specifying a binary key. No
+warning will be given if the amount of data read from stdin is less than
+the key size.
+
+*From a key file*: It will be truncated to the key size of the used
+cipher or the size given by -s and directly used as a binary key.
+
+*WARNING*: The --hash argument is being ignored. The --hash option is
+usable only for stdin input in plain mode.
+
+If the key file is shorter than the key, cryptsetup will quit with an
+error. The maximum input size is defined by the same compiled-in default
+as for the maximum key file size and can be overwritten using
+--keyfile-size option.
+
+=== Passphrase processing for LUKS
+
+LUKS uses PBKDF to protect against dictionary attacks and to give some
+protection to low-entropy passphrases (see cryptsetup FAQ).
+
+*From a terminal*: The passphrase is read until the first newline and
+then processed by PBKDF2 without the newline character.
+
+*From stdin*: LUKS will read passphrases from stdin up to the first
+newline character or the compiled-in maximum key file length. If
+--keyfile-size is given, it is ignored.
+
+*From key file*: The complete keyfile is read up to the compiled-in
+maximum size. Newline characters do not terminate the input. The
+--keyfile-size option can be used to limit what is read.
+
+*Passphrase processing*: Whenever a passphrase is added to a LUKS header
+(luksAddKey, luksFormat), the user may specify how much the time the
+passphrase processing should consume. The time is used to determine the
+iteration count for PBKDF2 and higher times will offer better protection
+for low-entropy passphrases, but open will take longer to complete. For
+passphrases that have entropy higher than the used key length, higher
+iteration times will not increase security.
+
+The default setting of one or two seconds is sufficient for most
+practical cases. The only exception is a low-entropy passphrase used on
+a device with a slow CPU, as this will result in a low iteration count.
+On a slow device, it may be advisable to increase the iteration time
+using the --iter-time option in order to obtain a higher iteration
+count. This does slow down all later luksOpen operations accordingly.
+
+=== Incoherent behavior for invalid passphrases/keys
+
+LUKS checks for a valid passphrase when an encrypted partition is
+unlocked. The behavior of plain dm-crypt is different. It will always
+decrypt with the passphrase given. If the given passphrase is wrong, the
+device mapped by plain dm-crypt will essentially still contain encrypted
+data and will be unreadable.
+
+=== Supported ciphers, modes, hashes and key sizes
+
+The available combinations of ciphers, modes, hashes and key sizes
+depend on kernel support. See /proc/crypto for a list of available
+options. You might need to load additional kernel crypto modules in
+order to get more options.
+
+For the --hash option, if the crypto backend is libgcrypt, then all
+algorithms supported by the gcrypt library are available. For other
+crypto backends, some algorithms may be missing.
+
+=== Notes on passphrases
+
+Mathematics can't be bribed. Make sure you keep your passphrases safe.
+There are a few nice tricks for constructing a fallback, when suddenly
+out of the blue, your brain refuses to cooperate. These fallbacks need
+LUKS, as it's only possible with LUKS to have multiple passphrases.
+Still, if your attacker model does not prevent it, storing your
+passphrase in a sealed envelope somewhere may be a good idea as well.
+
+=== Notes on Random Number Generators
+
+Random Number Generators (RNG) used in cryptsetup are always the kernel
+RNGs without any modifications or additions to data stream produced.
+
+There are two types of randomness cryptsetup/LUKS needs. One type (which
+always uses /dev/urandom) is used for salts, the AF splitter and for
+wiping deleted keyslots.
+
+The second type is used for the volume key. You can switch between using
+/dev/random and /dev/urandom here, see *--use-random* and
+*--use-urandom* options. Using /dev/random on a system without enough
+entropy sources can cause *luksFormat* to block until the requested
+amount of random data is gathered. In a low-entropy situation (embedded
+system), this can take a very long time and potentially forever. At the
+same time, using /dev/urandom in a low-entropy situation will produce
+low-quality keys. This is a serious problem, but solving it is out of
+scope for a mere man-page. See *urandom(4)* for more information.
+
+=== Authenticated disk encryption (EXPERIMENTAL)
+
+Since Linux kernel version 4.12 dm-crypt supports authenticated disk
+encryption.
+
+Normal disk encryption modes are length-preserving (plaintext sector is
+of the same size as a ciphertext sector) and can provide only
+confidentiality protection, but not cryptographically sound data
+integrity protection.
+
+Authenticated modes require additional space per-sector for
+authentication tag and use Authenticated Encryption with Additional Data
+(AEAD) algorithms.
+
+If you configure LUKS2 device with data integrity protection, there will
+be an underlying dm-integrity device, which provides additional
+per-sector metadata space and also provide data journal protection to
+ensure atomicity of data and metadata update. Because there must be
+additional space for metadata and journal, the available space for the
+device will be smaller than for length-preserving modes.
+
+The dm-crypt device then resides on top of such a dm-integrity device.
+All activation and deactivation of this device stack is performed by
+cryptsetup, there is no difference in using *luksOpen* for integrity
+protected devices. If you want to format LUKS2 device with data
+integrity protection, use *--integrity* option.
+
+Since dm-integrity doesn't support discards (TRIM), dm-crypt device on
+top of it inherits this, so integrity protection mode doesn't support
+discards either.
+
+Some integrity modes requires two independent keys (key for encryption
+and for authentication). Both these keys are stored in one LUKS keyslot.
+
+*WARNING:* All support for authenticated modes is experimental and there
+are only some modes available for now. Note that there are a very few
+authenticated encryption algorithms that are suitable for disk
+encryption. You also cannot use CRC32 or any other non-cryptographic
+checksums (other than the special integrity mode "none"). If for some
+reason you want to have integrity control without using authentication
+mode, then you should separately configure dm-integrity independently of
+LUKS2.
+
+=== Notes on loopback device use
+
+Cryptsetup is usually used directly on a block device (disk partition or
+LVM volume). However, if the device argument is a file, cryptsetup tries
+to allocate a loopback device and map it into this file. This mode
+requires Linux kernel 2.6.25 or more recent which supports the loop
+autoclear flag (loop device is cleared on the last close automatically).
+Of course, you can always map a file to a loop-device manually. See the
+cryptsetup FAQ for an example.
+
+When device mapping is active, you can see the loop backing file in the
+status command output. Also see losetup(8).
+
+=== LUKS2 header locking
+
+The LUKS2 on-disk metadata is updated in several steps and to achieve
+proper atomic update, there is a locking mechanism. For an image in
+file, code uses *flock(2)* system call. For a block device, lock is
+performed over a special file stored in a locking directory (by default
+*/run/cryptsetup*). The locking directory should be created with the
+proper security context by the distribution during the boot-up phase.
+Only LUKS2 uses locks, other formats do not use this mechanism.
+
+=== LUKS on-disk format specification
+
+For LUKS on-disk metadata specification see
+https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification[*LUKS1*] and
+https://gitlab.com/cryptsetup/LUKS2-docs[*LUKS2*].
+
+== AUTHORS
+
+Cryptsetup is originally written by mailto:jana@saout.de[Jana Saout]. +
+The LUKS extensions and original man page were written by
+mailto:clemens@endorphin.org[Clemens Fruhwirth]. +
+Man page extensions by mailto:gmazyland@gmail.com[Milan Broz]. +
+Man page rewrite and extension by mailto:arno@wagner.name[Arno Wagner].
+
+include::man/common_footer.adoc[]
+++ /dev/null
-.TH INTEGRITYSETUP "8" "January 2021" "integritysetup" "Maintenance Commands"
-.SH NAME
-integritysetup - manage dm-integrity (block level integrity) volumes
-.SH SYNOPSIS
-.B integritysetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-Integritysetup is used to configure dm-integrity managed device-mapper mappings.
-
-Device-mapper integrity target provides read-write transparent integrity
-checking of block devices. The dm-integrity target emulates additional data
-integrity field per-sector. You can use this additional field directly
-with integritysetup utility, or indirectly (for authenticated encryption)
-through cryptsetup.
-
-Integritysetup supports these operations:
-.PP
-\fIformat\fR <device>
-.IP
-Formats <device> (calculates space and dm-integrity superblock and wipes the device).
-
-\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-no\-wipe, \-\-journal\-size,
-\-\-interleave\-sectors, \-\-tag\-size, \-\-integrity, \-\-integrity\-key\-size,
-\-\-integrity\-key\-file, \-\-sector\-size, \-\-progress-frequency]
-
-.PP
-\fIopen\fR <device> <name>
-.br
-\fIcreate\fR <name> <device> (\fBOBSOLETE syntax\fR)
-.IP
-Open a mapping with <name> backed by device <device>.
-
-\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-journal\-watermark,
-\-\-journal\-commit\-time, \-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size,
-\-\-integrity\-key\-file, \-\-integrity\-no\-journal, \-\-integrity\-recalculate,
-\-\-integrity\-recovery\-mode, \-\-allow\-discards]
-
-.PP
-\fIclose\fR <name>
-.IP
-Removes existing mapping <name>.
-
-For backward compatibility, there is \fBremove\fR command alias
-for the \fBclose\fR command.
-.PP
-\fIstatus\fR <name>
-.IP
-Reports status for the active integrity mapping <name>.
-.PP
-\fIdump\fR <device>
-.IP
-Reports parameters from on-disk stored superblock.
-
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-batch\-mode"
-Do not ask for confirmation.
-.TP
-.B "\-\-progress-frequency <seconds>"
-Print separate line every <seconds> with wipe progress.
-.TP
-.B "\-\-no\-wipe"
-Do not wipe the device after format. A device that is not initially wiped will contain invalid checksums.
-.TP
-.B "\-\-journal\-size, \-j BYTES"
-Size of the journal.
-.TP
-.B "\-\-interleave\-sectors SECTORS"
-The number of interleaved sectors.
-.TP
-.B "\-\-integrity\-recalculate"
-Automatically recalculate integrity tags in kernel on activation.
-The device can be used during automatic integrity recalculation but becomes fully
-integrity protected only after the background operation is finished.
-This option is available since the Linux kernel version 4.19.
-.TP
-.B "\-\-journal\-watermark PERCENT"
-Journal watermark in percents. When the size of the journal exceeds this watermark,
-the journal flush will be started.
-.TP
-.B "\-\-journal\-commit\-time MS"
-Commit time in milliseconds. When this time passes (and no explicit flush operation was issued),
-the journal is written.
-.TP
-.B "\-\-tag\-size, \-t BYTES"
-Size of the integrity tag per-sector (here the integrity function will store authentication tag).
-
-\fBNOTE:\fR The size can be smaller that output size of the hash function, in that case only
-part of the hash will be stored.
-.TP
-.B "\-\-data\-device"
-Specify a separate data device that contains existing data. The <device> then will contain
-calculated integrity tags and journal for this data device.
-.TP
-.B "\-\-sector\-size, \-s BYTES"
-Sector size (power of two: 512, 1024, 2048, 4096).
-.TP
-.B "\-\-buffer\-sectors SECTORS"
-The number of sectors in one buffer.
-
-The tag area is accessed using buffers, the large buffer size means that the I/O size will
-be larger, but there could be less I/Os issued.
-.TP
-.B "\-\-integrity, \-I ALGORITHM"
-Use internal integrity calculation (standalone mode).
-The integrity algorithm can be CRC (crc32c/crc32) or hash function (sha1, sha256).
-
-For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
-.TP
-.B "\-\-integrity\-key\-size BYTES"
-The size of the data integrity key. Maximum is 4096 bytes.
-.TP
-.B "\-\-integrity\-key\-file FILE"
-The file with the integrity key.
-.TP
-.B "\-\-integrity\-no\-journal, \-D"
-Disable journal for integrity device.
-.TP
-.B "\-\-integrity\-bitmap\-mode. \-B"
-Use alternate bitmap mode (available since Linux kernel 5.2) where dm-integrity uses bitmap
-instead of a journal. If a bit in the bitmap is 1, the corresponding region's data and integrity tags
-are not synchronized - if the machine crashes, the unsynchronized regions will be recalculated.
-The bitmap mode is faster than the journal mode, because we don't have to write the data
-twice, but it is also less reliable, because if data corruption happens
-when the machine crashes, it may not be detected.
-.TP
-.B "\-\-bitmap\-sectors\-per\-bit SECTORS"
-Number of 512-byte sectors per bitmap bit, the value must be power of two.
-.TP
-.B "\-\-bitmap\-flush\-time MS"
-Bitmap flush time in milliseconds.
-.TP
-
-\fBWARNING:\fR
-In case of a crash, it is possible that the data and integrity tag doesn't match
-if the journal is disabled.
-.TP
-.B "\-\-integrity\-recovery\-mode. \-R"
-Recovery mode (no journal, no tag checking).
-.TP
-
-\fBNOTE:\fR The following options are intended for testing purposes only.
-Using journal encryption does not make sense without encryption the data,
-these options are internally used in authenticated disk encryption with \fBcryptsetup(8)\fR.
-.TP
-.B "\-\-journal\-integrity ALGORITHM"
-Integrity algorithm for journal area.
-See \-\-integrity option for detailed specification.
-.TP
-.B "\-\-journal\-integrity\-key\-size BYTES"
-The size of the journal integrity key. Maximum is 4096 bytes.
-.TP
-.B "\-\-journal\-integrity\-key\-file FILE"
-The file with the integrity key.
-.TP
-.B "\-\-journal\-crypt ALGORITHM"
-Encryption algorithm for journal data area.
-You can use a block cipher here such as cbc-aes or
-a stream cipher, for example, chacha20 or ctr-aes.
-.TP
-.B "\-\-journal\-crypt\-key\-size BYTES"
-The size of the journal encryption key. Maximum is 4096 bytes.
-.TP
-.B "\-\-journal\-crypt\-key\-file FILE"
-The file with the journal encryption key.
-.TP
-.B "\-\-allow\-discards\fR"
-Allow the use of discard (TRIM) requests for the device.
-This option is available since the Linux kernel version 5.7.
-.TP
-The dm-integrity target is available since Linux kernel version 4.12.
-.TP
-\fBNOTE:\fR
-Format and activation of an integrity device always require superuser
-privilege because the superblock is calculated and handled in dm-integrity kernel target.
-
-.SH LEGACY COMPATIBILITY OPTIONS
-.TP
-\fBWARNING:\fR
-Do not use these options until you need compatibility with specific old kernel.
-.TP
-.B "\-\-integrity\-legacy\-padding"
-Use inefficient legacy padding.
-.TP
-.B "\-\-integrity\-legacy\-hmac"
-Use old flawed HMAC calclation (also does not protect superblock).
-.TP
-.B "\-\-integrity\-legacy\-recalculate"
-Allow insecure recalculating of volumes with HMAC keys (recalcualtion offset in superblock
-is not protected).
-
-.SH RETURN CODES
-Integritysetup returns 0 on success and a non-zero value on error.
-
-Error codes are:
- 1 wrong parameters
- 2 no permission
- 3 out of memory
- 4 wrong device specified
- 5 device already exists, or device is busy.
-
-.SH EXAMPLES
-Format the device with default standalone mode (CRC32C):
-
-.B "integritysetup format <device>"
-
-Open the device with default parameters:
-
-.B "integritysetup open <device> test"
-
-Format the device in standalone mode for use with HMAC(SHA256):
-
-.B "integritysetup format <device> \-\-tag\-size 32 \-\-integrity hmac\-sha256 \
-\-\-integrity\-key\-file <keyfile> \-\-integrity\-key\-size <key_bytes>"
-
-Open (activate) the device with HMAC(SHA256) and HMAC key in file:
-
-.B "integritysetup open <device> test \-\-integrity hmac\-sha256 \
-\-\-integrity\-key\-file <keyfile> \-\-integrity\-key\-size <key_bytes>"
-
-Dump dm-integrity superblock information:
-
-.B "integritysetup dump <device>"
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-The integritysetup tool is written by Milan Broz <gmazyland@gmail.com>
-and is part of the cryptsetup project.
-.SH COPYRIGHT
-Copyright \(co 2016-2021 Red Hat, Inc.
-.br
-Copyright \(co 2016-2021 Milan Broz
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
-
-The integrity on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity\fR
--- /dev/null
+= integritysetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: integritysetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+integritysetup - manage dm-integrity (block level integrity) volumes
+
+== SYNOPSIS
+
+*integritysetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Integritysetup is used to configure dm-integrity managed device-mapper
+mappings.
+
+Device-mapper integrity target provides read-write transparent integrity
+checking of block devices. The dm-integrity target emulates an additional
+data integrity field per-sector. You can use this additional field
+directly with integritysetup utility, or indirectly (for authenticated
+encryption) through cryptsetup.
+
+== BASIC ACTIONS
+
+Integritysetup supports these operations:
+
+=== FORMAT
+*format <device>*
+
+Formats <device> (calculates space and dm-integrity superblock and wipes
+the device).
+
+*<options>* can be [--data-device, --batch-mode, --no-wipe,
+--journal-size, --interleave-sectors, --tag-size, --integrity,
+--integrity-key-size, --integrity-key-file, --sector-size,
+--progress-frequency, --progress-json].
+
+=== OPEN
+*open <device> <name>* +
+create <name> <device> (*OBSOLETE syntax*)
+
+Open a mapping with <name> backed by device <device>.
+
+*<options>* can be [--data-device, --batch-mode, --journal-watermark,
+--journal-commit-time, --buffer-sectors, --integrity,
+--integrity-key-size, --integrity-key-file, --integrity-no-journal,
+--integrity-recalculate,
+--integrity-recalculate-reset,--integrity-recovery-mode,
+--allow-discards].
+
+=== CLOSE
+*close <name>* +
+remove <name> (*OBSOLETE syntax*)
+
+Removes existing mapping <name>.
+
+*<options>* can be [--deferred] or [--cancel-deferred]
+
+=== STATUS
+*status <name>*
+
+Reports status for the active integrity mapping <name>.
+
+=== DUMP
+*dump <device>*
+
+Reports parameters from on-disk stored superblock.
+
+=== RESIZE
+*resize <name>*
+
+Resizes an active mapping <name>.
+
+If --size (in 512-bytes sectors) or --device-size are not specified, the
+size is computed from the underlying device. After resize, the
+*recalculating* flag is set. If --wipe flag is set and the size of the
+device is increased, the newly added section will be wiped.
+
+Increasing the size of integrity volumes is available since the Linux
+kernel version 5.7, shrinking should work on older kernels too.
+
+*<options>* can be [--size, --device-size, --wipe].
+
+== OPTIONS
+*--progress-frequency <seconds>*::
+Print separate line every <seconds> with wipe progress.
+
+*--progress-json*::
+Prints wipe progress data in json format suitable mostly for machine
+processing. It prints separate line every half second (or based on
+--progress-frequency value). The JSON output looks as follows during
+wipe progress (except it's compact single line):
++
+....
+{
+ "device":"/dev/sda" // backing device or file
+ "device_bytes":"8192", // bytes wiped so far
+ "device_size":"44040192", // total bytes to wipe
+ "speed":"126877696", // calculated speed in bytes per second (based on progress so far)
+ "eta_ms":"2520012" // estimated time to finish wipe in milliseconds
+ "time_ms":"5561235" // total time spent wiping device in milliseconds
+}
+....
++
+Note on numbers in JSON output: Due to JSON parsers limitations all
+numbers are represented in a string format due to need of full 64bit
+unsigned integers.
+
+*--no-wipe*::
+Do not wipe the device after format. A device that is not initially
+wiped will contain invalid checksums.
+
+*--wipe*::
+Wipe the newly allocated area after resize to bigger size. If this
+flag is not set, checksums will be calculated for the data previously
+stored in the newly allocated area.
+
+*--journal-size, -j BYTES*::
+Size of the journal.
+
+*--interleave-sectors SECTORS*::
+The number of interleaved sectors.
+
+*--integrity-recalculate*::
+Automatically recalculate integrity tags in kernel on activation. The
+device can be used during automatic integrity recalculation but
+becomes fully integrity protected only after the background operation
+is finished. This option is available since the Linux kernel version
+4.19.
+
+*--integrity-recalculate-reset*::
+Restart recalculation from the beginning of the device. It can be used
+to change the integrity checksum function. Note it does not change the
+tag length. This option is available since the Linux kernel version
+5.13.
+
+*--journal-watermark PERCENT*::
+Journal watermark in percents. When the size of the journal exceeds
+this watermark, the journal flush will be started.
+
+*--journal-commit-time MS*::
+Commit time in milliseconds. When this time passes (and no explicit
+flush operation was issued), the journal is written.
+
+*--tag-size, -t BYTES*::
+Size of the integrity tag per-sector (here the integrity function will
+store authentication tag).
++
+*NOTE:* The size can be smaller that output size of the hash function,
+in that case only part of the hash will be stored.
+
+*--data-device <data_device>*::
+Specify a separate data device that contains existing data. The
+<device> then will contain calculated integrity tags and journal for
+data on <data_device>.
++
+*NOTE:* To not wipe the data device after initial format, also specify
+--no-wipe option and activate with --integrity-recalculate to
+automatically recalculate integrity tags.
+
+*--sector-size, -s BYTES*::
+Sector size (power of two: 512, 1024, 2048, 4096).
+
+*--buffer-sectors SECTORS*::
+The number of sectors in one buffer.
++
+The tag area is accessed using buffers, the large buffer size means that
+the I/O size will be larger, but there could be less I/Os issued.
+
+*--integrity, -I ALGORITHM*::
+Use internal integrity calculation (standalone mode). The integrity
+algorithm can be CRC (crc32c/crc32), non-cryptographic hash function
+(xxhash64) or hash function (sha1, sha256).
++
+For HMAC (hmac-sha256) you have also to specify an integrity key and its
+size.
+
+*--integrity-key-size BYTES*::
+The size of the data integrity key. Maximum is 4096 bytes.
+
+*--integrity-key-file FILE*::
+The file with the integrity key.
+
+*--integrity-no-journal, -D*::
+Disable journal for integrity device.
+
+*--integrity-bitmap-mode. -B*::
+Use alternate bitmap mode (available since Linux kernel 5.2) where
+dm-integrity uses bitmap instead of a journal. If a bit in the bitmap
+is 1, the corresponding region's data and integrity tags are not
+synchronized - if the machine crashes, the unsynchronized regions will
+be recalculated. The bitmap mode is faster than the journal mode,
+because we don't have to write the data twice, but it is also less
+reliable, because if data corruption happens when the machine crashes,
+it may not be detected.
+
+*--bitmap-sectors-per-bit SECTORS*::
+Number of 512-byte sectors per bitmap bit, the value must be power of
+two.
+
+*--bitmap-flush-time MS*::
+Bitmap flush time in milliseconds.
++
+*WARNING:*::
+In case of a crash, it is possible that the data and integrity tag
+doesn't match if the journal is disabled.
+
+*--integrity-recovery-mode. -R*::
+Recovery mode (no journal, no tag checking).
+
+*NOTE:* The following options are intended for testing purposes only.:
+Using journal encryption does not make sense without encryption the
+data, these options are internally used in authenticated disk
+encryption with *cryptsetup(8)*.
+
+*--journal-integrity ALGORITHM*::
+Integrity algorithm for journal area. See --integrity option for
+detailed specification.
+
+*--journal-integrity-key-size BYTES*::
+The size of the journal integrity key. Maximum is 4096 bytes.
+
+*--journal-integrity-key-file FILE*::
+The file with the integrity key.
+
+*--journal-crypt ALGORITHM*::
+Encryption algorithm for journal data area. You can use a block cipher
+here such as cbc-aes or a stream cipher, for example, chacha20 or
+ctr-aes.
+
+*--journal-crypt-key-size BYTES*::
+The size of the journal encryption key. Maximum is 4096 bytes.
+
+*--journal-crypt-key-file FILE*::
+The file with the journal encryption key.
+
+*--allow-discards*::
+Allow the use of discard (TRIM) requests for the device. This option
+is available since the Linux kernel version 5.7.
+
+*--deferred*::
+Defers device removal in *close* command until the last user closes
+it.
+
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in *close*
+command.
+
+*--verbose, -v*::
+Print more information on command execution.
+
+*--debug*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
+
+*--version, -V*::
+Show the program version.
+
+*--batch-mode, -q*::
+Do not ask for confirmation.
+
+*--usage*::
+Show short option help.
+
+*--help, -?*::
+Show help text and default parameters.
+
+== LEGACY COMPATIBILITY OPTIONS
+
+*WARNING:*::
+Do not use these options until you need compatibility with specific
+old kernel.
+
+*--integrity-legacy-padding*::
+Use inefficient legacy padding.
+
+*--integrity-legacy-hmac*::
+Use old flawed HMAC calculation (also does not protect superblock).
+
+*--integrity-legacy-recalculate*::
+Allow insecure recalculating of volumes with HMAC keys (recalculation
+offset in superblock is not protected).
+
+== RETURN CODES
+
+Integritysetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory,
+*4* wrong device specified, *5* device already exists or device is busy.
+
+== NOTES
+The dm-integrity target is available since Linux kernel version 4.12.
+
+Format and activation of an integrity device always require superuser
+privilege because the superblock is calculated and handled in
+dm-integrity kernel target.
+
+== EXAMPLES
+
+Format the device with default standalone mode (CRC32C):
+
+*integritysetup format <device>*
+
+Open the device with default parameters:
+
+*integritysetup open <device> test*
+
+Format the device in standalone mode for use with HMAC(SHA256):
+
+*integritysetup format <device> --tag-size 32 --integrity hmac-sha256
+--integrity-key-file <keyfile> --integrity-key-size <key_bytes>*
+
+Open (activate) the device with HMAC(SHA256) and HMAC key in file:
+
+*integritysetup open <device> test --integrity hmac-sha256
+--integrity-key-file <keyfile> --integrity-key-size <key_bytes>*
+
+Dump dm-integrity superblock information:
+
+*integritysetup dump <device>*
+
+== DM-INTEGRITY ON-DISK FORMAT
+
+The on-disk format specification available at
+https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity[*DMIntegrity*] page.
+
+== AUTHORS
+
+The integritysetup tool is written by mailto:gmazyland@gmail.com[Milan Broz].
+
+include::man/common_footer.adoc[]
+++ /dev/null
-.TH VERITYSETUP "8" "January 2021" "veritysetup" "Maintenance Commands"
-.SH NAME
-veritysetup - manage dm-verity (block level verification) volumes
-.SH SYNOPSIS
-.B veritysetup <options> <action> <action args>
-.SH DESCRIPTION
-.PP
-Veritysetup is used to configure dm-verity managed device-mapper mappings.
-
-Device-mapper verity target provides read-only transparent integrity
-checking of block devices using kernel crypto API.
-
-The dm-verity devices are always read-only.
-
-Veritysetup supports these operations:
-.PP
-\fIformat\fR <data_device> <hash_device>
-.IP
-Calculates and permanently stores hash verification data for data_device.
-Hash area can be located on the same device after data if specified
-by \-\-hash\-offset option.
-
-Note you need to provide root hash string for device verification
-or activation. Root hash must be trusted.
-
-The data or hash device argument can be block device or file image.
-If hash device path doesn't exist, it will be created as file.
-
-\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
-\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
-\-\-salt, \-\-uuid]
-.PP
-\fIopen\fR <data_device> <name> <hash_device> <root_hash>
-.br
-\fIcreate\fR <name> <data_device> <hash_device> <root_hash> (\fBOBSOLETE syntax\fR)
-.IP
-Creates a mapping with <name> backed by device <data_device> and using
-<hash_device> for in-kernel verification.
-
-The <root_hash> is a hexadecimal string.
-
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
-\-\-ignore-corruption or \-\-restart-on-corruption, \-\-panic-on-corruption,
-\-\-ignore-zero-blocks, \-\-check-at-most-once, \-\-root-hash-signature]
-
-If option \-\-no-superblock is used, you have to use as the same options
-as in initial format operation.
-.PP
-\fIverify\fR <data_device> <hash_device> <root_hash>
-.IP
-Verifies data on data_device with use of hash blocks stored on hash_device.
-
-This command performs userspace verification, no kernel device is created.
-
-The <root_hash> is a hexadecimal string.
-
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
-
-If option \-\-no-superblock is used, you have to use as the same options
-as in initial format operation.
-.PP
-\fIclose\fR <name>
-.IP
-Removes existing mapping <name>.
-
-For backward compatibility there is \fBremove\fR command alias
-for \fBclose\fR command.
-.PP
-\fIstatus\fR <name>
-.IP
-Reports status for the active verity mapping <name>.
-.PP
-\fIdump\fR <hash_device>
-.IP
-Reports parameters of verity device from on-disk stored superblock.
-
-\fB<options>\fR can be [\-\-no-superblock]
-.SH OPTIONS
-.TP
-.B "\-\-verbose, \-v"
-Print more information on command execution.
-.TP
-.B "\-\-debug"
-Run in debug mode with full diagnostic logs. Debug output
-lines are always prefixed by '#'.
-.TP
-.B "\-\-no-superblock"
-Create or use dm-verity without permanent on-disk superblock.
-.TP
-.B "\-\-format=number"
-Specifies the hash version type.
-Format type 0 is original Chrome OS version. Format type 1 is current version.
-.TP
-.B "\-\-data-block-size=bytes"
-Used block size for the data device.
-(Note kernel supports only page-size as maximum here.)
-.TP
-.B "\-\-hash-block-size=bytes"
-Used block size for the hash device.
-(Note kernel supports only page-size as maximum here.)
-.TP
-.B "\-\-data-blocks=blocks"
-Size of data device used in verification.
-If not specified, the whole device is used.
-.TP
-.B "\-\-hash-offset=bytes"
-Offset of hash area/superblock on hash_device.
-Value must be aligned to disk sector offset.
-.TP
-.B "\-\-salt=hex string"
-Salt used for format or verification.
-Format is a hexadecimal string.
-.TP
-.B "\-\-uuid=UUID"
-Use the provided UUID for format command instead of generating new one.
-
-The UUID must be provided in standard UUID format,
-e.g. 12345678-1234-1234-1234-123456789abc.
-.TP
-.B "\-\-ignore-corruption", "\-\-restart-on-corruption", "\-\-panic-on-corruption"
-Defines what to do if data integrity problem is detected (data corruption).
-
-Without these options kernel fails the IO operation with I/O error.
-With \-\-ignore-corruption option the corruption is only logged.
-With \-\-restart-on-corruption or \-\-panic-on-corruption the kernel
-is restarted (panicked) immediately.
-(You have to provide way how to avoid restart loops.)
-
-\fBWARNING:\fR Use these options only for very specific cases.
-These options are available since Linux kernel version 4.1.
-.TP
-.B "\-\-ignore-zero-blocks"
-Instruct kernel to not verify blocks that are expected to contain zeroes
-and always directly return zeroes instead.
-
-\fBWARNING:\fR Use this option only in very specific cases.
-This option is available since Linux kernel version 4.5.
-.TP
-.B "\-\-check-at-most-once"
-Instruct kernel to verify blocks only the first time they are read
-from the data device, rather than every time.
-
-\fBWARNING:\fR It provides a reduced level of security because only
-offline tampering of the data device's content will be detected,
-not online tampering.
-This option is available since Linux kernel version 4.17.
-.TP
-.B "\-\-hash=hash"
-Hash algorithm for dm-verity. For default see \-\-help option.
-.TP
-.B "\-\-version"
-Show the program version.
-.TP
-.B "\-\-fec-device=fec_device"
-Use forward error correction (FEC) to recover from corruption if hash verification fails.
-Use encoding data from the specified device.
-
-The fec device argument can be block device or file image.
-For format, if fec device path doesn't exist, it will be created as file.
-
-Block sizes for data and hash devices must match.
-Also, if the verity data_device is encrypted the fec_device should be too.
-
-FEC calculation covers data, hash area, and optional foreign metadata stored on the same
-device with the hash tree (additional space after hash area).
-Size of this optional additional area protected by FEC is calculated from image sizes,
-so you must be sure that you use the same images for activation.
-
-If the hash device is in a separate image, metadata covers the whole rest of the image after the hash area.
-
-If hash and FEC device is in the image, metadata ends on the FEC area offset.
-
-.TP
-.B "\-\-fec-offset=bytes"
-This is the offset, in bytes, from the start of the FEC device to the beginning of the encoding data.
-.TP
-.B "\-\-fec-roots=num"
-Number of generator roots. This equals to the number of parity bytes in the encoding data.
-In RS(M, N) encoding, the number of roots is M-N. M is 255 and M-N is between 2 and 24 (including).
-.TP
-.B "\-\-root-hash-signature=FILE"
-Path to roothash signature file used to verify the root hash (in kernel).
-This feature requires Linux kernel version 5.4 or more recent.
-.TP
-.SH RETURN CODES
-Veritysetup returns 0 on success and a non-zero value on error.
-
-Error codes are:
- 1 wrong parameters
- 2 no permission
- 3 out of memory
- 4 wrong device specified
- 5 device already exists or device is busy.
-
-.SH EXAMPLES
-.B "veritysetup \-\-data-blocks=256 format <data_device> <hash_device>"
-
-Calculates and stores verification data on hash_device for the first 256 blocks (of block-size).
-If hash_device does not exist, it is created (as file image).
-
-.B "veritysetup format <data_device> <hash_device>"
-
-Calculates and stores verification data on hash_device for the whole data_device.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 format <device> <device>"
-
-Verification data (hashes) is stored on the same device as data (starting at hash-offset).
-Hash-offset must be greater than number of blocks in data-area.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 create test-device <device> <device> <root_hash>"
-
-Activates the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same
-as in the format command. The <root_hash> was calculated in format command.
-
-.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 verify <data_device> <hash_device> <root_hash>"
-
-Verifies device without activation (in userspace).
-
-.B "veritysetup \-\-fec-device=<fec_device> \-\-fec-roots=10 format <data_device> <hash_device>"
-
-Calculates and stores verification and encoding data for data_device.
-
-.SH REPORTING BUGS
-Report bugs, including ones in the documentation, on
-the cryptsetup mailing list at <dm-crypt@saout.de>
-or in the 'Issues' section on LUKS website.
-Please attach the output of the failed command with the
-\-\-debug option added.
-.SH AUTHORS
-The first implementation of veritysetup was written by Chrome OS authors.
-
-This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
-and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
-.SH COPYRIGHT
-Copyright \(co 2012-2021 Red Hat, Inc.
-.br
-Copyright \(co 2012-2021 Milan Broz
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-.SH SEE ALSO
-The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
-
-The verity on-disk format specification available at
-\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity\fR
--- /dev/null
+= veritysetup(8)
+:doctype: manpage
+:manmanual: Maintenance Commands
+:mansource: veritysetup {release-version}
+:man-linkstyle: pass:[blue R < >]
+
+== NAME
+
+veritysetup - manage dm-verity (block level verification) volumes
+
+== SYNOPSIS
+
+*veritysetup <action> [<options>] <action args>*
+
+== DESCRIPTION
+
+Veritysetup is used to configure dm-verity managed device-mapper
+mappings.
+
+Device-mapper verity target provides read-only transparent integrity
+checking of block devices using kernel crypto API.
+
+The dm-verity devices are always read-only.
+
+== BASIC ACTIONS
+
+Veritysetup supports these operations:
+
+=== FORMAT
+*format <data_device> <hash_device>*
+
+Calculates and permanently stores hash verification data for
+data_device. Hash area can be located on the same device after data if
+specified by --hash-offset option.
+
+Note you need to provide root hash string for device verification or
+activation. Root hash must be trusted.
+
+The data or hash device argument can be block device or file image. If
+hash device path doesn't exist, it will be created as file.
+
+*<options>* can be [--hash, --no-superblock, --format,
+--data-block-size, --hash-block-size, --data-blocks, --hash-offset,
+--salt, --uuid, --root-hash-file].
+
+If option --root-hash-file is used, the root hash is stored in
+hex-encoded text format in <path>.
+
+=== OPEN
+*open <data_device> <name> <hash_device> <root_hash>* +
+*open <data_device> <name> <hash_device> --root-hash-file <path>* +
+create <name> <data_device> <hash_device> <root_hash> (*OBSOLETE syntax*)
+
+Creates a mapping with <name> backed by device <data_device> and using
+<hash_device> for in-kernel verification.
+
+The <root_hash> is a hexadecimal string.
+
+*<options>* can be [--hash-offset, --no-superblock, --ignore-corruption
+or --restart-on-corruption, --panic-on-corruption, --ignore-zero-blocks,
+--check-at-most-once, --root-hash-signature, --root-hash-file, --use-tasklets].
+
+If option --root-hash-file is used, the root hash is read from <path>
+instead of from the command line parameter. Expects hex-encoded text,
+without terminating newline.
+
+If option --no-superblock is used, you have to use as the same options
+as in initial format operation.
+
+=== VERIFY
+*verify <data_device> <hash_device> <root_hash>* +
+*verify <data_device> <hash_device> --root-hash-file <path>*
+
+Verifies data on data_device with use of hash blocks stored on
+hash_device.
+
+This command performs userspace verification, no kernel device is
+created.
+
+The <root_hash> is a hexadecimal string.
+
+If option --root-hash-file is used, the root hash is read from <path>
+instead of from the command line parameter. Expects hex-encoded text,
+without terminating newline.
+
+*<options>* can be [--hash-offset, --no-superblock, --root-hash-file].
+
+If option --no-superblock is used, you have to use as the same options
+as in initial format operation.
+
+=== CLOSE
+*close <name>* +
+remove <name> (*OBSOLETE syntax*)
+
+Removes existing mapping <name>.
+
+*<options>* can be [--deferred] or [--cancel-deferred].
+
+=== STATUS
+*status <name>*
+
+Reports status for the active verity mapping <name>.
+
+=== DUMP
+*dump <hash_device>*
+
+Reports parameters of verity device from on-disk stored superblock.
+
+*<options>* can be [--hash-offset].
+
+== OPTIONS
+
+*--no-superblock*::
+Create or use dm-verity without permanent on-disk superblock.
+
+*--format=number*::
+Specifies the hash version type. Format type 0 is original Chrome OS
+version. Format type 1 is current version.
+
+*--data-block-size=bytes*::
+Used block size for the data device. (Note kernel supports only
+page-size as maximum here.)
+
+*--hash-block-size=bytes*::
+Used block size for the hash device. (Note kernel supports only
+page-size as maximum here.)
+
+*--data-blocks=blocks*::
+Size of data device used in verification. If not specified, the whole
+device is used.
+
+*--hash-offset=bytes*::
+Offset of hash area/superblock on hash_device. Value must be aligned
+to disk sector offset.
+
+*--salt=hex string*::
+Salt used for format or verification. Format is a hexadecimal string.
+
+*--uuid=UUID*::
+Use the provided UUID for format command instead of generating new
+one.
++
+The UUID must be provided in standard UUID format, e.g.
+12345678-1234-1234-1234-123456789abc.
+*--ignore-corruption , --restart-on-corruption ,
+--panic-on-corruption*::
+Defines what to do if data integrity problem is detected (data
+corruption).
++
+Without these options kernel fails the IO operation with I/O error. With
+--ignore-corruption option the corruption is only logged. With
+--restart-on-corruption or --panic-on-corruption the kernel is restarted
+(panicked) immediately. (You have to provide way how to avoid restart
+loops.)
++
+*WARNING:* Use these options only for very specific cases. These options
+are available since Linux kernel version 4.1.
+
+*--ignore-zero-blocks*::
+Instruct kernel to not verify blocks that are expected to contain
+zeroes and always directly return zeroes instead.
++
+*WARNING:* Use this option only in very specific cases. This option is
+available since Linux kernel version 4.5.
+
+*--check-at-most-once*::
+Instruct kernel to verify blocks only the first time they are read
+from the data device, rather than every time.
++
+*WARNING:* It provides a reduced level of security because only offline
+tampering of the data device's content will be detected, not online
+tampering. This option is available since Linux kernel version 4.17.
+
+*--hash=hash*::
+Hash algorithm for dm-verity. For default see --help option.
+
+*--fec-device=fec_device*::
+Use forward error correction (FEC) to recover from corruption if hash
+verification fails. Use encoding data from the specified device.
++
+The fec device argument can be block device or file image. For format,
+if fec device path doesn't exist, it will be created as file.
++
+Block sizes for data and hash devices must match. Also, if the verity
+data_device is encrypted the fec_device should be too.
++
+FEC calculation covers data, hash area, and optional foreign metadata
+stored on the same device with the hash tree (additional space after
+hash area). Size of this optional additional area protected by FEC is
+calculated from image sizes, so you must be sure that you use the same
+images for activation.
++
+If the hash device is in a separate image, metadata covers the whole
+rest of the image after the hash area.
++
+If hash and FEC device is in the image, metadata ends on the FEC area
+offset.
+
+*--fec-offset=bytes*::
+This is the offset, in bytes, from the start of the FEC device to the
+beginning of the encoding data.
+
+*--fec-roots=num*::
+Number of generator roots. This equals to the number of parity bytes
+in the encoding data. In RS(M, N) encoding, the number of roots is
+M-N. M is 255 and M-N is between 2 and 24 (including).
+
+*--root-hash-file=FILE*::
+Path to file with stored root hash in hex-encoded text.
+
+*--root-hash-signature=FILE*::
+Path to root hash signature file used to verify the root hash (in
+kernel). This feature requires Linux kernel version 5.4 or more
+recent.
+
+*--use-tasklets*::
+Try to use kernel tasklets in dm-verity driver for performance reasons.
+This option is available since Linux kernel version 6.0.
+
+*--deferred*::
+Defers device removal in *close* command until the last user closes
+it.
+
+*--cancel-deferred*::
+Removes a previously configured deferred device removal in *close*
+command.
+
+*--verbose, -v*::
+Print more information on command execution.
+
+*--debug*::
+Run in debug mode with full diagnostic logs. Debug output lines are
+always prefixed by *#*.
+
+*--version, -V*::
+Show the program version.
+
+*--batch-mode, -q*::
+Do not ask for confirmation.
+
+*--usage*::
+Show short option help.
+
+*--help, -?*::
+Show help text and default parameters.
+
+== RETURN CODES
+
+Veritysetup returns *0* on success and a non-zero value on error.
+
+Error codes are: *1* wrong parameters, *2* no permission, *3* out of memory,
+*4* wrong device specified, *5* device already exists or device is busy.
+
+== EXAMPLES
+
+*veritysetup --data-blocks=256 format <data_device> <hash_device>*
+
+Calculates and stores verification data on hash_device for the first 256
+blocks (of block-size). If hash_device does not exist, it is created (as
+file image).
+
+*veritysetup format --root-hash-file <path> <data_device> <hash_device>*
+
+Calculates and stores verification data on hash_device for the whole
+data_device, and store the root hash as hex-encoded text in <path>.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 format <device>
+<device>*
+
+Verification data (hashes) is stored on the same device as data
+(starting at hash-offset). Hash-offset must be greater than number of
+blocks in data-area.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 create test-device
+<device> <device> <root_hash>*
+
+Activates the verity device named test-device. Options --data-blocks and
+--hash-offset are the same as in the format command. The <root_hash> was
+calculated in format command.
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 verify
+<data_device> <hash_device> <root_hash>*
+
+Verifies device without activation (in userspace).
+
+*veritysetup --data-blocks=256 --hash-offset=1052672 --root-hash-file
+<path> verify <data_device> <hash_device>*
+
+Verifies device without activation (in userspace). Root hash passed via
+a file rather than inline.
+
+*veritysetup --fec-device=<fec_device> --fec-roots=10 format
+<data_device> <hash_device>*
+
+Calculates and stores verification and encoding data for data_device.
+
+== DM-VERITY ON-DISK SPECIFICATION
+
+The on-disk format specification is available at
+https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity[*DMVerity*] page.
+
+== AUTHORS
+
+The first implementation of veritysetup was written by Chrome OS
+authors.
+
+This version is based on verification code written by
+mailto:mpatocka@redhat.com[Mikulas Patocka] and rewritten for libcryptsetup
+by mailto:gmazyland@gmail.com[Milan Broz].
+
+include::man/common_footer.adoc[]
+++ /dev/null
-Example of simple dracut module for reencryption of system
-LUKS drive on-the-fly.
-
-Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then
-build special initramfs "with dracut -a reencrypt -o crypt".
-Reencrypt module doesn't work (has a conflict) with crypt module as
-of now. After successful reencryption reboot using original initramfs.
-
-Dracut then recognize argument rd.luks.reencrypt=name:size,
-e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
-will be reencrypted (default is whole device).
-(Name is kernel name of device.)
-
-If there's more than single active keyslot in the target luks device
-you're required to select one keyslot explicitly for reencryption via
-rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
-if you use this option, all other keyslots will get deactivated in the
-process.
-
-Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
-can be used to read password for specific keyslot from device containing
-filesystem with a keyfile (file with a password). If you omit reencrypt_key
-argument, reencryption would work only in case a LUKS container has
-exactly one keyslot activated.
-
-Arguments rd.luks.reencrypt_keyslot and rd.luks.reencrypt_key are not
-mandatory.
-
-Note that reencryption context is stored in ramdisk, any
-fail can mean complete lost of data!
-
-Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
-
-This copyrighted material is made available to anyone wishing to use,
-modify, copy, or redistribute it subject to the terms and conditions
-of the GNU General Public License v.2.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software Foundation,
-Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+++ /dev/null
-#!/bin/bash
-
-which cryptsetup-reencrypt >/dev/null 2>&1 || exit 1
-
-exit 0
+++ /dev/null
-#!/bin/bash
-
-inst cryptsetup-reencrypt
-
-inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
-inst "$moddir"/reencrypt.sh /sbin/reencrypt
+++ /dev/null
-#!/bin/bash
-
-check() {
- [ -x /sbin/cryptsetup-reencrypt ] || return 1
- return 255
-}
-
-depends() {
- echo dm rootfs-block
-}
-
-installkernel() {
- # requires hostonly='' override so that loop module is pulled in initramfs
- # even if not loaded in actual kernel. dracut bug?
- hostonly='' instmods dm_crypt =crypto loop
-}
-
-install() {
- if dracut_module_included crypt; then
- derror "'reencrypt' can't be installed together with 'crypt'."
- derror "Add '-o crypt' option to install reencrypt module."
- return 1
- fi
-
- dracut_install cryptsetup-reencrypt
-
- # moddir variable is assigned in dracut general shell lib
- # shellcheck disable=SC2154
- inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
- inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
- inst_simple "$moddir"/reencrypt-verbose.sh /sbin/cryptsetup-reencrypt-verbose
-}
+++ /dev/null
-#!/bin/sh
-
-REENC=$(getargs rd.luks.reencrypt=)
-# shellcheck disable=SC2086
-REENC_DEV=$(echo $REENC | sed 's/:.*//')
-# shellcheck disable=SC2086
-REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')
-
-REENC_KEY=$(getargs rd.luks.reencrypt_key=)
-if [ -z "$REENC_KEY" ] ; then
- REENC_KEY=none
-fi
-
-REENC_SLOT=$(getargs rd.luks.reencrypt_keyslot=)
-if [ -z "$REENC_SLOT" ] ; then
- REENC_SLOT=any
-fi
-
-# shellcheck disable=SC2086
-# shellcheck disable=SC1004
-# shellcheck disable=SC2016
-if [ -n "$REENC_DEV" ] ; then
-{
- printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
- printf 'ACTION!="add|change", GOTO="reenc_end"\n'
- printf 'KERNEL=="%s", ' $REENC_DEV
- printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
- --unique --onetime --settled --name crypt-reencrypt-%%k \
- /sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_KEY $REENC_SLOT $REENC_SIZE"
-
- printf 'ENV{ID_FS_UUID}=="*%s*", ' $REENC_DEV
- printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
- --unique --onetime --settled --name crypt-reencrypt-%%k \
- /sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_KEY $REENC_SLOT $REENC_SIZE"
- printf 'LABEL="reenc_end"\n'
-} > /etc/udev/rules.d/69-reencryption.rules
- initqueue --unique --finished --name crypt-reencrypt-finished-${REENC_DEV} [ -e /tmp/reencrypted ]
-fi
+++ /dev/null
-#!/bin/sh
-
-# Route stdout to stderr in initrd. Otherwise output is invisible
-# unless we run in debug mode.
-# shellcheck disable=SC2068
-/sbin/cryptsetup-reencrypt $@ 1>&2
+++ /dev/null
-#!/bin/sh
-#
-# $1=$device [$2=keyfile|none [$3=keyslot|any [$4=size]]]
-#
-
-[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
-
-[ -d /sys/module/loop ] || modprobe loop
-
-[ -f /tmp/reencrypted ] && exit 0
-
-. /lib/dracut-lib.sh
-
-# if device name is /dev/dm-X, convert to /dev/mapper/name
-if [ "${1##/dev/dm-}" != "$1" ]; then
- device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
-else
- device="$1"
-fi
-
-PARAMS="$device -T 1 --use-fsync --progress-frequency 5 -B 32"
-if [ "$3" != "any" ]; then
- PARAMS="$PARAMS -S $3"
-fi
-
-if [ -n "$4" ]; then
- PARAMS="$PARAMS --device-size $4"
-fi
-
-reenc_readkey() {
- keypath="${1#*:}"
- keydev="${1%%:*}"
-
- mntp="/tmp/reencrypted-mount-tmp"
- mkdir "$mntp"
- mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
- umount "$mntp"
- rm -r "$mntp"
-}
-
-# shellcheck disable=SC2086
-# shellcheck disable=SC2164
-reenc_run() {
- cwd=$(pwd)
- _prompt="LUKS password for REENCRYPTING $device"
- cd /tmp
- udevadm settle
- if [ "$1" = "none" ] ; then
- if [ "$2" != "any" ]; then
- _prompt="$_prompt, using keyslot $2"
- fi
- /bin/plymouth ask-for-password \
- --prompt "$_prompt" \
- --command="/sbin/cryptsetup-reencrypt-verbose $PARAMS"
- else
- info "REENCRYPT using key $1"
- reenc_readkey "$1" | /sbin/cryptsetup-reencrypt-verbose -d - $PARAMS
- fi
- _ret=$?
- cd $cwd
-}
-
-info "REENCRYPT $device requested"
-# flock against other interactive activities
-# shellcheck disable=SC2086
-{ flock -s 9;
- reenc_run $2 $3
-} 9>/.console_lock
-
-if [ $_ret -eq 0 ]; then
- # do not ask again
- # shellcheck disable=SC2188
- >> /tmp/reencrypted
- warn "Reencryption of device $device has finished successfully. Use previous"
- warn "initramfs image (without reencrypt module) to boot the system. When"
- warn "you leave the emergency shell, the system will reboot."
-
- emergency_shell -n "(reboot)"
- [ -x /usr/bin/systemctl ] && /usr/bin/systemctl reboot
- [ -x /sbin/shutdown ] && /sbin/shutdown -r now
-fi
-
-# panic the kernel otherwise
-exit 1
--- /dev/null
+# Simplified version of RPM spec for Fedora
+
+Summary: Utility for setting up encrypted disks
+Name: cryptsetup
+Version: 2.5.0
+Release: 1%{?dist}
+License: GPLv2+ and LGPLv2+
+URL: https://gitlab.com/cryptsetup/cryptsetup
+BuildRequires: autoconf, automake, libtool, gettext-devel,
+BuildRequires: openssl-devel, popt-devel, device-mapper-devel
+BuildRequires: libuuid-devel, gcc, json-c-devel, libargon2-devel
+BuildRequires: libpwquality-devel, libblkid-devel
+BuildRequires: make libssh-devel
+BuildRequires: asciidoctor
+Requires: cryptsetup-libs = %{version}-%{release}
+Requires: libpwquality >= 1.2.0
+Obsoletes: %{name}-reencrypt <= %{version}
+Provides: %{name}-reencrypt = %{version}
+
+%global upstream_version %{version_no_tilde}
+Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{upstream_version}.tar.xz
+
+%description
+The cryptsetup package contains a utility for setting up
+disk encryption using dm-crypt kernel module.
+
+%package devel
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
+Summary: Headers and libraries for using encrypted file systems
+
+%description devel
+The cryptsetup-devel package contains libraries and header files
+used for writing code that makes use of disk encryption.
+
+%package libs
+Summary: Cryptsetup shared library
+
+%description libs
+This package contains the cryptsetup shared library, libcryptsetup.
+
+%package ssh-token
+Summary: Cryptsetup LUKS2 SSH token
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description ssh-token
+This package contains the LUKS2 SSH token.
+
+%package -n veritysetup
+Summary: A utility for setting up dm-verity volumes
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description -n veritysetup
+The veritysetup package contains a utility for setting up
+disk verification using dm-verity kernel module.
+
+%package -n integritysetup
+Summary: A utility for setting up dm-integrity volumes
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description -n integritysetup
+The integritysetup package contains a utility for setting up
+disk integrity protection using dm-integrity kernel module.
+
+%prep
+%autosetup -n cryptsetup-%{upstream_version} -p 1
+
+%build
+# force regeneration of manual pages from AsciiDoc
+rm -f man/*.8
+
+./autogen.sh
+%configure --enable-fips --enable-pwquality --enable-libargon2 --enable-asciidoc
+%make_build
+
+%install
+%make_install
+rm -rf %{buildroot}%{_libdir}/*.la
+rm -rf %{buildroot}%{_libdir}/%{name}/*.la
+
+%find_lang cryptsetup
+
+%ldconfig_scriptlets -n cryptsetup-libs
+
+%files
+%license COPYING
+%doc AUTHORS FAQ.md docs/*ReleaseNotes
+%{_mandir}/man8/cryptsetup.8.gz
+%{_mandir}/man8/cryptsetup-*.8.gz
+%{_sbindir}/cryptsetup
+
+%files -n veritysetup
+%license COPYING
+%{_mandir}/man8/veritysetup.8.gz
+%{_sbindir}/veritysetup
+
+%files -n integritysetup
+%license COPYING
+%{_mandir}/man8/integritysetup.8.gz
+%{_sbindir}/integritysetup
+
+%files devel
+%doc docs/examples/*
+%{_includedir}/libcryptsetup.h
+%{_libdir}/libcryptsetup.so
+%{_libdir}/pkgconfig/libcryptsetup.pc
+
+%files libs -f cryptsetup.lang
+%license COPYING COPYING.LGPL
+%{_libdir}/libcryptsetup.so.*
+%dir %{_libdir}/%{name}/
+%{_tmpfilesdir}/cryptsetup.conf
+%ghost %attr(700, -, -) %dir /run/cryptsetup
+
+%files ssh-token
+%license COPYING COPYING.LGPL
+%{_libdir}/%{name}/libcryptsetup-token-ssh.so
+%{_mandir}/man8/cryptsetup-ssh.8.gz
+%{_sbindir}/cryptsetup-ssh
+
+%changelog
"\n"
"This tool checks all keyslots of a LUKS device for \n"
"low entropy sections. If any are found, they are reported. \n"
-"This allows to find areas damaged by things like filesystem \n"
+"This allows one to find areas damaged by things like filesystem \n"
"creation or RAID superblocks. \n"
"\n"
"Options: \n"
+++ /dev/null
-TARGET=keyslot_test
-CFLAGS=-O0 -g -Wall -D_GNU_SOURCE -I ../../lib/
-LDLIBS=-ljson-c -luuid -lgcrypt -ldevmapper -lpthread -lssh
-CC=gcc
-
-TARGET2=keyslot_test_remote_pass
-
-SOURCES=keyslot_test.c
-OBJECTS=$(SOURCES:.c=.o)
-SOURCES2=keyslot_test_remote_pass.c
-OBJECTS2=$(SOURCES2:.c=.o)
-
-all: $(TARGET) $(TARGET2) $(TARGET4)
-
-$(TARGET): $(OBJECTS) ../../.libs/libcryptsetup.a
- $(CC) -o $@ $^ $(LDLIBS)
-
-$(TARGET2): $(OBJECTS2) ../../.libs/libcryptsetup.a
- $(CC) -o $@ $^ $(LDLIBS)
-
-clean:
- rm -f *.o *~ core $(TARGET) $(TARGET2)
-
-.PHONY: clean
+++ /dev/null
-to create LUKSv2 container run:
-
-$(top_level_dir)/src/cryptsetup --type luks2 luksFormat /dev/xxx
+++ /dev/null
-/*
- * Example of LUKS2 kesylot handler (EXAMPLE)
- *
- * Copyright (C) 2016-2021 Milan Broz <gmazyland@gmail.com>
- *
- * Use:
- * - generate LUKS device
- * - store passphrase used in previous step remotely (single line w/o \r\n)
- * - add new token using this example
- * - activate device by token
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <json-c/json.h>
-#include <libssh/libssh.h>
-#include <libssh/sftp.h>
-#include "libcryptsetup.h"
-
-#define TOKEN_NUM 0
-
-#define PASSWORD_LENGTH 8192
-
-typedef int (*password_cb_func) (char **password);
-
-static json_object *get_token_jobj(struct crypt_device *cd, int token)
-{
- const char *json_slot;
-
- /* libcryptsetup API call */
- if (crypt_token_json_get(cd, token, &json_slot))
- return NULL;
-
- return json_tokener_parse(json_slot);
-}
-
-static int download_remote_password(struct crypt_device *cd, ssh_session ssh,
- const char *path, char **password,
- size_t *password_len)
-{
- char *pass;
- size_t pass_len;
- int r;
- sftp_attributes sftp_attr = NULL;
- sftp_session sftp = NULL;
- sftp_file file = NULL;
-
-
- sftp = sftp_new(ssh);
- if (!sftp) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- r = sftp_init(sftp);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot init sftp session: ");
- goto out;
- }
-
- file = sftp_open(sftp, path, O_RDONLY, 0);
- if (!file) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- sftp_attr = sftp_fstat(file);
- if (!sftp_attr) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot stat sftp file: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- pass_len = sftp_attr->size > PASSWORD_LENGTH ? PASSWORD_LENGTH : sftp_attr->size;
- pass = malloc(pass_len);
- if (!pass) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Not enough memory.\n");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- r = sftp_read(file, pass, pass_len);
- if (r < 0 || (size_t)r != pass_len) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot read remote key: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- *password = pass;
- *password_len = pass_len;
-
- r = SSH_OK;
-out:
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
- crypt_log(cd, CRYPT_LOG_ERROR, "\n");
- free(pass);
- }
-
- if (sftp_attr)
- sftp_attributes_free(sftp_attr);
-
- if (file)
- sftp_close(file);
- if (sftp)
- sftp_free(sftp);
- return r == SSH_OK ? 0 : -EINVAL;
-}
-
-static ssh_session ssh_session_init(struct crypt_device *cd,
- const char *host,
- const char *user)
-{
- int r, port = 22;
- ssh_session ssh = ssh_new();
- if (!ssh)
- return NULL;
-
- ssh_options_set(ssh, SSH_OPTIONS_HOST, host);
- ssh_options_set(ssh, SSH_OPTIONS_USER, user);
- ssh_options_set(ssh, SSH_OPTIONS_PORT, &port);
-
- crypt_log(cd, CRYPT_LOG_NORMAL, "Initiating ssh session.\n");
-
- r = ssh_connect(ssh);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Connection failed: ");
- goto out;
- }
-
- r = ssh_is_server_known(ssh);
- if (r != SSH_SERVER_KNOWN_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Server not known: ");
- r = SSH_AUTH_ERROR;
- goto out;
- }
-
- r = SSH_OK;
-
- /* initialise list of authentication methods. yes, according to official libssh docs... */
- ssh_userauth_none(ssh, NULL);
-out:
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
- crypt_log(cd, CRYPT_LOG_ERROR, "\n");
- ssh_disconnect(ssh);
- ssh_free(ssh);
- ssh = NULL;
- }
-
- return ssh;
-}
-
-static void ssh_session_close(ssh_session ssh)
-{
- if (ssh) {
- ssh_disconnect(ssh);
- ssh_free(ssh);
- }
-}
-
-static int _public_key_auth(struct crypt_device *cd, ssh_session ssh)
-{
- int r;
- ssh_key pkey = NULL;
-
- crypt_log(cd, CRYPT_LOG_DEBUG, "Trying public key authentication method.\n");
-
- if (!(ssh_userauth_list(ssh, NULL) & SSH_AUTH_METHOD_PUBLICKEY)) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Public key auth method not allowed on host.\n");
- return SSH_AUTH_ERROR;
- }
-
- r = ssh_pki_import_privkey_file("/home/user/.ssh/id_rsa", NULL, NULL, NULL, &pkey);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Failed to import private key\n");
-
- return r;
- }
-
- r = ssh_userauth_try_publickey(ssh, NULL, pkey);
- if (r == SSH_AUTH_SUCCESS) {
- crypt_log(cd, CRYPT_LOG_DEBUG, "Public key method accepted.\n");
- r = ssh_userauth_publickey(ssh, NULL, pkey);
- }
-
- ssh_key_free(pkey);
-
- if (r != SSH_AUTH_SUCCESS) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Public key authentication error: ");
- crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
- crypt_log(cd, CRYPT_LOG_ERROR, "\n");
- }
-
- return r;
-}
-
-static int _password_auth(struct crypt_device *cd, ssh_session ssh, password_cb_func pcb)
-{
- int r = SSH_AUTH_ERROR;
- char *ssh_password = NULL;
-
- if (!(ssh_userauth_list(ssh, NULL) & SSH_AUTH_METHOD_PASSWORD)) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Password auth method not allowed on host.\n");
- return r;
- }
-
- if (pcb(&ssh_password)) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Failed to process password.\n");
- return r;
- }
-
- r = ssh_userauth_password(ssh, NULL, ssh_password);
-
- free(ssh_password);
-
- if (r != SSH_AUTH_SUCCESS) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Password authentication error: ");
- crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
- crypt_log(cd, CRYPT_LOG_ERROR, "\n");
- }
-
- return r;
-}
-
-static int SSHTEST_token_open(struct crypt_device *cd,
- int token,
- char **password,
- size_t *password_len,
- void *usrptr)
-{
- int r;
- json_object *jobj_server, *jobj_user, *jobj_path, *jobj_token;
- ssh_session ssh;
- password_cb_func pcb = usrptr; /* custom password callback */
-
- jobj_token = get_token_jobj(cd, token);
- json_object_object_get_ex(jobj_token, "ssh_server", &jobj_server);
- json_object_object_get_ex(jobj_token, "ssh_user", &jobj_user);
- json_object_object_get_ex(jobj_token, "ssh_path", &jobj_path);
-
- ssh = ssh_session_init(cd, json_object_get_string(jobj_server),
- json_object_get_string(jobj_user));
- if (!ssh)
- return -EINVAL;
-
- r = _public_key_auth(cd, ssh);
-
- /* try password method fallback. superficial example use case for an usrptr */
- if (r != SSH_AUTH_SUCCESS && pcb) {
- crypt_log(cd, CRYPT_LOG_DEBUG, "Trying password method instead.\n");
- r = _password_auth(cd, ssh, pcb);
- }
-
- if (r == SSH_AUTH_SUCCESS)
- r = download_remote_password(cd, ssh, json_object_get_string(jobj_path),
- password, password_len);
-
- ssh_session_close(ssh);
-
- return r ? -EINVAL : r;
-}
-
-const crypt_token_handler SSHTEST_token = {
- .name = "sshkeytest",
- .open = SSHTEST_token_open,
-};
-
-static int token_add(const char *device, const char *server,
- const char *user, const char *path)
-{
- struct crypt_device *cd = NULL;
- json_object *jobj = NULL, *jobj_keyslots;
- int r;
-
- r = crypt_token_register(&SSHTEST_token);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_init(&cd, device);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_load(cd, CRYPT_LUKS2, NULL);
- if (r < 0) {
- crypt_free(cd);
- return EXIT_FAILURE;
- }
-
- jobj = json_object_new_object();
- json_object_object_add(jobj, "type", json_object_new_string(SSHTEST_token.name)); /* mandatory */
-
- jobj_keyslots = json_object_new_array();
- json_object_array_add(jobj_keyslots, json_object_new_string("0")); /* assign to first keyslot only */
- json_object_object_add(jobj, "keyslots", jobj_keyslots); /* mandatory array field (may be empty and assigned later */
-
- /* custom metadata */
- json_object_object_add(jobj, "ssh_server", json_object_new_string(server));
- json_object_object_add(jobj, "ssh_user", json_object_new_string(user));
- json_object_object_add(jobj, "ssh_path", json_object_new_string(path));
-
- /* libcryptsetup API call */
- r = crypt_token_json_set(cd, TOKEN_NUM, json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PLAIN));
-
- crypt_free(cd);
- json_object_put(jobj);
-
- return EXIT_SUCCESS;
-}
-
-
-/* naive implementation of password prompt. Yes it will print out the password on input :) */
-static int ssh_password_callback(char **ssh_password)
-{
- ssize_t i;
- char *pass = malloc(512);
-
- if (!pass)
- return -ENOMEM;
-
- fprintf(stdout, "Host asks for password:\n");
-
- i = read(STDIN_FILENO, pass, 512);
- if (i > 0) {
- pass[i-1] = '\0';
- i = 0;
- } else if (i == 0) { /* EOF */
- *pass = '\0';
- i = -1;
- }
-
- if (!i)
- *ssh_password = pass;
- else
- free(pass);
-
- return i;
-}
-
-static int open_by_token(const char *device, const char *name)
-{
- struct crypt_device *cd = NULL;
- int r;
-
- r = crypt_token_register(&SSHTEST_token);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_init(&cd, device);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_load(cd, CRYPT_LUKS2, NULL);
- if (r < 0) {
- crypt_free(cd);
- return EXIT_FAILURE;
- }
-
- r = crypt_activate_by_token(cd, name, TOKEN_NUM, ssh_password_callback, 0);
-
- crypt_free(cd);
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
-
-static void keyslot_help(void)
-{
- printf("Use parameters:\n add device server user path\n"
- " open device name\n");
- exit(1);
-}
-
-int main(int argc, char *argv[])
-{
- crypt_set_debug_level(CRYPT_LOG_DEBUG);
-
- /* Adding slot to device */
- if (argc == 6 && !strcmp("add", argv[1]))
- return token_add(argv[2], argv[3], argv[4], argv[5]);
-
- /* Key check without activation */
- if (argc == 3 && !strcmp("open", argv[1]))
- return open_by_token(argv[2], NULL);
-
- /* Key check with activation (requires root) */
- if (argc == 4 && !strcmp("open", argv[1]))
- return open_by_token(argv[2], argv[3]);
-
- keyslot_help();
- return 1;
-}
+++ /dev/null
-/*
- * Example of LUKS2 token storing third party metadata (EXAMPLE)
- *
- * Copyright (C) 2016-2021 Milan Broz <gmazyland@gmail.com>
- *
- * Use:
- * - generate LUKS device
- * - store passphrase used in previous step remotely (single line w/o \n\r)
- * - add new token using this example
- * - activate device with passphrase recovered remotely using the example
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <json-c/json.h>
-#include <libssh/libssh.h>
-#include <libssh/sftp.h>
-#include "libcryptsetup.h"
-
-#define TOKEN_NUM 0
-#define TOKEN_TYPE "sshkeytest"
-
-#define PASSWORD_LENGTH 8192
-
-static json_object *get_token_jobj(struct crypt_device *cd, int token)
-{
- const char *json_slot;
-
- if (crypt_token_json_get(cd, token, &json_slot))
- return NULL;
-
- return json_tokener_parse(json_slot);
-}
-
-static int read_remote_passphrase(struct crypt_device *cd, const char *host,
- const char *user, const char *path,
- char *password, size_t password_size)
-{
- ssh_session ssh = NULL;
- sftp_session sftp = NULL;
- sftp_file file = NULL;
- ssh_key pkey = NULL;
-
- int r, port = 22;
-
- ssh = ssh_new();
- if (!ssh)
- return -EINVAL;
-
- ssh_options_set(ssh, SSH_OPTIONS_HOST, host);
- ssh_options_set(ssh, SSH_OPTIONS_USER, user);
- ssh_options_set(ssh, SSH_OPTIONS_PORT, &port);
-
- r = ssh_connect(ssh);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Connection failed: ");
- goto out;
- }
-
- r = ssh_is_server_known(ssh);
- if (r != SSH_SERVER_KNOWN_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Server not known: ");
- r = SSH_AUTH_ERROR;
- goto out;
- }
-
- r = ssh_pki_import_privkey_file("/home/user/.ssh/id_rsa", NULL, NULL, NULL, &pkey);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "error\n");
- r = SSH_AUTH_ERROR;
- goto out;
- }
-
- r = ssh_userauth_publickey(ssh, user, pkey);
- /* or r = ssh_userauth_publickey_auto(ssh, user, NULL); */
- if (r != SSH_AUTH_SUCCESS) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Public key authentication error: ");
- goto out;
- }
-
- sftp = sftp_new(ssh);
- if (!sftp) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- r = sftp_init(sftp);
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot init sftp session: ");
- goto out;
- }
-
- file = sftp_open(sftp, path, O_RDONLY, 0);
- if (!file) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot create sftp session: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- r = sftp_read(file, password, password_size);
- if (r < 1 || (size_t)r >= password_size) {
- crypt_log(cd, CRYPT_LOG_ERROR, "Cannot read remote password: ");
- r = SSH_FX_FAILURE;
- goto out;
- }
-
- r = SSH_OK;
-out:
- if (r != SSH_OK) {
- crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
- crypt_log(cd, CRYPT_LOG_ERROR, "\n");
- }
-
- if (pkey)
- ssh_key_free(pkey);
-
- if (file)
- sftp_close(file);
- if (sftp)
- sftp_free(sftp);
- ssh_disconnect(ssh);
- ssh_free(ssh);
- return r == SSH_OK ? 0 : -EINVAL;
-}
-
-static int token_add(const char *device, const char *server,
- const char *user, const char *path)
-{
- struct crypt_device *cd = NULL;
- json_object *jobj = NULL, *jobj_keyslots;
- int r;
-
- r = crypt_init(&cd, device);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_load(cd, CRYPT_LUKS2, NULL);
- if (r < 0) {
- crypt_free(cd);
- return EXIT_FAILURE;
- }
-
- jobj = json_object_new_object();
-
- /* 'type' is mandatory field */
- json_object_object_add(jobj, "type", json_object_new_string(TOKEN_TYPE));
-
- /* 'keyslots' is mandatory field (may be empty) */
- jobj_keyslots = json_object_new_array();
- json_object_array_add(jobj_keyslots, json_object_new_string("0"));
- json_object_array_add(jobj_keyslots, json_object_new_string("1"));
- json_object_object_add(jobj, "keyslots", jobj_keyslots);
-
- /* third party values */
- json_object_object_add(jobj, "ssh_server", json_object_new_string(server));
- json_object_object_add(jobj, "ssh_user", json_object_new_string(user));
- json_object_object_add(jobj, "ssh_path", json_object_new_string(path));
-
- r = crypt_token_json_set(cd, TOKEN_NUM, json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PLAIN));
-
- crypt_free(cd);
- json_object_put(jobj);
-
- return EXIT_SUCCESS;
-}
-
-static int download_remote_password(struct crypt_device *cd, char *password, size_t password_len)
-{
- json_object *jobj_server, *jobj_user, *jobj_path, *jobj_keyslot;
-
- /* get token json object representation as string */
- jobj_keyslot = get_token_jobj(cd, TOKEN_NUM);
- if (!jobj_keyslot)
- return -EINVAL;
-
-
- /* extract third party metadata necessary to extract passphrase remotely */
- json_object_object_get_ex(jobj_keyslot, "ssh_server", &jobj_server);
- json_object_object_get_ex(jobj_keyslot, "ssh_user", &jobj_user);
- json_object_object_get_ex(jobj_keyslot, "ssh_path", &jobj_path);
-
- return read_remote_passphrase(cd, json_object_get_string(jobj_server),
- json_object_get_string(jobj_user),
- json_object_get_string(jobj_path),
- password, password_len);
-}
-
-static int open_by_remote_password(const char *device, const char *name)
-{
- char password[PASSWORD_LENGTH+1];
- struct crypt_device *cd = NULL;
- int r;
-
- r = crypt_init(&cd, device);
- if (r < 0)
- return EXIT_FAILURE;
-
- r = crypt_load(cd, CRYPT_LUKS2, NULL);
- if (r < 0) {
- crypt_free(cd);
- return EXIT_FAILURE;
- }
-
- /* custom routines to acquire password */
- r = download_remote_password(cd, password, sizeof(password));
- if (r < 0) {
- crypt_free(cd);
- return EXIT_FAILURE;
- }
-
- password[PASSWORD_LENGTH] = '\0';
-
- /* open first genuine LUKS2 keyslot available provided the password matches */
- /* for the sake of simplicity password is a string */
- r = crypt_activate_by_passphrase(cd, name, CRYPT_ANY_SLOT, password, strlen(password), 0);
-
- crypt_free(cd);
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
-}
-
-static void keyslot_help(void)
-{
- printf("Use parameters:\n add device server user path\n"
- " open device name\n");
- exit(1);
-}
-
-int main(int argc, char *argv[])
-{
- crypt_set_debug_level(CRYPT_LOG_DEBUG);
-
- /* Adding slot to device */
- if (argc == 6 && !strcmp("add", argv[1]))
- return token_add(argv[2], argv[3], argv[4], argv[5]);
-
- /* Password check without activation */
- if (argc == 3 && !strcmp("open", argv[1]))
- return open_by_remote_password(argv[2], NULL);
-
- /* Password check with activation (requires root) */
- if (argc == 4 && !strcmp("open", argv[1]))
- return open_by_remote_password(argv[2], argv[3]);
-
- keyslot_help();
- return 1;
-}
+++ /dev/null
-#! /bin/sh
-# Common wrapper for a few potentially missing GNU programs.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-if test $# -eq 0; then
- echo 1>&2 "Try '$0 --help' for more information"
- exit 1
-fi
-
-case $1 in
-
- --is-lightweight)
- # Used by our autoconf macros to check whether the available missing
- # script is modern enough.
- exit 0
- ;;
-
- --run)
- # Back-compat with the calling convention used by older automake.
- shift
- ;;
-
- -h|--h|--he|--hel|--help)
- echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
-to PROGRAM being missing or too old.
-
-Options:
- -h, --help display this help and exit
- -v, --version output version information and exit
-
-Supported PROGRAM values:
- aclocal autoconf autoheader autom4te automake makeinfo
- bison yacc flex lex help2man
-
-Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
-'g' are ignored when checking the name.
-
-Send bug reports to <bug-automake@gnu.org>."
- exit $?
- ;;
-
- -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
- echo "missing $scriptversion (GNU Automake)"
- exit $?
- ;;
-
- -*)
- echo 1>&2 "$0: unknown '$1' option"
- echo 1>&2 "Try '$0 --help' for more information"
- exit 1
- ;;
-
-esac
-
-# Run the given program, remember its exit status.
-"$@"; st=$?
-
-# If it succeeded, we are done.
-test $st -eq 0 && exit 0
-
-# Also exit now if we it failed (or wasn't found), and '--version' was
-# passed; such an option is passed most likely to detect whether the
-# program is present and works.
-case $2 in --version|--help) exit $st;; esac
-
-# Exit code 63 means version mismatch. This often happens when the user
-# tries to use an ancient version of a tool on a file that requires a
-# minimum version.
-if test $st -eq 63; then
- msg="probably too old"
-elif test $st -eq 127; then
- # Program was missing.
- msg="missing on your system"
-else
- # Program was found and executed, but failed. Give up.
- exit $st
-fi
-
-perl_URL=https://www.perl.org/
-flex_URL=https://github.com/westes/flex
-gnu_software_URL=https://www.gnu.org/software
-
-program_details ()
-{
- case $1 in
- aclocal|automake)
- echo "The '$1' program is part of the GNU Automake package:"
- echo "<$gnu_software_URL/automake>"
- echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
- echo "<$gnu_software_URL/autoconf>"
- echo "<$gnu_software_URL/m4/>"
- echo "<$perl_URL>"
- ;;
- autoconf|autom4te|autoheader)
- echo "The '$1' program is part of the GNU Autoconf package:"
- echo "<$gnu_software_URL/autoconf/>"
- echo "It also requires GNU m4 and Perl in order to run:"
- echo "<$gnu_software_URL/m4/>"
- echo "<$perl_URL>"
- ;;
- esac
-}
-
-give_advice ()
-{
- # Normalize program name to check for.
- normalized_program=`echo "$1" | sed '
- s/^gnu-//; t
- s/^gnu//; t
- s/^g//; t'`
-
- printf '%s\n' "'$1' is $msg."
-
- configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
- case $normalized_program in
- autoconf*)
- echo "You should only need it if you modified 'configure.ac',"
- echo "or m4 files included by it."
- program_details 'autoconf'
- ;;
- autoheader*)
- echo "You should only need it if you modified 'acconfig.h' or"
- echo "$configure_deps."
- program_details 'autoheader'
- ;;
- automake*)
- echo "You should only need it if you modified 'Makefile.am' or"
- echo "$configure_deps."
- program_details 'automake'
- ;;
- aclocal*)
- echo "You should only need it if you modified 'acinclude.m4' or"
- echo "$configure_deps."
- program_details 'aclocal'
- ;;
- autom4te*)
- echo "You might have modified some maintainer files that require"
- echo "the 'autom4te' program to be rebuilt."
- program_details 'autom4te'
- ;;
- bison*|yacc*)
- echo "You should only need it if you modified a '.y' file."
- echo "You may want to install the GNU Bison package:"
- echo "<$gnu_software_URL/bison/>"
- ;;
- lex*|flex*)
- echo "You should only need it if you modified a '.l' file."
- echo "You may want to install the Fast Lexical Analyzer package:"
- echo "<$flex_URL>"
- ;;
- help2man*)
- echo "You should only need it if you modified a dependency" \
- "of a man page."
- echo "You may want to install the GNU Help2man package:"
- echo "<$gnu_software_URL/help2man/>"
- ;;
- makeinfo*)
- echo "You should only need it if you modified a '.texi' file, or"
- echo "any other file indirectly affecting the aspect of the manual."
- echo "You might want to install the Texinfo package:"
- echo "<$gnu_software_URL/texinfo/>"
- echo "The spurious makeinfo call might also be the consequence of"
- echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
- echo "want to install GNU make:"
- echo "<$gnu_software_URL/make/>"
- ;;
- *)
- echo "You might have modified some files without having the proper"
- echo "tools for further handling them. Check the 'README' file, it"
- echo "often tells you about the needed prerequisites for installing"
- echo "this package. You may also peek at any GNU archive site, in"
- echo "case some other package contains this missing '$1' program."
- ;;
- esac
-}
-
-give_advice "$1" | sed -e '1s/^/WARNING: /' \
- -e '2,$s/^/ /' >&2
-
-# Propagate the correct exit status (expected to be 127 for a program
-# not found, 63 for a program that failed due to version mismatch).
-exit $st
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
id
it
ja
+ka
nl
pl
pt_BR
+ro
ru
sr
sv
+++ /dev/null
-# Makefile for PO directory in any package using GNU gettext.
-# Copyright (C) 1995-1997, 2000-2007, 2009-2010 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
-#
-# This file can be copied and used freely without restrictions. It can
-# be used in projects which are not available under the GNU General Public
-# License but which still want to provide support for the GNU gettext
-# functionality.
-# Please note that the actual code of GNU gettext is covered by the GNU
-# General Public License and is *not* in the public domain.
-#
-# Origin: gettext-0.18.3
-GETTEXT_MACRO_VERSION = 0.18
-
-PACKAGE = @PACKAGE@
-VERSION = @VERSION@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-
-SED = @SED@
-SHELL = /bin/sh
-@SET_MAKE@
-
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
-VPATH = @srcdir@
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localedir = @localedir@
-gettextsrcdir = $(datadir)/gettext/po
-
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-
-# We use $(mkdir_p).
-# In automake <= 1.9.x, $(mkdir_p) is defined either as "mkdir -p --" or as
-# "$(mkinstalldirs)" or as "$(install_sh) -d". For these automake versions,
-# @install_sh@ does not start with $(SHELL), so we add it.
-# In automake >= 1.10, @mkdir_p@ is derived from ${MKDIR_P}, which is defined
-# either as "/path/to/mkdir -p" or ".../install-sh -c -d". For these automake
-# versions, $(mkinstalldirs) and $(install_sh) are unused.
-mkinstalldirs = $(SHELL) @install_sh@ -d
-install_sh = $(SHELL) @install_sh@
-MKDIR_P = @MKDIR_P@
-mkdir_p = @mkdir_p@
-
-GMSGFMT_ = @GMSGFMT@
-GMSGFMT_no = @GMSGFMT@
-GMSGFMT_yes = @GMSGFMT_015@
-GMSGFMT = $(GMSGFMT_$(USE_MSGCTXT))
-MSGFMT_ = @MSGFMT@
-MSGFMT_no = @MSGFMT@
-MSGFMT_yes = @MSGFMT_015@
-MSGFMT = $(MSGFMT_$(USE_MSGCTXT))
-XGETTEXT_ = @XGETTEXT@
-XGETTEXT_no = @XGETTEXT@
-XGETTEXT_yes = @XGETTEXT_015@
-XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT))
-MSGMERGE = msgmerge
-MSGMERGE_UPDATE = @MSGMERGE@ --update
-MSGINIT = msginit
-MSGCONV = msgconv
-MSGFILTER = msgfilter
-
-POFILES = @POFILES@
-GMOFILES = @GMOFILES@
-UPDATEPOFILES = @UPDATEPOFILES@
-DUMMYPOFILES = @DUMMYPOFILES@
-DISTFILES.common = Makefile.in.in remove-potcdate.sin \
-$(DISTFILES.common.extra1) $(DISTFILES.common.extra2) $(DISTFILES.common.extra3)
-DISTFILES = $(DISTFILES.common) Makevars POTFILES.in \
-$(POFILES) $(GMOFILES) \
-$(DISTFILES.extra1) $(DISTFILES.extra2) $(DISTFILES.extra3)
-
-POTFILES = \
-
-CATALOGS = @CATALOGS@
-
-# Makevars gets inserted here. (Don't remove this line!)
-
-.SUFFIXES:
-.SUFFIXES: .po .gmo .mo .sed .sin .nop .po-create .po-update
-
-.po.mo:
- @echo "$(MSGFMT) -c -o $@ $<"; \
- $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@
-
-.po.gmo:
- @lang=`echo $* | sed -e 's,.*/,,'`; \
- test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
- echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \
- cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
-
-.sin.sed:
- sed -e '/^#/d' $< > t-$@
- mv t-$@ $@
-
-
-all: all-@USE_NLS@
-
-all-yes: stamp-po
-all-no:
-
-# Ensure that the gettext macros and this Makefile.in.in are in sync.
-CHECK_MACRO_VERSION = \
- test "$(GETTEXT_MACRO_VERSION)" = "@GETTEXT_MACRO_VERSION@" \
- || { echo "*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version $(GETTEXT_MACRO_VERSION) but the autoconf macros are from gettext version @GETTEXT_MACRO_VERSION@" 1>&2; \
- exit 1; \
- }
-
-# $(srcdir)/$(DOMAIN).pot is only created when needed. When xgettext finds no
-# internationalized messages, no $(srcdir)/$(DOMAIN).pot is created (because
-# we don't want to bother translators with empty POT files). We assume that
-# LINGUAS is empty in this case, i.e. $(POFILES) and $(GMOFILES) are empty.
-# In this case, stamp-po is a nop (i.e. a phony target).
-
-# stamp-po is a timestamp denoting the last time at which the CATALOGS have
-# been loosely updated. Its purpose is that when a developer or translator
-# checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS,
-# "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent
-# invocations of "make" will do nothing. This timestamp would not be necessary
-# if updating the $(CATALOGS) would always touch them; however, the rule for
-# $(POFILES) has been designed to not touch files that don't need to be
-# changed.
-stamp-po: $(srcdir)/$(DOMAIN).pot
- @$(CHECK_MACRO_VERSION)
- test ! -f $(srcdir)/$(DOMAIN).pot || \
- test -z "$(GMOFILES)" || $(MAKE) $(GMOFILES)
- @test ! -f $(srcdir)/$(DOMAIN).pot || { \
- echo "touch stamp-po" && \
- echo timestamp > stamp-poT && \
- mv stamp-poT stamp-po; \
- }
-
-# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update',
-# otherwise packages like GCC can not be built if only parts of the source
-# have been downloaded.
-
-# This target rebuilds $(DOMAIN).pot; it is an expensive operation.
-# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed.
-# The determination of whether the package xyz is a GNU one is based on the
-# heuristic whether some file in the top level directory mentions "GNU xyz".
-# If GNU 'find' is available, we avoid grepping through monster files.
-$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed
- if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \
- LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \
- else \
- LC_ALL=C grep 'GNU @PACKAGE@' $(top_srcdir)/* 2>/dev/null; \
- fi; \
- } | grep -v 'libtool:' >/dev/null; then \
- package_gnu='GNU '; \
- else \
- package_gnu=''; \
- fi; \
- if test -n '$(MSGID_BUGS_ADDRESS)' || test '$(PACKAGE_BUGREPORT)' = '@'PACKAGE_BUGREPORT'@'; then \
- msgid_bugs_address='$(MSGID_BUGS_ADDRESS)'; \
- else \
- msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \
- fi; \
- case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \
- $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
- --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
- --files-from=$(srcdir)/POTFILES.in \
- --copyright-holder='$(COPYRIGHT_HOLDER)' \
- --msgid-bugs-address="$$msgid_bugs_address" \
- ;; \
- *) \
- $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
- --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
- --files-from=$(srcdir)/POTFILES.in \
- --copyright-holder='$(COPYRIGHT_HOLDER)' \
- --package-name="$${package_gnu}@PACKAGE@" \
- --package-version='@VERSION@' \
- --msgid-bugs-address="$$msgid_bugs_address" \
- ;; \
- esac
- test ! -f $(DOMAIN).po || { \
- if test -f $(srcdir)/$(DOMAIN).pot; then \
- sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
- sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
- if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \
- rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \
- else \
- rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \
- mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
- fi; \
- else \
- mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
- fi; \
- }
-
-# This rule has no dependencies: we don't need to update $(DOMAIN).pot at
-# every "make" invocation, only create it when it is missing.
-# Only "make $(DOMAIN).pot-update" or "make dist" will force an update.
-$(srcdir)/$(DOMAIN).pot:
- $(MAKE) $(DOMAIN).pot-update
-
-# This target rebuilds a PO file if $(DOMAIN).pot has changed.
-# Note that a PO file is not touched if it doesn't need to be changed.
-$(POFILES): $(srcdir)/$(DOMAIN).pot
- @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \
- if test -f "$(srcdir)/$${lang}.po"; then \
- test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
- echo "$${cdcmd}$(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) --lang=$${lang} $${lang}.po $(DOMAIN).pot"; \
- cd $(srcdir) \
- && { case `$(MSGMERGE_UPDATE) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-7] | 0.1[0-7].*) \
- $(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) $${lang}.po $(DOMAIN).pot;; \
- *) \
- $(MSGMERGE_UPDATE) $(MSGMERGE_OPTIONS) --lang=$${lang} $${lang}.po $(DOMAIN).pot;; \
- esac; \
- }; \
- else \
- $(MAKE) $${lang}.po-create; \
- fi
-
-
-install: install-exec install-data
-install-exec:
-install-data: install-data-@USE_NLS@
- if test "$(PACKAGE)" = "gettext-tools"; then \
- $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
- for file in $(DISTFILES.common) Makevars.template; do \
- $(INSTALL_DATA) $(srcdir)/$$file \
- $(DESTDIR)$(gettextsrcdir)/$$file; \
- done; \
- for file in Makevars; do \
- rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
- done; \
- else \
- : ; \
- fi
-install-data-no: all
-install-data-yes: all
- @catalogs='$(CATALOGS)'; \
- for cat in $$catalogs; do \
- cat=`basename $$cat`; \
- lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
- dir=$(localedir)/$$lang/LC_MESSAGES; \
- $(mkdir_p) $(DESTDIR)$$dir; \
- if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \
- $(INSTALL_DATA) $$realcat $(DESTDIR)$$dir/$(DOMAIN).mo; \
- echo "installing $$realcat as $(DESTDIR)$$dir/$(DOMAIN).mo"; \
- for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
- if test -n "$$lc"; then \
- if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
- link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
- mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
- mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
- (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
- for file in *; do \
- if test -f $$file; then \
- ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
- fi; \
- done); \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
- else \
- if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
- :; \
- else \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
- mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
- fi; \
- fi; \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
- ln -s ../LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
- ln $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
- cp -p $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
- echo "installing $$realcat link as $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo"; \
- fi; \
- done; \
- done
-
-install-strip: install
-
-installdirs: installdirs-exec installdirs-data
-installdirs-exec:
-installdirs-data: installdirs-data-@USE_NLS@
- if test "$(PACKAGE)" = "gettext-tools"; then \
- $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
- else \
- : ; \
- fi
-installdirs-data-no:
-installdirs-data-yes:
- @catalogs='$(CATALOGS)'; \
- for cat in $$catalogs; do \
- cat=`basename $$cat`; \
- lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
- dir=$(localedir)/$$lang/LC_MESSAGES; \
- $(mkdir_p) $(DESTDIR)$$dir; \
- for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
- if test -n "$$lc"; then \
- if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
- link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
- mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
- mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
- (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
- for file in *; do \
- if test -f $$file; then \
- ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
- fi; \
- done); \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
- else \
- if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
- :; \
- else \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
- mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
- fi; \
- fi; \
- fi; \
- done; \
- done
-
-# Define this as empty until I found a useful application.
-installcheck:
-
-uninstall: uninstall-exec uninstall-data
-uninstall-exec:
-uninstall-data: uninstall-data-@USE_NLS@
- if test "$(PACKAGE)" = "gettext-tools"; then \
- for file in $(DISTFILES.common) Makevars.template; do \
- rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
- done; \
- else \
- : ; \
- fi
-uninstall-data-no:
-uninstall-data-yes:
- catalogs='$(CATALOGS)'; \
- for cat in $$catalogs; do \
- cat=`basename $$cat`; \
- lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
- for lc in LC_MESSAGES $(EXTRA_LOCALE_CATEGORIES); do \
- rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
- done; \
- done
-
-check: all
-
-info dvi ps pdf html tags TAGS ctags CTAGS ID:
-
-mostlyclean:
- rm -f remove-potcdate.sed
- rm -f stamp-poT
- rm -f core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po
- rm -fr *.o
-
-clean: mostlyclean
-
-distclean: clean
- rm -f Makefile Makefile.in POTFILES *.mo
-
-maintainer-clean: distclean
- @echo "This command is intended for maintainers to use;"
- @echo "it deletes files that may require special tools to rebuild."
- rm -f stamp-po $(GMOFILES)
-
-distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
-dist distdir:
- $(MAKE) update-po
- @$(MAKE) dist2
-# This is a separate target because 'update-po' must be executed before.
-dist2: stamp-po $(DISTFILES)
- dists="$(DISTFILES)"; \
- if test "$(PACKAGE)" = "gettext-tools"; then \
- dists="$$dists Makevars.template"; \
- fi; \
- if test -f $(srcdir)/$(DOMAIN).pot; then \
- dists="$$dists $(DOMAIN).pot stamp-po"; \
- fi; \
- if test -f $(srcdir)/ChangeLog; then \
- dists="$$dists ChangeLog"; \
- fi; \
- for i in 0 1 2 3 4 5 6 7 8 9; do \
- if test -f $(srcdir)/ChangeLog.$$i; then \
- dists="$$dists ChangeLog.$$i"; \
- fi; \
- done; \
- if test -f $(srcdir)/LINGUAS; then dists="$$dists LINGUAS"; fi; \
- for file in $$dists; do \
- if test -f $$file; then \
- cp -p $$file $(distdir) || exit 1; \
- else \
- cp -p $(srcdir)/$$file $(distdir) || exit 1; \
- fi; \
- done
-
-update-po: Makefile
- $(MAKE) $(DOMAIN).pot-update
- test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES)
- $(MAKE) update-gmo
-
-# General rule for creating PO files.
-
-.nop.po-create:
- @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \
- echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \
- exit 1
-
-# General rule for updating PO files.
-
-.nop.po-update:
- @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \
- if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; fi; \
- tmpdir=`pwd`; \
- echo "$$lang:"; \
- test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
- echo "$${cdcmd}$(MSGMERGE) $(MSGMERGE_OPTIONS) --lang=$$lang $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \
- cd $(srcdir); \
- if { case `$(MSGMERGE) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
- '' | 0.[0-9] | 0.[0-9].* | 0.1[0-7] | 0.1[0-7].*) \
- $(MSGMERGE) $(MSGMERGE_OPTIONS) -o $$tmpdir/$$lang.new.po $$lang.po $(DOMAIN).pot;; \
- *) \
- $(MSGMERGE) $(MSGMERGE_OPTIONS) --lang=$$lang -o $$tmpdir/$$lang.new.po $$lang.po $(DOMAIN).pot;; \
- esac; \
- }; then \
- if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
- rm -f $$tmpdir/$$lang.new.po; \
- else \
- if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
- :; \
- else \
- echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
- exit 1; \
- fi; \
- fi; \
- else \
- echo "msgmerge for $$lang.po failed!" 1>&2; \
- rm -f $$tmpdir/$$lang.new.po; \
- fi
-
-$(DUMMYPOFILES):
-
-update-gmo: Makefile $(GMOFILES)
- @:
-
-# Recreate Makefile by invoking config.status. Explicitly invoke the shell,
-# because execution permission bits may not work on the current file system.
-# Use @SHELL@, which is the shell determined by autoconf for the use by its
-# scripts, not $(SHELL) which is hardwired to /bin/sh and may be deficient.
-Makefile: Makefile.in.in Makevars $(top_builddir)/config.status @POMAKEFILEDEPS@
- cd $(top_builddir) \
- && @SHELL@ ./config.status $(subdir)/$@.in po-directories
-
-force:
-
-# Tell versions [3.59,3.63) of GNU make not to export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
# It can be your email address, or a mailing list address where translators
# can write to without being subscribed, or the URL of a web page through
# which the translators can contact you.
-MSGID_BUGS_ADDRESS = dm-crypt@saout.de
+MSGID_BUGS_ADDRESS = cryptsetup@lists.linux.dev
# This is the list of locale categories, beyond LC_MESSAGES, for which the
# message catalogs shall be used. It is usually empty.
lib/crypt_plain.c
lib/utils_crypt.c
lib/utils_loop.c
-lib/utils_fips.c
lib/utils_device.c
lib/utils_devpath.c
lib/utils_pbkdf.c
lib/loopaes/loopaes.c
lib/tcrypt/tcrypt.c
lib/bitlk/bitlk.c
+lib/fvault2/fvault2.c
lib/verity/verity.c
lib/verity/verity_hash.c
lib/verity/verity_fec.c
src/cryptsetup.c
src/veritysetup.c
src/integritysetup.c
-src/cryptsetup_reencrypt.c
src/utils_tools.c
+src/utils_progress.c
src/utils_password.c
-src/utils_luks2.c
+src/utils_luks.c
+src/utils_reencrypt.c
+src/utils_reencrypt_luks1.c
src/utils_blockdev.c
+src/utils_args.c
+tokens/ssh/cryptsetup-ssh.c
+tokens/ssh/ssh-utils.c
+++ /dev/null
-# Special Makefile rules for English message catalogs with quotation marks.
-
-DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot
-
-.SUFFIXES: .insert-header .po-update-en
-
-en@quot.po-create:
- $(MAKE) en@quot.po-update
-en@boldquot.po-create:
- $(MAKE) en@boldquot.po-update
-
-en@quot.po-update: en@quot.po-update-en
-en@boldquot.po-update: en@boldquot.po-update-en
-
-.insert-header.po-update-en:
- @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \
- if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \
- tmpdir=`pwd`; \
- echo "$$lang:"; \
- ll=`echo $$lang | sed -e 's/@.*//'`; \
- LC_ALL=C; export LC_ALL; \
- cd $(srcdir); \
- if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$lang -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) $(SED) -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \
- if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
- rm -f $$tmpdir/$$lang.new.po; \
- else \
- if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
- :; \
- else \
- echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
- exit 1; \
- fi; \
- fi; \
- else \
- echo "creation of $$lang.po failed!" 1>&2; \
- rm -f $$tmpdir/$$lang.new.po; \
- fi
-
-en@quot.insert-header: insert-header.sin
- sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header
-
-en@boldquot.insert-header: insert-header.sin
- sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header
-
-mostlyclean: mostlyclean-quot
-mostlyclean-quot:
- rm -f *.insert-header
+++ /dev/null
-s/"\([^"]*\)"/“\1”/g
-s/`\([^`']*\)'/‘\1’/g
-s/ '\([^`']*\)' / ‘\1’ /g
-s/ '\([^`']*\)'$/ ‘\1’/g
-s/^'\([^`']*\)' /‘\1’ /g
-s/“”/""/g
-s/“/“\e[1m/g
-s/”/\e[0m”/g
-s/‘/‘\e[1m/g
-s/’/\e[0m’/g
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.7\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr ""
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr ""
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr ""
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr ""
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr ""
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr ""
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr ""
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr ""
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr ""
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr ""
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr ""
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr ""
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr ""
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr ""
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random "
"events.\n"
msgstr ""
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr ""
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr ""
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr ""
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr ""
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr ""
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr ""
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr ""
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr ""
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr ""
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr ""
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr ""
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr ""
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr ""
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr ""
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr ""
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr ""
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr ""
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr ""
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr ""
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr ""
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr ""
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr ""
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr ""
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr ""
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr ""
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr ""
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr ""
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr ""
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr ""
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr ""
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr ""
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr ""
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
+#, c-format
+msgid "Cannot wipe header on device %s."
msgstr ""
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1769 lib/setup.c:2036
#, c-format
-msgid "Cannot wipe header on device %s."
+msgid ""
+"Device %s is too small for activation, there is no remaining space for "
+"data.\n"
msgstr ""
-#: lib/setup.c:1744
+#: lib/setup.c:1840
msgid ""
"WARNING: The device activation will fail, dm-crypt is missing support for "
"requested encryption sector size.\n"
msgstr ""
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr ""
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr ""
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr ""
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr ""
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr ""
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr ""
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr ""
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr ""
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr ""
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr ""
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr ""
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr ""
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr ""
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr ""
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr ""
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr ""
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr ""
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr ""
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid ""
"WARNING: Requested tag size %d bytes differs from %s size output (%d "
"bytes).\n"
msgstr ""
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr ""
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr ""
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr ""
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr ""
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr ""
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr ""
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr ""
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr ""
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr ""
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr ""
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr ""
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr ""
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr ""
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr ""
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr ""
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr ""
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr ""
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr ""
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr ""
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr ""
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr ""
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr ""
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr ""
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr ""
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr ""
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr ""
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr ""
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr ""
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr ""
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr ""
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr ""
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr ""
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr ""
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr ""
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr ""
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr ""
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr ""
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr ""
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr ""
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr ""
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr ""
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr ""
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr ""
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr ""
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr ""
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr ""
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr ""
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr ""
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr ""
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr ""
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr ""
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr ""
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr ""
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr ""
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr ""
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr ""
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr ""
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr ""
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr ""
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr ""
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr ""
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr ""
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr ""
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr ""
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr ""
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr ""
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr ""
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr ""
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr ""
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr ""
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr ""
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr ""
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr ""
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr ""
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr ""
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr ""
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr ""
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr ""
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid ""
"Attaching loopback device failed (loop device with autoclear flag is "
"required)."
msgstr ""
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr ""
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr ""
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr ""
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr ""
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr ""
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr ""
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid ""
"Locking aborted. The locking path %s/%s is unusable (not a directory or "
"missing)."
msgstr ""
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid ""
-"Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid ""
"Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr ""
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr ""
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr ""
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr ""
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr ""
msgid "Failed to access temporary keystore device."
msgstr ""
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr ""
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr ""
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr ""
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr ""
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr ""
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr ""
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr ""
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr ""
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr ""
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr ""
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr ""
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr ""
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr ""
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr ""
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid ""
"does not contain LUKS header. Replacing header can destroy data on that "
"device."
msgstr ""
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid ""
"already contains LUKS header. Replacing header will destroy existing "
"keyslots."
msgstr ""
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgstr ""
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr ""
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr ""
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr ""
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr ""
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr ""
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr ""
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr ""
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr ""
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr ""
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr ""
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
+msgid "LUKS cipher mode %s is invalid."
+msgstr ""
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
msgstr ""
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr ""
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr ""
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr ""
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid ""
"Data offset for LUKS header must be either 0 or higher than header size."
msgstr ""
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr ""
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr ""
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr ""
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr ""
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr ""
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr ""
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr ""
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr ""
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr ""
msgid "Kernel does not support loop-AES compatible mapping."
msgstr ""
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr ""
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr ""
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr ""
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr ""
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr ""
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr ""
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr ""
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr ""
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr ""
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr ""
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid ""
"Unexpected metadata entry type '%u' found when parsing supported Volume "
"Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid ""
"Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid ""
"Unexpected metadata entry value '%u' found when parsing supported Volume "
"Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr ""
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr ""
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr ""
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr ""
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr ""
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr ""
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr ""
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr ""
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr ""
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr ""
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr ""
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr ""
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr ""
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr ""
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr ""
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid ""
+"WARNING: BitLocker volume size %<PRIu64> does not match the underlying "
+"device size %<PRIu64>"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1389
msgid ""
"Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr ""
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid ""
"Cannot activate device, kernel dm-crypt is missing support for BITLK "
"Elephant diffuser."
msgstr ""
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid ""
+"Cannot activate device, kernel dm-crypt is missing support for large sector "
+"size."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr ""
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
+msgid "Could not read %u bytes of volume header."
msgstr ""
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr ""
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
msgstr ""
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr ""
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr ""
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr ""
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr ""
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr ""
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr ""
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr ""
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr ""
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr ""
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr ""
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr ""
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr ""
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr ""
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr ""
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr ""
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr ""
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr ""
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr ""
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid ""
"WARNING: Kernel cannot activate device if data block size exceeds page size "
msgid "Failed to repair parity for block %<PRIu64>."
msgstr ""
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr ""
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr ""
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr ""
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr ""
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr ""
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr ""
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr ""
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr ""
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid ""
"Kernel refuses to activate insecure recalculate option (see legacy "
"activation options to override)."
msgstr ""
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr ""
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid ""
"Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr ""
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
msgstr ""
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr ""
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid ""
"WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 "
"keyslot count is very limited.\n"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid ""
"Binary header with keyslot areas size differ on device and backup, restore "
"failed."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid ""
"does not contain LUKS2 header. Replacing header can destroy data on that "
"device."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid ""
"already contains LUKS2 header. Replacing header will destroy existing "
"keyslots."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"Replacing header with backup may corrupt the data on that device!"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Replacing header with backup may corrupt data."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid ""
"Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid ""
"Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr ""
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr ""
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr ""
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr ""
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid ""
+"Can not update resilience type. New type only provides %<PRIu64> bytes, "
+"required space is: %<PRIu64> bytes."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid ""
"Cannot convert to LUKS1 format - default segment encryption sector size is "
"not 512 bytes."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid ""
"Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid ""
"Cannot convert to LUKS1 format - slot %u (over maximum slots) is still "
"active."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid ""
"Source and target device sizes don't match. Source %<PRIu64>, target: "
"%<PRIu64>."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
#, c-format
msgid ""
-"Data shift is not aligned to requested encryption sector size (%<PRIu32> "
-"bytes)."
+"Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
msgid ""
-"Data device is not aligned to requested encryption sector size (%<PRIu32> "
-"bytes)."
+"Moved segment too large. Requested size %<PRIu64>, available space for: "
+"%<PRIu64>."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3004
+#, c-format
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid ""
"Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> "
"sectors)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3388
+#: lib/luks2/luks2_reencrypt.c:4054
#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3398
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid ""
"Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> "
"sectors long."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr ""
-#: lib/luks2/luks2_reencrypt_digest.c:376
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
msgstr ""
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr ""
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr ""
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
+msgid "Enter token PIN: "
msgstr ""
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
msgstr ""
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr ""
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid ""
"WARNING: The --hash parameter is being ignored in plain mode with keyfile "
"specified.\n"
msgstr ""
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid ""
"WARNING: The --keyfile-size option is being ignored, the read size is the "
"same as the encryption key size.\n"
msgstr ""
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid ""
"Detected device signature(s) on %s. Proceeding further may damage existing "
"data."
msgstr ""
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr ""
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr ""
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr ""
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr ""
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr ""
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr ""
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr ""
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr ""
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid ""
+"Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr ""
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"This dump should be always stored encrypted on safe place."
msgstr ""
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr ""
+
+#: src/cryptsetup.c:747
+msgid ""
+"Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr ""
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr ""
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid ""
"Resize of active device requires volume key in keyring but --disable-keyring "
"option is set."
msgstr ""
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr ""
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr ""
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr ""
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr ""
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid ""
"%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit "
"key (requested %u ms time)\n"
msgstr ""
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr ""
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr ""
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr ""
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr ""
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr ""
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr ""
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the "
"reencryption operation is desirable (see luksDump output)\n"
"genuine."
msgstr ""
-#: src/cryptsetup.c:1140
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
msgstr ""
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr ""
-#: src/cryptsetup.c:1193
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
msgstr ""
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr ""
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr ""
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will "
"contain invalid checksum).\n"
msgstr ""
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr ""
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr ""
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr ""
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr ""
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr ""
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr ""
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr ""
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr ""
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr ""
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr ""
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid ""
+"LUKS file container %s is too small for activation, there is no remaining "
+"space for data."
+msgstr ""
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid ""
"Cannot determine volume key size for LUKS without keyslots, please use --key-"
"size option."
msgstr ""
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr ""
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr ""
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid ""
"This is the last keyslot. Device will become unusable after purging this key."
msgstr ""
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr ""
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr ""
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr ""
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr ""
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr ""
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr ""
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr ""
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr ""
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr ""
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr ""
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr ""
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
msgstr ""
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr ""
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr ""
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr ""
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr ""
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr ""
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr ""
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr ""
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Device will become unusable after this operation."
msgstr ""
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr ""
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr ""
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr ""
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr ""
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr ""
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr ""
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr ""
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr ""
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr ""
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr ""
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr ""
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr ""
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr ""
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr ""
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr ""
-
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Device %s is not a block device.\n"
+msgid "Token %d is not assigned to keyslot %d."
msgstr ""
-#: src/cryptsetup.c:2804
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Failed to auto-detect device %s holders."
+msgid "Failed to unassign token %d from keyslot %d."
msgstr ""
-#: src/cryptsetup.c:2806
-#, c-format
+#: src/cryptsetup.c:2983
msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
+"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only "
+"for TCRYPT device."
msgstr ""
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
+#: src/cryptsetup.c:2986
+msgid ""
+"Option --veracrypt or --disable-veracrypt is supported only for TCRYPT "
+"device type."
msgstr ""
-#: src/cryptsetup.c:2891
+#: src/cryptsetup.c:2989
msgid ""
-"Encryption without detached header (--header) is not possible without data "
-"device size reduction (--reduce-device-size)."
+"Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
msgstr ""
-#: src/cryptsetup.c:2896
+#: src/cryptsetup.c:2993
msgid ""
-"Requested data offset must be less than or equal to half of --reduce-device-"
-"size parameter."
+"Option --veracrypt-query-pim is supported only for VeraCrypt compatible "
+"devices."
msgstr ""
-#: src/cryptsetup.c:2905
-#, c-format
+#: src/cryptsetup.c:2995
msgid ""
-"Adjusting --reduce-device-size value to twice the --offset %<PRIu64> "
-"(sectors).\n"
+"The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
msgstr ""
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
msgstr ""
-#: src/cryptsetup.c:2932
-#, c-format
-msgid ""
-"Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
msgstr ""
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
msgstr ""
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
msgstr ""
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
+#: src/cryptsetup.c:3016
+msgid ""
+"Option --offset with open action is only supported for plain and loopaes "
+"devices."
msgstr ""
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
msgstr ""
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
+#: src/cryptsetup.c:3023
+msgid ""
+"Sector size option with open action is supported only for plain devices."
msgstr ""
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
+#: src/cryptsetup.c:3027
msgid ""
-"Key file can be used only with --key-slot or with exactly one key slot "
-"active."
+"Large IV sectors option is supported only for opening plain type device with "
+"sector size larger than 512 bytes."
msgstr ""
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
+#: src/cryptsetup.c:3032
+msgid ""
+"Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and "
+"FVAULT2 devices."
msgstr ""
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
msgstr ""
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
msgstr ""
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
msgstr ""
-#: src/cryptsetup.c:3441
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
msgid ""
-"Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt "
-"tool for LUKS1."
+"Options --cancel-deferred and --deferred cannot be used at the same time."
msgstr ""
-#: src/cryptsetup.c:3453
-msgid ""
-"Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt "
-"utility."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
msgstr ""
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
msgstr ""
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
msgstr ""
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr ""
+
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3091
+msgid ""
+"Option --integrity-no-wipe can be used only for format action with integrity "
+"extension."
+msgstr ""
+
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr ""
+
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr ""
+
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr ""
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr ""
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr ""
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr ""
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
msgstr ""
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:3156
msgid "<device> [--type <type>] [<name>]"
msgstr ""
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
msgid "open device as <name>"
msgstr ""
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
msgid "<name>"
msgstr ""
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr ""
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr ""
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr ""
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr ""
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr ""
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr ""
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr ""
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr ""
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr ""
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr ""
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr ""
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr ""
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr ""
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr ""
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr ""
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr ""
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr ""
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr ""
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr ""
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr ""
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr ""
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr ""
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr ""
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr ""
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr ""
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr ""
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr ""
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr ""
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr ""
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr ""
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr ""
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr ""
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
msgstr ""
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, "
+"fvault2Open\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, "
-"bitlkClose\n"
+"bitlkClose, fvault2Close\n"
msgstr ""
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"Default compiled-in metadata format is %s (for luksFormat action).\n"
msgstr ""
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr ""
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr ""
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
msgstr ""
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
msgstr ""
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid ""
"\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr ""
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr ""
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
-msgid "Show this help message"
-msgstr ""
-
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
-msgid "Display brief usage"
-msgstr ""
-
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr ""
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
-msgid "Help options:"
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
msgstr ""
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
msgstr ""
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
msgstr ""
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
msgstr ""
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
msgstr ""
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
msgstr ""
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
msgstr ""
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
+msgid "Show this help message"
msgstr ""
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
+msgid "Display brief usage"
msgstr ""
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
+msgid "Print package version"
msgstr ""
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
+msgid "Help options:"
msgstr ""
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
+msgid "[OPTION...] <action> <action-specific>"
msgstr ""
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
+msgid "Argument <action> missing."
msgstr ""
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
+msgid "Unknown action."
msgstr ""
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
+#: src/cryptsetup.c:3546
+msgid "Option --key-file takes precedence over specified key file argument."
msgstr ""
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
+#: src/cryptsetup.c:3552
+msgid "Only one --key-file argument is allowed."
msgstr ""
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
+#: src/cryptsetup.c:3557
+msgid ""
+"Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/"
+"argon2id."
msgstr ""
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
+#: src/cryptsetup.c:3562
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr ""
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
msgstr ""
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
msgstr ""
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#: src/cryptsetup.c:3594
+msgid "Cannot disable metadata locking."
msgstr ""
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
msgstr ""
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
+#: src/veritysetup.c:87
+#, c-format
+msgid "Cannot create hash image %s for writing."
msgstr ""
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
+#: src/veritysetup.c:97
+#, c-format
+msgid "Cannot create FEC image %s for writing."
msgstr ""
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
msgstr ""
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
msgstr ""
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
msgstr ""
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
msgstr ""
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
msgstr ""
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
+#: src/veritysetup.c:241
+msgid "Invalid root hash string specified."
msgstr ""
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
+#: src/veritysetup.c:249
+#, c-format
+msgid "Invalid signature file %s."
msgstr ""
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
+#: src/veritysetup.c:256
+#, c-format
+msgid "Cannot read signature file %s."
msgstr ""
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
msgstr ""
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
+#: src/veritysetup.c:489
+msgid "<data_device> <hash_device>"
msgstr ""
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
+#: src/veritysetup.c:489 src/integritysetup.c:534
+msgid "format device"
msgstr ""
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
msgstr ""
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
+#: src/veritysetup.c:490
+msgid "verify device"
msgstr ""
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
msgstr ""
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
+#: src/veritysetup.c:493 src/integritysetup.c:537
+msgid "show active device status"
msgstr ""
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
+#: src/veritysetup.c:494
+msgid "<hash_device>"
msgstr ""
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
+#: src/veritysetup.c:494 src/integritysetup.c:538
+msgid "show on-disk information"
msgstr ""
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
+#: src/veritysetup.c:513
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
msgstr ""
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#: src/veritysetup.c:520
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, "
+"Hash format: %u\n"
msgstr ""
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#: src/veritysetup.c:658
+msgid ""
+"Option --ignore-corruption and --restart-on-corruption cannot be used "
+"together."
msgstr ""
-#: src/cryptsetup.c:3683
+#: src/veritysetup.c:663
msgid ""
-"Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+"Option --panic-on-corruption and --restart-on-corruption cannot be used "
+"together."
msgstr ""
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --"
+"integrity-recalculate)."
msgstr ""
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr ""
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#: src/integritysetup.c:289
+msgid ""
+"Setting recalculate flag is not supported, you may consider using --wipe "
+"instead."
msgstr ""
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
msgstr ""
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
msgstr ""
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
msgstr ""
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
msgstr ""
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
msgstr ""
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
msgstr ""
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
msgstr ""
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
msgstr ""
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
+#: src/integritysetup.c:727
+msgid ""
+"Journal integrity algorithm must be specified if journal integrity key is "
+"used."
msgstr ""
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
+#: src/integritysetup.c:731
+msgid ""
+"Both journal encryption key file and key size options must be specified."
msgstr ""
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
+#: src/integritysetup.c:734
+msgid ""
+"Journal encryption algorithm must be specified if journal encryption key is "
+"used."
msgstr ""
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
msgstr ""
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
msgstr ""
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
msgstr ""
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
msgstr ""
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
msgstr ""
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
msgstr ""
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
+#: src/utils_tools.c:158
+msgid "Command successful."
msgstr ""
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
msgstr ""
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
msgstr ""
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
+#: src/utils_tools.c:170
+msgid "out of memory"
msgstr ""
-#: src/cryptsetup.c:3705
-msgid "Key description"
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
msgstr ""
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
msgstr ""
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
+#: src/utils_tools.c:176
+msgid "unknown error"
msgstr ""
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
msgstr ""
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
msgstr ""
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
msgstr ""
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
msgstr ""
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
msgstr ""
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
msgstr ""
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
msgstr ""
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
msgstr ""
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
msgstr ""
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
msgstr ""
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
+#: src/utils_tools.c:290
+#, c-format
+msgid ""
+"Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
msgstr ""
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
msgstr ""
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
msgstr ""
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
msgstr ""
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
+#: src/utils_tools.c:300
+msgid "No usable token is available."
msgstr ""
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
+#: src/utils_tools.c:393
+#, c-format
+msgid "Cannot read keyfile %s."
msgstr ""
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
msgstr ""
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
msgstr ""
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
msgstr ""
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
msgstr ""
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
msgstr ""
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
msgstr ""
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
msgstr ""
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
msgstr ""
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
msgstr ""
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
msgstr ""
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
msgstr ""
-#: src/cryptsetup.c:3902
+#: src/utils_password.c:49
+#, c-format
msgid ""
-"Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+"Password quality check failed:\n"
+" %s"
msgstr ""
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
msgstr ""
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-"
-"size=(bytes)."
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
msgstr ""
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
msgstr ""
-#: src/cryptsetup.c:3928
-msgid ""
-"Option --integrity-no-wipe can be used only for format action with integrity "
-"extension."
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
msgstr ""
-#: src/cryptsetup.c:3934
-msgid ""
-"Options --label and --subsystem are allowed only for luksFormat and config "
-"LUKS2 operations."
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
msgstr ""
-#: src/cryptsetup.c:3940
-msgid ""
-"Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK "
-"devices."
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
msgstr ""
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
msgstr ""
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
msgstr ""
-#: src/cryptsetup.c:3958
-msgid "Option --key-file takes precedence over specified key file argument."
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
msgstr ""
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
msgstr ""
-#: src/cryptsetup.c:3969
-msgid "Only one --key-file argument is allowed."
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
msgstr ""
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
msgstr ""
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
msgstr ""
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
msgstr ""
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
msgstr ""
-#: src/cryptsetup.c:3989
+#: src/utils_luks.c:257
msgid ""
-"Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only "
-"for luksFormat with LUKS2."
+"\n"
+"Write interrupted."
msgstr ""
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
msgstr ""
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
msgstr ""
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
msgstr ""
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
msgstr ""
-#: src/cryptsetup.c:4015
+#: src/utils_reencrypt.c:132
+#, c-format
msgid ""
-"Option --offset is supported only for open of plain and loopaes devices, "
-"luksFormat and device reencryption."
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
msgstr ""
-#: src/cryptsetup.c:4021
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
msgid ""
-"Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only "
-"for TCRYPT device."
+"Device %s is not a block device. Can not auto-detect if it is active or "
+"not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode "
+"(dangerous!)."
msgstr ""
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid ""
+"Requested --resilience option cannot be applied to current reencryption "
+"operation."
msgstr ""
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
msgstr ""
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
msgstr ""
-#: src/cryptsetup.c:4041
+#: src/utils_reencrypt.c:215
msgid ""
-"Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+"Device is in reencryption using datashift resilience. Requested --resilience "
+"option cannot be applied."
msgstr ""
-#: src/cryptsetup.c:4049
-msgid ""
-"Option --veracrypt-query-pim is supported only for VeraCrypt compatible "
-"devices."
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
msgstr ""
-#: src/cryptsetup.c:4053
+#: src/utils_reencrypt.c:307
+#, c-format
msgid ""
-"The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+"Device %s is already in LUKS2 reencryption. Do you wish to resume previously "
+"initialised operation?"
msgstr ""
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
msgstr ""
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
msgstr ""
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/utils_reencrypt.c:449
+#, c-format
msgid ""
-"Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/"
-"argon2id."
-msgstr ""
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr ""
-
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
msgstr ""
-#: src/cryptsetup.c:4093
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
msgid ""
-"Large IV sectors option is supported only for opening plain type device with "
-"sector size larger than 512 bytes."
-msgstr ""
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr ""
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr ""
-
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr ""
-
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr ""
-
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr ""
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr ""
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr ""
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr ""
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
+"Encryption without detached header (--header) is not possible without data "
+"device size reduction (--reduce-device-size)."
msgstr ""
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+#: src/utils_reencrypt.c:525
+msgid ""
+"Requested data offset must be less than or equal to half of --reduce-device-"
+"size parameter."
msgstr ""
-#: src/veritysetup.c:76
-msgid "Invalid salt string specified."
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid ""
+"Adjusting --reduce-device-size value to twice the --offset %<PRIu64> "
+"(sectors).\n"
msgstr ""
-#: src/veritysetup.c:107
+#: src/utils_reencrypt.c:565
#, c-format
-msgid "Cannot create hash image %s for writing."
+msgid "Temporary header file %s already exists. Aborting."
msgstr ""
-#: src/veritysetup.c:117
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
#, c-format
-msgid "Cannot create FEC image %s for writing."
+msgid "Cannot create temporary header file %s."
msgstr ""
-#: src/veritysetup.c:191
-msgid "Invalid root hash string specified."
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
msgstr ""
-#: src/veritysetup.c:199
+#: src/utils_reencrypt.c:636
#, c-format
-msgid "Invalid signature file %s."
+msgid "Failed to place new header at head of device %s."
msgstr ""
-#: src/veritysetup.c:206
+#: src/utils_reencrypt.c:646
#, c-format
-msgid "Cannot read signature file %s."
-msgstr ""
-
-#: src/veritysetup.c:406
-msgid "<data_device> <hash_device>"
-msgstr ""
-
-#: src/veritysetup.c:406 src/integritysetup.c:492
-msgid "format device"
-msgstr ""
-
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr ""
-
-#: src/veritysetup.c:407
-msgid "verify device"
-msgstr ""
-
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr ""
-
-#: src/veritysetup.c:410 src/integritysetup.c:495
-msgid "show active device status"
+msgid "%s/%s is now active and ready for online encryption.\n"
msgstr ""
-#: src/veritysetup.c:411
-msgid "<hash_device>"
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
msgstr ""
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
msgstr ""
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
msgstr ""
-#: src/veritysetup.c:437
+#: src/utils_reencrypt.c:744
#, c-format
msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, "
-"Hash format: %u\n"
-msgstr ""
-
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr ""
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr ""
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr ""
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr ""
-
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr ""
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr ""
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr ""
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr ""
-
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr ""
-
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr ""
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr ""
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr ""
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr ""
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr ""
-
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr ""
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
+"Header file %s does not exist. Do you want to initialize LUKS2 decryption of "
+"device %s and export LUKS2 header to file %s?"
msgstr ""
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
msgstr ""
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr ""
-
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr ""
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
msgstr ""
-#: src/veritysetup.c:600
+#: src/utils_reencrypt.c:873
msgid ""
-"Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks "
-"is allowed only for open operation."
-msgstr ""
-
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
+"LUKS2 decryption is supported with detached header device only (with data "
+"offset set to 0)."
msgstr ""
-#: src/veritysetup.c:610
-msgid ""
-"Option --ignore-corruption and --restart-on-corruption cannot be used "
-"together."
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
msgstr ""
-#: src/veritysetup.c:615
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
msgid ""
-"Option --panic-on-corruption and --restart-on-corruption cannot be used "
-"together."
-msgstr ""
-
-#: src/integritysetup.c:85
-#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
+"Key file can be used only with --key-slot or with exactly one key slot "
+"active."
msgstr ""
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
#, c-format
-msgid "Cannot read keyfile %s."
+msgid "Enter passphrase for key slot %d: "
msgstr ""
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/utils_reencrypt.c:1059
#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
+msgid "Enter passphrase for key slot %u: "
msgstr ""
-#: src/integritysetup.c:266
+#: src/utils_reencrypt.c:1111
#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr ""
-
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
+msgid "Switching data encryption cipher to %s.\n"
msgstr ""
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
msgstr ""
-#: src/integritysetup.c:515
-#, c-format
+#: src/utils_reencrypt.c:1267
msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option "
+"(dangerous!)."
msgstr ""
-#: src/integritysetup.c:520
-#, c-format
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
msgid ""
"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr ""
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr ""
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr ""
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr ""
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr ""
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr ""
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr ""
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr ""
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr ""
-
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr ""
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr ""
-
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr ""
-
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr ""
-
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr ""
-
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr ""
-
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr ""
-
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr ""
-
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr ""
-
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+"Reencryption interrupted."
msgstr ""
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
msgstr ""
-#: src/integritysetup.c:692
-msgid ""
-"Options --journal-size, --interleave-sectors, --sector-size, --tag-size and "
-"--no-wipe can be used only for format action."
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
msgstr ""
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
msgstr ""
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
msgstr ""
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
msgstr ""
-#: src/integritysetup.c:711
-msgid ""
-"Journal integrity algorithm must be specified if journal integrity key is "
-"used."
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
msgstr ""
-#: src/integritysetup.c:716
-msgid ""
-"Both journal encryption key file and key size options must be specified."
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
msgstr ""
-#: src/integritysetup.c:719
-msgid ""
-"Journal encryption algorithm must be specified if journal encryption key is "
-"used."
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
msgstr ""
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
msgstr ""
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
msgstr ""
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
msgstr ""
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
msgstr ""
-#: src/cryptsetup_reencrypt.c:226
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr ""
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
msgid "Allocation of aligned memory failed."
msgstr ""
-#: src/cryptsetup_reencrypt.c:247
+#: src/utils_reencrypt_luks1.c:150
#, c-format
msgid "Cannot read device %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:258
+#: src/utils_reencrypt_luks1.c:161
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr ""
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:279
+#: src/utils_reencrypt_luks1.c:177
#, c-format
msgid "Cannot write device %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:327
+#: src/utils_reencrypt_luks1.c:226
msgid "Cannot write reencryption log file."
msgstr ""
-#: src/cryptsetup_reencrypt.c:383
+#: src/utils_reencrypt_luks1.c:282
msgid "Cannot read reencryption log file."
msgstr ""
-#: src/cryptsetup_reencrypt.c:421
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:320
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr ""
-#: src/cryptsetup_reencrypt.c:470
+#: src/utils_reencrypt_luks1.c:369
msgid "Activating temporary device using old LUKS header."
msgstr ""
-#: src/cryptsetup_reencrypt.c:480
+#: src/utils_reencrypt_luks1.c:379
msgid "Activating temporary device using new LUKS header."
msgstr ""
-#: src/cryptsetup_reencrypt.c:490
+#: src/utils_reencrypt_luks1.c:389
msgid "Activation of temporary devices failed."
msgstr ""
-#: src/cryptsetup_reencrypt.c:577
+#: src/utils_reencrypt_luks1.c:449
msgid "Failed to set data offset."
msgstr ""
-#: src/cryptsetup_reencrypt.c:583
+#: src/utils_reencrypt_luks1.c:455
msgid "Failed to set metadata size."
msgstr ""
-#: src/cryptsetup_reencrypt.c:591
+#: src/utils_reencrypt_luks1.c:463
#, c-format
msgid "New LUKS header for device %s created."
msgstr ""
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid ""
-"This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:723
+#: src/utils_reencrypt_luks1.c:500
#, c-format
msgid "%s header backup of device %s created."
msgstr ""
-#: src/cryptsetup_reencrypt.c:786
+#: src/utils_reencrypt_luks1.c:556
msgid "Creation of LUKS backup headers failed."
msgstr ""
-#: src/cryptsetup_reencrypt.c:919
+#: src/utils_reencrypt_luks1.c:685
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:921
+#: src/utils_reencrypt_luks1.c:687
#, c-format
msgid "%s header on device %s restored."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
msgid "Cannot open temporary LUKS device."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
msgid "Cannot get device size."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1176
+#: src/utils_reencrypt_luks1.c:968
msgid "IO error during reencryption."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1207
+#: src/utils_reencrypt_luks1.c:998
msgid "Provided UUID is invalid."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1441
+#: src/utils_reencrypt_luks1.c:1224
msgid "Cannot open reencryption log file."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1447
+#: src/utils_reencrypt_luks1.c:1230
msgid ""
"No decryption in progress, provided UUID can be used only to resume "
"suspended decryption process."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1687
+#: src/utils_reencrypt_luks1.c:1286
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1688
+#: src/utils_reencrypt_luks1.c:1287
msgid "volume key"
msgstr ""
-#: src/cryptsetup_reencrypt.c:1690
+#: src/utils_reencrypt_luks1.c:1289
msgid "set hash to "
msgstr ""
-#: src/cryptsetup_reencrypt.c:1691
+#: src/utils_reencrypt_luks1.c:1290
msgid ", set cipher to "
msgstr ""
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1723
-msgid ""
-"Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr ""
-#: src/cryptsetup_reencrypt.c:1757
-msgid ""
-"Option --new must be used together with --reduce-device-size or --header."
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr ""
-#: src/cryptsetup_reencrypt.c:1761
-msgid ""
-"Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-"
-"iterations."
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
msgstr ""
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
msgstr ""
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
msgstr ""
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
msgstr ""
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
msgstr ""
-#: src/utils_tools.c:198
-msgid "out of memory"
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
msgstr ""
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token "
+"connected to an SSH server\vThis plugin currently allows only adding a token "
+"to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a "
+"passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when "
+"opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, "
+"user and paths) will be stored in the LUKS2 header in plaintext."
msgstr ""
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
msgstr ""
-#: src/utils_tools.c:204
-msgid "unknown error"
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
msgstr ""
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
msgstr ""
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
msgstr ""
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
msgstr ""
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
msgstr ""
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid ""
+"Keyslot to assign the token to. If not specified, token will be assigned to "
+"the first keyslot matching provided passphrase."
msgstr ""
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
msgstr ""
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
msgstr ""
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
msgstr ""
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
msgstr ""
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
msgstr ""
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
msgstr ""
-#: src/utils_tools.c:562
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
+msgid "%s@%s's password: "
msgstr ""
-#: src/utils_tools.c:564
+#: tokens/ssh/cryptsetup-ssh.c:357
#, c-format
-msgid "Failed to open file %s in read/write mode."
+msgid "Failed to parse arguments.\n"
msgstr ""
-#: src/utils_tools.c:578
+#: tokens/ssh/cryptsetup-ssh.c:368
#, c-format
-msgid ""
-"Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s "
-"will be wiped."
+msgid "An action must be specified\n"
msgstr ""
-#: src/utils_tools.c:581
+#: tokens/ssh/cryptsetup-ssh.c:374
#, c-format
-msgid ""
-"Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s "
-"will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
+msgid "Device must be specified for '%s' action.\n"
msgstr ""
-#: src/utils_tools.c:591
+#: tokens/ssh/cryptsetup-ssh.c:379
#, c-format
-msgid "Failed to probe device %s for a signature."
+msgid "SSH server must be specified for '%s' action.\n"
msgstr ""
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-
-#: src/utils_password.c:43 src/utils_password.c:76
+#: tokens/ssh/cryptsetup-ssh.c:384
#, c-format
-msgid "Cannot check password quality: %s"
+msgid "SSH user must be specified for '%s' action.\n"
msgstr ""
-#: src/utils_password.c:51
+#: tokens/ssh/cryptsetup-ssh.c:389
#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
+msgid "SSH path must be specified for '%s' action.\n"
msgstr ""
-#: src/utils_password.c:83
+#: tokens/ssh/cryptsetup-ssh.c:394
#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr ""
-
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr ""
-
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr ""
-
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
+msgid "SSH key path must be specified for '%s' action.\n"
msgstr ""
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr ""
-
-#: src/utils_password.c:287
+#: tokens/ssh/cryptsetup-ssh.c:401
#, c-format
-msgid "Enter passphrase: "
+msgid "Failed open %s using provided credentials.\n"
msgstr ""
-#: src/utils_password.c:290
+#: tokens/ssh/cryptsetup-ssh.c:417
#, c-format
-msgid "Enter passphrase for %s: "
+msgid "Only 'add' action is currently supported by this plugin.\n"
msgstr ""
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
msgstr ""
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
msgstr ""
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
msgstr ""
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
msgstr ""
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
msgstr ""
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
msgstr ""
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
msgstr ""
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
msgstr ""
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
msgstr ""
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
msgstr ""
# This file is distributed under the same license as the cryptsetup package.
# Milan Broz <mbroz@redhat.com>, 2010.
# Petr Pisar <petr.pisar@atlas.cz>, 2010, 2011, 2012, 2013, 2014, 2015, 2016.
-# Petr Pisar <petr.pisar@atlas.cz>, 2017, 2018, 2019, 2020, 2021.
+# Petr Pisar <petr.pisar@atlas.cz>, 2017, 2018, 2019, 2020, 2021, 2022, 2023.
#
# See `LUKS On-Disk Format Specification' document to clarify some terms.
#
# backing device → podpůrné zařízení
-# detached header → oddědelená hlavička
+# (SSH) credentials → přihlašovací údaje
+# data offset → počátek dat
+# deffered remove → odložené odebrání
+# detached header → oddělená hlavička
# digest → otisk
+# hash → haš
# key slot → pozice klíče
# keyring → klíčenka
# online mode → (režim) za běhu
# segment → část
# signature → značka, vzorec nebo podpis (záleží na kontextu)
# suspend → uspat
+# token → token
#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-23 07:33+02:00\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 18:11+01:00\n"
"Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
"Language-Team: Czech <translation-team-cs@lists.sourceforge.net>\n"
"Language: cs\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Nelze inicializovat device-mapper, nespuštěno superuživatelem."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Nelze inicializovat device-mapper. Je jaderný modul dm_mod zaveden?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
-msgstr "Požadovaný příznak pozdrženo není podporován."
+msgstr "Požadovaný příznak odložení není podporován."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID pro zařízení %s bylo zkráceno."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Neznámý druh cíle DM."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Požadované výkonnostní volby dm-cryptu nejsou podporovány."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Požadované volby, jak zacházet s poškozením dat dm-verity, nejsou podporovány."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Požadovaná volba taskletu dm-cryptu není podporována."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Požadované FEC volby dm-cryptu nejsou podporovány."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Požadované volby integrity dat nejsou podporovány."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "Požadované volby sector_size není podporována."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Požadovaný automatický přepočet značek integrity není podporován."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Zahazování (TRIM) není podporováno."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Požadovaný režim bitmapy integrity DM není podporován."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Dotaz na část dm-%s selhal."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Aby bylo možné nasbírat náhodné události, žádáme uživatele, aby pohyboval\n"
"myší nebo psal text do jiného okna.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Vytváří se klíč (%d %% hotovo).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Režim FIPS zapnut."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "Fatální chyba během přípravy generátoru náhodných čísel."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Požadována neznámá kvalita generátoru náhodných čísel."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Chyba při čtení z generátoru náhodných čísel."
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Implementaci šifrovacího generátoru náhodných čísel nelze inicializovat."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Implementaci šifrování nelze inicializovat."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Hašovací algoritmus %s není podporován."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Chyba zpracování klíče (za použití haše %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Druh zařízení nelze určit. Nekompatibilní aktivace zařízení?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "Tato operace je podporována jen u zařízení LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Tato operace je podporována jen u zařízení LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Všechny pozice klíčů jsou obsazeny."
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Pozice klíče %d není platná, prosím, vyberte číslo mezi 0 a %d."
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Pozice klíče %d je obsazena, prosím, vyberte jinou."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "Velikost zařízení není zarovnaná na velikost logického sektoru zařízení."
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Nalezena hlavička, ale zařízení %s je příliš malé."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Tato operace není na zařízení tohoto typu podporována."
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "Zakázaná operace spolu s probíhajícím přešifrování."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Nahrání původních metadat LUKS2 do paměti selhalo."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Zařízení %s není platným zařízením LUKS."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Nepodporovaná verze LUKS %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "Zařízení %s není aktivní."
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Zařízení nižší úrovně pod šifrovaným zařízením %s zmizelo."
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "Neplatné parametry plain šifry."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "Neplatná velikost klíče."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "UUID není na šifře tohoto typu podporováno."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Zařízení s oddělenými metadaty není na šifře tohoto typu podporováno."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Nepodporovaná velikost šifrovaného sektoru."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "Velikost zařízení není zarovnaná na požadovanou velikost sektoru."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "LUKS nelze bez zařízení naformátovat."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "Požadované zarovnání dat není slučitelné s polohou dat."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "POZOR: Poloha dat je mimo nyní dostupné zařízení s daty.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Ze zařízení %s nelze odstranit hlavičku."
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Zařízení %s je na aktivaci příliš malé. Nezbývá žádné místo pro data.\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "POZOR: Aktivace zařízení selže, dm-crypt nepodporuje požadovanou velikost šifrovaného sektoru.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Klíč svazku je příliš malý na šifrovaní s rozšířeními pro integritu."
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Šifra %s-%s (velikost klíče %zd bitů) není dostupná."
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "POZOR: Metadata LUKS2 změnila velikost na %<PRIu64> bajtů.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "POZOR: Oblast s pozicemi klíčů pro LUKS2 změnila velikost na %<PRIu64> bajtů.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Zařízení %s je příliš malé."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "Zařízení %s, které se používá, nelze formátovat."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Zařízení %s nelze formátovat, povolení zamítnuto."
# FIXME "format integrity" is nonsense
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Zařízení %s není možné formátovat integritu."
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "Zařízení %s nelze formátovat."
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "LOOPAES nelze bez zařízení naformátovat."
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "VERITY nelze bez zařízení naformátovat."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Nepodporovaný druh VERITY haše %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Nepodporovaná velikost bloku VERITY."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Nepodporovaná poloha haše VERITY."
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "Nepodporovaná poloha VERITY FEC."
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "Oblast dat se překrývá s oblastí haše."
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "Oblast FEC se překrývá s oblastí haše."
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "Oblast dat se překrývá s oblastí FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "POZOR: Požadovaná velikost značky %d bajtů se liší od výstupu velikosti %s (%d bajtů).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Požadován neznámý typ šifrovaného zařízení %s."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Nepodporované parametry na zařízení %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Neodpovídající parametry an za zařízení %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Zařízení dmcryptu si neodpovídají."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Zařízení %s nebylo možné znovu zavést."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Zařízení %s nebylo možné pozastavit."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Zařízení %s nebylo možné probudit."
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Nepřekonatelná chyba při zavádění zařízení %s (nad zařízením %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Zařízení %s nebylo možné přepnout do dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "Nelze změnit velikost zařízení zpětné smyčky."
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr ""
+"POZOR: Maximální velikost je již nastavena nebo změna velikosti není jádrem\n"
+"podporována.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Změna velikosti selhala, jádro ji nepodporuje."
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "Opravdu chcete změnit UUID zařízení?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Soubor se zálohou hlavičky neobsahuje kompatibilní hlavičku LUKS."
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "Svazek %s není aktivní."
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "Svazek %s je již uspán."
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Uspání není na zařízení %s podporováno."
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "Chyba při uspávání zařízení %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Probuzení není na zařízení %s podporováno."
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "Chyba při probouzení zařízení %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Svazek %s není uspán."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Heslo svazku neodpovídá svazku."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku nebyl poskytnut."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "Záměna novou pozicí klíče se nezdařila."
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "Pozice klíče %d je neplatná."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "Pozice klíče %d není aktivní."
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "Hlavička zařízení se překrývá s datovou oblastí."
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Přešifrování již probíhá. Zařízení nelze aktivovat."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Získání zámku pro přešifrování selhalo."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "Obnova přešifrování LUKS2 selhalo."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "Typ zařízení není řádně inicializován."
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "Zařízení %s již existuje."
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Zařízení %s nelze použít. Název není platný nebo zařízení se stále používá."
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "Byl zadán neplatný klíč svazku."
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "K zařízení VERITY byl zadán neplatný kořenový haš."
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "Je potřeba podpis kořenového otisku."
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Jaderná klíčenka chybí: je potřeba pro předání podpisu do jádra."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "Klíč se nepodařilo přidat do jaderné klíčenky."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Odložené odebrání zařízení %s nebylo možné zrušit."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Zařízení %s se stále používá."
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "Neplatné zařízení %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "Vyhrazená paměť pro klíč svazku je příliš malá."
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Nelze získat klíč svazku pro zařízení LUKS2."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Nelze získat klíč svazku pro zařízení LUKS1."
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "Nelze získat klíč svazku pro otevřené zařízení."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "K zařízení VERITY nelze získat kořenový otisk."
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Nelze získat klíč svazku pro zařízení BITLK."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Nelze získat klíč svazku pro zařízení FVAULT2."
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Na šifrovaném zařízení %s není tato operace podporována."
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "Operace výpisu není na zařízení tohoto typu podporována."
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Počátek dat není násobkem %u bajtů."
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Zařízení %s, které se stále používá, nelze konvertovat."
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Přiřazení pozice klíče %u jakožto nového klíče svazku se nezdařilo."
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Inicializace parametrů výchozí pozice klíče LUKS2 selhala."
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Přiřazení pozice klíče %d k otisku se nezdařilo."
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Nelze přidat pozici klíče, všechny pozice jsou zakázány a klíč svazku nebyl poskytnut."
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "Jaderná klíčenka není jádrem podporována."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Čtení hesla z klíčenky selhalo (chyba %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Získání zámku pro tvrdý přístup do globální paměti selhalo."
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Nelze zjistit prioritu procesu."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Paměť nelze odemknout."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Soubor s klíčem se nepodařilo otevřít."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Soubor s klíčem nelze z terminálu přečíst."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "O souboru s klíčem nebylo možné zjistit údaje."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Nelze se přesunout na požadované místo v souboru s klíčem."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "Při čtení hesla došla paměť."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Chyba při čtení hesla."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Na vstupu není nic k přečtení."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Maximální délka souboru s klíčem překročena."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "Požadované množství dat nelze načíst."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Zařízení %s neexistuje nebo přístup byl zamítnut."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Zařízení %s není kompatibilní."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "U zařízení s daty se ignoruje chybná optimální velikost I/O (%u bajtů)."
# TODO: Pluralize
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Zařízení %s je příliš malé. Je třeba alespoň %<PRIu64> bajtů."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Zařízení %s nelze použít, protože se již používá (již namapováno nebo připojeno)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Zařízení %s nelze použít, povolení zamítnuto."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "O zařízení %s nelze získat údaje."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Zařízení typu loopback nelze použít, nespuštěno superuživatelem."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Připojení zařízení zpětné smyčky selhalo (požadováno zařízení s příznakem autoclear)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Požadovaná poloha je za hranicí skutečné velikosti zařízení %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Zařízení %s má nulovou velikost."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "V režimu FIPS je podporován jen PBKDF2."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Porovnání výkonu PBKDF je zakázáno, ale počet iterací není nastaven."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Neslučitelné volby PBKDF2 (při použití hašovacího algoritmu %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "Neslučitelné volby PBKDF."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (není adresářem nebo neexistuje)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Zamykací adresář %s/%s bude vytvořen s výchozími zakompilovanými právy."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Zamykání zrušeno. Zamykací cesta %s/%s je nepoužitelná (%s není adresářem)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Nelze se přesunout na požadované místo v zařízení."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Chyba při čištění zařízení na pozici %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Zápis šifry by měl být ve tvaru [šifra]-[režim]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Na zařízení %s nelze zapsat, povolení zamítnuto."
msgid "Failed to access temporary keystore device."
msgstr "Přístup do dočasného zařízení s úložištěm klíče selhal."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Chyba vstupu/výstupu při šifrování pozice klíče."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Zařízení %s nelze otevřít."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "Chyba vstupu/výstupu při dešifrování pozice klíče."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Zařízení %s je příliš malé. (LUKS1 vyžaduje alespoň %<PRIu64> bajtů.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "Pozice %u klíče LUKS není platná."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Zařízení %s není platným zařízením LUKS."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Požadovaný soubor se zálohou hlavičky %s již existuje."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Soubor se zálohou hlavičky %s nelze vytvořit."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Nelze zapsat soubor %s se zálohou hlavičky."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Záložní soubor neobsahuje platnou hlavičku LUKS."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Nelze otevřít soubor se zálohou hlavičky %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Soubor se zálohou hlavičky %s nelze načíst."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Počátek dat nebo velikost klíče se liší mezi zařízením a zálohou, obnova se nezdařila."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "Zařízení %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "neobsahuje hlavičku LUKS. Nahrazení hlavičky může zničit data na daném zařízení."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "již obsahuje hlavičku LUKS. Nahrazení hlavičky zničí existující pozice s klíči."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"POZOR: hlavička ve skutečném zařízení má jiné UUID než záloha!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "Nestandardní velikost klíče, je třeba ruční opravy."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Nestandardní zarovnání pozice klíče, je třeba ruční opravy."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Režim šifry opraven (%s → %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Haš šifry opraven na malý písmena (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Požadovaný haš LUKSu %s není podporován."
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "Opravují se pozice klíčů."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Pozice klíče %i: poloha opravena (%u → %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Pozice klíče %i: proklad opraven (%u → %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Pozice klíče %i: chybná značka oddílu."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Pozice klíče %i: sůl vymazána."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "Hlavička LUKS se zapisuje na disk."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "Oprava selhala."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Požadovaný haš LUKSu %s není podporován."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Režim LUKS šifry %s není platný."
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "LUKS haš %s není platný."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "V hlavičce LUKS nenalezen žádný známý problém."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Chyba při aktualizaci hlavičky LUKS na zařízení %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Chyba při opakovaném čtení hlavičky LUKS po aktualizaci zařízení %s."
# TODO: Pluralize
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Poloha dat u hlavičky LUKS musí být buď 0 nebo více než velikost hlavičky."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "Poskytnut UUID LUKSu ve špatném tvaru."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Hlavičku LUKS nelze vytvořit: čtení náhodné soli selhalo."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Hlavičku LUKS nelze vytvořit: výpočet otisku hlavičky (haš %s) selhal."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Pozice klíče %d je aktivní, nejprve ji uvolněte."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Pozice klíče %d obsahuje příliš málo útržků. Manipulace s hlavičkou?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Čítač opakování PBKDF2 přetekl."
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Pozici s klíčem nezle otevřít (za použití haše %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Pozice klíče %d není platná, prosím, vyberte pozici mezi 0 a %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Zařízení %s není možné smazat."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Jádro nepodporuje mapování kompatibilní s loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Chyba při čtení souboru s klíčem %s"
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Překročena maximální délka hesla TCRYPT (%zu)."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Hašovací algoritmus PBKDF2 %s není podporován, přeskakuje se."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "Požadované kryptografické rozhraní jádra není dostupné."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Ujistěte se, že jaderný modul algif_skcipher je zaveden."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Aktivace nad sektory o velikosti %d není podporována."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Jádro nepodporuje aktivaci v tomto zastaralém režimu TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Aktivuje se systémové šifrování TCRYPT pro oddíl %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Jádro nepodporuje mapování kompatibilní s TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Bez dat s hlavičkou TCRYPT není tato funkce podporována."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Při rozboru podporovaného hlavního klíče svazku byla nalezena položka nečekaného typu „%u“."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Při rozboru hlavního svazku klíče byl nalezen neplatný řetězec."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Při rozboru hlavního klíče svazku byl nalezen nečekaný řetězec („%s“)."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Při rozboru hlavního klíče svazku byl nalezen záznam metadat s nečekanou hodnotou „%u“."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Z %s nebylo možné načíst vzorec BITLK."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Neplatná nebo neznámá značka zařízení BITLK."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK verze 1 není v současnosti podporován."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Neplatná nebo neznámá značka zavaděče zařízení BITLK."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Nepodporovaná velikost sektoru %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Z %s nebylo možné načíst hlavičku BITLK."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Z %s nebylo možné přečíst metadata BITLK FVE."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "Neznámý nebo nepodporovaný druh šifrování."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Z %s nebylo možné načíst položky metadat BITLK."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Převod popisu svazku BITLK se nezdařil"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Při rozboru externího klíče byla v metadatech nalezena položka nečekaného typu „%u“."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "GUID „%s“ souboru BEK neodpovídá GUID svazku."
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Při rozboru externího klíče byla v metadatech nalezena položka s nečekanou hodnotou „%u“."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Nepodporovaná metadata BEK verze %<PRIu32>."
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Nečekaná velikost metadat BEK %<PRIu32> neodpovídá délce souboru BEK"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Při rozboru startovacího klíče byla v metadatech nalezena nečekaná položka."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "Tato operace není podporována."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "Nečekaná velikost údajů o klíči."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Toto zařízení BITLK je v nepodporovaném stavu a nelze jej aktivovat."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Zařízení BITLK s typem „%s“ nelze aktivovat."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Aktivace částečně dešifrovaného zařízení BITLK není podporována."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "POZOR: Velikost svazku BitLockeru %<PRIu64> neodpovídá velikosti zařízení ve zpod %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu inicializačního vektoru BITLK."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu difuzéru Elephant BITLK."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Zařízení nelze aktivovat. Jaderný dm-crypt postrádá podporu velikostí velkých sektorů."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Zařízení nelze aktivovat. Chybí jaderný modul dm-zero."
+
+# FIXME: Pluralize
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Zařízení VERITY %s nepoužívá hlavičku uvnitř disku."
+msgid "Could not read %u bytes of volume header."
+msgstr "Z hlavičky svazku nebylo možné přečíst %u bajtů."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Zařízení %s není platným zařízením VERITY."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Nepodporovaná verze FVAULT2 %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Zařízení VERITY %s nepoužívá hlavičku uvnitř disku."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Nepodporovaná verze VERITY %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "Hlavička VERITY je poškozena."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Na zařízení %s poskytnuto UUID VERITY ve špatném tvaru."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Chyba při aktualizaci hlavičky VERITY na zařízení %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Ověření podpisu kořenového otisku není podporováno."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Chyby v zařízení FEC nelze opravit."
# TODO: Pluralize
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Nalezeno %u opravitelných chyb v zařízení FEC."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Jádro nepodporuje mapování dm-verity."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Jádro nepodporuje volbu pro podpis dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Po aktivaci zjistilo zařízení VERITY poškození."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Řídká oblast na pozici %<PRIu64> není vynulována."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Pozice na zařízení přetekla."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Ověření na pozici %<PRIu64> selhalo."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Přetečení oblasti haše."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Ověření datové oblasti selhalo."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Ověření kořenového haše selhalo."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Při vytváření oblasti haší došlo k chybě na vstupu/výstupu."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Oblast haší se nepodařilo vytvořit."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "POZOR: Jádro nemůže aktivovat zařízení, pokud velikost datového bloku přesahuje velikost stránky (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Oprava parity bloku RS %<PRIu64> selhala."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Zápis parity bloku RS %<PRIu64> selhal."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Velikosti bloků musí odpovídat FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Chybný počet paritních bajtů."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Neplatná délka části FEC."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Velikost zařízení %s se nepodařilo určit."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Neslučitelná metadata jaderného dm-integrity (verze %u) byla nalezena na %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Jádro nepodporuje mapování dm-integrity."
# Fixed metadata means fix_padding attribute of dm-integrity target
# documented as "use a smaller padding".
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Jádro nepodporuje drobné zarovnání metadat dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Jádro odmítá aktivovat volbu nebezpečného přepočtu (pro přebití vizte zastaralé volby aktivace)"
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Získání zámku pro zápis do zařízení %s selhalo."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Zjištěn pokus o současnou aktualizaci metadat LUKS2. Operace se ruší."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Zařízení obsahuje nejednoznačný vzorec. LUKS2 nelze automaticky obnovit.\n"
"Prosím, spusťte obnovu příkazem „cryptsetup repair“."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Požadovaná poloha dat je příliš nízká."
# TODO: Pluralize
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "POZOR: oblast s pozicemi klíčů (%<PRIu64> bajtů) je příliš malá, dostupný počet pozic klíčů LUKS2 je značně omezen.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Získání zámku pro čtení ze zařízení %s selhalo."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "V záloze %s byly zjištěny zakázané požadavky na LUKS2."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Počátek dat se liší mezi zařízením a zálohou, obnova se nezdařila."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Velikost binární hlavičky s oblastí pro pozice klíčů se liší mezi zařízením a zálohou, obnova se nezdařila."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Zařízení %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "neobsahuje hlavičku LUKS2. Nahrazení hlavičky může zničit data na daném zařízení."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "již obsahuje hlavičku LUKS2. Nahrazení hlavičky zničí existující pozice s klíči."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"POZOR: Ve skutečné hlavičce zařízení byly objeveny neznámé požadavky na LUKS2!\n"
"Nahrazení hlavičky zálohou může zničit data na zařízení!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"POZOR: Na zařízení bylo objeveno nedokončené offline přešifrování!\n"
"Nahrazení hlavičky zálohou může zničit data."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Neznámý příznak %s ignorován."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Chybí klíč pro dm-crypt část %u."
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Nastavení části dm-crypt selhalo."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Nastavení části dm-linear selhalo."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Nepodporovaná konfigurace integrity zařízení."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Probíhá přešifrování. Zařízení nelze deaktivovat."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Výměna pozastaveného zařízení %s za cíl dm-error selhala."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Čtení požadavků na LUKS2 selhalo."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Zjištěny nesplněné požadavky na LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Operace se neslučuje se zařízením označeným pro zastaralé přešifrování. Operace se ruší."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Operace se neslučuje se zařízením označeným pro přešifrování LUKS2. Operace se ruší."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Nedostatek paměti pro otevření pozice s klíčem."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Otevření pozice s klíčem selhalo."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Šifru %s-%s nelze použít pro pozici s klíčem."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Hašovací algoritmus %s není dostupný."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "Pro novou pozicí klíče není místo."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Požadována neplatná změna režimu odolnosti při přešifrování."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Druh odolnosti nelze zaktualizovat. Nový druh poskytuje pouze %<PRIu64> bajtů, požadovaná velikost je %<PRIu64> bajtů."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Ověřovací otisk přešifrování se nepodařilo obnovit."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Nelze zjistit stav zařízení s UUID: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Hlavičky s dodatečnými metadaty LUKSMETA nelze převést."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "LUKS2 neumožňuje použít šifru zadanou jako %s-%s."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Oblast s pozicemi klíčů nelze přesunout. Nedostatek místa."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Nelze převést do formátu LUKS2 – neplatná metadata."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Oblast s pozicemi klíčů nelze přesunout. Oblast s pozicemi klíčů LUKS2 je příliš malá."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Oblast s pozicemi klíčů nelze přesunout."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Nelze převést do formátu LUKS1 – výchozí velikost sektoru šifrování části není 512 bajtů."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Nelze převést do formátu LUKS1 – otisky v pozicích s klíči nejsou slučitelné s LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Nelze převést do formátu LUKS1 – zařízení používá šifru se zabaleným klíčem %s."
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Nelze převést do formátu LUKS1 – zařízení používá více částí."
+
# TODO: Pluralize
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Nelze převést do formátu LUKS1 – hlavička LUKS2 obsahuje %u token(ů)."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Nelze převést do formátu LUKS1 – pozice s klíče %u je v nesprávném stavu."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Nelze převést do formátu LUKS1 – pozice s klíčem %u (nad maximem pozic) je stále aktivní."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Nelze převést do formátu LUKS1 – pozice s klíče %u není slučitelná s LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Velikost horké zóny musí být násobek vypočteného zarovnání zóny (%zu bajtů)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Velikost zařízení musí být násobek vypočteného zarovnání zóny (%zu bajtů)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Nepodporovaný režim odolnosti %s"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Obálku pro starou část úložiště se nepodařilo inicializovat."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Obálku pro novou část úložiště se nepodařilo inicializovat."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Ochranu horké zóny se nepodařilo inicializovat."
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Kontrolní součty pro aktuální horkou zónu se nepodařilo přečíst."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Čtení oblasti s horkou zónou počínaje na %<PRIu64> selhalo."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Sektor %zu nebylo možné rozšifrovat."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Sektor %zu nebylo možné obnovit."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Velikosti zdrojového a cílového zařízení se neshodují. Zdroj %<PRIu64>, cíl %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Aktivace zařízení horké zóny %s selhala."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Aktivace překryvného zařízení %s se skutečnou tabulkou původu selhala."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Zavedení nového mapování pro zařízení %s selhalo."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Zásobník zařízení k přešifrování se nepodařilo obnovit."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Nastavení velikosti nové oblasti s pozicemi klíčů selhalo."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Hodnota posunu dat není zarovnána s velikostí šifrovaného sektoru (%<PRIu32> bajtů)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Nepodporovaný režim odolnosti %s"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Velikost přesunované oblasti nemůže být větší než hodnota posunu dat."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Neplatné parametry režimu odolnosti při přešifrování."
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Posun dat není zarovnán s požadovanou velikostí šifrovaného sektoru (%<PRIu32> bajtů)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Přesunovaná oblast je příliš velká. Požadovaná velikost %<PRIu64>, dostupné místo %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Vyprázdnění tabulky selhalo."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Zmenšená velikost dat je větší než velikost skutečného zařízení"
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Zařízení s daty není zarovnáno na
požadovanou velikost šifrovaného sektoru (%<PRIu32> bajtů)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Zařízení s daty není zarovnáno na velikost šifrovaného sektoru (%<PRIu32> bajtů)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Posun dat (%<PRIu64> sektorů) je menší než budoucí poloha dat (%<PRIu64> sektorů)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Zařízení %s nebylo možné otevřít ve výlučném režimu (již namapováno nebo připojeno)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Zařízení není označeno pro přešifrování LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Načtení kontextu přešifrování LUKS2 selhalo."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Stavu přešifrování se nepodařilo zjistit."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Zařízení se nepřešifrovává."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Proces přešifrování již běží."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Získání zámku pro přešifrování selhalo."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "V přešifrování nelze pokračovat. Spusťte nejprve obnovu přešifrování."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "Aktivní velikost zařízení a velikost požadovaná k přešifrování si neodpovídají."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "V parametrech přešifrování je požadována zakázaná velikost zařízení."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Probíhá přešifrování. Obnovu nelze provést."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "V metadatech je přešifrování LUKS2 již inicializováno."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Inicializace přešifrování LUKS2 v metadatech selhala."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Nastavení segmentů zařízení pro další horkou zónu přešifrování selhalo."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Metadata pro odolnost při přešifrování se nepodařilo zapsat."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Rozšifrování selhalo."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Zápis oblasti s horkou zónou počínaje na %<PRIu64> selhal."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Synchronizace dat selhala."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Po dokončení přešifrování aktuální horké zóny se nepodařilo aktualizovat metadata."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Zápis metadat LUKS2 selhal."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Vyčištění dat záložní části selhalo."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Vyčištění oblasti zařízení s nepoužívanými daty selhalo."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Přiřazení tokenu %d do pozice s klíčem %d selhalo."
+msgstr "Odstranění nepoužívané (nepřiřazené) pozice s klíčem %d selhalo."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Získání zámku pro přešifrování selhalo."
+msgstr "Odstranění pozice s klíčem přešifrování selhalo."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Nepřekonatelná chyba při přešifrování bloku na pozici %<PRIu64> dlouhého %<PRIu64> sektorů."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Přešifrování za běhu selhalo."
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Zařízení neprobouzejte, dokud jej ručně nenahradíte chybovým cílem."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "V přešifrování nelze pokračovat. Přešifrování se nachází v nečekaném stavu."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Chybějící nebo neplatný kontext přešifrování."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Zásobník zařízení k přešifrování se nepodařilo inicializovat."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Kontext přešifrování se nepodařilo aktualizovat."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "Pozice klíče %d je neplatná."
+msgstr "Metadata o přešifrování jsou neplatná."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Žádná volná pozice s tokenem"
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Parametry pro šifrování pozice s klíčem lze nastavit jen u zařízení LUKS2."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Vestavěný token %s nebylo možné vytvořit"
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Se vstupem mimo terminál nelze ověřit heslo."
+msgid "Enter token PIN: "
+msgstr "Zadejte PIN k tokenu: "
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Parametry pro šifrování pozice s klíčem lze nastavit jen u zařízení LUKS2."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Zadejte PIN k tokenu %d: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Nelze najít žádný známý vzorek se specifikaci šifry."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "POZOR: Jedná-li se o režim plain a je-li určen soubor s klíčem, parametr --hash se ignoruje.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "POZOR: Přepínač --keyfile-size se ignoruje, velikost pro čtení je stejná jako velikosti šifrovacího klíče.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Na %s byla nalezen vzorec zařízení. Pokračování může poškodit existující data."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "Operace zrušena.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Je vyžadován přepínač --key-file."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Zadejte PIM VeraCryptu: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Neplatná hodnota VIM: chyba rozboru"
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Neplatná hodnota PIM: 0"
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Neplatná hodnota PIM: mimo rozsah"
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "S tímto heslem není rozpoznatelná žádná hlavička zařízení."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Zařízení %s není platným zařízením BITLK."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Nelze určit velikost BITLK klíče svazku. Prosím, použijte přepínač --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n"
"Tento výpis by měl být vždy uložen na bezpečném místě a v zašifrované podobě."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Výpis hlavičky s klíčem svazku je citlivý údaj,\n"
+"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n"
+"Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Zařízení %s není platným zařízením FVAULT2."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Nelze určit velikost klíče svazku pro FVAULT2. Prosím, použijte přepínač --key-size."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
-msgstr "Zařízení %s je stále aktivní a naplánováno pro opožděné odstranění.\n"
+msgstr "Zařízení %s je stále aktivní a naplánováno pro odložené odstranění.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Změna velikosti aktivního zařízení vyžaduje klíč svazku v klíčence. Byl však použit přepínač --disable-keyring."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Hodnocení výkonu přerušeno."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s –\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iterací za sekundu pro %zubitový klíč\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s –\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iterací, %5u paměti, %1u souběžných vláken (procesorů) pro %zubitový klíč (požadován čas %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Výsledek hodnocení výkonu není spolehlivý."
# ???: are aproximated?
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Testy jsou počítány jen z práce s pamětí (žádné I/O úložiště).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*sAlgoritmus | Klíč | Šifrování | Dešifrování\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Šifra %s (s %ibitovým klíčem) není dostupná."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritmus | Klíč | Šifrování | Dešifrování\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "–"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Objevena nechráněná metadata o přešifrování LUKS2. Prosím, ověřte, že operace\n"
+"přešifrování je žádoucí (vizte výstup luksDump) a pokračujte (zvýšení verze\n"
+"metadat) pouze, když poznáte, že operace je chtěná."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Zadejte heslo pro obnovení přešifrování: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Zadejte heslo pro ochránění metadat o přešifrování a pro zvýšení jejich verze: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Opravdu pokračovat s obnovou přešifrování LUKS2?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Zadejte heslo pro obnovení přešifrování: "
+msgstr "Zadejte heslo pro ověření otisku metadat o přešifrování: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "Zadejte heslo pro obnovení přešifrování: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Opravdu se pokusit opravit hlavičku zařízení LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Výmaz přerušen."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Lze přerušit pomocí Ctrl+C (zbytek nesmazaného zařízení bude obsahovat\n"
"neplatné součty).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Dočasné zařízení %s nelze deaktivovat."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Volby integrity lze použít jen při formátu LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Nepodporované volby velikosti metadat LUKS2."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Soubor s hlavičkou neexistuje. Chcete jej vytvořit?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Soubor s hlavičkou %s nelze vytvořit."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Nelze najít žádný známý vzorek se specifikací integrity."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "%s nelze použít pro hlavičku uvnitř disku."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Toto nevratně přepíše data na %s."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Nastavení parametrů PBKDF selhalo."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Zmenšená poloha dat je dovolena jen u oddělené hlavičky LUKS."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Souborový kontejner LUKS %s je na aktivaci příliš malý. Nezbývá žádné místo pro data."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Bez pozic pro klíče nelze určit velikost LUKS klíče svazku. Prosím, použijte přepínač --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Zařízení aktivováno, ale příznaky nelze učinit trvalými."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Ke smazání vybrán klíč na pozici %d."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr ""
"Toto je poslední pozice klíče. Smazáním tohoto klíče přijdete o možnost\n"
"zařízení použít."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Zadejte jakékoliv jiné heslo: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operace zrušena, pozice klíče NEBYLA vymazána.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Zadejte heslo, které se má smazat: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Zařízení %s není platným zařízením LUKS2."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Zadejte nové heslo pro pozici klíče: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "POZOR: Parametr --key-slot se použije pro číslo nové pozice klíče.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Zadejte jakékoliv existující heslo: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Zadejte heslo, které má být změněno: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Zadejte nové heslo: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Zadejte heslo pro pozici klíče, který má být převeden: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "U operace isLuks je podporován pouze jeden argument se zařízením."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Výpis hlavičky s klíčem svazku je citlivý údaj,\n"
-"který umožňuje přístup k šifrovanému oddílu bez znalosti hesla.\n"
-"Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Pozice klíče %d neobsahuje nepřiřazený klíč."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Výpis hlavičky s nepřiřazeným klíčem je citlivý údaj.\n"
"Tento výpis by měl být uložen na bezpečném místě a v zašifrované podobě."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s není název aktivního zařízení %s."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s není název aktivního zařízení LUKS nebo mu chybí hlavička."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "Je vyžadován přepínač --header-backup-file."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s není zařízení spravované nástrojem cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Reaktivace není na zařízení typu %s podporována"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Nerozpoznaná metadata druhu zařízení %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "Příkaz vyžaduje jako argumenty zařízení a mapovaný název."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Tento úkon smaže všechny pozice s klíči na zařízení %s.\n"
"Po jeho dokončení zařízení bude nepoužitelné."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operace zrušena, pozice s klíči NEBYLY smazány.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Neplatný druh formátu LUKS. Podporován je pouze LUKS1 a LUKS2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Zařízení je již druhu %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Tato operace převede formát %s na %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operace zrušena, zařízení NEBYLO převedeno.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Chybí přepínač --priority, --label nebo --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "Token %d je neplatný."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "Token %d se používá."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Přidání tokenu %d klíčenky LUKS2 selhalo."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Přiřazení tokenu %d do pozice s klíčem %d selhalo."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "Token %d se nepoužívá."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "Import tokenu ze souboru selhal."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "Získání tokenu %d za účelem exportu selhalo."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Parametr --key-description je při přidávání tokenu povinný."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Akce vyžaduje určitý token. Použijte parametr --token-id."
-
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "Neplatná operace tokenu %s."
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Token %d není přiřazen pozici s klíčem %d."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Automaticky nalezené aktivní zařízení DM „%s“ pro datové zařízení %s.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Zrušení přiřazení tokenu %d k pozici s klíčem %d selhalo."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Zařízení %s není blokovým zařízením.\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Přepínač --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován jen u zařízení TCRYPT."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Držitele zařízení %s nebylo možné automaticky nalézt."
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Přepínače --veracrypt a --disable-veracrypt jsou podporovány jen u typu zařízení TCRYPT."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Nelze rozhodnout, jestli zařízení %s je nebo není aktivováno.\n"
-"Jste si jisti, že si přejete pokračovat v přešifrování v režimu offline?\n"
-"To může vést k poškození dat, bylo-li zařízení ve skutečnosti aktivováno.\n"
-"Pro přešifrování za běhu použijte parametr --active-name.\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Přepínač --veracrypt-pim je podporován jen u zařízení kompatibilním s VeraCrypt."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Neplatný druh zařízení LUKS."
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Přepínač --veracrypt-query-pim je podporován jen u zařízení kompatibilním s VeraCrypt."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "Přešifrování bez oddělené hlavičky (--header) není možné bez zmenšení velikosti datového zařízení (--reduce-device-size)."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Přepínače --veracrypt-pim a --veracrypt-query-pim se vzájemně vylučují."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Požadovaný počátek dat musí být menší nebo roven polovině parametru --reduce-device-size"
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Přepínač --persistent není dovolen současně s --test-passphrase."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Upravuje se hodnota --reduce-device-size na dvojnásobek --offset %<PRIu64> (v sektorech).\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Přepínače --refresh a --test-passphrase se vzájemně vylučují."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Šifrování je podporováno jen s formátem LUKS2."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Přepínač --shared je dovolen jen při úkonu otevírání zařízení plain."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Na %s zjištěno zařízeno LUKS. Přejete si toto zařízení LUKS znovu zašifrovat?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Přepínač --skip je podporován jen při otevírání zařízení plain a loopaes."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Dočasný soubor s hlavičkou %s již existuje. Operace se ruší."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Při otevírání je přepínač --offset podporován jen u zařízení plain a loopaes."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Dočasný soubor s hlavičkou %s nelze vytvořit."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Přepínač --tcrypt-hidden nelze použít s přepínačem --allow-discards."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s je nyní aktivní a připraveno pro přešifrování za běhu.\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Otevírání s přepínačem velikosti sektoru je podporován jen u zařízení plain."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "Dešifrování LUKS2 je podporováno jen u zařízení s oddělenou hlavičkou."
+# FIXME: "Large IV sectors" should read "IV large sectors".
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Volba inicializačního vektoru s velkými sektory je podporována jen při otevírání zařízení typu plain s velikostí sektoru větší než 512 bajtů."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Nedostatek pozic s klíči pro přešifrování."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS, TCRYPT, BITLK a FVAULT2."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Soubor s klíčem lze použít jen s přepínačem --key-slot nebo s právě jednou aktivní pozicí klíče."
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Přepínače --device-size a --size nelze kombinovat."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Zadejte heslo pro pozici klíče %d: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Přepínač --unbound je dovolen jen při otevírání zařízení LUKS."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Zadejte heslo pro pozici klíče %u: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Přepínač --unbound není dovolen současně s --test-passphrase."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Přepíná se algoritmus šifrování dat na %s.\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Přepínače --cancel-deferred a --deferred se vzájemně vylučují."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Příkaz vyžaduje jako argument zařízení."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Přepínače --reduce-device-size a --data-size nelze kombinovat."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Nyní je podporován pouze formát LUKS2. Pro LUKS1, prosím, použijte nástroj cryptsetup-reencrypt."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Přepínač --active-name lze použít jen u zařízení LUKS2."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Zastaralé offline přešifrování již probíhá. Použijte nástroj cryptsetup-reencrypt."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Přepínače --active-name a --force-offline-reencrypt nelze kombinovat."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Přešifrování zařízení s profilem integrity není podporováno."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "Je nutné určit pozici s klíčem."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Přešifrování LUKS2 je již inicializováno. Operace se ruší."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Přepínače --align-payload a --offset nelze kombinovat."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "Zařízení LUKS2 se nepřešifrovává."
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Přepínač --integrity-no-wipe smí být použit jen při formátování s rozšířením integrity."
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<zařízení> [--type <druh>] [<název>]"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Je dovolen pouze jeden z přepínačů --use-[u]random."
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "otevře zařízení jako <název>"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "Přepínač --unbound vyžaduje velikost klíče."
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<název>"
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Neplatná operace tokenu."
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Parametr --key-description je při přidávání tokenu povinný."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Akce vyžaduje určitý token. Použijte parametr --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Přepínač --unbound lze použít pouze s akcí přidání."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Přepínače --key-slot a --unbound nelze kombinovat."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Akce vyžaduje určitou pozici klíče. Použijte parametr --key-slot."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<zařízení> [--type <druh>] [<název>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "otevře zařízení jako <název>"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<název>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "zavře zařízení (odstraní mapování)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr "změní velikost aktivního zařízení"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "zobrazí stav zařízení"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <šifra>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "zhodnotí výkon šifry"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<zařízení>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "pokusí se opravit metadata uložená na disku"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "přešifruje zařízení LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "smaže všechny pozice s klíči (odstraní šifrovací klíč)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "převede formát LUKS do/z formátu LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "nastaví trvalé volby konfigurace pro LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<zařízení> [<soubor_s_novým_klíčem>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "naformátuje zařízení LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "do zařízení LUKS přidá klíč"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<zařízení> [<soubor_s_klíčem>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "odstraní zadaný klíč nebo soubor s klíčem ze zařízení LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "změní zadaný klíč nebo soubor s klíčem u zařízení LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "převede klíč do nových parametrů PBKDF"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<zařízení> <pozice_klíče>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "smaže klíč s číslem <pozice_klíče> ze zařízení LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "zobrazí UUID zařízení LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "otestuje <zařízení> na hlavičku oddílu LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "vypíše údaje o oddílu LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "vypíše údaje o oddílu TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "vypíše údaje o zařízení BITLK"
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "vypíše údaje o zařízení FVAULT2"
+
# TODO: not consistent with previous line
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Uspí zařízení LUKS a smaže klíč (všechny operace budou zmrazeny)"
# TODO: not consistent with previous line
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "Probudí uspané zařízení LUKS"
# TODO: not consistent with previous line
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Zálohuje hlavičku zařízení LUKS a jeho pozice s klíči"
# TODO: not consistent with previous line
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Obnoví hlavičku zařízení LUKS a jeho pozice s klíči"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <zařízení>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "Zachází s tokeny LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<akce> je jedna z:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Rovněž lze použít aliasy se starým zápisem <akce>:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<pozice_klíče> je číslo pozice klíče LUKS, který se má upravit\n"
"<soubor_s_klíčem> je volitelný soubor s novým klíčem pro akci luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Výchozí zakompilovaný formát metadat (pro akci luksFormat) je %s.\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Podpora pro zásuvný modul externího tokenu LUKS2 je %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "zakompilována"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Cesta k zásuvnému modulu externího tokenu LUKS2: %s.\n"
+
+# Support is %s
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "vypnuta"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"Výchozí PBKDF pro LUKS2: %s\n"
"\tDoba iterací: %d, nutná paměť: %d kB, souběžná vlákna: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, Klíč: %d bitů, Haš hesla: %s\n"
"\tLUKS: %s, Klíč: %d bitů, Haš hlavičky LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: V režimu XTS (dva vnitřní klíče) bude výchozí velikost klíče zdvojnásobena.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: vyžaduje %s jako argumenty"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Pozice klíče není platná."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Velikost zařízení musí být násobkem 512bajtových sektorů."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Zadána neplatná maximální velikost horké zóny při přešifrování."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Velikost klíče musí být násobkem 8 bitů."
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Maximální velikost zmenšení zařízení je 1 GiB."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Velikost zmenšení musí být násobkem 512bajtových sektorů."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Přepínač --priority smí mít pouze argument ignore, normal a prefer."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Zobrazí tuto nápovědu"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Zobrazí stručný návod na použití"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Vypíše verzi balíku"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Přepínače nápovědy:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Zobrazuje podrobnější chybové hlášky"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Zobrazuje ladicí hlášky"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Zobrazuje ladicí hlášky včetně metadat JSON"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Šifra použita k zašifrování disku (vizte /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Haš použit k vytvoření šifrovacího klíče z hesla"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Ověřuje heslo dvojitým dotazem"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Klíč načte ze souboru"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "(Hlavní) klíč svazku načte ze souboru."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Vypíše (hlavní) klíč svazku namísto údajů o pozicích klíčů"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Velikost šifrovacího klíče"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITY"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Omezí čtení ze souboru s klíčem"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "bajty"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Přeskočí daný počet bajtů na začátku souboru s klíčem"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Omezí čtení z nově přidaného souboru s klíčem"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Přeskočí daný počet bajtů na začátku nově přidaného souboru s klíčem"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Číslo pozice pro nový klíč (výchozí je první volná)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Velikost zařízení"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTORY"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Použije zadanou velikost zařízení (ignoruje zbytek zařízení). NEBEZPEČNÉ!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Poloha začátku dat v podkladovém zařízení"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Kolik sektorů šifrovaných dat se má na začátku přeskočit"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Vytvoří mapování určené jen pro čtení"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Nevyžaduje potvrzení"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Časový limit pro interaktivní dotaz na heslo (v sekundách)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "sekundy"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Aktualizace ukazatele postupu (v sekundách)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Kolikrát se lze zeptat na heslo"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Zarovnává data na hranici <n> sektorů – pro luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Soubor se zálohou hlavičky LUKS a pozic s klíči"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Pro vytvoření klíče svazku použije /dev/random"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Pro vytvoření klíče svazku použije /dev/urandom"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Zařízení sdílí s jiným nepřekrývajícím se šifrovaným segmentem"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "Použije zařízení s UUID"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Povolí u daného zařízení požadavky na zahození (TRIM)"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Zařízení nebo soubor s oddělenou hlavičkou LUKS"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Zařízení neaktivuje, jen zkontroluje heslo"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Použije se skrytá hlavička (skryté zařízení TCRYPT)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Zařízení je systémová jednotka TCRYPT (se zavaděčem)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Použije se záložní (druhá) hlavička TCRYPT"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Hledá také zařízení kompatibilní s VeraCrypt"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Osobní iterační činitel (PIM) pro zařízení kompatibilní s VeraCrypt"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Zeptá se na Osobní iterační činitel pro zařízení kompatibilní s VeraCrypt"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Druh metadat zařízení: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Vypne kontrolku odolnosti hesla (byla-li zapnuta)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu same_cpu_crypt"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu submit_from_crypt_cpus"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Přeskočit pracovní frontu dm-cryptu a zpracovávat požadavky na čtení synchronně"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Přeskočit pracovní frontu dm-cryptu a zpracovávat požadavky na zápis synchronně"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Odstranění zařízení se odloží, dokud jej poslední uživatel neuzavře"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Pro serializaci paměti těžkého PBKDF použije globální zámek (obezlička při nedostatku paměti)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Doba opakování PBKDF pro LUKS (v ms)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "milisekundy"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Algoritmus PBKDF (pro LUKS2): argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "omezení paměťové náročnosti PBKDF"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "kilobajty"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "náročnost paralelizace PBKDF"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "vlákna"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "náročnost iterací PBKDF (vynuceno, vypne test složitosti)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Priorita pozice klíče: ignore [ignorovat], normal [normální], prefer [upřednostnit]"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Vypne zamykání metadata uložených na disku"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Vypne načítání klíčů svazků přes jadernou klíčenku"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Algoritmus pro integritu dat (pouze LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Vypne žurnál pro zařízení s integritou"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Po formátu nevymazat zařízení"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Použije neefektivní zastaralé vyplňování (stará jádra)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Neptá se na heslo, když aktivace tokenem selže"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Číslo tokenu (výchozí cokoliv)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Popis klíče"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Velikost sektoru šifrování (výchozí: 512 bajtů)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Inicializační vektor počítá ve velikostech sektoru (nikoliv po 512 bajtech)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Nastaví trvalé příznaky pro aktivaci zařízení"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Nastaví jmenovku zařízení LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Nastaví jmenovku podsystému zařízení LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Vytvoří nebo vypíše nepřiřazenou (žádný datový segment nepřiřazen) LUKS2 pozici s klíčem"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Načte nebo zapíše JSON z nebo do souboru"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Velikost oblasti s metadaty hlavičky LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Velikost oblasti s pozicemi klíčů hlavičky LUKS"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Reaktivuje zařízení s novými parametry"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Pozice s klíčem LUKS2: Velikost šifrovacího klíče"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Pozice s klíčem LUKS2: Šifra použitá pro šifrování pozice s klíčem"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Zašifruje zařízení LUKS2 (šifrování bez mezikopie)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Natrvalo dešifruje zařízení LUKS2 (odstraní šifrování)."
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Inicializuje přešifrování LUKS2 pouze v metadatech."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Pouze dokončí již inicializované přešifrování LUKS2."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Zmenší velikost datového zařízení (posune začátek dat). NEBEZPEČNÉ!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Maximální velikost horké zóny při přešifrování."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Druh odolnosti horké zóny při přešifrování (checksum [kontrolní součet], journal [žurnál], none [žádná])"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Algoritmus kontrolního součtu při přešifrování"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Přebije automatické hledání zařízení DM pro přešifrování"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[PŘEPÍNAČ…] <akce> <přepínače_akce>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Chybí argument <akce>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Neznámá akce."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Přepínače --refresh a --test-passphrase se vzájemně vylučují."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Přepínač --deferred je dovolen jen při příkazu zavření."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Přepínač --shared je dovolen jen při úkonu otevírání zařízení plain."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Přepínač --allow-discards je dovolen jen při úkonu otevírání."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Přepínač --persistent je dovolen jen při úkonu otevírání."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Přepínač --serialize-memory-hard-pbkdf je dovolen jen při úkonu otevírání."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Přepínač --persistent není dovolen současně s --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Přepínač --key-size je dovolen jen pro akce luksFormat, luksAddKey,\n"
-"open a benchmark. Čtení ze souboru s klíčem lze omezit\n"
-"pomocí --keyfile-size=(bajty)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Přepínač --integrity je dovolen pouze u luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Přepínač --integrity-no-wipe smí být použit jen při formátování s rozšířením integrity."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Přepínače --label a --subsystem jsou dovoleny jen při úkonech luksFormat a config s LUKS2."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Přepínač --test-passphrase je dovolen pouze při otevírání zařízení LUKS, TCRYPT a BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Velikost klíče musí být násobkem 8 bitů."
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Pozice klíče není platná."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Přepínač --key-file má přednost před zadaným argumentem souboru s klíčem."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "U přepínače není záporné číslo dovoleno."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Je dovolen pouze jeden argument přepínače --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Je dovolen pouze jeden z přepínačů --use-[u]random."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Přepínač --use-[u]random je dovolen pouze u luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Přepínač --uuid je dovolen pouze u luksFormat a luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Přepínač --align-payload je dovolen pouze u luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Přepínače --luks2-metadata-size a --opt-luks2-keyslots-size jsou dovoleny jen při úkonu luksFormat s LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Zadána neplatná velikost metadat LUKS2."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Zadána neplatná velikost pozic s klíči LUKS2."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Přepínače --align-payload a --offset nelze kombinovat."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Přepínač --skip je podporován jen při otevírání zařízení plain a loopaes."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Přepínač --offset je podporován jen při otevírání zařízení plain a loopaes a při úkonu luksFormat a přešifrování."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Přepínač --tcrypt-hidden, --tcrypt-system nebo --tcrypt-backup je podporován jen u zařízení TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Přepínač --tcrypt-hidden nelze použít s přepínačem --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Přepínač --veracrypt je podporován jen u typu zařízení TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Zadán neplatný argument parametru --veracrypt-pim."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Přepínač --veracrypt-pim je podporován jen u zařízení kompatibilním s VeraCrypt."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Přepínač --veracrypt-query-pim je podporován jen u zařízení kompatibilním s VeraCrypt."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Přepínače --veracrypt-pim a --veracrypt-query-pim se vzájemně vylučují."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Přepínač --priority smí mít pouze argument ignore, normal a prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Je nutné určit pozici s klíčem."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "Funkce pro odvození klíče na základě hesla (PBKDF) smí být pouze pbkdf2 nebo argon2i/argon2id."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Vynucené iterace PBKDF nelze kombinovat s volnou doby iterací."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Tento příkaz nepodporuje volbu velikosti sektoru."
-
-# FIXME: "Large IV sectors" should read "IV large sectors".
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Volba inicializačního vektoru s velkými sektory je podporována jen při otevírání zařízení typu plain s velikostí sektoru větší než 512 bajtů."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Přepínač --unbound vyžaduje velikost klíče."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Přepínač --unbound lze použít pouze s akcemi luksAddKey nebo luksDump."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Přepínače --keyslot-cipher a --keyslot-key-size musí být použity spolu."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Přepínač --refresh lze použít pouze s úkonem otevření."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Žádný úkon nebude proveden. Zavoláno s přepínačem --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Zamykání metadata nelze vypnout."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Zadána neplatná maximální velikost horké zóny při přešifrování."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Zadána neplatná velikost zařízení."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Maximální velikost zmenšení zařízení je 1 GiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Velikost zmenšení musí být násobkem 512bajtových sektorů."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Zadána neplatná velikost dat."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Velikost ke zmenšení přetekla."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "Dešifrování LUKS2 vyžaduje přepínač --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Velikost zařízení musí být násobkem 512bajtových sektorů."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Přepínače --reduce-device-size a --data-size nelze kombinovat."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Přepínače --device-size a --size nelze kombinovat."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Přepínače --keyslot-cipher a --keyslot-key-size musí být použity spolu."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Zadán neplatný řetězec se solí."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Nelze vytvořit obraz hašů %s určený k zápisu."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Nelze vytvořit obraz FEC %s určený k zápisu."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Nelze vytvořit soubor %s s kořenovým hašem určený k zápisu."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Do souboru %s s kořenovým hašem nelze zapsat."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Zařízení %s není platným zařízením VERITY."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Soubor %s s kořenovým hašem nelze vytvořit."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Neplatný soubor %s s kořenovým hašem."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Zadán neplatný řetězec s kořenovým hašem."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Neplatné soubor s podpisem %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Soubor s podpisem %s nelze číst."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Příkaz vyžaduje argument <kořenový_haš> nebo přepínač --root-hash-file."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<zařízení_dat> <zařízení_hašů>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "naformátuje zařízení"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<zařízení_dat> <zařízení_hašů> <kořenový_haš>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<zařízení_dat> <zařízení_hašů> [<kořenový_haš>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "ověří zařízení"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<zařízení_dat> <název> <zařízení_hašů> <kořenový_haš>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<zařízení_dat> <název> <zařízení_hašů> [<kořenový_haš>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "zobrazí stav aktivního zařízení"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<zařízení_hašů>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "zobrazí údaje z disku"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<zařízení_hašů> je zařízení obsahující ověřovací data\n"
"<kořenový_haš> haš kořenového uzlu na <zařízení_hašů>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Výchozí zakompilované parametry dm-verity:\n"
"\tHaš: %s, Datový blok (bajty): %u, Blok hašů (bajty): %u, Velikost soli: %u, Formát haše: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Nepoužije superblok verity"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Druh formátu (1 – běžný, 0 – původní z OS Chrome)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "číslo"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Velikost bloku na zařízení dat"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Přepínače --ignore-corruption a --restart-on-corruption nelze použít najednou."
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Velikost bloku na zařízení hašů"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Přepínač --panic-on-corruption a --restart-on-corruption nelze použít najednou."
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "Paritní bajty FEC"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Toto nevratně přepíše data na %s a %s.\n"
+"Pro zachování datového zařízení použije přepínač --no-wipe (a pak jej\n"
+"aktivujte pomocí --integrity-recalculate)."
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Počet bloků v datovém souboru"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Formátováno s velikostí značky %u, vnitřní integrita %s.\n"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "bloky"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Nastavení příznaku přepočtu není podporováno, místo toho zvažte použití --wipe."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Cesta k zařízení s daty pro opravu chyb"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Zařízení %s není platným zařízením INTEGRITY."
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "cesta"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<zařízení_s_daty_integrity>"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Poloha začátku dat v zařízení hašů"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<zařízení_s_daty_integrity> <název>"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Poloha začátku dat v zařízení FEC"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<název> je zařízení, které bude vytvořeno pod %s\n"
+"<zařízení_s_daty_integrity> je zařízení obsahující data se značkami integrity\n"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Hašovací algoritmus"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Výchozí zakompilované parametry dm-integrity:\n"
+"\tAlgoritmus kontrolního součtu: %s\n"
+"\tMaximální velikost souboru s klíčem: %d kB\n"
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "řetězec"
+# TODO: Pluralize
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Neplatná velikost --%s. Maximální je %u bajtů."
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Sůl"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Musí být zadány oba přepínače pro soubor s klíčem a velikostí klíče."
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "šestnáctkový řetězec"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Musí být zadány oba přepínače pro soubor s klíčem žurnálu a velikostí klíče."
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Je-li použit klíč integrity žurnálu, musí být zadán algoritmus integrity žurnálu."
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Cesta k souboru s podpisem kořenového otisku"
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Musí být zadány oba přepínače pro soubor s šifrovacím klíčem žurnálu a velikostí klíče."
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Restartuje jádro, pokud je zjištěno poškození"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Je-li použit šifrovací klíč žurnálu, musí být zadán algoritmus šifrování žurnálu."
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Jádro zpanikaří, pokud je zjištěno poškození"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Přepínače režimu bitmapy a obnovení se vzájemně vylučují."
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Přepínače žurnálu nelze použití spolu s režimem bitmapy."
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ignoruje poškození, pouze jej zaznamená"
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Přepínače bitmapy lze použít jen při režimu bitmapy."
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Neověřuje vynulované bloky"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"POZOR!\n"
+"======\n"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Ověří datový blok pouze při prvním čtení"
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Jste si jisti? (Napište „yes“ velkými písmeny): "
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Přepínače --ignore-corruption, --restart-on-corruption nebo --ignore-zero-blocks jsou dovoleny jen při úkonu otevírání."
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Chyba při čtení odpovědi z terminálu."
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Přepínač --root-hash-signature smí být použit jen při otevírání."
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Příkaz úspěšně vykonán."
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Přepínače --ignore-corruption a --restart-on-corruption nelze použít najednou."
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "špatné nebo chybějící parametry"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Přepínač --panic-on-corruption a --restart-on-corruption nelze použít najednou."
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "žádné oprávnění nebo chybné heslo"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "nedostatek paměti"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "zadáno špatné zařízení nebo soubor"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "zařízení již existuje nebo zařízení je zaneprázdněno"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "neznámá chyba"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Příkaz selhal s kódem %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Pozice klíče %i vytvořena."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Pozice klíče %i odemknuta."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Pozice klíče %i odemknuta."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Token %i vytvořen."
-#: src/integritysetup.c:85
+#: src/utils_tools.c:271
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Neplatná velikost klíče. Maximální je %u bajtů."
+msgid "Token %i removed."
+msgstr "Token %i se odstraněn."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Tímto PIN nebylo možné odemknou žádný token."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Token %i vyžaduje PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Token (druh %s) vyžaduje PIN."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token %i nedokáže odemknout přiřazené pozice s klíči (chybné heslo pozice)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token (druh %s) nedokáže odemknout přiřazené pozice s klíči (chybné heslo pozice)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Token %i vyžaduje dodatečné chybějící zdroje."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Token (druh %s) vyžaduje dodatečné chybějící zdroje."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "Žádný token (druhu %s) není dostupný."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Není dostupný žádný použitelný token."
+
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Soubor s klíčem %s nelze číst."
# FIXME: Pluralize
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/utils_tools.c:398
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Ze souboru s klíčem %2$s nelze přečíst %1$d bajtů."
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Formátováno s velikostí značky %u, vnitřní integrita %s.\n"
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Soubor s klíčem %s nelze otevřít pro zápis."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Do souboru s klíčem %s nelze zapsat."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64> m %02<PRIu64> s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64> h %02<PRIu64> m %02<PRIu64> s"
+
+# TODO: Pluralize
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> dnů"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "zapsáno %4<PRIu64> %s"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "rychlost %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Průběh: %5.1f %%, zbývá %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Dokončeno, čas %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Odolnost hesla nelze prověřit: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Kontrola odolnosti hesla selhala:\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Kontrola odolnosti hesla selhala: Špatné heslo (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "Chyba při čtení hesla z terminálu."
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "Ověřte heslo: "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "Hesla se neshodují."
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "Ve vstupu z terminálu nelze měnit polohu."
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Zadejte heslo: "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Zadejte heslo pro %s: "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "S tímto heslem není dostupný žádný klíč."
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "Nejsou dostupné žádné použitelné pozice s klíči."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Se vstupem mimo terminál nelze ověřit heslo."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Soubor %s se nepodařilo otevřít pouze pro čtení."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Poskytněte JSON s platným tokenem LUKS2:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Soubor s dokumentem JSON se nepodařilo přečíst."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Čtení přerušeno."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Otevření souboru %s pro zápis selhalo."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Zápis přerušen."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Zapsaní souboru s dokumentem JSON selhalo."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Automaticky nalezené aktivní zařízení DM „%s“ pro datové zařízení %s.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Držitele zařízení %s nebylo možné automaticky nalézt."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Zařízení %s není blokovým zařízením.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Nelze rozhodnout, jestli zařízení %s je nebo není aktivováno.\n"
+"Jste si jisti, že si přejete pokračovat v přešifrování v režimu offline?\n"
+"To může vést k poškození dat, bylo-li zařízení ve skutečnosti aktivováno.\n"
+"Pro přešifrování za běhu použijte parametr --active-name.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Zařízení %s není blokovým zařízením. Nelze určit, jestli je\n"
+"aktivní, nebo ne. Pro obejití kontroly a spuštění v režimu offline\n"
+"(nebezpečné!) použijte --force-offline-reencrypt."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Na současnou operaci přešifrování nelze použít požadovaný přepínač --resilience."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Zařízení není ve stavu přešifrování LUKS2. Neslučitelný přepínač --encrypt."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Zařízení není ve stavu dešifrování LUKS2. Neslučitelný přepínač --decrypt."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Zařízení je ve stavu přešifrování pomocí odolnosti posunu dat. Požadovaný přepínač --resilience nelze použít."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Zařízení vyžaduje obnovu přešifrování. Spusťte nejprve opravu."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Zařízení %s je již ve stavu přešifrování LUKS2. Přejete si dokončit dříve zahájenou operaci?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Zastaralé přešifrování LUKS2 již není podporováno."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Přešifrování zařízení s profilem integrity není podporováno."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Požadovaný --sector-size %<PRIu32> není slučitelný se superblokem %s\n"
+"(velikost bloku %<PRIu32> bajtů) nalezeném na zařízení %s."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Přešifrování bez oddělené hlavičky (--header) není možné bez zmenšení velikosti datového zařízení (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Požadovaný počátek dat musí být menší nebo roven polovině parametru --reduce-device-size"
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Upravuje se hodnota --reduce-device-size na dvojnásobek --offset %<PRIu64> (v sektorech).\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Dočasný soubor s hlavičkou %s již existuje. Operace se ruší."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Dočasný soubor s hlavičkou %s nelze vytvořit."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Velikost metadat LUKS2 je větší než hodnota posunu dat."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Umístění nové hlavičky na začátek zařízení %s selhalo."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s je nyní aktivní a připraveno pro přešifrování za běhu.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Aktivní zařízení %s není LUKS2."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Obnovuje se původní hlavička LUKS2."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Obnovení původní hlavičky LUKS2 selhalo."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Soubor s hlavičkou %s neexistuje. Přejete si zahájit dešifrování LUKS2 zařízení %s a export hlavičku LUKS2 do souboru %s?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Přidání práv na čtení/zápis souboru s hlavičkou selhalo."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Inicializace přešifrování selhala. Záloha hlavičky je dostupná v %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Dešifrování LUKS2 je podporováno jen u zařízení s oddělenou hlavičkou (počátek dat na 0)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Nedostatek pozic s klíči pro přešifrování."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Soubor s klíčem lze použít jen s přepínačem --key-slot nebo s právě jednou aktivní pozicí klíče."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Zadejte heslo pro pozici klíče %d: "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Zadejte heslo pro pozici klíče %u: "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Přepíná se algoritmus šifrování dat na %s.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Žádné parametry oblasti s daty nebyly změněny. Přešifrování zrušeno."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Zvětšení velikosti šifrovaného sektoru na zařízení v režimu offline není\n"
+"podporováno. Nejprve zařízení aktivujte, nebo použijte přepínač\n"
+"--force-offline-reencrypt (nebezpečné!)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Přešifrování přerušeno."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Dokončuje se přešifrování LUKS ve vynuceném režimu offline.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Zařízení %s obsahuje porušená metadata LUKS. Operace se ruší."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Zařízení %s je již zařízením LUKS. Operace se ruší."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Zařízení %s je již ve stavu přešifrování LUKS. Operace se ruší."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "Dešifrování LUKS2 vyžaduje přepínač --header."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "Příkaz vyžaduje jako argument zařízení."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Neslučitelné verze. Zařízení %s je LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Neslučitelné verze. Zařízení %s je ve stavu přešifrování LUKS1."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Neslučitelné verze. Zařízení %s je LUKS2."
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Neslučitelné verze. Zařízení %s je ve stavu přešifrování LUKS2."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Přešifrování LUKS2 je již inicializováno. Operace se ruší."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Neprobíhá žádné přešifrování zařízení."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Zařízení %s nelze výlučně otevřít. Zařízení se používá."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Alokace zarovnané paměti se nezdařila."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Ze zařízení %s nelze číst."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "LUKS1 zařízení %s se označuje za nepoužitelné."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Zařízení %s není možné zapsat."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Nelze zapsat soubor s protokolem přešifrování."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Soubor s protokolem přešifrování nelze načíst."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Chybný formát protokolu."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Soubor s protokolem %s existuje, pokračuje se v přerušeném přešifrování.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Aktivuje se dočasné zařízení za pomoci staré hlavičky LUKS."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Aktivuje se dočasné zařízení za pomoci nové hlavičky LUKS."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Aktivace dočasných zařízení selhala."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Nastavení polohy dat selhalo."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Nastavení velikosti metadat selhalo."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Byla vytvořena nová hlavička LUKS zařízení %s."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Záloha hlavičky %s zařízení %s byla vytvořena."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Záložní hlavičky LUKS se nepodařilo vytvořit."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Hlavičku %s na zařízení %s nelze obnovit."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Hlavička %s na zařízení %s byla obnovena."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Nelze otevřít dočasné zařízení LUKS."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Velikost zařízení nelze zjistit."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "Chyba vstupu/výstupu během přešifrování."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Poskytnuté UUID není platné."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Nelze otevřít soubor s protokolem přešifrování."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Žádné dešifrování není rozpracované. Poskytnuté UUID lze použít jen k dokončení pozastaveného procesu dešifrování."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Přešifrování změní: %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "klíč svazku"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "nastaví haš na "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", nastaví šifru na "
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "POZOR: Zařízení %s již obsahuje vzorec oddílu „%s“.\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "POZOR: Zařízení %s již obsahuje vzorec superbloku „%s“.\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Sondu vzorců zařízení se nepodařilo inicializovat."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "O zařízení %s nebylo možné zjistit údaje."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Soubor %s nebylo možné otevřít pro čtení i zápis."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Existující vzorec oddílu „%s“ na zařízení %s bude vymazán."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Existující vzorec superbloku „%s“ na zařízení %s bude vymazán."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Odstranění vzorce ze zařízení selhalo."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Otestování zařízení %s na vzorce selhalo."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Zadána neplatná velikost v parametru --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Přepínač --%s není dovolen s akcí %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Zapsaní dokumentu JSON pro token SSH selhalo."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Pokusný modul do cryptsetupu pro odemykání zařízení LUKS2 pomocí tokenu připojeného k serveru SSH\vV současnosti tento modul umožňuje pouze přidání tokenu k existující pozici s klíčem.\n"
+"\n"
+"Zadaný SSH server musí obsahovat na zadané cestě soubor s heslem pro existující pozici klíče v zařízení.\n"
+"Zadané přihlašovací údaje použije cryptsetup pro získání hesla, až bude otevírat zařízení pomocí tokenu.\n"
+"\n"
+"Poznámka: Údaje poskytnuté při přidávání tokenu (adresa SSH serveru, uživatel a cesta) budou uloženy do hlavičky LUKS2 v nešifrované podobě."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<akce> <zařízení>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Přepínače pro akci „add“:"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "IP adresa / URL vzdáleného serveru pro tento token"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Uživatelské jméno ke vzdálenému serveru"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Cesta k souboru s klíčem na vzdáleném serveru"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Cesta ke klíči SSH pro připojení ke vzdálenému serveru"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Pozice klíče, ke které se má přiřadit token. Nebude-li určeno, token bude přiřazen k první pozici odpovídající poskytnutému heslu."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Obecné přepínače:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Zobrazuje podrobnější chybové hlášky"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Zobrazuje ladicí hlášky"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Zobrazuje ladicí hlášky včetně metadat JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Otevření a import soukromého klíče selhalo:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Import soukromého klíče selhal (chráněný heslem?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Heslo pro %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Rozbor argumentů selhal.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Je třeba zadat akci\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Pro akci „%s“ je třeba zadat zařízení.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Pro akci „%s“ je třeba zadat SSH server.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Pro akci „%s“ je třeba zadat uživatele SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Pro akci „%s“ je třeba zadat SSH cestu.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Pro akci „%s“ je třeba zadat cestu ke klíči SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Otevření %s pomocí zadaných přihlašovacích údajů selhalo.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "V současnosti je tímto modulem podporována pouze akce „add“.\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Relaci SFTP nelze sestavit: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Relaci SFTP nelze inicializovat: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Relaci SFTP nelze otevřít: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Údaje o SFTP souboru nelze získat: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Nedostatek paměti.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Vzdálený klíč nelze přečíst: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Spojení selhalo: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Server není znám: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Na stroji není povolena autentizace veřejným klíčem.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Chyba při autentizaci veřejným klíčem: "
+
+#~ msgid "WARNING: Data offset is outside of currently available data device.\n"
+#~ msgstr "POZOR: Poloha dat je mimo nyní dostupné zařízení s daty.\n"
+
+#~ msgid "Cannot get process priority."
+#~ msgstr "Nelze zjistit prioritu procesu."
+
+#~ msgid "Cannot unlock memory."
+#~ msgstr "Paměť nelze odemknout."
+
+#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+#~ msgstr "Zamykací adresář %s/%s bude vytvořen s výchozími zakompilovanými právy."
+
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Z %s nebylo možné načíst vzorec BITLK."
+
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Neplatná nebo neznámá značka zařízení BITLK."
+
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Vyčištění dat záložní části selhalo."
+
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Vypnutí příznaku požadavku na přešifrování selhalo."
+
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Šifrování je podporováno jen s formátem LUKS2."
+
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "Na %s zjištěno zařízeno LUKS. Přejete si toto zařízení LUKS znovu zašifrovat?"
+
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "Nyní je podporován pouze formát LUKS2. Pro LUKS1, prosím, použijte nástroj cryptsetup-reencrypt."
+
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Zastaralé offline přešifrování již probíhá. Použijte nástroj cryptsetup-reencrypt."
+
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "Zařízení LUKS2 se nepřešifrovává."
+
+#~ msgid "Reencryption already in-progress."
+#~ msgstr "Přešifrování již probíhá."
+
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Na zařízení %s se nastavuje příznak offline přešifrování."
+
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Tato verze cryptsetup-reencrypt neumí zacházet s novým vnitřním druhem tokenů %s."
+
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Přečtení příznaků pro aktivaci ze záložní hlavičky selhalo."
+
+#~ msgid "Failed to write activation flags to new header."
+#~ msgstr "Zápis příznaků pro aktivaci do nové hlavičky selhal."
+
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Parametry PBKDF pro pozici klíče %i změněny."
+
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Velikost bloku při přešifrování může nabývat hodnot pouze mezi 1 a 64 MiB."
+
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Maximální velikost zmenšení zařízení je 64 MiB."
+
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[PŘEPÍNAČ…] <zařízení>"
+
+#~ msgid "Argument required."
+#~ msgstr "Vyžadován argument."
+
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Přepínač --new musí být použit spolu s --reduce-device-size nebo --header."
+
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Přepínač --keep-key lze použít jen s přepínači --hash, --iter-time nebo --pbkdf-force-iterations."
+
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Přepínač --new nelze být použit spolu s --decrypt."
+
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Přepínač --decrypt se neslučuje se zadanými parametry."
+
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Přepínač --uuid lze použít jen spolu s přepínačem --decrypt."
+
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Neplatný druh LUKS. Použijte jeden z: „luks“, „luks1“ nebo „luks2“"
+
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Zařízení %s se používá. K formátování nelze přikročit."
+
+#~ msgid "No free token slot."
+#~ msgstr "Žádná volná pozice s tokenem"
+
+#~ msgid "Failed to create builtin token %s."
+#~ msgstr "Vestavěný token %s nebylo možné vytvořit"
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Neplatný druh zařízení LUKS."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Šifra použita k zašifrování disku (vizte /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Haš použit k vytvoření šifrovacího klíče z hesla"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Ověřuje heslo dvojitým dotazem"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Klíč načte ze souboru"
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "(Hlavní) klíč svazku načte ze souboru."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Vypíše (hlavní) klíč svazku namísto údajů o pozicích klíčů"
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "Velikost šifrovacího klíče"
+
+#~ msgid "BITS"
+#~ msgstr "BITY"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Omezí čtení ze souboru s klíčem"
+
+#~ msgid "bytes"
+#~ msgstr "bajty"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Přeskočí daný počet bajtů na začátku souboru s klíčem"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Omezí čtení z nově přidaného souboru s klíčem"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Přeskočí daný počet bajtů na začátku nově přidaného souboru s klíčem"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Číslo pozice pro nový klíč (výchozí je první volná)"
+
+#~ msgid "The size of the device"
+#~ msgstr "Velikost zařízení"
+
+#~ msgid "SECTORS"
+#~ msgstr "SEKTORY"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Použije zadanou velikost zařízení (ignoruje zbytek zařízení). NEBEZPEČNÉ!"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Poloha začátku dat v podkladovém zařízení"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Kolik sektorů šifrovaných dat se má na začátku přeskočit"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Vytvoří mapování určené jen pro čtení"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Nevyžaduje potvrzení"
+
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Časový limit pro interaktivní dotaz na heslo (v sekundách)"
+
+#~ msgid "secs"
+#~ msgstr "sekundy"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Aktualizace ukazatele postupu (v sekundách)"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<zařízení_s_daty_integrity>"
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Kolikrát se lze zeptat na heslo"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<zařízení_s_daty_integrity> <název>"
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Zarovnává data na hranici <n> sektorů – pro luksFormat"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<název> je zařízení, které bude vytvořeno pod %s\n"
-"<zařízení_s_daty_integrity> je zařízení obsahující data se značkami integrity\n"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Soubor se zálohou hlavičky LUKS a pozic s klíči"
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Výchozí zakompilované parametry dm-integrity:\n"
-"\tAlgoritmus kontrolního součtu: %s\n"
-"\tMaximální velikost souboru s klíčem: %d kB\n"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Pro vytvoření klíče svazku použije /dev/random"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Cesta k zařízení s daty (je-li odděleno)"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Pro vytvoření klíče svazku použije /dev/urandom"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Velikost žurnálu"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Zařízení sdílí s jiným nepřekrývajícím se šifrovaným segmentem"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Prokládat sektory"
+#~ msgid "UUID for device to use"
+#~ msgstr "Použije zařízení s UUID"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Zaplněnost žurnálu"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Povolí u daného zařízení požadavky na zahození (TRIM)"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "procenta"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Zařízení nebo soubor s oddělenou hlavičkou LUKS"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Perioda vyprazdňování žurnálu"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Zařízení neaktivuje, jen zkontroluje heslo"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Použije se skrytá hlavička (skryté zařízení TCRYPT)"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Počet 512bajtových sektorů na bit (režim bitmapy)."
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Zařízení je systémová jednotka TCRYPT (se zavaděčem)"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Perioda vyprazdňování při režimu bitmapy"
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Použije se záložní (druhá) hlavička TCRYPT"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Velikost značky (na sektor)"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Hledá také zařízení kompatibilní s VeraCrypt"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Velikost sektoru"
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Osobní iterační činitel (PIM) pro zařízení kompatibilní s VeraCrypt"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Velikost vyrovnávací paměti"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Zeptá se na Osobní iterační činitel pro zařízení kompatibilní s VeraCrypt"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Algoritmus pro kontrolu integrity dat"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Druh metadat zařízení: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Velikost klíče pro integritu dat"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Vypne kontrolku odolnosti hesla (byla-li zapnuta)"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Klíč pro integritu načte ze souboru"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu same_cpu_crypt"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Algoritmus pro integritu žurnálu"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Použije výkonnostně kompatibilní přepínač dmcryptu submit_from_crypt_cpus"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Velikost klíče integrity žurnálu"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Přeskočit pracovní frontu dm-cryptu a zpracovávat požadavky na čtení synchronně"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Klíč integrity žurnálu načte ze souboru"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Přeskočit pracovní frontu dm-cryptu a zpracovávat požadavky na zápis synchronně"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Algoritmus šifrování žurnálu"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Odstranění zařízení se odloží, dokud jej poslední uživatel neuzavře"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Velikost šifrovacího klíče žurnálu"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Pro serializaci paměti těžkého PBKDF použije globální zámek (obezlička při nedostatku paměti)"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Šifrovací klíč žurnálu načte ze souboru"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Doba opakování PBKDF pro LUKS (v ms)"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Režim obnovy (žádný žurnál, žádná kontrola značek)"
+#~ msgid "msecs"
+#~ msgstr "milisekundy"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Ke sledování změn použije bitmapu a vypne žurnál pro zařízení s integritou"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "Algoritmus PBKDF (pro LUKS2): argon2i, argon2id, pbkdf2"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Automaticky přepočítá počáteční značky."
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "omezení paměťové náročnosti PBKDF"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Nechrání superblok pomocí HMAC (stará jádra)"
+#~ msgid "kilobytes"
+#~ msgstr "kilobajty"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Povolí přepočet svazků s klíči HMAC (stará jádra)"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "náročnost paralelizace PBKDF"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Přepínač --integrity-recalculate smí být použit jen při otevírání."
+#~ msgid "threads"
+#~ msgstr "vlákna"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Přepínače --journal-size, --interleave-sectors, --sector-size, --tag-size a --no-wipe lze použít jen při formátování."
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "náročnost iterací PBKDF (vynuceno, vypne test složitosti)"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Zadána neplatná velikost žurnálu."
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Priorita pozice klíče: ignore [ignorovat], normal [normální], prefer [upřednostnit]"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Musí být zadány oba přepínače pro soubor s klíčem a velikostí klíče."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Vypne zamykání metadata uložených na disku"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Musí být zadány oba přepínače pro soubor s klíčem žurnálu a velikostí klíče."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Vypne načítání klíčů svazků přes jadernou klíčenku"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Je-li použit klíč integrity žurnálu, musí být zadán algoritmus integrity žurnálu."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Algoritmus pro integritu dat (pouze LUKS2)"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Musí být zadány oba přepínače pro soubor s šifrovacím klíčem žurnálu a velikostí klíče."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Vypne žurnál pro zařízení s integritou"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Je-li použit šifrovací klíč žurnálu, musí být zadán algoritmus šifrování žurnálu."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Po formátu nevymazat zařízení"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Přepínače režimu bitmapy a obnovení se vzájemně vylučují."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Použije neefektivní zastaralé vyplňování (stará jádra)"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Přepínače žurnálu nelze použití spolu s režimem bitmapy."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Neptá se na heslo, když aktivace tokenem selže"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Přepínače bitmapy lze použít jen při režimu bitmapy."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Číslo tokenu (výchozí cokoliv)"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Přešifrování již probíhá."
+#~ msgid "Key description"
+#~ msgstr "Popis klíče"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Zařízení %s nelze výlučně otevřít. Zařízení se používá."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Velikost sektoru šifrování (výchozí: 512 bajtů)"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Alokace zarovnané paměti se nezdařila."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Inicializační vektor počítá ve velikostech sektoru (nikoliv po 512 bajtech)"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Ze zařízení %s nelze číst."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Nastaví trvalé příznaky pro aktivaci zařízení"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "LUKS1 zařízení %s se označuje za nepoužitelné."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Nastaví jmenovku zařízení LUKS2"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Na zařízení %s se nastavuje příznak offline přešifrování."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Nastaví jmenovku podsystému zařízení LUKS2"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Zařízení %s není možné zapsat."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Vytvoří nebo vypíše nepřiřazenou (žádný datový segment nepřiřazen) LUKS2 pozici s klíčem"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Nelze zapsat soubor s protokolem přešifrování."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Načte nebo zapíše JSON z nebo do souboru"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Soubor s protokolem přešifrování nelze načíst."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Velikost oblasti s metadaty hlavičky LUKS2"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Soubor s protokolem %s existuje, pokračuje se v přerušeném přešifrování.\n"
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Velikost oblasti s pozicemi klíčů hlavičky LUKS"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Aktivuje se dočasné zařízení za pomoci staré hlavičky LUKS."
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Reaktivuje zařízení s novými parametry"
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Aktivuje se dočasné zařízení za pomoci nové hlavičky LUKS."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "Pozice s klíčem LUKS2: Velikost šifrovacího klíče"
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Aktivace dočasných zařízení selhala."
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "Pozice s klíčem LUKS2: Šifra použitá pro šifrování pozice s klíčem"
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Nastavení polohy dat selhalo."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Zašifruje zařízení LUKS2 (šifrování bez mezikopie)."
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Nastavení velikosti metadat selhalo."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Natrvalo dešifruje zařízení LUKS2 (odstraní šifrování)."
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Byla vytvořena nová hlavička LUKS zařízení %s."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Inicializuje přešifrování LUKS2 pouze v metadatech."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Tato verze cryptsetup-reencrypt neumí zacházet s novým vnitřním druhem tokenů %s."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Pouze dokončí již inicializované přešifrování LUKS2."
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Přečtení příznaků pro aktivaci ze záložní hlavičky selhalo."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Zmenší velikost datového zařízení (posune začátek dat). NEBEZPEČNÉ!"
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Zápis příznaků pro aktivaci do nové hlavičky selhal."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Maximální velikost horké zóny při přešifrování."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Čtení požadavků ze záložní hlavičky selhalo."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Druh odolnosti horké zóny při přešifrování (checksum [kontrolní součet], journal [žurnál], none [žádná])"
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Záloha hlavičky %s zařízení %s byla vytvořena."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Algoritmus kontrolního součtu při přešifrování"
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Záložní hlavičky LUKS se nepodařilo vytvořit."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Přebije automatické hledání zařízení DM pro přešifrování"
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Hlavičku %s na zařízení %s nelze obnovit."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Přepínač --deferred je dovolen jen při příkazu zavření."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "Hlavička %s na zařízení %s byla obnovena."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Přepínač --allow-discards je dovolen jen při úkonu otevírání."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Nelze otevřít dočasné zařízení LUKS."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Přepínač --persistent je dovolen jen při úkonu otevírání."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Velikost zařízení nelze zjistit."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Přepínač --serialize-memory-hard-pbkdf je dovolen jen při úkonu otevírání."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "Chyba vstupu/výstupu během přešifrování."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Přepínač --key-size je dovolen jen pro akce luksFormat, luksAddKey,\n"
+#~ "open a benchmark. Čtení ze souboru s klíčem lze omezit\n"
+#~ "pomocí --keyfile-size=(bajty)."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Poskytnuté UUID není platné."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Přepínač --integrity je dovolen pouze u luksFormat (LUKS2)."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Nelze otevřít soubor s protokolem přešifrování."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Přepínače --label a --subsystem jsou dovoleny jen při úkonech luksFormat a config s LUKS2."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Žádné dešifrování není rozpracované. Poskytnuté UUID lze použít jen k dokončení pozastaveného procesu dešifrování."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "U přepínače není záporné číslo dovoleno."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Parametry PBKDF pro pozici klíče %i změněny."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Přepínač --use-[u]random je dovolen pouze u luksFormat."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Velikost bloku přešifrování"
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Přepínač --uuid je dovolen pouze u luksFormat a luksUUID."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Přepínač --align-payload je dovolen pouze u luksFormat."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Nezmění klíč, oblast s daty se nepřešifruje"
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Přepínače --luks2-metadata-size a --opt-luks2-keyslots-size jsou dovoleny jen při úkonu luksFormat s LUKS2."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Nový (hlavní) klíč svazku načte ze souboru"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Zadána neplatná velikost metadat LUKS2."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Doba opakování PBKDF2 pro LUKS (v ms)"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Zadána neplatná velikost pozic s klíči LUKS2."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "K zařízením se bude přistupovat pomocí přímého I/O"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Přepínač --offset je podporován jen při otevírání zařízení plain a loopaes a při úkonu luksFormat a přešifrování."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Po každém bloku se zavolá fsync"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Zadán neplatný argument parametru --veracrypt-pim."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Po každém bloku se aktualizuje soubor s protokolem"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "Tento příkaz nepodporuje volbu velikosti sektoru."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Použije se pouze tato pozice (ostatní budou zakázány)"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Přepínač --refresh lze použít pouze s úkonem otevření."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Vytvoří novou hlavičku na nešifrovaném zařízení"
+#~ msgid "Invalid device size specification."
+#~ msgstr "Zadána neplatná velikost zařízení."
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Natrvalo dešifruje zařízení (odstraní šifrování)"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Velikost ke zmenšení přetekla."
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "UUID, které se použije pro dokončení dešifrování"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Nepoužije superblok verity"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Druh metadat LUKS: luks1, luks2"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Druh formátu (1 – běžný, 0 – původní z OS Chrome)"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[PŘEPÍNAČ…] <zařízení>"
+#~ msgid "number"
+#~ msgstr "číslo"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Přešifrování změní: %s%s%s%s%s%s."
+#~ msgid "Block size on the data device"
+#~ msgstr "Velikost bloku na zařízení dat"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "klíč svazku"
+#~ msgid "Block size on the hash device"
+#~ msgstr "Velikost bloku na zařízení hašů"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "nastaví haš na "
+#~ msgid "FEC parity bytes"
+#~ msgstr "Paritní bajty FEC"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", nastaví šifru na "
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Počet bloků v datovém souboru"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Vyžadován argument."
+#~ msgid "blocks"
+#~ msgstr "bloky"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Velikost bloku při přešifrování může nabývat hodnot pouze mezi 1 a 64 MiB."
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Cesta k zařízení s daty pro opravu chyb"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Maximální velikost zmenšení zařízení je 64 MiB."
+#~ msgid "path"
+#~ msgstr "cesta"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Přepínač --new musí být použit spolu s --reduce-device-size nebo --header."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Poloha začátku dat v zařízení hašů"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Přepínač --keep-key lze použít jen s přepínači --hash, --iter-time nebo --pbkdf-force-iterations."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Poloha začátku dat v zařízení FEC"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Přepínač --new nelze být použit spolu s --decrypt."
+#~ msgid "Hash algorithm"
+#~ msgstr "Hašovací algoritmus"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Přepínač --decrypt se neslučuje se zadanými parametry."
+#~ msgid "string"
+#~ msgstr "řetězec"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Přepínač --uuid lze použít jen spolu s přepínačem --decrypt."
+#~ msgid "Salt"
+#~ msgstr "Sůl"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Neplatný druh LUKS. Použijte jeden z: „luks“, „luks1“ nebo „luks2“"
+#~ msgid "hex string"
+#~ msgstr "šestnáctkový řetězec"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Chyba při čtení odpovědi z terminálu."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Cesta k souboru s podpisem kořenového otisku"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Příkaz úspěšně vykonán.\n"
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Restartuje jádro, pokud je zjištěno poškození"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "špatné nebo chybějící parametry"
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Jádro zpanikaří, pokud je zjištěno poškození"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "žádné oprávnění nebo chybné heslo"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Ignoruje poškození, pouze jej zaznamená"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "nedostatek paměti"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Neověřuje vynulované bloky"
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "zadáno špatné zařízení nebo soubor"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Ověří datový blok pouze při prvním čtení"
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "zařízení již existuje nebo zařízení je zaneprázdněno"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Přepínače --ignore-corruption, --restart-on-corruption nebo --ignore-zero-blocks jsou dovoleny jen při úkonu otevírání."
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "neznámá chyba"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Přepínač --root-hash-signature smí být použit jen při otevírání."
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Příkaz selhal s kódem %i (%s).\n"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Cesta k zařízení s daty (je-li odděleno)"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Pozice klíče %i vytvořena."
+#~ msgid "Journal size"
+#~ msgstr "Velikost žurnálu"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Pozice klíče %i odemknuta."
+#~ msgid "Interleave sectors"
+#~ msgstr "Prokládat sektory"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Pozice klíče %i odemknuta."
+#~ msgid "Journal watermark"
+#~ msgstr "Zaplněnost žurnálu"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Token %i vytvořen."
+#~ msgid "percent"
+#~ msgstr "procenta"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Token %i se odstraněn."
+#~ msgid "Journal commit time"
+#~ msgstr "Perioda vyprazdňování žurnálu"
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Výmaz přerušen."
+#~ msgid "ms"
+#~ msgstr "ms"
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "POZOR: Zařízení %s již obsahuje vzorec oddílu „%s“.\n"
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Počet 512bajtových sektorů na bit (režim bitmapy)."
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "POZOR: Zařízení %s již obsahuje vzorec superbloku „%s“.\n"
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Perioda vyprazdňování při režimu bitmapy"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Sondu vzorců zařízení se nepodařilo inicializovat."
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Velikost značky (na sektor)"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "O zařízení %s nebylo možné zjistit údaje."
+#~ msgid "Sector size"
+#~ msgstr "Velikost sektoru"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Zařízení %s se používá. K formátování nelze přikročit."
+#~ msgid "Buffers size"
+#~ msgstr "Velikost vyrovnávací paměti"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Soubor %s nebylo možné otevřít pro čtení i zápis."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Algoritmus pro kontrolu integrity dat"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Existující vzorec „%s“ oddílu (poloha: %<PRIi64> bajtů) na zařízení %s bude vymazán."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Velikost klíče pro integritu dat"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Existující vzorec superbloku „%s“ (poloha: %<PRIi64> bajtů) na zařízení %s bude vymazán."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Klíč pro integritu načte ze souboru"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Odstranění vzorce ze zařízení selhalo."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Algoritmus pro integritu žurnálu"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Otestování zařízení %s na vzorce selhalo."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Velikost klíče integrity žurnálu"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Přešifrování přerušeno."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Klíč integrity žurnálu načte ze souboru"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Odolnost hesla nelze prověřit: %s"
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Algoritmus šifrování žurnálu"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Kontrola odolnosti hesla selhala:\n"
-" %s"
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Velikost šifrovacího klíče žurnálu"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Kontrola odolnosti hesla selhala: Špatné heslo (%s)"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Šifrovací klíč žurnálu načte ze souboru"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Chyba při čtení hesla z terminálu."
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Režim obnovy (žádný žurnál, žádná kontrola značek)"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Ověřte heslo: "
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Ke sledování změn použije bitmapu a vypne žurnál pro zařízení s integritou"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Hesla se neshodují."
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Automaticky přepočítá počáteční značky."
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Ve vstupu z terminálu nelze měnit polohu."
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Nechrání superblok pomocí HMAC (stará jádra)"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Zadejte heslo: "
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Povolí přepočet svazků s klíči HMAC (stará jádra)"
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Zadejte heslo pro %s: "
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Přepínač --integrity-recalculate smí být použit jen při otevírání."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "S tímto heslem není dostupný žádný klíč."
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Přepínače --journal-size, --interleave-sectors, --sector-size, --tag-size a --no-wipe lze použít jen při formátování."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Nejsou dostupné žádné použitelné pozice s klíči."
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Zadána neplatná velikost žurnálu."
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Soubor s klíčem %s nelze otevřít pro zápis."
+#~ msgid "Reencryption block size"
+#~ msgstr "Velikost bloku přešifrování"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Do souboru s klíčem %s nelze zapsat."
+#~ msgid "MiB"
+#~ msgstr "MiB"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Soubor %s se nepodařilo otevřít pouze pro čtení."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Nezmění klíč, oblast s daty se nepřešifruje"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Poskytněte JSON s platným tokenem LUKS2:\n"
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Nový (hlavní) klíč svazku načte ze souboru"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Soubor s dokumentem JSON se nepodařilo přečíst."
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "K zařízením se bude přistupovat pomocí přímého I/O"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Čtení přerušeno."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Po každém bloku se zavolá fsync"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Otevření souboru %s pro zápis selhalo."
+#~ msgid "Update log file after every block"
+#~ msgstr "Po každém bloku se aktualizuje soubor s protokolem"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Zápis přerušen."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Použije se pouze tato pozice (ostatní budou zakázány)"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Zapsaní souboru s dokumentem JSON selhalo."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Vytvoří novou hlavičku na nešifrovaném zařízení"
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Vypnutí příznaku požadavku na přešifrování selhalo."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Natrvalo dešifruje zařízení (odstraní šifrování)"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Zdá se, že zařízení nevyžaduje obnovu přešifrování.\n"
-#~ "Přejete si přesto pokračovat?"
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "UUID, které se použije pro dokončení dešifrování"
+
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Druh metadat LUKS: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "POZOR: Adresář se zámkem %s/%s chybí!\n"
#~ msgid "Parameter --refresh is only allowed with open or refresh commands."
#~ msgstr "Přepínač --refresh je dovolen jen při příkazu otevření nebo reaktivace."
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Šifra %s není dostupná."
-
#~ msgid "Unsupported encryption sector size.\n"
#~ msgstr "Nepodporovaná velikost šifrovaného sektoru.\n"
#~ msgid "Online reencryption in progress. Aborting."
#~ msgstr "Probíhá přešifrování za běhu. Operace se ruší."
-#~ msgid "No LUKS2 reencryption in progress."
-#~ msgstr "Neprobíhá žádné přešifrování LUKS2."
-
#~ msgid "Interrupted by a signal."
#~ msgstr "Přerušeno signálem."
#~ msgid "Function not available in FIPS mode."
#~ msgstr "V režimu FIPS není funkce dostupná."
-#~ msgid "Failed to write hash."
-#~ msgstr "Zapsaní otisku selhalo."
-
#~ msgid "Failed to finalize hash."
#~ msgstr "Dokončení otisku selhalo."
#~ msgid "Failed to assign digest %u to segment %u."
#~ msgstr "Přiřazení otisku %u k části %u se nezdařilo."
-#~ msgid "Failed to set segments."
-#~ msgstr "Nastavení částí selhalo."
-
#~ msgid "Failed to assign reencrypt previous backup segment."
#~ msgstr "Přiřazení předchozí zálohové části při přešifrování selhalo."
#~ msgid "Error: Calculated reencryption offset %<PRIu64> is beyond device size %<PRIu64>."
#~ msgstr "Chyba: Vypočtená pozice pro přešifrování %<PRIu64> je větší než velikost zařízení %<PRIu64>."
-#~ msgid "Device is not in clean reencryption state."
-#~ msgstr "Zařízení není v čistém stavu přešifrování."
-
#~ msgid "Failed to calculate new segments."
#~ msgstr "Výpočet nových částí selhal."
-#~ msgid "Failed to assign pre reenc segments."
-#~ msgstr "Přiřazení částí před přešifrováním selhalo."
-
#~ msgid "Failed finalize hotzone resilience, retval = %d"
#~ msgstr "Dokončení odolnosti horké zóny selhalo, návratová hodnota = %d"
#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n"
#~ msgstr "POZOR: zařízení %s je oddíl. U systémového šifrování TCRYPT je obvykle třeba použít cestu k celému blokovému zařízení.\n"
-#~ msgid "Kernel doesn't support plain64 IV.\n"
-#~ msgstr "Jádro nepodporuje inicializační vektor plain64.\n"
-
#~ msgid "Enter LUKS passphrase: "
#~ msgstr "Zadejte heslo LUKS: "
#~ msgid "exclusive "
#~ msgstr "výlučný "
-#~ msgid "writable"
-#~ msgstr "zápisový"
-
#~ msgid "read-only"
#~ msgstr "jen pro čtení"
msgstr ""
"Project-Id-Version: cryptsetup-2.3.1-rc0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2020-03-08 10:59+0100\n"
"PO-Revision-Date: 2020-03-08 22:35+0200\n"
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:396
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Kan ikke initialisere enhedsoversætter, kører som ikke-root bruger."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:399
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Kan ikke initialisere enhedsoversætter. Er dm_mod-kernemodulet indlæst?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1119
msgid "Requested deferred flag is not supported."
msgstr "Det anmodede udskudte flag er ikke understøttet."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1186
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID for enheden %s blev afkortet."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1508
msgid "Unknown dm target type."
msgstr "Ukendt dm-måltype."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1611 lib/libdevmapper.c:1663
msgid "Requested dm-crypt performance options are not supported."
msgstr "Forespurgte dm-crypt-ydelsestilvalg er ikke understøttede."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1618
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Forespurgte dm-verity-håndteringstilvalg for datakorruption er ikke understøttede."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1622
msgid "Requested dm-verity FEC options are not supported."
msgstr "Forespurgte dm-verity FEC-tilvalg er ikke understøttede."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1626
msgid "Requested data integrity options are not supported."
msgstr "Forespurgte dataintegritetstilvalg er ikke understøttede."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1628
msgid "Requested sector_size option is not supported."
msgstr "Forespurgte sector_size-tilvalg er ikke understøttet."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1633
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Forespurgte automatiske genberegning af integritetsmærker er ikke understøttet."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-msgid "Discard/TRIM is not supported."
-msgstr "Discard/TRIM %s er ikke understøttet."
-
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1637
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Forespurgte dm-integritetsbitmaptilstand er ikke understøttet."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:1666
+msgid "Discard/TRIM is not supported."
+msgstr "Discard/TRIM %s er ikke understøttet."
+
+#: lib/libdevmapper.c:2584
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Kunne ikke forespørge dm-%s-segment."
msgid "Cannot initialize crypto backend."
msgstr "Kan ikke initialisere crypto-motor."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:119
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Hashalgoritmen %s er ikke understøttet."
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Kan ikke bestemme enhedstype. Er aktivering af enhed ikke kompatibel?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:341 lib/setup.c:3050
msgid "This operation is supported only for LUKS device."
msgstr "Denne operation er kun understøttet for LUKS-enhed."
msgid "This operation is supported only for LUKS2 device."
msgstr "Denne operation er kun understøttet for LUKS2-enhed."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2345
msgid "All key slots full."
msgstr "Alle nøglepladser er udfyldt."
msgid "Key slot %d is full, please select another one."
msgstr "Nøglepladsen %d er fuld, vælg venligst en anden."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:525 lib/setup.c:2824
msgid "Device size is not aligned to device logical block size."
msgstr "Enhedsstørrelsen er ikke justeret til logisk blokstørrelse for enhed."
msgid "Header detected but device %s is too small."
msgstr "Teksthoved registreret men enheden %s er for lille."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:661
msgid "This operation is not supported for this device type."
msgstr "Denne operation er ikke understøttet for denne enhedstype."
msgid "Illegal operation with reencryption in-progress."
msgstr "Ulovlig operation med omkryptering i gang."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:832 lib/luks1/keymanage.c:475
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "LUKS-version %d er ikke understøttet."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:849 lib/setup.c:1539 lib/setup.c:1959
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr "Frakoblet metadataenhed er ikke understøttet for denne crypttype."
+
+#: lib/setup.c:1427 lib/setup.c:2544 lib/setup.c:2616 lib/setup.c:2628
+#: lib/setup.c:2777 lib/setup.c:4512
#, c-format
msgid "Device %s is not active."
msgstr "Enheden %s er ikke aktiv."
msgid "Invalid plain crypt parameters."
msgstr "Ugyldige rene crypt-parametre."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1529 lib/setup.c:1949 src/integritysetup.c:73
msgid "Invalid key size."
msgstr "Ugyldig nøglestørrelse."
msgid "UUID is not supported for this crypt type."
msgstr "UUID er ikke understøttet for denne crypttype."
-#: lib/setup.c:1539 lib/setup.c:1959
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "Frakoblet metadataenhed er ikke understøttet for denne crypttype."
-
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2308
+#: src/cryptsetup.c:1237
msgid "Unsupported encryption sector size."
msgstr "Sektorstørrelsen på krypteringen er ikke understøttet."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2818
msgid "Device size is not aligned to requested sector size."
msgstr "Enhedsstørrelsen er ikke justeret til den anmodede sektorstørrelse."
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "ADVARSEL: LUKS2-nøglepladsens områdestørrelse er ændret til %<PRIu64> byte.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1882 lib/utils_device.c:828 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367
#, c-format
msgid "Device %s is too small."
msgstr "Enheden %s er for lille."
msgid "Can't format VERITY without device."
msgstr "Kan ikke formatere VERITY uden enhed."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2000 lib/verity/verity.c:102
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "VERITY-hashtypen %d er ikke understøttet."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2006 lib/verity/verity.c:110
msgid "Unsupported VERITY block size."
msgstr "VERITY-blokstørrelse er ikke understøttet."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2011 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "VERITY-hashforskydning er ikke understøttet."
msgid "Unknown crypt device type %s requested."
msgstr "Der blev anmodt om ukendt crypt-enhedstype %s."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2550 lib/setup.c:2622 lib/setup.c:2635
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Ikke understøttede parametre på enheden %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2556 lib/setup.c:2641 lib/luks2/luks2_reencrypt.c:2408
+#: lib/luks2/luks2_reencrypt.c:2737
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Parametre matcher ikke på enheden %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2661
msgid "Crypt devices mismatch."
msgstr "Crypt-enheder er forskellige."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2698 lib/setup.c:2703 lib/luks2/luks2_reencrypt.c:2054
+#: lib/luks2/luks2_reencrypt.c:3145
#, c-format
msgid "Failed to reload device %s."
msgstr "Kunne ikke genindlæse enheden %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2708 lib/setup.c:2713 lib/luks2/luks2_reencrypt.c:2025
+#: lib/luks2/luks2_reencrypt.c:2032
#, c-format
msgid "Failed to suspend device %s."
msgstr "Kunne ikke placere enheden %s i dvale."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2718 lib/luks2/luks2_reencrypt.c:2039
+#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149
#, c-format
msgid "Failed to resume device %s."
msgstr "Kunne ikke genoptage enheden %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2732
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Der opstod en fatal fejl under genindlæsning af enheden %s (oven på enheden %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2735 lib/setup.c:2737
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Kunne ikke skifte enheden %s til dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2809
msgid "Cannot resize loop device."
msgstr "Kan ikke ændre størrelse på loop-enhed."
-#: lib/setup.c:2890
+#: lib/setup.c:2882
msgid "Do you really want to change UUID of device?"
msgstr "Ønsker du at ændre UUID for enhed?"
-#: lib/setup.c:2966
+#: lib/setup.c:2958
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Sikkerhedskopifilen indeholder ikke gyldige LUKS-teksthoveder."
-#: lib/setup.c:3066
+#: lib/setup.c:3058
#, c-format
msgid "Volume %s is not active."
msgstr "Diskenheden %s er ikke aktiv."
-#: lib/setup.c:3077
+#: lib/setup.c:3069
#, c-format
msgid "Volume %s is already suspended."
msgstr "Diskenheden %s er allerede suspenderet."
-#: lib/setup.c:3090
+#: lib/setup.c:3082
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Suspension er ikke understøttet for enheden %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3084
#, c-format
msgid "Error during suspending device %s."
msgstr "Fejl under suspension af enheden %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3117 lib/setup.c:3184 lib/setup.c:3267
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "Diskenheden %s er ikke suspenderet."
+
+#: lib/setup.c:3146
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Genoptag er ikke understøttet for enheden %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3148 lib/setup.c:3216 lib/setup.c:3297
#, c-format
msgid "Error during resuming device %s."
msgstr "Fejl under genoptagelse af enheden %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, c-format
-msgid "Volume %s is not suspended."
-msgstr "Diskenheden %s er ikke suspenderet."
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3282 lib/setup.c:3648 lib/setup.c:4309 lib/setup.c:4322
+#: lib/setup.c:4330 lib/setup.c:4343 lib/setup.c:4693 lib/setup.c:5839
msgid "Volume key does not match the volume."
msgstr "Diskenhedsnøgle matcher ikke diskenheden."
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3343 lib/setup.c:3531
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Kan ikke tilføje nøgleplads, alle pladser er deaktiveret og ingen diskenhedsnøgle tilbudt."
-#: lib/setup.c:3487
+#: lib/setup.c:3483
msgid "Failed to swap new key slot."
msgstr "Kunne ikke swappe ny nøgleplads."
-#: lib/setup.c:3673
+#: lib/setup.c:3669
#, c-format
msgid "Key slot %d is invalid."
msgstr "Nøglepladsen %d er ugyldig."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3675 src/cryptsetup.c:1583 src/cryptsetup.c:1928
#, c-format
msgid "Keyslot %d is not active."
msgstr "Nøglepladsen %d er ikke aktiv."
-#: lib/setup.c:3698
+#: lib/setup.c:3694
msgid "Device header overlaps with data area."
msgstr "Enhedsteksthoved overlapper med dataområde."
-#: lib/setup.c:3992
+#: lib/setup.c:3981
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Omkryptering er i gang. Kan ikke aktivere enhed."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:3983 lib/luks2/luks2_json_metadata.c:2238
+#: lib/luks2/luks2_reencrypt.c:2836
msgid "Failed to get reencryption lock."
msgstr "Kunne ikke indhente omkrypteringslås."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:3996 lib/luks2/luks2_reencrypt.c:2855
msgid "LUKS2 reencryption recovery failed."
msgstr "LUKS2-omkrypteringsgendannelse mislykkedes."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4127 lib/setup.c:4379
msgid "Device type is not properly initialized."
msgstr "Enhedstypen er ikke ordentlig initialiseret."
-#: lib/setup.c:4223
-#, c-format
-msgid "Device %s already exists."
-msgstr "Enheden %s findes allerede."
-
-#: lib/setup.c:4230
+#: lib/setup.c:4171
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Kan ikke bruge enheden %s, navnet er ugyldigt eller stadig i brug."
-#: lib/setup.c:4350
+#: lib/setup.c:4174
+#, c-format
+msgid "Device %s already exists."
+msgstr "Enheden %s findes allerede."
+
+#: lib/setup.c:4296
msgid "Incorrect volume key specified for plain device."
msgstr "Ukorrekt diskenhedsnøgle specificeret for ren enhed."
-#: lib/setup.c:4463
+#: lib/setup.c:4405
msgid "Incorrect root hash specified for verity device."
msgstr "Ukorrekt roothash specificeret for verity-enhed."
-#: lib/setup.c:4470
+#: lib/setup.c:4412
msgid "Root hash signature required."
msgstr "Roothash-signatur er krævet."
-#: lib/setup.c:4479
+#: lib/setup.c:4421
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Kernenøglering mangler: krævet for at sende signatur til kernen."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4438 lib/setup.c:5915
msgid "Failed to load key in kernel keyring."
msgstr "Kunne ikke indlæse nøgle i kernenøglefil."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4491 lib/setup.c:4507 lib/luks2/luks2_json_metadata.c:2291
+#: src/cryptsetup.c:2603
#, c-format
msgid "Device %s is still in use."
msgstr "Enheden %s er stadig i brug."
-#: lib/setup.c:4574
+#: lib/setup.c:4516
#, c-format
msgid "Invalid device %s."
msgstr "Ugyldig enhed %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4632
msgid "Volume key buffer too small."
msgstr "Diskenhedsnøglebuffer er for lille."
-#: lib/setup.c:4698
+#: lib/setup.c:4640
msgid "Cannot retrieve volume key for plain device."
msgstr "Kan ikke indhente diskenhedsnøgle for ren enhed."
-#: lib/setup.c:4715
+#: lib/setup.c:4657
msgid "Cannot retrieve root hash for verity device."
msgstr "Kan ikke hente roothash for verity-enhed."
-#: lib/setup.c:4717
+#: lib/setup.c:4659
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Denne operation er ikke understøttet for %s crypt-enhed."
-#: lib/setup.c:4923
+#: lib/setup.c:4865
msgid "Dump operation is not supported for this device type."
msgstr "Dump-operation er ikke understøttet for denne enhedstype."
-#: lib/setup.c:5251
+#: lib/setup.c:5190
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Dataforskydning er ikke et multiplum af %u byte."
-#: lib/setup.c:5536
+#: lib/setup.c:5475
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Kan ikke konvertere enheden %s som stadig er i brug."
-#: lib/setup.c:5833
+#: lib/setup.c:5772
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Kunne ikke tildele nøglepladsen %u som den nye diskenhedsnøgle."
-#: lib/setup.c:5906
+#: lib/setup.c:5845
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Kunne ikke initialisere standardparametre for LUKS2-nøgleplads."
-#: lib/setup.c:5912
+#: lib/setup.c:5851
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Kunne ikke tildele nøglepladsen %d til sammendrag."
-#: lib/setup.c:6043
+#: lib/setup.c:5982
msgid "Kernel keyring is not supported by the kernel."
msgstr "Kernenøglering er ikke understøttet af kernen."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:5992 lib/luks2/luks2_reencrypt.c:2952
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Kunne ikke læse adgangsfrase fra nøglering (fejl %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6016
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Kunne ikke indhente global adgangsserialiseringslås for memory-hard."
msgid "Cannot seek to requested keyfile offset."
msgstr "Kan ikke søge til anmodede nøglefilsforskydning."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:188
+#: src/utils_password.c:201
msgid "Out of memory while reading passphrase."
msgstr "Ikke nok hukommelse under læsning af adgangsfrase."
msgid "Cannot read requested amount of data."
msgstr "Kan ikke læse den anmodede datamængde."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
+#: lib/utils_device.c:187 lib/utils_storage_wrappers.c:110
#: lib/luks1/keyencryption.c:91
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Enheden %s findes ikke eller adgang nægtet."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:197
#, c-format
msgid "Device %s is not compatible."
msgstr "Enheden %s er ikke kompatibel."
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
+#: lib/utils_device.c:642
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Enheden %s er for lille. Kræver mindst %<PRIu64> byte."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:723
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Kan ikke bruge enheden %s som er i brug (allerede kortlagt eller monteret)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:727
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Kan ikke bruge enheden %s, tilladelse nægtet."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:730
#, c-format
msgid "Cannot get info about device %s."
msgstr "Kan ikke indhente information om enheden %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:753
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Kan ikke bruge en loopback-enhed, kører som ikke-root bruger."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:763
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Vedhæftelse af loopback-enhed mislykkedes (loop-enhed med flaget autoclear er krævet)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:809
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Anmodt forskydning er mere end den reelle størrelse for enheden %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:817
#, c-format
msgid "Device %s has zero size."
msgstr "Enheden %s har nul størrelse."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "Kun PBKDF2 er understøttet i FIPS-tilstand."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:166
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "PBKDF-sammenligning deaktiveret men iterationer er ikke angivet."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:185
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Ikke kompatible PBKDF2-tilvalg (der bruger hash-algoritme %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:205
msgid "Not compatible PBKDF options."
msgstr "Ikke kompatible PBKDF2-tilvalg."
#: lib/utils_device_locking.c:109
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "WARNING: Locking directory %s/%s is missing!\n"
+msgstr "ADVARSEL: Låsemappen %s/%s mangler!\n"
#: lib/utils_device_locking.c:119
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Låsning afbrudt. Låsestien %s/%s kan ikke bruges (%s er ikke en mappe)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:934
+#: src/cryptsetup_reencrypt.c:1018
msgid "Cannot seek to device offset."
msgstr "Kan ikke søge til enhedsforskydning."
msgstr "Specifikation for krypteringsalgoritme skal være i [cipher]-[mode]-[iv]-format."
#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keymanage.c:635 lib/luks1/keymanage.c:1080
+#: lib/luks2/luks2_json_metadata.c:1252 lib/luks2/luks2_keyslot.c:734
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Kan ikke skrive til enheden %s, tilladelse nægtet."
msgstr "IO-fejl under kryptering af nøgleplads."
#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keymanage.c:588 lib/luks1/keymanage.c:638 lib/tcrypt/tcrypt.c:672
+#: lib/verity/verity.c:80 lib/verity/verity.c:178 lib/verity/verity_hash.c:311
+#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342
+#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253
+#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1255
+#: src/cryptsetup_reencrypt.c:205
#, c-format
msgid "Cannot open device %s."
msgstr "Kan ikke åbne enheden %s."
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS-nøgleplads %u er ugyldig."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:472
+#: lib/luks2/luks2_json_metadata.c:1083 src/cryptsetup.c:1444
+#: src/cryptsetup.c:1570 src/cryptsetup.c:1627 src/cryptsetup.c:1683
+#: src/cryptsetup.c:1750 src/cryptsetup.c:1853 src/cryptsetup.c:1917
+#: src/cryptsetup.c:2077 src/cryptsetup.c:2270 src/cryptsetup.c:2330
+#: src/cryptsetup.c:2396 src/cryptsetup.c:2560 src/cryptsetup.c:3210
+#: src/cryptsetup.c:3219 src/cryptsetup_reencrypt.c:1381
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "Enheden %s er ikke en gyldig LUKS-enhed."
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1100
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Den anmodede sikkerhedskopifil %s for teksthoveder findes allerede."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1102
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Kan ikke oprette sikkerhedskopifilen %s for teksthoveder."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1109
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Kan ikke skrive sikkerhedskopifilen %sf for teksthoveder."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1161
msgid "Backup file does not contain valid LUKS header."
msgstr "Sikkerhedskopifilen indeholder ikke gyldige LUKS-teksthoveder."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:549
+#: lib/luks2/luks2_json_metadata.c:1182
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Kan ikke åbne sikkerhedskopifilen %s for teksthoveder."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1190
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Kan ikke læse sikkerhedskopifilen %s for teksthoveder."
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "indeholder allerede LUKS-teksthoveder. Erstatning af teksthoveder vil ødelægge eksisterende nøglepladser."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1224
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
msgid "Non standard key size, manual repair required."
msgstr "Nøglestørrelsen følger ikke standarden, en manuel reparation er krævet."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:380
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Nøglepladsopstillingen følger ikke standarden, en manuel reparation er krævet."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:390
msgid "Repairing keyslots."
msgstr "Reparerer nøglepladser."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:409
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Nøgleplads %i: forskydning repareret (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:417
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Nøgleplads %i: striber (»stripes«) repareret (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:426
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Nøgleplads %i: falsk partitionssignatur."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:431
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Nøgleplads %i: salt ryddet."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:448
msgid "Writing LUKS header to disk."
msgstr "Skriver LUKS-teksthovedet til disken."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:453
msgid "Repair failed."
msgstr "Reparation mislykkedes."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:481 lib/luks1/keymanage.c:750
#, c-format
msgid "Requested LUKS hash %s is not supported."
msgstr "Den anmodede LUKS-hash %s er ikke understøttet."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:509 src/cryptsetup.c:1144
msgid "No known problems detected for LUKS header."
msgstr "Ingen kendte problemer registreret for LUKS-teksthoved."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:660
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Fejl under opdatering af LUKS-teksthoved på enheden %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:668
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Fejl under genlæsning af LUKS-teksthoved efter opdatering på enheden %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:744
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Dataforskydning for LUKS-teksthoved skal være enten 0 eller større end teksthovedstørrelse."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:755 lib/luks1/keymanage.c:825
+#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1001
+#: src/cryptsetup.c:2723
msgid "Wrong LUKS UUID format provided."
msgstr "Forkert LUKS UUID-format anført."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:778
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Kan ikke oprette LUKS-teksthoved: læsning af vilkårlig salt mislykkedes."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:804
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Kan ikke oprette LUKS-teksthoved: Teksthovedsammendrag mislykkedes (bruger hash %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:848
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Nøgleplads %d aktiv, nulstil (purge) den først."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:854
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Nøgleplads %d-materiale inkluderer for få striber (»stribes«). Teksthovedmanipulering?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:990
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Kan ikke åbne nøgleplads (der bruger hash %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1066
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Nøgleplads %d er ugyldig, vælg nøgleplads mellem 0 og %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1084 lib/luks2/luks2_keyslot.c:738
#, c-format
msgid "Cannot wipe device %s."
msgstr "Kan ikke rydde enheden %s."
msgid "Error reading keyfile %s."
msgstr "Fejl under læsning af nøglefilen %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:556
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Den maksimale længde for TCRYPT-adgangsfrasen (%zu) er overskredet."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:597
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "PBKDF2-hashalgoritmen %s er ikke tilgængelig, udelader."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1021
msgid "Required kernel crypto interface not available."
msgstr "Krævet kernegrænseflade for crypto er ikke tilgængelig."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:615 src/cryptsetup.c:1023
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Sikr dig at du har kernemodulet algif_skcipher indlæst."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:755
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Aktivering er endnu ikke understøttet for %d sektorstørrelse."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:761
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Kerne understøtter ikke aktivering for denne TCRYPT legacy-tilstand."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:795
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Aktivering af TCRYPT-systemkryptering for partition %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:873
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Kerne understøtter ikke TCRYPT-kompatibel oversættelse."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Denne funktion er ikke understøttet uden TCRYPT-teksthovedindlæsning."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:332
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Uventet metadataindgangstype »%u« fundet da understøttet Volume Master Key blev fortolket."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:379
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Ugyldig streng fundet da Volume Master Key blev fortolket."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:384
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Uventet streng (»%s«) fundet da Volume Master Key blev fortolket."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:398
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Uventet metadataindgangsværdi »%u« fundet da Volume Master Key blev fortolket."
-#: lib/bitlk/bitlk.c:502
+#: lib/bitlk/bitlk.c:477
#, c-format
msgid "Failed to read BITLK signature from %s."
msgstr "Kunne ikke læse BITLK-signatur fra %s."
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Ugyldig eller ukendt signatur for BITLK-enhed."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:483
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK version 1 er i øjeblikket ikke understøttet."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:489
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Ugyldig eller ukendt opstartssignatur for BITLK-enhed."
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Sektorstørrelsen på krypteringen er ikke understøttet."
+#: lib/bitlk/bitlk.c:501
+msgid "Invalid or unknown signature for BITLK device."
+msgstr "Ugyldig eller ukendt signatur for BITLK-enhed."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:509
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Kunne ikke læse BITLK-teksthoved fra %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:534
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Kunne ikke læse BITLK FVE-metadata fra %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:585
msgid "Unknown or unsupported encryption type."
msgstr "Ukendt eller ikke understøttet krypteringstype."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:618
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Kunne ikke læse BITLK-metadataposter fra %s."
-#: lib/bitlk/bitlk.c:897
-#, fuzzy, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr "Uventet metadataindgangstype »%u« fundet da understøttet Volume Master Key blev fortolket."
-
-#: lib/bitlk/bitlk.c:912
-#, fuzzy, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr "Uventet metadataindgangsværdi »%u« fundet da Volume Master Key blev fortolket."
-
-#: lib/bitlk/bitlk.c:980
-#, fuzzy
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr "Uventet metadataindgangstype »%u« fundet da understøttet Volume Master Key blev fortolket."
-
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:911
msgid "This operation is not supported."
msgstr "Denne operation er ikke understøttet."
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
+#: lib/bitlk/bitlk.c:919
+msgid "Wrong key size."
+msgstr "Forkert nøglestørrelse."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:971
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Denne BITLK-enhed er i en ikkeunderstøttet tilstand og kan ikke aktiveres."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:977
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "BITLK-enheder med typen »%s« kan ikke aktiveres."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1059
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Aktivering af delvist dekrypteret BITLK-enhed er ikke understøttet."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1192
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Kan ikke aktivere enhed, kernel dm-crypt mangler understøttelse for BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1196
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Kan ikke aktivere enhed, kernen dm-crypt mangler understøttelse for BITLK Elephant diffuser."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/verity/verity.c:68 lib/verity/verity.c:171
#, c-format
msgid "Verity device %s does not use on-disk header."
msgstr "Verity-enheden %s bruger ikke on-disk-teksthoved."
-#: lib/verity/verity.c:91
+#: lib/verity/verity.c:90
#, c-format
msgid "Device %s is not a valid VERITY device."
msgstr "Enheden %s er ikke en gyldig VERITY-enhed."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:97
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Ikke understøttet VERITY-version %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:128
msgid "VERITY header corrupted."
msgstr "VERITY-teksthovedet er ødelagt."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:165
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Forkert VERITY UUID-format indeholdt på enheden %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:198
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Fejl under opdatering af verity-teksthoved på enheden %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:256
msgid "Root hash signature verification is not supported."
msgstr "Roothash-signaturverifikation er ikke understøttet."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:267
msgid "Errors cannot be repaired with FEC device."
msgstr "Fejl kan ikke repareres med FEC-enhed."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:269
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Fandt %u fejl der kan repareres med FEC-enhed."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:308
msgid "Kernel does not support dm-verity mapping."
msgstr "Kerne understøtter ikke dm-verity-oversættelse."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:312
msgid "Kernel does not support dm-verity signature option."
msgstr "Kerne understøtter ikke dm-verity-signaturtilvalg."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:323
msgid "Verity device detected corruption after activation."
msgstr "Verity-enheden registrerede korruption efter aktivering."
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Ledigt område nulstilles ikke (»not zeroed«) på position %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290
+#: lib/verity/verity_hash.c:303
msgid "Device offset overflow."
msgstr "Forskydningsoverløb for enhed."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:203
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Verificering mislykkedes på position %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:276
+msgid "Invalid size parameters for verity device."
+msgstr "Ugyldig størrelse for parametre for verity-enhed."
+
+#: lib/verity/verity_hash.c:296
msgid "Hash area overflow."
msgstr "Hashområdeoverløb."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:373
msgid "Verification of data area failed."
msgstr "Verifikation af dataområde mislykkedes."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:378
msgid "Verification of root hash failed."
msgstr "Verifikation af root-hash mislykkedes."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:384
msgid "Input/output error while creating hash area."
msgstr "Inddata/uddata-fejl under oprettelse af hash-område."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:386
msgid "Creation of hash area failed."
msgstr "Oprettelse af hash-område mislykkedes."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:433
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "ADVARSEL: Kerne kan ikke aktivere enhed hvis dataenes blokstørrelse er større end sidestørrelsen (%u)."
msgid "Failed to allocate RS context."
msgstr "Kunne ikke allokere RS-kontekst."
-#: lib/verity/verity_fec.c:149
+#: lib/verity/verity_fec.c:146
msgid "Failed to allocate buffer."
msgstr "Kunne ikke allokere buffer."
-#: lib/verity/verity_fec.c:159
+#: lib/verity/verity_fec.c:156
#, c-format
msgid "Failed to read RS block %<PRIu64> byte %d."
msgstr "Kunne ikke læse RS-blok %<PRIu64> byte %d."
-#: lib/verity/verity_fec.c:172
+#: lib/verity/verity_fec.c:169
#, c-format
msgid "Failed to read parity for RS block %<PRIu64>."
msgstr "Kunne ikke læse paritet for RS-blok %<PRIu64>."
-#: lib/verity/verity_fec.c:180
+#: lib/verity/verity_fec.c:177
#, c-format
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Kunne ikke reparere paritet for blok %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:188
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Kunne ikke skrive paritet for RS-blok %<PRIu64>.."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:223
msgid "Block sizes must match for FEC."
msgstr "Blokstørrelser skal matche for FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:229
msgid "Invalid number of parity bytes."
msgstr "Ugyldigt antal paritetsbyte."
-#: lib/verity/verity_fec.c:238
-#, fuzzy
-msgid "Invalid FEC segment length."
-msgstr "Ugyldig signaturfil %s."
-
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:265
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Kunne ikke bestemme størrelsen på enheden %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:271 lib/integrity/integrity.c:343
msgid "Kernel does not support dm-integrity mapping."
msgstr "Kerne understøtter ikke dm-integrity-oversættelse."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:277
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Kerne understøtter ikke dm-integrity fast metadatajustering."
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959
+#: lib/luks2/luks2_json_metadata.c:1244
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Kunne ikke indhente skrivelås på enheden %s."
msgid "Requested data offset is too small."
msgstr "Forespurgte dataforskydning er for lille."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:271
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "ADVARSEL: nøglepladsområde (%<PRIu64> byte) er meget lille, tilgængelige LUKS2-nøglepladsantal er meget begrænset.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
+#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1074
+#: lib/luks2/luks2_json_metadata.c:1150 lib/luks2/luks2_keyslot_luks2.c:92
#: lib/luks2/luks2_keyslot_luks2.c:114
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Kunne ikke indhente læselås på enheden %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1167
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Forbudt LUKS2-krav registreret i sikkerhedskopien %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1208
msgid "Data offset differ on device and backup, restore failed."
msgstr "Dataforskydning er forskellig på enhed eller sikkerhedskopi, gendannelse mislykkedes."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1214
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Binær teksthoved med nøglepladsområdestørrelse er forskellige på enhed eller sikkerhedskopi, gendannelse mislykkedes."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1221
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Enheden %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1222
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "indeholder ikke LUKS2-teksthoveder. Erstatning af teksthoved kan ødelægge data på den enhed."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1223
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "indeholder allerede LUKS2-teksthoveder. Erstatning af teksthoveder vil ødelægge eksisterende nøglepladser."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1225
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"ADVARSEL: Ukendte LUKS2-krav registreret i reel enhedsteksthoved!\n"
"Erstatning af teksthoved med sikkerhedskopi kan ødelægge data på den enhed!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1227
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"ADVARSEL: Ufærdig frakoblet omkryptering registreret på enheden!\n"
"Erstatning af teksthoved med sikkerhedskopi kan ødelægge data."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1323
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Ignorerede ukendt flag %s."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2010 lib/luks2/luks2_reencrypt.c:1746
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Manglende nøgle for dm-crypt-segmentet %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2022 lib/luks2/luks2_reencrypt.c:1764
msgid "Failed to set dm-crypt segment."
msgstr "Kunne ikke angive dm-crypt-segmentet."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2028 lib/luks2/luks2_reencrypt.c:1770
msgid "Failed to set dm-linear segment."
msgstr "Kunne ikke angive dm-linear-segmentet."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2155
msgid "Unsupported device integrity configuration."
msgstr "Ikke understøttet konfiguration for enhedsintegritet."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2236
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Omkryptering i gang. Kan ikke deaktivere enhed."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2247 lib/luks2/luks2_reencrypt.c:3190
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Kunne ikke erstatte enheden %s i dvale med dm-error-mål."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2327
msgid "Failed to read LUKS2 requirements."
msgstr "Kunne ikke læse LUKS2-krav."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2334
msgid "Unmet LUKS2 requirements detected."
msgstr "Uopfyldte LUKS2-krav registreret."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2342
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Operation er ikke kompatibel med enhed markeret for forældet omkryptering. Afbryder."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2344
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Operation er ikke kompatibel med enhed markeret for LUKS2-omkryptering. Afbryder."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584
msgid "Not enough available memory to open a keyslot."
msgstr "Ikke nok hukommelse tilgængelig til at åbne en nøgleplads."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586
msgid "Keyslot open failed."
msgstr "Åbning af nøgleplads mislykkedes."
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Kan ikke flytte nøglepladsområde. LUKS2-nøglepladsområdet er for lille."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:887
msgid "Unable to move keyslot area."
msgstr "Kan ikke flytte nøglepladsområde."
"Kan ikke konvertere til LUKS1-format - nøglepladsen %u er ikke\n"
"LUKS1-kompatibel."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:892
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Hotzonestørrelsen skal være et multiplum af beregnet zonejustering (%zu byte)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:897
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Enhedsstørrelsen skal være et multiplum af beregnet zonejustering (%zu byte)."
-#: lib/luks2/luks2_reencrypt.c:1051
+#: lib/luks2/luks2_reencrypt.c:941
#, c-format
msgid "Unsupported resilience mode %s"
msgstr "Resilience-tilstanden %s er ikke understøttet"
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313
+#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430
+#: lib/luks2/luks2_reencrypt.c:3030
msgid "Failed to initialize old segment storage wrapper."
msgstr "Kunne ikke initialisere gammelt lageromslag for segmentet."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291
msgid "Failed to initialize new segment storage wrapper."
msgstr "Kunne ikke initialisere nyt lageromslag for segmentet."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1340
msgid "Failed to read checksums for current hotzone."
msgstr "Kunne ikke læse kontrolsummer for nuværende hotzone."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Kunne ikke læse hotzone-område startende på %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1366
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Kunne ikke dekryptere sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1372
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Kunne ikke gendanne sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:1867
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Størrelsen på kilde- og målenhed er forskellig. Kilde %<PRIu64>, mål: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:1965
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Kunne ikke køre aktivere hotzone-enheden %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:1982
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Kunne ikke aktivere overlagsenheden %s med faktiske origin-tabel."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:1989
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Kunne ikke indlæse ny oversættelse for enheden %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2060
msgid "Failed to refresh reencryption devices stack."
msgstr "Kunne ikke opdatere omkrypteringsenhedsstakken."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2216
msgid "Failed to set new keyslots area size."
msgstr "Kunne ikke angive områdestørrelse for nye nøglepladser."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2318
#, c-format
msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr "Dataflytning er ikke justeret til den anmodede krypteringssektorstørrelse (%<PRIu32> byte)."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2339
#, c-format
msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr "Datanhed er ikke justeret til den anmodede krypteringssektorstørrelse (%<PRIu32> byte)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:2360
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Dataskift (%<PRIu64> sektorer) er mindre end fremtidig dataforskydning (%<PRIu64> sektorer)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779
+#: lib/luks2/luks2_reencrypt.c:2800
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Kan ikke åbne %s i eksklusiv tilstand (allerede kortlagt eller monteret)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:2534
msgid "Device not marked for LUKS2 reencryption."
msgstr "Enhed er ikke markeret for LUKS2-omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295
msgid "Failed to load LUKS2 reencryption context."
msgstr "Kunne ikke indlæse LUKS2-omkrypteringskontekst."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:2619
msgid "Failed to get reencryption state."
msgstr "Kunne ikke indhente omkrypteringstilstand."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:2623
msgid "Device is not in reencryption."
msgstr "Enheden er ikke under omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:2630
msgid "Reencryption process is already running."
msgstr "Omkrypteringsproces er allerede i gang."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:2632
msgid "Failed to acquire reencryption lock."
msgstr "Kunne ikke indhente omkrypteringslås."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:2650
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Kan ikke fortsætte med omkryptering. Kør omkrypteringsgendannelse først."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:2750
msgid "Active device size and requested reencryption size don't match."
msgstr "Aktiv enhedsstørrelse og anmodet sektorstørrelse er forskellige."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:2764
msgid "Illegal device size requested in reencryption parameters."
msgstr "Ugyldig enhedsstørrelse i omkrypteringsparametrene."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:2834
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Omkryptering er i gang. Kan ikke udføre gendannelse."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:2906
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "LUKS2-omkryptering er allerede initialiseret i metadata."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:2913
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Kunne ikke initialisere LUKS2-omkryptering i metadata."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3004
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Kunne ikke angive enhedssegmenter for næste omkrypteringshotzone."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3046
msgid "Failed to write reencryption resilience metadata."
msgstr "Kunne ikke skrive resilience-metadata for omkryptering."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3053
msgid "Decryption failed."
msgstr "Dekryptering mislykkedes."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3058
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Kunne ikke skrive hotzoneområde startende på %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3063
msgid "Failed to sync data."
msgstr "Kunne ikke synkronisere data."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3071
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Kunne ikke opdatere metadata efter nuværende omkrypteringshotzone var fuldført."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:3138
msgid "Failed to write LUKS2 metadata."
msgstr "Kunne ikke skrive LUKS2-metadata."
-#: lib/luks2/luks2_reencrypt.c:3382
+#: lib/luks2/luks2_reencrypt.c:3161
msgid "Failed to wipe backup segment data."
msgstr "Kunne ikke rydde segmentdata for sikkerhedskopien."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Kunne ikke tildele symbolet %d til nøglepladsen %d."
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "Kunne ikke indhente omkrypteringslås."
+#: lib/luks2/luks2_reencrypt.c:3174
+msgid "Failed to disable reencryption requirement flag."
+msgstr "Kunne ikke deaktivere kravflag for omkrypteringen."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:3182
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Der opstod en fatal fejl under omkryptering af kodestump startende på %<PRIu64>, %<PRIu64> sektorer i alt."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:3191
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Genaktiver ikke enheden med mindre erstattet med fejlmål manuelt."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:3240
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Kan ikke fortsætte med omkryptering. Uventet omkrypteringsstatus."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:3246
msgid "Missing or invalid reencrypt context."
msgstr "Manglende eller ugyldig omkrypteringskontekst."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:3253
msgid "Failed to initialize reencryption device stack."
msgstr "Kunne ikke initialisere enhedsstak for omkryptering."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308
msgid "Failed to update reencryption context."
msgstr "Kunne ikke opdatere omkrypteringskontekst."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "Nøglepladsen %d er ugyldig."
-
-#: lib/luks2/luks2_token.c:263
+#: lib/luks2/luks2_token.c:262
msgid "No free token slot."
msgstr "Ingen frie symbolpladser."
-#: lib/luks2/luks2_token.c:270
+#: lib/luks2/luks2_token.c:269
#, c-format
msgid "Failed to create builtin token %s."
msgstr "Kunne ikke oprette indbygget symbol %s."
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:163
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "Kan ikke udføre verificering af adgangsfrase på ikke-tty-inddata."
-#: src/cryptsetup.c:261
+#: src/cryptsetup.c:216
msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr "Parametre til kryptering af nøgleplads kan kun angives for LUKS2-enhed."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:246 src/cryptsetup.c:955 src/cryptsetup.c:1280
+#: src/cryptsetup.c:3084 src/cryptsetup_reencrypt.c:716
+#: src/cryptsetup_reencrypt.c:786
msgid "No known cipher specification pattern detected."
msgstr "Ikke kendt specifikationsmønster for krypteringsalgoritme registreret."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:254
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "ADVARSEL: Parameteren --hash bliver ignoreret i ren (plain) tilstand med nøglefil specificeret.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:262
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "ADVARSEL: Tilvalget --keyfile-size bliver ignoreret, læsestørrelsen er den samme som størrelsen for krypteringsnøglen.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:302
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Registrerede enhedssignaturer på %s. Videre behandling kan beskadige eksisterende data."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:308 src/cryptsetup.c:1101 src/cryptsetup.c:1153
+#: src/cryptsetup.c:1257 src/cryptsetup.c:1330 src/cryptsetup.c:1985
+#: src/cryptsetup.c:2621 src/cryptsetup.c:2744 src/integritysetup.c:232
msgid "Operation aborted.\n"
msgstr "Operation afbrudt.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:376
msgid "Option --key-file is required."
msgstr "Tilvalget --key-file er krævet."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:429
msgid "Enter VeraCrypt PIM: "
msgstr "Indtast VeraCrypt-PIM: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:438
msgid "Invalid PIM value: parse error."
msgstr "Ugyldig PIM-værdi: fortolkningsfejl."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:441
msgid "Invalid PIM value: 0."
msgstr "Ugyldig PIM-værdi: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:444
msgid "Invalid PIM value: outside of range."
msgstr "Ugyldig PIM-værdi: uden for interval."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:467
msgid "No device header detected with this passphrase."
msgstr "Intet enhedsteksthoved registreret med denne adgangsfrase."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:536
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Enheden %s er ikke en gyldig BITLK-enhed."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:571 src/cryptsetup.c:2012
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"som giver adgang til krypteret partition uden adgangsfrase.\n"
"Dette dump bør altid lagres krypteret et sikkert sted."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:668
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Enheden %s er stadig aktiv og planlagt til udskudt fjernelse.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:696
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Ændring af størrelse på aktiv enhed kræver diskenhedsnøgle i nøglering men tilvalget --disable-keyring er ikke angivet."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:833
msgid "Benchmark interrupted."
msgstr "Sammenligning afbrudt."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:854
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s -\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:856
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iterationer per sekund for %zu-bit nøgle\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:870
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s .\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:872
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iterationer, %5u hukommelse, %1u parallelle tråde (CPU'er) for %zu-bit nøgle (anmodet %u ms time)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:896
msgid "Result of benchmark is not reliable."
msgstr "Sammenligningens resultat er ikke troværdigt."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:947
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Test bruger kun hukommelse omtrentlig (ingen lager-IO).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:981
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algoritme | Nøgle | Kryptering | Dekryptering\n"
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "Krypteringsalgoritmen %s-%s (nøglestørrelse %zd bit) er ikke tilgængelig."
+#: src/cryptsetup.c:985
+#, c-format
+msgid "Cipher %s is not available."
+msgstr "Krypteringsalgoritmen %s er ikke tilgængelig."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1005
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritme | Nøgle | Kryptering | Dekryptering\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1014
msgid "N/A"
msgstr "-"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1094
msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
+"Seems device does not require reencryption recovery.\n"
+"Do you want to proceed anyway?"
msgstr ""
+"Ser ud til at enheden ikke kræver omkrypteringsgendannelse.\n"
+"Ønsker du at fortsætte alligevel?"
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Indtast adgangsfrase for omkrypteringsgendannelse: "
-
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1100
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Fortsæt med LUKS2-omkrypteringsgendannelse?"
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Indtast adgangsfrase for omkrypteringsgendannelse: "
-
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1109
msgid "Enter passphrase for reencryption recovery: "
msgstr "Indtast adgangsfrase for omkrypteringsgendannelse: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1152
msgid "Really try to repair LUKS device header?"
msgstr "Skal LUKS-enhedsteksthovedet forsøges repareres?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1171 src/integritysetup.c:145
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Rydder enhed for at initialisere integritetskontrolsum.\n"
"Du kan afbryde dette ved at trykke på CTRL+c (resten af ikke ryddet enhed vil indeholder ugyldig kontrolsum).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1193 src/integritysetup.c:167
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Kan ikke deaktivere midlertidig enhed %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1242
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Integritetstilvalg kan kun bruges for LUKS2-format."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1247 src/cryptsetup.c:1307
msgid "Unsupported LUKS2 metadata size options."
msgstr "Indstillinger for LUKS2-metadatastørrelse er ikke understøttet."
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1264
#, c-format
msgid "Cannot create header file %s."
msgstr "Kan ikke oprette teksthovedfilen %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1287 src/integritysetup.c:194 src/integritysetup.c:203
+#: src/integritysetup.c:212 src/integritysetup.c:283 src/integritysetup.c:292
+#: src/integritysetup.c:302
msgid "No known integrity specification pattern detected."
msgstr "Ikke kendt specifikationsmønster for krypteringsalgoritme registreret."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1300
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Kan ikke bruge %s på on-disk-teksthoved."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1324 src/integritysetup.c:226
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Dette vil uigenkaldeligt overskrive data på %s."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1365 src/cryptsetup.c:1699 src/cryptsetup.c:1766
+#: src/cryptsetup.c:1868 src/cryptsetup.c:1934 src/cryptsetup_reencrypt.c:546
msgid "Failed to set pbkdf parameters."
msgstr "Kunne ikke angive pbkdf-parametre."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1450
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Reduceret dataforskydning er kun tilladt for frakoblet LUKS-teksthoved."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1461 src/cryptsetup.c:1772
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Kan ikke bestemme nøglestørrelsen på diskenheden for LUKS uden nøglepladser, brug venligst tilvalget --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1499
msgid "Device activated but cannot make flags persistent."
msgstr "Enhed aktiveret men kan ikke gøre flag vedvarende."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1580 src/cryptsetup.c:1650
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Nøgleplads %d valgt for sletning."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1592 src/cryptsetup.c:1653
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Dette er den sidste nøgleplads. Enheden vil blive ubrugelig efter fjernelse af denne nøgle."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1593
msgid "Enter any remaining passphrase: "
msgstr "Indtast en eventuel tilbageværende adgangsfrase: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1594 src/cryptsetup.c:1655
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operation afbrudt, nøglepladsen var IKKE ryddet.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1632
msgid "Enter passphrase to be deleted: "
msgstr "Indtast adgangsfrase som skal slettes: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1713 src/cryptsetup.c:1787 src/cryptsetup.c:1821
msgid "Enter new passphrase for key slot: "
msgstr "Indtast ny adgangsfrase for nøgleplads: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1804 src/cryptsetup_reencrypt.c:1336
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Indtast en eventuel eksisterende adgangsfrase: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1872
msgid "Enter passphrase to be changed: "
msgstr "Indtast adgangsfrase som skal ændres: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1888 src/cryptsetup_reencrypt.c:1322
msgid "Enter new passphrase: "
msgstr "Indtast ny adgangsfrase: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1938
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Indtast adgangsfrase for nøgleplads til konvertering: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1962
msgid "Only one device argument for isLuks operation is supported."
msgstr "Kun et enhedsargument for isLuks-operation er understøttet."
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Teksthoveddump med diskenhedsnøgle er sensitiv information\n"
-"som giver adgang til krypteret partition uden adgangsfrase.\n"
-"Dette dump bør altid lagres krypteret et sikkert sted."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Nøglepladsen %d er ikke aktiv."
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Teksthoveddump med diskenhedsnøgle er sensitiv information\n"
-"som giver adgang til krypteret partition uden adgangsfrase.\n"
-"Dette dump bør altid lagres krypteret et sikkert sted."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s er ikke en cryptsetup-håndteret enhed."
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2146 src/cryptsetup.c:2167
msgid "Option --header-backup-file is required."
msgstr "Tilvalget --header-backup-file er krævet."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2197
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s er ikke en cryptsetup-håndteret enhed."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2208
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Opdater er ikke understøttet for enhedstypen %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2250
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Metadataenhedstypen %s blev ikke genkendt."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2253
msgid "Command requires device and mapped name as arguments."
msgstr "Kommandoen kræver enhedsnavn og oversat navn som argumenter."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2275
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Denne operation vil slette alle nøglepladser på enheden %s.\n"
"Enheden vil blive ubrugelig efter denne operation."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2282
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operation afbrudt, nøglepladser blev IKKE fjernet (wiped).\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2319
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Ugyldig LUKS-type, kun luks1 og luks2 er understøttet."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2337
#, c-format
msgid "Device is already %s type."
msgstr "Enheden er allerede %s-type."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2342
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Denne operation vil konvertere %s til %s-format.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2348
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operation afbrudt, enheden blev IKKE konverteret.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2388
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Tilvalget --priority, --label eller --subsystem mangler."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2422 src/cryptsetup.c:2455 src/cryptsetup.c:2478
#, c-format
msgid "Token %d is invalid."
msgstr "Symbolet %d er ugyldigt."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2425 src/cryptsetup.c:2481
#, c-format
msgid "Token %d in use."
msgstr "Symbolet %d er i brug."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2432
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Kunne ikke tilføje luks2-keyringsymbolet %d."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2503
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Kunne ikke tildele symbolet %d til nøglepladsen %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2458
#, c-format
msgid "Token %d is not in use."
msgstr "Symbolet %d er ikke i brug."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2493
msgid "Failed to import token from file."
msgstr "Kunne ikke importere symbol fra fil."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2518
#, c-format
msgid "Failed to get token %d for export."
msgstr "Kunne ikke indhente symbolet %d for eksport."
-#: src/cryptsetup.c:2724
+#: src/cryptsetup.c:2533
msgid "--key-description parameter is mandatory for token add action."
msgstr "parameteren --key-description er obligatorisk for symbol tilføj-handling."
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
+#: src/cryptsetup.c:2539 src/cryptsetup.c:2547
msgid "Action requires specific token. Use --token-id parameter."
msgstr "Handling kræver specifik symbol. Brug parameteren --token-id."
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2552
#, c-format
msgid "Invalid token operation %s."
msgstr "Ugyldig symboloperation %s."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2607
#, c-format
msgid "Auto-detected active dm device '%s' for data device %s.\n"
msgstr "Automatisk registreret aktiv dm-enhed »%s« for dataenheden %s.\n"
-#: src/cryptsetup.c:2802
+#: src/cryptsetup.c:2611
#, c-format
msgid "Device %s is not a block device.\n"
msgstr "Enheden %s er ikke en blokenhed.\n"
-#: src/cryptsetup.c:2804
+#: src/cryptsetup.c:2613
#, c-format
msgid "Failed to auto-detect device %s holders."
msgstr "Kunne ikke automatisk registrere enheds-%s-holdere."
-#: src/cryptsetup.c:2806
+#: src/cryptsetup.c:2615
#, c-format
msgid ""
"Unable to decide if device %s is activated or not.\n"
"For at afvikle omkryptering i frakoblet tilstand bruges parameteren\n"
"--active-name.\n"
-#: src/cryptsetup.c:2886
+#: src/cryptsetup.c:2695
msgid "Invalid LUKS device type."
msgstr "Ugyldig LUKS-enhedstype."
-#: src/cryptsetup.c:2891
+#: src/cryptsetup.c:2700
msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
msgstr "Kryptering uden frakoblet teksthoved (--header) er ikke muligt uden størrelsesreduktion for dataenhed (--reduce-device-size)."
-#: src/cryptsetup.c:2896
+#: src/cryptsetup.c:2705
msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
msgstr "Anmodte dataforskydning skal være mindre end eller lig med halvdelen af --reduce-device-size parameter."
-#: src/cryptsetup.c:2905
+#: src/cryptsetup.c:2714
#, c-format
msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
msgstr "Justerer --reduce-device-size value til det dobbelte af --offset %<PRIu64> (sektorer).\n"
-#: src/cryptsetup.c:2909
+#: src/cryptsetup.c:2718
msgid "Encryption is supported only for LUKS2 format."
msgstr "Kryptering er kun understøttet for formatet LUKS2."
-#: src/cryptsetup.c:2932
+#: src/cryptsetup.c:2740
#, c-format
msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
msgstr "Registrerede LUKS-enhed på %s. Ønsker du at kryptere den LUKS-enhed igen?"
-#: src/cryptsetup.c:2950
+#: src/cryptsetup.c:2755
#, c-format
msgid "Temporary header file %s already exists. Aborting."
msgstr "Midlertidig teksthovedfil %s findes allerede. Afbryder."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
+#: src/cryptsetup.c:2757 src/cryptsetup.c:2764
#, c-format
msgid "Cannot create temporary header file %s."
msgstr "Kan ikke oprette midlertidig teksthovedfil %s."
-#: src/cryptsetup.c:3026
+#: src/cryptsetup.c:2828
#, c-format
msgid "%s/%s is now active and ready for online encryption.\n"
msgstr "%s/%s er nu aktiv og klar til kryptering via nettet.\n"
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
+#: src/cryptsetup.c:2992 src/cryptsetup.c:2998
msgid "Not enough free keyslots for reencryption."
msgstr "Ikke nok ledige nøglepladser for omkryptering."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
+#: src/cryptsetup.c:3018 src/cryptsetup_reencrypt.c:1287
msgid "Key file can be used only with --key-slot or with exactly one key slot active."
msgstr "Nøglefil kan kun bruges med --key-slot eller med præcis en aktiv nøgleplads."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
+#: src/cryptsetup.c:3027 src/cryptsetup_reencrypt.c:1334
+#: src/cryptsetup_reencrypt.c:1345
#, c-format
msgid "Enter passphrase for key slot %d: "
msgstr "Indtast adgangsfrase for nøgleplads %d: "
-#: src/cryptsetup.c:3240
+#: src/cryptsetup.c:3035
#, c-format
msgid "Enter passphrase for key slot %u: "
msgstr "Indtast adgangsfrase for nøgleplads %u: "
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
+#: src/cryptsetup.c:3202
msgid "Command requires device as argument."
msgstr "Kommandoen kræver enhed som argument."
-#: src/cryptsetup.c:3441
+#: src/cryptsetup.c:3224
msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
msgstr "Kun formatet LUKS2 er i øjeblikket understøttet. Brug venligst værktøjet cryptsetup-reencrypt for LUKS1."
-#: src/cryptsetup.c:3453
+#: src/cryptsetup.c:3236
msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
msgstr "Forældet frakoblet omkryptering er allerede i gang. Brug redskabet cryptsetup-reencrypt."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
+#: src/cryptsetup.c:3246 src/cryptsetup_reencrypt.c:178
msgid "Reencryption of device with integrity profile is not supported."
msgstr "Omkryptering af enhed med integritetsprofil er ikke understøttet."
-#: src/cryptsetup.c:3471
+#: src/cryptsetup.c:3254
msgid "LUKS2 reencryption already initialized. Aborting operation."
msgstr "LUKS2-omkryptering er allerede initialiseret. Afbryder operation."
-#: src/cryptsetup.c:3475
+#: src/cryptsetup.c:3258
msgid "LUKS2 device is not in reencryption."
msgstr "LUKS2-enheden er ikke i omkryptering."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:3285
msgid "<device> [--type <type>] [<name>]"
msgstr "<enhed> [--type <type>] [<navn>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:3285 src/veritysetup.c:394 src/integritysetup.c:474
msgid "open device as <name>"
msgstr "åbn enhed som <navn>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3286 src/cryptsetup.c:3287 src/cryptsetup.c:3288
+#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:475
+#: src/integritysetup.c:476
msgid "<name>"
msgstr "<navn>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3286 src/veritysetup.c:395 src/integritysetup.c:475
msgid "close device (remove mapping)"
msgstr "luk enhed (fjern oversættelse)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3287
msgid "resize active device"
msgstr "ændr størrelse på aktiv enhed"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3288
msgid "show device status"
msgstr "vis enhedsstatus"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3289
msgid "[--cipher <cipher>]"
msgstr "[--cipher <krypteringsalgoritme>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3289
msgid "benchmark cipher"
msgstr "krypteringsalgoritme for sammenligning"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3290 src/cryptsetup.c:3291 src/cryptsetup.c:3292
+#: src/cryptsetup.c:3293 src/cryptsetup.c:3294 src/cryptsetup.c:3301
+#: src/cryptsetup.c:3302 src/cryptsetup.c:3303 src/cryptsetup.c:3304
+#: src/cryptsetup.c:3305 src/cryptsetup.c:3306 src/cryptsetup.c:3307
+#: src/cryptsetup.c:3308 src/cryptsetup.c:3309
msgid "<device>"
msgstr "<enhed>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3290
msgid "try to repair on-disk metadata"
msgstr "prøv at reparere on-disk-metadata"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3291
msgid "reencrypt LUKS2 device"
msgstr "omkrypter LUKS2-enhed"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3292
msgid "erase all keyslots (remove encryption key)"
msgstr "slet alle nøglepladser (fjern krypteringsnøgle)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3293
msgid "convert LUKS from/to LUKS2 format"
msgstr "konverter LUKS fra/til LUKS2-format"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3294
msgid "set permanent configuration options for LUKS2"
msgstr "angiv permanente konfigurationstilvalg for LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3295 src/cryptsetup.c:3296
msgid "<device> [<new key file>]"
msgstr "<enhed> [<ny nøglefil>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3295
msgid "formats a LUKS device"
msgstr "formaterer en LUKS-enhed"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3296
msgid "add key to LUKS device"
msgstr "tilføj nøgle til LUKS-enhed"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3297 src/cryptsetup.c:3298 src/cryptsetup.c:3299
msgid "<device> [<key file>]"
msgstr "<enhed> [<nøglefil>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3297
msgid "removes supplied key or key file from LUKS device"
msgstr "fjerner leveret nøgle eller nøglefil fra LUKS-enhed"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3298
msgid "changes supplied key or key file of LUKS device"
msgstr "ændrer leveret nøgle eller nøglefil for LUKS-enhed"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3299
msgid "converts a key to new pbkdf parameters"
msgstr "konverterer en nøgle til nye pbkdf-parametre"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3300
msgid "<device> <key slot>"
msgstr "<enhed> <nøgleplads>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3300
msgid "wipes key with number <key slot> from LUKS device"
msgstr "rydder nøgle med nummer <nøgleplads> fra LUKS-enhed"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3301
msgid "print UUID of LUKS device"
msgstr "vis UUID for lUKS-enhed"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3302
msgid "tests <device> for LUKS partition header"
msgstr "tester <enhed> for LUKS-partitionsteksthoved"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3303
msgid "dump LUKS partition information"
msgstr "dump LUKS-partitionsinformation"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3304
msgid "dump TCRYPT device information"
msgstr "dump TCRYPT-enhedsinformation"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3305
msgid "dump BITLK device information"
msgstr "dump BITLK-enhedsinformation"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3306
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Suspender LUKS-enhed og ryd nøgle (alle IO'er fryses fast)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3307
msgid "Resume suspended LUKS device"
msgstr "Genoptag suspenderet LUKS-enhed"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3308
msgid "Backup LUKS device header and keyslots"
msgstr "Lav sikkerhedskopi af LUKS-enhedsteksthoved og nøglepladser"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3309
msgid "Restore LUKS device header and keyslots"
msgstr "Gendan LUKS-teksthoved og nøglepladser"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3310
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <enhed>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3310
msgid "Manipulate LUKS2 tokens"
msgstr "Manipuler LUKS2-symboler"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3328 src/veritysetup.c:412 src/integritysetup.c:492
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<handling> er en af:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3334
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3338
#, c-format
msgid ""
"\n"
"<nøgleplads> er LUKS-nøglens pladsnummer, der skal ændres\n"
"<nøglefil> valgfri nøglefil for den nye nøgle for luksAddKey-handling\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3345
#, c-format
msgid ""
"\n"
"\n"
"Standardindkompileret metadataformat er %s (for luksFormat-handling).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3350
#, c-format
msgid ""
"\n"
"Standard-PBKDF for LUKS2: %s\n"
"\tTterationtid: %d, hukommelse krævet: %dkB, parallelle tråde: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3361
#, c-format
msgid ""
"\n"
"\tplain: %s, Nøgle: %d bit, Adgangskodehashing: %s\n"
"\tLUKS: %s, Nøgle: %d bit, LUKS-teksthovedhashing: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3370
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: Standardstørrelse på nøgle med XTS-tilstand (to interne nøgler) vil blive fordoblet.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3386 src/veritysetup.c:569 src/integritysetup.c:634
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: kræver %s som argumenter"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3419 src/veritysetup.c:457 src/integritysetup.c:530
+#: src/cryptsetup_reencrypt.c:1600
msgid "Show this help message"
msgstr "Vis denne hjælpetekst"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3420 src/veritysetup.c:458 src/integritysetup.c:531
+#: src/cryptsetup_reencrypt.c:1601
msgid "Display brief usage"
msgstr "Vis en kort brugsmanual"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3421 src/veritysetup.c:459 src/integritysetup.c:532
+#: src/cryptsetup_reencrypt.c:1602
msgid "Print package version"
msgstr "Vis pakkeversion"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3425 src/veritysetup.c:463 src/integritysetup.c:536
+#: src/cryptsetup_reencrypt.c:1606
msgid "Help options:"
msgstr "Hjælpetilvalg:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
+#: src/cryptsetup.c:3426 src/veritysetup.c:464 src/integritysetup.c:537
+#: src/cryptsetup_reencrypt.c:1607
msgid "Shows more detailed error messages"
msgstr "Viser mere detaljerede fejlbeskeder"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup.c:3427 src/veritysetup.c:465 src/integritysetup.c:538
+#: src/cryptsetup_reencrypt.c:1608
msgid "Show debug messages"
msgstr "Vis fejlsøgningsbeskeder"
-#: src/cryptsetup.c:3646
+#: src/cryptsetup.c:3428
msgid "Show debug messages including JSON metadata"
msgstr "Vis fejlsøgningsbeskeder inklusive JSON-metadata"
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
+#: src/cryptsetup.c:3429 src/cryptsetup_reencrypt.c:1610
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Krypteringsalgoritmen brugt til at kryptere disken (se /proc/crypto)"
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
+#: src/cryptsetup.c:3430 src/cryptsetup_reencrypt.c:1612
msgid "The hash used to create the encryption key from the passphrase"
msgstr "Hashen brugt til at oprette krypteringsnøglen fra adgangsfrasen"
-#: src/cryptsetup.c:3649
+#: src/cryptsetup.c:3431
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verificerer adgangsfrasen ved at anmode om den to gange"
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
+#: src/cryptsetup.c:3432 src/cryptsetup_reencrypt.c:1614
msgid "Read the key from a file"
msgstr "Læs nøglen fra en fil"
-#: src/cryptsetup.c:3651
+#: src/cryptsetup.c:3433
msgid "Read the volume (master) key from file."
msgstr "Læs diskenhedens (master) nøgle fra fil."
-#: src/cryptsetup.c:3652
+#: src/cryptsetup.c:3434
msgid "Dump volume (master) key instead of keyslots info"
msgstr "Dump diskenheds (master) nøgle i stedet for information om nøgleplads"
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:3435 src/cryptsetup_reencrypt.c:1611
msgid "The size of the encryption key"
msgstr "Krypteringsnøglens størrelse"
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:3435 src/cryptsetup.c:3495 src/integritysetup.c:556
+#: src/integritysetup.c:560 src/integritysetup.c:564
+#: src/cryptsetup_reencrypt.c:1611
msgid "BITS"
msgstr "BIT"
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
+#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1627
msgid "Limits the read from keyfile"
msgstr "Begræns læsningen fra nøglefil"
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:3436 src/cryptsetup.c:3437 src/cryptsetup.c:3438
+#: src/cryptsetup.c:3439 src/cryptsetup.c:3442 src/cryptsetup.c:3492
+#: src/cryptsetup.c:3493 src/cryptsetup.c:3501 src/cryptsetup.c:3502
+#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470
+#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:545
+#: src/integritysetup.c:551 src/integritysetup.c:552
+#: src/cryptsetup_reencrypt.c:1626 src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup_reencrypt.c:1628 src/cryptsetup_reencrypt.c:1629
msgid "bytes"
msgstr "byte"
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
+#: src/cryptsetup.c:3437 src/cryptsetup_reencrypt.c:1626
msgid "Number of bytes to skip in keyfile"
msgstr "Antallet af byte at udelade i nøglefil"
-#: src/cryptsetup.c:3656
+#: src/cryptsetup.c:3438
msgid "Limits the read from newly added keyfile"
msgstr "Begræns læsningnen fra nyligt tilføjet nøglefil"
-#: src/cryptsetup.c:3657
+#: src/cryptsetup.c:3439
msgid "Number of bytes to skip in newly added keyfile"
msgstr "Antallet af byte at udelade i senest tilføjet nøglefil"
-#: src/cryptsetup.c:3658
+#: src/cryptsetup.c:3440
msgid "Slot number for new key (default is first free)"
msgstr "Pladsnummer for ny nøgle (standard er den første ledige)"
-#: src/cryptsetup.c:3659
+#: src/cryptsetup.c:3441
msgid "The size of the device"
msgstr "Størrelse på enheden"
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
+#: src/cryptsetup.c:3441 src/cryptsetup.c:3443 src/cryptsetup.c:3444
+#: src/cryptsetup.c:3450 src/integritysetup.c:546 src/integritysetup.c:553
msgid "SECTORS"
msgstr "SEKTORER"
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:3442 src/cryptsetup_reencrypt.c:1629
msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
msgstr "Brug kun specificeret enhedstørrelse (ignorer resten af enheden). FARLIGT!"
-#: src/cryptsetup.c:3661
+#: src/cryptsetup.c:3443
msgid "The start offset in the backend device"
msgstr "Startforskydningen i motorenheden"
-#: src/cryptsetup.c:3662
+#: src/cryptsetup.c:3444
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Antal sektorer med krypterede data som skal udelades i begyndelsen"
-#: src/cryptsetup.c:3663
+#: src/cryptsetup.c:3445
msgid "Create a readonly mapping"
msgstr "Opret en skrivebeskyttet oversættelse"
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
+#: src/cryptsetup.c:3446 src/integritysetup.c:539
+#: src/cryptsetup_reencrypt.c:1617
msgid "Do not ask for confirmation"
msgstr "Anmod ikke om bekræftelse"
-#: src/cryptsetup.c:3665
+#: src/cryptsetup.c:3447
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Tidsudløb for interaktiv adgangsfraseprompt (i sekunder)"
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:3447 src/cryptsetup.c:3448 src/integritysetup.c:540
+#: src/cryptsetup_reencrypt.c:1618
msgid "secs"
msgstr "sek"
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:3448 src/integritysetup.c:540
+#: src/cryptsetup_reencrypt.c:1618
msgid "Progress line update (in seconds)"
msgstr "Statuslinjeopdatering (i sekunder)"
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
+#: src/cryptsetup.c:3449 src/cryptsetup_reencrypt.c:1619
msgid "How often the input of the passphrase can be retried"
msgstr "Hvor ofte inddata for adgangsfrasen kan indhentes"
-#: src/cryptsetup.c:3668
+#: src/cryptsetup.c:3450
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Juster belastning ved <n> sektorgrænser - for luksFormat"
-#: src/cryptsetup.c:3669
+#: src/cryptsetup.c:3451
msgid "File with LUKS header and keyslots backup"
msgstr "Fil med LUKS-teksthoved og sikkerhedskopi af nøglepladser"
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
+#: src/cryptsetup.c:3452 src/cryptsetup_reencrypt.c:1620
msgid "Use /dev/random for generating volume key"
msgstr "Brug /dev/random til oprettelse af diskenhedsnøgle"
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
+#: src/cryptsetup.c:3453 src/cryptsetup_reencrypt.c:1621
msgid "Use /dev/urandom for generating volume key"
msgstr "Brug /dev/urandom til oprettelse af diskenhedsnøgle"
-#: src/cryptsetup.c:3672
+#: src/cryptsetup.c:3454
msgid "Share device with another non-overlapping crypt segment"
msgstr "Del enhed med et andet ikkeoverlappende kryptsegment"
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
+#: src/cryptsetup.c:3455 src/veritysetup.c:477
msgid "UUID for device to use"
msgstr "UUID som enheden skal bruge"
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
+#: src/cryptsetup.c:3456
msgid "Allow discards (aka TRIM) requests for device"
msgstr "Tillader fjernelsesforespørgsler (a.k.a. TRIM) for enhed"
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
+#: src/cryptsetup.c:3457 src/cryptsetup_reencrypt.c:1638
msgid "Device or file with separated LUKS header"
msgstr "Enhed eller fil med adskilt LUKS-teksthoved"
-#: src/cryptsetup.c:3676
+#: src/cryptsetup.c:3458
msgid "Do not activate device, just check passphrase"
msgstr "Aktiver ikke enhed, kontroller bare adgangsfrase"
-#: src/cryptsetup.c:3677
+#: src/cryptsetup.c:3459
msgid "Use hidden header (hidden TCRYPT device)"
msgstr "Brug skjult teksthoved (skjult TCRYPT-enhed)"
-#: src/cryptsetup.c:3678
+#: src/cryptsetup.c:3460
msgid "Device is system TCRYPT drive (with bootloader)"
msgstr "Enhed er system-TCRYPT-drev (med opstartsindlæser)"
-#: src/cryptsetup.c:3679
+#: src/cryptsetup.c:3461
msgid "Use backup (secondary) TCRYPT header"
msgstr "Brug sikkerhedskopi (sekundær) TCRYPT-teksthoved"
-#: src/cryptsetup.c:3680
+#: src/cryptsetup.c:3462
msgid "Scan also for VeraCrypt compatible device"
msgstr "Skan også for VeraCrypt-kompatibel enhed"
-#: src/cryptsetup.c:3681
+#: src/cryptsetup.c:3463
msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Personlig iterationmultiplikator for VeraCrypt-kompatibel enhed"
-#: src/cryptsetup.c:3682
+#: src/cryptsetup.c:3464
msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Forespørg personlig iterationmultiplikator for VeraCrypt-kompatibel enhed"
-#: src/cryptsetup.c:3683
+#: src/cryptsetup.c:3465
msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
msgstr "Type for enhedsmetadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/cryptsetup.c:3684
+#: src/cryptsetup.c:3466
msgid "Disable password quality check (if enabled)"
msgstr "Deaktiver kontrol af adgangskodens kvalitet (hvis aktiveret)"
-#: src/cryptsetup.c:3685
+#: src/cryptsetup.c:3467
msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
msgstr "Brug tilvalgene dm-crypt og same_cpu_crypt for ydelseskompatibilitet"
-#: src/cryptsetup.c:3686
+#: src/cryptsetup.c:3468
msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
msgstr "Brug tilvalgene dm-crypt og submit_from_crypt_cpus for ydelseskompatibilitet"
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
+#: src/cryptsetup.c:3469
msgid "Device removal is deferred until the last user closes it"
msgstr "Enhedsfjernelse er udskudt indtil den sidste bruger lukker enheden"
-#: src/cryptsetup.c:3690
+#: src/cryptsetup.c:3470
msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
msgstr "Brug global lås til at serialisere memory-hard-PBKDF (OOM-alternativ)"
-#: src/cryptsetup.c:3691
+#: src/cryptsetup.c:3471
msgid "PBKDF iteration time for LUKS (in ms)"
msgstr "PBKDF-iterationstid for LUKS (i ms)"
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup.c:3471 src/cryptsetup_reencrypt.c:1616
msgid "msecs"
msgstr "ms"
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
+#: src/cryptsetup.c:3472 src/cryptsetup_reencrypt.c:1634
msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
msgstr "PBKDF-algoritme (for LUKS2): argon2i, argon2id, pbkdf2"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:3473 src/cryptsetup_reencrypt.c:1635
msgid "PBKDF memory cost limit"
msgstr "PBKDF-hukommelsesomkostningsbegrænsning"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:3473 src/cryptsetup_reencrypt.c:1635
msgid "kilobytes"
msgstr "kilobyte"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:3474 src/cryptsetup_reencrypt.c:1636
msgid "PBKDF parallel cost"
msgstr "PBKDF-parallel omkostning"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:3474 src/cryptsetup_reencrypt.c:1636
msgid "threads"
msgstr "tråde"
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
+#: src/cryptsetup.c:3475 src/cryptsetup_reencrypt.c:1637
msgid "PBKDF iterations cost (forced, disables benchmark)"
msgstr "PBKDF-iterationsomkostning (tvunget, deaktiverer sammenligning)"
-#: src/cryptsetup.c:3696
+#: src/cryptsetup.c:3476
msgid "Keyslot priority: ignore, normal, prefer"
msgstr "Nøglepladsprioritet: ignore, normal, prefer"
-#: src/cryptsetup.c:3697
+#: src/cryptsetup.c:3477
msgid "Disable locking of on-disk metadata"
msgstr "Deaktiver låsning af on-disk-metadata"
-#: src/cryptsetup.c:3698
+#: src/cryptsetup.c:3478
msgid "Disable loading volume keys via kernel keyring"
msgstr "Deaktiver indlæsning af diskenhedsnøgler via kernenøglering"
-#: src/cryptsetup.c:3699
+#: src/cryptsetup.c:3479
msgid "Data integrity algorithm (LUKS2 only)"
msgstr "Dataintegritetsalgoritme (kun LUKS2)"
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
+#: src/cryptsetup.c:3480 src/integritysetup.c:567
msgid "Disable journal for integrity device"
msgstr "Deaktiver journal for integritetsenhed"
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
+#: src/cryptsetup.c:3481 src/integritysetup.c:541
msgid "Do not wipe device after format"
msgstr "Ryd ikke enhed efter formatering"
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
+#: src/cryptsetup.c:3482 src/integritysetup.c:571
msgid "Use inefficient legacy padding (old kernels)"
msgstr "Brug ineffektive forældede mellemrum (gamle kerner)"
-#: src/cryptsetup.c:3703
+#: src/cryptsetup.c:3483
msgid "Do not ask for passphrase if activation by token fails"
msgstr "Spørg ikke om adgangsfrase hvis aktivering via symbol mislykkes"
-#: src/cryptsetup.c:3704
+#: src/cryptsetup.c:3484
msgid "Token number (default: any)"
msgstr "Symbolnummer (standard: alle)"
-#: src/cryptsetup.c:3705
+#: src/cryptsetup.c:3485
msgid "Key description"
msgstr "Nøglebeskrivelse"
-#: src/cryptsetup.c:3706
+#: src/cryptsetup.c:3486
msgid "Encryption sector size (default: 512 bytes)"
msgstr "Sektorstørrelse for kryptering (standard: 512 byte)"
-#: src/cryptsetup.c:3707
-#, fuzzy
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Sektorstørrelse for kryptering (standard: 512 byte)"
-
-#: src/cryptsetup.c:3708
+#: src/cryptsetup.c:3487
msgid "Set activation flags persistent for device"
msgstr "Angiv aktiveringsflag vedvarende for enhed"
-#: src/cryptsetup.c:3709
+#: src/cryptsetup.c:3488
msgid "Set label for the LUKS2 device"
msgstr "Angiv etiket for LUKS2-enhed"
-#: src/cryptsetup.c:3710
+#: src/cryptsetup.c:3489
msgid "Set subsystem label for the LUKS2 device"
msgstr "Angiv undersystemetiket for LUKS2-enhed"
-#: src/cryptsetup.c:3711
-#, fuzzy
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#: src/cryptsetup.c:3490
+msgid "Create unbound (no assigned data segment) LUKS2 keyslot"
msgstr "Opret ubunden (intet tildelt datasegment) LUKS2-nøgleplads"
-#: src/cryptsetup.c:3712
+#: src/cryptsetup.c:3491
msgid "Read or write the json from or to a file"
msgstr "Læs eller skriv json fra eller til en fil"
-#: src/cryptsetup.c:3713
+#: src/cryptsetup.c:3492
msgid "LUKS2 header metadata area size"
msgstr "Størrelse på metadataområdet for LUKS2-teksthovedet"
-#: src/cryptsetup.c:3714
+#: src/cryptsetup.c:3493
msgid "LUKS2 header keyslots area size"
msgstr "Størrelse på nøglepladsområdet for LUKS2-teksthovedet"
-#: src/cryptsetup.c:3715
+#: src/cryptsetup.c:3494
msgid "Refresh (reactivate) device with new parameters"
msgstr "Opdater (genaktiver) enhed med nye parametre"
-#: src/cryptsetup.c:3716
+#: src/cryptsetup.c:3495
msgid "LUKS2 keyslot: The size of the encryption key"
msgstr "LUKS2-nøgleplads: Krypteringsnøglens størrelse"
-#: src/cryptsetup.c:3717
+#: src/cryptsetup.c:3496
msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
msgstr "LUKS2-nøgleplads: krypteringsalgoritmen brugt for nøglepladskryptering"
-#: src/cryptsetup.c:3718
+#: src/cryptsetup.c:3497
msgid "Encrypt LUKS2 device (in-place encryption)."
msgstr "Krypter LUKS2-enhed (på stedet kryptering)."
-#: src/cryptsetup.c:3719
+#: src/cryptsetup.c:3498
msgid "Decrypt LUKS2 device (remove encryption)."
msgstr "Dekrypter LUKS2-enhed (fjern kryptering)."
-#: src/cryptsetup.c:3720
+#: src/cryptsetup.c:3499
msgid "Initialize LUKS2 reencryption in metadata only."
msgstr "Initialiser LUKS2-omkryptering kun i metadata."
-#: src/cryptsetup.c:3721
+#: src/cryptsetup.c:3500
msgid "Resume initialized LUKS2 reencryption only."
msgstr "Genoptag kun initialiseret LUKS2-omkryptering."
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
+#: src/cryptsetup.c:3501 src/cryptsetup_reencrypt.c:1628
msgid "Reduce data device size (move data offset). DANGEROUS!"
msgstr "Reducer dataenhedstørrelse (flyt dataforskydning). FARLIGT!"
-#: src/cryptsetup.c:3723
+#: src/cryptsetup.c:3502
msgid "Maximal reencryption hotzone size."
msgstr "Maksimal størrelse for omkrypteringshotzone."
-#: src/cryptsetup.c:3724
+#: src/cryptsetup.c:3503
msgid "Reencryption hotzone resilience type (checksum,journal,none)"
msgstr "Resilience-type for omkrypteringshotzonen (checksum,journal,none)"
-#: src/cryptsetup.c:3725
+#: src/cryptsetup.c:3504
msgid "Reencryption hotzone checksums hash"
msgstr "Kontrolsumshash for omkrypteringshotzonen"
-#: src/cryptsetup.c:3726
+#: src/cryptsetup.c:3505
msgid "Override device autodetection of dm device to be reencrypted"
msgstr "Overskriv automatisk registrering af enhed for dm-enhed der skal omkrypteres"
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3521 src/veritysetup.c:499 src/integritysetup.c:587
msgid "[OPTION...] <action> <action-specific>"
msgstr "[TILVALG...] <handling> <handling-specifik>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3572 src/veritysetup.c:533 src/integritysetup.c:598
msgid "Argument <action> missing."
msgstr "Argument <handling> mangler."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3641 src/veritysetup.c:564 src/integritysetup.c:629
msgid "Unknown action."
msgstr "Ukendt handling."
-#: src/cryptsetup.c:3877
-#, fuzzy
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
+#: src/cryptsetup.c:3651
+msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
+msgstr "Parameteren --refresh er kun tilladt for kommandoerne open (åbn) eller refresh (opdater).\n"
+
+#: src/cryptsetup.c:3656
+msgid "Options --refresh and --test-passphrase are mutually exclusive.\n"
msgstr "Tilvalgene --refresh og --test-passphrase udelukker hinanden.\n"
-#: src/cryptsetup.c:3882
-#, fuzzy
-msgid "Option --deferred is allowed only for close command."
+#: src/cryptsetup.c:3661
+msgid "Option --deferred is allowed only for close command.\n"
msgstr "Tilvalget --deferred er kun tilladt for kommandoen close (luk).\n"
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
+#: src/cryptsetup.c:3666
+msgid "Option --shared is allowed only for open of plain device.\n"
msgstr "Tilvalget --shared er kun tilladt for åbning af en ren enhed.\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
+#: src/cryptsetup.c:3671
+msgid "Option --allow-discards is allowed only for open operation.\n"
msgstr "Tilvalget --allow-discards er kun tilladt for åbne operationer.\n"
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
+#: src/cryptsetup.c:3676
+msgid "Option --persistent is allowed only for open operation.\n"
msgstr "Tilvalget --persistent er kun tilladt for åben operation.\n"
-#: src/cryptsetup.c:3902
-#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#: src/cryptsetup.c:3681
+msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation.\n"
msgstr "Tilvalget --serialize-memory-hard-pbkdf er kun tilladt for åbne operationer.\n"
-#: src/cryptsetup.c:3907
-#, fuzzy
-msgid "Option --persistent is not allowed with --test-passphrase."
+#: src/cryptsetup.c:3686
+msgid "Option --persistent is not allowed with --test-passphrase.\n"
msgstr "Tilvalget --persistent er ikke tilladt med --test-passphrase.\n"
-#: src/cryptsetup.c:3917
+#: src/cryptsetup.c:3696
msgid ""
"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
"åbn- og sammenligningshandlinger. For at begrænse læsning fra nøglefilen bruges\n"
"--keyfile-size=(bytes)."
-#: src/cryptsetup.c:3923
-#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#: src/cryptsetup.c:3702
+msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n"
msgstr "Tilvalget --integrity er kun tilladt for luksFormat (LUKS2).\n"
-#: src/cryptsetup.c:3928
-#, fuzzy
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+#: src/cryptsetup.c:3707
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n"
msgstr "Tilvalget --integrity-no-wipe kan kun bruges for formathandling med integritetudvidelse.\n"
-#: src/cryptsetup.c:3934
-#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#: src/cryptsetup.c:3713
+msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"
msgstr "Tilvalget --label og --subsystem er kun tilladt for luksFormat og config LUKS2-operationer.\n"
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+#: src/cryptsetup.c:3719
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices.\n"
msgstr "Tilvalget --test-passphrase er kun tilladt for åbning af LUKS- TCRYPT- og BITLK-enheder.\n"
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:3724 src/cryptsetup_reencrypt.c:1701
msgid "Key size must be a multiple of 8 bits"
msgstr "Nøglestørrelse skal gå op i 8 bit"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:3730 src/cryptsetup_reencrypt.c:1387
+#: src/cryptsetup_reencrypt.c:1706
msgid "Key slot is invalid."
msgstr "Nøgleplads er ugyldig."
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3737
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Tilvalget --key-file har forrang over specificeret nøglefilsargument."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:3744 src/veritysetup.c:576 src/integritysetup.c:650
+#: src/cryptsetup_reencrypt.c:1680
msgid "Negative number for option not permitted."
msgstr "Negativ nummer for tilvalg er ikke tilladt."
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3748
msgid "Only one --key-file argument is allowed."
msgstr "Kun et argument for --key-file er tilladt."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:3752 src/cryptsetup_reencrypt.c:1672
+#: src/cryptsetup_reencrypt.c:1710
msgid "Only one of --use-[u]random options is allowed."
msgstr "Kun et af tilvalgene --use-[u]random er tilladt."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:3756
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "Tilvalget --use-[u]random er kun tilladt for luksFormat."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:3760
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "Tilvalget --uid er kun tilladt for luksFormat og luksUUID."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:3764
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "Tilvalget --align-payload er kun tilladt for luksFormat."
-#: src/cryptsetup.c:3989
+#: src/cryptsetup.c:3768
msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
msgstr "Tilvalgene --luks2-metadata-size og --opt-luks2-keyslots-size er kun tilladt for luksFormat med LUKS2."
-#: src/cryptsetup.c:3994
+#: src/cryptsetup.c:3773
msgid "Invalid LUKS2 metadata size specification."
msgstr "Ugyldig specifikation for størrelsen på LUKS2-metadata."
-#: src/cryptsetup.c:3998
+#: src/cryptsetup.c:3777
msgid "Invalid LUKS2 keyslots size specification."
msgstr "Ugyldig specifikation for størrelsen på LUKS2-nøgleplads."
-#: src/cryptsetup.c:4002
+#: src/cryptsetup.c:3781
msgid "Options --align-payload and --offset cannot be combined."
msgstr "Tilvalgene --align-payload og --offset kan ikke kombineres."
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:3787
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "Tilvalget --skip er kun understøttet for åbning af plain- og loopaes-enheder.\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:3794
+msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption.\n"
msgstr "Tilvalget --offset er kun understøttet for åbning af plain- og loopaes-enheder, luksFormat og enhedsomkryptering.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:3800
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "Tilvalgene --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup er kun understøttet for TCRYPT-enhed.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:3805
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "Tilvaget --tcrypt-hidden kan ikke kombineres med --allow-discards.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
+#: src/cryptsetup.c:3810
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "Tilvalget --veracrypt er kun understøttet for TCRYPT-enhedstype.\n"
-#: src/cryptsetup.c:4037
-#, fuzzy
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#: src/cryptsetup.c:3816
+msgid "Invalid argument for parameter --veracrypt-pim supplied.\n"
msgstr "Ugyldigt argument for parameteren --veracrypt-pim angivet.\n"
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:3820
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Tilvalget --veracrypt-pim er kun understøttet for VeraCrypt-kompatible enheder.\n"
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:3828
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Tilvalget --veracrypt-query-pim er kun understøttet for VeraCrypt-kompatible enheder.\n"
-#: src/cryptsetup.c:4053
-#, fuzzy
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+#: src/cryptsetup.c:3832
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"
msgstr "Tilvalgene --veracrypt-pim og --veracrypt-query-pm udelukker hinanden.\n"
-#: src/cryptsetup.c:4060
-#, fuzzy
-msgid "Option --priority can be only ignore/normal/prefer."
+#: src/cryptsetup.c:3839
+msgid "Option --priority can be only ignore/normal/prefer.\n"
msgstr "Tilvalget --priority kan kun være ignore/normal/prefer.\n"
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-#, fuzzy
-msgid "Keyslot specification is required."
+#: src/cryptsetup.c:3844
+msgid "Keyslot specification is required.\n"
msgstr "Nøglepladsspecifikation er krævet.\n"
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-#, fuzzy
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+#: src/cryptsetup.c:3849 src/cryptsetup_reencrypt.c:1686
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"
msgstr "Adgangskodebaseret nøgleudledningsfunktion (PBKDF) kan kun være pbkdf2 eller argon2i/argon2id.\n"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-#, fuzzy
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
+#: src/cryptsetup.c:3854 src/cryptsetup_reencrypt.c:1691
+msgid "PBKDF forced iterations cannot be combined with iteration time option.\n"
msgstr "PBKDF-tvungne iterationer kan ikke kombineres med tilvalg for iterationstid.\n"
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
+#: src/cryptsetup.c:3860
+msgid "Sector size option is not supported for this command.\n"
msgstr "Tilvalg for sektorstørrelse er ikke understøttet for denne kommando.\n"
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:3866
+msgid "Unsupported encryption sector size.\n"
+msgstr "Krypteringsektorstørrelsen er ikke understøttet.\n"
-#: src/cryptsetup.c:4098
-#, fuzzy
-msgid "Key size is required with --unbound option."
+#: src/cryptsetup.c:3871
+msgid "Key size is required with --unbound option.\n"
msgstr "Nøglestørrelse er krævet med tilvalget --unbound.\n"
-#: src/cryptsetup.c:4108
-#, fuzzy
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#: src/cryptsetup.c:3876
+msgid "Option --unbound may be used only with luksAddKey action.\n"
msgstr "Tilvalget --unbound kan kun bruges med luksAddKey-handlingen.\n"
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
+#: src/cryptsetup.c:3881
+msgid "Option --refresh may be used only with open action.\n"
msgstr "Tilvalget --refresh kan kun bruges med open-handlingen.\n"
-#: src/cryptsetup.c:4124
-#, fuzzy
-msgid "Cannot disable metadata locking."
+#: src/cryptsetup.c:3892
+msgid "Cannot disable metadata locking.\n"
msgstr "Kan ikke deaktivere metadatalåsning.\n"
-#: src/cryptsetup.c:4135
+#: src/cryptsetup.c:3902
msgid "Invalid max reencryption hotzone size specification."
msgstr "Ugyldig maksimal størrelsesspecifikation for omkrypteringshotzonen."
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
+#: src/cryptsetup.c:3910 src/cryptsetup_reencrypt.c:1715
+#: src/cryptsetup_reencrypt.c:1720
msgid "Invalid device size specification."
msgstr "Ugyldig specifikation for enhedsstørrelse."
-#: src/cryptsetup.c:4146
+#: src/cryptsetup.c:3913
msgid "Maximum device reduce size is 1 GiB."
msgstr "Maksimal reduceringsstørrelse for enhed er 1 GiB."
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
+#: src/cryptsetup.c:3916 src/cryptsetup_reencrypt.c:1726
msgid "Reduce size must be multiple of 512 bytes sector."
msgstr "Reducer størrelse skal være multiplum af 512 byte sektor."
-#: src/cryptsetup.c:4154
+#: src/cryptsetup.c:3921
msgid "Invalid data size specification."
msgstr "Ugyldig størrelsesspecifikation for data."
-#: src/cryptsetup.c:4159
+#: src/cryptsetup.c:3926
msgid "Reduce size overflow."
msgstr "Reducer størrelsesoverløb."
-#: src/cryptsetup.c:4163
+#: src/cryptsetup.c:3930
msgid "LUKS2 decryption requires option --header."
msgstr "LUKS2-omkryptering kræver tilvalget --header."
-#: src/cryptsetup.c:4167
+#: src/cryptsetup.c:3934
msgid "Device size must be multiple of 512 bytes sector."
msgstr "Enhedsstørrelse skal være multiplum af 512 byte sektor."
-#: src/cryptsetup.c:4171
+#: src/cryptsetup.c:3938
msgid "Options --reduce-device-size and --data-size cannot be combined."
msgstr "Tilvalgene --reduce-device-size og --data-size kan ikke kombineres."
-#: src/cryptsetup.c:4175
+#: src/cryptsetup.c:3942
msgid "Options --device-size and --size cannot be combined."
msgstr "Tilvalgene --device-size og --size kan ikke kombineres."
-#: src/cryptsetup.c:4179
-#, fuzzy
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Tilvalgene --ignore-corruption og --restart-on-corruption kan ikke bruges sammen.\n"
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:66
msgid "Invalid salt string specified."
msgstr "Ugyldig salt-streng angivet."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Kan ikke oprette hashaftryk %s for skriving."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:107
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Kan ikke oprette FEC-aftryk %s for skriving."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:179
msgid "Invalid root hash string specified."
msgstr "Ugyldig root-hash-streng angivet."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:187
#, c-format
msgid "Invalid signature file %s."
msgstr "Ugyldig signaturfil %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:194
#, c-format
msgid "Cannot read signature file %s."
msgstr "Kan ikke læse signaturfilen %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:392
msgid "<data_device> <hash_device>"
msgstr "<data_enhed> <hash_device>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:392 src/integritysetup.c:473
msgid "format device"
msgstr "formater enhed"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:393
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<data_enhed> <hash_enhed> <root_hash>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:393
msgid "verify device"
msgstr "verificer enhed"
-#: src/veritysetup.c:408
+#: src/veritysetup.c:394
msgid "<data_device> <name> <hash_device> <root_hash>"
msgstr "<data_enhed> <navn> <hash_enhed> <root_hash>"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:396 src/integritysetup.c:476
msgid "show active device status"
msgstr "vis aktiv enhedsstatus"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:397
msgid "<hash_device>"
msgstr "<hash_enhed>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:397 src/integritysetup.c:477
msgid "show on-disk information"
msgstr "vis on-disk-information"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:416
#, c-format
msgid ""
"\n"
"<hash_enhed> er enheden indeholdende verifikationsdata\n"
"<root_hash> hash for root-knuden på <hash_enhed>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:423
#, c-format
msgid ""
"\n"
"Standardindkompilerede dm-verity-parametre:\n"
"\tHash: %s, Databok (byte): %u, Hashblok (byte): %u, Salt-str.: %u, Hashformat: %u\n"
-#: src/veritysetup.c:481
+#: src/veritysetup.c:466
msgid "Do not use verity superblock"
msgstr "Brug ikke verity-superblok"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:467
msgid "Format type (1 - normal, 0 - original Chrome OS)"
msgstr "Formatype (1 - normal, 0 - original Chrome OS)"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:467
msgid "number"
msgstr "nummer"
-#: src/veritysetup.c:483
+#: src/veritysetup.c:468
msgid "Block size on the data device"
msgstr "Blokstørrelse på dataenheden"
-#: src/veritysetup.c:484
+#: src/veritysetup.c:469
msgid "Block size on the hash device"
msgstr "Blokstørrelse på hashenheden"
-#: src/veritysetup.c:485
+#: src/veritysetup.c:470
msgid "FEC parity bytes"
msgstr "FEC-paritetbyte"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:471
msgid "The number of blocks in the data file"
msgstr "Antallet af blokke i datafilen"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:471
msgid "blocks"
msgstr "blokke"
-#: src/veritysetup.c:487
+#: src/veritysetup.c:472
msgid "Path to device with error correction data"
msgstr "Sti til enhed med fejlkorrektionsdata"
-#: src/veritysetup.c:487 src/integritysetup.c:566
+#: src/veritysetup.c:472 src/integritysetup.c:543
msgid "path"
msgstr "sti"
-#: src/veritysetup.c:488
+#: src/veritysetup.c:473
msgid "Starting offset on the hash device"
msgstr "Starter forskydning på hashenheden"
-#: src/veritysetup.c:489
+#: src/veritysetup.c:474
msgid "Starting offset on the FEC device"
msgstr "Starter forskydning på FEC-enheden"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:475
msgid "Hash algorithm"
msgstr "Hashalgoritme"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:475
msgid "string"
msgstr "streng"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:476
msgid "Salt"
msgstr "Salt"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:476
msgid "hex string"
msgstr "hex-streng"
-#: src/veritysetup.c:493
+#: src/veritysetup.c:478
msgid "Path to root hash signature file"
msgstr "Stil til roothash-signaturfil"
-#: src/veritysetup.c:494
+#: src/veritysetup.c:479
msgid "Restart kernel if corruption is detected"
msgstr "Genstart kerne hvis korruption er registreret"
-#: src/veritysetup.c:495
-#, fuzzy
-msgid "Panic kernel if corruption is detected"
-msgstr "Genstart kerne hvis korruption er registreret"
-
-#: src/veritysetup.c:496
+#: src/veritysetup.c:480
msgid "Ignore corruption, log it only"
msgstr "Ignorer korruption, log den kun"
-#: src/veritysetup.c:497
+#: src/veritysetup.c:481
msgid "Do not verify zeroed blocks"
msgstr "Bekræft ikke nulstillede blokke"
-#: src/veritysetup.c:498
+#: src/veritysetup.c:482
msgid "Verify data block only the first time it is read"
msgstr "Verificer kun datablok første gang den læses"
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#: src/veritysetup.c:582
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"
msgstr "Tilvalgene --ignore-corruption, --restart-on-corruption eller --ignore-zero-blocks er kun tilladt for åben operation.\n"
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
+#: src/veritysetup.c:587
+msgid "Option --root-hash-signature can be used only for open operation.\n"
msgstr "Tilvalget --root-hash-signature kan kun bruges til åben operation.\n"
-#: src/veritysetup.c:610
-#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Tilvalgene --ignore-corruption og --restart-on-corruption kan ikke bruges sammen.\n"
-
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+#: src/veritysetup.c:592
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
msgstr "Tilvalgene --ignore-corruption og --restart-on-corruption kan ikke bruges sammen.\n"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Ugyldig nøglestørrelse."
-
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:83 src/utils_password.c:305
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Kan ikke læse nøglefilen %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/integritysetup.c:87 src/utils_password.c:310
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Kan ikke læse %d byte fra nøglefilen %s."
-#: src/integritysetup.c:266
+#: src/integritysetup.c:253
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr "Formateret med mærkestørrelse %u, intern integritet %s.\n"
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:473 src/integritysetup.c:477
msgid "<integrity_device>"
msgstr "<integritet_enhed>"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:474
msgid "<integrity_device> <name>"
msgstr "<integritet_enhed> <navn>"
-#: src/integritysetup.c:515
+#: src/integritysetup.c:496
#, c-format
msgid ""
"\n"
"<navn> er enheden der skal opretttes under %s\n"
"<integritet_enhed> er enheden indeholdende data med integritetsmærker\n"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
+#: src/integritysetup.c:501
+#, c-format
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
msgstr ""
"\n"
"Standardindkompilerede dm-integrity-parametre:\n"
"\tkontrolsumalgoritme: %s\n"
-#: src/integritysetup.c:566
+#: src/integritysetup.c:543
msgid "Path to data device (if separated)"
msgstr "Sti til dataenhed (hvis adskilt)"
-#: src/integritysetup.c:568
+#: src/integritysetup.c:545
msgid "Journal size"
msgstr "Journalstørrelse"
-#: src/integritysetup.c:569
+#: src/integritysetup.c:546
msgid "Interleave sectors"
msgstr "Interleave-sektorer"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:547
msgid "Journal watermark"
msgstr "Journalvandmærke"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:547
msgid "percent"
msgstr "procent"
-#: src/integritysetup.c:571
+#: src/integritysetup.c:548
msgid "Journal commit time"
msgstr "Journal commit-tid"
-#: src/integritysetup.c:571 src/integritysetup.c:573
+#: src/integritysetup.c:548 src/integritysetup.c:550
msgid "ms"
msgstr "ms"
-#: src/integritysetup.c:572
+#: src/integritysetup.c:549
msgid "Number of 512-byte sectors per bit (bitmap mode)."
msgstr "Antallet af 512-byte sektorer per bit (bitmap-tilstand)."
-#: src/integritysetup.c:573
+#: src/integritysetup.c:550
msgid "Bitmap mode flush time"
msgstr "Flush-tid for Bitmap-tilstand"
-#: src/integritysetup.c:574
+#: src/integritysetup.c:551
msgid "Tag size (per-sector)"
msgstr "Mærkestørrelse (per-sektor)"
-#: src/integritysetup.c:575
+#: src/integritysetup.c:552
msgid "Sector size"
msgstr "Sektorstørrelse"
-#: src/integritysetup.c:576
+#: src/integritysetup.c:553
msgid "Buffers size"
msgstr "Bufferstørrelse"
-#: src/integritysetup.c:578
+#: src/integritysetup.c:555
msgid "Data integrity algorithm"
msgstr "Dataintegritetsalgoritme"
-#: src/integritysetup.c:579
+#: src/integritysetup.c:556
msgid "The size of the data integrity key"
msgstr "Størrelsen for dataintegritetsnøglen"
-#: src/integritysetup.c:580
+#: src/integritysetup.c:557
msgid "Read the integrity key from a file"
msgstr "Læs integritetsnøglen fra en fil"
-#: src/integritysetup.c:582
+#: src/integritysetup.c:559
msgid "Journal integrity algorithm"
msgstr "Journalintegritetsalgoritme"
-#: src/integritysetup.c:583
+#: src/integritysetup.c:560
msgid "The size of the journal integrity key"
msgstr "Størrelsen for journalintegritetsnøglen"
-#: src/integritysetup.c:584
+#: src/integritysetup.c:561
msgid "Read the journal integrity key from a file"
msgstr "Læs journalintegritetsnøglen fra en fil"
-#: src/integritysetup.c:586
+#: src/integritysetup.c:563
msgid "Journal encryption algorithm"
msgstr "Journalkrypteringsalgoritme"
-#: src/integritysetup.c:587
+#: src/integritysetup.c:564
msgid "The size of the journal encryption key"
msgstr "Størrelsen for journalkrypteringsnøglen"
-#: src/integritysetup.c:588
+#: src/integritysetup.c:565
msgid "Read the journal encryption key from a file"
msgstr "Læs journalkrypteringsnøglen fra en fil"
-#: src/integritysetup.c:591
+#: src/integritysetup.c:568
msgid "Recovery mode (no journal, no tag checking)"
msgstr "Gendannelsestilstand (ingen journal, ingen mærkekontrol)"
-#: src/integritysetup.c:592
+#: src/integritysetup.c:569
msgid "Use bitmap to track changes and disable journal for integrity device"
msgstr "Brug bitmap til at registrere ændringer og deaktivere journal for integritetsenhed"
-#: src/integritysetup.c:593
+#: src/integritysetup.c:570
msgid "Recalculate initial tags automatically."
msgstr "Genberegn oprindelige mærker automatisk."
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
+#: src/integritysetup.c:641
msgid "Option --integrity-recalculate can be used only for open action."
msgstr "Tilvalget --integrity-recalculate kan kun bruges for open-handling."
-#: src/integritysetup.c:692
-#, fuzzy
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#: src/integritysetup.c:656
+msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n"
msgstr "Tilvalgene --journal-size, --interleave-sectors, --sector-size, --tag-size og --no-wipe kan kun bruges for formathandlingen.\n"
-#: src/integritysetup.c:698
+#: src/integritysetup.c:662
msgid "Invalid journal size specification."
msgstr "Ugyldig specifikation for journalstørrelse."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:667
msgid "Both key file and key size options must be specified."
msgstr "Både nøglefil og tilvalg for nøglestørrelse skal være angivet."
-#: src/integritysetup.c:708
+#: src/integritysetup.c:670
+msgid "Integrity algorithm must be specified if integrity key is used."
+msgstr "Integritetsalgoritme skal være angivet hvis der bruges integritetsnøgle."
+
+#: src/integritysetup.c:675
msgid "Both journal integrity key file and key size options must be specified."
msgstr "Både journalintegritetsnøglefil og tilvalg for nøglestørrelse skal være angivet."
-#: src/integritysetup.c:711
+#: src/integritysetup.c:678
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "Journalintegritetsalgoritme skal være angivet hvis journalintegritetsnøgle anvendes."
-#: src/integritysetup.c:716
+#: src/integritysetup.c:683
msgid "Both journal encryption key file and key size options must be specified."
msgstr "Både journalkrypteringsnøglefil og tilvalg for nøglestørrelse skal være angivet."
-#: src/integritysetup.c:719
+#: src/integritysetup.c:686
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "Journalkrypteringsalgoritme skal være angivet hvis journalkrypteringsnøgle bruges."
-#: src/integritysetup.c:723
+#: src/integritysetup.c:690
msgid "Recovery and bitmap mode options are mutually exclusive."
msgstr "Tilvalgene recovery og bitmap udelukker hinanden."
-#: src/integritysetup.c:727
+#: src/integritysetup.c:694
msgid "Journal options cannot be used in bitmap mode."
msgstr "Journaltilvalg kan ikke bruges i bitmap-tilstand."
-#: src/integritysetup.c:731
+#: src/integritysetup.c:698
msgid "Bitmap options can be used only in bitmap mode."
msgstr "Bitmap-tilvalg kan kun bruges i bitmap-tilstand."
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:172
msgid "Reencryption already in-progress."
msgstr "Omkryptering er allerede i gang."
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:201
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "Kan ikke eksklusivt åbne %s, enheden er i brug."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:215 src/cryptsetup_reencrypt.c:1128
msgid "Allocation of aligned memory failed."
msgstr "Allokering af tilpasset hukommelse mislykkedes."
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:222
#, c-format
msgid "Cannot read device %s."
msgstr "Kan ikke læse enheden %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:233
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "Markerer LUKS-enheden %s som ubrugelig."
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:237
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr "Angivelse af LUKS2 som frakoblet omkrypterer flag på enheden %s."
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:254
#, c-format
msgid "Cannot write device %s."
msgstr "Kan ikke skrive enhed %s."
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:302
msgid "Cannot write reencryption log file."
msgstr "Kan ikke skrive omkrypteringslogfilen."
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:358
msgid "Cannot read reencryption log file."
msgstr "Kan ikke læse omkrypteringslogfilen."
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:396
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Logfilen %s findes, genoptager omkryptering.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:445
msgid "Activating temporary device using old LUKS header."
msgstr "Aktiverer midlertidig enhed via brug af gammelt LUKS-teksthoved."
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:455
msgid "Activating temporary device using new LUKS header."
msgstr "Aktiverer midlertidig enhed via brug af nyt LUKS-teksthoved."
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:465
msgid "Activation of temporary devices failed."
msgstr "Aktivering af midlertidige enheder mislykkedes."
-#: src/cryptsetup_reencrypt.c:577
+#: src/cryptsetup_reencrypt.c:552
msgid "Failed to set data offset."
msgstr "Kunne ikke angive dataforskydning."
-#: src/cryptsetup_reencrypt.c:583
+#: src/cryptsetup_reencrypt.c:558
msgid "Failed to set metadata size."
msgstr "Kunne ikke angive metadatastørrelse."
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:566
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Nyt LUKS-teksthoved for enheden %s oprettet."
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:626
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr "Denne version af cryptsetup-reencrypt kan ikke håndtere ny intern symboltype %s."
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:648
msgid "Failed to read activation flags from backup header."
msgstr "Kunne ikke læse aktiveringsflag fra sikkerhedskopiteksthoved."
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:652
msgid "Failed to write activation flags to new header."
msgstr "Kunne ikke skrive aktiveringsflag til nyt teksthoved."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:656 src/cryptsetup_reencrypt.c:660
msgid "Failed to read requirements from backup header."
msgstr "Kunne ikke læse krav fra sikkerhedskopiteksthoved."
-#: src/cryptsetup_reencrypt.c:723
+#: src/cryptsetup_reencrypt.c:698
#, c-format
msgid "%s header backup of device %s created."
msgstr "%s-sikkerhedskopi af teksthoved for enheden %s er oprettet."
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:761
msgid "Creation of LUKS backup headers failed."
msgstr "Oprettelse af LUKS-sikkerhedskopiteksthoveder mislykkedes."
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:894
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "Kan ikke gendanne %s-teksthoved på enheden %s."
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:896
#, c-format
msgid "%s header on device %s restored."
msgstr "%s-teksthoved på enheden %s er gendannet."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:1100 src/cryptsetup_reencrypt.c:1106
msgid "Cannot open temporary LUKS device."
msgstr "Kan ikke åbne midlertidig LUKS-enhed."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1111 src/cryptsetup_reencrypt.c:1116
msgid "Cannot get device size."
msgstr "Kan ikke indhente enhedsstørrelse."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1151
msgid "IO error during reencryption."
msgstr "IO-fejl under omkryptering."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1182
msgid "Provided UUID is invalid."
msgstr "Angivet UUID er ugyldig."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1416
msgid "Cannot open reencryption log file."
msgstr "Kan ikke åbne omkrypteringslogfilen."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1422
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "Ingen dekryptering i gang, angivet UUID kan kun bruges til at genoptage suspenderet dekrypteringsproces."
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1497
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr "Ændret pbkdf-parameter i nøgleplads %i."
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1609
msgid "Reencryption block size"
msgstr "Blokstørrelse for omkryptering"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1609
msgid "MiB"
msgstr "MiB"
-#: src/cryptsetup_reencrypt.c:1640
+#: src/cryptsetup_reencrypt.c:1613
msgid "Do not change key, no data area reencryption"
msgstr "Ændr ikke nøgle, ingen dataområdeomkryptering"
-#: src/cryptsetup_reencrypt.c:1642
+#: src/cryptsetup_reencrypt.c:1615
msgid "Read new volume (master) key from file"
msgstr "Læs ny diskenhednøgle (master) fra fil"
-#: src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup_reencrypt.c:1616
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "PBKDF2-iterationstid for LUKS (i ms)"
-#: src/cryptsetup_reencrypt.c:1649
+#: src/cryptsetup_reencrypt.c:1622
msgid "Use direct-io when accessing devices"
msgstr "Brug direct-io når enheder tilgås"
-#: src/cryptsetup_reencrypt.c:1650
+#: src/cryptsetup_reencrypt.c:1623
msgid "Use fsync after each block"
msgstr "Brug fsync efter hver blok"
-#: src/cryptsetup_reencrypt.c:1651
+#: src/cryptsetup_reencrypt.c:1624
msgid "Update log file after every block"
msgstr "Opdater logfil efter hver blok"
-#: src/cryptsetup_reencrypt.c:1652
+#: src/cryptsetup_reencrypt.c:1625
msgid "Use only this slot (others will be disabled)"
msgstr "Brug kun denne plads (andre vil blive deaktiveret)"
-#: src/cryptsetup_reencrypt.c:1657
+#: src/cryptsetup_reencrypt.c:1630
msgid "Create new header on not encrypted device"
msgstr "Opret nyt teksthoved på ikke krypteret enhed"
-#: src/cryptsetup_reencrypt.c:1658
+#: src/cryptsetup_reencrypt.c:1631
msgid "Permanently decrypt device (remove encryption)"
msgstr "Dekrypter enhed permanent (fjern kryptering)"
-#: src/cryptsetup_reencrypt.c:1659
+#: src/cryptsetup_reencrypt.c:1632
msgid "The UUID used to resume decryption"
msgstr "UUID'en brugt til at genoptage dekryptering"
-#: src/cryptsetup_reencrypt.c:1660
+#: src/cryptsetup_reencrypt.c:1633
msgid "Type of LUKS metadata: luks1, luks2"
msgstr "Type for LUKS-metadata: luks1, luks2"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1652
msgid "[OPTION...] <device>"
msgstr "[TILVALG...] <enhed>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1660
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "Omkryptering vil ændre: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1661
msgid "volume key"
msgstr "diskenhedsnøgle"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1663
msgid "set hash to "
msgstr "sæt hash til "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1664
msgid ", set cipher to "
msgstr ", set krypteringsalgoritme til "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1668
msgid "Argument required."
msgstr "Argument krævet."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1696
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Kun værdier mellem 1 MiB og 64 MiB tilladt for omkrypteringsblokstørrelsen."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1723
msgid "Maximum device reduce size is 64 MiB."
msgstr "Maksimal reduceringsstørrelse for enhed er 64 MiB."
-#: src/cryptsetup_reencrypt.c:1757
+#: src/cryptsetup_reencrypt.c:1730
msgid "Option --new must be used together with --reduce-device-size or --header."
msgstr "Tilvalget --new skal bruges sammen med --reduce-device-size eller --header."
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1734
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "Tilvalget --keep-key kan kun bruges med --hash, --iter-time eller --pbkdf-force-iterations."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1738
msgid "Option --new cannot be used together with --decrypt."
msgstr "Tilvalget --new kan ikke bruges sammen med --decrypt."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1742
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "Tilvalget --decrypt er ikke kompatibelt med specificerede parametre."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1746
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "Tilvalget --uuid er kun tilladt sammen med --decrypt."
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1750
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr "Ugyldig luks-type. Brug en af disse: »luks«, »luks2« eller »luks2«."
msgid "Command failed with code %i (%s).\n"
msgstr "Kommando mislykkedes med kode %i (%s).\n"
-#: src/utils_tools.c:284
+#: src/utils_tools.c:283
#, c-format
msgid "Key slot %i created."
msgstr "Nøglepladsen %i oprettet."
-#: src/utils_tools.c:286
+#: src/utils_tools.c:285
#, c-format
msgid "Key slot %i unlocked."
msgstr "Nøgleplads %i låst op."
-#: src/utils_tools.c:288
+#: src/utils_tools.c:287
#, c-format
msgid "Key slot %i removed."
msgstr "Nøgleplads %i fjernet."
-#: src/utils_tools.c:297
+#: src/utils_tools.c:296
#, c-format
msgid "Token %i created."
msgstr "Symbol %i oprettet."
-#: src/utils_tools.c:299
+#: src/utils_tools.c:298
#, c-format
msgid "Token %i removed."
msgstr "Symbol %i fjernet."
-#: src/utils_tools.c:465
+#: src/utils_tools.c:464
msgid ""
"\n"
"Wipe interrupted."
"\n"
"Sletning (wipe) afbrudt."
-#: src/utils_tools.c:476
+#: src/utils_tools.c:475
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr "ADVARSEL: Enheden %s indeholder allerede en »%s«-partitionsignatur.\n"
-#: src/utils_tools.c:484
+#: src/utils_tools.c:483
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr "ADVARSEL: Enheden %s indeholder allerede en »%s«-superbloksignatur.\n"
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_tools.c:504 src/utils_tools.c:568
msgid "Failed to initialize device signature probes."
msgstr "Kunne ikke initialisere enhedssignaturundersøgelser."
-#: src/utils_tools.c:549
+#: src/utils_tools.c:548
#, c-format
msgid "Failed to stat device %s."
msgstr "Kunne ikke køre stat på enheden %s."
-#: src/utils_tools.c:562
+#: src/utils_tools.c:561
#, c-format
msgid "Device %s is in use. Can not proceed with format operation."
msgstr "Enheden %s er i brug. Kan ikke fortsætte med formatoperation."
-#: src/utils_tools.c:564
+#: src/utils_tools.c:563
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr "Kunne ikke åbne filen %s i læs/skriv-tilstand."
-#: src/utils_tools.c:578
+#: src/utils_tools.c:577
#, c-format
msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
msgstr "Eksisterende »%s«-partitionsignatur (forskydning: %<PRIi64> byte) på enheden %s vil blive slettet."
-#: src/utils_tools.c:581
+#: src/utils_tools.c:580
#, c-format
msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
msgstr "Eksisterende »%s«-superbloksignatur (forskydning: %<PRIi64> byte) på enheden %s vil blive slettet."
-#: src/utils_tools.c:584
+#: src/utils_tools.c:583
msgid "Failed to wipe device signature."
msgstr "Kunne ikke rydde enhedssignatur."
-#: src/utils_tools.c:591
+#: src/utils_tools.c:590
#, c-format
msgid "Failed to probe device %s for a signature."
msgstr "Kunne ikke undersøge enheden %s for en signatur."
-#: src/utils_tools.c:622
+#: src/utils_tools.c:629
msgid ""
"\n"
"Reencryption interrupted."
"\n"
"Omkryptering afbrudt."
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:43 src/utils_password.c:75
#, c-format
msgid "Cannot check password quality: %s"
msgstr "Kan ikke kontrollere adganskodekvalitet: %s"
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Kontrol af adgangskodens kvalitet mislykkedes: Ugyldig adgangsfrase (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:193 src/utils_password.c:208
msgid "Error reading passphrase from terminal."
msgstr "Kunne ikke læse adgangsfrase fra terminal."
-#: src/utils_password.c:240
+#: src/utils_password.c:206
msgid "Verify passphrase: "
msgstr "Verificer adgangsfrase: "
-#: src/utils_password.c:247
+#: src/utils_password.c:213
msgid "Passphrases do not match."
msgstr "Adgangsfraser matcher ikke."
-#: src/utils_password.c:284
+#: src/utils_password.c:250
msgid "Cannot use offset with terminal input."
msgstr "Kan ikke bruge forskydning med terminalinddata."
-#: src/utils_password.c:287
+#: src/utils_password.c:253
#, c-format
msgid "Enter passphrase: "
msgstr "Indtast adgangsfrase: "
-#: src/utils_password.c:290
+#: src/utils_password.c:256
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Indtast adgangsfrase for %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:287
msgid "No key available with this passphrase."
msgstr "Ingen nøgle tilgængelig med denne adgangsfrase."
-#: src/utils_password.c:323
+#: src/utils_password.c:289
msgid "No usable keyslot is available."
msgstr "Ingen brugbar nøgleplads tilgængelig."
-#: src/utils_password.c:365
+#: src/utils_password.c:328
#, c-format
msgid "Cannot open keyfile %s for write."
msgstr "Kan ikke bne nøglefilen %s for skrivning."
-#: src/utils_password.c:372
+#: src/utils_password.c:335
#, c-format
msgid "Cannot write to keyfile %s."
msgstr "Kan ikke skrive til nøglefilen %s."
msgid "Failed to write JSON file."
msgstr "Kunne ikke skrive JSON-fil."
-#, c-format
-#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
-#~ msgstr "ADVARSEL: Låsemappen %s/%s mangler!\n"
-
-#~ msgid "Wrong key size."
-#~ msgstr "Forkert nøglestørrelse."
-
-#~ msgid "Invalid size parameters for verity device."
-#~ msgstr "Ugyldig størrelse for parametre for verity-enhed."
-
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Kunne ikke deaktivere kravflag for omkrypteringen."
-
-#, c-format
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Krypteringsalgoritmen %s er ikke tilgængelig."
-
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Ser ud til at enheden ikke kræver omkrypteringsgendannelse.\n"
-#~ "Ønsker du at fortsætte alligevel?"
-
-#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
-#~ msgstr "Parameteren --refresh er kun tilladt for kommandoerne open (åbn) eller refresh (opdater).\n"
-
-#~ msgid "Unsupported encryption sector size.\n"
-#~ msgstr "Krypteringsektorstørrelsen er ikke understøttet.\n"
-
-#~ msgid "Integrity algorithm must be specified if integrity key is used."
-#~ msgstr "Integritetsalgoritme skal være angivet hvis der bruges integritetsnøgle."
-
#~ msgid "Requested dmcrypt performance options are not supported."
#~ msgstr "Forespurgte dmcrypt-ydelsestilvalg er ikke understøttede."
# German translation for the cryptsetup package.
# Copyright (C) 2010 Free Software Foundation, Inc.
# This file is distributed under the same license as the cryptsetup package.
-# Roland Illig <roland.illig@gmx.de>, 2010-2020.
+# Roland Illig <roland.illig@gmx.de>, 2010-2023.
#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-22 19:35+0200\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 22:57+0100\n"
"Last-Translator: Roland Illig <roland.illig@gmx.de>\n"
"Language-Team: German <translation-team-de@lists.sourceforge.net>\n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Bugs: Report translation errors to the Language-Team address.\n"
-"X-Generator: Poedit 2.4.3\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"X-Generator: Poedit 3.2.2\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden, da das Programm nicht mit Root-Rechten läuft."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Das Kernelmodul »device-mapper« kann nicht initialisiert werden. Ist das Kernelmodul »dm_mod« geladen?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "Verlangter »deferred«-Schalter wird nicht unterstützt."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID für Gerät »%s« wurde verkürzt."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Unbekannte Art des dm-Ziels."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Die verlangten dm-crypt-Performance-Optionen werden nicht unterstützt."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Die verlangten dm-verity-Datenbeschädigungs-Optionen werden nicht unterstützt."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Die verlangte dm-verity-Tasklet-Option wird nicht unterstützt."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Die verlangten dm-verity-FEC-Optionen werden nicht unterstützt."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Die verlangten Datenintegritäts-Optionen werden nicht unterstützt."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "Die verlangte sector_size-Option wird nicht unterstützt."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Die verlangte automatische Berechnung der Integritätsangaben wird nicht unterstützt."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "»Discard/TRIM« wird nicht unterstützt."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Der verlangte Bitmap-Modus für dm-Integrität wird nicht unterstützt."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Fehler beim Abfragen des »dm-%s«-Segments."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Das System hat keine Entropie mehr, um den Laufwerksschlüssel zu generieren.\n"
"Bitte bewegen Sie die Maus oder tippen Sie etwas Text in ein anderes Fenster, um einige zufällige Ereignisse zu sammeln.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Schlüssel wird generiert (%d %% erledigt).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Laufe im FIPS-Modus."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "Fataler Fehler während der Initialisierung des Zufallszahlengenerators."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Unbekannte Qualität des Zufallszahlengenerators verlangt."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Fehler beim Einlesen vom Zufallszahlengenerator."
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Fehler beim Initialisieren des Krypto-Zufallszahlengenerator-Backends."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Fehler beim Initialisieren des Krypto-Backends."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Hash-Algorithmus »%s« wird nicht unterstützt."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Fehler beim Verarbeiten des Schlüssels (mit Hash-Algorithmus »%s«)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Geräte-Art kann nicht bestimmt werden. Inkompatible Aktivierung des Geräts?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "Diese Operation wird nur für LUKS-Geräte unterstützt."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Diese Operation wird nur für LUKS2-Geräte unterstützt."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Alle Schlüsselfächer sind voll."
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie eins zwischen 0 und %d."
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Schlüsselfach %d ist voll, bitte wählen Sie ein anderes."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "Gerätegröße ist nicht an logischer Sektorgröße ausgerichtet."
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Header gefunden, aber Gerät »%s« ist zu klein."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Diese Operation wird für diese Geräteart nicht unterstützt."
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "Ungültige Operation, während die Wiederverschlüsselung läuft."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Fehler beim Rückabwickeln der LUKS2-Metadaten im Speicher."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Nicht unterstützte LUKS-Version %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "Gerät »%s« ist nicht aktiv."
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Zugrundeliegendes Gerät für das Kryptogerät »%s« ist verschwunden."
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "Ungültige Parameter für Plain-Verschlüsselung."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "Ungültige Schlüsselgröße."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "UUID wird für diese Verschlüsselungsart nicht unterstützt."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Gerät für separierte Metadaten wird für diese Verschlüsselungsart nicht unterstützt."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "Gerätegröße ist nicht an verlangter Sektorgröße ausgerichtet."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "Ohne Gerät kann LUKS nicht formatiert werden."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "Die angeforderte Datenausrichtung ist nicht mit dem Datenoffset kompatibel."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Fehler beim Auslöschen des Headers auf Gerät »%s«."
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Gerät %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden.\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "WARNUNG: Die Geräteaktivierung wird fehlschlagen, dm-crypt fehlt die Unterstützung für die angeforderte Verschlüsselungsgröße.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Laufwerksschlüssel ist zu klein für die Verschlüsselung mit Integritätserweiterungen."
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Verschlüsselung »%s-%s« (Schlüsselgröße %zd Bits) ist nicht verfügbar."
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "Warnung: Größe der LUKS2-Metadaten wurde auf %<PRIu64> geändert.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "Warnung: Größe des LUKS2-Schlüsselfachbereichs wurde auf %<PRIu64> Bytes geändert.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Gerät »%s« ist zu klein."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "Gerät »%s« kann nicht formatiert werden, da es gerade benutzt wird."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Gerät »%s« kann nicht formatiert werden, Zugriff verweigert."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Fehler beim Formatieren der Integrität auf Gerät »%s«."
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "Gerät »%s« kann nicht formatiert werden."
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "Ohne Gerät kann LOOPAES nicht formatiert werden."
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "Ohne Gerät kann VERITY nicht formatiert werden."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Nicht unterstützte VERITY-Hash-Art %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Nicht unterstützte VERITY-Blockgröße."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Nicht unterstützter VERITY-Hash-Offset."
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "Nicht unterstützter VERITY-FEC-Offset."
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "Datenbereich und Hashbereich überlappen sich."
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "Hashbereich und FEC-Bereich überlappen sich."
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "Datenbereich und FEC-Bereich überlappen sich."
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "WARNUNG: Angeforderte Taggröße mit %d Bytes unterscheidet sich von der Ausgabe der Größe %s (%d Bytes).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Unbekannte Art des Verschlüsselungsgeräts »%s« verlangt."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Nicht unterstützte Parameter für Gerät %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Parameter für Gerät %s sind durcheinander."
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Verschlüsselungsgeräte passen nicht zusammen."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Gerät »%s« konnte nicht neugeladen werden."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Gerät »%s« konnte nicht stillgelegt werden."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Gerät »%s« konnte nicht fortgesetzt werden."
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Schwerwiegender Fehler beim Neuladen von Gerät »%s« (über Gerät »%s«)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Gerät »%s« konnte nicht auf dm-error umgeschaltet werden."
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "Fehler beim Ändern der Größe des Loopback-Geräts."
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "WARNUNG: Die maximale Größe ist bereits eingestellt oder der Kernel unterstützt die Größenänderung nicht.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Fehler bei Größenänderung, der Kernel unterstützt sie nicht."
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "Wollen Sie wirklich die UUID des Geräts ändern?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Header-Backupdatei enthält keinen kompatiblen LUKS-Header."
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "Laufwerk »%s« ist nicht aktiv."
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "Laufwerk »%s« ist bereits im Ruhezustand."
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Das Gerät »%s« unterstützt keinen Ruhezustand."
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "Das Gerät »%s« kann nicht in den Ruhezustand versetzt werden."
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Das Gerät »%s« kann nicht aus dem Ruhezustand aufgeweckt werden."
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "Fehler beim Aufwecken von Gerät »%s« aus dem Ruhezustand."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Laufwerk »%s« ist nicht im Ruhezustand."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Der Laufwerksschlüssel passt nicht zum Laufwerk."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "Neues Schlüsselfach konnte nicht ausgewechselt werden."
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "Schlüsselfach %d ist ungültig."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "Schlüsselfach %d ist nicht aktiv."
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "Geräteheader und Datenbereich überlappen sich."
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Wiederverschlüsselung läuft bereits. Das Gerät kann nicht aktiviert werden."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Fehler beim Zugriff auf die Sperre zur Wiederverschlüsselung."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "Fehler beim Wiederherstellen der LUKS2-Wiederverschlüsselung."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "Geräteart ist nicht richtig initialisiert."
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "Das Gerät »%s« existiert bereits."
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Gerät »%s« kann nicht verwendet werden, da es gerade benutzt wird oder der Name ungültig ist."
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "Falscher Laufwerksschlüssel für Plain-Gerät angegeben."
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "Falscher Root-Hash-Schlüssel für VERITY-Gerät angegeben."
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "Signatur des Stammhashes erforderlich."
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Der Kernel-Schlüsselbund fehlt. Wird benötigt, um die Signatur zum Kernel zu übergeben."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "Fehler beim Laden des Schlüssels im Kernel-Schlüsselbund."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Fehler beim Abbrechen des verzögerten Löschens von Gerät »%s«."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Gerät »%s« wird gerade benutzt."
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "Ungültiges Gerät »%s«."
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "Laufwerks-Schlüsselpuffer zu klein."
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS2-Gerät."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für LUKS1-Gerät."
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für Plain-Gerät."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Root-Hash für Verity-Gerät kann nicht ermittelt werden."
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für BITLK-Gerät."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Fehler beim Ermitteln des Laufwerksschlüssels für FVAULT2-Gerät."
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Diese Operation wird für Kryptogerät »%s« nicht unterstützt."
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "Die Dump-Operation wird für diese Geräteart nicht unterstützt."
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Datenoffset ist kein Vielfaches von %u Bytes."
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Gerät »%s« kann nicht konvertiert werden, da es gerade benutzt wird."
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Schlüsselfach %u konnte nicht dem Laufwerksschlüssel zugeordnet werden."
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Fehler beim Initialisieren der LUKS2-Schlüsselfach-Parameter."
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Schlüsselfach %d konnte nicht dem Digest zugeordnet werden."
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Schlüsselfach kann nicht hinzugefügt werden, da alle Fächer deaktiviert sind und kein Laufwerksschlüssel angegeben wurde."
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "Der Kernel-Schlüsselbund wird vom Kernel nicht unterstützt."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Fehler beim Lesen der Passphrase vom Schlüsselbund (Fehler %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Globale Speicherzugriffsserialisierungssperre konnte nicht angefordert werden."
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Fehler beim Ermitteln der Prozesspriorität."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Fehler beim Entsperren des Speichers."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Fehler beim Öffnen der Schlüsseldatei."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Fehler beim Einlesen der Schlüsseldatei »%s« vom Terminal."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "Fehler beim Öffnen der Schlüsseldatei."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Fehler beim Zugriff auf die Schlüsseldatei."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "Zu wenig Speicher zum Einlesen der Passphrase."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Fehler beim Einlesen der Passphrase."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Nichts zu lesen in der Eingabe."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Größenbegrenzung für die Schlüsseldatei überschritten."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "Die gewünschte Menge an Daten kann nicht eingelesen werden."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Gerät »%s« existiert nicht oder Zugriff verweigert."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Gerät »%s« ist nicht kompatibel."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Merkwürdige Optimale-Datenübertragungs-Größe für Datengerät (%u Bytes) wird ignoriert."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Gerät »%s« ist zu klein. Mindestens %<PRIu64> Bytes erforderlich."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Gerät »%s« kann nicht benutzt werden, da es bereits anderweitig benutzt wird."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Gerät »%s« kann nicht verwendet werden, Zugriff verweigert."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "Fehler beim Abrufen der Infos über Gerät »%s«."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Das Loopback-Gerät kann nicht benutzt werden, da das Programm nicht mit Root-Rechten läuft."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Anklemmen des Loopback-Geräts fehlgeschlagen (das Loopback-Gerät benötigt den »autoclear«-Schalter)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Der angeforderte Offset ist jenseits der wirklichen Größe des Geräts »%s«."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Gerät »%s« hat die Größe 0."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "Im FIPS-Modus wird ausschließlich PBKDF2 unterstützt."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "PBKDF-Benchmark deaktiviert, aber Anzahl der Iterationen nicht angegeben."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Inkompatible PBKDF2-Optionen (mit Hash-Algorithmus »%s«)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "Inkompatible PBKDF2-Optionen."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (kein Verzeichnis oder existiert nicht)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Das Verzeichnis %s/%s, das die Dateisperren enthält, wird mit den vorgegebenen, fest einprogrammierten Berechtigungen erzeugt."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Sperren abgebrochen. Der Sperrpfad %s/%s ist unbenutzbar (%s ist kein Verzeichnis)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Fehler beim Springen zum Gerät-Offset."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Fehler beim gründlichen Löschen des Geräts, an Offset %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Verschlüsselungsverfahren sollte im Format [Verfahren]-[Modus]-[IV] sein."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Fehler beim Schreiben auf Gerät »%s«, Zugriff verweigert."
msgid "Failed to access temporary keystore device."
msgstr "Fehler beim Zugriff auf das temporäre Schlüsselspeichergerät."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "E/A-Fehler beim Verschlüsseln des Schlüsselfachs."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Fehler beim Öffnen des Geräts »%s«."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "E/A-Fehler beim Entschlüsseln des Schlüsselfachs."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Gerät »%s« ist zu klein. (LUKS1 benötigt mindestens %<PRIu64> Bytes.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS-Schlüsselfach %u ist ungültig."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Gerät »%s« ist kein gültiges LUKS-Gerät."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Angeforderte Header-Backupdatei »%s« existiert bereits."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Fehler beim Anlegen der Header-Backupdatei »%s«."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Fehler beim Speichern der Header-Backupdatei »%s«."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Backupdatei enthält keinen gültigen LUKS-Header."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Fehler beim Öffnen der Header-Backupdatei »%s«."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Fehler beim Einlesen der Header-Backupdatei »%s«."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Unterschiedlicher Offset oder Schlüsselgröße zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "Gerät »%s« %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "enthält keinen LUKS-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "enthält bereits einen LUKS-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"WARNUNG: Der Header des echten Geräts hat eine andere UUID als das Backup!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "Ungewöhnliche Schlüsselgröße, manuelles Reparieren erforderlich."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Ungewöhnliche Ausrichtung der Schlüsselfächer, manuelles Reparieren erforderlich."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Verschlüsselungsmodus repariert (%s -> %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Chiffre-Hash in Kleinbuchstaben umgewandelt (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Verlangter LUKS-Hash »%s« wird nicht unterstützt."
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "Schlüsselfächer werden repariert."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Schlüsselfach %i: Offset repariert (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Schlüsselfach %i: Streifen repariert (%u -> %u)."
# XXX
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Schlüsselfach %i: schwindlerische Partitions-Signatur."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Schlüsselfach %i: Salt gelöscht."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "LUKS-Header wird auf den Datenträger geschrieben."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "Fehler beim Reparieren."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Verlangter LUKS-Hash »%s« wird nicht unterstützt."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "LUKS-Verschlüsselungsmodus %s ist ungültig."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "LUKS-Hash %s ist ungültig."
+
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "Keine bekannten Probleme im LUKS-Header erkannt."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Fehler beim Aktualisieren des LUKS-Headers auf Gerät »%s«."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Fehler beim Neueinlesen des LUKS-Headers nach dem Aktualisieren auf Gerät »%s«."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Daten-Offset für LUKS-Header muss entweder 0 sein oder mehr als die Headergröße."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "Falsches LUKS-UUID-Format angegeben."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Einlesen des zufälligen Salts."
# XXX
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "LUKS-Header kann nicht angelegt werden: Fehler beim Hashen des Headers (mit Hash-Algorithmus »%s«)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Schlüsselfach %d aktiv, löschen Sie es erst."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Material für Schlüsselfach %d enthält zu wenige Streifen. Manipulation des Headers?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Überlauf im Iterationswert von PBKDF2."
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Schlüsselfach kann nicht geöffnet werden (mit Hash-Algorithmus »%s«)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Schlüsselfach %d ist ungültig, bitte wählen Sie ein Schlüsselfach zwischen 0 und %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Gerät »%s« kann nicht ausgelöscht werden."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Kernel unterstützt Loop-AES-kompatibles Mapping nicht."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Maximale Länge der TCRYPT-Passphrase (%zu) überschritten."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Der Hash-Algorithmus »%s« für PBKDF2 wird nicht unterstützt, überspringe diesen Teil."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "Die benötigte Crypto-Kernel-Schnittstelle ist nicht verfügbar."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Stellen Sie sicher, dass das Kernelmodul »algif_skcipher« geladen ist."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Aktivierung wird für die Sektorengröße %d nicht unterstützt."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Der Kernel unterstützt die Aktivierung für diesen TCRYPT-Legacymodus nicht."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "TCRYPT-Systemverschlüsselung für Partition »%s« wird aktiviert."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Kernel unterstützt TCRYPT-kompatibles Mapping nicht."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Diese Funktionalität braucht einen geladenen TCRYPT-Header."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des unterstützten Volume Master Keys gefunden."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Ungültige Zeichenkette beim Parsen des Volume Master Key gefunden."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Unerwartete Zeichenkette »%s« beim Parsen des Volume Master Key gefunden."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Unerwarteter Metadaten-Eintrag %u beim Einlesen des unterstützten Volume Master Key gefunden."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Fehler beim Lesen der BITLK-Signatur von »%s«."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Ungültige oder unbekannte Signatur für BITLK-Gerät."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK Version 1 wird derzeit nicht unterstützt."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Ungültige oder unbekannte Bootsignatur für BITLK-Gerät."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Nicht unterstützte Sektorengröße %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Fehler beim Lesen des BITLK-Headers von »%s«."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Fehler beim Schreiben der BITLK-FVE-Metadaten von »%s«."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "Unbekannte oder nicht unterstützte Verschlüsselungsart."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Fehler beim Lesen der BITLK-Metadaten von »%s«."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Fehler beim Konvertieren der BITLK-Volumenbeschreibung"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Parsen des externen Schlüssels gefunden."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "Die GUID der BEK-Datei »%s« stimmt nicht mit der GUID des Laufwerks überein."
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Unerwarteter Metadaten-Eintrag »%u« beim Einlesen des externen Schlüssels gefunden."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Nicht unterstützte BEK-Metadatenversion %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Unerwartete BEK-Metadatengröße %<PRIu32> stimmt nicht mit BEK-Dateilänge überein"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Unerwartete Art »%u« des Metadaten-Eintrags beim Einlesen des Startschlüssels gefunden."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "Diese Operation wird nicht unterstützt."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "Unerwartete Größe des Datenschlüssels."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Dieses BITLK-Gerät ist in einem nicht unterstützten Zustand und kann daher nicht aktiviert werden."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "BITLK-Geräte der Art »%s« können nicht aktiviert werden."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Aktivieren eines teilweise entschlüsselten BITLK-Geräts wird nicht unterstützt."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "WARNUNG: BitLocker-Datenträgergröße %<PRIu64> stimmt nicht mit der zugrunde liegenden Gerätegröße %<PRIu64> überein"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für BITLK-IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Gerät kann nicht aktiviert werden, da dem Kernelmodul dm-crypt die Unterstützung für BITLK-Elephant-Verschleierer fehlt."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Gerät kann nicht aktiviert werden, dem Kernelmodul dm-crypt fehlt die Unterstützung für große Sektoren."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Gerät kann nicht aktiviert werden, das Kernelmodul dm-crypt existiert nicht."
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Verity-Gerät »%s« benutzt keinen Header auf dem Datenträger."
+msgid "Could not read %u bytes of volume header."
+msgstr "Fehler beim Einlesen von %u Bytes aus dem Laufwerks-Kopfbereich."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Gerät »%s« ist kein gültiges VERITY-Gerät."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Nicht unterstützte VFAULT2-Version %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Verity-Gerät »%s« benutzt keinen Header auf dem Datenträger."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Nicht unterstützte VERITY-Version %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "VERITY-Header verfälscht."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Falsches VERITY-UUID-Format über Gerät »%s« angegeben."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Fehler beim Aktualisieren des VERITY-Headers auf Gerät »%s«."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Verifikation der Stammhash-Signatur wird nicht unterstützt."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Fehler können mit einem FEC-Gerät nicht repariert werden."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "%u reparierbare Fehler mit FEC-Gerät gefunden."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Kernel unterstützt dm-verity-Zuordnung nicht."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Kernel unterstützt Signatur-Option für dm-verity nicht."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Verity-Gerät hat eine Verfälschung nach der Aktivierung festgestellt."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Zusätzlicher Platz an Position %<PRIu64> ist nicht ausgenullt."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Überlauf beim Geräte-Offset."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Fehler beim Verifizieren an Position %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Überlauf des Hashbereichs."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Fehler beim Verifizieren des Datenbereichs."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Fehler beim Verifizieren des Root-Hashes."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "E/A-Fehler beim Anlegen des Hash-Bereiches."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Fehler beim Anlegen des Hash-Bereiches."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "WARNUNG: Kernel kann das Gerät nicht aktivieren, wenn die Datenblockgröße die Seitengröße (%u) übersteigt."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Fehler beim Reparieren der Parität für RS-Block %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Fehler beim Schreiben der Parität für RS-Block %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Blockgrößen müssen für FEC zusammen passen."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Ungültige Anzahl von Paritätsbytes."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Ungültige FEC-Segmentlänge."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Fehler beim Ermitteln der Größe von Gerät »%s«."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Inkompatible Metadaten des Kernelmoduls dm-integrity (Version %u) auf %s entdeckt."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Kernel unterstützt dm-integrity-Zuordnung nicht."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Kernel unterstützt feste Ausrichtung der Metadaten für dm-integrity nicht."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Der Kernel weigert sich, die unsichere Neuberechnungs-Option zu aktivieren. Um dies zu übersteuern, können Sie die veralteten Aktivierungsoptionen nutzen."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Fehler beim exklusiven Schreibzugriff auf Gerät »%s«."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Es wurde ein Versuch erkannt, die LUKS2-Metadaten nebenläufig zu ändern. Die Operation wird abgebrochen."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Gerät enthält mehrdeutige Signaturen, LUKS2 kann nicht automatisch wiederhergestellt werden.\n"
"Bitte führen Sie \"cryptsetup repair\" zur Wiederherstellung aus."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Verlangter Daten-Offset ist zu klein."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "WARNING: Der Schlüsselfach-Bereich (%<PRIu64> Bytes) ist sehr klein, die LUKS2-Schlüsselfachanzahl ist sehr begrenzt.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Fehler beim Zugriff auf die Lesesperre für das Gerät »%s«."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Verbotene LUKS2-Anforderungen in Backup »%s« entdeckt."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Unterschiedliche Datenoffsets auf Gerät und Backup. Wiederherstellung fehlgeschlagen."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Unterschiedliche Größe der Binärheader mit Schlüsselfach-Bereichen zwischen Gerät und Backup. Wiederherstellung fehlgeschlagen."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Gerät »%s« %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "enthält keinen LUKS2-Header. Das Ersetzen des Headers kann Daten auf dem Gerät zerstören."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "enthält bereits einen LUKS2-Header. Das Ersetzen des Headers wird bestehende Schlüsselfächer zerstören."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"WARNUNG: Unbekannte LUKS2-Anforderungen im echten Geräteheader entdeckt!\n"
"Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"WARNUNG: Unvollendete Offline-Wiederverschlüsselung auf dem Gerät entdeckt!\n"
"Das Ersetzen des Headers mit dem Backup kann zu Datenverlust auf dem Gerät führen."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Unbekannter Schalter »%s« wird ignoriert."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Fehlender Schlüssel für dm-crypt-Segment %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Fehler beim Festlegen des »dm-crypt«-Segments."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Fehler beim Festlegen des »dm-linear«-Segments."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Nicht unterstützte Konfiguration für Geräteintegrität."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Wiederverschlüsselung läuft gerade. Das Gerät kann nicht deaktiviert werden."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Das stillgelegte Gerät »%s« mit dm-error-Ziel konnte nicht in den Fehlerzustand gesetzt werden."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Fehler beim Lesen der LUKS2-Anforderungen."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Unerfüllte LUKS2-Anforderungen entdeckt."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für Altlasten-Wiederverschlüsselung markiert ist. Wird abgebrochen."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Diese Operation kann nicht mit einem Gerät durchgeführt werden, das für LUKS2-Wiederverschlüsselung markiert ist. Wird abgebrochen."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Nicht genügend Speicher, um ein Schlüsselfach zu öffnen."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Fehler beim Öffnen des Schlüsselfachs."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Der Algorithmus %s-%s kann nicht für Schlüsselfach-Verschlüsselung verwendet werden."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Der Hash-Algorithmus »%s« ist nicht verfügbar."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "Nicht genug Speicherplatz für neues Schlüsselfach."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Ungültige Änderung des Modus für die robuste Wiederverschlüsselung angefordert."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Die Art der Robustheit kann nicht geändert werden. Die neue Art bietet nur %<PRIu64> Bytes, der erforderliche Platz ist jedoch %<PRIu64> Bytes."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Fehler beim Auffrischen des Zusammenfassungswerts der Prüfung der Wiederverschlüsselung."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Fehler beim Prüfen des Zustands von Gerät mit der UUID %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Fehler beim Konvertieren des Headers mit zusätzlichen LUKSMETA-Metadaten."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Die Chiffrierspezifikation %s-%s kann für LUKS2 nicht verwendet werden."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Nicht genug Speicherplatz."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Fehler beim Konvertieren ins LUKS2-Format: ungültige Metadaten."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs. Bereich für die LUKS2-Schlüsselfächer ist zu klein."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Fehler beim Verschieben des Schlüsselfach-Bereichs."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Standardgröße für Verschlüsselungssektoren ist nicht 512 Bytes."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach-Digeste sind nicht zu LUKS1 kompatibel."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Gerät verwendet eingepacktes Verschlüsselungsverfahren %s."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Fehler beim Konvertieren ins LUKS1-Format: Gerät verwendet mehr Segmente."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Fehler beim Konvertieren in LUKS1-Format: LUKS2-Header enthält %u Token."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist in ungültigem Zustand."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u (über Maximalfach) ist noch aktiv."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Fehler beim Konvertieren in LUKS1-Format: Schlüsselfach %u ist nicht zu LUKS1 kompatibel."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Die Größe der Hotzone muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Gerätegröße muss ein Vielfaches der berechneten Zonenausrichtung (%zu Bytes) sein."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Nicht unterstützter Modus »%s« für Widerstandsfähigkeit"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher alter Segmente."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Fehler beim Initialisieren der Umverpackung für den Speicher neuer Segmente."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Fehler beim Initialisieren des Hotzone-Schutzes."
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Fehler beim Lesen der Prüfsummen für die aktuelle Hotzone."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Fehler beim Lesen des Hotzone-Bereichs, der bei %<PRIu64> beginnt."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Fehler beim Entschlüsseln von Sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Fehler beim Wiederherstellen von Sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Die Größe der Quell- und Zielgeräte stimmt nicht überein. Quelle %<PRIu64>, Ziel: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Fehler beim Aktivieren des Hotzone-Geräts »%s«."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Fehler beim Aktivieren des Überlagerungsgeräts »%s« mit der tatsächlichen Ursprungstabelle."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Fehler beim Laden der neuen Zuordnung für Gerät »%s«."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Fehler beim Auffrischen des Gerätestapels für Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Fehler beim Festlegen der neuen Bereichsgröße für Schlüsselfächer."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
#, c-format
-msgid "Data shift
is not aligned to requested encryption sector size (%<PRIu32> bytes)."
+msgid "Data shift
value is not aligned to encryption sector size (%<PRIu32> bytes)."
msgstr "Datenverschiebung ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (%<PRIu32> Bytes) ausgerichtet."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Nicht unterstützter Modus »%s« für Widerstandsfähigkeit"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Die Größe des verschobenen Segments kann nicht größer als der Wert der Datenverschiebung sein."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Ungültige Parameter für die robuste Wiederverschlüsselung."
+
+#: lib/luks2/luks2_reencrypt.c:2824
+#, c-format
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Das verschobene Segment ist zu groß. Angeforderte Größe %<PRIu64>, verfügbarer Platz %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Fehler beim Leeren der Tabelle."
+
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Die reduzierte Datengröße ist größer als die tatsächliche Gerätegröße."
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
msgstr "Datengerät ist nicht an der angeforderten Verschlüsselungs-Sektorgröße (%<PRIu32> Bytes) ausgerichtet."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Datenverschiebung (%<PRIu64> Sektoren) ist weniger als der zukünftige Datenoffset (%<PRIu64> Sektoren)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Fehler beim exklusiven Öffnen von »%s« (wird bereits anderweitig benutzt)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Das Gerät ist nicht für LUKS2-Wiederverschlüsselung markiert."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Fehler beim Laden des LUKS2-Wiederverschlüsselungs-Kontextes."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Fehler beim Einlesen des Wiederverschlüsselungs-Zustands."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Das Gerät befindet sich nicht in der Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Der Wiederverschlüsselungs-Vorgang läuft bereits."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Fehler beim Zugriff auf die Schreibsperre für die Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Führen Sie zuerst die Wiederverschlüsselungs-Wiederherstellung durch."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "Aktive Gerätegröße und angeforderte Wiederverschlüsselungsgröße passen nicht zusammen."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "Ungültige Gerätegröße wurde in den Wiederverschlüsselungsparametern angefordert."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Wiederverschlüsselung läuft bereits. Wiederherstellung ist nicht möglich."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "LUKS2-Wiederverschlüsselung ist in den Metadaten bereits initialisiert."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "LUKS2-Wiederverschlüsselung konnte in den Metadaten nicht initialisiert werden."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Fehler beim Festlegen der Gerätesegmente für die nächste Wiederverschlüsselungs-Hotzone."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Fehler beim Schreiben der Metadaten für robuste Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Fehler beim Entschlüsseln."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Fehler beim Schreiben des Hotzone-Bereichs, der bei %<PRIu64> beginnt."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Fehler beim Synchronisieren von Daten."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Fehler beim Aktualisieren der Metadaten, nachdem die aktuelle Wiederverschlüsselungs-Hotzone beendet wurde."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Fehler beim Schreiben der LUKS2-Metadaten."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Fehler beim gründlichen Löschen der Backupsegmentdaten."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Fehler beim gründlichen Löschen des ungenutzten Bereichs auf dem Gerät."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Token %d kann nicht dem Schlüsselfach %d zugeordnet werden."
+msgstr "Fehler beim Entfernen des ungenutzten (ungebundenen) Schlüsselfachs %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Fehler beim Zugriff auf die Sperre zur Wiederverschlüsselung."
+msgstr "Fehler beim Entfernen des Schlüsselfachs zur Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Schwerwiegender Fehler beim Wiederverschlüsseln des Blocks bei %<PRIu64>, %<PRIu64> Sektoren lang."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Fehler bei Online-Wiederverschlüsselung."
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Das Gerät nicht fortsetzen, außer es wird manuell durch das Fehlerziel ersetzt."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Wiederverschlüsselung kann nicht fortgesetzt werden. Unerwarteter Zustand der Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Fehlender oder ungültiger Wiederverschlüsselungs-Kontext."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Fehler beim Initialisieren des Gerätestapels für Wiederverschlüsselung."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Fehler beim Aktualisieren des Wiederverschlüsselungskontexts."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "Schlüsselfach %d ist ungültig."
+msgstr "Die Metadaten für die Wiederverschlüsselung sind ungültig."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Kein freies Fach für Token."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Verschlüsselungsparameter für Schlüsselfach wird nur für LUKS2-Geräte unterstützt."
-# upstream: period missing
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Fehler beim Erzeugen des eingebauten Tokens »%s«."
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Passphrase-Verifikation ist nur auf Terminal-Eingaben möglich."
+msgid "Enter token PIN: "
+msgstr "Geben Sie die PIN des Tokens ein: "
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Verschlüsselungsparameter für Schlüsselfach wird nur für LUKS2-Geräte unterstützt."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Geben Sie die PIN des Tokens %d ein: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Kein bekanntes Verschlüsselungsmuster entdeckt."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "WARNUNG: Der Parameter --hash wird im Plain-Modus ignoriert, wenn eine Schlüsseldatei angegeben ist.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "WARNUNG: Die Option --keyfile-size wird ignoriert, da die Lesegröße die gleiche ist wie die Verschlüsselungsschlüsselgröße ist.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Gerätesignaturen auf »%s« erkannt. Wenn Sie fortfahren, könnte das bestehende Daten beschädigen."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "Vorgang abgebrochen.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Die Option »--key-file« muss angegeben werden."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "VeraCrypt-PIM eingeben: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Ungültiger PIM-Wert: Formatfehler."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Ungültiger PIM-Wert: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Ungültiger PIM-Wert: außerhalb des gültigen Bereichs."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Kein Geräte-Header mit dieser Passphrase gefunden."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Gerät »%s« ist kein gültiges BITLK-Gerät."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Die Größe des Laufwerksschlüssels für BITLK kann nicht ermittelt werden, bitte nutzen Sie die Option »--key-size«."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"daher ausschließlich an einem sicheren Ort und verschlüsselt\n"
"aufbewahrt werden."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Der Headerdump zusammen mit dem Laufwerksschlüssel sind\n"
+"sensible Daten, mit deren Hilfe man ohne Passphrase auf die\n"
+"verschlüsselte Partition zugreifen kann. Dieser Dump sollte\n"
+"daher ausschließlich an einem sicheren Ort und verschlüsselt\n"
+"aufbewahrt werden."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Gerät »%s« ist kein gültiges FVAULT2-Gerät."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Die Größe des Laufwerksschlüssels für FVAULT2 kann nicht ermittelt werden, bitte nutzen Sie die Option »--key-size«."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Gerät »%s« ist noch aktiv und zum verzögerten Entfernen eingeplant.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Um die Größe von aktiven Geräten zu öndern, muss der Laufwerksschlüssel im Schlüsselbund sein, aber die Option --disable-keyring wurde angegeben."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Benchmark unterbrochen."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s (nicht zutreffend)\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u Iterationen pro Sekunde für %zu-Bit-Schlüssel\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s (nicht zutreffend)\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u Iterationen, %5u Speicher, %1u parallele Threads (CPUs) für %zu-Bit-Schlüssel (Zieldauer %u Millisekunden)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Das Ergebnis des Benchmarks ist nicht zuverlässig."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Die Tests sind nur annähernd genau, da sie nicht auf den Datenträger zugreifen.\n"
# upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption".
# To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators.
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Verschlüsselung »%s« (mit Schlüsselgröße %i Bits) ist nicht verfügbar."
# upstream: the following line should also be translated. This is because the long word "Schlüssel" for "Key" will break the layout, as well as "Verschlüsselung" for "Encryption".
# To help the translators, you should provide an example for what goes into the %x placeholders, since I had to make an educated guess that the second %s would be exactly 4 characters long. This is an unnecessary burden for the translators.
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algorithmus | Schlüssel | Verschlüsselung | Entschlüsselung\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "N/A"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Ungeschützte LUKS2-Metadaten für die Wiederverschlüsselung entdeckt. Bitte überprüfen Sie, ob die Wiederverschlüsselungsoperation erwünscht ist (siehe luksDump-Ausgabe)\n"
+"und fahren Sie nur fort (Upgrade der Metadaten), wenn Sie den Vorgang als echt anerkennen."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Geben Sie die Passphrase für den Schutz und das Aktualisieren der Metadaten für die Wiederverschlüsselung ein: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Wirklich mit der Wiederherstellung der LUKS2-Wiederverschlüsselung fortfahren?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: "
+msgstr "Geben Sie die Passphrase für das Prüfen der Metadaten für die Wiederverschlüsselung ein: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "Geben Sie die Passphrase für die Wiederherstellung der Wiederverschlüsselung ein: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Wirklich versuchen, den LUKS-Geräteheader wiederherzustellen?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Gründlich löschen unterbrochen."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Sie können diesen Vorgang mit Strg+C unterbrechen (der nicht gesäuberte Bereich des Geräts wird dann ungültige Prüfsummen haben).\n"
# upstream: it is boring that I have to translate the newline at the end of each of these messages. Translating strings without newlines is much easier and faster. Since it is redundant anyway (all calls to log_err have a trailing newline), this newline should be written implicitly.
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Fehler beim Deaktivieren des temporären Geräts »%s«."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Die Integritätsoption kann nur für das LUKS2-Format verwendet werden."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Nicht unterstützte Optionen für Größe der LUKS-Metadaten."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Die Headerdatei existiert nicht, soll sie angelegt werden?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Fehler beim Anlegen der Headerdatei »%s«."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Kein bekanntes Integritätsspezifikationsmuster entdeckt."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Das Gerät »%s« kann nicht als Datenträger-Header benutzt werden."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Hiermit werden die Daten auf »%s« unwiderruflich überschrieben."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Fehler beim Festlegen der PBKDF-Parameter."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Verringerter Datenoffset ist nur für separaten LUKS-Header erlaubt."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "LUKS-Datei-Container %s ist zu klein für die Aktivierung, es ist kein Platz mehr für Daten vorhanden."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Die Größe des Laufwerksschlüssels erfordert Schlüsselfächer, bitte nutzen Sie dazu die Option »--key-size«."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Gerät aktiviert, aber die Schalter können nicht dauerhaft gespeichert werden."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Schlüsselfach %d zum Löschen ausgewählt."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Dies ist das letzte Schlüsselfach. Wenn Sie diesen Schlüssel löschen, wird das Gerät unbrauchbar."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Geben Sie irgendeine verbleibende Passphrase ein: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Vorgang abgebrochen, das Schlüsselfach wurde NICHT gesäubert.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Geben Sie die zu löschende Passphrase ein: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Gerät »%s« ist kein gültiges LUKS2-Gerät."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Geben Sie die neue Passphrase für das Schlüsselfach ein: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "WARNUNG: Der Parameter --key-slot wird für die neue Nummer des Schlüsselfachs verwendet.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Geben Sie irgendeine bestehende Passphrase ein: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Geben Sie die zu ändernde Passphrase ein: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Geben Sie die neue Passphrase ein: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Geben Sie die Passphrase für das umzuwandelnde Schlüsselfach ein: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "Die Operation »isLuks« unterstützt nur genau ein Geräte-Argument."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Der Headerdump zusammen mit dem Laufwerksschlüssel sind\n"
-"sensible Daten, mit deren Hilfe man ohne Passphrase auf die\n"
-"verschlüsselte Partition zugreifen kann. Dieser Dump sollte\n"
-"daher ausschließlich an einem sicheren Ort und verschlüsselt\n"
-"aufbewahrt werden."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Schlüsselfach %d enthält keinen unverbundenen Schlüssel."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Dieser Dump sollte daher ausschließlich an einem sicheren Ort und\n"
"verschlüsselt aufbewahrt werden."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s ist kein aktives %s-Gerät."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s ist kein aktives LUKS-Gerät, oder der Header fehlt."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "Option »--header-backup-file« muss angegeben werden."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s ist kein von cryptsetup verwaltetes Gerät."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Die Geräteart »%s« kann nicht aufgefrischt werden"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Unbekannte Art »%s« des Metadaten-Geräts."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "Dieser Befehl benötigt den Gerätenamen und den zugeordneten Namen als Argumente."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Diese Operation wird alle Schlüsselfächer auf Gerät »%s« löschen.\n"
"Dadurch wird das Gerät unbrauchbar."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Vorgang abgebrochen, die Schlüsselfächer wurden NICHT gesäubert.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Invalid LUKS type, only luks1 and luks2 are supported."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Das Gerät hat bereits den Typ »%s«."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Diese Operation wird für »%s« ins Format »%s« umwandeln.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Vorgang abgebrochen, das Gerät wurde NICHT konvertiert.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Die Option --priority, --label oder --subsystem fehlt."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "Token %d ist ungültig."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "Token %d ist in Benutzung."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Fehler beim Hinzufügen des LUKS2-Schlüsselring-Tokens %d."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Token %d kann nicht dem Schlüsselfach %d zugeordnet werden."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "Token %d wird gerade nicht verwendet."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "Token konnte nicht aus der Datei importiert werden."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "Auf Token %d kann nicht für den Export zugegriffen werden."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Der Parameter --key-description ist Pflicht für die Aktion »token add«."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Die Aktion erfordert ein bestimmtes Token. Verwenden Sie den Parameter --token-id."
-
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "Ungültige Token-Operation »%s«."
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Token %d ist nicht dem Schlüsselfach %d zugeordnet."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Automatisch erkanntes aktives dm-Gerät »%s« für Datengerät »%s«.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Token %d kann nicht vom Schlüsselfach %d losgelöst werden."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Gerät »%s« ist kein Blockgerät.\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur zusammen mit einem TCRYPT-Gerät erlaubt."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Fehler bei der automatischen Erkennung von Gerät »%s«."
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Die Optionen --veracrypt und --disable-veracrypt werden nur für TCRYPT-kompatible Geräte unterstützt."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Es ist unklar, ob das Gerät »%s« aktiviert ist oder nicht.\n"
-"Möchten Sie wirklich mit der Wiederverschlüsselung im Offline-Modus fortfahren?\n"
-"Es kann zu Datenverlust kommen, wenn das Gerät gerade aktiviert ist.\n"
-"Um die Wiederverschlüsselung im Online-Modus durchzuführen, verwenden Sie stattdessen den Parameter --active-name.\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Die Option --veracrypt-pim wird nur für VeraCrypt-kompatible Geräte unterstützt."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Ungültige LUKS-Geräteart."
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Die Option --veracrypt-query-pim wird nur für VeraCrypt-kompatible Geräte unterstützt."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "Verschlüsselung ohne separaten Kopfbereich (--header) ist nur möglich, wenn die Größe des Hauptgeräts reduziert wird (--reduce-device-size)."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Die Optionen --veracrypt-pim und --veracrypt-query-pim schließen sich gegenseitig aus."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Der angeforderte Datenoffset darf maximal die Hälfte des Parameters --reduce-device-size betragen."
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Die Option --persistent ist nicht mit --test-passphrase kombinierbar."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Der Wert von --reduce-device-size wird auf das Doppelte von --offset %<PRIu64> (in Sektoren) angepasst.\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Die Optionen --refresh und --test-passphrase schließen sich gegenseitig aus."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Verschlüsselung wird nur für das LUKS2-Format unterstützt."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Die Option --shared ist nur beim beim »open«-Befehl eines Plain-Gerätes erlaubt."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "LUKS-Gerät auf »%s« erkannt. Möchten Sie dieses LUKS-Gerät erneut verschlüsseln?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Temporäre Headerdatei »%s« existiert bereits. Wird abgebrochen."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Die Option --offset mit der Aktion Öffnen wird nur für einfache und loopaes-Geräte unterstützt."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Fehler beim Anlegen der temporären Headerdatei »%s«."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert werden."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s ist jetzt aktiv und bereit für die Onlineverschlüsselung.\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Die Option \"Sektorgröße\" mit der Aktion \"Öffnen\" wird nur für einfache Geräte unterstützt."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "LUKS2-Entschlüsselung wird nur mit losgelöstem Headergerät unterstützt."
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Die Option für große IV-Sektoren wird nur unterstützt, wenn das geöffnete Gerät Sektoren größer als 512 Bytes hat."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Nicht genügend freie Schlüsselfächer für Wiederverschlüsselung."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS-, TCRYPT-, BITLK- und FVAULT2-Geräten erlaubt."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven Schlüsselfach benutzt werden."
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Die Optionen --device-size und --size können nicht kombiniert werden."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Geben Sie die Passphrase für Schlüsselfach %d ein: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Die Option »--unbound« ist nur beim »open«-Befehl eines LUKS-Gerätes erlaubt."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Die Option »--unbound« kann nur in Kombination mit »--test-passphrase« verwendet werden."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Der Verschlüsselungsalgorithmus wird auf %s geändert.\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Die Optionen --cancel-deferred und --deferred können nicht kombiniert werden."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Dieser Befehl benötigt den Gerätenamen als Argument."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Die Optionen --reduce-device-size und --data-size können nicht kombiniert werden."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Derzeit wird nur das LUKS2-Format unterstützt. Bitte verwenden Sie das Werkzeug cryptsetup-reencrypt für LUKS1."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Die Option »--active-name« ist nur auf LUKS2-Geräte anwendbar."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Veraltete Offline-Wiederverschlüsselung wird gerade durchgeführt. Verwenden Sie das Hilfsprogramm cryptsetup-reencrypt."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Die Optionen »--active-name« und »--force-offline-reencrypt« können nicht kombiniert werden."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Wiederverschlüsselung von Geräten mit Integritätsprofil wird nicht unterstützt."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "Das Schlüsselfach muss angegeben werden."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Die LUKS2-Wiederverschlüsselung wurde bereits begonnen. Die Operation wird abgebrochen."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Die Optionen --align-payload und --offset können nicht kombiniert werden."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "LUKS2-Gerät wird derzeit nicht wiederverschlüsselt."
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Die Option --integrity-no-wipe ist nur für die »format«-Aktion mit Integritätserweiterung erlaubt."
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<Gerät> [--type <Art>] [<Name>]"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Nur eine der Optionen --use-[u]random ist erlaubt."
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "Gerät als <Name> öffnen"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "Die Option »--unbound« erfordert die Schlüsselgröße."
+
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Ungültige Token-Aktion."
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Der Parameter --key-description ist Pflicht für die Aktion »token add«."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Die Aktion erfordert ein bestimmtes Token. Verwenden Sie den Parameter --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Die Option »--unbound« kann nur zusammen mit der Aktion zum Hinzufügen eines Tokens verwendet werden."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Die Optionen --key-slot und --unbound können nicht kombiniert werden."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Die Aktion erfordert ein bestimmtes Schlüsselfach. Verwenden Sie den Parameter --key-slot."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<Gerät> [--type <Art>] [<Name>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "Gerät als <Name> öffnen"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
msgid "<name>"
msgstr "<Name>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "Gerät schließen (Zuordnung entfernen)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr "Größe des aktiven Geräts ändern"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "Gerätestatus anzeigen"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <Algorithmus>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "Verschlüsselungsalgorithmus benchmarken"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<Gerät>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "Versuchen, die Metadaten auf dem Datenträger zu reparieren"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "LUKS2-Gerät wiederverschlüsseln"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "Alle Schlüsselfächer löschen (Verschlüsselungsschlüssel entfernen)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "Zwischen den Formaten LUKS und LUKS2 umwandeln"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "Permanente Konfigurationsoptionen für LUKS2 festlegen"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<Gerät> [<neue Schlüsseldatei>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "Ein LUKS-Gerät formatieren"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "Schlüssel zu LUKS-Gerät hinzufügen"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<Gerät> [<Schlüsseldatei>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "Entfernt bereitgestellten Schlüssel oder Schlüsseldatei vom LUKS-Gerät"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "Ändert den angegebenen Schlüssel oder die Schlüsseldatei des LUKS-Geräts"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "Wandelt einen Schlüssel in neue PBKDF-Parameter um"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<Gerät> <Schlüsselfach>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "Löscht Schlüssel mit Nummer <Schlüsselfach> vom LUKS-Gerät"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "UUID des LUKS-Geräts ausgeben"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "Testet <Gerät> auf Header einer LUKS-Partition"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "LUKS-Partitionsinformationen ausgeben"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "TCRYPT-Geräteinformationen ausgeben"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "BITLK-Geräteinformationen ausgeben"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "VFAULT2-Geräteinformationen ausgeben"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "LUKS-Gerät in Ruhezustand versetzen und alle Schlüssel auslöschen (alle IOs werden eingefroren)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "LUKS-Gerät aus dem Ruhezustand aufwecken"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Header und Schlüsselfächer eines LUKS-Geräts sichern"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Header und Schlüsselfächer eines LUKS-Geräts wiederherstellen"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <Gerät>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "LUKS2-Token manipulieren"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<Aktion> ist eine von:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Sie können auch die alten <Aktion>-Aliase benutzen:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<Schlüsselfach> ist die Nummer des zu verändernden LUKS-Schlüsselfachs\n"
"<Schlüsseldatei> optionale Schlüsseldatei für den neuen Schlüssel der »luksAddKey«-Aktion\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Vorgegebenes festeingebautes Metadatenformat ist %s (für luksFormat-Aktion).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Die Unterstützung des externen Token-Plugins LUKS2 ist %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "integriert"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Pfad des Plugins für externe LUKS2-Token: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "deaktiviert"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"Vorgabe-PBKDF für LUKS2: %s\n"
"\tIterationszeit: %d, benötigter Speicher: %d kB, parallele Threads: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, Schlüssel: %d Bits, Passphrase-Hashen: %s\n"
"\tLUKS: %s, Schlüssel: %d Bits, LUKS-Header-Hashen: %s, Zufallszahlengenerator: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: Standard-Schlüsselgröße mit XTS-Modus (zwei interne Schlüssel) wird verdoppelt.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: Benötigt %s als Argumente"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Schlüsselfach ist ungültig."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Die Gerätegröße muss ein Vielfaches von 512-Byte-Sektoren sein."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Ungültige Angabe der Maximalgröße für die Wiederverschlüsselungs-Hotzone."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Schlüsselgröße muss ein Vielfaches von 8 Bit sein"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Die maximale Verkleinerungsgröße ist 1 GiB."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Die Option --priority kann nur »ignore/normal/prefer« sein."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Diese Hilfe anzeigen"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Kurze Aufrufsyntax anzeigen"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Paketversion ausgeben"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Hilfe-Optionen:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Zeigt detailliertere Fehlermeldungen an"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Zeigt Debugging-Meldungen an"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Debugging-Meldungen anzeigen, inclusive JSON-Metadaten"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Der Algorithmus zum Verschlüsseln des Datenträgers (siehe /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Das Hashverfahren, um den Verschlüsselungsschlüssel aus der Passphrase zu erzeugen"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Verifiziert die Passphrase durch doppeltes Nachfragen"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Schlüssel aus einer Datei lesen"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Laufwerks-(Master-)schlüssel anstelle der Schlüsselfach-Informationen wegschreiben"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Die Größe des Verschlüsselungsschlüssels"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITS"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Begrenzt das Lesen aus der Schlüsseldatei"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "Bytes"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Anzahl der Bytes, die in der Schlüsseldatei übersprungen werden"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Begrenzt das Lesen aus der neu erzeugten Schlüsseldatei"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Anzahl der Bytes, die in der neu erzeugten Schlüsseldatei übersprungen werden"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Fachnummer für den neuen Schlüssel (im Zweifel das nächste freie)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Die Größe des Geräts"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTOREN"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Nur die angegebene Gerätegröße benutzen (Rest des Gerätes ignorieren). GEFÄHRLICH!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Der Startoffset im Backend-Gerät"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Wieviele Sektoren der verschlüsselten Daten am Anfang übersprungen werden sollen"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Eine schreibgeschützte Zuordnung erzeugen"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Nicht nach Bestätigung fragen"
-
-# XXX
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Frist für interaktive Eingabe der Passphrase (in Sekunden)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "sek"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Aktualisierungsintervall für Fortschrittszeile (in Sekunden)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Wie oft die Eingabe der Passphrase wiederholt werden kann"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Nutzdaten an Grenzen von <n> Sektoren ausrichten - für luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Datei mit dem Backup der LUKS-Header und den Schlüsselfächern"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "/dev/random zum Generieren des Laufwerksschlüssels benutzen"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "/dev/urandom zum Generieren des Laufwerksschlüssels benutzen"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Gerät mit einem anderen nicht-überlappenden Kryptosegment teilen"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID für das zu verwendende Gerät"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Auswurf-Anfragen (»TRIM«-Befehl) für das Gerät zulassen"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Gerät oder Datei mit separatem LUKS-Header"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Gerät nicht aktivieren, nur Passphrase überprüfen"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Versteckten Header benutzen (verstecktes TCRYPT-Gerät)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Das Gerät ist das System-TCRYPT-Laufwerk (mit Bootlader)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Backup-(Zweit-)-TCRYPT-Header benutzen"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Auch nach VeryCrypt-kompatiblen Geräten suchen"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Persönlicher Interations-Multiplizierer (PIM) für VeryCrypt-kompatibles Gerät"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Bei VeraCrypt-kompatiblem Gerät nach persönlichem Iterations-Multiplizierer (PIM) fragen"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Art der Geräte-Metadaten: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Passwort-Qualitätsprüfung deaktivieren (wenn sie aktiviert ist)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Kompatibilitäts-Performance-Option »same_cpu_crypt« für dm-crypt benutzen"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Kompatibilitäts-Performance-Option »submit_from_crypt_cpus« für dm-crypt benutzen"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Arbeitswarteschlangen von dm-crypt umgehen und Leseanfragen synchron abarbeiten"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Arbeitswarteschlangen von dm-crypt umgehen und Schreibanfragen synchron abarbeiten"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Das Entfernen des Geräts wird aufgeschoben, bis der letzte Benutzer es schließt"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Globale Sperre verwenden, um speicherintensive PBKDF zu serialisieren (um Speicherprobleme zu umgehen)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "PBKDF-Iterationszeit for LUKS (in ms)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "msek"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "PBKDF-Algorithmus (für LUKS2): argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "PBKDF-Speicherkostengrenze"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "Kilobytes"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "PBKDF-Parallelitätskosten"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "Threads"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "PBKDF-Iterationskosten (erzwungen, deaktiviert Benchmark)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Schlüsselfach-Priorität: ignore (ignorieren), normal, prefer (bevorzugen)"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Dateisperrung von Metadaten auf der Platte deaktivieren"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Deaktivieren, dass Laufwerksschlüssel über den Kernel-Schlüsselbund geladen werden"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Datenintegritätsalgorithmus (nur LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Aufzeichnung für Integritätsgerät deaktivieren"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Gerät nach dem Formatieren nicht säubern"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Ineffizientes Altlasten-Padding verwenden (für alte Kernel)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Nicht nach einer Passphrase fragen, wenn die Aktivierung durch Token fehlschlägt"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Token-Nummer (Vorgabe: eine beliebige)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Schlüsselbeschreibung"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Verschlüsselungs-Sektorgröße (Vorgabe: 512 Bytes)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "IV verwenden (in Sektorgröße gezählt statt in Einheiten von 512 Bytes)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Aktivierungsschalter für Gerät permanent festlegen"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Beschriftung für das LUKS2-Gerät festlegen"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Teilsystem-Beschriftung für das LUKS2-Gerät festlegen"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Unbeschränktes LUKS2-Schlüsselfach (ohne zugeordnetem Datensegment) anlegen oder wegschreiben"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "JSON aus einer Datei lesen oder in eine Datei schreiben"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Größe des Bereichs für LUKS2-Header-Metadaten"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Größe des Bereichs für Schlüsselfächer im LUKS2-Header"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Gerät mit neuen Parametern auffrischen (reaktivieren)"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "LUKS2-Schlüsselfach: Die Größe des Verschlüsselungsschlüssels"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "LUKS2-Keyslot: Der Algorithmus, der für die Keyslot-Verschlüsselung verwendet wird"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "LUKS2-Gerät verschlüsseln (direkt am Ort)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "LUKS2-Gerät entschlüsseln (Verschlüsselung entfernen)."
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "LUKS2-Wiederverschlüsselung nur in Metadaten beginnen."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Nur eine begonnene LUKS2-Wiederverschlüsselung fortsetzen."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Größe des Datengeräts reduzieren (Datenoffset verschieben). GEFÄHRLICH!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Maximalgröße der Wiederverschlüsselungs-Hotzone."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Widerstandsfähigkeit der Hotzone für die Wiederverschlüsselung (checksum,journal,none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Hash für Prüfsummen der Wiederverschlüsselungs-Hotzone"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Automatische Geräteerkennung der dm-Geräte für die Wiederverschlüsselung übersteuern"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPTION...] <Aktion> <aktionsabhängig>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Argument <Aktion> fehlt."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Unbekannte Aktion."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Die Optionen --refresh und --test-passphrase schließen sich gegenseitig aus."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Die Option --deferred ist nur beim »close«-Befehl erlaubt."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Die Option --shared ist nur beim beim »open«-Befehl eines Plain-Gerätes erlaubt."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Die Option --allow-discards ist nur beim »open«-Befehl erlaubt."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Die Option --persistent ist nur beim »open«-Befehl erlaubt."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Die Option --serialize-memory-hard-pbkdf ist nur beim »open«-Befehl erlaubt."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Die Option --persistent ist nicht mit --test-passphrase kombinierbar."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Die Option --key-size ist nur für »luksFormat«, »luksAddKey«,\n"
-"»open« und »benchmark« erlaubt. Benutzen Sie stattdessen »--keyfile-size=(Bytes)«,\n"
-"um das Lesen aus der Schlüsseldatei zu begrenzen."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Die Option --integrity ist nur für luksFormat (LUKS2) erlaubt."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Die Option --integrity-no-wipe ist nur für die »format«-Aktion mit Integritätserweiterung erlaubt."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Die Optionen --label und --subsystem sind nur für die Aktionen »luksFormat« und »config LUKS2« erlaubt."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Die Option --test-passphrase ist nur beim Öffnen von LUKS, TCRYPT- und BITLK-Geräten erlaubt."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Schlüsselgröße muss ein Vielfaches von 8 Bit sein"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Schlüsselfach ist ungültig."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Die Option --key-file wirkt stärker als das angegebene Schlüsseldatei-Argument."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Negative Zahl für die Option nicht erlaubt."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Die Option --key-file ist nur einmal erlaubt."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Nur eine der Optionen --use-[u]random ist erlaubt."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Die Option --use-[u]random ist nur für luksFormat erlaubt."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Die Option --uuid ist nur für luksFormat und luksUUID erlaubt."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Die Option --align-payload ist nur für luksFormat erlaubt."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Die Optionen --luks2-metadata-size und --opt-luks2-keyslots-size sind nur für luksFormat mit LUKS2 erlaubt."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Ungültige Angabe für die Größe der LUKS2-Metadaten."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Ungültige Angabe für die Größe der LUKS2-Schlüsselfächer."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Die Optionen --align-payload und --offset können nicht kombiniert werden."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Die Option --skip ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Die Option --offset ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt, sowie für luksFormat und Geräte-Wiederverschlüsselung."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Die Optionen --tcrypt-hidden, --tcrypt-system und --tcrypt-backup sind nur zusammen mit einem TCRYPT-Gerät erlaubt."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Die Option --tcrypt-hidden kann nicht mit --allow-discards kombiniert werden."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Die Option --veracrypt wird nur für TCRYPT-kompatible Geräte unterstützt."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Ungültiges Argument für Parameter --veracrypt-pim angegeben."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Die Option --veracrypt-pim wird nur für VeraCrypt-kompatible Geräte unterstützt."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Die Option --veracrypt-query-pim wird nur für VeraCrypt-kompatible Geräte unterstützt."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Die Optionen --veracrypt-pim und --veracrypt-query-pim schließen sich gegenseitig aus."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Die Option --priority kann nur »ignore/normal/prefer« sein."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Das Schlüsselfach muss angegeben werden."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "Passwortbasierte Schlüsselableitungsfunktion (PBKDF) kann nur »pbkdf2« oder »argon2i/argon2id« sein."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Bei PBKDF darf nur entweder die Anzahl der Durchläufe oder die Zeitbegrenzung angegeben werden."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Die Option Sektorgröße wird für diesen Befehl nicht unterstützt."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Die Option für große IV-Sektoren wird nur unterstützt, wenn das geöffnete Gerät Sektoren größer als 512 Bytes hat."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Die Option »--unbound« erfordert die Schlüsselgröße."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Die Option »--unbound« kann nur zusammen mit den Aktionen »luksAddKey« und »luksDump« benutzt werden."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Die Optionen --keyslot-cipher und --keyslot-keysize können nur zusammen benutzt werden."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Die Option --refresh kann nur zusammen mit der Aktion »open« benutzt werden."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Es wird keine Aktion ausgeführt. Aufgerufen mit der Option --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Fehler beim Deaktivieren der Metadaten-Dateisperre."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Ungültige Angabe der Maximalgröße für die Wiederverschlüsselungs-Hotzone."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Ungültige Angabe der Gerätegröße."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Die maximale Verkleinerungsgröße ist 1 GiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Die verkleinerte Größe muss ein Vielfaches von 512-Byte-Sektoren sein."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Ungültige Angabe der Datengröße."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Überlauf bei der Verringerungsgröße."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "LUKS2-Entschlüsselung erfordert die Option --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Die Gerätegröße muss ein Vielfaches von 512-Byte-Sektoren sein."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Die Optionen --reduce-device-size und --data-size können nicht kombiniert werden."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Die Optionen --device-size und --size können nicht kombiniert werden."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Die Optionen --keyslot-cipher und --keyslot-keysize können nur zusammen benutzt werden."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Ungültiger Salt-String angegeben."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Fehler beim Schreiben des Hash-Abbilds »%s«."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Fehler beim Schreiben des FEC-Abbilds »%s«."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Fehler beim Schreiben des Wurzel-Hash-Abbilds »%s«."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Fehler beim Schreiben der Wurzel-Hashdatei »%s«."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Gerät »%s« ist kein gültiges VERITY-Gerät."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Fehler beim Anlegen der Wurzel-Hashdatei »%s«."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Ungültige Root-Hash-Datei »%s«."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Ungültiger Root-Hash-String angegeben."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Ungültige Signaturdatei »%s«."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Fehler beim Einlesen der Signaturdatei »%s«."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Der Befehl erfordert die Option <root_hash> oder --root-hash-file als Argument."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<Datengerät> <Hash-Gerät>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "Gerät formatieren"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<Datengerät> <Hash-Gerät> <Root-Hash>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<Daten-Gerät> <Hash-Gerät> [<Wurzel_Hash>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "Gerät verifizieren"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<Datengerät> <Name> <Hash-Gerät> <Root-Hash>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<Datengerät> <Name> <Hash-Gerät> [<Wurzel-Hash>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "Status der aktiven Geräte anzeigen"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<Hash-Gerät>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "Auf dem Datenträger gespeicherte Informationen anzeigen"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<Hash-Gerät> ist das Gerät, das die Verifikationsdaten enthält\n"
"<Root-Hash> ist der Hash des Rootknotens auf <Hash-Gerät>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Einkompilierte Vorgabewerte für dm-verity:\n"
"\tHash: %s, Datenblock (Bytes): %u, Hashblock (Bytes): %u, Salt-Größe: %u, Hashformat: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Verity-Superblock nicht benutzen"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Format-Art (1 - normal, 0 - originales Chrome-OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "Zahl"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden."
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Blockgröße auf dem Datengerät"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Die Optionen --panic-on-corruption und --restart-on-corruption können nicht zusammen benutzt werden."
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Blockgröße auf dem Hash-Gerät"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Dadurch werden Daten auf %s und %s unwiderruflich überschrieben.\n"
+"Um Daten auf dem Gerät zu bewahren, verwenden Sie die Option »--no-wipe« (und aktivieren Sie sie dann mit »--integrity-recalculate«)."
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "FEC-Paritätsbytes"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Formatiert mit Etikettgröße %u und interner Integrität %s.\n"
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Die Anzahl der Blöcke in der Datendatei"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Das Setzen der Option »recalculate« wird nicht unterstützt, Sie können stattdessen »--wipe« erwägen."
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "Blöcke"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Gerät »%s« ist kein gültiges INTEGRITY-Gerät."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Pfad zum Gerät mit Fehlerkorrekturdaten"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<Integritätsgerät>"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "Pfad"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<Integritätsgerät> <Name>"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Start-Offset auf dem Hash-Gerät"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<Name> ist das Gerät, das unter »%s« angelegt werden soll\n"
+"<Integritätsgerät> ist das Gerät, das die Daten mit Integritätsangaben enthält\n"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Start-Offset auf dem FEC-Gerät"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Einkompilierte Vorgabewerte für dm-integrity:\n"
+"\tPrüfalgorithmus: %s\n"
+"\tMaximalgröße der Schlüsseldatei: %d kB\n"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Hash-Algorithmus"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Ungültige Größe für --%s. Maximum ist %u Bytes."
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "Zeichenkette"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen angegeben werden."
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Salt"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen für die Journalintegrität angegeben werden."
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "Hex-Zeichenkette"
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Wenn ein Integritätsschlüssel für das Journal verwendet wird, muss auch der Integritätsalgorithmus angegeben werden."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Sowohl der Verschlüsselungsschlüssel als auch die Schlüsselgröße müssen für die Journalverschlüsselung angegeben werden."
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Pfad zur Signaturdatei des Stammhashes"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Wenn ein Verschlüsselungsschlüssel für das Journal verwendet wird, muss auch der Verschlüsselungsalgorithmus angegeben werden."
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Kernel neustarten wenn Beschädigung festgestellt wird"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Die Modi Wiederherstellung und Bitmap schließen sich gegenseitig aus."
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Die Journal-Optionen können nicht im Bitmap-Modus verwendet werden."
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Die Bitmapoptionen können nur im Bitmapmodus verwendet werden."
+
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"WARNUNG!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Sind Sie sicher? (Tippen Sie 'yes' in Großbuchstaben): "
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Kernel-Abbruch, wenn Beschädigung festgestellt wird"
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Fehler beim Lesen der Antwort vom Terminal."
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Beschädigung ignorieren, nur mitloggen"
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Befehl erfolgreich."
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Ausgenullte Blöcke nicht überprüfen"
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "Falsche oder fehlende Parameter"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Datenblock nur beim erstmaligen Lesen verifizieren"
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "Kein Zugriff, oder falsche Passphrase"
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Die Optionen --ignore-corruption, --restart-on-corruption und --ignore-zero-blocks sind nur für die »open«-Aktion erlaubt."
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "Nicht genug Speicher"
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Die Option --root-hash-signature kann nur zusammen mit der Aktion »open« benutzt werden."
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "Falsches Gerät oder falsche Datei angegeben"
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Die Optionen --ignore-corruption und --restart-on-corruption können nicht zusammen benutzt werden."
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "Das Gerät existiert bereits oder wird bereits benutzt"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Die Optionen --panic-on-corruption und --restart-on-corruption können nicht zusammen benutzt werden."
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "Unbekannter Fehler"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Fehler %i beim Ausführen des Befehls »%s«."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Schlüsselfach %i erstellt."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Schlüsselfach %i entsperrt."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Schlüsselfach %i entfernt."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Token %i erstellt."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Token %i entfernt."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Mit dieser PIN konnte kein Token entsperrt werden."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Token %i benötigt eine PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Token (Art %s) benötigt eine PIN."
-#: src/integritysetup.c:85
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token %i kann zugewiesenes Schlüsselfach nicht freischalten (falsche Schlüsselfach-Passphrase)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token (Art %s) kann zugewiesenes Schlüsselfach nicht freischalten (falsche Schlüsselfach-Passphrase)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Token %i erfordert zusätzliche fehlende Ressource."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Token (Art %s) erfordert zusätzliche fehlende Ressource."
+
+#: src/utils_tools.c:298
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Ungültige Schlüsselgröße. Maximum ist %u Bytes."
+msgid "No usable token (type %s) is available."
+msgstr "Es ist kein verwendbares Token (Art %s) vorhanden."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Es ist kein verwendbares Token verfügbar."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Fehler beim Einlesen der Schlüsseldatei »%s«."
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Fehler beim Einlesen von %d Bytes aus der Schlüsseldatei »%s«."
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Fehler beim Einlesen von %d Bytes aus der Schlüsseldatei »%s«."
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> Tage"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s geschrieben"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "Geschwindigkeit %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Fortschritt: %5.1f%%, ETA %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Fertiggestellt, Zeit %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Fehler beim Prüfen der Passwortqualität: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Passwort-Qualitätsüberprüfung fehlgeschlagen:\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Passwort-Qualitätsüberprüfung fehlgeschlagen: Falsche Passphrase (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "Fehler beim Lesen der Passphrase vom Terminal."
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "Passphrase bestätigen: "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "Passphrasen stimmen nicht überein."
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden."
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Passphrase eingeben: "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Geben Sie die Passphrase für »%s« ein: "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "Kein Schlüssel mit dieser Passphrase verfügbar."
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "Es ist kein nutzbares Schlüsselfach verfügbar."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Passphrase-Verifikation ist nur auf Terminal-Eingaben möglich."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Datei %s konnte nicht im Nur-Lese-Modus geöffnet werden."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Geben Sie gültiges LUKS2-Token-JSON an:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "JSON-Datei konnte nicht gelesen werden."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Lesen unterbrochen."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Datei %s konnte nicht im Schreibmodus geöffnet werden."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Schreiben unterbrochen."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "JSON-Datei konnte nicht geschrieben werden."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Automatisch erkanntes aktives dm-Gerät »%s« für Datengerät »%s«.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Fehler bei der automatischen Erkennung von Gerät »%s«."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Gerät »%s« ist kein Blockgerät.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Es ist unklar, ob das Gerät »%s« aktiviert ist oder nicht.\n"
+"Möchten Sie wirklich mit der Wiederverschlüsselung im Offline-Modus fortfahren?\n"
+"Es kann zu Datenverlust kommen, wenn das Gerät gerade aktiviert ist.\n"
+"Um die Wiederverschlüsselung im Online-Modus durchzuführen, verwenden Sie stattdessen den Parameter --active-name.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Gerät %s ist kein Blockgerät. Kann nicht automatisch erkennen, ob es aktiv ist oder nicht.\n"
+"Verwenden Sie --force-offline-reencrypt, um die Prüfung zu umgehen und im Offline-Modus zu laufen (gefährlich!)."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Die angeforderte Option »--resilience« kann nicht auf den aktuellen Wiederverschlüsselungsvorgang angewendet werden."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Das Gerät ist nicht der LUKS2-Verschlüsselung. Die Option »--encrypt« ist widersprüchlich."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Das Gerät ist nicht der LUKS2-Entschlüsselung. Die Option »--encrypt« ist widersprüchlich."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Das Gerät befindet sich in der Wiederverschlüsselung mit Datashift-Resilienz. Die angeforderte Option --resilience kann nicht angewendet werden."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Das Gerät erfordert die Wiederherstellung der Wiederverschlüsselung. Führen Sie zuerst die Reparatur aus."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Gerät %s befindet sich bereits in der LUKS2-Neuverschlüsselung. Möchten Sie den zuvor begonnenen Vorgang fortsetzen?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Die veraltete LUKS2-Wiederverschlüsselung wird nicht mehr unterstützt."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Wiederverschlüsselung von Geräten mit Integritätsprofil wird nicht unterstützt."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Angeforderte --sector-size %<PRIu32> ist nicht kompatibel mit dem %s-Superblock\n"
+"(Blockgröße: %<PRIu32>Bytes), der auf dem Gerät %s erkannt wurde."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Verschlüsselung ohne separaten Kopfbereich (--header) ist nur möglich, wenn die Größe des Hauptgeräts reduziert wird (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Der angeforderte Datenoffset darf maximal die Hälfte des Parameters --reduce-device-size betragen."
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Der Wert von --reduce-device-size wird auf das Doppelte von --offset %<PRIu64> (in Sektoren) angepasst.\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Temporäre Headerdatei »%s« existiert bereits. Wird abgebrochen."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Fehler beim Anlegen der temporären Headerdatei »%s«."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Die Größe der LUKS2-Metadaten ist größer als der Wert der Datenverschiebung."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Der neue Header konnte nicht am Kopf des Geräts %s platziert werden."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s ist jetzt aktiv und bereit für die Onlineverschlüsselung.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Das aktive Gerät »%s« ist kein LUKS2-Gerät."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Wiederherstellung des ursprünglichen LUKS2-Headers."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Fehler beim Wiederherstellen des ursprünglichen LUKS2-Headers."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Die Header-Datei %s existiert nicht. Möchten Sie die LUKS2-Entschlüsselung von Gerät %s initialisieren und LUKS2-Header in Datei %s exportieren?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Fehler beim Hinzufügen der Lese-/Schreibberechtigung für die exportierte Header-Datei."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Fehler beim Initialisieren der Wiederverschlüsselung. Eine Sicherungskopie des Headers befindet sich in %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "LUKS2-Entschlüsselung wird nur mit losgelöstem Headergerät unterstützt (mit Datenoffset auf 0 gesetzt)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Nicht genügend freie Schlüsselfächer für Wiederverschlüsselung."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Schlüsseldatei kann nur mit --key-slot oder mit genau einem aktiven Schlüsselfach benutzt werden."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Geben Sie die Passphrase für Schlüsselfach %d ein: "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Geben Sie die Passphrase für Schlüsselfach %u ein: "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Der Verschlüsselungsalgorithmus wird auf %s geändert.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Keine Datensegmentparameter geändert. Wiederverschlüsselung abgebrochen."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Die Zunahme der Größe des Verschlüsselungssektors auf einem Offline-Gerät wird nicht unterstützt.\n"
+"Aktivieren Sie das Gerät zuerst oder verwenden Sie die Option »--force-offline-reencrypt« (gefährlich!)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Wiederverschlüsselung unterbrochen."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "LUKS-Wiederverschlüsselung wird im erzwungenen Offline-Modus fortgesetzt.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Das Gerät %s enthält fehlerhafte LUKS-Metadaten. Vorgang wird abgebrochen."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Gerät %s ist bereits ein LUKS-Gerät. Vorgang wird abgebrochen."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Gerät %s befindet sich bereits in der LUKS-Wiederverschlüsselung. Vorgang wird abgebrochen."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "LUKS2-Entschlüsselung erfordert die Option »--header«."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "Dieser Befehl benötigt den Gerätenamen als Argument."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in der LUKS1-Wiederverschlüsselung."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Widersprüchliche Versionen. Gerät %s ist LUKS2."
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Widersprüchliche Versionen. Gerät %s befindet sich in LUKS2-Wiederverschlüsselung."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Die LUKS2-Wiederverschlüsselung wurde bereits begonnen. Die Operation wird abgebrochen."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Derzeit läuft keine Wiederverschlüsselung."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Gerät »%s« kann nicht exklusiv geöffnet werden, da es bereits benutzt wird."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Belegen des ausgerichteten Speichers fehlgeschlagen."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Fehler beim Lesen von Gerät »%s«."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "LUKS1-Gerät »%s« wird als unbenutzbar markiert."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Fehler beim Schreiben auf Gerät »%s«."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Fehler beim Speichern der Wiederverschlüsselungs-Logdatei."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Fehler beim Einlesen der Wiederverschlüsselungs-Logdatei."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Falsches Protokollformat."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Logdatei »%s« existiert, Wiederverschlüsselung wird fortgesetzt.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Temporäres Gerät mit dem alten LUKS-Header wird aktiviert."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Temporäres Gerät mit dem neuen LUKS-Header wird aktiviert."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Fehler beim Aktivieren der temporären Geräte."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Fehler beim Festlegen des Daten-Offsets."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Fehler beim Festlegen der Metadatengröße."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Neuer LUKS-Header für Gerät »%s« angelegt."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "%s-Backup-Header von Gerät »%s« angelegt."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Fehler beim Anlegen des LUKS-Backup-Headers."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Fehler beim Wiederherstellen des %s-Headers auf Gerät »%s«."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "%s-Header auf Gerät »%s« wiederhergestellt."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Fehler beim Öffnen des temporären LUKS-Geräts."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Fehler beim Ermitteln der Gerätegröße."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "E/A-Fehler während der Wiederverschlüsselung."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Die angegebene UUID ist ungültig."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Fehler beim Öffnen der Wiederverschlüsselungs-Logdatei."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Derzeit ist keine Entschlüsselung im Gange, die angegebene UUID kann nur benutzt werden, um einen unterbrochenen Entschlüsselungsvorgang fortzusetzen."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Wiederverschlüsselung ändert: %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "Laufwerksschlüssel"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr ", Hash auf "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", Verschlüsselung auf "
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Partitionssignatur.\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Superblock-Signatur.\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Fehler beim Initialisieren der Gerätesignatursonden."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Gerät %s konnte nicht gefunden werden."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Datei %s konnte nicht im Lese-/Schreibmodus geöffnet werden."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Die bestehende »%s«-Partitionssignatur auf Gerät %s wird gelöscht."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Die bestehende »%s«-Superblocksignatur auf Gerät %s wird gelöscht."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Fehler beim Löschen der Gerätesignatur."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Gerät %s konnte nicht auf eine Signatur geprüft werden."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Ungültige Größenangabe in Parameter --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Die Option --%s ist nicht mit der Aktion %s kombinierbar."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Fehler beim Schreiben des SSH-Tokens im JSON-Format."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Experimentelles cryptsetup-Plugin zum Entsperren von LUKS2-Geräten mit einem an einen SSH-Server angeschlossenen Token\\v\n"
+"Dieses Plugin erlaubt derzeit nur das Hinzufügen eines Tokens zu einem bestehenden Schlüsselfach.\n"
+"\n"
+"Der angegebene SSH-Server muss eine Schlüsseldatei im angegebenen Pfad mit einer Passphrase für ein bestehendes Schlüsselfach auf dem Gerät enthalten.\n"
+"Die angegebenen Anmeldedaten werden von cryptsetup verwendet, um das Passwort zu erhalten, wenn das Gerät mit dem Token geöffnet wird.\n"
+"\n"
+"Hinweis: Die beim Hinzufügen des Tokens angegebenen Informationen (SSH-Server-Adresse, Benutzer und Pfade) werden im LUKS2-Header im Klartext gespeichert."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<Aktion> <Gerät>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Optionen für die Aktion \"add\" (Hinzufügen):"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "IP-Adresse/URL des entfernten Servers für dieses Token"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Benutzername, der für den entfernten Server verwendet wird"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Pfad zur Schlüsseldatei auf dem entfernten Server"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Pfad zum SSH-Schlüssel für die Verbindung zum entfernten Server"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Schlüsselfach, dem das Token zugewiesen werden soll. Wenn nicht angegeben, wird das Token dem ersten Schlüsselfach zugewiesen, das zur angegebenen Passphrase passt."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Allgemeine Optionen:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Zeigt detailliertere Fehlermeldungen an"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Zeigt Debugging-Meldungen an"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Debugging-Meldungen anzeigen, inclusive JSON-Metadaten"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Öffnen und Importieren des privaten Schlüssels fehlgeschlagen:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Der Import des privaten Schlüssels (passwortgeschützt?) ist fehlgeschlagen.\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Passwort von %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Das Parsen der Argumente ist fehlgeschlagen.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Es muss eine Aktion angegeben werden\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Für die Aktion '%s' muss ein Gerät angegeben werden.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Für die Aktion '%s' muss ein SSH-Server angegeben werden.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Für die Aktion '%s' muss ein SSH-Benutzer angegeben werden.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Für die Aktion '%s' muss ein SSH-Pfad angegeben werden.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Für die Aktion '%s' muss ein SSH-Schlüsselpfad angegeben werden.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Öffnen von %s mit den angegebenen Anmeldeinformationen fehlgeschlagen.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Nur die Aktion \"add\" (Hinzufügen) wird derzeit von diesem Plugin unterstützt.\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Kann keine sftp-Sitzung erstellen: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Kann sftp-Sitzung nicht starten: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Kann sftp-Sitzung nicht eröffnen: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Kann Eigenschaften der sftp-Datei nicht ermitteln: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Nicht genug Speicher.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Entfernter Schlüssel kann nicht gelesen werden: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Verbindung fehlgeschlagen: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Server nicht bekannt: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Authentifizierung mit öffentlichem Schlüssel ist auf dem Host nicht erlaubt.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Fehler bei der Authentifizierung mit öffentlichem Schlüssel: "
+
+#~ msgid "WARNING: Data offset is outside of currently available data device.\n"
+#~ msgstr "WARNING: Der Datenoffset ist außerhalb des derzeit verfügbaren Datengeräts.\n"
+
+#~ msgid "Cannot get process priority."
+#~ msgstr "Fehler beim Ermitteln der Prozesspriorität."
+
+#~ msgid "Cannot unlock memory."
+#~ msgstr "Fehler beim Entsperren des Speichers."
+
+#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+#~ msgstr "Das Verzeichnis %s/%s, das die Dateisperren enthält, wird mit den vorgegebenen, fest einprogrammierten Berechtigungen erzeugt."
+
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Fehler beim Lesen der BITLK-Signatur von »%s«."
+
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Ungültige oder unbekannte Signatur für BITLK-Gerät."
+
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Fehler beim gründlichen Löschen der Backupsegmentdaten."
+
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Fehler beim Deaktivieren der Wiederverschlüsselungsanforderung."
+
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Verschlüsselung wird nur für das LUKS2-Format unterstützt."
+
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "LUKS-Gerät auf »%s« erkannt. Möchten Sie dieses LUKS-Gerät erneut verschlüsseln?"
+
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "Derzeit wird nur das LUKS2-Format unterstützt. Bitte verwenden Sie das Werkzeug cryptsetup-reencrypt für LUKS1."
+
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Veraltete Offline-Wiederverschlüsselung wird gerade durchgeführt. Verwenden Sie das Hilfsprogramm cryptsetup-reencrypt."
+
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "LUKS2-Gerät wird derzeit nicht wiederverschlüsselt."
+
+#~ msgid "Reencryption already in-progress."
+#~ msgstr "Wiederverschlüsselung läuft bereits."
+
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "LUKS2-Offline-Wiederverschlüsselungs-Kennzeichen wird auf Gerät »%s« festgelegt."
+
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Diese Version von cryptsetup-reencrypt kann internen Tokentyp %s nicht verarbeiten."
+
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Fehler beim Lesen der Aktivierungsschalter aus dem Backup-Header."
+
+#~ msgid "Failed to write activation flags to new header."
+#~ msgstr "Fehler beim Schreiben der Aktivierungsschalter in den neuen Header."
+
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "PBKDF-Parameter in Schlüsselfach %i wurden geändert."
+
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Für die Wiederverschlüsselungs-Blockgröße sind nur Werte zwischen 1 MiB und 64 MiB erlaubt."
+
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Die maximale Verkleinerungsgröße ist 64 MiB."
+
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[OPTION...] <Gerät>"
+
+#~ msgid "Argument required."
+#~ msgstr "Argument muss angegeben werden."
+
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Die Option »--new« muss zusammen mit »--reduce-device-size« oder »--header« benutzt werden."
+
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Die Option »--keep-new« kann nur zusammen mit »--hash«, »--iter-time« oder »--pbkdf-force-iterations« benutzt werden."
+
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Die Option »--new« kann nicht zusammen mit »--decrypt« benutzt werden."
+
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Die Option --decrypt verträgt sich nicht mit den angegebenen Parametern."
+
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Die Option »--uuid« kann nur zusammen mit »--decrypt« benutzt werden."
+
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Ungültiger LUKS-Typ. Verwenden Sie einen von diesen: luks, luks1, luks2."
+
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Gerät %s wird gerade benutzt. Das Formatieren ist gerade nicht möglich."
+
+#~ msgid "No free token slot."
+#~ msgstr "Kein freies Fach für Token."
+
+# upstream: period missing
+#~ msgid "Failed to create builtin token %s."
+#~ msgstr "Fehler beim Erzeugen des eingebauten Tokens »%s«."
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Ungültige LUKS-Geräteart."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Der Algorithmus zum Verschlüsseln des Datenträgers (siehe /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Das Hashverfahren, um den Verschlüsselungsschlüssel aus der Passphrase zu erzeugen"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Verifiziert die Passphrase durch doppeltes Nachfragen"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Schlüssel aus einer Datei lesen"
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Laufwerks-(Master-)schlüssel anstelle der Schlüsselfach-Informationen wegschreiben"
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "Die Größe des Verschlüsselungsschlüssels"
+
+#~ msgid "BITS"
+#~ msgstr "BITS"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Begrenzt das Lesen aus der Schlüsseldatei"
+
+#~ msgid "bytes"
+#~ msgstr "Bytes"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Anzahl der Bytes, die in der Schlüsseldatei übersprungen werden"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Begrenzt das Lesen aus der neu erzeugten Schlüsseldatei"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Anzahl der Bytes, die in der neu erzeugten Schlüsseldatei übersprungen werden"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Fachnummer für den neuen Schlüssel (im Zweifel das nächste freie)"
+
+#~ msgid "The size of the device"
+#~ msgstr "Die Größe des Geräts"
+
+#~ msgid "SECTORS"
+#~ msgstr "SEKTOREN"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Nur die angegebene Gerätegröße benutzen (Rest des Gerätes ignorieren). GEFÄHRLICH!"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Der Startoffset im Backend-Gerät"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Wieviele Sektoren der verschlüsselten Daten am Anfang übersprungen werden sollen"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Eine schreibgeschützte Zuordnung erzeugen"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Nicht nach Bestätigung fragen"
+
+# XXX
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Frist für interaktive Eingabe der Passphrase (in Sekunden)"
+
+#~ msgid "secs"
+#~ msgstr "sek"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Aktualisierungsintervall für Fortschrittszeile (in Sekunden)"
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Formatiert mit Etikettgröße %u und interner Integrität %s.\n"
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Wie oft die Eingabe der Passphrase wiederholt werden kann"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<Integritätsgerät>"
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Nutzdaten an Grenzen von <n> Sektoren ausrichten - für luksFormat"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<Integritätsgerät> <Name>"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Datei mit dem Backup der LUKS-Header und den Schlüsselfächern"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<Name> ist das Gerät, das unter »%s« angelegt werden soll\n"
-"<Integritätsgerät> ist das Gerät, das die Daten mit Integritätsangaben enthält\n"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "/dev/random zum Generieren des Laufwerksschlüssels benutzen"
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Einkompilierte Vorgabewerte für dm-integrity:\n"
-"\tPrüfalgorithmus: %s\n"
-"\tMaximalgröße der Schlüsseldatei: %d kB\n"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "/dev/urandom zum Generieren des Laufwerksschlüssels benutzen"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Pfad zum Datengerät (wenn getrennt)"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Gerät mit einem anderen nicht-überlappenden Kryptosegment teilen"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Journalgröße"
+#~ msgid "UUID for device to use"
+#~ msgstr "UUID für das zu verwendende Gerät"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Sektoren verschränken"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Auswurf-Anfragen (»TRIM«-Befehl) für das Gerät zulassen"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Jornal-Wasserzeichen"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Gerät oder Datei mit separatem LUKS-Header"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "Prozent"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Gerät nicht aktivieren, nur Passphrase überprüfen"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Journal-Commitzeit"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Versteckten Header benutzen (verstecktes TCRYPT-Gerät)"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Das Gerät ist das System-TCRYPT-Laufwerk (mit Bootlader)"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Anzahl der 512-Byte-Sektoren pro Bit (Bitmap-Modus)."
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Backup-(Zweit-)-TCRYPT-Header benutzen"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Zeit für sicheres Speichern im Bitmap-Modus"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Auch nach VeryCrypt-kompatiblen Geräten suchen"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Etikettgröße pro Sektor"
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Persönlicher Interations-Multiplizierer (PIM) für VeryCrypt-kompatibles Gerät"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Sektorengröße"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Bei VeraCrypt-kompatiblem Gerät nach persönlichem Iterations-Multiplizierer (PIM) fragen"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Puffergröße"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Art der Geräte-Metadaten: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Datenintegritäts-Algorithmus"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Passwort-Qualitätsprüfung deaktivieren (wenn sie aktiviert ist)"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Die Größe des Datenintegritätsschlüssels"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Kompatibilitäts-Performance-Option »same_cpu_crypt« für dm-crypt benutzen"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Integritätsschlüssel aus einer Datei lesen"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Kompatibilitäts-Performance-Option »submit_from_crypt_cpus« für dm-crypt benutzen"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Integritätsalgorithmus für Journal"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Arbeitswarteschlangen von dm-crypt umgehen und Leseanfragen synchron abarbeiten"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Die Größe des Integritätsschlüssels für das Journal"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Arbeitswarteschlangen von dm-crypt umgehen und Schreibanfragen synchron abarbeiten"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Integritätsschlüssel für das Journal aus einer Datei lesen"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Das Entfernen des Geräts wird aufgeschoben, bis der letzte Benutzer es schließt"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Algorithmus für Journalverschlüsselung"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Globale Sperre verwenden, um speicherintensive PBKDF zu serialisieren (um Speicherprobleme zu umgehen)"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Die Größe des Journal-Verschlüsselungsschlüssels"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "PBKDF-Iterationszeit for LUKS (in ms)"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Journal-Verschlüsselungsschlüssel aus einer Datei lesen"
+#~ msgid "msecs"
+#~ msgstr "msek"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Wiederherstellungsmodus (kein Journal, keine Etikettprüfung)"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "PBKDF-Algorithmus (für LUKS2): argon2i, argon2id, pbkdf2"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Bitmap verwenden, um Änderungen nachzuverfolgen und Journal für Integritätsgerät deaktivieren"
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "PBKDF-Speicherkostengrenze"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Initiale Integritätsangaben automatisch neu berechnen."
+#~ msgid "kilobytes"
+#~ msgstr "Kilobytes"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Superblock nicht mit HMAC schützen (alte Kernel)"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "PBKDF-Parallelitätskosten"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Neuberechnung von Laufwerken mit HMAC-Schlüsseln erlauben (alte Kernel)"
+#~ msgid "threads"
+#~ msgstr "Threads"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Die Option --integrity-recalculate kann nur zusammen mit der Aktion »open« benutzt werden."
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "PBKDF-Iterationskosten (erzwungen, deaktiviert Benchmark)"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Die Optionen --journal-size, --interleave-sectors, --sector-size, --tag-size und --no-wipe können nur bei der Aktion »format« verwendet werden."
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Schlüsselfach-Priorität: ignore (ignorieren), normal, prefer (bevorzugen)"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Ungültige Angabe der Journalgröße."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Dateisperrung von Metadaten auf der Platte deaktivieren"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen angegeben werden."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Deaktivieren, dass Laufwerksschlüssel über den Kernel-Schlüsselbund geladen werden"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Sowohl die Schlüsseldatei als auch die Schlüsselgröße müssen für die Journalintegrität angegeben werden."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Datenintegritätsalgorithmus (nur LUKS2)"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Wenn ein Integritätsschlüssel für das Journal verwendet wird, muss auch der Integritätsalgorithmus angegeben werden."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Aufzeichnung für Integritätsgerät deaktivieren"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Sowohl der Verschlüsselungsschlüssel als auch die Schlüsselgröße müssen für die Journalverschlüsselung angegeben werden."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Gerät nach dem Formatieren nicht säubern"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Wenn ein Verschlüsselungsschlüssel für das Journal verwendet wird, muss auch der Verschlüsselungsalgorithmus angegeben werden."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Ineffizientes Altlasten-Padding verwenden (für alte Kernel)"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Die Modi Wiederherstellung und Bitmap schließen sich gegenseitig aus."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Nicht nach einer Passphrase fragen, wenn die Aktivierung durch Token fehlschlägt"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Die Journal-Optionen können nicht im Bitmap-Modus verwendet werden."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Token-Nummer (Vorgabe: eine beliebige)"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Die Bitmapoptionen können nur im Bitmapmodus verwendet werden."
+#~ msgid "Key description"
+#~ msgstr "Schlüsselbeschreibung"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Wiederverschlüsselung läuft bereits."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Verschlüsselungs-Sektorgröße (Vorgabe: 512 Bytes)"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Gerät »%s« kann nicht exklusiv geöffnet werden, da es bereits benutzt wird."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "IV verwenden (in Sektorgröße gezählt statt in Einheiten von 512 Bytes)"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Belegen des ausgerichteten Speichers fehlgeschlagen."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Aktivierungsschalter für Gerät permanent festlegen"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Fehler beim Lesen von Gerät »%s«."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Beschriftung für das LUKS2-Gerät festlegen"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "LUKS1-Gerät »%s« wird als unbenutzbar markiert."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Teilsystem-Beschriftung für das LUKS2-Gerät festlegen"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "LUKS2-Offline-Wiederverschlüsselungs-Kennzeichen wird auf Gerät »%s« festgelegt."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Unbeschränktes LUKS2-Schlüsselfach (ohne zugeordnetem Datensegment) anlegen oder wegschreiben"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Fehler beim Schreiben auf Gerät »%s«."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "JSON aus einer Datei lesen oder in eine Datei schreiben"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Fehler beim Speichern der Wiederverschlüsselungs-Logdatei."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Größe des Bereichs für LUKS2-Header-Metadaten"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Fehler beim Einlesen der Wiederverschlüsselungs-Logdatei."
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Größe des Bereichs für Schlüsselfächer im LUKS2-Header"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Logdatei »%s« existiert, Wiederverschlüsselung wird fortgesetzt.\n"
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Gerät mit neuen Parametern auffrischen (reaktivieren)"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Temporäres Gerät mit dem alten LUKS-Header wird aktiviert."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "LUKS2-Schlüsselfach: Die Größe des Verschlüsselungsschlüssels"
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Temporäres Gerät mit dem neuen LUKS-Header wird aktiviert."
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "LUKS2-Keyslot: Der Algorithmus, der für die Keyslot-Verschlüsselung verwendet wird"
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Fehler beim Aktivieren der temporären Geräte."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "LUKS2-Gerät verschlüsseln (direkt am Ort)."
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Fehler beim Festlegen des Daten-Offsets."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "LUKS2-Gerät entschlüsseln (Verschlüsselung entfernen)."
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Fehler beim Festlegen der Metadatengröße."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "LUKS2-Wiederverschlüsselung nur in Metadaten beginnen."
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Neuer LUKS-Header für Gerät »%s« angelegt."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Nur eine begonnene LUKS2-Wiederverschlüsselung fortsetzen."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Diese Version von cryptsetup-reencrypt kann internen Tokentyp %s nicht verarbeiten."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Größe des Datengeräts reduzieren (Datenoffset verschieben). GEFÄHRLICH!"
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Fehler beim Lesen der Aktivierungsschalter aus dem Backup-Header."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Maximalgröße der Wiederverschlüsselungs-Hotzone."
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Fehler beim Schreiben der Aktivierungsschalter in den neuen Header."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Widerstandsfähigkeit der Hotzone für die Wiederverschlüsselung (checksum,journal,none)"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Fehler beim Lesen der Anforderungen aus dem Backup-Header."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Hash für Prüfsummen der Wiederverschlüsselungs-Hotzone"
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "%s-Backup-Header von Gerät »%s« angelegt."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Automatische Geräteerkennung der dm-Geräte für die Wiederverschlüsselung übersteuern"
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Fehler beim Anlegen des LUKS-Backup-Headers."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Die Option --deferred ist nur beim »close«-Befehl erlaubt."
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Fehler beim Wiederherstellen des %s-Headers auf Gerät »%s«."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Die Option --allow-discards ist nur beim »open«-Befehl erlaubt."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "%s-Header auf Gerät »%s« wiederhergestellt."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Die Option --persistent ist nur beim »open«-Befehl erlaubt."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Fehler beim Öffnen des temporären LUKS-Geräts."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Die Option --serialize-memory-hard-pbkdf ist nur beim »open«-Befehl erlaubt."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Fehler beim Ermitteln der Gerätegröße."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Die Option --key-size ist nur für »luksFormat«, »luksAddKey«,\n"
+#~ "»open« und »benchmark« erlaubt. Benutzen Sie stattdessen »--keyfile-size=(Bytes)«,\n"
+#~ "um das Lesen aus der Schlüsseldatei zu begrenzen."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "E/A-Fehler während der Wiederverschlüsselung."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Die Option --integrity ist nur für luksFormat (LUKS2) erlaubt."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Die angegebene UUID ist ungültig."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Die Optionen --label und --subsystem sind nur für die Aktionen »luksFormat« und »config LUKS2« erlaubt."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Fehler beim Öffnen der Wiederverschlüsselungs-Logdatei."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "Negative Zahl für die Option nicht erlaubt."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Derzeit ist keine Entschlüsselung im Gange, die angegebene UUID kann nur benutzt werden, um einen unterbrochenen Entschlüsselungsvorgang fortzusetzen."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Die Option --use-[u]random ist nur für luksFormat erlaubt."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "PBKDF-Parameter in Schlüsselfach %i wurden geändert."
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Die Option --uuid ist nur für luksFormat und luksUUID erlaubt."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Wiederverschlüsselungs-Blockgröße"
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Die Option --align-payload ist nur für luksFormat erlaubt."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Die Optionen --luks2-metadata-size und --opt-luks2-keyslots-size sind nur für luksFormat mit LUKS2 erlaubt."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Schlüssel nicht ändern, Datenbereich nicht neu verschlüsseln"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Ungültige Angabe für die Größe der LUKS2-Metadaten."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Ungültige Angabe für die Größe der LUKS2-Schlüsselfächer."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "PBKDF2 Iterationszeit for LUKS (in ms)"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Die Option --offset ist nur beim Öffnen von plain- und loopaes-Geräten erlaubt, sowie für luksFormat und Geräte-Wiederverschlüsselung."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Beim Zugriff auf die Geräte direct-io benutzen"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Ungültiges Argument für Parameter --veracrypt-pim angegeben."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Nach jedem Block fsync aufrufen"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "Die Option Sektorgröße wird für diesen Befehl nicht unterstützt."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Logdatei nach jedem Block aktualisieren"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Die Option --refresh kann nur zusammen mit der Aktion »open« benutzt werden."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Nur dieses Schlüsselfach benutzen (alle anderen werden deaktiviert)"
+#~ msgid "Invalid device size specification."
+#~ msgstr "Ungültige Angabe der Gerätegröße."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Neuen Header auf unverschlüsseltem Gerät anlegen"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Überlauf bei der Verringerungsgröße."
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Gerät dauerhaft entschlüsseln (Verschlüsselung entfernen)"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Verity-Superblock nicht benutzen"
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "Die UUID, um das Entschlüsseln fortzusetzen"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Format-Art (1 - normal, 0 - originales Chrome-OS)"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Art der LUKS-Metadaten: luks1, luks2"
+#~ msgid "number"
+#~ msgstr "Zahl"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[OPTION...] <Gerät>"
+#~ msgid "Block size on the data device"
+#~ msgstr "Blockgröße auf dem Datengerät"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Wiederverschlüsselung ändert: %s%s%s%s%s%s."
+#~ msgid "Block size on the hash device"
+#~ msgstr "Blockgröße auf dem Hash-Gerät"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "Laufwerksschlüssel"
+#~ msgid "FEC parity bytes"
+#~ msgstr "FEC-Paritätsbytes"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr ", Hash auf "
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Die Anzahl der Blöcke in der Datendatei"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", Verschlüsselung auf "
+#~ msgid "blocks"
+#~ msgstr "Blöcke"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Argument muss angegeben werden."
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Pfad zum Gerät mit Fehlerkorrekturdaten"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Für die Wiederverschlüsselungs-Blockgröße sind nur Werte zwischen 1 MiB und 64 MiB erlaubt."
+#~ msgid "path"
+#~ msgstr "Pfad"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Die maximale Verkleinerungsgröße ist 64 MiB."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Start-Offset auf dem Hash-Gerät"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Die Option »--new« muss zusammen mit »--reduce-device-size« oder »--header« benutzt werden."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Start-Offset auf dem FEC-Gerät"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Die Option »--keep-new« kann nur zusammen mit »--hash«, »--iter-time« oder »--pbkdf-force-iterations« benutzt werden."
+#~ msgid "Hash algorithm"
+#~ msgstr "Hash-Algorithmus"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Die Option »--new« kann nicht zusammen mit »--decrypt« benutzt werden."
+#~ msgid "string"
+#~ msgstr "Zeichenkette"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Die Option --decrypt verträgt sich nicht mit den angegebenen Parametern."
+#~ msgid "Salt"
+#~ msgstr "Salt"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Die Option »--uuid« kann nur zusammen mit »--decrypt« benutzt werden."
+#~ msgid "hex string"
+#~ msgstr "Hex-Zeichenkette"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Ungültiger LUKS-Typ. Verwenden Sie einen von diesen: luks, luks1, luks2."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Pfad zur Signaturdatei des Stammhashes"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Fehler beim Lesen der Antwort vom Terminal."
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Kernel neustarten wenn Beschädigung festgestellt wird"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Befehl erfolgreich.\n"
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Kernel-Abbruch, wenn Beschädigung festgestellt wird"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "Falsche oder fehlende Parameter"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Beschädigung ignorieren, nur mitloggen"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "Kein Zugriff, oder falsche Passphrase"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Ausgenullte Blöcke nicht überprüfen"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "Nicht genug Speicher"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Datenblock nur beim erstmaligen Lesen verifizieren"
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "Falsches Gerät oder falsche Datei angegeben"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Die Optionen --ignore-corruption, --restart-on-corruption und --ignore-zero-blocks sind nur für die »open«-Aktion erlaubt."
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "Das Gerät existiert bereits oder wird bereits benutzt"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Die Option --root-hash-signature kann nur zusammen mit der Aktion »open« benutzt werden."
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "Unbekannter Fehler"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Pfad zum Datengerät (wenn getrennt)"
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Fehler %i beim Ausführen eines Befehls »%s«.\n"
+#~ msgid "Journal size"
+#~ msgstr "Journalgröße"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Schlüsselfach %i erstellt."
+#~ msgid "Interleave sectors"
+#~ msgstr "Sektoren verschränken"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Schlüsselfach %i entsperrt."
+#~ msgid "Journal watermark"
+#~ msgstr "Jornal-Wasserzeichen"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Schlüsselfach %i entfernt."
+#~ msgid "percent"
+#~ msgstr "Prozent"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Token %i erstellt."
+#~ msgid "Journal commit time"
+#~ msgstr "Journal-Commitzeit"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Token %i entfernt."
+#~ msgid "ms"
+#~ msgstr "ms"
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Gründlich löschen unterbrochen."
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Anzahl der 512-Byte-Sektoren pro Bit (Bitmap-Modus)."
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Partitionssignatur.\n"
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Zeit für sicheres Speichern im Bitmap-Modus"
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "WARNUNG: Gerät %s enthält bereits eine '%s'-Superblock-Signatur.\n"
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Etikettgröße pro Sektor"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Fehler beim Initialisieren der Gerätesignatursonden."
+#~ msgid "Sector size"
+#~ msgstr "Sektorengröße"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "Gerät %s konnte nicht gefunden werden."
+#~ msgid "Buffers size"
+#~ msgstr "Puffergröße"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Gerät %s wird gerade benutzt. Das Formatieren ist gerade nicht möglich."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Datenintegritäts-Algorithmus"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Datei %s konnte nicht im Lese-/Schreibmodus geöffnet werden."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Die Größe des Datenintegritätsschlüssels"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Die bestehende Partitionssignatur »%s« (Offset: %<PRIi64> Bytes) auf Gerät %s wird dadurch gelöscht."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Integritätsschlüssel aus einer Datei lesen"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Die bestehende Superblocksignatur »%s« (Offset: %<PRIi64> Bytes) auf Gerät %s wird dadurch gelöscht."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Integritätsalgorithmus für Journal"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Fehler beim Löschen der Gerätesignatur."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Die Größe des Integritätsschlüssels für das Journal"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Gerät %s konnte nicht auf eine Signatur geprüft werden."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Integritätsschlüssel für das Journal aus einer Datei lesen"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Wiederverschlüsselung unterbrochen."
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Algorithmus für Journalverschlüsselung"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Fehler beim Prüfen der Passwortqualität: %s"
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Die Größe des Journal-Verschlüsselungsschlüssels"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Passwort-Qualitätsüberprüfung fehlgeschlagen:\n"
-" %s"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Journal-Verschlüsselungsschlüssel aus einer Datei lesen"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Passwort-Qualitätsüberprüfung fehlgeschlagen: Falsche Passphrase (%s)"
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Wiederherstellungsmodus (kein Journal, keine Etikettprüfung)"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Fehler beim Lesen der Passphrase vom Terminal."
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Bitmap verwenden, um Änderungen nachzuverfolgen und Journal für Integritätsgerät deaktivieren"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Passphrase bestätigen: "
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Initiale Integritätsangaben automatisch neu berechnen."
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Passphrasen stimmen nicht überein."
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Superblock nicht mit HMAC schützen (alte Kernel)"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Offset kann nicht zusammen mit Terminaleingabe benutzt werden."
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Neuberechnung von Laufwerken mit HMAC-Schlüsseln erlauben (alte Kernel)"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Passphrase eingeben: "
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Die Option --integrity-recalculate kann nur zusammen mit der Aktion »open« benutzt werden."
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Geben Sie die Passphrase für »%s« ein: "
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Die Optionen --journal-size, --interleave-sectors, --sector-size, --tag-size und --no-wipe können nur bei der Aktion »format« verwendet werden."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Kein Schlüssel mit dieser Passphrase verfügbar."
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Ungültige Angabe der Journalgröße."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Es ist kein nutzbares Schlüsselfach verfügbar."
+#~ msgid "Reencryption block size"
+#~ msgstr "Wiederverschlüsselungs-Blockgröße"
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«."
+#~ msgid "MiB"
+#~ msgstr "MiB"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Fehler beim Schreiben der Schlüsseldatei »%s«."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Schlüssel nicht ändern, Datenbereich nicht neu verschlüsseln"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Datei %s konnte nicht im Nur-Lese-Modus geöffnet werden."
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Laufwerks-(Master-)Schlüssel aus Datei lesen"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Geben Sie gültiges LUKS2-Token-JSON an:\n"
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Beim Zugriff auf die Geräte direct-io benutzen"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "JSON-Datei konnte nicht gelesen werden."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Nach jedem Block fsync aufrufen"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Lesen unterbrochen."
+#~ msgid "Update log file after every block"
+#~ msgstr "Logdatei nach jedem Block aktualisieren"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Datei %s konnte nicht im Schreibmodus geöffnet werden."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Nur dieses Schlüsselfach benutzen (alle anderen werden deaktiviert)"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Schreiben unterbrochen."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Neuen Header auf unverschlüsseltem Gerät anlegen"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "JSON-Datei konnte nicht geschrieben werden."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Gerät dauerhaft entschlüsseln (Verschlüsselung entfernen)"
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Fehler beim Deaktivieren der Wiederverschlüsselungsanforderung."
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "Die UUID, um das Entschlüsseln fortzusetzen"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Es scheint, dass das Gerät keine Wiederherstellung der Wiederverschlüsselung braucht.\n"
-#~ "Trotzdem fortsetzen?"
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Art der LUKS-Metadaten: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "WARNUNG: Zugriffssperren-Verzeichnis %s/%s ist nicht vorhanden!\n"
#~ msgid "Parameter --refresh is only allowed with open or refresh commands."
#~ msgstr "Die Option --refresh ist nur beim »open«- oder »refresh«-Befehl erlaubt."
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Verschlüsselung »%s« ist nicht verfügbar."
-
#~ msgid "Unsupported encryption sector size.\n"
#~ msgstr "Nicht unterstützte Sektorengröße für Verschlüsselung.\n"
#~ msgid "Online reencryption in progress. Aborting."
#~ msgstr "Online-Wiederverschlüsselung läuft gerade. Wird abgebrochen."
-#~ msgid "No LUKS2 reencryption in progress."
-#~ msgstr "Derzeit läuft keine LUKS2-Wiederverschlüsselung."
-
#~ msgid "Interrupted by a signal."
#~ msgstr "Durch ein Signal unterbrochen."
#~ msgid "Function not available in FIPS mode."
#~ msgstr "Diese Funktion ist im FIPS-Modus nicht verfügbar."
-#~ msgid "Failed to write hash."
-#~ msgstr "Fehler beim Schreiben des Hashes."
-
#~ msgid "Failed to finalize hash."
#~ msgstr "Fehler beim Berechnen des Hashes."
#~ msgid "Failed to assign digest %u to segment %u."
#~ msgstr "Digest %u konnte dem Segment %u nicht zugewiesen werden."
-#~ msgid "Failed to set segments."
-#~ msgstr "Fehler beim Festlegen der Segmente."
-
#~ msgid "Failed to assign reencrypt previous backup segment."
#~ msgstr "Fehler beim Wiederverschlüsseln des vorigen Backupsegments."
#~ msgid "Error: Calculated reencryption offset %<PRIu64> is beyond device size %<PRIu64>."
#~ msgstr "Fehler: Der berechnete Offset für die Wiederverschlüsselung %<PRIu64> liegt jenseits der Gerätegröße %<PRIu64>."
-#~ msgid "Device is not in clean reencryption state."
-#~ msgstr "Das Gerät ist nicht in einem sauberen Wiederverschlüsselungszustand."
-
#~ msgid "Failed to calculate new segments."
#~ msgstr "Fehler beim Berechnen der neuen Segmente."
-#~ msgid "Failed to assign pre reenc segments."
-#~ msgstr "Fehler beim Zuweisen der Segmente vor der Wiederverschlüsselung."
-
#~ msgid "Failed finalize hotzone resilience, retval = %d"
#~ msgstr "Interner Fehler beim Finalisieren der Hotzonen-Widerstandsfähigkeit, retval = %d"
+++ /dev/null
-# All this catalog "translates" are quotation characters.
-# The msgids must be ASCII and therefore cannot contain real quotation
-# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
-# and double quote (0x22). These substitutes look strange; see
-# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
-#
-# This catalog translates grave accent (0x60) and apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019).
-# It also translates pairs of apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019)
-# and pairs of quotation mark (0x22) to
-# left double quotation mark (U+201C) and right double quotation mark (U+201D).
-#
-# When output to an UTF-8 terminal, the quotation characters appear perfectly.
-# When output to an ISO-8859-1 terminal, the single quotation marks are
-# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
-# grave/acute accent (by libiconv), and the double quotation marks are
-# transliterated to 0x22.
-# When output to an ASCII terminal, the single quotation marks are
-# transliterated to apostrophes, and the double quotation marks are
-# transliterated to 0x22.
-#
-# This catalog furthermore displays the text between the quotation marks in
-# bold face, assuming the VT100/XTerm escape sequences.
-#
+++ /dev/null
-# All this catalog "translates" are quotation characters.
-# The msgids must be ASCII and therefore cannot contain real quotation
-# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
-# and double quote (0x22). These substitutes look strange; see
-# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
-#
-# This catalog translates grave accent (0x60) and apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019).
-# It also translates pairs of apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019)
-# and pairs of quotation mark (0x22) to
-# left double quotation mark (U+201C) and right double quotation mark (U+201D).
-#
-# When output to an UTF-8 terminal, the quotation characters appear perfectly.
-# When output to an ISO-8859-1 terminal, the single quotation marks are
-# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
-# grave/acute accent (by libiconv), and the double quotation marks are
-# transliterated to 0x22.
-# When output to an ASCII terminal, the single quotation marks are
-# transliterated to apostrophes, and the double quotation marks are
-# transliterated to 0x22.
-#
#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.5-rc0\n"
+"Project-Id-Version: cryptsetup 2.4.2-rc0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-03-20 20:00+0100\n"
+"POT-Creation-Date: 2021-11-11 19:08+0100\n"
+"PO-Revision-Date: 2021-12-12 11:49+0100\n"
"Last-Translator: Antonio Ceballos <aceballos@gmail.com>\n"
"Language-Team: Spanish <es@tp.org.es>\n"
"Language: es\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:396
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "No se puede inicializar el «device mapper», ejecutando como usuario no administrador."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:399
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "No se puede inicializar el «device-mapper». ¿Está cargado el módulo del núcleo dm_mod?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1170
msgid "Requested deferred flag is not supported."
msgstr "El indicador diferido solicitado no está disponible."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1239
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "El DM-UUID del dispositivo %s ha sido truncado."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1567
msgid "Unknown dm target type."
msgstr "Tipo de objetivo dm desconocido."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1688 lib/libdevmapper.c:1693 lib/libdevmapper.c:1757
+#: lib/libdevmapper.c:1760
msgid "Requested dm-crypt performance options are not supported."
msgstr "Las opciones de rendimiento de dm-crypt solicitadas no están disponibles."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1700 lib/libdevmapper.c:1704
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Las opciones de manejo de corrupción de datos de dm-verity solicitadas no están disponibles."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1708
msgid "Requested dm-verity FEC options are not supported."
msgstr "Las opciones FEC de dm-verity solicitadas no están disponibles."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1712
msgid "Requested data integrity options are not supported."
msgstr "Las opciones de integridad de datos solicitadas no están disponibles."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1714
msgid "Requested sector_size option is not supported."
msgstr "La opción sector_size solicitada no está disponible."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1719 lib/libdevmapper.c:1723
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "El recómputo automático de las etiquetas de integridad solicitado no está disponible."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1727 lib/libdevmapper.c:1763 lib/libdevmapper.c:1766
+#: lib/luks2/luks2_json_metadata.c:2204
msgid "Discard/TRIM is not supported."
msgstr "Descartar/TRIM no disponible."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1731
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "El modo de mapa de bits de dm-integrity solicitado no está disponible."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2705
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "No se ha podido consultar el segmento de dm-%s."
msgid "Error reading from RNG."
msgstr "Error leyendo del generador de números aleatorios."
-#: lib/setup.c:229
+#: lib/setup.c:226
msgid "Cannot initialize crypto RNG backend."
msgstr "No se puede inicializar el «backend» del generador de números aleatorios de cifrado."
-#: lib/setup.c:235
+#: lib/setup.c:232
msgid "Cannot initialize crypto backend."
msgstr "No se puede inicializar el «backend» de cifrado."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:263 lib/setup.c:2079 lib/verity/verity.c:119
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Algoritmo «hash» %s no disponible."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:266 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Error de procesamiento de la clave (usando «hash» %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:332 lib/setup.c:359
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "No se puede determinar el tipo de dispositivo. ¿Es incompatible la activación del dispositivo?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:338 lib/setup.c:3142
msgid "This operation is supported only for LUKS device."
msgstr "Esta operación solamente está disponible para dispositivos LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:365
msgid "This operation is supported only for LUKS2 device."
msgstr "Esta operación solamente está disponible para dispositivos LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2440
msgid "All key slots full."
msgstr "Todas las ranuras de claves están llenas."
-#: lib/setup.c:434
+#: lib/setup.c:431
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "La ranura de claves %d no es válida; seleccione un número entre 0 y %d."
-#: lib/setup.c:440
+#: lib/setup.c:437
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "La ranura de claves %d está llena; seleccione otra."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:522 lib/setup.c:2900
msgid "Device size is not aligned to device logical block size."
msgstr "El tamaño del dispositivo no está alineado con el tamaño de bloque lógico del dispositivo."
-#: lib/setup.c:624
+#: lib/setup.c:620
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Cabecera detectada pero el dispositivo %s es demasiado pequeño."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:661 lib/setup.c:2845
msgid "This operation is not supported for this device type."
msgstr "Esta operación no está disponible para este tipo de dispositivo."
msgid "Illegal operation with reencryption in-progress."
msgstr "Operación con recifrado en curso no válida."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:834 lib/luks1/keymanage.c:527
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Versión LUKS no disponible %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1430 lib/setup.c:2610 lib/setup.c:2683 lib/setup.c:2695
+#: lib/setup.c:2853 lib/setup.c:4643
#, c-format
msgid "Device %s is not active."
msgstr "El dispositivo %s no está activo."
-#: lib/setup.c:1444
+#: lib/setup.c:1447
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "El dispositivo subyacente asociado al dispositivo cifrado %s ha desaparecido."
-#: lib/setup.c:1524
+#: lib/setup.c:1527
msgid "Invalid plain crypt parameters."
msgstr "Parámetros de cifrado para modo claro no válidos."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1532 lib/setup.c:1982
msgid "Invalid key size."
msgstr "Tamaño de clave no válido."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1537 lib/setup.c:1987 lib/setup.c:2190
msgid "UUID is not supported for this crypt type."
msgstr "El UUID no está disponible para este tipo de cifrado."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1542 lib/setup.c:1992
msgid "Detached metadata device is not supported for this crypt type."
msgstr "El dispositivo de metadatos separado no está disponible para este tipo de cifrado."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1552 lib/setup.c:1754 lib/luks2/luks2_reencrypt.c:2401
+#: src/cryptsetup.c:1358 src/cryptsetup.c:3723
msgid "Unsupported encryption sector size."
msgstr "Tamaño de sector de cifrado no admitido."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1560 lib/setup.c:1895 lib/setup.c:2894
msgid "Device size is not aligned to requested sector size."
msgstr "El tamaño del dispositivo no está alineado con el tamaño del sector solicitado."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1612 lib/setup.c:1732
msgid "Can't format LUKS without device."
msgstr "Imposible dar formato LUKS sin dispositivo."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1618 lib/setup.c:1738
msgid "Requested data alignment is not compatible with data offset."
msgstr "El alineamiento de datos solicitado no es compatible con el desplazamiento de los datos."
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1686 lib/setup.c:1882
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr "ATENCIÓN: El desplazamiento de los datos está fuera del dispositivo de datos actualmente disponible.\n"
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1696 lib/setup.c:1912 lib/setup.c:1933 lib/setup.c:2202
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "No se puede limpiar la cabecera del dispositivo %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1763
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "ATENCIÓN: La activación del dispositivo va a fallar; dm-crypt no admite el tamaño de sector de cifrado solicitado.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1786
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "La clave del volumen es demasiado pequeña para cifrado con extensiones de integridad."
-#: lib/setup.c:1821
+#: lib/setup.c:1856
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "El algoritmo de cifrado %s-%s (tamaño de clave %zd bits) no está disponible."
-#: lib/setup.c:1854
+#: lib/setup.c:1885
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "ATENCIÓN: el tamaño de los metadatos LUKS2 ha cambiado a %<PRIu64> bytes.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1889
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "ATENCIÓN: el tamaño de la zona de ranuras de claves LUKS2 ha cambiado a %<PRIu64> bytes.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1915 lib/utils_device.c:909 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:2451 lib/luks2/luks2_reencrypt.c:3488
#, c-format
msgid "Device %s is too small."
msgstr "El dispositivo %s es demasiado pequeño."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1926 lib/setup.c:1952
#, c-format
msgid "Cannot format device %s in use."
msgstr "No se puede dar formato al dispositivo %s en uso."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1929 lib/setup.c:1955
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "No se puede dar formato al dispositivo %s; permiso denegado."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1941 lib/setup.c:2262
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "No se puede dar formato a la integridad del dispositivo %s."
-#: lib/setup.c:1926
+#: lib/setup.c:1959
#, c-format
msgid "Cannot format device %s."
msgstr "No se puede dar formato al dispositivo %s."
-#: lib/setup.c:1944
+#: lib/setup.c:1977
msgid "Can't format LOOPAES without device."
msgstr "Imposible dar formato LOOPAES sin dispositivo."
-#: lib/setup.c:1989
+#: lib/setup.c:2022
msgid "Can't format VERITY without device."
msgstr "Imposible dar formato VERITY sin dispositivo."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2033 lib/verity/verity.c:102
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Tipo de «hash» VERITY %d no disponible."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2039 lib/verity/verity.c:110
msgid "Unsupported VERITY block size."
msgstr "Tamaño de bloque VERITY no disponible."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2044 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Desplazamiento «hash» VERITY no disponible."
-#: lib/setup.c:2016
+#: lib/setup.c:2049
msgid "Unsupported VERITY FEC offset."
msgstr "Desplazamiento FEC VERITY no disponible."
-#: lib/setup.c:2040
+#: lib/setup.c:2073
msgid "Data area overlaps with hash area."
msgstr "La zona de datos se solapa con la zona «hash»."
-#: lib/setup.c:2065
+#: lib/setup.c:2098
msgid "Hash area overlaps with FEC area."
msgstr "La zona «hash» se solapa con la zona FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:2105
msgid "Data area overlaps with FEC area."
msgstr "La zona de datos se solapa con la zona FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2241
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "ATENCIÓN: El tamaño de etiqueta de %d bytes solicitado difiere del tamaño de salida de %s (%d bytes).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2320
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "El tipo de dispositivo cifrado % solicitado es desconocido."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2616 lib/setup.c:2688 lib/setup.c:2701
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Parámetros no admitidos para el dispositivo %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2622 lib/setup.c:2708 lib/luks2/luks2_reencrypt.c:2503
+#: lib/luks2/luks2_reencrypt.c:2847
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Parámetros discordantes en el dispositivo %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2728
msgid "Crypt devices mismatch."
msgstr "Los dispositivos de cifrado no concuerdan."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2765 lib/setup.c:2770 lib/luks2/luks2_reencrypt.c:2143
+#: lib/luks2/luks2_reencrypt.c:3255
#, c-format
msgid "Failed to reload device %s."
msgstr "No se ha podido recargar el dispositivo %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2776 lib/setup.c:2782 lib/luks2/luks2_reencrypt.c:2114
+#: lib/luks2/luks2_reencrypt.c:2121
#, c-format
msgid "Failed to suspend device %s."
msgstr "No se ha podido suspender el dispositivo %s."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2788 lib/luks2/luks2_reencrypt.c:2128
+#: lib/luks2/luks2_reencrypt.c:3190 lib/luks2/luks2_reencrypt.c:3259
#, c-format
msgid "Failed to resume device %s."
msgstr "No se ha podido reanudar el dispositivo %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2803
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Error grave durante la recarga del dispositivo %s (por encima del dispositivo %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2806 lib/setup.c:2808
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "No se ha podido conmutar el dispositivo %s a dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2885
msgid "Cannot resize loop device."
msgstr "No se ha podido cambiar el tamaño del dispositivo de bucle."
-#: lib/setup.c:2890
+#: lib/setup.c:2958
msgid "Do you really want to change UUID of device?"
msgstr "¿Está seguro de que quiere cambiar el UUID del dispositivo?"
-#: lib/setup.c:2966
+#: lib/setup.c:3034
msgid "Header backup file does not contain compatible LUKS header."
msgstr "El fichero de copia de seguridad de la cabecera no contiene una cabecera LUKS compatible."
-#: lib/setup.c:3066
+#: lib/setup.c:3150
#, c-format
msgid "Volume %s is not active."
msgstr "El volumen %s no está activo."
-#: lib/setup.c:3077
+#: lib/setup.c:3161
#, c-format
msgid "Volume %s is already suspended."
msgstr "El volumen %s ya está suspendido."
-#: lib/setup.c:3090
+#: lib/setup.c:3174
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "La suspensión no está disponible para el dispositivo %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3176
#, c-format
msgid "Error during suspending device %s."
msgstr "Error durante la suspensión del dispositivo %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3212
#, c-format
msgid "Resume is not supported for device %s."
msgstr "La reanudación no está disponible para el dispositivo %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3214
#, c-format
msgid "Error during resuming device %s."
msgstr "Error durante la reanudación del dispositivo %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3248 lib/setup.c:3296 lib/setup.c:3366
#, c-format
msgid "Volume %s is not suspended."
msgstr "EL volumen %s no está suspendido."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3381 lib/setup.c:3750 lib/setup.c:4423 lib/setup.c:4436
+#: lib/setup.c:4444 lib/setup.c:4457 lib/setup.c:4826 lib/setup.c:6008
msgid "Volume key does not match the volume."
msgstr "La clave de volumen no corresponde a este volumen."
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3428 lib/setup.c:3633
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "No se puede añadir ranura de claves; todas las ranuras están desactivadas y no se ha proporcionado una clave para el volumen."
-#: lib/setup.c:3487
+#: lib/setup.c:3585
msgid "Failed to swap new key slot."
msgstr "No se ha logrado intercambiar la nueva ranura de claves."
-#: lib/setup.c:3673
+#: lib/setup.c:3771
#, c-format
msgid "Key slot %d is invalid."
msgstr "La ranura de claves %d no es válida."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3777 src/cryptsetup.c:1701 src/cryptsetup.c:2041
+#: src/cryptsetup.c:2632 src/cryptsetup.c:2689
#, c-format
msgid "Keyslot %d is not active."
msgstr "La ranura de claves %d no está activa."
-#: lib/setup.c:3698
+#: lib/setup.c:3796
msgid "Device header overlaps with data area."
msgstr "La cabecera del dispositivo se solapa con la zona de datos."
-#: lib/setup.c:3992
+#: lib/setup.c:4089
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Recifrado en curso. No se puede activar el dispositivo."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4091 lib/luks2/luks2_json_metadata.c:2287
+#: lib/luks2/luks2_reencrypt.c:2946
msgid "Failed to get reencryption lock."
msgstr "No se ha podido conseguir el bloqueo de recifrado."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4104 lib/luks2/luks2_reencrypt.c:2965
msgid "LUKS2 reencryption recovery failed."
msgstr "La recuperación del recifrado LUKS2 ha fallado."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4235 lib/setup.c:4500
msgid "Device type is not properly initialized."
msgstr "Este tipo de dispositivo no se ha inicializado adecuadamente."
-#: lib/setup.c:4223
+#: lib/setup.c:4283
#, c-format
msgid "Device %s already exists."
msgstr "El dispositivo %s ya existe."
-#: lib/setup.c:4230
+#: lib/setup.c:4290
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "No se puede utilizar el dispositivo %s; el nombre no es válido o todavía está en uso."
-#: lib/setup.c:4350
+#: lib/setup.c:4410
msgid "Incorrect volume key specified for plain device."
msgstr "Clave de volumen incorrecta para dispositivo no cifrado."
-#: lib/setup.c:4463
+#: lib/setup.c:4526
msgid "Incorrect root hash specified for verity device."
msgstr "«Hash» raíz incorrecta para dispositivo «verity»."
-#: lib/setup.c:4470
+#: lib/setup.c:4533
msgid "Root hash signature required."
msgstr "Se requiere la firma «hash» raíz."
-#: lib/setup.c:4479
+#: lib/setup.c:4542
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "El llavero de núcleo está ausente: se necesita para pasar la firma al núcleo."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4559 lib/setup.c:6084
msgid "Failed to load key in kernel keyring."
msgstr "No se ha podido cargar la clave en el llavero del núcleo."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4615
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "No se ha podido cancelar la eliminación diferida en el dispositivo %s."
+
+#: lib/setup.c:4622 lib/setup.c:4638 lib/luks2/luks2_json_metadata.c:2340
+#: src/cryptsetup.c:2785
#, c-format
msgid "Device %s is still in use."
msgstr "El dispositivo %s todavía se está utilizando."
-#: lib/setup.c:4574
+#: lib/setup.c:4647
#, c-format
msgid "Invalid device %s."
msgstr "Dispositivo inválido %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4763
msgid "Volume key buffer too small."
msgstr "El «buffer» de la clave del volumen es demasiado pequeño."
-#: lib/setup.c:4698
+#: lib/setup.c:4771
msgid "Cannot retrieve volume key for plain device."
msgstr "No se puede recuperar la clave para el dispositivo no cifrado."
-#: lib/setup.c:4715
+#: lib/setup.c:4788
msgid "Cannot retrieve root hash for verity device."
msgstr "No se puede recuperar el «hash» raíz para dispositivo «verity»."
-#: lib/setup.c:4717
+#: lib/setup.c:4792
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Esta operación no está disponible para el dispositivo cifrado %s."
-#: lib/setup.c:4923
+#: lib/setup.c:4998 lib/setup.c:5009
msgid "Dump operation is not supported for this device type."
msgstr "Operación de volcado no deisponible para este tipo de dispositivo."
-#: lib/setup.c:5251
+#: lib/setup.c:5337
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "El desplazamiento de datos no es múltiplo de %u bytes."
-#: lib/setup.c:5536
+#: lib/setup.c:5622
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "No se puede convertir el dispositivo %s que todavía está en uso."
-#: lib/setup.c:5833
+#: lib/setup.c:5941
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "No se ha logrado asignar la ranura de claves %u como nueva clave del volumen."
-#: lib/setup.c:5906
+#: lib/setup.c:6014
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "No se han podido inicializar los parámetros predefinidos de la ranura de claves LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:6020
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "No se ha logrado asignar la ranura de claves %d al resumen."
-#: lib/setup.c:6043
+#: lib/setup.c:6151
msgid "Kernel keyring is not supported by the kernel."
msgstr "El llavero de núcleo no está admitido en el núcleo."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6161 lib/luks2/luks2_reencrypt.c:3062
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "No se ha podido leer la frase contraseña desde el llavero (error %d)"
-#: lib/setup.c:6077
+#: lib/setup.c:6185
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "No se ha podido adquirir el bloqueo de la serialización de acceso duro de memoria global."
msgid "Cannot unlock memory."
msgstr "No se puede desbloquear la memoria."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502
msgid "Failed to open key file."
msgstr "No se ha podido abrir el fichero de claves."
msgid "Cannot read keyfile from a terminal."
msgstr "No se puede leer el fichero de claves desde un terminal."
-#: lib/utils.c:190
+#: lib/utils.c:189
msgid "Failed to stat key file."
msgstr "No se ha podido efectuar «stat» sobre el fichero de claves."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:197 lib/utils.c:218
msgid "Cannot seek to requested keyfile offset."
msgstr "No es posible situarse en la posición solicitada del fichero de claves."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:219
+#: src/utils_password.c:231
msgid "Out of memory while reading passphrase."
msgstr "Memoria agotada mientras se estaba leyendo la frase contraseña."
-#: lib/utils.c:248
+#: lib/utils.c:247
msgid "Error reading passphrase."
msgstr "Error al leer la frase contraseña."
-#: lib/utils.c:265
+#: lib/utils.c:264
msgid "Nothing to read on input."
msgstr "No hay nada para leer en la entrada."
-#: lib/utils.c:272
+#: lib/utils.c:271
msgid "Maximum keyfile size exceeded."
msgstr "Se ha excedido el tamaño máximo de fichero de claves."
-#: lib/utils.c:277
+#: lib/utils.c:276
msgid "Cannot read requested amount of data."
msgstr "No se puede leer la cantidad de datos solicitada."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
+#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110
#: lib/luks1/keyencryption.c:91
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "El dispositivo %s no existe o el acceso al mismo ha sido denegado."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:218
#, c-format
msgid "Device %s is not compatible."
msgstr "El dispositivo %s no es compatible."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:562
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Se ignorará por falso el tamaño de optimal-io para el dispositivo de datos (%u bytes)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:720
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "El dispositivo %s es demasiado pequeño. Se necesitan %<PRIu64> bytes como mínimo."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:801
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "No se puede usar el dispositivo %s porque ya está en uso (asignado o montado)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:805
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "No se puede utilizar el dispositivo %s; permiso denegado."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:808
#, c-format
msgid "Cannot get info about device %s."
msgstr "No se puede obtener información del dispositivo %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:831
msgid "Cannot use a loopback device, running as non-root user."
msgstr "No se puede utilizar un dispositivo de bucle invertido como usuario no administrador."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:842
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "No se ha logrado asociar el dispositivo de bucle invertido (hace falta un dispositivo de bucle con marcador de auto-limpieza)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:890
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "El «offset» solicitado está más allá del tamaño real del dispositivo %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:898
#, c-format
msgid "Device %s has zero size."
msgstr "El dispositivo %s tiene tamaño cero."
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Bloqueo abortado. La ruta del bloqueo %s/%s no puede utilizarse (%s no es un directorio)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:922
+#: src/cryptsetup_reencrypt.c:1010
msgid "Cannot seek to device offset."
msgstr "No es posible situarse en la posición del dispositivo."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "La especificación de cifrado debería estar en formato [cipher]-[mode]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364
+#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125
+#: lib/luks2/luks2_json_metadata.c:1276 lib/luks2/luks2_keyslot.c:740
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "No se puede escribir en el dispositivo %s; permiso denegado."
msgid "IO error while encrypting keyslot."
msgstr "Error de entrada/salida mientras se cifraba una ranura de claves."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367
+#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:677
+#: lib/verity/verity.c:80 lib/verity/verity.c:193 lib/verity/verity_hash.c:320
+#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349
+#: lib/verity/verity_fec.c:251 lib/verity/verity_fec.c:263
+#: lib/verity/verity_fec.c:268 lib/luks2/luks2_json_metadata.c:1279
+#: src/cryptsetup_reencrypt.c:177 src/cryptsetup_reencrypt.c:189
#, c-format
msgid "Cannot open device %s."
msgstr "No se puede abrir el dispositivo %s."
msgid "IO error while decrypting keyslot."
msgstr "Error de entrada/salida mientras se descifraba una ranura de claves."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "El dispositivo %s es demasiado pequeño. (LUKS1 necesita %<PRIu64> btyes como mínimo.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "La ranura de claves LUKS %u no es válida."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524
+#: lib/luks2/luks2_json_metadata.c:1107 src/cryptsetup.c:1557
+#: src/cryptsetup.c:1688 src/cryptsetup.c:1743 src/cryptsetup.c:1798
+#: src/cryptsetup.c:1863 src/cryptsetup.c:1966 src/cryptsetup.c:2030
+#: src/cryptsetup.c:2259 src/cryptsetup.c:2472 src/cryptsetup.c:2532
+#: src/cryptsetup.c:2597 src/cryptsetup.c:2741 src/cryptsetup.c:3423
+#: src/cryptsetup.c:3432 src/cryptsetup_reencrypt.c:1373
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "El dispositivo %s no es un dispositivo LUKS válido."
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1124
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "El fichero de copia de seguridad de cabecera solicitado %s ya existe."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1126
#, c-format
msgid "Cannot create header backup file %s."
msgstr "No se puede crear el fichero de copia de seguridad %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1133
#, c-format
msgid "Cannot write header backup file %s."
msgstr "No se puede escribir en el fichero de copia de seguridad %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1185
msgid "Backup file does not contain valid LUKS header."
msgstr "El fichero de copia de seguridad no contiene una cabecera LUKS válida."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590
+#: lib/luks2/luks2_json_metadata.c:1206
#, c-format
msgid "Cannot open header backup file %s."
msgstr "No se puede abrir el fichero de copia de seguridad de cabecerda %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1214
#, c-format
msgid "Cannot read header backup file %s."
msgstr "No se puede leer el fichero de copia de seguridad de cabecerda %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:337
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "La posición de los datos o el tamaño de la clave no coinciden en el dispositivo y en la copia de seguridad."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:345
#, c-format
msgid "Device %s %s%s"
msgstr "Dispositivo %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:346
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "no contiene cabecera LUKS. Reemplazar la cabecera puede destruir los datos en ese dispositivo."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:347
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "ya contiene cabecera LUKS. Reemplazar la cabecera destruirá las ranuras de claves existentes."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1248
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"ATENCIÓN: ¡la cabecera del dispositivo real tiene un UUID distinto que el de la copia de seguridad!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:395
msgid "Non standard key size, manual repair required."
msgstr "El tamaño de la clave no es estándar; se requiere una reparación manual."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:405
msgid "Non standard keyslots alignment, manual repair required."
msgstr "El alineamiento de las ranuras de claves no es estándar; se requiere una reparación manual."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:414
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Modo de cifrado reparado (%s -> %s)."
+
+#: lib/luks1/keymanage.c:425
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "«Hash» de cifrado reparado a minúsculas (%s)."
+
+#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533
+#: lib/luks1/keymanage.c:789
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "La «hash» LUKS solicitada %s no está disponible."
+
+#: lib/luks1/keymanage.c:441
msgid "Repairing keyslots."
msgstr "Reparando ranuras de claves."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:460
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Ranura de claves %i: posición reparada (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:468
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Ranura de claves %i: bandas reparadas (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:477
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Ranura de claves %i: la firma de la partición es falsa."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:482
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Ranura de claves %i: «salt wiped»."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:499
msgid "Writing LUKS header to disk."
msgstr "Escribiendo cabecera LUKS en el disco."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:504
msgid "Repair failed."
msgstr "La reparación ha fallado."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:559
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "La «hash» LUKS solicitada %s no está disponible."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "El modo de cifrado LUKS %s no es válido."
+
+#: lib/luks1/keymanage.c:564
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "El «hash» LUKS %s no es válido."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1243
msgid "No known problems detected for LUKS header."
msgstr "No se ha detectado ningún problema en la cabecera LUKS."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:699
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Error al actualizar la cabecera LUKS en el dispositivo %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:707
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Error al leer la cabecera LUKS después de actualizarla en el dispositivo %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:783
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "La posición de los datos de una cabecera LUKS debe ser 0 o superior al tamaño de la cabecera."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863
+#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1015
+#: src/cryptsetup.c:2904
msgid "Wrong LUKS UUID format provided."
msgstr "El formato de UUID LUKS proporcionado es incorrecto."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:816
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "No se puede crear la cabecera LUKS: fallo en la lectura «random salt»."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:842
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "No se puede crear la cabecera LUKS: fallo en la cabecera (usando «hash» %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:886
#, c-format
msgid "Key slot %d active, purge first."
msgstr "La ranura de claves %d está activa; primero hay que purgar."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:892
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "El material de la ranura de claves %d no tiene suficientes bandas. Quizá se haya manipulado la cabecera."
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:1033
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "No se puede abrir la ranura de claves (usando «hash» %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1111
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "La ranura %d no es válida; seleccione una ranura de claves entre 0 y %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:744
#, c-format
msgid "Cannot wipe device %s."
msgstr "No se puede limpiar el dispositivo %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "El núcleo no admite asignación compatible con «loop-AES»."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:509
#, c-format
msgid "Error reading keyfile %s."
msgstr "Error leyendo el fichero de claves %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:559
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Se ha excedido la longitud máxima (%zu) de la frase contraseña TCRYPT."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:602
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "El algoritmo «hash» %s no está disponible, por lo que se ha ignorado."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:618 src/cryptsetup.c:1110
msgid "Required kernel crypto interface not available."
msgstr "La interfaz de cifrado del núcleo requerida no está disponible."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1112
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Asegúrese de que el módulo del núcleo algof_skcipher está cargado."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:760
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "No es posible la activación para el tamaño de sector %d."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:766
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "El núcleo no dispone de activación para este modo antiguo TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:797
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Activando el sistema de cifrado TCRYPT para la partición %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:875
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "El núcleo no admite asignación compatible con TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1088
msgid "This function is not supported without TCRYPT header load."
msgstr "Esta función no está disponible sin carga de cabecera TCRYPT."
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Valor de entrada de metadatos '%u' encontrado inesperadamente mientras se analizaba clave externa."
+#: lib/bitlk/bitlk.c:950
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Versión %<PRIu32> de metadatos BEK no admitida."
+
+#: lib/bitlk/bitlk.c:955
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Tamaño %<PRIu32> de metadatos BEK no esperado, no coincide con la longitud del fichero BEK"
+
#: lib/bitlk/bitlk.c:980
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Entrada de metadatos encontrada inesperadamente mientras se analizaba clave de inicio."
msgid "Unexpected key data size."
msgstr "Tamaño de datos de la clave no esperado."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1205
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Este dispositivo BITLK se encuentra en un estado en el que no puede activarse."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1210
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Los dispositivos BITLK con tipo '%s' no puede activarse."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1217
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "La activación de un dispositivo BITLK parcialmente descifrado no puede hacerse."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1380
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1384
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "No se puede activar el dispositivo; el dm-crypt del núcleo no sirve para difusor BITLK «Elephant»."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/verity/verity.c:68 lib/verity/verity.c:179
#, c-format
msgid "Verity device %s does not use on-disk header."
msgstr "El dispositivo «verity» %s no utiliza cabecera en disco."
-#: lib/verity/verity.c:91
+#: lib/verity/verity.c:90
#, c-format
msgid "Device %s is not a valid VERITY device."
msgstr "El dispositivo %s no es un dispositivo VERITY válido."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:97
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Versión VERITY %d no disponible."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:128
msgid "VERITY header corrupted."
msgstr "Cabecera VERITY corrupta."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:173
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "El formato UUID VERITY proporcionado en el dispositivo %s es incorrecto."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:217
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Error al actualizar la cabecera «verity» en el dispositivo %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:275
msgid "Root hash signature verification is not supported."
msgstr "La verificación de firma «hash» raíz solicitada no está disponible."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:287
msgid "Errors cannot be repaired with FEC device."
msgstr "Los errores no pueden repararse con dispositivo FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:289
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Se han encontrado %u errores reparables con dispositivo FEC."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:332
msgid "Kernel does not support dm-verity mapping."
msgstr "El núcleo no dispone de asignación «dm-verity»."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:336
msgid "Kernel does not support dm-verity signature option."
msgstr "El núcleo no dispone de opción de firma «dm-verity»."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:347
msgid "Verity device detected corruption after activation."
msgstr "El dispositivo «verity» ha detectado algo corrupto después de la activación."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "El área de reserva no tiene ceros en la posición %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Desbordamiento de la posición del dispositivo."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "La verificación ha fallado en la posición %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Desbordamiento del área «hash»."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Fallo en la verificación del área de datos."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Fallo en la verificación de la «hash» raíz."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Error de entrada/salida al crear el área «hash»."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "La creación del área «hash» ha fallado."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "ATENCIÓN: el núcleo no puede activar un dispositivo si el tamaño del bloque de datos excede el tamaño de página (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "No se ha podido reparar la paridad para el bloque %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "No se ha podido escribir la paridad para el bloque RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:228
msgid "Block sizes must match for FEC."
msgstr "Los tamaños de bloque deben coincidir para FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:234
msgid "Invalid number of parity bytes."
msgstr "Número no válido de bytes de paridad."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:239
msgid "Invalid FEC segment length."
msgstr "Longitud de segmento FEC no válida."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:303
#, c-format
msgid "Failed to determine size for device %s."
msgstr "No se ha podido determinar el tamaño para el dispositivo %s."
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "El núcleo rehúsa activar la opción de recálculo inseguro (véanse las opciones de activación antiguas para cambiar ese funcionamiento)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:973
+#: lib/luks2/luks2_json_metadata.c:1268
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "No se ha podido adquirir el bloqueo de escritura del dispositivo %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:402
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Se ha detectado un intento de actualizar los metadatos LUKS2 concurrentemente. Se aborta la operación."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"El dispositivo contiene firmas ambiguas; no se puede autorecuperar LUKS2.\n"
"Por favor, ejecute \"cryptsetup repair\" para recuperación."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:230
msgid "Requested data offset is too small."
msgstr "El desplazamiento de datos solicitado es demasiado pequeño."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:275
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "ATENCIÓN: la zona de ranuras de claves (%<PRIu64> bytes) es muy pequeña; el número de ranuras de claves LUKS2 disponibles es muy limitado.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
+#: lib/luks2/luks2_json_metadata.c:960 lib/luks2/luks2_json_metadata.c:1098
+#: lib/luks2/luks2_json_metadata.c:1174 lib/luks2/luks2_keyslot_luks2.c:92
#: lib/luks2/luks2_keyslot_luks2.c:114
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "No se ha podido adquirir el bloqueo de lectura para el dispositivo %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1191
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Se han detectado requisitos prohibidos para LUKS2 en la copia de seguridad %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1232
msgid "Data offset differ on device and backup, restore failed."
msgstr "La posición de los datos no coinciden en el dispositivo y en la copia de seguridad; ha fallado la restauración."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1238
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "La cabecera binaria con el tamaño de las áreas de ranuras de claves no coinciden en el dispositivo y en la copia de seguridad; la restauración ha fallado."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1245
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Dispositivo %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1246
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "no contiene cabecera LUKS2. Reemplazar la cabecera puede destruir los datos en ese dispositivo."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1247
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "ya contiene cabecera LUKS2. Reemplazar la cabecera destruirá las ranuras de claves existentes."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1249
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"Replacing header with backup may corrupt the data on that device!"
msgstr ""
"\n"
-"AVISO: ¡Se han detectado requisitos LUKS2 desconocidos en cabecera de\n"
+"ATENCIÓN: ¡Se han detectado requisitos LUKS2 desconocidos en cabecera de\n"
"dispositivo real! Reemplazar la cabecera con la copia de seguridad puede\n"
"corromper los datos en ese dispositivo!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1251
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Replacing header with backup may corrupt data."
msgstr ""
"\n"
-"AVISO: ¡Se ha detectado recifrado «offline» no terminado en el dispositivo!\n"
+"ATENCIÓN: ¡Se ha detectado recifrado «offline» no terminado en el dispositivo!\n"
"¡Reemplazar la cabecera con la copia de seguridad puede corromper los datos!"
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1349
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Se hará caso omiso del indicador desconocido %s."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2054 lib/luks2/luks2_reencrypt.c:1843
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Falta la clave para el segmento dm-crypt %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2066 lib/luks2/luks2_reencrypt.c:1857
msgid "Failed to set dm-crypt segment."
msgstr "No se ha podido establecer el segmento de dm-crypt."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2072 lib/luks2/luks2_reencrypt.c:1863
msgid "Failed to set dm-linear segment."
msgstr "No se ha podido establecer el segmento de dm-linear."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2199
msgid "Unsupported device integrity configuration."
msgstr "Configuración de integridad de dispositivo no admitida."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2285
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Recifrado en curso. No se puede desactivar el dispositivo."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2296 lib/luks2/luks2_reencrypt.c:3300
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "No se ha podido reemplazar el dispositivo suspendido %s con el objetivo dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2376
msgid "Failed to read LUKS2 requirements."
msgstr "No se ha podido leer los requisitos LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2383
msgid "Unmet LUKS2 requirements detected."
msgstr "Se han detectado requisitos LUKS2 no satisfechos."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2391
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Operación incompatible con dispositivo marcado para recifrado obsoleto. Se aborta."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2393
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Operación incompatible con dispositivo marcado para recifrado LUKS2. Se aborta."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:554 lib/luks2/luks2_keyslot.c:591
msgid "Not enough available memory to open a keyslot."
msgstr "No hay memoria disponible suficiente para abrir una ranura de claves."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
msgid "Keyslot open failed."
msgstr "Fallo al abrir la ranura de claves."
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "No se puede utilizar el algoritmo de cifrado %s-%s para el cifrado de ranuras de clave."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:485
msgid "No space for new keyslot."
msgstr "No hay espacio para la nueva ranura de claves."
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "No se puede convertir a formato LUKS1 - la ranura de claves %u no es compatible con LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:993
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "El tamaño de la zona activa debe ser múltiplo del alineamiento de zona calculado (%zu bytes)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:998
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "El tamaño del dispositivo debe ser múltiplo del alineamiento de zona calculado (%zu bytes)."
-#: lib/luks2/luks2_reencrypt.c:1051
+#: lib/luks2/luks2_reencrypt.c:1042
#, c-format
msgid "Unsupported resilience mode %s"
msgstr "Modo de resiliencia %s no admitido."
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1259 lib/luks2/luks2_reencrypt.c:1414
+#: lib/luks2/luks2_reencrypt.c:1497 lib/luks2/luks2_reencrypt.c:1531
+#: lib/luks2/luks2_reencrypt.c:3140
msgid "Failed to initialize old segment storage wrapper."
msgstr "No se ha podido inicializar la envoltura antigua de almacenamiento del segmento."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1273 lib/luks2/luks2_reencrypt.c:1392
msgid "Failed to initialize new segment storage wrapper."
msgstr "No se ha podido inicializar la envoltura nueva de almacenamiento del segmento."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1441
msgid "Failed to read checksums for current hotzone."
msgstr "No se han podido leer las sumas de comprobación para la zona activa actual."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1448 lib/luks2/luks2_reencrypt.c:3148
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "No se ha podido leer la zona activa que comienza en %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1467
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "No se ha podido descifrar el sector %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1473
#, c-format
msgid "Failed to recover sector %zu."
msgstr "No se ha podido recuperar el sector %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:1956
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Los tamaños de los dispositivos origen y destino no coinciden. Origen %<PRIu64>, destino: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2054
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "No se ha podido activar el dispositivo con zona activa %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2071
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "No se ha podido activar el dispositivo de superposición %s con la tabla de orígenes actual."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2078
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "No se ha podido cargar el nuevo mapa para el dispositivo %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2149
msgid "Failed to refresh reencryption devices stack."
msgstr "No se ha podido refrescar la pila del dispositivo de recifrado."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2309
msgid "Failed to set new keyslots area size."
msgstr "No se ha logrado establecer el tamaño de las nuevas ranuras de claves."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2413
#, c-format
msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr "El desplazamiento de datos no está alineado con el tamaño del sector de cifrado solicitado (%<PRIu32> bytes)."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2434
#, c-format
msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr "El dispositivo de datos no está alineado con el tamaño del sector de cifrado solicitado (%<PRIu32> bytes)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:2455
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "El desplazamiento de datos (%<PRIu64> sectores) es menor que el desplazamiento de datos futuros (%<PRIu64> sectores)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:2461 lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:2910
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "No se ha podido abrir %s en modo exclusivo (ya está asignado o montado)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:2629
msgid "Device not marked for LUKS2 reencryption."
msgstr "El dispositivo no está marcado para recifrado LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:2635 lib/luks2/luks2_reencrypt.c:3415
msgid "Failed to load LUKS2 reencryption context."
msgstr "No se ha podido cargar el contexto del recifrado LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:2715
msgid "Failed to get reencryption state."
msgstr "No se ha podido obtener el estado del recifrado."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:2719
msgid "Device is not in reencryption."
msgstr "El dispositivo no está en recifrado."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:2726
msgid "Reencryption process is already running."
msgstr "El proceso de recifrado ya está en marcha."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:2728
msgid "Failed to acquire reencryption lock."
msgstr "No se ha podido adquirir el bloqueo de recifrado."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:2746
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "No se puede proceder con el recifrado. Ejecute primero la recuperación de recifrado."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:2860
msgid "Active device size and requested reencryption size don't match."
msgstr "El tamaño del dispositivo activo y el tamaño de recifrado solicitado no coinciden."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:2874
msgid "Illegal device size requested in reencryption parameters."
msgstr "El tamaño de dispositivo solicitado en los parámetros de recifrado no es válido."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:2944
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Recifrado en proceso. No se puede llevar a cabo una recuperación."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3016
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "Recifrado LUKS2 ya inicializado en los metadatos."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3023
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "No se ha podido inicializar el recifrado LUKS2 en los metadatos."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3114
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "No se han podido establecer los segmentos del dispositivo para la siguiente zona activa de recifrado."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3156
msgid "Failed to write reencryption resilience metadata."
msgstr "No se han podido escribir los metadatos de resiliencia de recifrado."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3163
msgid "Decryption failed."
msgstr "El descifrado ha fallado."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3168
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "No se ha podido escribir la zona activa que comienza en %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3173
msgid "Failed to sync data."
msgstr "No se han podido sincronizar los datos."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3181
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "No se han podido actualizar los metadatos tras completar la zona activa de recifrado actual."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:3248
msgid "Failed to write LUKS2 metadata."
msgstr "No se han podido escribir los metadatos de LUKS2."
-#: lib/luks2/luks2_reencrypt.c:3382
+#: lib/luks2/luks2_reencrypt.c:3271
msgid "Failed to wipe backup segment data."
msgstr "No se han podido limpiar los datos de segmentos de respaldo."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "No se ha logrado asignar el «token» %d a la ranura de claves %d."
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "No se ha podido conseguir el bloqueo de recifrado."
+#: lib/luks2/luks2_reencrypt.c:3284
+msgid "Failed to disable reencryption requirement flag."
+msgstr "No se ha podido desactivar el indicador del requisito de descifrado."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:3292
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Error fatal mientras se recifraba una porción que comienza en %<PRIu64>, de %<PRIu64> sectores de longitud."
+#: lib/luks2/luks2_reencrypt.c:3296
+msgid "Online reencryption failed."
+msgstr "El recifrado «online» ha fallado."
+
# No sé cómo traducir 'error target'.
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:3301
msgid "Do not resume the device unless replaced with error target manually."
msgstr "No reanudar el dispositivo a menos que se reemplace con «error target» manualmente."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:3353
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "No se puede proceder con el recifrado. Estado de recifrado inesperado."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:3359
msgid "Missing or invalid reencrypt context."
msgstr "Contexto de recifrado ausente o no válido."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:3366
msgid "Failed to initialize reencryption device stack."
msgstr "No se ha podido inicializar la pila del dispositivo de recifrado."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:3385 lib/luks2/luks2_reencrypt.c:3428
msgid "Failed to update reencryption context."
msgstr "No se ha podido actualizar el contexto de recifrado."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "La ranura de claves %d no es válida."
-
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "No hay ninguna ranura de «token» libre."
-
-#: lib/luks2/luks2_token.c:270
-#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "No se ha podido crear el «token» interno %s."
-
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:108
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "No se puede hacer verificación de frase contraseña en entradas no tty."
-#: src/cryptsetup.c:261
+#: src/cryptsetup.c:171
msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr "Los parámetros de cifrado de ranura de claves solo pueden configurarse para dispositivos LUKS2."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:198
+#, c-format
+msgid "Enter token PIN:"
+msgstr "Introduzca el PIN del «token»:"
+
+#: src/cryptsetup.c:200
+#, c-format
+msgid "Enter token %d PIN:"
+msgstr "Introduzca el PIN del «token» %d:"
+
+#: src/cryptsetup.c:245 src/cryptsetup.c:1057 src/cryptsetup.c:1401
+#: src/cryptsetup.c:3288 src/cryptsetup_reencrypt.c:700
+#: src/cryptsetup_reencrypt.c:770
msgid "No known cipher specification pattern detected."
msgstr "No se ha detectado ningún patrón conocido de especificación de cifrado."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:253
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "ATENCIÓN: No se va a hacer caso del parámetro --hash en modo no cifrado con el fichero de claves especificado.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:261
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "ATENCIÓN: No se va a hacer caso de la opción --keyfile-size; el tamaño de lectura es igual al tamaño de la clave de cifrado.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:301
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Se ha(n) detectado firma(s) de dispositivo en %s. Si se prosigue, pueden dañarse los datos existentes."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:307 src/cryptsetup.c:1197 src/cryptsetup.c:1253
+#: src/cryptsetup.c:1378 src/cryptsetup.c:1451 src/cryptsetup.c:2099
+#: src/cryptsetup.c:2805 src/cryptsetup.c:2927 src/integritysetup.c:176
msgid "Operation aborted.\n"
msgstr "Operación abortada.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:375
msgid "Option --key-file is required."
msgstr "Es necesaria la opción --key-file."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:426
msgid "Enter VeraCrypt PIM: "
msgstr "Introduzca PIM de VeraCrypt: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:435
msgid "Invalid PIM value: parse error."
msgstr "Valor de PIM no válido: error de análisis."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:438
msgid "Invalid PIM value: 0."
msgstr "Valor de PIM no válido: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:441
msgid "Invalid PIM value: outside of range."
msgstr "Valor de PIM no válido: fuera de rango."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:464
msgid "No device header detected with this passphrase."
msgstr "No se ha detectado ninguna cabecera de dispositivo con esa frase contraseña."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:537
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "El dispositivo %s no es un dispositivo BITLK válido."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:545
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "No se puede determinar el tamaño de la clave del volumen para BITLK; utilice la opción --key-size."
+
+#: src/cryptsetup.c:588
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"sensible que permite el acceso a una partición cifrada sin frase contraseña.\n"
"Este volcado debería almacenarse siempre cifrado en un lugar seguro."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:661 src/cryptsetup.c:2125
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"El volcado de la cabecera con la clave del volumen es información\n"
+"sensible que permite el acceso a una partición cifrada sin frase contraseña.\n"
+"Este volcado debería almacenarse cifrado en un lugar seguro."
+
+#: src/cryptsetup.c:756 src/veritysetup.c:318 src/integritysetup.c:313
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "El dispositivo %s todavía está activo y programado para borrado diferido.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:790
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "El cambio de tamaño del dispositivo activo requiere clave de volumen en el llavero pero la opción --disable-keyring está puesta."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:936
msgid "Benchmark interrupted."
msgstr "Comparativa interrumpida."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:957
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/A\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:959
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iteraciones por segundo para clave de %zu bits\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:973
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/A\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:975
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iteraciones, %5u memora, %1u hilos paralelos (CPUs) para clave de %zu bits (tiempo solicitado %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:999
msgid "Result of benchmark is not reliable."
msgstr "El resultado de la comparativa no es fiable."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1049
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Las pruebas son solo aproximadas usando memoria (no hay entrada/salida de almacenadmiento).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1069
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algoritmo | Clave | Cifrado | Descifrado\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1073
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "El algoritmo de cifrado %s (con clave de %i bits) no está disponible."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1092
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritmo | Clave | Cifrado | Descifrado\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1103
msgid "N/A"
msgstr "/N/A"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1190
msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
+"Seems device does not require reencryption recovery.\n"
+"Do you want to proceed anyway?"
msgstr ""
+"Parece que el dispositivo no necesita recuperación del recifrado.\n"
+"¿Desea continuar de todos modos?"
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Introduzca la frase contraseña para la recuperación del recifrado: "
-
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1196
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "¿Está seguro de proceder con la recuperación del recifrado LUKS2?"
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Introduzca la frase contraseña para la recuperación del recifrado: "
-
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1204
msgid "Enter passphrase for reencryption recovery: "
msgstr "Introduzca la frase contraseña para la recuperación del recifrado: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1252
msgid "Really try to repair LUKS device header?"
msgstr "¿Está seguro de que quiere intentar reparar la cabecera del dispositivo LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1277 src/integritysetup.c:90
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Limpieza de dispositivo para inicializar la suma de comprobación de integridad.\n"
"Puede interrumpirse pulsando CTRL+c (el resto de dispositivo no limpiado contendrá sumas de comprobación no válidas.\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1299 src/integritysetup.c:112
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "No se puede desactivar el dispositivo temporal %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1363
msgid "Integrity option can be used only for LUKS2 format."
msgstr "La opción de integridad solo puede utilizarse para formato LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1368 src/cryptsetup.c:1428
msgid "Unsupported LUKS2 metadata size options."
msgstr "Opciones de tamaño de metadatos LUKS2 no admitidas."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1377
msgid "Header file does not exist, do you want to create it?"
msgstr "No existe el fichero de cabecera; ¿desea crearlo?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1385
#, c-format
msgid "Cannot create header file %s."
msgstr "No se puede crear el fichero de cabecera %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1408 src/integritysetup.c:138 src/integritysetup.c:146
+#: src/integritysetup.c:155 src/integritysetup.c:230 src/integritysetup.c:238
+#: src/integritysetup.c:248
msgid "No known integrity specification pattern detected."
msgstr "No se ha detectado ningún patrón conocido de especificación de integridad."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1421
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "No se puede utilizar %s como cabecera en disco."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1445 src/integritysetup.c:170
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Esto sobreescribirá los datos en %s de forma irrevocable."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1478 src/cryptsetup.c:1814 src/cryptsetup.c:1879
+#: src/cryptsetup.c:1981 src/cryptsetup.c:2047 src/cryptsetup_reencrypt.c:530
msgid "Failed to set pbkdf parameters."
msgstr "No se han podido establecer los parámetros pbkdf."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1563
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "La posición de datos reducida está permitida solamente para cabecera LUKS separada."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1574 src/cryptsetup.c:1885
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "No se puede determinar el tamaño de la clave del volumen para LUKS2 sin ranuras de claves; utilice la opción --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1619
msgid "Device activated but cannot make flags persistent."
msgstr "Dispositivo activado pero los indicadores no pueden hacerse persistentes."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1698 src/cryptsetup.c:1766
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "La ranura de claves %d se va a borrar."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1710 src/cryptsetup.c:1770
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Esta es la última ranura de claves. El dispositivo quedará inutilizado después de purgar esta clave."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1711
msgid "Enter any remaining passphrase: "
msgstr "Introduzca cualquier frase contraseña que quede: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1712 src/cryptsetup.c:1772
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operación abortada; la ranura de claves NO estaba limpia.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1748
msgid "Enter passphrase to be deleted: "
msgstr "Introduzca la frase contraseña que hay que borrar: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1828 src/cryptsetup.c:1900 src/cryptsetup.c:1934
msgid "Enter new passphrase for key slot: "
msgstr "Introduzca una nueva frase contraseña para la ranura de claves: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1917 src/cryptsetup_reencrypt.c:1328
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Introduzca cualquier frase contraseña que exista: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1985
msgid "Enter passphrase to be changed: "
msgstr "Introduzca la frase contraseña que hay que cambiar: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2001 src/cryptsetup_reencrypt.c:1314
msgid "Enter new passphrase: "
msgstr "Introduzca una nueva frase contraseña: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2051
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Introduzca la frase contraseña para la ranura de claves que se va a convertir: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2075
msgid "Only one device argument for isLuks operation is supported."
msgstr "La operación isLuks solo admite un argumento de dispositivo."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"El volcado de la cabecera con la clave del volumen es información\n"
-"sensible que permite el acceso a una partición cifrada sin frase contraseña.\n"
-"Este volcado debería almacenarse cifrado en un lugar seguro."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2190
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "La ranura de claves %d no contiene clave independiente."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2195
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"El volcado de la cabecera con clave independiente del volumen es información\n"
"sensible. Este volcado debería almacenarse cifrado en un lugar seguro."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2286 src/cryptsetup.c:2314
#, c-format
msgid "%s is not active %s device name."
msgstr "%s no es un nombre de dispositivo %s activo."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2309
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s no es un nombre de dispositivo LUKS activo o falta la cabecera."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2347 src/cryptsetup.c:2366
msgid "Option --header-backup-file is required."
msgstr "Es necesaria la opción --header-backup-file."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2397
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s no es un dispositivo gestionable por cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2408
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "El refresco no está disponible para el tipo de dispositivo %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2454
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Tipo de dispositivo de metadatos %s no reconocido."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2456
msgid "Command requires device and mapped name as arguments."
msgstr "Esta orden necesita como argumentos el dispositivo y el nombre asociado."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2477
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Esta operación borrará todas las ranuras de claves en el dispositivo %s.\n"
"El dispositivo quedará inutilizable después de esta operación."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2484
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operación abortada; las ranuras de claves NO estaban limpias.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2523
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Tipo LUKS no válido; solo se admiten luks1 y luks2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2539
#, c-format
msgid "Device is already %s type."
msgstr "El dispositivo ya es de tipo %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2546
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Esta operación convertirá el formato %s a %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2549
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operación abortada; el dispositivo NO estaba convertido.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2589
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Falta la opción --priority, --label o --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2623 src/cryptsetup.c:2660 src/cryptsetup.c:2680
#, c-format
msgid "Token %d is invalid."
msgstr "El «token» %d no es válido."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2626 src/cryptsetup.c:2683
#, c-format
msgid "Token %d in use."
msgstr "El «token» %d está en uso."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2638
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "No se ha podido añadir el «token» %d al llavero luks."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2646 src/cryptsetup.c:2709
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "No se ha logrado asignar el «token» %d a la ranura de claves %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2663
#, c-format
msgid "Token %d is not in use."
msgstr "El «token» %d no está en uso."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2700
msgid "Failed to import token from file."
msgstr "No se ha podido importar el «token» del fichero."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2725
#, c-format
msgid "Failed to get token %d for export."
msgstr "No se ha logrado obtener el «token» %d para exportar."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "El parámetro --key-description es obligatorio para la acción de añadir «token»."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "La acción requiere un «token» específico. Utilice el parámetro --token-id."
-
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr "Operación de «token» no válida %s."
-
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2789
#, c-format
msgid "Auto-detected active dm device '%s' for data device %s.\n"
msgstr "Se ha detectado automáticamente el dispositivo dm activo '%s' para el dispositivo de datos %s.\n"
-#: src/cryptsetup.c:2802
+#: src/cryptsetup.c:2793
#, c-format
msgid "Device %s is not a block device.\n"
msgstr "El dispositivo %s no es un dispositivo de bloques.\n"
-#: src/cryptsetup.c:2804
+#: src/cryptsetup.c:2795
#, c-format
msgid "Failed to auto-detect device %s holders."
msgstr "No se han podido detectar automáticamente los propietarios del dispositivo %s."
-#: src/cryptsetup.c:2806
+#: src/cryptsetup.c:2799
#, c-format
msgid ""
"Unable to decide if device %s is activated or not.\n"
"activado. Para realizar recifrado en modo «online», utilice en su lugar\n"
"el parámetro --active-name.\n"
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Tipo de dispositivo LUKS no válido."
+#: src/cryptsetup.c:2881
+msgid "Encryption is supported only for LUKS2 format."
+msgstr "El cifrado solo puede hacerse con formato LUKS2."
-#: src/cryptsetup.c:2891
+#: src/cryptsetup.c:2886
msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
msgstr "El cifrado sin cabecera separada (--header) no es posible sin reducción del tamaño del dispositivo de datos (--reduce-device-size)."
-#: src/cryptsetup.c:2896
+#: src/cryptsetup.c:2891
msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
msgstr "El desplazamiento de datos solicitado debe ser menor o igual que la mitad del parámetro --reduce-device-size."
-#: src/cryptsetup.c:2905
+#: src/cryptsetup.c:2900
#, c-format
msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
msgstr "Ajustando el valor de --reduce-device-size al doble de --offset %<PRIu64> (sectores).\n"
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "El cifrado solo puede hacerse con formato LUKS2."
-
-#: src/cryptsetup.c:2932
+#: src/cryptsetup.c:2923
#, c-format
msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
msgstr "Se ha detectado un dispositivo LUKS en %s. ¿Desea cifrar de nuevo ese dispositivo LUKS?"
-#: src/cryptsetup.c:2950
+#: src/cryptsetup.c:2941
#, c-format
msgid "Temporary header file %s already exists. Aborting."
msgstr "El fichero de cabecera temporal %s ya existe. Se aborta."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
+#: src/cryptsetup.c:2943 src/cryptsetup.c:2950
#, c-format
msgid "Cannot create temporary header file %s."
msgstr "No se puede crear el fichero de cabecera temporal %s."
-#: src/cryptsetup.c:3026
+#: src/cryptsetup.c:2975
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "El tamaño de los metadatos LUKS2 es mayor que el valor del desplazamiento de los datos."
+
+#: src/cryptsetup.c:3007
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "No se ha podido colocar la nueva cabecera en la cabeza del dispositivo %s."
+
+#: src/cryptsetup.c:3018
#, c-format
msgid "%s/%s is now active and ready for online encryption.\n"
msgstr "%s/%s ahora está activo y preparado para cifrado «online».\n"
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
+#: src/cryptsetup.c:3055
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "El descifrado LUKS2 solo admite dispositivo con cabecera separada (con desplazamiento de datos puesto a 0)."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
+#: src/cryptsetup.c:3189 src/cryptsetup.c:3195
msgid "Not enough free keyslots for reencryption."
msgstr "No hay suficientes ranuras de claves para el recifrado."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
+#: src/cryptsetup.c:3215 src/cryptsetup_reencrypt.c:1279
msgid "Key file can be used only with --key-slot or with exactly one key slot active."
msgstr "El fichero de claves solo puede usarse con --key-slot o con una sola ranura de claves activa exactamente."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
+#: src/cryptsetup.c:3224 src/cryptsetup_reencrypt.c:1326
+#: src/cryptsetup_reencrypt.c:1337
#, c-format
msgid "Enter passphrase for key slot %d: "
msgstr "Introduzca la frase contraseña para la ranura de claves %d: "
-#: src/cryptsetup.c:3240
+#: src/cryptsetup.c:3233
#, c-format
msgid "Enter passphrase for key slot %u: "
msgstr "Introduzca la frase contraseña para la ranura de claves %u: "
-#: src/cryptsetup.c:3286
+#: src/cryptsetup.c:3278
#, c-format
msgid "Switching data encryption cipher to %s.\n"
msgstr "Cambiando el algoritmo de cifrado de datos a %s.\n"
-#: src/cryptsetup.c:3419
+#: src/cryptsetup.c:3415
msgid "Command requires device as argument."
msgstr "Esta orden necesita un dispositivo como argumento."
-#: src/cryptsetup.c:3441
+#: src/cryptsetup.c:3437
msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
msgstr "Actualmente solo se admite el formato LUKS2. Utilice la herramienta cryptsetup-reencrypt para LUKS1."
-#: src/cryptsetup.c:3453
+#: src/cryptsetup.c:3449
msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
msgstr "Ya hay un recifrado «offline» heredado en proceso. Utilice la utilidad cryptsetup-reencrypt."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
+#: src/cryptsetup.c:3459 src/cryptsetup_reencrypt.c:155
msgid "Reencryption of device with integrity profile is not supported."
msgstr "El recifrado de dispositivo con perfil de integridad no está admitido."
-#: src/cryptsetup.c:3471
+#: src/cryptsetup.c:3467
msgid "LUKS2 reencryption already initialized. Aborting operation."
msgstr "El recifrado LUKS2 ya está inicializado. Se aborta la operación."
-#: src/cryptsetup.c:3475
+#: src/cryptsetup.c:3471
msgid "LUKS2 device is not in reencryption."
msgstr "El dispositivo LUKS2 no está en recifrado."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:3498
msgid "<device> [--type <type>] [<name>]"
msgstr "<dispositivo> [--type <tipo> [<nombre>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:3498 src/veritysetup.c:480 src/integritysetup.c:446
msgid "open device as <name>"
msgstr "abrir el dispositivo como <nombre>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3499 src/cryptsetup.c:3500 src/cryptsetup.c:3501
+#: src/veritysetup.c:481 src/veritysetup.c:482 src/integritysetup.c:447
+#: src/integritysetup.c:448
msgid "<name>"
msgstr "<nombre>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3499 src/veritysetup.c:481 src/integritysetup.c:447
msgid "close device (remove mapping)"
msgstr "cerrar dispositivo (eliminar asociación)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3500
msgid "resize active device"
msgstr "cambiar el tamaño del dispositivo activo"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3501
msgid "show device status"
msgstr "mostrar el estado del dispositivo"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3502
msgid "[--cipher <cipher>]"
msgstr "[--cypher <algoritmo_de_cifrador>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3502
msgid "benchmark cipher"
msgstr "algoritmo de cifrado para pruebas"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
+#: src/cryptsetup.c:3506 src/cryptsetup.c:3507 src/cryptsetup.c:3514
+#: src/cryptsetup.c:3515 src/cryptsetup.c:3516 src/cryptsetup.c:3517
+#: src/cryptsetup.c:3518 src/cryptsetup.c:3519 src/cryptsetup.c:3520
+#: src/cryptsetup.c:3521 src/cryptsetup.c:3522
msgid "<device>"
msgstr "<dispositivo>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3503
msgid "try to repair on-disk metadata"
msgstr "intentar reparar metadatos en disco"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3504
msgid "reencrypt LUKS2 device"
msgstr "recifrar dispositivo LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3505
msgid "erase all keyslots (remove encryption key)"
msgstr "borrar todas las ranuras de claves (eliminar clave de cifrado)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3506
msgid "convert LUKS from/to LUKS2 format"
msgstr "convertir formato LUKS de/en LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3507
msgid "set permanent configuration options for LUKS2"
msgstr "establecer opciones de configuración permanentes para LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3508 src/cryptsetup.c:3509
msgid "<device> [<new key file>]"
msgstr "<dispositivo> [<nuevo fichero de claves>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3508
msgid "formats a LUKS device"
msgstr "da formato a un dispositivo LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3509
msgid "add key to LUKS device"
msgstr "añadir clave a un dispositivo LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3512
msgid "<device> [<key file>]"
msgstr "<dispositivo> [<fichero de claves>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3510
msgid "removes supplied key or key file from LUKS device"
msgstr "elimina la clave suministrada o el fichero de claves del dispositivo LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3511
msgid "changes supplied key or key file of LUKS device"
msgstr "cambia la clave suministrada o el fichero de claves del dispositivo LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3512
msgid "converts a key to new pbkdf parameters"
msgstr "convierte una clave a los nuevos parámetros pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3513
msgid "<device> <key slot>"
msgstr "<dispositivo> <ranura de claves>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3513
msgid "wipes key with number <key slot> from LUKS device"
msgstr "borra la clave con el número <ranura de clave> del dispositivo LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3514
msgid "print UUID of LUKS device"
msgstr "imprimir el UUID del dispositivo LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3515
msgid "tests <device> for LUKS partition header"
msgstr "comprueba si <dispositivo> tiene cabecera de partición LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3516
msgid "dump LUKS partition information"
msgstr "volcar información sobre la partición LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3517
msgid "dump TCRYPT device information"
msgstr "volcar información sobre el dispositivo TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3518
msgid "dump BITLK device information"
msgstr "volcar información sobre el dispositivo BITLK"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3519
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Suspender el dispositivo LUKS y limpiar la clave (todas las entradas/salidas congeladas)."
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3520
msgid "Resume suspended LUKS device"
msgstr "Reanudar el dispositivo LUKS suspendido."
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3521
msgid "Backup LUKS device header and keyslots"
msgstr "Hacer copia de seguridad de la cabecera y de las ranuras de claves del dispositivo LUKS"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3522
msgid "Restore LUKS device header and keyslots"
msgstr "Restaurar la cabecera y las ranuras de claves del dispositivo LUKS"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3523
msgid "<add|remove|import|export> <device>"
msgstr "<añade|elimina|importa|exporta> <dispositivo>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3523
msgid "Manipulate LUKS2 tokens"
msgstr "Manipular «tokens» LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3543 src/veritysetup.c:498 src/integritysetup.c:464
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<acción> es una de:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3549
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3553
#, c-format
msgid ""
"\n"
"<ranura de claves> es el número de la ranura de claves que se va a modificar\n"
"<fichero de claves> fichero de claves opcional para la nueva clave para la acción 'luksAddKey'\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3560
#, c-format
msgid ""
"\n"
"\n"
"El formato de metadatos predefinido de fábrica es %s (para la acción luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3565 src/cryptsetup.c:3568
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"El soporte del «plugin» del «token» externo LUKS2 es %s.\n"
+
+#: src/cryptsetup.c:3565
+msgid "compiled-in"
+msgstr "integrado en la compilación"
+
+#: src/cryptsetup.c:3566
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "ruta del «plugin» del «token» externo LUKS2: %s.\n"
+
+#: src/cryptsetup.c:3568
+msgid "disabled"
+msgstr "desactivado"
+
+#: src/cryptsetup.c:3572
#, c-format
msgid ""
"\n"
"PBKDF predefinido para LUKS2: %s\n"
"\tTiempo de iteración: %d, Memoria requerida: %dkB, hilos en paralelo: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3583
#, c-format
msgid ""
"\n"
"\tsin cifrado: %s, Clave: %d bits, Contraseña «hashing»: %s\n"
"\tLUKS: %s, Clave: %d bits, «hashing» de la cabecera LUKS: %s, Generador de números aleatorios: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3592
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: El tamaño de clave predefinido con modo XTS (dos claves internas) va a ser duplicado.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3610 src/veritysetup.c:637 src/integritysetup.c:620
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: necesita %s como argumentos"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1379
+#: src/cryptsetup_reencrypt.c:1704
+msgid "Key slot is invalid."
+msgstr "La ranura de claves no es válida."
+
+#: src/cryptsetup.c:3675
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "El tamaño del dispositivo debe ser múltiplo de sectores de 512 bytes."
+
+#: src/cryptsetup.c:3680
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "La especificación del tamaño máximo de zona activa del dispositivo no es válida."
+
+#: src/cryptsetup.c:3694 src/cryptsetup.c:3706 src/cryptsetup_reencrypt.c:1623
+msgid "Key size must be a multiple of 8 bits"
+msgstr "El tamaño de clave debe ser un múltiplo de 8 bits"
+
+#: src/cryptsetup.c:3711
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "El tamaño máximo de reducción del dispositivo es de 1 GiB."
+
+#: src/cryptsetup.c:3714 src/cryptsetup_reencrypt.c:1631
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "El tamaño de reducción debe ser múltiplo de sectores de 512 bytes."
+
+#: src/cryptsetup.c:3731
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "La opción --priority solo puede ser ignore/normal/prefer."
+
+#: src/cryptsetup.c:3741 src/veritysetup.c:561 src/integritysetup.c:543
+#: src/cryptsetup_reencrypt.c:1641
msgid "Show this help message"
msgstr "Mostrar este mensaje de ayuda"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3742 src/veritysetup.c:562 src/integritysetup.c:544
+#: src/cryptsetup_reencrypt.c:1642
msgid "Display brief usage"
msgstr "Mostrar brevemente cómo se usa"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3743 src/veritysetup.c:563 src/integritysetup.c:545
+#: src/cryptsetup_reencrypt.c:1643
msgid "Print package version"
msgstr "Imprimir versión del paquete"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3754 src/veritysetup.c:574 src/integritysetup.c:556
+#: src/cryptsetup_reencrypt.c:1654
msgid "Help options:"
msgstr "Opciones de ayuda:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Muestra mensajes de error más detallados"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Mostrar mensajes de depuración"
+#: src/cryptsetup.c:3771 src/veritysetup.c:592 src/integritysetup.c:573
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[OPCIÓN...] <acción> <acción-específica>"
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Mostrar mensajes de depuración incluidos los metadatos JSON"
+#: src/cryptsetup.c:3780 src/veritysetup.c:601 src/integritysetup.c:584
+msgid "Argument <action> missing."
+msgstr "El argumento <acción> no se ha proporcionado."
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Algoritmo de cifrado utilizado para cifrar el disco (ver /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Algoritmo «hash» utilizado para crear la clave de cifrado a partir de la frase contraseña"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Verifica la frase contraseña preguntándola dos veces"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Leer la clave de un fichero."
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Leer la clave (maestra) del volumen desde fichero."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Volcar la clave (maestra) del volumen en lugar de la información de las ranuras de claves."
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Tamaño de la clave de cifrado"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITS"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Limita la lectura desde fichero de claves"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "bytes"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Número de bytes que hay que saltar en el fichero de claves"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Limita la lectura desde un fichero de claves recién añadido"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Número de bytes que hay que saltar en el fichero de claves recién añadido"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Número de ranura para la nueva clave (el primero libre es lo predefinido)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Tamaño del dispositivo"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SECTORES"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Utilizar solamente el tamaño especificado de dispositivo (ignorar el resto del dispositivo). ¡PELIGROSO!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "iPosición de comienzo en el dispositivo «backend»"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Cuántos sectores de los datos cifrados hay que saltar al principio"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Crear una asignación alatoria"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "No pedir confirmación"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Tiempo de espera máximo para petición interactiva de frase contraseña (en segundos)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "s"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Actualización de la línea de progreso (en segundos)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Con qué frecuencia se puede volver a intentar introducir la frase contraseña"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Alinear los datos a <n> bordes de sector - para luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Fichero con copia de seguridad de cabecera LUKS y de ranuras de clave."
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Usar /dev/random para generar la clave del volumen."
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Usar /dev/urandom para generar la clave del volumen."
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Compartir dispositivo con otro segmento cifrado no solapado."
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID del dispositivo que se va a usar"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Permitir solicitudes de descarte (también llamadas TRIM) para el dispositivo"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Dispositivo o fichero con cabecera LUKS separada"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "No activar dispositivo; comprobar frase contraseña solamente"
+#: src/cryptsetup.c:3850 src/veritysetup.c:632 src/integritysetup.c:615
+msgid "Unknown action."
+msgstr "Acción desconocida."
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Utilizar cabecera oculta (dispositivo TCRYPT oculto)"
+#: src/cryptsetup.c:3861
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Las opciones --refresh y --test-passphrase son mutuamente excluyentes."
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "El dispositivo es una unidad con sistema TCRYPT (con cargador de arranque)"
+#: src/cryptsetup.c:3866 src/veritysetup.c:656 src/integritysetup.c:663
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Las opciones --cancel-deferred y --deferred no pueden utilizarse a la vez."
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Utilizar la cabecera TCRYPT de respaldo (secundaria)"
+#: src/cryptsetup.c:3872
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados."
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Explorar también si es un dispositivo compatible con VeraCrypt"
+#: src/cryptsetup.c:3877
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "La opción --persistent no se permite con --test-passphrase."
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Multiplicador de iteración personal para dispositivo compatible con VeraCrypt"
+#: src/cryptsetup.c:3882
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "La opción --integrity-no-wipe solo puede usarse para la acción de formato con extensión de integridad."
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Consulta el multiplicador de iteración personal para dispositivo compatible con VeraCrypt"
+#: src/cryptsetup.c:3889
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS, TCRYPT y BITLK."
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Tipo de metadatos del dispositivo: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#: src/cryptsetup.c:3901
+msgid "Option --key-file takes precedence over specified key file argument."
+msgstr "La opción --key-file tiene precedencia sobre el argumento de fichero de claves especificado."
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Desactivar la comprobación de la calidad de la contraseña (si estaba activada)"
+#: src/cryptsetup.c:3907
+msgid "Only one --key-file argument is allowed."
+msgstr "Solo se permite un argumento --key-file."
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Utilizar la opción de compatibilidad de rendimiento same_cpu_crypt de dm-crypt"
+#: src/cryptsetup.c:3911 src/cryptsetup_reencrypt.c:1689
+#: src/cryptsetup_reencrypt.c:1708
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Solo se permite una de las opciones --use-[u]random."
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Utilizar la opción de compatibilidad de rendimiento submit_from_crypt_cpus de dm-crypt"
+#: src/cryptsetup.c:3915
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Las opciones --align-payload y --offset no pueden combinarse."
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Obviar la cola de trabajo de dm-crypt y procesar las peticiones de lectura de forma síncrona"
+#: src/cryptsetup.c:3921
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes»."
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Obviar la cola de trabajo de dm-crypt y procesar las peticiones de escritura de forma síncrona"
+#: src/cryptsetup.c:3927
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "La opción --offset con acción de apertura solo está disponible para abrir dispositivos no cifrados y «loopaes»."
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "La eliminación del dispositivo está diferida hasta que el último usuario lo cierre"
+#: src/cryptsetup.c:3933
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT."
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Utilizar un bloqueo global para serializar PBKDF estricto en memoria (solución OOM)"
+#: src/cryptsetup.c:3938
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards."
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Tiempo de iteración PBKDF para LUKS (en ms)"
+#: src/cryptsetup.c:3943
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Las opciones --veracrypt y --disable-veracrypt solo están disponibles para dispositivos de tipo TCRYPT."
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ms"
+#: src/cryptsetup.c:3948
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "La opción --veracrypt-pim solo está disponible para dispositivos compatibles con VeraCrypt."
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Algoritmo PBKDF (para LUKS2): argon2i, argon2id, pbkdf2"
+#: src/cryptsetup.c:3954
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "La opción --veracrypt-query-pim solo está disponible para dispositivos compatibles con VeraCrypt."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Límite del coste de memoria PBKDF"
+#: src/cryptsetup.c:3958
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Las opciones --veracrypt-pim y --veracrypt-query-pim son mutuamente excluyentes."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "kilobytes"
+#: src/cryptsetup.c:3966 src/cryptsetup.c:4002
+msgid "Keyslot specification is required."
+msgstr "Se requiere especificación de ranura de claves."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Coste del paralelismo PBKDF"
+#: src/cryptsetup.c:3971 src/cryptsetup_reencrypt.c:1694
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+msgstr "La función de derivación de clave basada en contraseña (PBKDF) solo puede ser pbkdf2 o argon2i/argon2id."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "hilos"
+#: src/cryptsetup.c:3976 src/cryptsetup_reencrypt.c:1699
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
+msgstr "Las iteraciones forzadas de PBKDF no pueden combinarse con la opción de tiempo de iteración."
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Coste de las iteraciones PBKDF (forzado, desactiva el banco de pruebas)"
+#: src/cryptsetup.c:3983
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "La opción de tamaño de sector con acción de apertura solamente está disponible para dispositivos no cifrados."
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Prioridad de la ranura de claves: ignorada, normal, preferente"
+#: src/cryptsetup.c:3990
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "La opción de sectores IV grandes solo se admite para abrir dispositivo de tipo plano con tamaño de sector mayor de 512 bytes."
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Desactiva el bloqueo de metadatos en disco"
+#: src/cryptsetup.c:3996
+msgid "Key size is required with --unbound option."
+msgstr "El tamaño de la clave es requerido con la opción --unbound."
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Desactiva la carga de las claves del volumen mediante el llavero del núcleo"
+#: src/cryptsetup.c:4012
+msgid "LUKS2 decryption requires option --header."
+msgstr "El descifrado LUKS2 requiere la opción --header."
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Algoritmo de integridad de datos (solo LUKS2)"
+#: src/cryptsetup.c:4016
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Las opciones --reduce-device-size y --data-size no pueden combinarse."
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Desactiva el diario para dispositivo de integridad"
+#: src/cryptsetup.c:4020
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Las opciones --device-size y --size no pueden combinarse."
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "No limpiar dispositivo después de dar formato"
+#: src/cryptsetup.c:4024
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Las opciones --keyslot-cipher y --keyslot-key-size deben utilizarse juntas."
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Utilizar relleno obsoleto ineficiente (núcleos antiguos)"
+#: src/cryptsetup.c:4028
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "No se ha realizado ninguna acción. Invocado con la opción --test-args.\n"
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "No pedir frase de paso si falla la activación por «token»"
+#: src/cryptsetup.c:4040
+msgid "Invalid token action."
+msgstr "Acción de «token» no válida."
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Número de «token» (predefinido: cualquiera)"
+#: src/cryptsetup.c:4045
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "El parámetro --key-description es obligatorio para la acción de añadir «token»."
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Descripción de la clave"
+#: src/cryptsetup.c:4051
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "La acción requiere un «token» específico. Utilice el parámetro --token-id."
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Tamaño de sector de cifrado (predeterminado: 512 bytes)"
+#: src/cryptsetup.c:4062
+msgid "Cannot disable metadata locking."
+msgstr "No se puede desactivar el bloqueo de metadatos."
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Utiliza IV contado en tamaño de sector (no en unidades de 512 bytes)"
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
+msgstr "La cadena «salt» especificada no es válida."
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Establecer indicadores de activación persistentes para el dispositivo"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Poner etiqueta al dispositivo LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Poner etiqueta de subsistema al dispositivo LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Crear o volcar ranura de claves LUKS2 independiente (sin segmento de datos asignado)"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Leer o escribir el json de o en un fichero"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Tamaño de la zona de metadatos de la cabecera LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Tamaño de la zona de ranuras de clave de la cabecera LUKS2"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Refrescar (reactivar) el dispositivo con los nuevos parámetros"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Ranura de clave de LUKS2: Tamaño de la clave de cifrado"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Ranura de clave de LUKS2: El algoritmo de cifrado utilizado para el cifrado de ranuras de clave"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Crifrar el dispositivo LUKS2 (cifrado in situ)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Descifrar el dispositivo LUKS2 (elimina cifrado)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Inicializar solamente recifrado LUKS2 de los metadatos."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Reanudar solamente recifrado LUKS2 inicializado."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Reducir el tamaño del dispositivo de datos (mover la posición de los datos). ¡PELIGROSO!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Tamaño de zona activa de recifrado máximo."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Tipo de resiliencia de zona activa de recifrado (checksum,journal,none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "«Hash» de suma de comprobación de zona activa de recifrado"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Anular la autodetección de dispositivos del dispositivo dm que se va a recifrar"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[OPCIÓN...] <acción> <acción-específica>"
-
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "El argumento <acción> no se ha proporcionado."
-
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Acción desconocida."
-
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Las opciones --refresh y --test-passphrase son mutuamente excluyentes."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "La opción --deferred solo se permite con la orden de cerrar."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "La opción --shared solo se permite para abrir dispositivos no cifrados."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "La opción --allow-discards solo se permite para la operación de abrir."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "La opción --persistent solo se permite para la operación de abrir."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "La opción --serialize-memory-hard-pbkdf solo se permite para la operación de abrir."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "La opción --persistent no se permite con --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"La opción --key-size solo se permite con las acciones luksFormat, luksAddKey,\n"
-"open y benchmark. Para limitar la lectura del fichero de claves, utilizar --keyfile-size=(bytes)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "La opción --integrity solo se permite con luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "La opción --integrity-no-wipe solo puede usarse para la acción de formato con extensión de integridad."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Las opciones --label y --subsystem solo se permiten con las operaciones luksFormat y config LUKS2."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "La opción --test-passphrase solo se permite para abrir dispositivos LUKS, TCRYPT y BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "El tamaño de clave debe ser un múltiplo de 8 bits"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "La ranura de claves no es válida."
-
-#: src/cryptsetup.c:3958
-msgid "Option --key-file takes precedence over specified key file argument."
-msgstr "La opción --key-file tiene precedencia sobre el argumento de fichero de claves especificado."
-
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "No se permiten números negativos para esta opción."
-
-#: src/cryptsetup.c:3969
-msgid "Only one --key-file argument is allowed."
-msgstr "Solo se permite un argumento --key-file."
-
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Solo se permite una de las opciones --use-[u]random."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "La opción --use-[u]random solo se permite con luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "La opción --uuid solo se permite con luksFormat luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "La opción --align-payload solo se permite con luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Las opciones --luks2-metadata-size y --opt-luks2-keyslots-size solo se permiten para luksFormat con LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "La especificación del tamaño de los metadatos LUKS2 no es válida."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "La especificación del tamaño de las ranuras de claves LUKS2 no es válida."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Las opciones --align-payload y --offset no pueden combinarse."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "La opción --skip solo está disponible para abrir dispositivos no cifrados y «loopaes»."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "La opción --offset solo está disponible para abrir dispositivos no cifrados y «loopaes», «luksFormat» y recifrado de dispositivo."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "La opción --tcrypt-hidden o --tcrypt-system o --tcrypt-backup solo está disponible para dispositivos TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "La opción --tcrypt-hidden no puede combinarse con --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "La opción --veracrypt solo está disponible para dispositivos TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Argumento no válido para el parámetro --veracrypt-pim supplied."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "La opción --veracrypt-pim solo está disponible para dispositivos compatibles con VeraCrypt."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "La opción --veracrypt-query-pim solo está disponible para dispositivos compatibles con VeraCrypt."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Las opciones --veracrypt-pim y --veracrypt-query-pim son mutuamente excluyentes."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "La opción --priority solo puede ser ignore/normal/prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Se requiere especificación de ranura de claves."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr "La función de derivación de clave basada en contraseña (PBKDF) solo puede ser pbkdf2 o argon2i/argon2id."
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr "Las iteraciones forzadas de PBKDF no pueden combinarse con la opción de tiempo de iteración."
-
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "La opción de tamaño de sector no está disponible para esta orden."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "La opción de sectores IV grandes solo se admite para abrir dispositivo de tipo plano con tamaño de sector mayor de 512 bytes."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "El tamaño de la clave es requerido con la opción --unbound."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "La opción --unbound solo puede utilizarse con las acciones luksAddKey y luksDump."
-
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "La opción --refresh solo puede utilizarse con la acción de abrir."
-
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr "No se puede desactivar el bloqueo de metadatos."
-
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "La especificación del tamaño máximo de zona activa del dispositivo no es válida."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "La especificación del tamaño del dispositivo no es válida."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "El tamaño máximo de reducción del dispositivo es de 1 GiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "El tamaño de reducción debe ser múltiplo de sectores de 512 bytes."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "La especificación del tamaño de los datos no es válida."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Desbordamiento del tamaño de la reducción."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "El descifrado LUKS2 requiere la opción --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "El tamaño del dispositivo debe ser múltiplo de sectores de 512 bytes."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Las opciones --reduce-device-size y --data-size no pueden combinarse."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Las opciones --device-size y --size no pueden combinarse."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Las opciones --keyslot-cipher y --keyslot-key-size deben utilizarse juntas."
-
-#: src/veritysetup.c:76
-msgid "Invalid salt string specified."
-msgstr "La cadena «salt» especificada no es válida."
-
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "No se puede crear la imagen «hash» %s para escribir."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "No se puede crear la imagen FEC %s para escribir."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "No se puede crear el fichero «hash» raíz %s para escribir."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "No se puede escribir en el fichero «hash» raíz %s."
+
+#: src/veritysetup.c:210 src/veritysetup.c:227
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "No se puede leer el fichero «hash» raíz %s."
+
+#: src/veritysetup.c:215
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "El fichero «hash» raíz %s no es válido."
+
+#: src/veritysetup.c:236
msgid "Invalid root hash string specified."
msgstr "La cadena «hash» raíz especificada no es válida."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:244
#, c-format
msgid "Invalid signature file %s."
msgstr "Fichero de firmas inválido %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:251
#, c-format
msgid "Cannot read signature file %s."
msgstr "No se puede leer el fichero de firmas %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:274 src/veritysetup.c:288
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Esta orden necesita <«hash»_raíz> o la opción --root-hash-file como argumento."
+
+#: src/veritysetup.c:478
msgid "<data_device> <hash_device>"
msgstr "<dispositivo_de_datos> <dispositivo_«hash»>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:478 src/integritysetup.c:445
msgid "format device"
msgstr "dar formato al dispositivo"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<dispositivo_de_datos> <dispositivo_«hash»> <«hash»_raíz>"
+#: src/veritysetup.c:479
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<dispositivo_de_datos> <dispositivo_«hash»> [<«hash»_raíz>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:479
msgid "verify device"
msgstr "verificar dispositivo"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<dispositivo_de_datos> <nombre> <dispositivo_«hash»> <«hash»_raíz>"
+#: src/veritysetup.c:480
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<dispositivo_de_datos> <nombre> <dispositivo_«hash»> [<«hash»_raíz>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:482 src/integritysetup.c:448
msgid "show active device status"
msgstr "mostrar el estado del dispositivo activo"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:483
msgid "<hash_device>"
msgstr "<dispositivo_«hash»>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:483 src/integritysetup.c:449
msgid "show on-disk information"
msgstr "mostrar información sobre el disco"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:502
#, c-format
msgid ""
"\n"
"<dispositivo_«hash»> es el dispositivo que contiene los datos de verificación\n"
"<«hash»_raíz> «hash» del nodo raíz en «dispositivo—«hash»>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:509
#, c-format
msgid ""
"\n"
"Parámetros dm-verity predefinidos de fábrica:\n"
"\tAlgoritmo «hash»: %s, Bloque de datos (bytes): %u, Bloque «hash» (bytes): %u, Tamaño de «salt»: %u, Formato «hash»: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "No utilizar superbloque «verity»"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Tipo de formato (1 - normal, 0 - Chrome OS original)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "número"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Tamaño de bloque en el dispositivo de datos"
-
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Tamaño de bloque en el dispositivo «hash»"
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "Bytes de paridad FEC"
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Número de bloques en el fichero de datos"
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "bloques"
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Ruta a dispositivo con datos de corrección de errores"
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "ruta"
-
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Posición inicial en el dispositivo «hash»"
-
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Posición inicial en el dispositivo FEC"
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Algoritmo «hash»"
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "cadena"
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "«Salt»"
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "cadena hexadecimal"
-
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Ruta al fichero de firmas «hash» raíz"
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Reiniciar el núcleo si se detecta corrupción"
-
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Poner en pánico al núcleo si se detecta corrupción"
-
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ignorar corrupción, tomar nota únicamente"
-
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "No verificar bloques con zeros"
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Verificar el bloque de datos solo en la primera lectura"
-
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Las opciones --ignore-corruption, --restart-on-corruption y --ignore-zero-blocks solo están permitidas para la operación de abrir."
-
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "La opción --root-hash-signature solo puede usarse para la acción de abrir."
-
-#: src/veritysetup.c:610
+#: src/veritysetup.c:646
msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
msgstr "Las opciones --ignore-corruption y --restart-on-corruption no pueden utilizarse juntas."
-#: src/veritysetup.c:615
+#: src/veritysetup.c:651
msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
msgstr "Las opciones --panic-on-corruption y --restart-on-corruption no pueden utilizarse juntas."
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Tamaño de clave no válido."
-
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, c-format
-msgid "Cannot read keyfile %s."
-msgstr "No se puede leer el fichero de claves %s."
-
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "No se pueden leer %d «bytes» en el fichero de claves %s."
-
-#: src/integritysetup.c:266
+#: src/integritysetup.c:201
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr "Formato dado con tamaño de etiqueta %u, integridad interna %s.\n"
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:445 src/integritysetup.c:449
msgid "<integrity_device>"
msgstr "<dispositivo_de_integridad>"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:446
msgid "<integrity_device> <name>"
msgstr "<dispositivo_de_integridad> <nombre>"
-#: src/integritysetup.c:515
+#: src/integritysetup.c:468
#, c-format
msgid ""
"\n"
"<nombre> es el dispositivo que se va a crear bajo %s\n"
"<dispositivo_de_integridad> es el dispositivo que contiene datos con etiquetas de integridad\n"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
+#: src/integritysetup.c:473
+#, c-format
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
"\n"
"Parámetros dm-integrity predefinidos de fábrica:\n"
"\tAlgoritmo de la suma de comprobación: %s\n"
+"\tTamaño máximo del fichero de claves: %dkB\n"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Ruta al dispositivo de datos (si está separado)"
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Tamaño del diario"
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Sectores de entrelazado"
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Marca de agua del diario"
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "por ciento"
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Tiempo de escritura en el diario"
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Número de sectores de 512 bytes por bit (modo mapa de bits)."
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Tiempo de «flush» del modo mapa de bits"
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Tamaño de etiqueta (por sector)"
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Tamaño de sector"
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Tamaño de los «buffers»"
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Algoritmo para la integridad de datos"
-
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Tamaño de la clave de integridad de datos"
-
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Leer la clave de integridad de un fichero"
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Algoritmo de integridad del diario"
-
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Tamaño de la clave de integridad del diario"
-
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Leer la clave de integridad del diario de un fichero"
-
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Algoritmo de cifrado del diario"
-
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Tamaño de la clave de cifrado del diario"
-
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Leer la clave de cifrado del diario de un fichero"
-
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Modo de recuperación (sin diario, sin comprobación de etiqueta)"
-
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Utilice bitmap para seguir los cambios y desactive el diario para el dispositivo de integridad"
-
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Recalcular las etiquetas iniciales automáticamente."
-
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "No proteger superbloque con HMAC (núcleos antiguos)"
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Permitir recalcular volúmenes con claves HMAC (núcleos antiguos)"
-
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "La opción --integrity-recalculate solo puede usarse para la acción de abrir."
-
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Las opciones --journal-size, --interleave-sectors, --sector-size, --tag-size y --no-wipe solo pueden utilizarse para la acción de dar formato."
-
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "La especificación del tamaño del diario no es válida."
+#: src/integritysetup.c:530
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Tamaño de --%s no válido. El máximo es %u bytes."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:628
msgid "Both key file and key size options must be specified."
msgstr "Deben especificarse las opciones tanto de fichero de claves como tamaño de clave."
-#: src/integritysetup.c:708
+#: src/integritysetup.c:632
msgid "Both journal integrity key file and key size options must be specified."
msgstr "Deben especificarse la opción del fichero de clave de integridad del diario y la del tamaño de la clave."
-#: src/integritysetup.c:711
+#: src/integritysetup.c:635
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "Debe especificarse el algoritmo de integridad del diario si va a utilizarse la clave de integridad del diario."
-#: src/integritysetup.c:716
+#: src/integritysetup.c:639
msgid "Both journal encryption key file and key size options must be specified."
msgstr "Deben especificarse la opción del fichero de la clave de cifrado del diario y la del tamaño de la clave."
-#: src/integritysetup.c:719
+#: src/integritysetup.c:642
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "Debe especificarse el algoritmo de cifrado del diario si va a utilizarse la clave de cifrado del diario."
-#: src/integritysetup.c:723
+#: src/integritysetup.c:646
msgid "Recovery and bitmap mode options are mutually exclusive."
msgstr "Las opciones de recuperación y de modo mapa de bits son mutuamente excluyentes."
-#: src/integritysetup.c:727
+#: src/integritysetup.c:653
msgid "Journal options cannot be used in bitmap mode."
msgstr "Las opciones de diario no pueden utilizarse en modo mapa de bits."
-#: src/integritysetup.c:731
+#: src/integritysetup.c:658
msgid "Bitmap options can be used only in bitmap mode."
msgstr "Las opciones de mapa de bits solo pueden utilizarse en el modo mapa de bits."
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:149
msgid "Reencryption already in-progress."
msgstr "Recifrado ya en curso."
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:185
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "No se puede abrir %s en exclusividad; el dispositivo está en uso."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:199 src/cryptsetup_reencrypt.c:1120
msgid "Allocation of aligned memory failed."
msgstr "La reserva de memoria alineada ha fallado."
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:206
#, c-format
msgid "Cannot read device %s."
msgstr "No se puede leer el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:217
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "Marcando el dispositivo LUKS1 %s como inutilizable."
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:221
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr "Estableciendo el indicador de recifrado fuera de línea LUKS2 en el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:238
#, c-format
msgid "Cannot write device %s."
msgstr "No se puede escribir en el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:286
msgid "Cannot write reencryption log file."
msgstr "No se puede escribir en el fichero de registro de recifrado."
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:342
msgid "Cannot read reencryption log file."
msgstr "No se puede leer el fichero de registro de recifrado."
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:353
+msgid "Wrong log format."
+msgstr "Formato del fichero de registro incorrecto."
+
+#: src/cryptsetup_reencrypt.c:380
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "El fichero de registro %s ya existe; reanudando el recifrado.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:429
msgid "Activating temporary device using old LUKS header."
msgstr "Activando dispositivo temporal utilizando cabecera LUKS antigua."
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:439
msgid "Activating temporary device using new LUKS header."
msgstr "Activando dispositivo temporal utilizando cabecera LUKS nueva."
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:449
msgid "Activation of temporary devices failed."
msgstr "Fallo en la activación de los dispositivos temporales."
-#: src/cryptsetup_reencrypt.c:577
+#: src/cryptsetup_reencrypt.c:536
msgid "Failed to set data offset."
msgstr "No se ha podido establecer el desplazamiento de los datos."
-#: src/cryptsetup_reencrypt.c:583
+#: src/cryptsetup_reencrypt.c:542
msgid "Failed to set metadata size."
msgstr "No se ha podido establecer el tamaño de los metadatos."
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:550
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Se ha creado una nueva cabecera LUKS para el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:610
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr "Esta versión de cryptsetup-reencrypt no sabe manejar el nuevo tipo de «token» interno %s."
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:632
msgid "Failed to read activation flags from backup header."
msgstr "No se ha podido leer los indicadores de activación en la cabecera de respaldo."
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:636
msgid "Failed to write activation flags to new header."
msgstr "No se ha podido escribir los indicadores de activación en la nueva cabecera."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:640 src/cryptsetup_reencrypt.c:644
msgid "Failed to read requirements from backup header."
msgstr "No se ha podido leer los requisitos en la cabecera de respaldo."
-#: src/cryptsetup_reencrypt.c:723
+#: src/cryptsetup_reencrypt.c:682
#, c-format
msgid "%s header backup of device %s created."
msgstr "Se ha creado una copia de seguridad de la cabecera %s del dispositivo %s."
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:745
msgid "Creation of LUKS backup headers failed."
msgstr "No se ha podido crear la copia de seguridad de las cabeceras LUKS."
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:878
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "No se puede restaurar la cabecera %s en el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:880
#, c-format
msgid "%s header on device %s restored."
msgstr "Se ha restaurado la cabecera %s en el dispositivo %s."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:1092 src/cryptsetup_reencrypt.c:1098
msgid "Cannot open temporary LUKS device."
msgstr "No se puede abrir el dispositivo LUKS temporal."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1103 src/cryptsetup_reencrypt.c:1108
msgid "Cannot get device size."
msgstr "No se puede obtener el tamaño del dispositivo."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1143
msgid "IO error during reencryption."
msgstr "Error de entrada/salida durante el recifrado."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1174
msgid "Provided UUID is invalid."
msgstr "El UUID proporcionado no es válido."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1408
msgid "Cannot open reencryption log file."
msgstr "No se puede abrir el fichero de registro de recifrado."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1414
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "No hay ningún proceso de descifrado en marcha; el UUID proporcionado solo puede utilizarse para reanudar un proceso de descifrado suspendido."
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1489
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr "Se han cambiado los parámetros pbkdf en la ranura de claves %i."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Tamaño de bloque de recifrado"
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
-
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "No cambie la clave; no hay recifrado en la zona de datos"
-
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Leer la clave (maestra) del volumen desde fichero"
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)"
-
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Utilizar entrada/salida directa para acceder a los dispositivos"
-
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Utilizar fsync después de cada bloque"
-
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Actualizar el fichero de registro después de cada bloque"
-
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Utilizar solamente esta ranura (se desactivarán las demás)"
-
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Crear nueva cabecera en dispositivo no cifrado"
-
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Descifrar el dispositivo de forma permanente (eliminar cifrado)"
-
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "El UUID utilizado para reanudar el descifrado"
+#: src/cryptsetup_reencrypt.c:1614
+msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+msgstr "Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de recifrado."
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Tipo de metadato LUKS: luks1, luks2"
+#: src/cryptsetup_reencrypt.c:1628
+msgid "Maximum device reduce size is 64 MiB."
+msgstr "El tamaño máximo de reducción del dispositivo es de 64 MiB."
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1669
msgid "[OPTION...] <device>"
msgstr "[OPCIÓN...] <dispositivo>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1677
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "El recifrado va a cambiar: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1678
msgid "volume key"
msgstr "clave del volumen"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1680
msgid "set hash to "
msgstr "nuevo algoritmo «hash» "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1681
msgid ", set cipher to "
msgstr ", nuevo algoritmo de cifrado: "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1685
msgid "Argument required."
msgstr "Hace falta argumento."
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Solo se permiten valores entre 1 MiB y 64 MiB para el tamaño de bloque de recifrado."
+#: src/cryptsetup_reencrypt.c:1712
+msgid "Option --new must be used together with --reduce-device-size or --header."
+msgstr "La opción --new debe utilizarse conjuntamente con --reduce-device-size o --header."
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "El tamaño máximo de reducción del dispositivo es de 64 MiB."
-
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "La opción --new debe utilizarse conjuntamente con --reduce-device-size o --header."
-
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1716
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "La opción --keep-key solamente puede utilizarse con --hash, --iter-time o --pbkdf-force-iterations."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1720
msgid "Option --new cannot be used together with --decrypt."
msgstr "La opción --new no puede utilizarse conjuntamente con --decrypt."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1726
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "La opción --decrypt es incompatible con los parámetros especificados."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1730
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "La opción --uuid solo está permitida conjuntamente con --decrypt."
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1734
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr "Tipo de luks no válido. Utilice uno de estos: 'luks', 'luks1' o 'luks2'."
-#: src/utils_tools.c:151
+#: src/utils_tools.c:119
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"¡ATENCIÓN!\n"
+"==========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:121
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"¿Está seguro? (Teclee 'yes' en mayúsculas): "
+
+#: src/utils_tools.c:127
msgid "Error reading response from terminal."
msgstr "Error de lectura de la respuesta recibida desde el terminal."
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Orden ejecutada correctamente.\n"
+#: src/utils_tools.c:159
+msgid "Command successful."
+msgstr "Orden ejecutada correctamente."
-#: src/utils_tools.c:194
+#: src/utils_tools.c:167
msgid "wrong or missing parameters"
msgstr "parámetros incorrectos u omisos"
-#: src/utils_tools.c:196
+#: src/utils_tools.c:169
msgid "no permission or bad passphrase"
msgstr "sin permiso o frase de paso mala"
-#: src/utils_tools.c:198
+#: src/utils_tools.c:171
msgid "out of memory"
msgstr "sin memoria"
-#: src/utils_tools.c:200
+#: src/utils_tools.c:173
msgid "wrong device or file specified"
msgstr "se ha especificado un dispositivo o fichero incorrecto"
-#: src/utils_tools.c:202
+#: src/utils_tools.c:175
msgid "device already exists or device is busy"
msgstr "el dispositivo ya existe o está ocupado"
-#: src/utils_tools.c:204
+#: src/utils_tools.c:177
msgid "unknown error"
msgstr "error desconocido"
-#: src/utils_tools.c:206
+#: src/utils_tools.c:179
#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "La orden ha fallado con código %i (%s).\n"
+msgid "Command failed with code %i (%s)."
+msgstr "La orden ha fallado con código %i (%s)."
-#: src/utils_tools.c:284
+#: src/utils_tools.c:257
#, c-format
msgid "Key slot %i created."
msgstr "Ranura de claves %i creada."
-#: src/utils_tools.c:286
+#: src/utils_tools.c:259
#, c-format
msgid "Key slot %i unlocked."
msgstr "Ranura de claves %i desbloqueada."
-#: src/utils_tools.c:288
+#: src/utils_tools.c:261
#, c-format
msgid "Key slot %i removed."
msgstr "Ranura de claves %i eliminada."
-#: src/utils_tools.c:297
+#: src/utils_tools.c:270
#, c-format
msgid "Token %i created."
msgstr "«Token» %i creado."
-#: src/utils_tools.c:299
+#: src/utils_tools.c:272
#, c-format
msgid "Token %i removed."
msgstr "«Token» %i eliminado."
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Limpieza interrumpida."
+#: src/utils_tools.c:282
+msgid "No token could be unlocked with this PIN."
+msgstr "No se ha podido desbloquear ningún «token» con este PIN."
-#: src/utils_tools.c:476
+#: src/utils_tools.c:284
#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "AVISO: El dispositivo %s ya contiene una firma de partición '%s'.\n"
+msgid "Token %i requires PIN."
+msgstr "El «token» %i requiere PIN."
-#: src/utils_tools.c:484
+#: src/utils_tools.c:286
#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "AVISO: El dispositivo %s ya contiene una firma de superbloque '%s'.\n"
+msgid "Token (type %s) requires PIN."
+msgstr "El «token» (tipo %s) requiere PIN."
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "No se han podido inicializar los sondeos de firma del dispositivo."
-
-#: src/utils_tools.c:549
+#: src/utils_tools.c:289
#, c-format
-msgid "Failed to stat device %s."
-msgstr "No se ha podido efectuar «stat» sobre el dispositivo %s."
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "El «token» %i no puede desbloquear ranura(s) de clave asignada(s) (frase contraseña incorrecta)."
-#: src/utils_tools.c:562
+#: src/utils_tools.c:291
#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "El dispositivo %s está en uso. No se puede proceder con la operación de dar formato."
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "El «token» (tipo %s) no puede desbloquear ranura(s) de clave asignada(s) (frase contraseña incorrecta)."
-#: src/utils_tools.c:564
+#: src/utils_tools.c:294
#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "No se ha podido abrir el fichero %s para lectura y escritura."
+msgid "Token %i requires additional missing resource."
+msgstr "El «token» %i requiere un recurso adicional que no está presente."
-#: src/utils_tools.c:578
+#: src/utils_tools.c:296
#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "La firma de la partición '%s' existente (desplazamiento: %<PRIi64> bytes) en el dispositivo %s va a limpiarse."
+msgid "Token (type %s) requires additional missing resource."
+msgstr "El «token» (tipo %s) requiere un recurso adicional que no está presente."
-#: src/utils_tools.c:581
+#: src/utils_tools.c:299
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "La firma del superbloque '%s' existente (desplazamiento: %<PRIi64> bytes) en el dispositivo %s va a limpiarse."
+msgid "No usable token (type %s) is available."
+msgstr "Ningún «token» utilizable (tipo %s) está disponible."
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "No se ha podido limpiar la firma del dispositivo."
+#: src/utils_tools.c:301
+msgid "No usable token is available."
+msgstr "Ningún «token» utilizable está disponible."
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "No se ha podido sondear el dispositivo %s para una firma."
+#: src/utils_tools.c:463
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Limpieza interrumpida."
-#: src/utils_tools.c:622
+#: src/utils_tools.c:492
msgid ""
"\n"
"Reencryption interrupted."
"\n"
"Recifrado interrumpido."
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_tools.c:511
+#, c-format
+msgid "Cannot read keyfile %s."
+msgstr "No se puede leer el fichero de claves %s."
+
+#: src/utils_tools.c:516
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "No se pueden leer %d «bytes» en el fichero de claves %s."
+
+#: src/utils_tools.c:541
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "No se puede abrir el fichero de claves %s para escritura."
+
+#: src/utils_tools.c:548
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "No se puede escribir en el fichero de claves %s."
+
+#: src/utils_password.c:41 src/utils_password.c:74
#, c-format
msgid "Cannot check password quality: %s"
msgstr "No se puede comprobar la calidad de la contraseña: %s"
-#: src/utils_password.c:51
+#: src/utils_password.c:49
#, c-format
msgid ""
"Password quality check failed:\n"
"Fallo en la comprobación de la calidad de la contraseña:\n"
" %s"
-#: src/utils_password.c:83
+#: src/utils_password.c:81
#, c-format
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Fallo en la comprobación de la calidad de la contraseña: frase contraseña incorrecta (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:224 src/utils_password.c:238
msgid "Error reading passphrase from terminal."
msgstr "Error al leer la frase contraseña desde el terminal."
-#: src/utils_password.c:240
+#: src/utils_password.c:236
msgid "Verify passphrase: "
msgstr "Verifique la frase contraseña: "
-#: src/utils_password.c:247
+#: src/utils_password.c:243
msgid "Passphrases do not match."
msgstr "La frase contraseña no coincide."
-#: src/utils_password.c:284
+#: src/utils_password.c:280
msgid "Cannot use offset with terminal input."
msgstr "No se puede usar «offset» con entrada desde terminal."
-#: src/utils_password.c:287
+#: src/utils_password.c:283
#, c-format
msgid "Enter passphrase: "
msgstr "Introduzca la frase contraseña: "
-#: src/utils_password.c:290
+#: src/utils_password.c:286
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Introduzca la frase contraseña de %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:317
msgid "No key available with this passphrase."
msgstr "No hay ninguna clave disponible con esa frase contraseña."
-#: src/utils_password.c:323
+#: src/utils_password.c:319
msgid "No usable keyslot is available."
msgstr "No hay niguna ranura de claves utilizable disponible."
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "No se puede abrir el fichero de claves %s para escritura."
-
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "No se puede escribir en el fichero de claves %s."
-
#: src/utils_luks2.c:47
#, c-format
msgid "Failed to open file %s in read-only mode."
msgid "Failed to write JSON file."
msgstr "No se ha podido escribir el fichero JSON."
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "No se ha podido desactivar el indicador del requisito de descifrado."
+#: src/utils_blockdev.c:192
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "ATENCIÓN: El dispositivo %s ya contiene una firma de partición '%s'.\n"
+
+#: src/utils_blockdev.c:200
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "ATENCIÓN: El dispositivo %s ya contiene una firma de superbloque '%s'.\n"
+
+#: src/utils_blockdev.c:221 src/utils_blockdev.c:285
+msgid "Failed to initialize device signature probes."
+msgstr "No se han podido inicializar los sondeos de firma del dispositivo."
+
+#: src/utils_blockdev.c:265
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "No se ha podido efectuar «stat» sobre el dispositivo %s."
+
+#: src/utils_blockdev.c:278
+#, c-format
+msgid "Device %s is in use. Cannot proceed with format operation."
+msgstr "El dispositivo %s está en uso. No se puede proceder con la operación de dar formato."
+
+#: src/utils_blockdev.c:280
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "No se ha podido abrir el fichero %s para lectura y escritura."
+
+#: src/utils_blockdev.c:294
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "La firma de la partición '%s' existente en el dispositivo %s va a ser borrada."
+
+#: src/utils_blockdev.c:297
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "La firma del superbloque '%s' existente en el dispositivo %s va a ser borrada."
+
+#: src/utils_blockdev.c:300
+msgid "Failed to wipe device signature."
+msgstr "No se ha podido limpiar la firma del dispositivo."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "No se ha podido sondear el dispositivo %s para una firma."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "La especificación del tamaño no es válida en el parámetro --%s."
+
+#: src/utils_args.c:121
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "La opción --%s no se permite con la acción %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:108
+msgid "Failed to write ssh token json."
+msgstr "No se ha podido escribir el json del «token» ssh."
+
+#: tokens/ssh/cryptsetup-ssh.c:126
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"«Plugin» experimental de cryptsetup para desbloquear dispositivos LUKS2 con «token» conectado a servidor SSH\vEste «plugin» actualmente permite únicamente añadir un «token» a una ranura de claves que ya exista.\n"
+"\n"
+"El servidor SSH especificado debe contener un fichero de claves en la ruta especificada con una frase contraseña para una ranura de claves que ya exista en el dispositivo.\n"
+"Las credenciales proporcionadas cryptsetup las utilizará para obtener la contraseña al abrir el dispositivo mediante el «token».\n"
+"\n"
+"Nota: la información proporcionada al añadir el «token» (dirección del servidor SSH, usuario y rutas) se almacenará en la cabecera LUKS2 en texto plano."
+
+#: tokens/ssh/cryptsetup-ssh.c:136
+msgid "<action> <device>"
+msgstr "<acción> <dispositivo>"
+
+#: tokens/ssh/cryptsetup-ssh.c:139
+msgid "Options for the 'add' action:"
+msgstr "Opciones para la acción 'add':"
+
+#: tokens/ssh/cryptsetup-ssh.c:140
+msgid "IP address/URL of the remote server for this token"
+msgstr "Dirección IP/URL del servidor remoto para este «token»"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Username used for the remote server"
+msgstr "Nombre de usuario utilizado para el servidor remoto"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "Path to the key file on the remote server"
+msgstr "Ruta del fichero de claves en el servidor remoto"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Ruta de la clave SSH para conectarse al servidor remoto"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Ranura de claves a la que asignar el «token». Si no se especifica, el «token» será asignado a la primera ranura de claves que coincida con la frase contraseña proporcionada."
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Generic options:"
+msgstr "Opciones genéricas:"
+
+#: tokens/ssh/cryptsetup-ssh.c:147
+msgid "Shows more detailed error messages"
+msgstr "Muestra mensajes de error más detallados"
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Show debug messages"
+msgstr "Mostrar mensajes de depuración"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Show debug messages including JSON metadata"
+msgstr "Mostrar mensajes de depuración incluidos los metadatos JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:260
+msgid "Failed to open and import private key:\n"
+msgstr "No se ha podido abrir e importar la clave privada:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:264
+msgid "Failed to import private key (password protected?).\n"
+msgstr "No se ha podido importar la clave privada (¿está protegida por contraseña?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:266
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Contraseña de %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:355
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "No se han podido analizar los argumentos.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:366
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Es preciso especificar una acción\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:372
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Es preciso especificar el dispositivo para la acción '%s'.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:377
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Es preciso especificar el servidor SSH para la acción '%s'.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:382
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Es preciso especificar el usuario SSH para la acción '%s'.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:387
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Es preciso especificar la ruta SSH para la acción '%s'.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:392
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Es preciso especificar la ruta de la ruta SSH para la acción '%s'.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:399
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "No se ha podido abrir %s con las credenciales proporcionadas.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:415
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Actualmente este «plugin» solo admite la acción 'add'.\n"
+
+#: tokens/ssh/ssh-utils.c:46 tokens/ssh/ssh-utils.c:59
+msgid "Cannot create sftp session: "
+msgstr "No se puede crear la sesión sftp: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "No se puede iniciar la sesión sftp: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "No se puede obtener el estado del fichero sftp: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "No hay memoria suficiente.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "No se puede leer la clave remota: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "La conexión ha fallado: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Servidor no conocido: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "El método de autenticación de clave pública no está permitido en el «host».\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Error de autenticación de clave pública: "
+
+#~ msgid "No free token slot."
+#~ msgstr "No hay ninguna ranura de «token» libre."
+
+#~ msgid "Failed to create builtin token %s."
+#~ msgstr "No se ha podido crear el «token» interno %s."
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Tipo de dispositivo LUKS no válido."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Algoritmo de cifrado utilizado para cifrar el disco (ver /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Algoritmo «hash» utilizado para crear la clave de cifrado a partir de la frase contraseña"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Verifica la frase contraseña preguntándola dos veces"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Leer la clave de un fichero."
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Leer la clave (maestra) del volumen desde fichero."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Volcar la clave (maestra) del volumen en lugar de la información de las ranuras de claves."
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "Tamaño de la clave de cifrado"
+
+#~ msgid "BITS"
+#~ msgstr "BITS"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Limita la lectura desde fichero de claves"
+
+#~ msgid "bytes"
+#~ msgstr "bytes"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Número de bytes que hay que saltar en el fichero de claves"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Limita la lectura desde un fichero de claves recién añadido"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Número de bytes que hay que saltar en el fichero de claves recién añadido"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Número de ranura para la nueva clave (el primero libre es lo predefinido)"
+
+#~ msgid "The size of the device"
+#~ msgstr "Tamaño del dispositivo"
+
+#~ msgid "SECTORS"
+#~ msgstr "SECTORES"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Utilizar solamente el tamaño especificado de dispositivo (ignorar el resto del dispositivo). ¡PELIGROSO!"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "iPosición de comienzo en el dispositivo «backend»"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Cuántos sectores de los datos cifrados hay que saltar al principio"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Crear una asignación alatoria"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "No pedir confirmación"
+
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Tiempo de espera máximo para petición interactiva de frase contraseña (en segundos)"
+
+#~ msgid "secs"
+#~ msgstr "s"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Actualización de la línea de progreso (en segundos)"
+
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Con qué frecuencia se puede volver a intentar introducir la frase contraseña"
+
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Alinear los datos a <n> bordes de sector - para luksFormat"
+
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Fichero con copia de seguridad de cabecera LUKS y de ranuras de clave."
+
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Usar /dev/random para generar la clave del volumen."
+
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Usar /dev/urandom para generar la clave del volumen."
+
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Compartir dispositivo con otro segmento cifrado no solapado."
+
+#~ msgid "UUID for device to use"
+#~ msgstr "UUID del dispositivo que se va a usar"
+
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Permitir solicitudes de descarte (también llamadas TRIM) para el dispositivo"
+
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Dispositivo o fichero con cabecera LUKS separada"
+
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "No activar dispositivo; comprobar frase contraseña solamente"
+
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Utilizar cabecera oculta (dispositivo TCRYPT oculto)"
+
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "El dispositivo es una unidad con sistema TCRYPT (con cargador de arranque)"
+
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Utilizar la cabecera TCRYPT de respaldo (secundaria)"
+
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Explorar también si es un dispositivo compatible con VeraCrypt"
+
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Multiplicador de iteración personal para dispositivo compatible con VeraCrypt"
+
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Consulta el multiplicador de iteración personal para dispositivo compatible con VeraCrypt"
+
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Tipo de metadatos del dispositivo: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Desactivar la comprobación de la calidad de la contraseña (si estaba activada)"
+
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Utilizar la opción de compatibilidad de rendimiento same_cpu_crypt de dm-crypt"
+
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Utilizar la opción de compatibilidad de rendimiento submit_from_crypt_cpus de dm-crypt"
+
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Obviar la cola de trabajo de dm-crypt y procesar las peticiones de lectura de forma síncrona"
+
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Obviar la cola de trabajo de dm-crypt y procesar las peticiones de escritura de forma síncrona"
+
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "La eliminación del dispositivo está diferida hasta que el último usuario lo cierre"
+
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Utilizar un bloqueo global para serializar PBKDF estricto en memoria (solución OOM)"
+
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Tiempo de iteración PBKDF para LUKS (en ms)"
+
+#~ msgid "msecs"
+#~ msgstr "ms"
+
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "Algoritmo PBKDF (para LUKS2): argon2i, argon2id, pbkdf2"
+
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Límite del coste de memoria PBKDF"
+
+#~ msgid "kilobytes"
+#~ msgstr "kilobytes"
+
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Coste del paralelismo PBKDF"
+
+#~ msgid "threads"
+#~ msgstr "hilos"
+
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Coste de las iteraciones PBKDF (forzado, desactiva el banco de pruebas)"
+
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Prioridad de la ranura de claves: ignorada, normal, preferente"
+
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Desactiva el bloqueo de metadatos en disco"
+
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Desactiva la carga de las claves del volumen mediante el llavero del núcleo"
+
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Algoritmo de integridad de datos (solo LUKS2)"
+
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Desactiva el diario para dispositivo de integridad"
+
+#~ msgid "Do not wipe device after format"
+#~ msgstr "No limpiar dispositivo después de dar formato"
+
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Utilizar relleno obsoleto ineficiente (núcleos antiguos)"
+
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "No pedir frase de paso si falla la activación por «token»"
+
+#~ msgid "Token number (default: any)"
+#~ msgstr "Número de «token» (predefinido: cualquiera)"
+
+#~ msgid "Key description"
+#~ msgstr "Descripción de la clave"
+
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Tamaño de sector de cifrado (predeterminado: 512 bytes)"
+
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Utiliza IV contado en tamaño de sector (no en unidades de 512 bytes)"
+
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Establecer indicadores de activación persistentes para el dispositivo"
+
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Poner etiqueta al dispositivo LUKS2"
+
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Poner etiqueta de subsistema al dispositivo LUKS2"
+
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Crear o volcar ranura de claves LUKS2 independiente (sin segmento de datos asignado)"
+
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Leer o escribir el json de o en un fichero"
+
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Tamaño de la zona de metadatos de la cabecera LUKS2"
+
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Tamaño de la zona de ranuras de clave de la cabecera LUKS2"
+
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Refrescar (reactivar) el dispositivo con los nuevos parámetros"
+
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "Ranura de clave de LUKS2: Tamaño de la clave de cifrado"
+
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "Ranura de clave de LUKS2: El algoritmo de cifrado utilizado para el cifrado de ranuras de clave"
+
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Crifrar el dispositivo LUKS2 (cifrado in situ)."
+
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Descifrar el dispositivo LUKS2 (elimina cifrado)"
+
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Inicializar solamente recifrado LUKS2 de los metadatos."
+
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Reanudar solamente recifrado LUKS2 inicializado."
+
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Reducir el tamaño del dispositivo de datos (mover la posición de los datos). ¡PELIGROSO!"
+
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Tamaño de zona activa de recifrado máximo."
+
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Tipo de resiliencia de zona activa de recifrado (checksum,journal,none)"
+
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "«Hash» de suma de comprobación de zona activa de recifrado"
+
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Anular la autodetección de dispositivos del dispositivo dm que se va a recifrar"
+
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "La opción --deferred solo se permite con la orden de cerrar."
+
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "La opción --allow-discards solo se permite para la operación de abrir."
+
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "La opción --persistent solo se permite para la operación de abrir."
+
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "La opción --serialize-memory-hard-pbkdf solo se permite para la operación de abrir."
#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
#~ msgstr ""
-#~ "Parece que el dispositivo no necesita recuperación del recifrado.\n"
-#~ "¿Desea continuar de todos modos?"
+#~ "La opción --key-size solo se permite con las acciones luksFormat, luksAddKey,\n"
+#~ "open y benchmark. Para limitar la lectura del fichero de claves, utilizar --keyfile-size=(bytes)."
+
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "La opción --integrity solo se permite con luksFormat (LUKS2)."
+
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Las opciones --label y --subsystem solo se permiten con las operaciones luksFormat y config LUKS2."
+
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "No se permiten números negativos para esta opción."
+
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "La opción --use-[u]random solo se permite con luksFormat."
+
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "La opción --uuid solo se permite con luksFormat luksUUID."
+
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "La opción --align-payload solo se permite con luksFormat."
+
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Las opciones --luks2-metadata-size y --opt-luks2-keyslots-size solo se permiten para luksFormat con LUKS2."
+
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "La especificación del tamaño de los metadatos LUKS2 no es válida."
+
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "La especificación del tamaño de las ranuras de claves LUKS2 no es válida."
+
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "La opción --offset solo está disponible para abrir dispositivos no cifrados y «loopaes», «luksFormat» y recifrado de dispositivo."
+
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Argumento no válido para el parámetro --veracrypt-pim supplied."
+
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "La opción de tamaño de sector no está disponible para esta orden."
+
+#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#~ msgstr "La opción --unbound solo puede utilizarse con las acciones luksAddKey y luksDump."
+
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "La opción --refresh solo puede utilizarse con la acción de abrir."
+
+#~ msgid "Invalid device size specification."
+#~ msgstr "La especificación del tamaño del dispositivo no es válida."
+
+#~ msgid "Reduce size overflow."
+#~ msgstr "Desbordamiento del tamaño de la reducción."
+
+#~ msgid "Do not use verity superblock"
+#~ msgstr "No utilizar superbloque «verity»"
+
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Tipo de formato (1 - normal, 0 - Chrome OS original)"
+
+#~ msgid "number"
+#~ msgstr "número"
+
+#~ msgid "Block size on the data device"
+#~ msgstr "Tamaño de bloque en el dispositivo de datos"
+
+#~ msgid "Block size on the hash device"
+#~ msgstr "Tamaño de bloque en el dispositivo «hash»"
+
+#~ msgid "FEC parity bytes"
+#~ msgstr "Bytes de paridad FEC"
+
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Número de bloques en el fichero de datos"
+
+#~ msgid "blocks"
+#~ msgstr "bloques"
+
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Ruta a dispositivo con datos de corrección de errores"
+
+#~ msgid "path"
+#~ msgstr "ruta"
+
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Posición inicial en el dispositivo «hash»"
+
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Posición inicial en el dispositivo FEC"
+
+#~ msgid "Hash algorithm"
+#~ msgstr "Algoritmo «hash»"
+
+#~ msgid "string"
+#~ msgstr "cadena"
+
+#~ msgid "Salt"
+#~ msgstr "«Salt»"
+
+#~ msgid "hex string"
+#~ msgstr "cadena hexadecimal"
+
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Ruta al fichero de firmas «hash» raíz"
+
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Reiniciar el núcleo si se detecta corrupción"
+
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Poner en pánico al núcleo si se detecta corrupción"
+
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Ignorar corrupción, tomar nota únicamente"
+
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "No verificar bloques con zeros"
+
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Verificar el bloque de datos solo en la primera lectura"
+
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Las opciones --ignore-corruption, --restart-on-corruption y --ignore-zero-blocks solo están permitidas para la operación de abrir."
+
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "La opción --root-hash-signature solo puede usarse para la acción de abrir."
+
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Ruta al dispositivo de datos (si está separado)"
+
+#~ msgid "Journal size"
+#~ msgstr "Tamaño del diario"
+
+#~ msgid "Interleave sectors"
+#~ msgstr "Sectores de entrelazado"
+
+#~ msgid "Journal watermark"
+#~ msgstr "Marca de agua del diario"
+
+#~ msgid "percent"
+#~ msgstr "por ciento"
+
+#~ msgid "Journal commit time"
+#~ msgstr "Tiempo de escritura en el diario"
+
+#~ msgid "ms"
+#~ msgstr "ms"
+
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Número de sectores de 512 bytes por bit (modo mapa de bits)."
+
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Tiempo de «flush» del modo mapa de bits"
+
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Tamaño de etiqueta (por sector)"
+
+#~ msgid "Sector size"
+#~ msgstr "Tamaño de sector"
+
+#~ msgid "Buffers size"
+#~ msgstr "Tamaño de los «buffers»"
+
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Algoritmo para la integridad de datos"
+
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Tamaño de la clave de integridad de datos"
+
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Leer la clave de integridad de un fichero"
+
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Algoritmo de integridad del diario"
+
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Tamaño de la clave de integridad del diario"
+
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Leer la clave de integridad del diario de un fichero"
+
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Algoritmo de cifrado del diario"
+
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Tamaño de la clave de cifrado del diario"
+
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Leer la clave de cifrado del diario de un fichero"
+
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Modo de recuperación (sin diario, sin comprobación de etiqueta)"
+
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Utilice bitmap para seguir los cambios y desactive el diario para el dispositivo de integridad"
+
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Recalcular las etiquetas iniciales automáticamente."
+
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "No proteger superbloque con HMAC (núcleos antiguos)"
+
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Permitir recalcular volúmenes con claves HMAC (núcleos antiguos)"
+
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "La opción --integrity-recalculate solo puede usarse para la acción de abrir."
+
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Las opciones --journal-size, --interleave-sectors, --sector-size, --tag-size y --no-wipe solo pueden utilizarse para la acción de dar formato."
+
+#~ msgid "Invalid journal size specification."
+#~ msgstr "La especificación del tamaño del diario no es válida."
+
+#~ msgid "Reencryption block size"
+#~ msgstr "Tamaño de bloque de recifrado"
+
+#~ msgid "MiB"
+#~ msgstr "MiB"
+
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "No cambie la clave; no hay recifrado en la zona de datos"
+
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Leer la clave (maestra) del volumen desde fichero"
+
+#~ msgid "PBKDF2 iteration time for LUKS (in ms)"
+#~ msgstr "Tiempo de iteración PBKDF2 para LUKS (en ms)"
+
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Utilizar entrada/salida directa para acceder a los dispositivos"
+
+#~ msgid "Use fsync after each block"
+#~ msgstr "Utilizar fsync después de cada bloque"
+
+#~ msgid "Update log file after every block"
+#~ msgstr "Actualizar el fichero de registro después de cada bloque"
+
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Utilizar solamente esta ranura (se desactivarán las demás)"
+
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Crear nueva cabecera en dispositivo no cifrado"
+
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Descifrar el dispositivo de forma permanente (eliminar cifrado)"
+
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "El UUID utilizado para reanudar el descifrado"
+
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Tipo de metadato LUKS: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "ATENCIÓN: ¡Falta el directorio de bloqueo %s/%s!\n"
#~ msgid "Function not available in FIPS mode."
#~ msgstr "Función no disponible en modo FIPS."
-#~ msgid "Failed to write hash."
-#~ msgstr "No se ha podido escribir el «hash»."
-
#~ msgid "Failed to finalize hash."
#~ msgstr "No se ha podido finalizar el «hash»."
#~ msgid "Failed to assign digest %u to segment %u."
#~ msgstr "No se ha logrado asignar el resumen %u al segmento %u."
-#~ msgid "Failed to set segments."
-#~ msgstr "No se han podido poner los segmentos."
-
#~ msgid "Failed to assign reencrypt previous backup segment."
#~ msgstr "No se ha podido asignar recifrado al segmento de respaldo anterior."
#~ msgid "Failed to calculate new segments."
#~ msgstr "No se ha podido calcular los nuevos segmentos."
-#~ msgid "Failed to assign pre reenc segments."
-#~ msgstr "No se han podido asignar los segmentos pre reenc."
-
#~ msgid "Failed finalize hotzone resilience, retval = %d"
#~ msgstr "No se ha podido finalizar la resiliencia de zona caliente, retval = %d"
msgstr ""
"Project-Id-Version: cryptsetup 1.7.0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2015-10-29 13:27+0100\n"
"PO-Revision-Date: 2015-11-08 12:48+0200\n"
"Last-Translator: Jorma Karvonen <karvonen.jorma@gmail.com>\n"
"Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
"Language: fi\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: lib/libdevmapper.c:408
-#, fuzzy
-msgid "Cannot initialize device-mapper, running as non-root user."
+#: lib/libdevmapper.c:253
+msgid "Cannot initialize device-mapper, running as non-root user.\n"
msgstr "Laitekuvaimen alustus epäonnistui, suoritetaan ei-root-käyttäjänä.\n"
-#: lib/libdevmapper.c:411
-#, fuzzy
-msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
+#: lib/libdevmapper.c:256
+msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Laitekuvaimen alustus epäonnistui. Onko dm_mod-käyttöjärjestelmäydinmoduuli ladattu?\n"
-#: lib/libdevmapper.c:1180
-#, fuzzy
-msgid "Requested deferred flag is not supported."
-msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n"
-
-#: lib/libdevmapper.c:1249
-#, fuzzy, c-format
-msgid "DM-UUID for device %s was truncated."
+#: lib/libdevmapper.c:551
+#, c-format
+msgid "DM-UUID for device %s was truncated.\n"
msgstr "DM-UUID laitteelle %s typistettiin.\n"
-#: lib/libdevmapper.c:1580
-msgid "Unknown dm target type."
-msgstr ""
-
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
-#, fuzzy
-msgid "Requested dm-crypt performance options are not supported."
-msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n"
-
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
-#, fuzzy
-msgid "Requested dm-verity data corruption handling options are not supported."
-msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n"
-
-#: lib/libdevmapper.c:1721
-#, fuzzy
-msgid "Requested dm-verity FEC options are not supported."
-msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n"
-
-#: lib/libdevmapper.c:1725
-#, fuzzy
-msgid "Requested data integrity options are not supported."
-msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n"
-
-#: lib/libdevmapper.c:1727
-#, fuzzy
-msgid "Requested sector_size option is not supported."
+#: lib/libdevmapper.c:699
+msgid "Requested dmcrypt performance options are not supported.\n"
msgstr "Pyydetyt dmcrypt-suorituskykyvalitsimet eivät ole tuettuja.\n"
-#: lib/libdevmapper.c:1732
-msgid "Requested automatic recalculation of integrity tags is not supported."
-msgstr ""
-
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-#, fuzzy
-msgid "Discard/TRIM is not supported."
-msgstr "Tiivistealgoritmia %s ei tueta.\n"
-
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
-msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n"
-
-#: lib/libdevmapper.c:2713
-#, c-format
-msgid "Failed to query dm-%s segment."
-msgstr ""
-
# Entropy viittaa tässä ilmeisesti tiivistettävän tekstin satunnaisuuteen. Mitä satunnaisempi se on, sitä vähemmän sitä voi tiivistää.
-#: lib/random.c:75
+#: lib/random.c:76
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Järjestelmässä ei ole satunnaisuutta taltioavainta tuotettaessa.\n"
"Siirrä hiirtä tai kirjoita jotain tekstiä toiseen ikkunaan joidenkin satunnaistapahtumien keräämiseksi.\n"
-#: lib/random.c:79
+#: lib/random.c:80
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Avainta tuotetaan (%d%% valmis).\n"
-#: lib/random.c:165
-#, fuzzy
-msgid "Running in FIPS mode."
+#: lib/random.c:166
+msgid "Running in FIPS mode.\n"
msgstr "Suoritetaan FIPS-tilassa.\n"
-#: lib/random.c:171
-#, fuzzy
-msgid "Fatal error during RNG initialisation."
+#: lib/random.c:172
+msgid "Fatal error during RNG initialisation.\n"
msgstr "Kohtalokas virhe RNG-alustuksen aikana.\n"
-#: lib/random.c:208
-#, fuzzy
-msgid "Unknown RNG quality requested."
+#: lib/random.c:209
+msgid "Unknown RNG quality requested.\n"
msgstr "Tuntematonta RNG-laatua pyydetty.\n"
-#: lib/random.c:213
-#, fuzzy
-msgid "Error reading from RNG."
+#: lib/random.c:214
+#, c-format
+msgid "Error %d reading from RNG: %s\n"
msgstr "Virhe %d luettaessa kohteesta RNG: %s\n"
-#: lib/setup.c:229
-#, fuzzy
-msgid "Cannot initialize crypto RNG backend."
+#: lib/setup.c:200
+msgid "Cannot initialize crypto RNG backend.\n"
msgstr "RNG-salaustaustaohjelman alustus epäonnistui.\n"
-#: lib/setup.c:235
-#, fuzzy
-msgid "Cannot initialize crypto backend."
+#: lib/setup.c:206
+msgid "Cannot initialize crypto backend.\n"
msgstr "Salaustaustaohjelman alustus epäonnistui.\n"
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
-#, fuzzy, c-format
-msgid "Hash algorithm %s not supported."
+#: lib/setup.c:237 lib/setup.c:1193 lib/verity/verity.c:123
+#, c-format
+msgid "Hash algorithm %s not supported.\n"
msgstr "Tiivistealgoritmia %s ei tueta.\n"
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
-#, fuzzy, c-format
-msgid "Key processing error (using hash %s)."
+#: lib/setup.c:240 lib/loopaes/loopaes.c:90
+#, c-format
+msgid "Key processing error (using hash %s).\n"
msgstr "Avainkäsittelyvirhe (käytetään tiivistealgoritmia %s).\n"
-#: lib/setup.c:335 lib/setup.c:362
-#, fuzzy
-msgid "Cannot determine device type. Incompatible activation of device?"
+#: lib/setup.c:285
+msgid "Cannot determine device type. Incompatible activation of device?\n"
msgstr "Laitetyypin määritteleminen epäonnistui. Laitteen yhteensopimaton aktivointi?\n"
-#: lib/setup.c:341 lib/setup.c:3058
-#, fuzzy
-msgid "This operation is supported only for LUKS device."
-msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n"
-
-#: lib/setup.c:368
-#, fuzzy
-msgid "This operation is supported only for LUKS2 device."
+#: lib/setup.c:289 lib/setup.c:1546
+msgid "This operation is supported only for LUKS device.\n"
msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n"
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
-#, fuzzy
-msgid "All key slots full."
+#: lib/setup.c:321
+msgid "All key slots full.\n"
msgstr "Kaikki avainvälit ovat täynnä.\n"
-#: lib/setup.c:434
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select between 0 and %d."
+#: lib/setup.c:328
+#, c-format
+msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Avainväli %d on virheellinen, valitse väliltä 0 ... %d.\n"
-#: lib/setup.c:440
-#, fuzzy, c-format
-msgid "Key slot %d is full, please select another one."
+#: lib/setup.c:334
+#, c-format
+msgid "Key slot %d is full, please select another one.\n"
msgstr "Avainväli %d on täynnä, valitse joku toinen.\n"
-#: lib/setup.c:525 lib/setup.c:2832
-#, fuzzy
-msgid "Device size is not aligned to device logical block size."
-msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n"
+#: lib/setup.c:473
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Kirjoita salasanalause kohteelle %s: "
-#: lib/setup.c:624
-#, fuzzy, c-format
-msgid "Header detected but device %s is too small."
+#: lib/setup.c:654
+#, c-format
+msgid "Header detected but device %s is too small.\n"
msgstr "Otsake havaittu, mutta laite %s on liian pieni.\n"
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
-#, fuzzy
-msgid "This operation is not supported for this device type."
+#: lib/setup.c:670 lib/setup.c:1429
+msgid "This operation is not supported for this device type.\n"
msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n"
-#: lib/setup.c:666
-msgid "Illegal operation with reencryption in-progress."
-msgstr ""
-
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
-#, fuzzy, c-format
-msgid "Unsupported LUKS version %d."
-msgstr "Tukematon LUKS-versio %d.\n"
-
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
-#, fuzzy, c-format
-msgid "Device %s is not active."
+#: lib/setup.c:909 lib/setup.c:1382 lib/setup.c:2273
+#, c-format
+msgid "Device %s is not active.\n"
msgstr "Laite %s ei ole aktiivinen.\n"
-#: lib/setup.c:1444
-#, fuzzy, c-format
-msgid "Underlying device for crypt device %s disappeared."
+#: lib/setup.c:926
+#, c-format
+msgid "Underlying device for crypt device %s disappeared.\n"
msgstr "Salauslaitteen %s perustana oleva laite hävisi.\n"
-#: lib/setup.c:1524
-#, fuzzy
-msgid "Invalid plain crypt parameters."
+#: lib/setup.c:995
+msgid "Invalid plain crypt parameters.\n"
msgstr "Virheelliset tavalliset salausparametrit.\n"
-#: lib/setup.c:1529 lib/setup.c:1949
-#, fuzzy
-msgid "Invalid key size."
+#: lib/setup.c:1000 lib/setup.c:1120
+msgid "Invalid key size.\n"
msgstr "Virheellinen avainkoko.\n"
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
-#, fuzzy
-msgid "UUID is not supported for this crypt type."
-msgstr "UUID ei ole tuettu tälle laitetyypille.\n"
-
-#: lib/setup.c:1539 lib/setup.c:1959
-#, fuzzy
-msgid "Detached metadata device is not supported for this crypt type."
+#: lib/setup.c:1005 lib/setup.c:1125
+msgid "UUID is not supported for this crypt type.\n"
msgstr "UUID ei ole tuettu tälle laitetyypille.\n"
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
-#, fuzzy
-msgid "Unsupported encryption sector size."
-msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n"
-
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
-#, fuzzy
-msgid "Device size is not aligned to requested sector size."
-msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n"
-
-#: lib/setup.c:1608 lib/setup.c:1727
-#, fuzzy
-msgid "Can't format LUKS without device."
+#: lib/setup.c:1047
+msgid "Can't format LUKS without device.\n"
msgstr "Kohteen LUKS pohjustus ilman laitetta epäonnistui.\n"
-#: lib/setup.c:1614 lib/setup.c:1733
-msgid "Requested data alignment is not compatible with data offset."
-msgstr ""
-
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr ""
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
-#, fuzzy, c-format
-msgid "Cannot wipe header on device %s."
-msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n"
-
-#: lib/setup.c:1744
-msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
-msgstr ""
-
-#: lib/setup.c:1766
-msgid "Volume key is too small for encryption with integrity extensions."
-msgstr ""
-
-#: lib/setup.c:1821
-#, fuzzy, c-format
-msgid "Cipher %s-%s (key size %zd bits) is not available."
-msgstr "Salaus %s ei ole käytettävissä.\n"
-
-#: lib/setup.c:1854
-#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1858
+#: lib/setup.c:1090
#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
-#, fuzzy, c-format
-msgid "Device %s is too small."
-msgstr "Laite %s on liian pieni.\n"
-
-#: lib/setup.c:1893 lib/setup.c:1919
-#, fuzzy, c-format
-msgid "Cannot format device %s in use."
+msgid "Cannot format device %s which is still in use.\n"
msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n"
-#: lib/setup.c:1896 lib/setup.c:1922
-#, fuzzy, c-format
-msgid "Cannot format device %s, permission denied."
+#: lib/setup.c:1093
+#, c-format
+msgid "Cannot format device %s, permission denied.\n"
msgstr "Laitteen %s pohjustus epäonnistui, koska pääsy laitteeseen on kielletty.\n"
-#: lib/setup.c:1908 lib/setup.c:2229
-#, fuzzy, c-format
-msgid "Cannot format integrity for device %s."
-msgstr "Laitteelle %s kirjoittaminen epäonnistui.\n"
-
-#: lib/setup.c:1926
-#, fuzzy, c-format
-msgid "Cannot format device %s."
-msgstr "Laitteen %s lukeminen epäonnistui.\n"
+#: lib/setup.c:1097
+#, c-format
+msgid "Cannot wipe header on device %s.\n"
+msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n"
-#: lib/setup.c:1944
-#, fuzzy
-msgid "Can't format LOOPAES without device."
+#: lib/setup.c:1115
+msgid "Can't format LOOPAES without device.\n"
msgstr "Kohteen LOOPAES pohjustus ilman laitetta epäonnistui.\n"
-#: lib/setup.c:1989
-#, fuzzy
-msgid "Can't format VERITY without device."
+#: lib/setup.c:1153
+msgid "Can't format VERITY without device.\n"
msgstr "Kohteen VERITY pohjustus ilman laitetta epäonnistui.\n"
-#: lib/setup.c:2000 lib/verity/verity.c:103
-#, fuzzy, c-format
-msgid "Unsupported VERITY hash type %d."
+#: lib/setup.c:1161 lib/verity/verity.c:106
+#, c-format
+msgid "Unsupported VERITY hash type %d.\n"
msgstr "Tukematon VERITY-tiivistetyyppi %d.\n"
-#: lib/setup.c:2006 lib/verity/verity.c:111
-#, fuzzy
-msgid "Unsupported VERITY block size."
+#: lib/setup.c:1167 lib/verity/verity.c:114
+msgid "Unsupported VERITY block size.\n"
msgstr "Tukematon VERITY-lohkokoko.\n"
-#: lib/setup.c:2011 lib/verity/verity.c:75
-#, fuzzy
-msgid "Unsupported VERITY hash offset."
-msgstr "Tukematon VERITY-tiivistesiirros.\n"
-
-#: lib/setup.c:2016
-#, fuzzy
-msgid "Unsupported VERITY FEC offset."
+#: lib/setup.c:1172 lib/verity/verity.c:76
+msgid "Unsupported VERITY hash offset.\n"
msgstr "Tukematon VERITY-tiivistesiirros.\n"
-#: lib/setup.c:2040
-msgid "Data area overlaps with hash area."
-msgstr ""
-
-#: lib/setup.c:2065
-msgid "Hash area overlaps with FEC area."
-msgstr ""
-
-#: lib/setup.c:2072
-msgid "Data area overlaps with FEC area."
-msgstr ""
-
-#: lib/setup.c:2208
+#: lib/setup.c:1286
#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
-
-#: lib/setup.c:2286
-#, fuzzy, c-format
-msgid "Unknown crypt device type %s requested."
+msgid "Unknown crypt device type %s requested.\n"
msgstr "Tuntematon salauslaitetyyppi %s pyydetty.\n"
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
-#, fuzzy, c-format
-msgid "Unsupported parameters on device %s."
-msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n"
-
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
-#, fuzzy, c-format
-msgid "Mismatching parameters on device %s."
-msgstr "Otsakkeen pyyhkiminen pois laitteesta %s epäonnistui.\n"
-
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
-
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "Laitteen %s lukeminen epäonnistui.\n"
-
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "Laitteen %s lukeminen epäonnistui.\n"
-
-#: lib/setup.c:2735
-#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
-
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui."
-
-#: lib/setup.c:2817
-#, fuzzy
-msgid "Cannot resize loop device."
+#: lib/setup.c:1396
+msgid "Cannot resize loop device.\n"
msgstr "Silmukkalaitteen koon muuttaminen epäonnistui.\n"
-#: lib/setup.c:2890
+#: lib/setup.c:1444
msgid "Do you really want to change UUID of device?"
msgstr "Haluatko todella vaihtaa laitteen UUID-tunnistetta?"
-#: lib/setup.c:2966
-#, fuzzy
-msgid "Header backup file does not contain compatible LUKS header."
-msgstr "Varmuuskopiotiedosto ei sisällä kelvollista LUKS-otsaketta.\n"
-
-#: lib/setup.c:3066
-#, fuzzy, c-format
-msgid "Volume %s is not active."
+#: lib/setup.c:1554
+#, c-format
+msgid "Volume %s is not active.\n"
msgstr "Taltio %s ei ole käytössä.\n"
-#: lib/setup.c:3077
-#, fuzzy, c-format
-msgid "Volume %s is already suspended."
+#: lib/setup.c:1565
+#, c-format
+msgid "Volume %s is already suspended.\n"
msgstr "Taltio %s on jo keskeytetty.\n"
-#: lib/setup.c:3090
-#, fuzzy, c-format
-msgid "Suspend is not supported for device %s."
+#: lib/setup.c:1572
+#, c-format
+msgid "Suspend is not supported for device %s.\n"
msgstr "Keskeyttämistä ei tueta laitetyypille %s.\n"
-#: lib/setup.c:3092
-#, fuzzy, c-format
-msgid "Error during suspending device %s."
+#: lib/setup.c:1574
+#, c-format
+msgid "Error during suspending device %s.\n"
msgstr "Virhe keskeytettäessä laitetta %s.\n"
-#: lib/setup.c:3128
-#, fuzzy, c-format
-msgid "Resume is not supported for device %s."
+#: lib/setup.c:1600 lib/setup.c:1647
+#, c-format
+msgid "Volume %s is not suspended.\n"
+msgstr "Taltiota %s ei ole keskeytetty.\n"
+
+#: lib/setup.c:1614
+#, c-format
+msgid "Resume is not supported for device %s.\n"
msgstr "Jatkamista ei tueta laiteelle %s.\n"
-#: lib/setup.c:3130
-#, fuzzy, c-format
-msgid "Error during resuming device %s."
+#: lib/setup.c:1616 lib/setup.c:1668
+#, c-format
+msgid "Error during resuming device %s.\n"
msgstr "Virhe jatkettaessa laitteella %s.\n"
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, fuzzy, c-format
-msgid "Volume %s is not suspended."
-msgstr "Taltiota %s ei ole keskeytetty.\n"
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-#, fuzzy
-msgid "Volume key does not match the volume."
-msgstr "Taltioavain ei täsmää taltion kanssa.\n"
+#: lib/setup.c:1654 lib/setup.c:2089 lib/setup.c:2103 src/cryptsetup.c:183
+#: src/cryptsetup.c:244 src/cryptsetup.c:732 src/cryptsetup.c:1162
+msgid "Enter passphrase: "
+msgstr "Kirjoita salasanalause: "
# Volume key tarkoittaa yleensä äänenvoimakkuussäädintä, ei välttämättä tässä.
-#: lib/setup.c:3344 lib/setup.c:3535
-#, fuzzy
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
+#: lib/setup.c:1716 lib/setup.c:1852
+msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Avainvälin lisäys epäonnistui, kaikki välit on otettu pois käytöstä ja yhtään taltioavainta ei ole tarjottu.\n"
-#: lib/setup.c:3487
-#, fuzzy
-msgid "Failed to swap new key slot."
-msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n"
+#: lib/setup.c:1725 lib/setup.c:1858 lib/setup.c:1862
+msgid "Enter any passphrase: "
+msgstr "Kirjoita mikä tahansa salasanalause: "
-#: lib/setup.c:3673
-#, fuzzy, c-format
-msgid "Key slot %d is invalid."
-msgstr "Avainväli %d on virheellinen.\n"
+#: lib/setup.c:1742 lib/setup.c:1875 lib/setup.c:1879 lib/setup.c:1941
+#: src/cryptsetup.c:992 src/cryptsetup.c:1023
+msgid "Enter new passphrase for key slot: "
+msgstr "Kirjoita uusi salasanalause avainvälille: "
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
-#, fuzzy, c-format
-msgid "Keyslot %d is not active."
-msgstr "Avainväli %d ei ole käytössä.\n"
+#: lib/setup.c:1807
+#, c-format
+msgid "Key slot %d changed.\n"
+msgstr "Avaivälin %d vaihtui.\n"
-#: lib/setup.c:3698
-#, fuzzy
-msgid "Device header overlaps with data area."
-msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n"
+#: lib/setup.c:1810
+#, c-format
+msgid "Replaced with key slot %d.\n"
+msgstr "Korvattiin avainvälillä %d.\n"
-#: lib/setup.c:3992
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr ""
+#: lib/setup.c:1815
+msgid "Failed to swap new key slot.\n"
+msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n"
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n"
+#: lib/setup.c:1932 lib/setup.c:2193 lib/setup.c:2206 lib/setup.c:2348
+msgid "Volume key does not match the volume.\n"
+msgstr "Taltioavain ei täsmää taltion kanssa.\n"
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-#, fuzzy
-msgid "LUKS2 reencryption recovery failed."
-msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n"
+#: lib/setup.c:1970
+#, c-format
+msgid "Key slot %d is invalid.\n"
+msgstr "Avainväli %d on virheellinen.\n"
-#: lib/setup.c:4175 lib/setup.c:4437
-#, fuzzy
-msgid "Device type is not properly initialized."
-msgstr "Laitetyyppi ei ole alustettu oikein.\n"
+#: lib/setup.c:1975
+#, c-format
+msgid "Key slot %d is not used.\n"
+msgstr "Avainväli %d ei ole käytössä.\n"
-#: lib/setup.c:4223
-#, fuzzy, c-format
-msgid "Device %s already exists."
+#: lib/setup.c:2005 lib/setup.c:2077 lib/setup.c:2169
+#, c-format
+msgid "Device %s already exists.\n"
msgstr "Laite %s on jo olemassa.\n"
-#: lib/setup.c:4230
-#, fuzzy, c-format
-msgid "Cannot use device %s, name is invalid or still in use."
-msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n"
-
-#: lib/setup.c:4350
-#, fuzzy
-msgid "Incorrect volume key specified for plain device."
+#: lib/setup.c:2180
+msgid "Incorrect volume key specified for plain device.\n"
msgstr "Virheellinen taltioavain määritelty tavalliselle laitteelle.\n"
-#: lib/setup.c:4463
-#, fuzzy
-msgid "Incorrect root hash specified for verity device."
+#: lib/setup.c:2213
+msgid "Incorrect root hash specified for verity device.\n"
msgstr "Virheellinen root-tiiviste määritelty verity-laitteelle.\n"
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr ""
-
-#: lib/setup.c:4496 lib/setup.c:5976
-#, fuzzy
-msgid "Failed to load key in kernel keyring."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
+#: lib/setup.c:2236
+msgid "Device type is not properly initialised.\n"
+msgstr "Laitetyyppi ei ole alustettu oikein.\n"
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
-#, fuzzy, c-format
-msgid "Device %s is still in use."
+#: lib/setup.c:2268
+#, c-format
+msgid "Device %s is still in use.\n"
msgstr "Laite %s on yhä käytössä.\n"
-#: lib/setup.c:4574
-#, fuzzy, c-format
-msgid "Invalid device %s."
+#: lib/setup.c:2277
+#, c-format
+msgid "Invalid device %s.\n"
msgstr "Virheellinen laite %s.\n"
-#: lib/setup.c:4690
-#, fuzzy
-msgid "Volume key buffer too small."
+#: lib/setup.c:2298
+msgid "Function not available in FIPS mode.\n"
+msgstr "Funktio ei ole käytettävissä FIPS-tilassa.\n"
+
+#: lib/setup.c:2304
+msgid "Volume key buffer too small.\n"
msgstr "Taltioavainpuskuri on liian pieni.\n"
-#: lib/setup.c:4698
-#, fuzzy
-msgid "Cannot retrieve volume key for plain device."
+#: lib/setup.c:2312
+msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Taltioavaimen nouto tavalliselle laitteelle epäonnistui.\n"
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "Virheellinen root-tiiviste määritelty verity-laitteelle.\n"
-
-#: lib/setup.c:4717
-#, fuzzy, c-format
-msgid "This operation is not supported for %s crypt device."
+#: lib/setup.c:2319
+#, c-format
+msgid "This operation is not supported for %s crypt device.\n"
msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n"
-#: lib/setup.c:4923
-#, fuzzy
-msgid "Dump operation is not supported for this device type."
+#: lib/setup.c:2515
+msgid "Dump operation is not supported for this device type.\n"
msgstr "Dump-toimintoa ei tueta tälle laitetyypille.\n"
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
-#, fuzzy, c-format
-msgid "Cannot convert device %s which is still in use."
-msgstr "Laitteen %s pohjustus epäonnistui, koska se on yhä käytössä.\n"
-
-#: lib/setup.c:5833
-#, c-format
-msgid "Failed to assign keyslot %u as the new volume key."
-msgstr ""
-
-#: lib/setup.c:5906
-msgid "Failed to initialize default LUKS2 keyslot parameters."
-msgstr ""
+#: lib/utils.c:244
+msgid "Cannot get process priority.\n"
+msgstr "Prosessiprioriteetin hakeminen epäonnistui.\n"
-#: lib/setup.c:5912
-#, fuzzy, c-format
-msgid "Failed to assign keyslot %d to digest."
-msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n"
+#: lib/utils.c:258
+msgid "Cannot unlock memory.\n"
+msgstr "Muistin lukituksen avaus epäonnistui.\n"
-#: lib/setup.c:6043
-#, fuzzy
-msgid "Kernel keyring is not supported by the kernel."
-msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n"
+#: lib/utils_crypt.c:241 lib/utils_crypt.c:254 lib/utils_crypt.c:401
+#: lib/utils_crypt.c:416
+msgid "Out of memory while reading passphrase.\n"
+msgstr "Muisti loppui luettaessa salasanalausetta.\n"
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
-#, fuzzy, c-format
-msgid "Failed to read passphrase from keyring (error %d)."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
+#: lib/utils_crypt.c:246 lib/utils_crypt.c:261
+msgid "Error reading passphrase from terminal.\n"
+msgstr "Virhe luettaessa salasanalausetta pääteikkunasta.\n"
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
+#: lib/utils_crypt.c:259
+msgid "Verify passphrase: "
+msgstr "Todenna salasanalause: "
-#: lib/utils.c:80
-#, fuzzy
-msgid "Cannot get process priority."
-msgstr "Prosessiprioriteetin hakeminen epäonnistui.\n"
+#: lib/utils_crypt.c:266
+msgid "Passphrases do not match.\n"
+msgstr "Salasanalauseet eivät täsmää.\n"
-#: lib/utils.c:94
-#, fuzzy
-msgid "Cannot unlock memory."
-msgstr "Muistin lukituksen avaus epäonnistui.\n"
+#: lib/utils_crypt.c:350
+msgid "Cannot use offset with terminal input.\n"
+msgstr "Siirrososoitteen käyttö pääteikkunasyötteellä epäonnistui.\n"
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
-#, fuzzy
-msgid "Failed to open key file."
+#: lib/utils_crypt.c:369 lib/tcrypt/tcrypt.c:467
+msgid "Failed to open key file.\n"
msgstr "Avaintiedoston avaus epäonnistui.\n"
-#: lib/utils.c:173
-#, fuzzy
-msgid "Cannot read keyfile from a terminal."
-msgstr "Avaintiedoston %s lukeminen epäonnistui.\n"
-
-#: lib/utils.c:190
-#, fuzzy
-msgid "Failed to stat key file."
+#: lib/utils_crypt.c:378
+msgid "Failed to stat key file.\n"
msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-#: lib/utils.c:198 lib/utils.c:219
-#, fuzzy
-msgid "Cannot seek to requested keyfile offset."
+#: lib/utils_crypt.c:386 lib/utils_crypt.c:407
+msgid "Cannot seek to requested keyfile offset.\n"
msgstr "Pyydetyn avaintiedostosiirrososoitteen etsintä epäonnistui.\n"
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
-#, fuzzy
-msgid "Out of memory while reading passphrase."
-msgstr "Muisti loppui luettaessa salasanalausetta.\n"
-
-#: lib/utils.c:248
-#, fuzzy
-msgid "Error reading passphrase."
+#: lib/utils_crypt.c:424
+msgid "Error reading passphrase.\n"
msgstr "Virhe luettaessa salasanalausetta.\n"
-#: lib/utils.c:265
-msgid "Nothing to read on input."
-msgstr ""
-
-#: lib/utils.c:272
-#, fuzzy
-msgid "Maximum keyfile size exceeded."
+#: lib/utils_crypt.c:447
+msgid "Maximum keyfile size exceeded.\n"
msgstr "Avaintiedoston enimmäiskoko ylitettiin.\n"
-#: lib/utils.c:277
-#, fuzzy
-msgid "Cannot read requested amount of data."
+#: lib/utils_crypt.c:452
+msgid "Cannot read requested amount of data.\n"
msgstr "Pyydetyn tietomäärän lukeminen epäonnistui.\n"
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
-msgstr "Laite %s ei ole olemassa tai pääsy siihen on kielletty.\n"
-
-#: lib/utils_device.c:200
-#, fuzzy, c-format
-msgid "Device %s is not compatible."
-msgstr "Laite %s ei ole aktiivinen.\n"
-
-#: lib/utils_device.c:544
+#: lib/utils_device.c:136 lib/luks1/keyencryption.c:90
#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
-#, fuzzy, c-format
-msgid "Device %s is too small. Need at least %<PRIu64> bytes."
-msgstr "Laite %s on liian pieni. (LUKS vaatii vähintään %<PRIu64> tavua.)\n"
-
-#: lib/utils_device.c:747
-#, fuzzy, c-format
-msgid "Cannot use device %s which is in use (already mapped or mounted)."
-msgstr "Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai liitetty).\n"
-
-#: lib/utils_device.c:751
-#, fuzzy, c-format
-msgid "Cannot use device %s, permission denied."
-msgstr "Laitteeseen %s kirjoittaminen epäonnistui, pääsy kielletty.\n"
-
-#: lib/utils_device.c:754
-#, fuzzy, c-format
-msgid "Cannot get info about device %s."
-msgstr "Tietojen hakeminen laitteesta %s epäonnistui.\n"
+msgid "Device %s doesn't exist or access denied.\n"
+msgstr "Laite %s ei ole olemassa tai pääsy siihen on kielletty.\n"
-#: lib/utils_device.c:777
-#, fuzzy
-msgid "Cannot use a loopback device, running as non-root user."
+#: lib/utils_device.c:430
+msgid "Cannot use a loopback device, running as non-root user.\n"
msgstr "Silmukkalaitteen käyttö epäonnistui, suoritetaan ei-root-käyttäjänä.\n"
-#: lib/utils_device.c:787
-#, fuzzy
-msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
-msgstr "Silmukkalaitteeseen liittyminen epäonnistui (vaaditaan silmukkalaite autoclear-lipulla).\n"
-
-#: lib/utils_device.c:833
-#, fuzzy, c-format
-msgid "Requested offset is beyond real size of device %s."
-msgstr "Pyydetty siirrososoite on laitteen %s todellisen koon ulkopuolella.\n"
-
-#: lib/utils_device.c:841
-#, fuzzy, c-format
-msgid "Device %s has zero size."
-msgstr "Laitteen %s koko on nolla.\n"
-
-#: lib/utils_pbkdf.c:100
-msgid "Requested PBKDF target time cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:106
-#, c-format
-msgid "Unknown PBKDF type %s."
-msgstr ""
-
-#: lib/utils_pbkdf.c:111
-#, fuzzy, c-format
-msgid "Requested hash %s is not supported."
-msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n"
-
-#: lib/utils_pbkdf.c:122
-#, fuzzy
-msgid "Requested PBKDF type is not supported for LUKS1."
-msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n"
-
-#: lib/utils_pbkdf.c:128
-msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
-msgstr ""
+#: lib/utils_device.c:433
+msgid "Cannot find a free loopback device.\n"
+msgstr "Vapaan silmukkalaiteen löytäminen epäonnistui.\n"
-#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
-#, c-format
-msgid "Forced iteration count is too low for %s (minimum is %u)."
-msgstr ""
+#: lib/utils_device.c:440
+msgid "Attaching loopback device failed (loop device with autoclear flag is required).\n"
+msgstr "Silmukkalaitteeseen liittyminen epäonnistui (vaaditaan silmukkalaite autoclear-lipulla).\n"
-#: lib/utils_pbkdf.c:148
+#: lib/utils_device.c:484
#, c-format
-msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
-msgstr ""
+msgid "Cannot use device %s which is in use (already mapped or mounted).\n"
+msgstr "Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai liitetty).\n"
-#: lib/utils_pbkdf.c:155
+#: lib/utils_device.c:488
#, c-format
-msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:160
-msgid "Requested maximum PBKDF memory cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:164
-msgid "Requested PBKDF parallel threads cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
-
-#: lib/utils_benchmark.c:172
-msgid "PBKDF benchmark disabled but iterations not set."
-msgstr ""
-
-#: lib/utils_benchmark.c:191
-#, fuzzy, c-format
-msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
-msgstr "Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia %s).\n"
-
-#: lib/utils_benchmark.c:211
-#, fuzzy
-msgid "Not compatible PBKDF options."
-msgstr "Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia %s).\n"
+msgid "Cannot get info about device %s.\n"
+msgstr "Tietojen hakeminen laitteesta %s epäonnistui.\n"
-#: lib/utils_device_locking.c:102
+#: lib/utils_device.c:494
#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
-msgstr ""
+msgid "Requested offset is beyond real size of device %s.\n"
+msgstr "Pyydetty siirrososoite on laitteen %s todellisen koon ulkopuolella.\n"
-#: lib/utils_device_locking.c:109
+#: lib/utils_device.c:502
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "Device %s has zero size.\n"
+msgstr "Laitteen %s koko on nolla.\n"
-#: lib/utils_device_locking.c:119
+#: lib/utils_device.c:513
#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
-msgstr ""
-
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-#, fuzzy
-msgid "Cannot seek to device offset."
-msgstr "Laitteen siirrososoitteen etsintä epäonnistui.\n"
+msgid "Device %s is too small.\n"
+msgstr "Laite %s on liian pieni.\n"
-#: lib/utils_wipe.c:208
+#: lib/luks1/keyencryption.c:37
#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:39
-#, fuzzy, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
-"Check that kernel supports %s cipher (check syslog for more info)."
+"Check that kernel supports %s cipher (check syslog for more info).\n"
msgstr ""
"Dm-crypt -avainkuvausasetus laitteelle %s epäonnistui.\n"
"Tarkista, että käyttöjärjestelmäydin tukee %s-salakirjoitusmenetelmää (lisätietoja tarkistamalla syslog).\n"
-#: lib/luks1/keyencryption.c:44
-#, fuzzy
-msgid "Key size in XTS mode must be 256 or 512 bits."
+#: lib/luks1/keyencryption.c:42
+msgid "Key size in XTS mode must be 256 or 512 bits.\n"
msgstr "Avainkoon on oltava XTS-tilassa 256 tai 512 bittiä.\n"
-#: lib/luks1/keyencryption.c:46
-msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
-#, fuzzy, c-format
-msgid "Cannot write to device %s, permission denied."
+#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296
+#: lib/luks1/keymanage.c:572 lib/luks1/keymanage.c:1022
+#, c-format
+msgid "Cannot write to device %s, permission denied.\n"
msgstr "Laitteeseen %s kirjoittaminen epäonnistui, pääsy kielletty.\n"
-#: lib/luks1/keyencryption.c:120
-#, fuzzy
-msgid "Failed to open temporary keystore device."
+#: lib/luks1/keyencryption.c:111
+msgid "Failed to open temporary keystore device.\n"
msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n"
-#: lib/luks1/keyencryption.c:127
-#, fuzzy
-msgid "Failed to access temporary keystore device."
+#: lib/luks1/keyencryption.c:118
+msgid "Failed to access temporary keystore device.\n"
msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n"
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
-#, fuzzy
-msgid "IO error while encrypting keyslot."
+#: lib/luks1/keyencryption.c:191
+msgid "IO error while encrypting keyslot.\n"
msgstr "Siirräntävirhe salattaessa avainväliä.\n"
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
-#, fuzzy, c-format
-msgid "Cannot open device %s."
-msgstr "Laitteen %s avaus epäonnistui.\n"
-
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
-#, fuzzy
-msgid "IO error while decrypting keyslot."
+#: lib/luks1/keyencryption.c:256
+msgid "IO error while decrypting keyslot.\n"
msgstr "Siirräntävirhe purettaessa avainvälin salausta.\n"
-#: lib/luks1/keymanage.c:110
-#, fuzzy, c-format
-msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
+#: lib/luks1/keymanage.c:90
+#, c-format
+msgid "Device %s is too small. (LUKS requires at least %<PRIu64> bytes.)\n"
msgstr "Laite %s on liian pieni. (LUKS vaatii vähintään %<PRIu64> tavua.)\n"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
-#, fuzzy, c-format
-msgid "LUKS keyslot %u is invalid."
-msgstr "LUKS-avainväli %u on virheellinen.\n"
-
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, fuzzy, c-format
-msgid "Device %s is not a valid LUKS device."
+#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:418
+#: src/cryptsetup_reencrypt.c:1131
+#, c-format
+msgid "Device %s is not a valid LUKS device.\n"
msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n"
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
-#, fuzzy, c-format
-msgid "Requested header backup file %s already exists."
+#: lib/luks1/keymanage.c:198
+#, c-format
+msgid "Requested header backup file %s already exists.\n"
msgstr "Pyydetty otsakevarmuuskopiotiedosto %s on jo olemassa.\n"
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
-#, fuzzy, c-format
-msgid "Cannot create header backup file %s."
+#: lib/luks1/keymanage.c:200
+#, c-format
+msgid "Cannot create header backup file %s.\n"
msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n"
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
-#, fuzzy, c-format
-msgid "Cannot write header backup file %s."
+#: lib/luks1/keymanage.c:205
+#, c-format
+msgid "Cannot write header backup file %s.\n"
msgstr "Otsakevarmuuskopiotiedoston %s kirjoittaminen epäonnistui.\n"
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
+#: lib/luks1/keymanage.c:239
+msgid "Backup file doesn't contain valid LUKS header.\n"
msgstr "Varmuuskopiotiedosto ei sisällä kelvollista LUKS-otsaketta.\n"
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
-#, fuzzy, c-format
-msgid "Cannot open header backup file %s."
+#: lib/luks1/keymanage.c:252 lib/luks1/keymanage.c:496
+#, c-format
+msgid "Cannot open header backup file %s.\n"
msgstr "Otsakevarmuuskopiotiedoston %s avaus epäonnistui.\n"
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
-#, fuzzy, c-format
-msgid "Cannot read header backup file %s."
+#: lib/luks1/keymanage.c:258
+#, c-format
+msgid "Cannot read header backup file %s.\n"
msgstr "Otsakevarmuuskopiotiedoston %s lukeminen epäonnistui.\n"
-#: lib/luks1/keymanage.c:317
-#, fuzzy
-msgid "Data offset or key size differs on device and backup, restore failed."
+#: lib/luks1/keymanage.c:269
+msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n"
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:277
#, c-format
msgid "Device %s %s%s"
msgstr "Laite %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:278
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "ei sisällä LUKS-otsaketta. Otsakkeen korvaaminen voi tuhota tietoja tuossa laitteessa."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:279
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "sisältää jo LUKS-otsakkeen. Otsakkeen korvaaminen tuhoaa olemassaolevat avainvälit."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:280
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"VAROITUS: oikealla laiteotsakkeella on eri UUID-tunniste kuin varmuuskopiolla!"
-#: lib/luks1/keymanage.c:375
-#, fuzzy
-msgid "Non standard key size, manual repair required."
-msgstr "Ei-vakio avainkoko, manuaalinen korjaus pyydetty.\n"
-
-#: lib/luks1/keymanage.c:385
-#, fuzzy
-msgid "Non standard keyslots alignment, manual repair required."
+#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:535
+#: lib/luks1/keymanage.c:575 lib/tcrypt/tcrypt.c:624 lib/verity/verity.c:82
+#: lib/verity/verity.c:179 lib/verity/verity_hash.c:292
+#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323
+#, c-format
+msgid "Cannot open device %s.\n"
+msgstr "Laitteen %s avaus epäonnistui.\n"
+
+#: lib/luks1/keymanage.c:329
+msgid "Non standard key size, manual repair required.\n"
+msgstr "Ei-vakio avainkoko, manuaalinen korjaus pyydetty.\n"
+
+#: lib/luks1/keymanage.c:334
+msgid "Non standard keyslots alignment, manual repair required.\n"
msgstr "Ei-vakiot avainvälitasaukset, manuaalinen korjaus pyydetty.\n"
-#: lib/luks1/keymanage.c:397
-#, fuzzy
-msgid "Repairing keyslots."
+#: lib/luks1/keymanage.c:340
+msgid "Repairing keyslots.\n"
msgstr "Korjataan avainvälit.\n"
-#: lib/luks1/keymanage.c:416
-#, fuzzy, c-format
-msgid "Keyslot %i: offset repaired (%u -> %u)."
+#: lib/luks1/keymanage.c:351
+msgid "Repair failed."
+msgstr "Korjaus epäonnistui."
+
+#: lib/luks1/keymanage.c:363
+#, c-format
+msgid "Keyslot %i: offset repaired (%u -> %u).\n"
msgstr "Avainväli %i: siirrososoite korjattu (%u -> %u).\n"
-#: lib/luks1/keymanage.c:424
-#, fuzzy, c-format
-msgid "Keyslot %i: stripes repaired (%u -> %u)."
+#: lib/luks1/keymanage.c:371
+#, c-format
+msgid "Keyslot %i: stripes repaired (%u -> %u).\n"
msgstr "Avainväli %i: raidat korjattu (%u -> %u).\n"
-#: lib/luks1/keymanage.c:433
-#, fuzzy, c-format
-msgid "Keyslot %i: bogus partition signature."
+#: lib/luks1/keymanage.c:380
+#, c-format
+msgid "Keyslot %i: bogus partition signature.\n"
msgstr "Avainväli %i: valeosiotunniste.\n"
-#: lib/luks1/keymanage.c:438
-#, fuzzy, c-format
-msgid "Keyslot %i: salt wiped."
+#: lib/luks1/keymanage.c:385
+#, c-format
+msgid "Keyslot %i: salt wiped.\n"
msgstr "Avainväli %i: satunnaisarvosiemen tuhottu.\n"
-#: lib/luks1/keymanage.c:455
-#, fuzzy
-msgid "Writing LUKS header to disk."
+#: lib/luks1/keymanage.c:396
+msgid "Writing LUKS header to disk.\n"
msgstr "Kirjoitetaan LUKS-otsake levylle.\n"
-#: lib/luks1/keymanage.c:460
-msgid "Repair failed."
-msgstr "Korjaus epäonnistui."
+#: lib/luks1/keymanage.c:421
+#, c-format
+msgid "Unsupported LUKS version %d.\n"
+msgstr "Tukematon LUKS-versio %d.\n"
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
-#, fuzzy, c-format
-msgid "Requested LUKS hash %s is not supported."
+#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:661
+#, c-format
+msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Pyydetty LUKS-tiiviste %s ei ole tuettu.\n"
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
-#, fuzzy
-msgid "No known problems detected for LUKS header."
+#: lib/luks1/keymanage.c:442
+#, c-format
+msgid "LUKS keyslot %u is invalid.\n"
+msgstr "LUKS-avainväli %u on virheellinen.\n"
+
+#: lib/luks1/keymanage.c:456 src/cryptsetup.c:664
+msgid "No known problems detected for LUKS header.\n"
msgstr "Tuntemattomat pulmat havaittu LUKS-otsakkeelle.\n"
-#: lib/luks1/keymanage.c:667
-#, fuzzy, c-format
-msgid "Error during update of LUKS header on device %s."
+#: lib/luks1/keymanage.c:596
+#, c-format
+msgid "Error during update of LUKS header on device %s.\n"
msgstr "Virhe LUKS-otsakkeen päivityksen aikana laitteessa %s.\n"
-#: lib/luks1/keymanage.c:675
-#, fuzzy, c-format
-msgid "Error re-reading LUKS header after update on device %s."
+#: lib/luks1/keymanage.c:603
+#, c-format
+msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Virhe luettaessa uudelleen LUKS-otsaketta päivityksen jälkeen laitteessa %s.\n"
-#: lib/luks1/keymanage.c:751
-#, fuzzy
-msgid "Data offset for LUKS header must be either 0 or higher than header size."
+#: lib/luks1/keymanage.c:654
+#, c-format
+msgid "Data offset for detached LUKS header must be either 0 or higher than header size (%d sectors).\n"
msgstr "Tietosiirrososoitteen irrotetulle LUKS-otsakkeelle on oltava joko 0 tai suurempi kuin otsakekoko (%d sektoria).\n"
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
-#, fuzzy
-msgid "Wrong LUKS UUID format provided."
+#: lib/luks1/keymanage.c:666 lib/luks1/keymanage.c:757
+msgid "Wrong LUKS UUID format provided.\n"
msgstr "Väärä LUKS UUID-muoto tarjottu.\n"
-#: lib/luks1/keymanage.c:785
-#, fuzzy
-msgid "Cannot create LUKS header: reading random salt failed."
+#: lib/luks1/keymanage.c:695
+msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "LUKS-otsakkeen luominen epäonnistui: satunnaisarvosiemenen lukeminen epäonnistui.\n"
-#: lib/luks1/keymanage.c:811
-#, fuzzy, c-format
-msgid "Cannot create LUKS header: header digest failed (using hash %s)."
+#: lib/luks1/keymanage.c:702 lib/luks1/keymanage.c:798
+#, c-format
+msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n"
+msgstr "Ei ole yhteensopiva PBKDF2-valitsimien kanssa (käytetään tiivitstealgoritmia %s).\n"
+
+#: lib/luks1/keymanage.c:717
+#, c-format
+msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "LUKS-otsakkeen luominen epäonnistui: otsaketiiviste epäonnistui (käytettäen tiivistettä %s).\n"
-#: lib/luks1/keymanage.c:855
-#, fuzzy, c-format
-msgid "Key slot %d active, purge first."
+#: lib/luks1/keymanage.c:782
+#, c-format
+msgid "Key slot %d active, purge first.\n"
msgstr "Avainväli %d aktiivinen, puhdista ensimmäinen.\n"
-#: lib/luks1/keymanage.c:861
-#, fuzzy, c-format
-msgid "Key slot %d material includes too few stripes. Header manipulation?"
+#: lib/luks1/keymanage.c:788
+#, c-format
+msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Avainvälin %d materiaali sisältää liian vähän raitoja. Otsaketta on käsitelty?\n"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Avainkäsittelyvirhe (käytetään tiivistealgoritmia %s).\n"
+#: lib/luks1/keymanage.c:955
+#, c-format
+msgid "Key slot %d unlocked.\n"
+msgstr "Avaivälin %d lukitus avattu.\n"
+
+#: lib/luks1/keymanage.c:990 src/cryptsetup.c:858
+#: src/cryptsetup_reencrypt.c:1020 src/cryptsetup_reencrypt.c:1057
+msgid "No key available with this passphrase.\n"
+msgstr "Tälle salasanalauseelle ei ole saatavissa avainta.\n"
-#: lib/luks1/keymanage.c:1080
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
+#: lib/luks1/keymanage.c:1008
+#, c-format
+msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Avainväli %d on virheellinen, valitse avainväli välillä 0 ... %d.\n"
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
-#, fuzzy, c-format
-msgid "Cannot wipe device %s."
+#: lib/luks1/keymanage.c:1026
+#, c-format
+msgid "Cannot wipe device %s.\n"
msgstr "Laitteen %s pyyhkiminen tyhjäksi epäonnistui.\n"
#: lib/loopaes/loopaes.c:146
-#, fuzzy
-msgid "Detected not yet supported GPG encrypted keyfile."
+msgid "Detected not yet supported GPG encrypted keyfile.\n"
msgstr "Havaittu vielä tukematon GPG-salausavaintiedosto.\n"
#: lib/loopaes/loopaes.c:147
msgstr "Käytä gpg --decrypt <AVAINTIEDOSTO> | cryptsetup --keyfile=- ...\n"
#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188
-#, fuzzy
-msgid "Incompatible loop-AES keyfile detected."
+msgid "Incompatible loop-AES keyfile detected.\n"
msgstr "Yhteensopimaton loop-AES -avaintiedosto havaittu.\n"
-#: lib/loopaes/loopaes.c:245
-#, fuzzy
-msgid "Kernel does not support loop-AES compatible mapping."
+#: lib/loopaes/loopaes.c:244
+msgid "Kernel doesn't support loop-AES compatible mapping.\n"
msgstr "Käyttöjärjestelmäydin ei tule loop-AES -yhteensopivaa kuvausta.\n"
-#: lib/tcrypt/tcrypt.c:504
-#, fuzzy, c-format
-msgid "Error reading keyfile %s."
+#: lib/tcrypt/tcrypt.c:475
+#, c-format
+msgid "Error reading keyfile %s.\n"
msgstr "Virhe luettaessa avaintiedostoa %s.\n"
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:513
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n"
msgstr "TCRYPT-salasanalauseen enimmäispituus (%d) ylitettiin.\n"
-#: lib/tcrypt/tcrypt.c:595
-#, fuzzy, c-format
-msgid "PBKDF2 hash algorithm %s not available, skipping."
+#: lib/tcrypt/tcrypt.c:543
+#, c-format
+msgid "PBKDF2 hash algorithm %s not available, skipping.\n"
msgstr "PBKDF2-tiivistealgoritmi %s ei ole käytettävissä, ohitetaan.\n"
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
-#, fuzzy
-msgid "Required kernel crypto interface not available."
+#: lib/tcrypt/tcrypt.c:561 src/cryptsetup.c:617
+msgid "Required kernel crypto interface not available.\n"
msgstr "Pyydetty ydinsalauskäyttöliittymä ei ole käytettävissä.\n"
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
-#, fuzzy
-msgid "Ensure you have algif_skcipher kernel module loaded."
+#: lib/tcrypt/tcrypt.c:563 src/cryptsetup.c:619
+msgid "Ensure you have algif_skcipher kernel module loaded.\n"
msgstr "Varmista, että algif_skcipher-käyttöjärjestelmäydinmoduuli on ladattu.\n"
-#: lib/tcrypt/tcrypt.c:753
-#, fuzzy, c-format
-msgid "Activation is not supported for %d sector size."
+#: lib/tcrypt/tcrypt.c:707
+#, c-format
+msgid "Activation is not supported for %d sector size.\n"
msgstr "Aktivointia ei tueta sektorikoolle %d.\n"
-#: lib/tcrypt/tcrypt.c:759
-#, fuzzy
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
+#: lib/tcrypt/tcrypt.c:713
+msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n"
msgstr "Käyttöjärjestelmäydin ei tue aktivointia tälle TCRYPT-perinnetilassa.\n"
-#: lib/tcrypt/tcrypt.c:790
-#, fuzzy, c-format
-msgid "Activating TCRYPT system encryption for partition %s."
+#: lib/tcrypt/tcrypt.c:744
+#, c-format
+msgid "Activating TCRYPT system encryption for partition %s.\n"
msgstr "Aktivoidaan TCRYPT-järjestelmäsalaus osiolle %s.\n"
-#: lib/tcrypt/tcrypt.c:868
-#, fuzzy
-msgid "Kernel does not support TCRYPT compatible mapping."
+#: lib/tcrypt/tcrypt.c:810
+msgid "Kernel doesn't support TCRYPT compatible mapping.\n"
msgstr "Käyttöjärjestelmäydin ei tue TCRYPT -yhteensopivaa kuvausta.\n"
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1024
msgid "This function is not supported without TCRYPT header load."
msgstr "Tätä toimintoa ei tueta ilman TCRYPT-otsakelatausta."
-#: lib/bitlk/bitlk.c:350
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:402
-#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:419
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:502
-#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Tukematon LUKS-versio %d.\n"
-
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
-
-#: lib/bitlk/bitlk.c:571
+#: lib/verity/verity.c:70 lib/verity/verity.c:172
#, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:622
-#, fuzzy
-msgid "Unknown or unsupported encryption type."
-msgstr "UUID ei ole tuettu tälle laitetyypille.\n"
-
-#: lib/bitlk/bitlk.c:655
-#, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n"
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, fuzzy, c-format
-msgid "Verity device %s does not use on-disk header."
+msgid "Verity device %s doesn't use on-disk header.\n"
msgstr "Verity-laite %s ei käytä paikallista levyotsaketta.\n"
-#: lib/verity/verity.c:91
-#, fuzzy, c-format
-msgid "Device %s is not a valid VERITY device."
+#: lib/verity/verity.c:94
+#, c-format
+msgid "Device %s is not a valid VERITY device.\n"
msgstr "Laite %s ei ole kelvollinen VERITY-laite.\n"
-#: lib/verity/verity.c:98
-#, fuzzy, c-format
-msgid "Unsupported VERITY version %d."
+#: lib/verity/verity.c:101
+#, c-format
+msgid "Unsupported VERITY version %d.\n"
msgstr "Tukematon VERITY-versio %d.\n"
-#: lib/verity/verity.c:129
-#, fuzzy
-msgid "VERITY header corrupted."
+#: lib/verity/verity.c:131
+msgid "VERITY header corrupted.\n"
msgstr "VERITY-otsake rikkinäinen.\n"
-#: lib/verity/verity.c:174
-#, fuzzy, c-format
-msgid "Wrong VERITY UUID format provided on device %s."
+#: lib/verity/verity.c:166
+#, c-format
+msgid "Wrong VERITY UUID format provided on device %s.\n"
msgstr "Väärä VERITY UUID-muoto tarjottu laitteessa %s.\n"
-#: lib/verity/verity.c:218
-#, fuzzy, c-format
-msgid "Error during update of verity header on device %s."
+#: lib/verity/verity.c:196
+#, c-format
+msgid "Error during update of verity header on device %s.\n"
msgstr "Virhe verity-otsakkeen päivityksen aikana laitteessa %s.\n"
#: lib/verity/verity.c:276
-#, fuzzy
-msgid "Root hash signature verification is not supported."
-msgstr "Tiivistealgoritmia %s ei tueta.\n"
-
-#: lib/verity/verity.c:288
-msgid "Errors cannot be repaired with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:290
-#, c-format
-msgid "Found %u repairable errors with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:333
-#, fuzzy
-msgid "Kernel does not support dm-verity mapping."
-msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n"
-
-#: lib/verity/verity.c:337
-#, fuzzy
-msgid "Kernel does not support dm-verity signature option."
+msgid "Kernel doesn't support dm-verity mapping.\n"
msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n"
-#: lib/verity/verity.c:348
-#, fuzzy
-msgid "Verity device detected corruption after activation."
+#: lib/verity/verity.c:287
+msgid "Verity device detected corruption after activation.\n"
msgstr "Verity-laite havaitsi rikkoutumisen aktivoinnin jälkeen.\n"
#: lib/verity/verity_hash.c:59
-#, fuzzy, c-format
-msgid "Spare area is not zeroed at position %<PRIu64>."
+#, c-format
+msgid "Spare area is not zeroed at position %<PRIu64>.\n"
msgstr "Vapaa-aluetta ei ole nollattu sijainnissa %<PRIu64>.\n"
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
-#, fuzzy
-msgid "Device offset overflow."
+#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249
+#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284
+msgid "Device offset overflow.\n"
msgstr "Laitesiirrososoitteen ylivuoto.\n"
-#: lib/verity/verity_hash.c:194
-#, fuzzy, c-format
-msgid "Verification failed at position %<PRIu64>."
+#: lib/verity/verity_hash.c:161
+#, c-format
+msgid "Verification failed at position %<PRIu64>.\n"
msgstr "Todennus epäonnistui sijainnissa %<PRIu64>.\n"
-#: lib/verity/verity_hash.c:273
-msgid "Hash area overflow."
-msgstr ""
+#: lib/verity/verity_hash.c:235
+msgid "Invalid size parameters for verity device.\n"
+msgstr "Virheelliset kokoparametrit verity-laitteelle.\n"
-#: lib/verity/verity_hash.c:346
-#, fuzzy
-msgid "Verification of data area failed."
+#: lib/verity/verity_hash.c:266
+msgid "Too many tree levels for verity volume.\n"
+msgstr "Verity-taltiolla liian monta puutasoa.\n"
+
+#: lib/verity/verity_hash.c:354
+msgid "Verification of data area failed.\n"
msgstr "Data-alueen todentaminen epäonnistui.\n"
-#: lib/verity/verity_hash.c:351
-#, fuzzy
-msgid "Verification of root hash failed."
+#: lib/verity/verity_hash.c:359
+msgid "Verification of root hash failed.\n"
msgstr "Root-tiivisteen todentaminen epäonnistui.\n"
-#: lib/verity/verity_hash.c:357
-#, fuzzy
-msgid "Input/output error while creating hash area."
+#: lib/verity/verity_hash.c:365
+msgid "Input/output error while creating hash area.\n"
msgstr "Syöte/tulostevirhe luotaessa tiivistealuetta.\n"
-#: lib/verity/verity_hash.c:359
-#, fuzzy
-msgid "Creation of hash area failed."
+#: lib/verity/verity_hash.c:367
+msgid "Creation of hash area failed.\n"
msgstr "Tiivistealueen luominen epäonnistui.\n"
-#: lib/verity/verity_hash.c:394
-#, fuzzy, c-format
-msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
+#: lib/verity/verity_hash.c:414
+#, c-format
+msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
msgstr "VAROITUS: Käyttöjärjestelmäydin ei voi aktivoida laitetta, jos lohkokoko ylittää sivukoon (%u).\n"
-#: lib/verity/verity_fec.c:131
-msgid "Failed to allocate RS context."
-msgstr ""
-
-#: lib/verity/verity_fec.c:149
-#, fuzzy
-msgid "Failed to allocate buffer."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-
-#: lib/verity/verity_fec.c:159
-#, c-format
-msgid "Failed to read RS block %<PRIu64> byte %d."
-msgstr ""
+#: src/cryptsetup.c:91
+msgid "Can't do passphrase verification on non-tty inputs.\n"
+msgstr "Salasanalauseiden todennus epäonnistui ei-tty-syötteissä.\n"
-#: lib/verity/verity_fec.c:172
-#, c-format
-msgid "Failed to read parity for RS block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:132 src/cryptsetup.c:560 src/cryptsetup.c:707
+#: src/cryptsetup_reencrypt.c:523 src/cryptsetup_reencrypt.c:577
+msgid "No known cipher specification pattern detected.\n"
+msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n"
-#: lib/verity/verity_fec.c:180
-#, c-format
-msgid "Failed to repair parity for block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:140
+msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
+msgstr "VAROITUS: Parametri --hash ohitetaan tavallisessa tilassa kun avaintiedosto on määritelty.\n"
-#: lib/verity/verity_fec.c:191
-#, c-format
-msgid "Failed to write parity for RS block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:148
+msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
+msgstr "VAROITUS: Valitsin --keyfile-size ohitetaan , lukukoko on sama kuin salausavaimen koko.\n"
-#: lib/verity/verity_fec.c:227
-msgid "Block sizes must match for FEC."
-msgstr ""
+#: src/cryptsetup.c:214
+msgid "Option --key-file is required.\n"
+msgstr "Vaaditaan valitsin --key-file.\n"
-#: lib/verity/verity_fec.c:233
-msgid "Invalid number of parity bytes."
-msgstr ""
+#: src/cryptsetup.c:263
+msgid "No device header detected with this passphrase.\n"
+msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n"
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
+#: src/cryptsetup.c:323 src/cryptsetup.c:1151
+msgid ""
+"Header dump with volume key is sensitive information\n"
+"which allows access to encrypted partition without passphrase.\n"
+"This dump should be always stored encrypted on safe place."
msgstr ""
+"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n"
+"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n"
+"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa."
-#: lib/verity/verity_fec.c:302
-#, fuzzy, c-format
-msgid "Failed to determine size for device %s."
-msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n"
-
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-#, fuzzy
-msgid "Kernel does not support dm-integrity mapping."
-msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n"
-
-#: lib/integrity/integrity.c:278
-#, fuzzy
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
-msgstr "Käyttöjärjestelmäydin ei tule dm-verity -yhteensopivaa kuvausta.\n"
+#: src/cryptsetup.c:513
+msgid "Result of benchmark is not reliable.\n"
+msgstr "Suorituskykytestin tulos ei ole luotettava.\n"
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
+#: src/cryptsetup.c:554
+msgid "# Tests are approximate using memory only (no storage IO).\n"
+msgstr "# Testit käyttävät vain muistia ylimalkaan (ei tallennussiirtos).\n"
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
-#, fuzzy, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n"
+#: src/cryptsetup.c:579 src/cryptsetup.c:601
+msgid "# Algorithm | Key | Encryption | Decryption\n"
+msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n"
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
+#: src/cryptsetup.c:583
+#, c-format
+msgid "Cipher %s is not available.\n"
+msgstr "Salaus %s ei ole käytettävissä.\n"
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
-msgid ""
-"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
-"Please run \"cryptsetup repair\" for recovery."
-msgstr ""
+#: src/cryptsetup.c:610
+msgid "N/A"
+msgstr "Ei käytössä"
-#: lib/luks2/luks2_json_format.c:227
-#, fuzzy
-msgid "Requested data offset is too small."
-msgstr "Laite %s on liian pieni.\n"
+#: src/cryptsetup.c:635
+#, c-format
+msgid "Cannot read keyfile %s.\n"
+msgstr "Avaintiedoston %s lukeminen epäonnistui.\n"
-#: lib/luks2/luks2_json_format.c:272
+#: src/cryptsetup.c:639
#, c-format
-msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
-msgstr ""
+msgid "Cannot read %d bytes from keyfile %s.\n"
+msgstr "Ei voida lukea %d tavua avaintiedostosta %s.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
-#, fuzzy, c-format
-msgid "Failed to acquire read lock on device %s."
-msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n"
+#: src/cryptsetup.c:668
+msgid "Really try to repair LUKS device header?"
+msgstr "Yritetäänkö todella korjata LUKS-laiteotsake?"
-#: lib/luks2/luks2_json_metadata.c:1262
+#: src/cryptsetup.c:693
#, c-format
-msgid "Forbidden LUKS2 requirements detected in backup %s."
-msgstr ""
+msgid "This will overwrite data on %s irrevocably."
+msgstr "Tämä korvaa tiedot kohteella %s peruuttamattomasti."
-#: lib/luks2/luks2_json_metadata.c:1303
-#, fuzzy
-msgid "Data offset differ on device and backup, restore failed."
-msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n"
+#: src/cryptsetup.c:695
+msgid "memory allocation error in action_luksFormat"
+msgstr "muistivarausvirhe kohteessa action_luksFormat"
-#: lib/luks2/luks2_json_metadata.c:1309
-#, fuzzy
-msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
-msgstr "Tietosiirrososoite tai avainkoko eroaa laitteessa ja varmuuskopiossa, palautus epäonnistui.\n"
+#: src/cryptsetup.c:717
+#, c-format
+msgid "Cannot use %s as on-disk header.\n"
+msgstr "Kohteen %s käyttö paikallisena levyotsakkeena epäonnistui.\n"
-#: lib/luks2/luks2_json_metadata.c:1316
-#, fuzzy, c-format
-msgid "Device %s %s%s%s%s"
-msgstr "Laite %s %s%s"
+#: src/cryptsetup.c:784
+msgid "Reduced data offset is allowed only for detached LUKS header.\n"
+msgstr "Pienennetty tietosiirrososoite sallitaan vain irrotetulle LUKS-otsakkeelle.\n"
-#: lib/luks2/luks2_json_metadata.c:1317
-#, fuzzy
-msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
-msgstr "ei sisällä LUKS-otsaketta. Otsakkeen korvaaminen voi tuhota tietoja tuossa laitteessa."
+#: src/cryptsetup.c:881 src/cryptsetup.c:937
+#, c-format
+msgid "Key slot %d selected for deletion.\n"
+msgstr "Avainväli %d valittu poistoa varten.\n"
-#: lib/luks2/luks2_json_metadata.c:1318
-#, fuzzy
-msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
-msgstr "sisältää jo LUKS-otsakkeen. Otsakkeen korvaaminen tuhoaa olemassaolevat avainvälit."
+#: src/cryptsetup.c:884
+#, c-format
+msgid "Key %d not active. Can't wipe.\n"
+msgstr "Avain %d ei ole käytössä. Ei voida pyyhkiä pois.\n"
-#: lib/luks2/luks2_json_metadata.c:1320
-msgid ""
-"\n"
-"WARNING: unknown LUKS2 requirements detected in real device header!\n"
-"Replacing header with backup may corrupt the data on that device!"
-msgstr ""
+#: src/cryptsetup.c:892 src/cryptsetup.c:940
+msgid "This is the last keyslot. Device will become unusable after purging this key."
+msgstr "Tämä on viimeinen avainväli. Laite tulee käyttökelvottomaksi tämän avaimen poistamisen jälkeen."
-#: lib/luks2/luks2_json_metadata.c:1322
-msgid ""
-"\n"
-"WARNING: Unfinished offline reencryption detected on the device!\n"
-"Replacing header with backup may corrupt data."
-msgstr ""
+#: src/cryptsetup.c:893
+msgid "Enter any remaining passphrase: "
+msgstr "Kirjoita mikä tahansa jäljellä oleva salasanalause: "
-#: lib/luks2/luks2_json_metadata.c:1420
-#, c-format
-msgid "Ignored unknown flag %s."
-msgstr ""
+#: src/cryptsetup.c:921
+msgid "Enter passphrase to be deleted: "
+msgstr "Kirjoita poistettava salasanalause: "
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: src/cryptsetup.c:1008 src/cryptsetup_reencrypt.c:1095
#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
+msgid "Enter any existing passphrase: "
+msgstr "Kirjoita mikä tahansa olemassa oleva salasanalause: "
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
+#: src/cryptsetup.c:1063
+msgid "Enter passphrase to be changed: "
+msgstr "Kirjoita vaihdettava salasanalause: "
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-msgid "Failed to set dm-linear segment."
-msgstr ""
+#: src/cryptsetup.c:1077 src/cryptsetup_reencrypt.c:1080
+msgid "Enter new passphrase: "
+msgstr "Kirjoita uusi salasanalause: "
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
+#: src/cryptsetup.c:1101
+msgid "Only one device argument for isLuks operation is supported.\n"
+msgstr "Tuetaan vain yhtä laiteargumenttia isLuks-toiminnolle.\n"
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
+#: src/cryptsetup.c:1257 src/cryptsetup.c:1278
+msgid "Option --header-backup-file is required.\n"
+msgstr "Vaaditaan valitsin --header-backup-file.\n"
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: src/cryptsetup.c:1315
#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
+msgid "Unrecognized metadata device type %s.\n"
+msgstr "Tunnistamaton metatietolaitetyyppi %s.\n"
-#: lib/luks2/luks2_json_metadata.c:2519
-msgid "Failed to read LUKS2 requirements."
-msgstr ""
+#: src/cryptsetup.c:1318
+msgid "Command requires device and mapped name as arguments.\n"
+msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n"
-#: lib/luks2/luks2_json_metadata.c:2526
-msgid "Unmet LUKS2 requirements detected."
+#: src/cryptsetup.c:1337
+#, c-format
+msgid ""
+"This operation will erase all keyslots on device %s.\n"
+"Device will become unusable after this operation."
msgstr ""
+"Tämä toiminto poistaa kaikki avainvälit laitteesta %s.\n"
+"Laite tulee käyttökelvottomaksi tämän toiminnon jälkeen."
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
+#: src/cryptsetup.c:1371
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<laite> [--type <tyyppi>] [<nimi>]"
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
+#: src/cryptsetup.c:1371
+msgid "open device as mapping <name>"
+msgstr "avaa laite kuvauksena <nimi>"
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
+#: src/cryptsetup.c:1372 src/cryptsetup.c:1373 src/cryptsetup.c:1374
+#: src/cryptsetup.c:1375 src/veritysetup.c:311 src/veritysetup.c:312
+msgid "<name>"
+msgstr "<nimi>"
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "Avainväli %d on todennettu.\n"
+#: src/cryptsetup.c:1372
+msgid "close device (remove mapping)"
+msgstr "sulje laite (poista kuvaus)"
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr ""
+#: src/cryptsetup.c:1373
+msgid "resize active device"
+msgstr "muuta käytössä olevan laitteen kokoa"
-#: lib/luks2/luks2_keyslot_luks2.c:480
-#, fuzzy
-msgid "No space for new keyslot."
-msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n"
+#: src/cryptsetup.c:1374
+msgid "show device status"
+msgstr "näytä laitetila"
-#: lib/luks2/luks2_luks1_convert.c:482
-#, fuzzy, c-format
-msgid "Cannot check status of device with uuid: %s."
-msgstr "Salasanan laatutarkistus epäonnistui: %s\n"
+#: src/cryptsetup.c:1375
+msgid "benchmark cipher"
+msgstr "koestussalaus"
-#: lib/luks2/luks2_luks1_convert.c:508
-msgid "Unable to convert header with LUKSMETA additional metadata."
-msgstr ""
+#: src/cryptsetup.c:1376 src/cryptsetup.c:1377 src/cryptsetup.c:1383
+#: src/cryptsetup.c:1384 src/cryptsetup.c:1385 src/cryptsetup.c:1386
+#: src/cryptsetup.c:1387 src/cryptsetup.c:1388 src/cryptsetup.c:1389
+#: src/cryptsetup.c:1390
+msgid "<device>"
+msgstr "<laite>"
-#: lib/luks2/luks2_luks1_convert.c:548
-msgid "Unable to move keyslot area. Not enough space."
-msgstr ""
+#: src/cryptsetup.c:1376
+msgid "try to repair on-disk metadata"
+msgstr "yritä korjata levyn sisäiset metatiedot"
-#: lib/luks2/luks2_luks1_convert.c:599
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr ""
+#: src/cryptsetup.c:1377
+msgid "erase all keyslots (remove encryption key)"
+msgstr "poista kaikki avainvälit (poista salausavain)"
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
-#, fuzzy
-msgid "Unable to move keyslot area."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
+#: src/cryptsetup.c:1378 src/cryptsetup.c:1379
+msgid "<device> [<new key file>]"
+msgstr "<laite> [<uusi avaintiedosto>]"
-#: lib/luks2/luks2_luks1_convert.c:697
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:1378
+msgid "formats a LUKS device"
+msgstr "pohjustaa LUKS-laitteen"
-#: lib/luks2/luks2_luks1_convert.c:705
-msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
-msgstr ""
+#: src/cryptsetup.c:1379
+msgid "add key to LUKS device"
+msgstr "lisää avain LUKS-laitteeseen"
-#: lib/luks2/luks2_luks1_convert.c:717
-#, c-format
-msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
-msgstr ""
+#: src/cryptsetup.c:1380 src/cryptsetup.c:1381
+msgid "<device> [<key file>]"
+msgstr "<laite> [<avaintiedosto>]"
-#: lib/luks2/luks2_luks1_convert.c:725
-#, c-format
-msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
-msgstr ""
+#: src/cryptsetup.c:1380
+msgid "removes supplied key or key file from LUKS device"
+msgstr "poistaa tarjotun avaimen tai avaintiedoston LUKS-laitteesta"
-#: lib/luks2/luks2_luks1_convert.c:739
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
-msgstr ""
+#: src/cryptsetup.c:1381
+msgid "changes supplied key or key file of LUKS device"
+msgstr "vaihtaa LUKS-laitteen tarjotun avaimen tai avaintiedoston"
-#: lib/luks2/luks2_luks1_convert.c:744
-#, c-format
-msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
-msgstr ""
+#: src/cryptsetup.c:1382
+msgid "<device> <key slot>"
+msgstr "<laite> <avainväli>"
-#: lib/luks2/luks2_luks1_convert.c:749
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
-msgstr ""
+#: src/cryptsetup.c:1382
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr "pyyhkäisee pois avaimen numerolla <avainväli> LUKS-laitteesta"
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
+#: src/cryptsetup.c:1383
+msgid "print UUID of LUKS device"
+msgstr "tulostaa LUKS-laitteen UUID-tunnuksen"
-#: lib/luks2/luks2_reencrypt.c:1007
-#, fuzzy, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta."
+#: src/cryptsetup.c:1384
+msgid "tests <device> for LUKS partition header"
+msgstr "testaa <laite> LUKS-osio-otsakkeesta"
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Tukematon LUKS-versio %d.\n"
+#: src/cryptsetup.c:1385
+msgid "dump LUKS partition information"
+msgstr "vedosta LUKS-osiotiedot"
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, fuzzy, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr "Vapaa-aluetta ei ole nollattu sijainnissa %<PRIu64>.\n"
+#: src/cryptsetup.c:1386
+msgid "dump TCRYPT device information"
+msgstr "vedosta TCRYPT-laitetiedot"
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
+#: src/cryptsetup.c:1387
+msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
+msgstr "Keskeytä LUKS-laite ja pyyhi pois avain (kaikki siirräntäliitännät jäädytetään)."
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1388
+msgid "Resume suspended LUKS device."
+msgstr "Aloita uudelleen pysäytetty LUKS-laite."
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:1389
+msgid "Backup LUKS device header and keyslots"
+msgstr "Varmuuskopioi LUKS-laiteotsake ja avainvälit"
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "Pääsy tilapäiseen avainsäiliölaitteeseen epäonnistui.\n"
+#: src/cryptsetup.c:1390
+msgid "Restore LUKS device header and keyslots"
+msgstr "Palauta LUKS-laiteotsake ja avainvälit"
-#: lib/luks2/luks2_reencrypt.c:2092
-#, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
+#: src/cryptsetup.c:1407 src/veritysetup.c:328
+msgid ""
+"\n"
+"<action> is one of:\n"
msgstr ""
+"\n"
+"<toiminto> on yksi seuraavista:\n"
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "Tilapäisen avainsäiliön avaaminen epäonnistui.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2170
-msgid "Failed to refresh reencryption devices stack."
+#: src/cryptsetup.c:1413
+msgid ""
+"\n"
+"You can also use old <action> syntax aliases:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
msgstr ""
+"\n"
+"Voit myös käyttää vanhaa <toiminto>-syntaksialiasta:\n"
+"\topen: luo (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: poista (plainClose), luksClose, loopaesClose, tcryptClose\n"
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "Uuden avainvälin vaihtaminen epäonnistui.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2430
+#: src/cryptsetup.c:1417
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
+"\n"
+"<nimi> on laite, joka luodaan kohteen %s alaisena\n"
+"<laite> on salaussuojattu laite\n"
+"<avainväli> on LUKS-avainväli muokattavaksi\n"
+"<avaintiedosto> valinnainen avaintiedosto uudelle avaimelle luksAddKey-toimintoa varten\n"
-#: lib/luks2/luks2_reencrypt.c:2451
+#: src/cryptsetup.c:1424
#, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
+msgid ""
+"\n"
+"Default compiled-in key and passphrase parameters:\n"
+"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+"Default PBKDF2 iteration time for LUKS: %d (ms)\n"
msgstr ""
+"\n"
+"Käännetyn avaintiedoston ja salasanan oletusparametrit:\n"
+"\tAvaintiedoston enimmäiskoko: %d kilobittiä, vuorovaikutteisen\n"
+"\tsalasanalauseen enimmäispituus %d (merkkiä)\n"
+"PBKDF2-iteroinnin enimmäisaika LUKS-avainvälille: %d (millisekuntia)\n"
-#: lib/luks2/luks2_reencrypt.c:2472
+#: src/cryptsetup.c:1431
#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
+msgid ""
+"\n"
+"Default compiled-in device cipher parameters:\n"
+"\tloop-AES: %s, Key %d bits\n"
+"\tplain: %s, Key: %d bits, Password hashing: %s\n"
+"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
msgstr ""
+"\n"
+"Käännetyn laitesalakirjoitusmenetelmän oletusparametrit:\n"
+"\tloop-AES: %s, Avain %d bittiä\n"
+"\tplain-tyyppi: %s, Avain: %d bittiä, Salasanatiivistys: %s\n"
+"\tLUKS1: %s, Avain: %d bittiä, LUKS-otsaketiivistys: %s, RNG: %s\n"
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, fuzzy, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr "Laitteen %s käyttö epäonnistui, koska se on jo käytössä (jo kuvattu tai liitetty).\n"
+#: src/cryptsetup.c:1448 src/veritysetup.c:460
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr "%s: vaatii %s argumentteina"
-#: lib/luks2/luks2_reencrypt.c:2647
-#, fuzzy
-msgid "Device not marked for LUKS2 reencryption."
-msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen."
+#: src/cryptsetup.c:1481 src/veritysetup.c:368 src/cryptsetup_reencrypt.c:1274
+msgid "Show this help message"
+msgstr "Näytä tämä opastesanoma"
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-msgid "Failed to load LUKS2 reencryption context."
-msgstr ""
+#: src/cryptsetup.c:1482 src/veritysetup.c:369 src/cryptsetup_reencrypt.c:1275
+msgid "Display brief usage"
+msgstr "Näytä lyhyt käyttöopaste"
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1486 src/veritysetup.c:373 src/cryptsetup_reencrypt.c:1279
+msgid "Help options:"
+msgstr "Opastevalitsimet:"
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "Laite %s ei ole aktiivinen.\n"
+#: src/cryptsetup.c:1487 src/veritysetup.c:374 src/cryptsetup_reencrypt.c:1280
+msgid "Print package version"
+msgstr "Tulosta pakkausversio"
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-msgid "Reencryption process is already running."
-msgstr ""
+#: src/cryptsetup.c:1488 src/veritysetup.c:375 src/cryptsetup_reencrypt.c:1281
+msgid "Shows more detailed error messages"
+msgstr "Näyttää yksityiskohtaisemmat virheilmoitukset"
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-#, fuzzy
-msgid "Failed to acquire reencryption lock."
-msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n"
+#: src/cryptsetup.c:1489 src/veritysetup.c:376 src/cryptsetup_reencrypt.c:1282
+msgid "Show debug messages"
+msgstr "Näytä vianjäljityssanomat"
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
+#: src/cryptsetup.c:1490 src/cryptsetup_reencrypt.c:1284
+msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+msgstr "Salakirjoitusmenetelmä, jota käytetään salaamaan levy (katso /proc/crypto)"
-#: lib/luks2/luks2_reencrypt.c:2889
-msgid "Active device size and requested reencryption size don't match."
-msgstr ""
+#: src/cryptsetup.c:1491 src/cryptsetup_reencrypt.c:1286
+msgid "The hash used to create the encryption key from the passphrase"
+msgstr "Tiivisteavain, jota käytetään salausavaimen luomiseen salasanalauseesta"
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
+#: src/cryptsetup.c:1492
+msgid "Verifies the passphrase by asking for it twice"
+msgstr "Todentaa salasanalauseen kysymällä kahdesti"
-#: lib/luks2/luks2_reencrypt.c:2973
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr ""
+#: src/cryptsetup.c:1493 src/cryptsetup_reencrypt.c:1288
+msgid "Read the key from a file."
+msgstr "Lue avain tiedostosta."
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
+#: src/cryptsetup.c:1494
+msgid "Read the volume (master) key from file."
+msgstr "Lue taltion (pää)avain tiedostosta."
-#: lib/luks2/luks2_reencrypt.c:3136
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr ""
+#: src/cryptsetup.c:1495
+msgid "Dump volume (master) key instead of keyslots info."
+msgstr "Vedosta taltion (pää)avain eikä avainvälien tiedot."
-#: lib/luks2/luks2_reencrypt.c:3225
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr ""
+#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+msgid "The size of the encryption key"
+msgstr "Salausavaimen koko"
-#: lib/luks2/luks2_reencrypt.c:3267
-#, fuzzy
-msgid "Failed to write reencryption resilience metadata."
-msgstr "Uudelleensalauslokitiedoston kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1496 src/cryptsetup_reencrypt.c:1285
+msgid "BITS"
+msgstr "BITTIÄ"
-#: lib/luks2/luks2_reencrypt.c:3274
-#, fuzzy
-msgid "Decryption failed."
-msgstr "Korjaus epäonnistui."
+#: src/cryptsetup.c:1497 src/cryptsetup_reencrypt.c:1299
+msgid "Limits the read from keyfile"
+msgstr "Avaintiedostosta luettavat rajat"
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1497 src/cryptsetup.c:1498 src/cryptsetup.c:1499
+#: src/cryptsetup.c:1500 src/veritysetup.c:379 src/veritysetup.c:380
+#: src/veritysetup.c:382 src/cryptsetup_reencrypt.c:1298
+#: src/cryptsetup_reencrypt.c:1299 src/cryptsetup_reencrypt.c:1300
+#: src/cryptsetup_reencrypt.c:1301
+msgid "bytes"
+msgstr "tavua"
-#: lib/luks2/luks2_reencrypt.c:3284
-#, fuzzy
-msgid "Failed to sync data."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
+#: src/cryptsetup.c:1498 src/cryptsetup_reencrypt.c:1298
+msgid "Number of bytes to skip in keyfile"
+msgstr "Avaintiedostossa ohitettavien tavujen määrä"
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
+#: src/cryptsetup.c:1499
+msgid "Limits the read from newly added keyfile"
+msgstr "Äskettäin lisätystä avaintiedostosta luetut rajat"
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1500
+msgid "Number of bytes to skip in newly added keyfile"
+msgstr "Ohitettu tavumäärä äskettäin lisätyssä avaintiedostossa"
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr ""
+#: src/cryptsetup.c:1501
+msgid "Slot number for new key (default is first free)"
+msgstr "Välinumero uudelle avaimelle (oletus on ensimmäinen vapaa)"
-#: lib/luks2/luks2_reencrypt.c:3388
-#, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr ""
+#: src/cryptsetup.c:1502
+msgid "The size of the device"
+msgstr "Laitteen koko"
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "poista kaikki avainvälit (poista salausavain)"
+#: src/cryptsetup.c:1502 src/cryptsetup.c:1503 src/cryptsetup.c:1504
+#: src/cryptsetup.c:1510
+msgid "SECTORS"
+msgstr "SEKTORIA"
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
+#: src/cryptsetup.c:1503
+msgid "The start offset in the backend device"
+msgstr "Alkusiirrososoite taustalaitteessa"
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
+#: src/cryptsetup.c:1504
+msgid "How many sectors of the encrypted data to skip at the beginning"
+msgstr "Kuinka monta salaustietojen sektoria ohitetaan alussa"
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
+#: src/cryptsetup.c:1505
+msgid "Create a readonly mapping"
+msgstr "Luo kirjoitussuojattu kuvaus"
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+msgid "PBKDF2 iteration time for LUKS (in ms)"
+msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)"
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "Salaustaustaohjelman alustus epäonnistui.\n"
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1289
+msgid "msecs"
+msgstr "ms"
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-#, fuzzy
-msgid "Failed to update reencryption context."
-msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n"
+#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1290
+msgid "Do not ask for confirmation"
+msgstr "Älä pyydä vahvistusta"
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "Avainväli on virheellinen."
+#: src/cryptsetup.c:1508
+msgid "Timeout for interactive passphrase prompt (in seconds)"
+msgstr "Aikakatkaisu vuorovaikutteiselle salasanalausekyselylle (sekunteina)"
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr ""
+#: src/cryptsetup.c:1508
+msgid "secs"
+msgstr "s"
-#: lib/luks2/luks2_token.c:270
-#, fuzzy, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+#: src/cryptsetup.c:1509 src/cryptsetup_reencrypt.c:1291
+msgid "How often the input of the passphrase can be retried"
+msgstr "Kuinka usein salasanasyötettä voidaan yrittää uudelleen"
-#: src/cryptsetup.c:198
-#, fuzzy
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Salasanalauseiden todennus epäonnistui ei-tty-syötteissä.\n"
+#: src/cryptsetup.c:1510
+msgid "Align payload at <n> sector boundaries - for luksFormat"
+msgstr "Tasaa tietosisältö osoitteessa <n> sektorirajoihin - kohdetta luksFormat varten"
-#: src/cryptsetup.c:261
-#, fuzzy
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n"
+#: src/cryptsetup.c:1511
+msgid "File with LUKS header and keyslots backup."
+msgstr "Tiedosto LUKS-otsakkeella ja avainvälien varmuuskopiolla."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
-#, fuzzy
-msgid "No known cipher specification pattern detected."
-msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n"
+#: src/cryptsetup.c:1512 src/cryptsetup_reencrypt.c:1292
+msgid "Use /dev/random for generating volume key."
+msgstr "Käytä /dev/random taltioavaimen synnyttämiseen."
-#: src/cryptsetup.c:299
-msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
-msgstr "VAROITUS: Parametri --hash ohitetaan tavallisessa tilassa kun avaintiedosto on määritelty.\n"
+#: src/cryptsetup.c:1513 src/cryptsetup_reencrypt.c:1293
+msgid "Use /dev/urandom for generating volume key."
+msgstr "Käytä /dev/urandom taltioavaimen synnyttämiseen."
-#: src/cryptsetup.c:307
-msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
-msgstr "VAROITUS: Valitsin --keyfile-size ohitetaan , lukukoko on sama kuin salausavaimen koko.\n"
+#: src/cryptsetup.c:1514
+msgid "Share device with another non-overlapping crypt segment."
+msgstr "Jaa laite toisen ei-päällekkäisen salaussegmentin kanssa."
-#: src/cryptsetup.c:347
-#, c-format
-msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
-msgstr ""
+#: src/cryptsetup.c:1515 src/veritysetup.c:385
+msgid "UUID for device to use."
+msgstr "UUID laitteelle käytettäväksi."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
-msgid "Operation aborted.\n"
-msgstr ""
+#: src/cryptsetup.c:1516
+msgid "Allow discards (aka TRIM) requests for device."
+msgstr "Salli hylkäys(lempinimeltään TRIM)-pyynnöt laitteelle."
-#: src/cryptsetup.c:421
-#, fuzzy
-msgid "Option --key-file is required."
-msgstr "Vaaditaan valitsin --key-file.\n"
+#: src/cryptsetup.c:1517
+msgid "Device or file with separated LUKS header."
+msgstr "Laite tai tiedosto erillisellä LUKS-otsakkeella."
-#: src/cryptsetup.c:474
-msgid "Enter VeraCrypt PIM: "
-msgstr ""
+#: src/cryptsetup.c:1518
+msgid "Do not activate device, just check passphrase."
+msgstr "Älä aktivoi laitetta, tarkista vain salasanalauseke."
-#: src/cryptsetup.c:483
-msgid "Invalid PIM value: parse error."
-msgstr ""
+#: src/cryptsetup.c:1519
+msgid "Use hidden header (hidden TCRYPT device)."
+msgstr "Käytä piilotettua otsaketta (piilotettu TCRYPT-laite)."
-#: src/cryptsetup.c:486
-#, fuzzy
-msgid "Invalid PIM value: 0."
-msgstr "Virheellinen laite %s.\n"
+#: src/cryptsetup.c:1520
+msgid "Device is system TCRYPT drive (with bootloader)."
+msgstr "Laite on järjestelmä-TCRYPT-levyasema (alkulatausohjelmalla)."
-#: src/cryptsetup.c:489
-msgid "Invalid PIM value: outside of range."
-msgstr ""
+#: src/cryptsetup.c:1521
+msgid "Use backup (secondary) TCRYPT header."
+msgstr "Käytä (toissijaista) TCRYPT-varmuuskopio-otsaketta."
-#: src/cryptsetup.c:512
-#, fuzzy
-msgid "No device header detected with this passphrase."
-msgstr "Tälle salasanalauseelle ei ole saatavissa laiteotsaketta.\n"
+#: src/cryptsetup.c:1522
+msgid "Scan also for VeraCrypt compatible device."
+msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle."
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n"
+#: src/cryptsetup.c:1523
+msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
+msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt."
-#: src/cryptsetup.c:617
-msgid ""
-"Header dump with volume key is sensitive information\n"
-"which allows access to encrypted partition without passphrase.\n"
-"This dump should be always stored encrypted on safe place."
-msgstr ""
-"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n"
-"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n"
-"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa."
+#: src/cryptsetup.c:1524
+msgid "Disable password quality check (if enabled)."
+msgstr "Ota pois käytöstä salasanan laatutarkistus (jos käytössä)."
-#: src/cryptsetup.c:714
-#, c-format
-msgid "Device %s is still active and scheduled for deferred removal.\n"
-msgstr ""
+#: src/cryptsetup.c:1525
+msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
+msgstr "Käytä dm-crypt same_cpu_crypt-suorituskyky-yhteensopivuusvalitsinta."
-#: src/cryptsetup.c:742
-msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
-msgstr ""
+#: src/cryptsetup.c:1526
+msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
+msgstr "Käytä dm-crypt submit_from_crypt_cpus-suorituskyky-yhteensopivuusvalitsinta."
-#: src/cryptsetup.c:885
-#, fuzzy
-msgid "Benchmark interrupted."
-msgstr "koestussalaus"
+#: src/cryptsetup.c:1542 src/veritysetup.c:402
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[VALITSIN...] <toiminto> <toimintokohtainen>"
-#: src/cryptsetup.c:906
-#, c-format
-msgid "PBKDF2-%-9s N/A\n"
-msgstr ""
+#: src/cryptsetup.c:1589 src/veritysetup.c:439
+msgid "Argument <action> missing."
+msgstr "Argumentti <toiminto> puuttuu."
-#: src/cryptsetup.c:908
-#, c-format
-msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
-msgstr ""
+#: src/cryptsetup.c:1642 src/veritysetup.c:445
+msgid "Unknown action."
+msgstr "Tuntematon toiminto."
-#: src/cryptsetup.c:922
-#, c-format
-msgid "%-10s N/A\n"
-msgstr ""
+#: src/cryptsetup.c:1652
+msgid "Option --shared is allowed only for open of plain device.\n"
+msgstr "Valitsin --shared sallitaan vain pelkän laitteen avaukseen.\n"
-#: src/cryptsetup.c:924
-#, c-format
-msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
-msgstr ""
+#: src/cryptsetup.c:1657
+msgid "Option --allow-discards is allowed only for open operation.\n"
+msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-#: src/cryptsetup.c:948
-#, fuzzy
-msgid "Result of benchmark is not reliable."
-msgstr "Suorituskykytestin tulos ei ole luotettava.\n"
+#: src/cryptsetup.c:1665
+msgid ""
+"Option --key-size is allowed only for luksFormat, open and benchmark.\n"
+"To limit read from keyfile use --keyfile-size=(bytes)."
+msgstr ""
+"Valitsin --key-size sallitaan vain muodoille luksFormat, open ja benchmark.\n"
+"Käytä avaintiedostosta lukemisen rajoittamiseksi valitsinta --keyfile-size=(tavua)."
-#: src/cryptsetup.c:998
-msgid "# Tests are approximate using memory only (no storage IO).\n"
-msgstr "# Testit käyttävät vain muistia ylimalkaan (ei tallennussiirtos).\n"
+#: src/cryptsetup.c:1672
+msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
+msgstr "Valitsin --test-passphrase sallitaan vain LUKS- ja TCRYPT-laitteiden avaamiseen.\n"
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
-#, fuzzy, c-format
-msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
-msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n"
-
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "Salaus %s ei ole käytettävissä.\n"
-
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
-#, fuzzy
-msgid "# Algorithm | Key | Encryption | Decryption\n"
-msgstr "# Algoritmi | Avain | Salaus | Salauksen purku\n"
-
-#: src/cryptsetup.c:1052
-msgid "N/A"
-msgstr "Ei käytössä"
-
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Kirjoita poistettava salasanalause: "
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Kirjoita poistettava salasanalause: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "Kirjoita salasanalause avainvälille %u: "
-
-#: src/cryptsetup.c:1245
-msgid "Really try to repair LUKS device header?"
-msgstr "Yritetäänkö todella korjata LUKS-laiteotsake?"
-
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
-msgid ""
-"Wiping device to initialize integrity checksum.\n"
-"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
-msgstr ""
-
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
-#, fuzzy, c-format
-msgid "Cannot deactivate temporary device %s."
-msgstr "Tilapäisen LUKS-laitteen avaaminen epäonnistui.\n"
-
-#: src/cryptsetup.c:1351
-msgid "Integrity option can be used only for LUKS2 format."
-msgstr ""
-
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
-#, fuzzy
-msgid "Unsupported LUKS2 metadata size options."
-msgstr "Tukematon LUKS-versio %d.\n"
-
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
-#, fuzzy, c-format
-msgid "Cannot create header file %s."
-msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n"
-
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
-#, fuzzy
-msgid "No known integrity specification pattern detected."
-msgstr "Havaittu tuntematon salakirjoitusmenetelmämäärittelymalli.\n"
-
-#: src/cryptsetup.c:1409
-#, fuzzy, c-format
-msgid "Cannot use %s as on-disk header."
-msgstr "Kohteen %s käyttö paikallisena levyotsakkeena epäonnistui.\n"
-
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
-#, c-format
-msgid "This will overwrite data on %s irrevocably."
-msgstr "Tämä korvaa tiedot kohteella %s peruuttamattomasti."
-
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
-#, fuzzy
-msgid "Failed to set pbkdf parameters."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-
-#: src/cryptsetup.c:1551
-#, fuzzy
-msgid "Reduced data offset is allowed only for detached LUKS header."
-msgstr "Pienennetty tietosiirrososoite sallitaan vain irrotetulle LUKS-otsakkeelle.\n"
-
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
-msgid "Device activated but cannot make flags persistent."
-msgstr ""
-
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
-#, fuzzy, c-format
-msgid "Keyslot %d is selected for deletion."
-msgstr "Avainväli %d valittu poistoa varten.\n"
-
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
-msgid "This is the last keyslot. Device will become unusable after purging this key."
-msgstr "Tämä on viimeinen avainväli. Laite tulee käyttökelvottomaksi tämän avaimen poistamisen jälkeen."
-
-#: src/cryptsetup.c:1694
-msgid "Enter any remaining passphrase: "
-msgstr "Kirjoita mikä tahansa jäljellä oleva salasanalause: "
-
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
-msgid "Operation aborted, the keyslot was NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:1733
-msgid "Enter passphrase to be deleted: "
-msgstr "Kirjoita poistettava salasanalause: "
-
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
-msgid "Enter new passphrase for key slot: "
-msgstr "Kirjoita uusi salasanalause avainvälille: "
-
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
-#, c-format
-msgid "Enter any existing passphrase: "
-msgstr "Kirjoita mikä tahansa olemassa oleva salasanalause: "
-
-#: src/cryptsetup.c:1973
-msgid "Enter passphrase to be changed: "
-msgstr "Kirjoita vaihdettava salasanalause: "
-
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
-msgid "Enter new passphrase: "
-msgstr "Kirjoita uusi salasanalause: "
-
-#: src/cryptsetup.c:2039
-#, fuzzy
-msgid "Enter passphrase for keyslot to be converted: "
-msgstr "Kirjoita salasanalause avainvälille %u: "
-
-#: src/cryptsetup.c:2063
-#, fuzzy
-msgid "Only one device argument for isLuks operation is supported."
-msgstr "Tuetaan vain yhtä laiteargumenttia isLuks-toiminnolle.\n"
-
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n"
-"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n"
-"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Avainväli %d ei ole käytössä.\n"
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Otsakevedos taltioavaimella on arkaluonteista tietoa,\n"
-"joka sallii pääsyn salatulle osiolle ilman salasanaa.\n"
-"Tämä vedos pitäisi aina tallentaa salattuna turvallisessa paikasssa."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s ei ole LUKS-laite."
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
-#, fuzzy
-msgid "Option --header-backup-file is required."
-msgstr "Vaaditaan valitsin --header-backup-file.\n"
-
-#: src/cryptsetup.c:2386
-#, fuzzy, c-format
-msgid "%s is not cryptsetup managed device."
-msgstr "%s ei ole LUKS-laite."
-
-#: src/cryptsetup.c:2397
-#, fuzzy, c-format
-msgid "Refresh is not supported for device type %s"
-msgstr "Jatkamista ei tueta laiteelle %s.\n"
-
-#: src/cryptsetup.c:2439
-#, fuzzy, c-format
-msgid "Unrecognized metadata device type %s."
-msgstr "Tunnistamaton metatietolaitetyyppi %s.\n"
-
-#: src/cryptsetup.c:2442
-#, fuzzy
-msgid "Command requires device and mapped name as arguments."
-msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n"
-
-#: src/cryptsetup.c:2464
-#, c-format
-msgid ""
-"This operation will erase all keyslots on device %s.\n"
-"Device will become unusable after this operation."
-msgstr ""
-"Tämä toiminto poistaa kaikki avainvälit laitteesta %s.\n"
-"Laite tulee käyttökelvottomaksi tämän toiminnon jälkeen."
-
-#: src/cryptsetup.c:2471
-msgid "Operation aborted, keyslots were NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2510
-msgid "Invalid LUKS type, only luks1 and luks2 are supported."
-msgstr ""
-
-#: src/cryptsetup.c:2528
-#, fuzzy, c-format
-msgid "Device is already %s type."
-msgstr "Laite %s on jo olemassa.\n"
-
-#: src/cryptsetup.c:2533
-#, fuzzy, c-format
-msgid "This operation will convert %s to %s format.\n"
-msgstr "Tätä toimintoa ei tueta %s-salauslaitteelle.\n"
-
-#: src/cryptsetup.c:2539
-msgid "Operation aborted, device was NOT converted.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2579
-msgid "Option --priority, --label or --subsystem is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
-#, fuzzy, c-format
-msgid "Token %d is invalid."
-msgstr "Avainväli %d on virheellinen.\n"
-
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
-#, c-format
-msgid "Token %d in use."
-msgstr ""
-
-#: src/cryptsetup.c:2623
-#, fuzzy, c-format
-msgid "Failed to add luks2-keyring token %d."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
-
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
-#, fuzzy, c-format
-msgid "Failed to assign token %d to keyslot %d."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
-
-#: src/cryptsetup.c:2649
-#, fuzzy, c-format
-msgid "Token %d is not in use."
-msgstr "Avainväli %d ei ole käytössä.\n"
-
-#: src/cryptsetup.c:2684
-#, fuzzy
-msgid "Failed to import token from file."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#: src/cryptsetup.c:2709
-#, fuzzy, c-format
-msgid "Failed to get token %d for export."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
-
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr ""
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2743
-#, fuzzy, c-format
-msgid "Invalid token operation %s."
-msgstr "Virheellinen avainkoko %d.\n"
-
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Laite %s ei ole kelvollinen LUKS-laite.\n"
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui."
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "Virheellinen laite %s.\n"
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Tätä toimintoa tuetaan vain LUKS-laitteelle.\n"
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Pyydetty otsakevarmuuskopiotiedosto %s on jo olemassa.\n"
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Otsakevarmuuskopiotiedoston %s luominen epäonnistui.\n"
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-#, fuzzy
-msgid "Not enough free keyslots for reencryption."
-msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen."
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-#, fuzzy
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Avaintiedostoa voidaan käyttää vain valitsimen --key-slot kanssa tai täsmälleen yhden avainvälin ollessa aktiivisena.\n"
-
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Kirjoita salasanalause avainvälille %u: "
-
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Kirjoita salasanalause avainvälille %u: "
-
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "Komento vaatii laitteen ja kuvausnimen argumenttina.\n"
-
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
-
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
-
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr ""
-
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
-
-#: src/cryptsetup.c:3475
-#, fuzzy
-msgid "LUKS2 device is not in reencryption."
-msgstr "Lokitiedosto %s on olemassa, aloitetaan salaus uudelleen.\n"
-
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<laite> [--type <tyyppi>] [<nimi>]"
-
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-#, fuzzy
-msgid "open device as <name>"
-msgstr "avaa laite kuvauksena <nimi>"
-
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<nimi>"
-
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr "sulje laite (poista kuvaus)"
-
-#: src/cryptsetup.c:3504
-msgid "resize active device"
-msgstr "muuta käytössä olevan laitteen kokoa"
-
-#: src/cryptsetup.c:3505
-msgid "show device status"
-msgstr "näytä laitetila"
-
-#: src/cryptsetup.c:3506
-msgid "[--cipher <cipher>]"
-msgstr ""
-
-#: src/cryptsetup.c:3506
-msgid "benchmark cipher"
-msgstr "koestussalaus"
-
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
-msgid "<device>"
-msgstr "<laite>"
-
-#: src/cryptsetup.c:3507
-msgid "try to repair on-disk metadata"
-msgstr "yritä korjata levyn sisäiset metatiedot"
-
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "lisää avain LUKS-laitteeseen"
-
-#: src/cryptsetup.c:3509
-msgid "erase all keyslots (remove encryption key)"
-msgstr "poista kaikki avainvälit (poista salausavain)"
-
-#: src/cryptsetup.c:3510
-msgid "convert LUKS from/to LUKS2 format"
-msgstr ""
-
-#: src/cryptsetup.c:3511
-msgid "set permanent configuration options for LUKS2"
-msgstr ""
-
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
-msgid "<device> [<new key file>]"
-msgstr "<laite> [<uusi avaintiedosto>]"
-
-#: src/cryptsetup.c:3512
-msgid "formats a LUKS device"
-msgstr "pohjustaa LUKS-laitteen"
-
-#: src/cryptsetup.c:3513
-msgid "add key to LUKS device"
-msgstr "lisää avain LUKS-laitteeseen"
-
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
-msgid "<device> [<key file>]"
-msgstr "<laite> [<avaintiedosto>]"
-
-#: src/cryptsetup.c:3514
-msgid "removes supplied key or key file from LUKS device"
-msgstr "poistaa tarjotun avaimen tai avaintiedoston LUKS-laitteesta"
-
-#: src/cryptsetup.c:3515
-msgid "changes supplied key or key file of LUKS device"
-msgstr "vaihtaa LUKS-laitteen tarjotun avaimen tai avaintiedoston"
-
-#: src/cryptsetup.c:3516
-msgid "converts a key to new pbkdf parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3517
-msgid "<device> <key slot>"
-msgstr "<laite> <avainväli>"
-
-#: src/cryptsetup.c:3517
-msgid "wipes key with number <key slot> from LUKS device"
-msgstr "pyyhkäisee pois avaimen numerolla <avainväli> LUKS-laitteesta"
-
-#: src/cryptsetup.c:3518
-msgid "print UUID of LUKS device"
-msgstr "tulostaa LUKS-laitteen UUID-tunnuksen"
-
-#: src/cryptsetup.c:3519
-msgid "tests <device> for LUKS partition header"
-msgstr "testaa <laite> LUKS-osio-otsakkeesta"
-
-#: src/cryptsetup.c:3520
-msgid "dump LUKS partition information"
-msgstr "vedosta LUKS-osiotiedot"
-
-#: src/cryptsetup.c:3521
-msgid "dump TCRYPT device information"
-msgstr "vedosta TCRYPT-laitetiedot"
-
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "vedosta TCRYPT-laitetiedot"
-
-#: src/cryptsetup.c:3523
-#, fuzzy
-msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
-msgstr "Keskeytä LUKS-laite ja pyyhi pois avain (kaikki siirräntäliitännät jäädytetään)."
-
-#: src/cryptsetup.c:3524
-#, fuzzy
-msgid "Resume suspended LUKS device"
-msgstr "Aloita uudelleen pysäytetty LUKS-laite."
-
-#: src/cryptsetup.c:3525
-msgid "Backup LUKS device header and keyslots"
-msgstr "Varmuuskopioi LUKS-laiteotsake ja avainvälit"
-
-#: src/cryptsetup.c:3526
-msgid "Restore LUKS device header and keyslots"
-msgstr "Palauta LUKS-laiteotsake ja avainvälit"
-
-#: src/cryptsetup.c:3527
-msgid "<add|remove|import|export> <device>"
-msgstr ""
-
-#: src/cryptsetup.c:3527
-msgid "Manipulate LUKS2 tokens"
-msgstr ""
-
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
-msgid ""
-"\n"
-"<action> is one of:\n"
-msgstr ""
-"\n"
-"<toiminto> on yksi seuraavista:\n"
-
-#: src/cryptsetup.c:3551
-#, fuzzy
-msgid ""
-"\n"
-"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-msgstr ""
-"\n"
-"Voit myös käyttää vanhaa <toiminto>-syntaksialiasta:\n"
-"\topen: luo (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
-"\tclose: poista (plainClose), luksClose, loopaesClose, tcryptClose\n"
-
-#: src/cryptsetup.c:3555
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<device> is the encrypted device\n"
-"<key slot> is the LUKS key slot number to modify\n"
-"<key file> optional key file for the new key for luksAddKey action\n"
-msgstr ""
-"\n"
-"<nimi> on laite, joka luodaan kohteen %s alaisena\n"
-"<laite> on salaussuojattu laite\n"
-"<avainväli> on LUKS-avainväli muokattavaksi\n"
-"<avaintiedosto> valinnainen avaintiedosto uudelle avaimelle luksAddKey-toimintoa varten\n"
-
-#: src/cryptsetup.c:3562
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in metadata format is %s (for luksFormat action).\n"
-msgstr ""
-
-#: src/cryptsetup.c:3567
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in key and passphrase parameters:\n"
-"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
-"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
-"Default PBKDF for LUKS2: %s\n"
-"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
-msgstr ""
-"\n"
-"Käännetyn avaintiedoston ja salasanan oletusparametrit:\n"
-"\tAvaintiedoston enimmäiskoko: %d kilobittiä, vuorovaikutteisen\n"
-"\tsalasanalauseen enimmäispituus %d (merkkiä)\n"
-"PBKDF2-iteroinnin enimmäisaika LUKS-avainvälille: %d (millisekuntia)\n"
-
-#: src/cryptsetup.c:3578
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in device cipher parameters:\n"
-"\tloop-AES: %s, Key %d bits\n"
-"\tplain: %s, Key: %d bits, Password hashing: %s\n"
-"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
-msgstr ""
-"\n"
-"Käännetyn laitesalakirjoitusmenetelmän oletusparametrit:\n"
-"\tloop-AES: %s, Avain %d bittiä\n"
-"\tplain-tyyppi: %s, Avain: %d bittiä, Salasanatiivistys: %s\n"
-"\tLUKS1: %s, Avain: %d bittiä, LUKS-otsaketiivistys: %s, RNG: %s\n"
-
-#: src/cryptsetup.c:3587
-msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
-#, c-format
-msgid "%s: requires %s as arguments"
-msgstr "%s: vaatii %s argumentteina"
-
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
-msgid "Show this help message"
-msgstr "Näytä tämä opastesanoma"
-
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
-msgid "Display brief usage"
-msgstr "Näytä lyhyt käyttöopaste"
-
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Tulosta pakkausversio"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
-msgid "Help options:"
-msgstr "Opastevalitsimet:"
-
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Näyttää yksityiskohtaisemmat virheilmoitukset"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Näytä vianjäljityssanomat"
-
-#: src/cryptsetup.c:3646
-#, fuzzy
-msgid "Show debug messages including JSON metadata"
-msgstr "Näytä vianjäljityssanomat"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Salakirjoitusmenetelmä, jota käytetään salaamaan levy (katso /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Tiivisteavain, jota käytetään salausavaimen luomiseen salasanalauseesta"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Todentaa salasanalauseen kysymällä kahdesti"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-#, fuzzy
-msgid "Read the key from a file"
-msgstr "Lue avain tiedostosta."
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Lue taltion (pää)avain tiedostosta."
-
-#: src/cryptsetup.c:3652
-#, fuzzy
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Vedosta taltion (pää)avain eikä avainvälien tiedot."
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Salausavaimen koko"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITTIÄ"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Avaintiedostosta luettavat rajat"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "tavua"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Avaintiedostossa ohitettavien tavujen määrä"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Äskettäin lisätystä avaintiedostosta luetut rajat"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Ohitettu tavumäärä äskettäin lisätyssä avaintiedostossa"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Välinumero uudelle avaimelle (oletus on ensimmäinen vapaa)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Laitteen koko"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTORIA"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Käytä vain määriteltyä laitekokoa (ohita laitteen loppu). VAARALLINEN!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Alkusiirrososoite taustalaitteessa"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Kuinka monta salaustietojen sektoria ohitetaan alussa"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Luo kirjoitussuojattu kuvaus"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Älä pyydä vahvistusta"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Aikakatkaisu vuorovaikutteiselle salasanalausekyselylle (sekunteina)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "s"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr ""
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Kuinka usein salasanasyötettä voidaan yrittää uudelleen"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Tasaa tietosisältö osoitteessa <n> sektorirajoihin - kohdetta luksFormat varten"
-
-#: src/cryptsetup.c:3669
-#, fuzzy
-msgid "File with LUKS header and keyslots backup"
-msgstr "Tiedosto LUKS-otsakkeella ja avainvälien varmuuskopiolla."
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-#, fuzzy
-msgid "Use /dev/random for generating volume key"
-msgstr "Käytä /dev/random taltioavaimen synnyttämiseen."
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-#, fuzzy
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Käytä /dev/urandom taltioavaimen synnyttämiseen."
-
-#: src/cryptsetup.c:3672
-#, fuzzy
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Jaa laite toisen ei-päällekkäisen salaussegmentin kanssa."
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-#, fuzzy
-msgid "UUID for device to use"
-msgstr "UUID laitteelle käytettäväksi."
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-#, fuzzy
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Salli hylkäys(lempinimeltään TRIM)-pyynnöt laitteelle."
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-#, fuzzy
-msgid "Device or file with separated LUKS header"
-msgstr "Laite tai tiedosto erillisellä LUKS-otsakkeella."
-
-#: src/cryptsetup.c:3676
-#, fuzzy
-msgid "Do not activate device, just check passphrase"
-msgstr "Älä aktivoi laitetta, tarkista vain salasanalauseke."
-
-#: src/cryptsetup.c:3677
-#, fuzzy
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Käytä piilotettua otsaketta (piilotettu TCRYPT-laite)."
-
-#: src/cryptsetup.c:3678
-#, fuzzy
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Laite on järjestelmä-TCRYPT-levyasema (alkulatausohjelmalla)."
-
-#: src/cryptsetup.c:3679
-#, fuzzy
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Käytä (toissijaista) TCRYPT-varmuuskopio-otsaketta."
-
-#: src/cryptsetup.c:3680
-#, fuzzy
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle."
-
-#: src/cryptsetup.c:3681
-#, fuzzy
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle."
-
-#: src/cryptsetup.c:3682
-#, fuzzy
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Tutkinta myös VeraCrypt-yhteensopivalle laitteelle."
-
-#: src/cryptsetup.c:3683
-#, fuzzy
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt."
-
-#: src/cryptsetup.c:3684
-#, fuzzy
-msgid "Disable password quality check (if enabled)"
-msgstr "Ota pois käytöstä salasanan laatutarkistus (jos käytössä)."
-
-#: src/cryptsetup.c:3685
-#, fuzzy
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Käytä dm-crypt same_cpu_crypt-suorituskyky-yhteensopivuusvalitsinta."
-
-#: src/cryptsetup.c:3686
-#, fuzzy
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Käytä dm-crypt submit_from_crypt_cpus-suorituskyky-yhteensopivuusvalitsinta."
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr ""
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
-#, fuzzy
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ms"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-#, fuzzy
-msgid "kilobytes"
-msgstr "tavua"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr ""
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr ""
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr ""
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr ""
-
-#: src/cryptsetup.c:3697
-#, fuzzy
-msgid "Disable locking of on-disk metadata"
-msgstr "yritä korjata levyn sisäiset metatiedot"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr ""
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr ""
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr ""
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr ""
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr ""
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr ""
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr ""
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr ""
-
-#: src/cryptsetup.c:3709
-#, fuzzy
-msgid "Set label for the LUKS2 device"
-msgstr "pohjustaa LUKS-laitteen"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr ""
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr ""
-
-#: src/cryptsetup.c:3712
-#, fuzzy
-msgid "Read or write the json from or to a file"
-msgstr "Lue avain tiedostosta."
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr ""
-
-#: src/cryptsetup.c:3714
-#, fuzzy
-msgid "LUKS2 header keyslots area size"
-msgstr "Tiedosto LUKS-otsakkeella ja avainvälien varmuuskopiolla."
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3716
-#, fuzzy
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Salausavaimen koko"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr ""
-
-#: src/cryptsetup.c:3718
-#, fuzzy
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Poista laitteen salaus pysyvästi (poista salaus)"
-
-#: src/cryptsetup.c:3719
-#, fuzzy
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Poista laitteen salaus pysyvästi (poista salaus)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Pienennä datalaitekokoa (siirrä datasiirrososoitetta). VAARALLINEN!"
-
-#: src/cryptsetup.c:3723
-#, fuzzy
-msgid "Maximal reencryption hotzone size."
-msgstr "Uudelleensalauslohkon koko"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-#, fuzzy
-msgid "Reencryption hotzone checksums hash"
-msgstr "Uudelleensalauslohkon koko"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr ""
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[VALITSIN...] <toiminto> <toimintokohtainen>"
-
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "Argumentti <toiminto> puuttuu."
-
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Tuntematon toiminto."
-
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:3882
-#, fuzzy
-msgid "Option --deferred is allowed only for close command."
-msgstr "Valitsin --shared sallitaan vain pelkän laitteen avaukseen.\n"
-
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Valitsin --shared sallitaan vain pelkän laitteen avaukseen.\n"
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-
-#: src/cryptsetup.c:3902
-#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr ""
-
-#: src/cryptsetup.c:3917
-#, fuzzy
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Valitsin --key-size sallitaan vain muodoille luksFormat, open ja benchmark.\n"
-"Käytä avaintiedostosta lukemisen rajoittamiseksi valitsinta --keyfile-size=(tavua)."
-
-#: src/cryptsetup.c:3923
-#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr ""
-
-#: src/cryptsetup.c:3934
-#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Valitsin --uuid sallitaan vain luksFormat-muodolle ja luksUUID-muodolle."
-
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Valitsin --test-passphrase sallitaan vain LUKS- ja TCRYPT-laitteiden avaamiseen.\n"
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:1677 src/cryptsetup_reencrypt.c:1360
msgid "Key size must be a multiple of 8 bits"
msgstr "Avainkoon on oltava 8-bitin monikerta"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:1684 src/cryptsetup_reencrypt.c:1365
msgid "Key slot is invalid."
msgstr "Avainväli on virheellinen."
-#: src/cryptsetup.c:3958
-#, fuzzy
-msgid "Option --key-file takes precedence over specified key file argument."
+#: src/cryptsetup.c:1691
+msgid "Option --key-file takes precedence over specified key file argument.\n"
msgstr "Valitsin --key-file on ensisijainen määritellylle avaintiedostoargumentille.\n"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:1699 src/veritysetup.c:467 src/cryptsetup_reencrypt.c:1349
msgid "Negative number for option not permitted."
msgstr "Valitsimelle ei sallita negatiivista numeroa."
-#: src/cryptsetup.c:3969
-#, fuzzy
-msgid "Only one --key-file argument is allowed."
-msgstr "Vain yksi --use-[u]random -valitsin on sallittu."
-
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:1703 src/cryptsetup_reencrypt.c:1343
+#: src/cryptsetup_reencrypt.c:1369
msgid "Only one of --use-[u]random options is allowed."
msgstr "Vain yksi --use-[u]random -valitsin on sallittu."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:1707
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "Valitsin --use-[u]random sallitaan vain luksFormat-muodolle."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:1711
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "Valitsin --uuid sallitaan vain luksFormat-muodolle ja luksUUID-muodolle."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:1715
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle."
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr ""
-
-#: src/cryptsetup.c:3994
-#, fuzzy
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Virheellinen laitekokomäärittely."
-
-#: src/cryptsetup.c:3998
-#, fuzzy
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Virheellinen laitekokomäärittely."
-
-#: src/cryptsetup.c:4002
-#, fuzzy
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Valitsin --align-payload sallitaan vain luksFormat-muodolle."
-
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:1721
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "Valitsinta --skip tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:1727
+msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
msgstr "Valitsinta --offset tuetaan vain plain- ja loopaes-laitteiden avaamiseen.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:1733
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "Valitsinta --tcrypt-hidden, --tcrypt-system tai --tcrypt-backup tuetaan vain TCRYPT-laiteeelle.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:1738
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "Valitsinta --tcrypt-hidden ei voida yhdistää valitsimeen --allow-discards.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n"
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr ""
-
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n"
-
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:1743
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "Valitsinta --veracrypt tuetaan vain TCRYPT-laiteeelle.\n"
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr ""
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr ""
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr ""
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr ""
-
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
-msgstr "Tätä toimintoa ei tueta tälle laitetyypille.\n"
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr ""
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr ""
-
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
-msgstr "Valitsinta --keep-key voidaan käyttää vain valitsimen --hash tai --iter-time kanssa."
-
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr ""
-
-#: src/cryptsetup.c:4135
-#, fuzzy
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Virheellinen laitekokomäärittely."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Virheellinen laitekokomäärittely."
-
-#: src/cryptsetup.c:4146
-#, fuzzy
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Maksimi laitepienennyskoko on 64 mebitavua."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta."
-
-#: src/cryptsetup.c:4154
-#, fuzzy
-msgid "Invalid data size specification."
-msgstr "Virheellinen laitekokomäärittely."
-
-#: src/cryptsetup.c:4159
-#, fuzzy
-msgid "Reduce size overflow."
-msgstr "Laitesiirrososoitteen ylivuoto.\n"
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr ""
-
-#: src/veritysetup.c:76
-#, fuzzy
-msgid "Invalid salt string specified."
+#: src/veritysetup.c:58
+msgid "Invalid salt string specified.\n"
msgstr "Määritelty virheellinen satunnaisarvosiemenmerkkijono.\n"
-#: src/veritysetup.c:107
-#, fuzzy, c-format
-msgid "Cannot create hash image %s for writing."
-msgstr "Tiivistevedoksen %s luominen kirjoittamista varten epäonnistui.\n"
-
-#: src/veritysetup.c:117
-#, fuzzy, c-format
-msgid "Cannot create FEC image %s for writing."
+#: src/veritysetup.c:88
+#, c-format
+msgid "Cannot create hash image %s for writing.\n"
msgstr "Tiivistevedoksen %s luominen kirjoittamista varten epäonnistui.\n"
-#: src/veritysetup.c:191
-#, fuzzy
-msgid "Invalid root hash string specified."
+#: src/veritysetup.c:148
+msgid "Invalid root hash string specified.\n"
msgstr "Virheellinen root-tiivistemerkkijono määritelty.\n"
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "Virheellinen laite %s.\n"
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr "Avaintiedoston %s lukeminen epäonnistui.\n"
-
-#: src/veritysetup.c:406
+#: src/veritysetup.c:308
msgid "<data_device> <hash_device>"
msgstr "<data_laite> <tiiviste_laite>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:308
msgid "format device"
msgstr "pohjusta laite"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:309
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<data_laite> <tiiviste_laite> <root_tiiviste>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:309
msgid "verify device"
msgstr "todenna laite"
-#: src/veritysetup.c:408
-#, fuzzy
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<data_laite> <tiiviste_laite> <root_tiiviste>"
-
-#: src/veritysetup.c:410 src/integritysetup.c:495
-msgid "show active device status"
-msgstr "näytä aktiivilaitteen tila"
-
-#: src/veritysetup.c:411
-msgid "<hash_device>"
-msgstr "<tiiviste_laite>"
-
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
-msgstr "näytä paikallisen levyn tiedot"
-
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
-msgstr ""
-"\n"
-"<nimi> on kohteen alle %s luotava laite\n"
-"<data_laite> on datalaite\n"
-"<tiiviste_laite> on todennusdataa sisältävä laite\n"
-"<root_tiiviste> root-solmun tiiviste kohteella <tiiviste_laite>\n"
-
-#: src/veritysetup.c:437
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
-msgstr ""
-"\n"
-"Käännetyt dm-verity oletusparametrit:\n"
-"\tTiiviste: %s, Data-lohko (tavua): %u, Tiivistelohko (tavua): %u, Satunnaislukuarvosiemenen koko: %u, Tiivistemuoto: %u\n"
-
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Älä käytä verity-superlohkoa"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Muototyyppi (1 - normaali, 0 - alkuperäinen Chrome OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "numero"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Data-laitteen lohkokoko"
-
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Tiivistelaitteen lohkokoko"
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Data-tiedoston lohkojen määrä"
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "lohkoa"
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr ""
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr ""
-
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Tiivistelaitteen alkusiirrososoite"
-
-#: src/veritysetup.c:489
-#, fuzzy
-msgid "Starting offset on the FEC device"
-msgstr "Tiivistelaitteen alkusiirrososoite"
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Tiivistealgoritmi"
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "merkkijono"
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Satunnaisarvosiemenluku"
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "heksadesimaalimerkkijono"
-
-#: src/veritysetup.c:493
-#, fuzzy
-msgid "Path to root hash signature file"
-msgstr "Tiivistealueen luominen epäonnistui.\n"
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr ""
-
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr ""
-
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr ""
-
-#: src/veritysetup.c:497
-#, fuzzy
-msgid "Do not verify zeroed blocks"
-msgstr "Älä käytä verity-superlohkoa"
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr ""
-
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
-
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr ""
-
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr ""
-
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Virheellinen avainkoko %d.\n"
-
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, fuzzy, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Avaintiedoston %s lukeminen epäonnistui.\n"
-
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, fuzzy, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Ei voida lukea %d tavua avaintiedostosta %s.\n"
-
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr ""
-
-#: src/integritysetup.c:492 src/integritysetup.c:496
-#, fuzzy
-msgid "<integrity_device>"
-msgstr "todenna laite"
-
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr ""
-
-#: src/integritysetup.c:515
-#, fuzzy, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<nimi> on kohteen alle %s luotava laite\n"
-"<data_laite> on datalaite\n"
-"<tiiviste_laite> on todennusdataa sisältävä laite\n"
-"<root_tiiviste> root-solmun tiiviste kohteella <tiiviste_laite>\n"
-
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr ""
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr ""
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr ""
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr ""
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr ""
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr ""
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr ""
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr ""
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:579
-#, fuzzy
-msgid "The size of the data integrity key"
-msgstr "Salausavaimen koko"
-
-#: src/integritysetup.c:580
-#, fuzzy
-msgid "Read the integrity key from a file"
-msgstr "Lue avain tiedostosta."
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:583
-#, fuzzy
-msgid "The size of the journal integrity key"
-msgstr "Salausavaimen koko"
-
-#: src/integritysetup.c:584
-#, fuzzy
-msgid "Read the journal integrity key from a file"
-msgstr "Lue avain tiedostosta."
-
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr ""
+#: src/veritysetup.c:310
+msgid "<name> <data_device> <hash_device> <root_hash>"
+msgstr "<nimi> <data_laite> <tiiviste_laite> <root_tiiviste>"
-#: src/integritysetup.c:587
-#, fuzzy
-msgid "The size of the journal encryption key"
-msgstr "Salausavaimen koko"
+#: src/veritysetup.c:310
+msgid "create active device"
+msgstr "luo aktiivilaite"
-#: src/integritysetup.c:588
-#, fuzzy
-msgid "Read the journal encryption key from a file"
-msgstr "Lue avain tiedostosta."
+#: src/veritysetup.c:311
+msgid "remove (deactivate) device"
+msgstr "poista (deaktivoi) laite"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr ""
+#: src/veritysetup.c:312
+msgid "show active device status"
+msgstr "näytä aktiivilaitteen tila"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr ""
+#: src/veritysetup.c:313
+msgid "<hash_device>"
+msgstr "<tiiviste_laite>"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr ""
+#: src/veritysetup.c:313
+msgid "show on-disk information"
+msgstr "näytä paikallisen levyn tiedot"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
+#: src/veritysetup.c:332
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
msgstr ""
+"\n"
+"<nimi> on kohteen alle %s luotava laite\n"
+"<data_laite> on datalaite\n"
+"<tiiviste_laite> on todennusdataa sisältävä laite\n"
+"<root_tiiviste> root-solmun tiiviste kohteella <tiiviste_laite>\n"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#: src/veritysetup.c:339
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
msgstr ""
+"\n"
+"Käännetyt dm-verity oletusparametrit:\n"
+"\tTiiviste: %s, Data-lohko (tavua): %u, Tiivistelohko (tavua): %u, Satunnaislukuarvosiemenen koko: %u, Tiivistemuoto: %u\n"
-#: src/integritysetup.c:672
-#, fuzzy
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Valitsin --allow-discards sallitaan vain open-toiminnolle.\n"
+#: src/veritysetup.c:377
+msgid "Do not use verity superblock"
+msgstr "Älä käytä verity-superlohkoa"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr ""
+#: src/veritysetup.c:378
+msgid "Format type (1 - normal, 0 - original Chrome OS)"
+msgstr "Muototyyppi (1 - normaali, 0 - alkuperäinen Chrome OS)"
-#: src/integritysetup.c:698
-#, fuzzy
-msgid "Invalid journal size specification."
-msgstr "Virheellinen laitekokomäärittely."
+#: src/veritysetup.c:378
+msgid "number"
+msgstr "numero"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:379
+msgid "Block size on the data device"
+msgstr "Data-laitteen lohkokoko"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:380
+msgid "Block size on the hash device"
+msgstr "Tiivistelaitteen lohkokoko"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr ""
+#: src/veritysetup.c:381
+msgid "The number of blocks in the data file"
+msgstr "Data-tiedoston lohkojen määrä"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:381
+msgid "blocks"
+msgstr "lohkoa"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr ""
+#: src/veritysetup.c:382
+msgid "Starting offset on the hash device"
+msgstr "Tiivistelaitteen alkusiirrososoite"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr ""
+#: src/veritysetup.c:383
+msgid "Hash algorithm"
+msgstr "Tiivistealgoritmi"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
+#: src/veritysetup.c:383
+msgid "string"
+msgstr "merkkijono"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr ""
+#: src/veritysetup.c:384
+msgid "Salt"
+msgstr "Satunnaisarvosiemenluku"
-#: src/cryptsetup_reencrypt.c:190
-#, fuzzy
-msgid "Reencryption already in-progress."
-msgstr "Uudelleensalauslohkon koko"
+#: src/veritysetup.c:384
+msgid "hex string"
+msgstr "heksadesimaalimerkkijono"
-#: src/cryptsetup_reencrypt.c:226
-#, fuzzy, c-format
-msgid "Cannot exclusively open %s, device in use."
+#: src/cryptsetup_reencrypt.c:147
+#, c-format
+msgid "Cannot exclusively open %s, device in use.\n"
msgstr "Kohteen %s avaaminen eksklusiivisesti epäonnistui, laite on käytössä.\n"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-#, fuzzy
-msgid "Allocation of aligned memory failed."
+#: src/cryptsetup_reencrypt.c:151
+#, c-format
+msgid "Cannot open device %s\n"
+msgstr "Laitteen %s avaus epäonnistui.\n"
+
+#: src/cryptsetup_reencrypt.c:161 src/cryptsetup_reencrypt.c:914
+msgid "Allocation of aligned memory failed.\n"
msgstr "Tasatun muistin varaaminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:247
-#, fuzzy, c-format
-msgid "Cannot read device %s."
+#: src/cryptsetup_reencrypt.c:168
+#, c-format
+msgid "Cannot read device %s.\n"
msgstr "Laitteen %s lukeminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:258
-#, fuzzy, c-format
-msgid "Marking LUKS1 device %s unusable."
+#: src/cryptsetup_reencrypt.c:179
+#, c-format
+msgid "Marking LUKS device %s unusable.\n"
msgstr "Merkitään LUKS-laite %s käyttökelvottomaksi.\n"
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:184
#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr ""
+msgid "Marking LUKS device %s usable.\n"
+msgstr "Merkitään LUKS-laite %s käyttökelpoiseksi.\n"
-#: src/cryptsetup_reencrypt.c:279
-#, fuzzy, c-format
-msgid "Cannot write device %s."
+#: src/cryptsetup_reencrypt.c:200
+#, c-format
+msgid "Cannot write device %s.\n"
msgstr "Laitteelle %s kirjoittaminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:327
-#, fuzzy
-msgid "Cannot write reencryption log file."
+#: src/cryptsetup_reencrypt.c:281
+msgid "Cannot write reencryption log file.\n"
msgstr "Uudelleensalauslokitiedoston kirjoittaminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:383
-#, fuzzy
-msgid "Cannot read reencryption log file."
+#: src/cryptsetup_reencrypt.c:337
+msgid "Cannot read reencryption log file.\n"
msgstr "Uudelleensalauslokitiedoston lukeminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:374
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Lokitiedosto %s on olemassa, aloitetaan salaus uudelleen.\n"
-#: src/cryptsetup_reencrypt.c:470
-#, fuzzy
-msgid "Activating temporary device using old LUKS header."
+#: src/cryptsetup_reencrypt.c:424
+msgid "Activating temporary device using old LUKS header.\n"
msgstr "Aktivoidaan tilapäinen laite käyttäen vanhaa LUKS-otsaketta.\n"
-#: src/cryptsetup_reencrypt.c:480
-#, fuzzy
-msgid "Activating temporary device using new LUKS header."
+#: src/cryptsetup_reencrypt.c:435
+msgid "Activating temporary device using new LUKS header.\n"
msgstr "Aktivoidaan tilapäinen laite käyttäen uutta LUKS-otsaketta.\n"
-#: src/cryptsetup_reencrypt.c:490
-#, fuzzy
-msgid "Activation of temporary devices failed."
+#: src/cryptsetup_reencrypt.c:445
+msgid "Activation of temporary devices failed.\n"
msgstr "Tilapäisten laitteiden aktivoiminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:577
-#, fuzzy
-msgid "Failed to set data offset."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-
-#: src/cryptsetup_reencrypt.c:591
-#, fuzzy, c-format
-msgid "New LUKS header for device %s created."
+#: src/cryptsetup_reencrypt.c:471
+#, c-format
+msgid "New LUKS header for device %s created.\n"
msgstr "Luotiin uusi LUKS-otsake laitteelle %s.\n"
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:479
#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:677
-#, fuzzy
-msgid "Failed to write activation flags to new header."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+msgid "Activated keyslot %i.\n"
+msgstr "Aktivoitiin avainväli %i.\n"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-#, fuzzy
-msgid "Failed to read requirements from backup header."
-msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
-
-#: src/cryptsetup_reencrypt.c:723
-#, fuzzy, c-format
-msgid "%s header backup of device %s created."
+#: src/cryptsetup_reencrypt.c:505
+#, c-format
+msgid "LUKS header backup of device %s created.\n"
msgstr "Laitteen %s LUKS-otsakkeen varmuuskopio luotu.\n"
-#: src/cryptsetup_reencrypt.c:786
-#, fuzzy
-msgid "Creation of LUKS backup headers failed."
+#: src/cryptsetup_reencrypt.c:553
+msgid "Creation of LUKS backup headers failed.\n"
msgstr "LUKS-varmuuskopio-otsakkeiden luominen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:919
-#, fuzzy, c-format
-msgid "Cannot restore %s header on device %s."
+#: src/cryptsetup_reencrypt.c:655
+#, c-format
+msgid "Cannot restore LUKS header on device %s.\n"
msgstr "LUKS-otsakkeen palautus laitteeseen %s epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:921
-#, fuzzy, c-format
-msgid "%s header on device %s restored."
+#: src/cryptsetup_reencrypt.c:657
+#, c-format
+msgid "LUKS header on device %s restored.\n"
msgstr "LUKS-otsake palautettu laitteessa %s.\n"
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-#, fuzzy
-msgid "Cannot open temporary LUKS device."
+#: src/cryptsetup_reencrypt.c:690
+#, c-format
+msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s"
+msgstr "Eteneminen: %5.1f%%, ETA %02llu:%02llu, %4llu Mebitavua kirjoitettu, nopeus %5.1f Mebitavua/s%s"
+
+#: src/cryptsetup_reencrypt.c:729 src/cryptsetup_reencrypt.c:805
+#: src/cryptsetup_reencrypt.c:847
+msgid "Cannot seek to device offset.\n"
+msgstr "Laitteen siirrososoitteen etsintä epäonnistui.\n"
+
+#: src/cryptsetup_reencrypt.c:886 src/cryptsetup_reencrypt.c:892
+msgid "Cannot open temporary LUKS device.\n"
msgstr "Tilapäisen LUKS-laitteen avaaminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-#, fuzzy
-msgid "Cannot get device size."
+#: src/cryptsetup_reencrypt.c:897 src/cryptsetup_reencrypt.c:902
+msgid "Cannot get device size.\n"
msgstr "Laitekoon hakeminen epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:1176
-#, fuzzy
-msgid "IO error during reencryption."
-msgstr "Siirräntävirhe uudelleensalauksen aikana.\n"
-
-#: src/cryptsetup_reencrypt.c:1207
-#, fuzzy
-msgid "Provided UUID is invalid."
-msgstr "Avainväli on virheellinen."
+#: src/cryptsetup_reencrypt.c:940
+msgid "Interrupted by a signal.\n"
+msgstr "Signaalin keskeyttämä.\n"
-#: src/cryptsetup_reencrypt.c:1441
-#, fuzzy
-msgid "Cannot open reencryption log file."
-msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n"
+#: src/cryptsetup_reencrypt.c:942
+msgid "IO error during reencryption.\n"
+msgstr "Siirräntävirhe uudelleensalauksen aikana.\n"
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr ""
+#: src/cryptsetup_reencrypt.c:1049
+msgid "Key file can be used only with --key-slot or with exactly one key slot active.\n"
+msgstr "Avaintiedostoa voidaan käyttää vain valitsimen --key-slot kanssa tai täsmälleen yhden avainvälin ollessa aktiivisena.\n"
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1093 src/cryptsetup_reencrypt.c:1108
#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr ""
+msgid "Enter passphrase for key slot %u: "
+msgstr "Kirjoita salasanalause avainvälille %u: "
+
+#: src/cryptsetup_reencrypt.c:1157
+msgid "Cannot open reencryption log file.\n"
+msgstr "Uudelleensalauslokitiedoston avaus epäonnistui.\n"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1283
msgid "Reencryption block size"
msgstr "Uudelleensalauslohkon koko"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1283
msgid "MiB"
msgstr "Mebitavua"
-#: src/cryptsetup_reencrypt.c:1640
-#, fuzzy
-msgid "Do not change key, no data area reencryption"
+#: src/cryptsetup_reencrypt.c:1287
+msgid "Do not change key, no data area reencryption."
msgstr "Älä vaihda avainta, yhtään data-aluetta ei ole salattu uudelleen."
-#: src/cryptsetup_reencrypt.c:1642
-#, fuzzy
-msgid "Read new volume (master) key from file"
-msgstr "Lue taltion (pää)avain tiedostosta."
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "PBKDF2-iterointiaika kohteelle LUKS (millisekunneissa)"
-
-#: src/cryptsetup_reencrypt.c:1649
-#, fuzzy
-msgid "Use direct-io when accessing devices"
+#: src/cryptsetup_reencrypt.c:1294
+msgid "Use direct-io when accessing devices."
msgstr "Käytä direct-io -siirräntää laitteisiin yhdistettäessä."
-#: src/cryptsetup_reencrypt.c:1650
-#, fuzzy
-msgid "Use fsync after each block"
+#: src/cryptsetup_reencrypt.c:1295
+msgid "Use fsync after each block."
msgstr "Käytä fsync-komentoa jokaisen lohkon jälkeen."
-#: src/cryptsetup_reencrypt.c:1651
-#, fuzzy
-msgid "Update log file after every block"
+#: src/cryptsetup_reencrypt.c:1296
+msgid "Update log file after every block."
msgstr "Päivitä lokitiedosto jokaisen lohkon jälkeen."
-#: src/cryptsetup_reencrypt.c:1652
-#, fuzzy
-msgid "Use only this slot (others will be disabled)"
+#: src/cryptsetup_reencrypt.c:1297
+msgid "Use only this slot (others will be disabled)."
msgstr "Käytä vain tätä väliä (muut ovat pois käytöstä)."
-#: src/cryptsetup_reencrypt.c:1657
-#, fuzzy
-msgid "Create new header on not encrypted device"
-msgstr "Luo uusi otsake ei-salattuun laitteeseen."
+#: src/cryptsetup_reencrypt.c:1300
+msgid "Reduce data device size (move data offset). DANGEROUS!"
+msgstr "Pienennä datalaitekokoa (siirrä datasiirrososoitetta). VAARALLINEN!"
-#: src/cryptsetup_reencrypt.c:1658
-#, fuzzy
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Poista laitteen salaus pysyvästi (poista salaus)"
+#: src/cryptsetup_reencrypt.c:1301
+msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+msgstr "Käytä vain määriteltyä laitekokoa (ohita laitteen loppu). VAARALLINEN!"
-#: src/cryptsetup_reencrypt.c:1659
-#, fuzzy
-msgid "The UUID used to resume decryption"
-msgstr "Salausavaimen koko"
+#: src/cryptsetup_reencrypt.c:1302
+msgid "Create new header on not encrypted device."
+msgstr "Luo uusi otsake ei-salattuun laitteeseen."
-#: src/cryptsetup_reencrypt.c:1660
-#, fuzzy
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Laitemetatietojen tyyppi: luks, plain, loopaes, tcrypt."
+#: src/cryptsetup_reencrypt.c:1303
+msgid "Permanently decrypt device (remove encryption)."
+msgstr "Poista laitteen salaus pysyvästi (poista salaus)"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1319
msgid "[OPTION...] <device>"
msgstr "[VALITSIN...] <laite>"
-#: src/cryptsetup_reencrypt.c:1687
-#, fuzzy, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
+#: src/cryptsetup_reencrypt.c:1333
+#, c-format
+msgid "Reencryption will change: volume key%s%s%s%s.\n"
msgstr "Uudelleensalauas muuttuu: taltio key%s%s%s%s.\n"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1690
-#, fuzzy
-msgid "set hash to "
+#: src/cryptsetup_reencrypt.c:1334
+msgid ", set hash to "
msgstr ", aseta tiivisteeksi "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1335
msgid ", set cipher to "
msgstr ", aseta salaukseksi "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1339
msgid "Argument required."
msgstr "Argumentti vaadittu."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1355
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Vain arvot välillä 1 mebitavua ja 64 mebitavua ovat sallittuja uudelleensalauslohkokokoja."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1374 src/cryptsetup_reencrypt.c:1379
+msgid "Invalid device size specification."
+msgstr "Virheellinen laitekokomäärittely."
+
+#: src/cryptsetup_reencrypt.c:1382
msgid "Maximum device reduce size is 64 MiB."
msgstr "Maksimi laitepienennyskoko on 64 mebitavua."
-#: src/cryptsetup_reencrypt.c:1757
-#, fuzzy
-msgid "Option --new must be used together with --reduce-device-size or --header."
+#: src/cryptsetup_reencrypt.c:1385
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Pienennyskoon on oltava 512-tavuisen sektorin monikerta."
+
+#: src/cryptsetup_reencrypt.c:1389
+msgid "Option --new must be used together with --reduce-device-size."
msgstr "Valitsinta --new on käytettävä yhdessä valitsimen --reduce-device-size kanssa."
-#: src/cryptsetup_reencrypt.c:1761
-#, fuzzy
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#: src/cryptsetup_reencrypt.c:1393
+msgid "Option --keep-key can be used only with --hash or --iter-time."
msgstr "Valitsinta --keep-key voidaan käyttää vain valitsimen --hash tai --iter-time kanssa."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1397
msgid "Option --new cannot be used together with --decrypt."
msgstr "Valitsinta --new ei voi käytttää yhdessä valitsimen --decrypt kanssa."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1401
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "Valitsin --decrypt on yhteensopimaton määriteltyjen parametrien kanssa."
-#: src/cryptsetup_reencrypt.c:1773
-#, fuzzy
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Valitsinta --new ei voi käytttää yhdessä valitsimen --decrypt kanssa."
-
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr ""
-
#: src/utils_tools.c:151
-#, fuzzy
-msgid "Error reading response from terminal."
+msgid "Error reading response from terminal.\n"
msgstr "Virhe luettaessa vastausta pääteikkunasta.\n"
-#: src/utils_tools.c:186
+#: src/utils_tools.c:173
msgid "Command successful.\n"
msgstr "Komento onnistui.\n"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr ""
-
-#: src/utils_tools.c:196
-#, fuzzy
-msgid "no permission or bad passphrase"
-msgstr "Kirjoita mikä tahansa salasanalause: "
-
-#: src/utils_tools.c:198
-#, fuzzy
-msgid "out of memory"
-msgstr "Muistin lukituksen avaus epäonnistui.\n"
-
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr ""
-
-#: src/utils_tools.c:202
-#, fuzzy
-msgid "device already exists or device is busy"
-msgstr "Laite %s on jo olemassa.\n"
-
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr ""
-
-#: src/utils_tools.c:206
-#, fuzzy, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Komento epäonnistui koodilla %i"
-
-#: src/utils_tools.c:284
-#, fuzzy, c-format
-msgid "Key slot %i created."
-msgstr "Avaivälin %d vaihtui.\n"
-
-#: src/utils_tools.c:286
-#, fuzzy, c-format
-msgid "Key slot %i unlocked."
-msgstr "Avaivälin %d lukitus avattu.\n"
-
-#: src/utils_tools.c:288
-#, fuzzy, c-format
-msgid "Key slot %i removed."
-msgstr "Avaivälin %d lukitus avattu.\n"
-
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr ""
-
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr ""
-
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:505 src/utils_tools.c:569
-#, fuzzy
-msgid "Failed to initialize device signature probes."
-msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui."
-
-#: src/utils_tools.c:549
-#, fuzzy, c-format
-msgid "Failed to stat device %s."
-msgstr "Avaintiedoston kutsuminen stat-funktiolla epäonnistui.\n"
-
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr ""
-
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr ""
-
-#: src/utils_tools.c:578
+#: src/utils_tools.c:191
#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
+msgid "Command failed with code %i"
+msgstr "Komento epäonnistui koodilla %i"
-#: src/utils_tools.c:581
+#: src/utils_password.c:42 src/utils_password.c:74
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
-#, fuzzy
-msgid "Failed to wipe device signature."
-msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
-
-#: src/utils_tools.c:591
-#, fuzzy, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui."
-
-#: src/utils_tools.c:622
-#, fuzzy
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr "Uudelleensalauslohkon koko"
-
-#: src/utils_password.c:43 src/utils_password.c:76
-#, fuzzy, c-format
-msgid "Cannot check password quality: %s"
+msgid "Cannot check password quality: %s\n"
msgstr "Salasanan laatutarkistus epäonnistui: %s\n"
-#: src/utils_password.c:51
-#, fuzzy, c-format
+#: src/utils_password.c:50
+#, c-format
msgid ""
"Password quality check failed:\n"
-" %s"
+" %s\n"
msgstr ""
"Salasanan laatutarkistus epäonnistui:\n"
" %s\n"
-#: src/utils_password.c:83
-#, fuzzy, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Salasanan laatutarkistus epäonnistui: Virheellinen salasana (%s)\n"
-
-#: src/utils_password.c:228 src/utils_password.c:242
-#, fuzzy
-msgid "Error reading passphrase from terminal."
-msgstr "Virhe luettaessa salasanalausetta pääteikkunasta.\n"
-
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Todenna salasanalause: "
-
-#: src/utils_password.c:247
-#, fuzzy
-msgid "Passphrases do not match."
-msgstr "Salasanalauseet eivät täsmää.\n"
-
-#: src/utils_password.c:284
-#, fuzzy
-msgid "Cannot use offset with terminal input."
-msgstr "Siirrososoitteen käyttö pääteikkunasyötteellä epäonnistui.\n"
-
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Kirjoita salasanalause: "
-
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Kirjoita salasanalause kohteelle %s: "
-
-#: src/utils_password.c:321
-#, fuzzy
-msgid "No key available with this passphrase."
-msgstr "Tälle salasanalauseelle ei ole saatavissa avainta.\n"
-
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
-
-#: src/utils_password.c:365
-#, fuzzy, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Tiedoston %s avaus epäonnistui.\n"
-
-#: src/utils_password.c:372
-#, fuzzy, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Avaintiedoston %s lukeminen epäonnistui.\n"
-
-#: src/utils_luks2.c:47
-#, fuzzy, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr ""
-
-#: src/utils_luks2.c:67
-#, fuzzy
-msgid "Failed to read JSON file."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#: src/utils_luks2.c:72
-#, fuzzy
-msgid ""
-"\n"
-"Read interrupted."
-msgstr "VERITY-otsake rikkinäinen.\n"
-
-#: src/utils_luks2.c:113
-#, fuzzy, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-
-#: src/utils_luks2.c:126
-#, fuzzy
-msgid "Failed to write JSON file."
-msgstr "Avaintiedoston avaus epäonnistui.\n"
-
-#, c-format
-#~ msgid "Replaced with key slot %d.\n"
-#~ msgstr "Korvattiin avainvälillä %d.\n"
-
-#~ msgid "Function not available in FIPS mode.\n"
-#~ msgstr "Funktio ei ole käytettävissä FIPS-tilassa.\n"
-
-#~ msgid "Cannot find a free loopback device.\n"
-#~ msgstr "Vapaan silmukkalaiteen löytäminen epäonnistui.\n"
-
-#~ msgid "Invalid size parameters for verity device.\n"
-#~ msgstr "Virheelliset kokoparametrit verity-laitteelle.\n"
-
-#~ msgid "Too many tree levels for verity volume.\n"
-#~ msgstr "Verity-taltiolla liian monta puutasoa.\n"
-
-#~ msgid "memory allocation error in action_luksFormat"
-#~ msgstr "muistivarausvirhe kohteessa action_luksFormat"
-
-#, c-format
-#~ msgid "Key %d not active. Can't wipe.\n"
-#~ msgstr "Avain %d ei ole käytössä. Ei voida pyyhkiä pois.\n"
-
-#~ msgid "<name> <data_device> <hash_device> <root_hash>"
-#~ msgstr "<nimi> <data_laite> <tiiviste_laite> <root_tiiviste>"
-
-#~ msgid "create active device"
-#~ msgstr "luo aktiivilaite"
-
-#~ msgid "remove (deactivate) device"
-#~ msgstr "poista (deaktivoi) laite"
-
-#, c-format
-#~ msgid "Cannot open device %s\n"
-#~ msgstr "Laitteen %s avaus epäonnistui.\n"
-
-#, c-format
-#~ msgid "Marking LUKS device %s usable.\n"
-#~ msgstr "Merkitään LUKS-laite %s käyttökelpoiseksi.\n"
-
-#, c-format
-#~ msgid "Activated keyslot %i.\n"
-#~ msgstr "Aktivoitiin avainväli %i.\n"
-
+#: src/utils_password.c:82
#, c-format
-#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s"
-#~ msgstr "Eteneminen: %5.1f%%, ETA %02llu:%02llu, %4llu Mebitavua kirjoitettu, nopeus %5.1f Mebitavua/s%s"
-
-#~ msgid "Interrupted by a signal.\n"
-#~ msgstr "Signaalin keskeyttämä.\n"
+msgid "Password quality check failed: Bad passphrase (%s)\n"
+msgstr "Salasanan laatutarkistus epäonnistui: Virheellinen salasana (%s)\n"
#~ msgid "WARNING: this is experimental code, it can completely break your data.\n"
#~ msgstr "VAROITUS: tämä on kokeellista koodia, se voi rikkoa tietosi kokonaan.\n"
#~ msgid "Cannot check passsword quality: %s\n"
#~ msgstr "Salasanan laatutarkistus epäonnistui: %s\n"
+#~ msgid "Failed to obtain device mapper directory."
+#~ msgstr "Laitekuvaajahakemiston hankkiminen epäonnistui."
+
#~ msgid "Backup file %s doesn't exist.\n"
#~ msgstr "Varmuuskopiotiedostoa %s ei ole olemassa.\n"
+#~ msgid "Cannot open file %s.\n"
+#~ msgstr "Tiedoston %s avaus epäonnistui.\n"
+
#~ msgid "<name> <device>"
#~ msgstr "<nimi> <laite>"
#~ msgid "Unable to obtain sector size for %s"
#~ msgstr "Ei kyetä samaan sektorikokoa kohteelle %s"
+#~ msgid "Failed to write to key storage.\n"
+#~ msgstr "Avainsäiliöön kirjoittaminen epäonnistui.\n"
+
+#~ msgid "Failed to read from key storage.\n"
+#~ msgstr "Avainsäiliöstä lukeminen epäonnistui.\n"
+
#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n"
#~ msgstr "Ei voida käyttää laitetta %s (salatut segmentit ovat päällekkäin tai toisen laitteen käyttämiä).\n"
+#~ msgid "Key slot %d verified.\n"
+#~ msgstr "Avainväli %d on todennettu.\n"
+
+#~ msgid "Invalid key size %d.\n"
+#~ msgstr "Virheellinen avainkoko %d.\n"
+
#~ msgid "Block mode XTS is available since kernel 2.6.24.\n"
#~ msgstr "Lohkotila XTS on käytetettävissä käyttöjärjestelmäytimestä 2.6.24 alkaen.\n"
#~ msgid "%s is not LUKS device.\n"
#~ msgstr "%s ei ole LUKS-laite.\n"
+#~ msgid "%s is not LUKS device."
+#~ msgstr "%s ei ole LUKS-laite."
+
#~ msgid "Unknown crypto device type %s requesed.\n"
#~ msgstr "Tuntematon salauslaitetyyppi %s pyydetty.\n"
# Messages français pour cryptsetup.
-# Copyright (C) 2021 Free Software Foundation, Inc.
+# Copyright (C) 2023 Free Software Foundation, Inc.
# This file is put in the public domain.
#
# Solveig <perso@solveig.org>, 2009.
# Nicolas Provost <nprovost@quadriv.com>, 2011.
-# Frédéric Marchal <fmarchal@perso.be>, 2021.
+# Frédéric Marchal <fmarchal@perso.be>, 2023.
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-22 18:30+0200\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 15:51+0100\n"
"Last-Translator: Frédéric Marchal <fmarchal@perso.be>\n"
"Language-Team: French <traduc@traduc.org>\n"
"Language: fr\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=2; plural=(n >= 2);\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Exécution comme un utilisateur non-root."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Impossible d'initialiser le gestionnaire « device-mapper ». Le module noyau dm_mod est-il chargé ?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "Le fanion différé demandé n'est pas supporté."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "Le DM-UUID du périphérique %s a été tronqué."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Type de cible dm inconnu."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Les options de performance dm-crypt demandées ne sont pas supportées."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Les options demandées de gestion de corruption des données dm-verity ne sont pas supportées."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "L'option dm-verity tasklets demandée n'est pas supportée."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Les options dm-verity FEC demandées ne sont pas supportées."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Les options d'intégrité de données demandées ne sont pas supportées."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "L'option sector_size demandée n'est pas supportée."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Le recalcule automatique des balises de sécurité demandés n'est pas supporté."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Discard/TRIM n'est pas supporté."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Le mode de carte de bits d'intégrité dm demandé n'est pas supporté."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Échec lors de l'interrogation du segment dm-%s."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Le système a manqué d'entropie lors de la génération de la clef de volume.\n"
"Veuillez remuer la souris ou taper du texte dans une autre fenêtre pour générer des événements aléatoires.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Génération de la clef (%d%% effectués).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Fonctionne en mode FIPS."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "Erreur fatale d'initialisation RNG."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "La qualité du générateur aléatoire RNG demandé est inconnue."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Erreur en lecture du générateur aléatoire RNG "
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Impossible d'initialiser le moteur aléatoire RNG pour le chiffrement."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Impossible d'initialiser le moteur de chiffrement."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "L'algorithme de hachage %s n'est pas supporté."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Erreur de traitement de clé (valeur hachage %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Impossible de déterminer le type de périphérique. Activation du périphérique incompatible ?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "Cette opération n'est possible que pour les périphériques LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Cette opération n'est possible que pour les périphériques LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Tous les emplacements de clés sont utilisés."
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "L'emplacement de clé %d n'est pas valide, merci d'en choisir un entre 0 et %d."
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "L'emplacement de clé %d est utilisé, merci d'en sélectionner un autre."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "La taille du périphérique n'est pas alignée avec la taille d'un bloc logique du périphérique."
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "En-tête détecté mais le périphérique %s est trop petit."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Cette opération n'est pas supportée pour ce type de périphérique."
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "Opération illégale avec une re-chiffrement en cours."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Échec lors du retour en arrière des métadonnées LUKS2 en mémoire."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "%s n'est pas un périphérique LUKS valide."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "La version %d de LUKS n'est pas supportée."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "Le périphérique %s n'est pas activé."
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Le périphérique sous-jacent pour le périphérique chiffré %s a disparu."
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "Paramètres de chiffrement non valides."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "La taille de la clé n'est pas valide."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "le UUID n'est pas supporté avec ce type de chiffrement."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Un périphérique avec des métadonnées détachées n'est pas supporté avec ce type de chiffrement."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Taille de secteur de chiffrement non supportée."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "La taille du périphérique n'est pas alignée avec la taille de secteur demandée."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "Impossible de formater en LUKS sans périphérique."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "L'alignement de données demandé n'est pas compatible avec le décalage des données."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Impossible d'effacer l'en-tête du périphérique %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Le périphérique %s est trop petit pour l'activation, il ne reste pas d'espace pour les données.\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "AVERTISSEMENT: L'activation du périphérique va échouer, dm-crypt ne supporte pas la taille de secteur de chiffrement demandée.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "La clé de volume est trop petite pour chiffrer avec les extensions d'intégrité."
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Le chiffrement %s-%s (clé de %zd bits) n'est pas disponible."
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "ATTENTION: La taille des métadonnées LUKS2 est devenue %<PRIu64> octets.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "ATTENTION: La taille de la zone des emplacements de clés LUKS2 est devenue %<PRIu64> octets.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Le périphérique %s est trop petit."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "Impossible de formater le périphérique %s qui est en cours d'utilisation."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Impossible de formater le périphérique %s. Permission refusée."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Impossible de formater l'intégrité du périphérique %s."
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "Impossible de formater le périphérique %s"
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "Impossible de formater LOOPAES sans périphérique."
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "Impossible de formater VERITY sans périphérique."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Type de hachage VERITY %d non supporté."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Taille de bloc VERITY non supportée."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Décalage de hachage VERITY non supporté."
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "Décalage VERITY FEC non supporté."
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "La zone de données recouvre la zone de hachage."
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "La zone de hachage recouvre la zone FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "La zone de données recouvre la zone FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "ATTENTION : La taille %d demandée pour l'étiquette est différente de la taille de sortie de %s (%d octets).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Type de chiffrement de périphérique demandé (%s) inconnu."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Paramètres non supportés sur le périphérique %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Paramètres non concordants sur le périphérique %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Désaccord entre les périphériques crypt."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Impossible de recharger le périphérique %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Impossible de suspendre le périphérique %s."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Impossible de redémarrer le périphérique %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Erreur fatale en rechargeant le périphérique %s (au dessus du périphérique %s)"
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Impossible de basculer le périphérique %s en dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "Impossible de redimensionner le périphérique loopback."
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "ATTENTION: La taille maximale est déjà définie ou le noyau ne supporte pas le redimensionnement.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Le redimensionnement a échoué, le noyau ne le supporte pas."
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "Voulez vous réellement changer l'UUID du périphérique ?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Le fichier de sauvegarde de l'en-tête ne contient pas d'en-tête compatible LUKS."
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "Le volume %s n'est pas actif."
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "Le volume %s est déjà suspendu."
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Le périphérique %s ne supporte pas la suspension."
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "Erreur lors de la suspension du périphérique %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Le périphérique %s ne supporte pas la remise en service."
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "Erreur lors de la remise en service du périphérique %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Le volume %s n'est pas suspendu."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Ceci n'est pas la clé du volume."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "Nouvel emplacement de clé impossible à échanger."
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "L'emplacement de clé %d n'est pas valide."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "L'emplacement de clé %d n'est pas actif."
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "L'en-tête du périphérique recouvre la zone de données."
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Re-chiffrement en cours. Impossible d'activer le périphérique."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Impossible d'obtenir le verrou de re-chiffrement."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "La récupération du rechiffrement LUKS2 a échoué."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "Type de périphérique improprement initialisé."
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "Le périphérique %s existe déjà."
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Impossible d'utiliser le périphérique %s, le nom est invalide ou est toujours utilisé."
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "Clé de volume incorrecte pour le périphérique en clair."
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "Hachage racine incorrect spécifié pour le périphérique verity."
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "Signature de hachage racine requise."
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Le porte-clé du noyau est manquant : il est requis pour passer une signature au noyau."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "Impossible de charger la clé dans le porte-clé du noyau."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Impossible d'annuler la suppression différée du périphérique %s."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Le périphérique %s est toujours occupé."
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "Le périphérique %s n'est pas valide."
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "Le tampon de la clé du volume est trop petit."
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS2."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Impossible de récupérer la clé du volume pour le périphérique LUKS1."
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "Impossible de récupérer la clé du volume pour ce périphérique de type « plain »."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Impossible de récupérer le hachage racine pour le périphérique verity."
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Impossible de récupérer la clé du volume pour le périphérique BITLK."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Impossible de récupérer la clé du volume pour le périphérique FVAULT2."
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Cette opération n'est pas possible pour le périphérique chiffré %s."
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "L'opération de vidage n'est pas supportée pour ce type de périphérique."
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Le décalage des données n'est pas un multiple de %u octets."
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Impossible de convertir le périphérique %s qui est toujours en cours d'utilisation."
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Échec de l'affectation de l'emplacement de clé %u pour la nouvelle clé de volume."
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Échec de l'initialisation des paramètres par défaut des emplacement de clé LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Échec de l'affectation de l'emplacement de clé %d aux résumé."
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Impossible d'ajouter un emplacement de clé, tous les emplacements sont désactivés et aucune clé n'a été fournie pour ce volume."
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "Le porte-clé du noyau n'est pas supporté par ce noyau."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Échec lors de la lecture du mot de passe depuis le porte-clé (erreur %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Erreur lors de l'acquisition du verrou global de sérialisation des accès strictes à la mémoire"
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Impossible d'obtenir la priorité du processus."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Impossible de déverrouiller la mémoire."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Impossible d'ouvrir le fichier de clef."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Impossible de lire le fichier de clé depuis un terminal."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "Impossible d'exécuter « stat » sur le fichier de clef."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Impossible de sauter au décalage demandé dans le fichier de clé."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "Plus assez de mémoire lors de la lecture de la phrase secrète."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Erreur de lecture de la phrase secrète."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Rien à lire en entrée."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Taille max. de fichier de clé dépassée."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "Impossible de lire la quantité de données demandée."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Le périphérique %s n'existe pas ou l'accès y est interdit."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Le périphérique %s n'est pas compatible."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "La mauvaise taille de optimal-io est ignorée pour le périphérique de données (%u octets)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Le périphérique %s est trop petit. Il a besoin d'au moins %<PRIu64> octets."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Impossible d'utiliser le périphérique %s actuellement utilisé (déjà mappé ou monté)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Impossible d'utiliser le périphérique %s, permission refusée."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "Impossible d'obtenir des informations au sujet du périphérique %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Impossible d'utiliser un périphérique loopback. Fonctionne comme un utilisateur non-root."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Impossible d'associer le périphérique loopback (le drapeau « autoclear » est requis)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Le décalage demandé est au delà de la taille réelle du périphérique %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Le périphérique %s a une taille nulle."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "Seul PBKDF2 est supporté en mode FIPS."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "L'étalon PBKDF est désactivé mais les itérations ne sont pas définies."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Options PBKDF2 incompatibles (en utilisant l'algorithme de hachage %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "Options PBKDF incompatibles."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (pas un répertoire ou est manquant)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Le répertoire de verrouillage %s/%s sera créé avec les permissions par défaut fournies durant la compilation."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Verrouillage interrompu. Le chemin de verrouillage %s/%s est inutilisable (%s n'est pas un répertoire)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Impossible de se déplacer au décalage du périphérique."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Erreur durant l'effacement total, offset %<PRIu64>"
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "La spécification du chiffrement devrait être au format [chiffrement]-[mode]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Impossible d'écrire sur le périphérique %s. Permission refusée."
msgid "Failed to access temporary keystore device."
msgstr "Impossible d'accéder au périphérique de stockage temporaire de clés."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Erreur E/S pendant le chiffrement de l'emplacement de clé."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Impossible d'ouvrir le périphérique %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "Erreur E/S pendant le déchiffrement de l'emplacement de clé."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Le périphérique %s est trop petit (LUKS1 a besoin d'au moins %<PRIu64> octets)."
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "L'emplacement de clé LUKS %u n'est pas valide."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "%s n'est pas un périphérique LUKS valide."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Le fichier de sauvegarde d'en-tête demandé %s existe déjà."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Impossible de créer le fichier de sauvegarde d'en-tête %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Impossible d'écrire le fichier de sauvegarde d'en-tête %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Le fichier de sauvegarde ne contient pas d'en-tête LUKS valide."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Impossible d'ouvrir le fichier de sauvegarde d'en-tête %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Impossible de lire le fichier de sauvegarde d'en-tête %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Le décalage des données (« offset ») ou la taille de la clé ne sont pas identiques dans le périphérique et la sauvegarde. La restauration a échouée."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "Périphérique %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "ne contient pas d'en-tête LUKS. Remplacer l'en-tête peut détruire les données de ce périphérique."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "contient déjà un en-tête LUKS. Remplacer l'en-tête détruira les emplacements de clés actuels."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"ATTENTION : l'en-tête du périphérique a un UUID différent de celui de la sauvegarde !"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "Taille de clé non standard. Réparation manuelle requise."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Alignement non standard des emplacements de clé. Réparation manuelle requise."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Mode de chiffrement réparé (%s -> %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Valeur hachée du chiffrement réparée vers des minuscules (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté."
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "Réparation des emplacements de clé."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Emplacement de clé %i : décalage réparé (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Emplacement de clé %i : bandes réparées (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Emplacement de clé %i : signature de partition contrefaite."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Emplacement de clé %i : aléa effacé."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "Écriture de l'en-tête LUKS sur le disque."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "Échec de la réparation."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "L'algorithme de hachage LUKS demandé (%s) n'est pas supporté."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Le mode de chiffrement LUKS %s n'est pas valide."
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "La valeur hachée LUKS %s n'est pas valide."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "Aucun problème connu détecté pour l'en-tête LUKS."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Erreur lors de la mise à jour de l'en-tête LUKS sur le périphérique %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Erreur lors de la relecture de l'en-tête LUKS après la mise à jour sur le périphérique %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "L'offset des données d'un en-tête LUKS doit être soit 0 ou soit plus grand que la taille de l'en-tête."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "Mauvais format fourni pour le UUID LUKS."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Impossible de créer un en-tête LUKS : échec lors de la lecture de l'aléa."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Impossible de créer un en-tête LUKS : le résumé (« digest ») de l'en-tête a échoué (en utilisant l'algorithme de hachage %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "L'emplacement de clé %d est activé, effacez le d'abord."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Le matériel de l'emplacement de clé %d a trop peu de bandes. L'en-tête a-t-il été modifié ?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Débordement de la valeur d'itération de PBKDF2."
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Impossible d'ouvrir l'emplacement de clé (en utilisant le hachage %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "L'emplacement de clé %d n'est pas valide, merci de sélectionner un emplacement entre 0 et %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Impossible d'effacer de façon sécurisée le périphérique %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Le noyau ne supporte pas les associations de type boucle « loop-AES »."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Erreur lors de la lecture du fichier de clé %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Longueur maximum de la phrase secrète TCRYPT (%zu) dépassée."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "L'algorithme de hachage PBKDF2 %s n'est pas supporté, ignoré."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "L'interface du noyau requise pour le chiffrement n'est pas disponible."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Vérifiez que le module du noyau algif_skcipher est chargé."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "L'activation n'est pas supportée pour des secteurs de taille %d."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Le noyau ne supporte pas l'activation pour ce mode TCRYPT historique."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Activation du chiffrement du système TCRYPT sur la partition %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Le noyau ne supporte pas les associations de type TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Cette fonction n'est pas supportée sans le chargement de l'en-tête TCRYPT."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la Clé Maître du Volume supportée."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Chaîne texte invalide rencontrée en analysant la Clé Maître du Volume."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Chaîne texte (« %s ») inattendue rencontrée en analysant la Clé Maître du Volume supportée."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la Clé Maître du Volume supportée."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Impossible de lire la signature BITLK depuis %s."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Signature invalide ou inconnue pour le périphérique BITLK."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "La version 1 de BITLK n'est actuellement pas supportée."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Signature d'amorce invalide ou inconnue pour le périphérique BITLK."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Taille de secteur %<PRIu16> non supportée."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Impossible de lire l'en-tête BITLK depuis %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Impossible de lire les méta-données BITLK FVE depuis %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "Type de chiffrement inconnu ou non supporté."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Impossible de lire les entrées des méta-données de BITLK depuis %s."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Échec lors de la conversion de la description du volume BITLK"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Un type d'entrée « %u » inattendu a été trouvé dans la méta-donnée en analysant la clé externe."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "Le GUID du fichier BEK « %s » ne correspond pas au GUID du volume."
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "La valeur « %u » pour l'entrée de la méta-donnée est inattendue en analysant la clé externe."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Métadonnées BEK version %<PRIu32> non supportées"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "La taille inattendue des métadonnées BEK %<PRIu32> ne correspond pas à la longueur du fichier BEK"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Une entrée de méta-donnée inattendue a été trouvée en analysant la clé de démarrage."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "Cette opération n'est pas supportée."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "Taille inattendue pour les données de la clé."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Ce périphérique BITLK est dans un état non supporté et ne peut pas être activé."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Les périphériques BITLK avec le type « %s » ne peuvent pas être activés."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "L'activation d'un périphérique BITLK partiellement déchiffré n'est pas supporté."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "AVERTISSEMENT: La taille %<PRIu64> du volume BitLocker ne correspond pas à la taille %<PRIu64> du périphérique sous-jacent"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas le diffuseur BITLK Elephant."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Impossible d'activer le périphérique car dm-crypt dans le noyau ne supporte pas une grande taille de secteur."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Impossible d'activer le périphérique car le module dm-zero est manquant dans le noyau."
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Le périphérique verity %s n'utilise pas l'en-tête sur le disque."
+msgid "Could not read %u bytes of volume header."
+msgstr "Échec à la lecture de %u octets dans l'en-tête du volume."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Le périphérique %s n'est pas un périphérique VERITY valable."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Version FVAULT2 %<PRIu16> non supportée."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Le périphérique verity %s n'utilise pas l'en-tête sur le disque."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "La version VERITY %d n'est pas supportée."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "En-tête VERITY corrompu."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Mauvais format d'UUID VERITY fourni sur le périphérique %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Erreur lors de la mise à jour de l'en-tête verity sur le périphérique %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "La vérification de la signature du hachage racine n'est pas supportée."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Les erreurs ne savent pas être réparées avec un périphérique FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "%u erreurs réparables ont été trouvées avec le périphérique FEC."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Le noyau ne supporte pas les associations de type dm-verity."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Le noyau ne supporte pas les options de signature dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Le périphérique verity a détecté une corruption après l'activation."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "La zone de réserve n'a pas été mise à zéro à la positon %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Débordement du décalage du périphérique."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "La vérification a échoué à la position %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Débordement de la zone de hachage."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "La vérification de la zone de données a échoué."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "La vérification du hachage de la racine a échoué."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Erreur d'entrée/sortie lors de la création de la zone de hachage."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "La création de la zone de hachage a échoué."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "ATTENTION : Le kernel ne peut pas activer le périphérique si la taille des blocs de données dépasse la taille d'une page (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Échec de la réparation de la parité du bloc %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Échec de l'écriture de la parité du bloc RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Les tailles des blocs doivent concorder pour FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Nombre d'octets de parité invalide."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Longueur de segment FEC invalide."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Impossible de déterminer la taille du périphérique %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Métadonnées dm-integrity du noyau incompatible (version %u) détectée sur %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Le noyau ne supporte pas les associations de type dm-integrity."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Le noyau ne supporte pas les alignements de méta-données fixés de dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Le noyau refuse d'activer l'option de recalcul non sûre (voyez les options d'activation historique pour outrepasser)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Impossible d'acquérir un verrou en écriture sur le périphérique %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Tentative détectée de mettre à jour les métadonnées LUKS2 de manière concurrent. L'opération est abandonnée."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Le périphérique contient une signature ambigüe, impossible de récupérer automatiquement LUKS2.\n"
"Veuillez exécuter « cryptsetup repair » pour la récupération."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Le décalage de données demandé est trop petit."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "ATTENTION: la zone des emplacements de clés (%<PRIu64> octets) est très petite, le nombre d'emplacements de clés LUKS2 est très limité.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Impossible d'acquérir le verrou de lecture sur le périphérique %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Des exigences LUKS2 interdites ont été détectées dans la sauvegarde %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Les décalages des données ne sont pas identiques sur le périphérique et la sauvegarde, la restauration a échoué."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Les en-têtes binaires avec des tailles de zones d'emplacements de clés sont différents sur le périphérique et la sauvegarde, la restauration a échouée."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Périphérique %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "ne contient pas d'en-tête LUKS2. Remplacer l'en-tête peut détruire les données de ce périphérique."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "contient déjà un en-tête LUKS2. Remplacer l'en-tête détruira les emplacements de clés actuels."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"ATTENTION: des exigences LUKS2 inconnues ont été détectées sur l'en-tête du périphérique réel !\n"
"Remplacer l'en-tête par la sauvegarde peut corrompre les données sur ce périphérique !"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"ATTENTION: Un rechiffrement hors-ligne non terminé a été détecté sur le périphérique !\n"
"Remplacer l'en-tête par la sauvegarde peut corrompre les données."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Fanion inconnu %s ignoré."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Clé manquante pour le segment %u de dm-crypt"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Impossible de définir le segment dm-crypt."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Impossible de définir le segment dm-linear."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Configuration d'intégrité du périphérique non supportée."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Re-chiffrement en cours. Le périphérique ne peut être désactivé."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Échec du remplacement du périphérique suspendu %s avec la cible dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Échec lors de la lecture des exigences LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Des exigences LUKS2 non rencontrées ont été détectées."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement historique. Abandon."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Opération incompatible avec un périphérique marqué pour le rechiffrement LUKS2. Abandon."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Pas assez de mémoire disponible pour ouvrir l'emplacement de clé."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Échec de l'ouverture de l'emplacement de clé."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Impossible d'utiliser le chiffrement %s-%s pour le chiffrement de l'emplacement de clé"
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "L'algorithme de hachage %s n'est pas disponible."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "Plus d'espace pour le nouvel emplacement de clé."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Requête de changement du mode de résilience du rechiffrement invalide."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Impossible de mettre à jour le type de résilience. Le nouveau type ne fourni que %<PRIu64> octets alors que l'espace requis est %<PRIu64> octets."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Impossible de rafraîchir le résumé de la vérification de rechiffrement."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Ne peut vérifier le statut du périphérique avec le uuid : %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Impossible de convertir un en-tête avec des métadonnées LUKSMETA supplémentaires."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Impossible d'utiliser la spécification de chiffrement %s-%s pour LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Impossible de déplacer la zone des emplacements de clés. Pas assez d'espace."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Impossible de convertir au format LUKS2 – métadonnées invalides."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Impossible de déplacer la zone des emplacements de clés. Les emplacements de clés LULS2 sont trop petits."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Impossible de déplacer la zone des emplacements de clés."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Impossible de convertir au format LUKS1 – la taille du secteur de chiffrement du segment par défaut n'est pas 512 octets."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Impossible de convertir au format LUKS1 – les résumés des emplacements de clés ne sont pas compatibles avec LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Impossible de convertir au format LUKS1 – le périphérique utilise des clés de chiffrement %s emballées."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Impossible de convertir au format LUKS1 – le périphérique utilise plus de segments."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Impossible de convertir au format LUKS1 – l'en-tête LUKS2 contient %u jeton(s)."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u est dans un état invalide."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Impossible de convertir au format LUKS1 – l'emplacement %u (sur les emplacements maximum) est toujours actif."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Impossible de convertir au format LUKS1 – l'emplacement de clé %u n'est pas compatible avec LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "La taille de la zone chaude doit être un multiple de l'alignement de zone calculé (%zu octets)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "La taille du périphérique doit être un multiple de l'alignement de zone calculé (%zu octets)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Mode de résilience %s non supporté"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Impossible d'initialiser l'encapsulation pour le stockage de l'ancien segment."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Impossible d'initialiser l'encapsulation pour le stockage du nouveau segment."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Impossible d'initialiser la protection des zones chaudes."
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Impossible de lire les sommes de contrôle pour la zone chaude actuelle."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Échec de la lecture de la zone chaude démarrant à %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Échec lors du déchiffrement du secteur %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Échec lors de la récupération du secteur %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Les tailles des périphériques source et cible ne correspondent pas. Source %<PRIu64>, cible: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Échec de l'activation du périphérique de zone chaude %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Impossible d'activer le périphérique de surcouche %s avec la table d'origine actuelle."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Impossible de charger la nouvelle cartographie du périphérique %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Impossible de rafraîchir la pile des périphériques de rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Impossible de définir la taille de la nouvelle zone des emplacements de clés."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "La valeur de décalage de données n'est pas alignée sur la taille de secteur de chiffrement (%<PRIu32> octets)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Mode de résilience %s non supporté"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "La taille du secteur déplacé ne peut pas être plus grande que la valeur de décalage des données."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Paramètres de rechiffrement de la résilience invalides."
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Le décalage de données n'est pas aligné sur la taille de secteur de chiffrement demandée (%<PRIu32> octets)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Le segment déplacé est trop grand. La taille demandée est %<PRIu64>, l'espace disponible est %<PRIu64>"
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Erreur lors de la suppression de la table."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "La taille des données réduites est plus grande que la taille réelle du périphérique."
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Le périphérique de données n'est pas aligné sur la taille de secteur de chiffrement
demandée (%<PRIu32> octets)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Le périphérique de données n'est pas aligné sur la taille de secteur de chiffrement (%<PRIu32> octets)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Le décalage de données (%<PRIu64> secteurs) est plus petit que le décalage de données future (%<PRIu64> secteurs)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Erreur lors de l'ouverture de %s en mode exclusif (déjà mappé ou monté)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Le périphérique n'est pas marqué pour le rechiffrement LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Échec du chargement du contexte de rechiffrement LUKS2"
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Impossible d'obtenir l'état de rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Le périphérique n'est pas en rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Le rechiffrement est déjà en cours."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Impossible d'acquérir le verrou de rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Impossible de réaliser le rechiffrement. Exécutez d'abord la récupération du rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "La taille du périphérique actif et la taille de rechiffrement demandée ne correspondent pas."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "Taille de périphérique illégale demandée dans les paramètres de rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Rechiffrement en cours. La récupération ne peut pas être réalisée."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "Rechiffrement LUKS2 déjà initialisé dans les métadonnées."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Échec de l'initialisation du rechiffrement LUKS2 dans les métadonnées."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Impossible de définir les segments du périphérique pour le rechiffrement suivant de la zone chaude."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Échec lors de l'écriture des métadonnées de la résilience du rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Échec du déchiffrement."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Échec de l'écriture de la zone chaude démarrant à %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Erreur lors de la synchronisation des données."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Échec de la mise à jour des métadonnées après la fin du rechiffrement de la zone chaude courante."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Échec lors de l'écriture des métadonnées LUKS2"
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Échec lors de l'effacement des données du segment de sauvegarde."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Impossible d'effacer la zone du périphérique contenant les données inutilisées."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Échec lors de l'affectation du jeton %d à l'emplacement de clé %d."
+msgstr "Erreur lors de la suppression de l'emplacement de clé inutilisé (unbound) %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Impossible d'obtenir le verrou de re-chiffrement."
+msgstr "Erreur lors de la suppression de l'emplacement de clé de re-chiffrement."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Erreur fatale en rechiffrant le morceau commençant à %<PRIu64> d'une longueur de %<PRIu64> secteurs."
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Échec du rechiffrement en-ligne."
+
# Frédéric: Je n'ai pas la moindre idée de ce que le développeur a voulu écrire. Qu'est-ce que "error target" dans ce contexte ?
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Ne pas redémarrer le périphérique à moins qu'il ait été remplacé manuellement par la cible en erreur."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Impossible de réaliser le rechiffrement. Statut de rechiffrement inattendu."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Contexte de rechiffrement manquant ou invalide."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Impossible d'initialiser la pile du périphérique de rechiffrement."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Échec de la mise à jour du contexte de rechiffrement."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "L'emplacement de clé %d n'est pas valide."
+msgstr "Les méta-données de rechiffrement sont invalides."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Aucun emplacement de jeton libre"
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Les paramètres de chiffrement des emplacement de clés peuvent uniquement être définis pour un périphérique LUKS2."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Échec lors de la création du jeton intégré %s"
+msgid "Enter token PIN: "
+msgstr "Entrez le code PIN du jeton : "
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Impossible de vérifier une phrase secrète non saisie sur une console."
-
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Les paramètres de chiffrement des emplacement de clés peuvent uniquement être définis pour un périphérique LUKS2."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Entrez le code PIN du jeton %d : "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Aucun motif connu d'algorithme de chiffrement n'a été détecté."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "ATTENTION: Le paramètre --hash est ignoré en mode non chiffré quand le fichier de clé est spécifié.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "ATTENTION: L'option --keyfile-size est ignorée. La taille de lecture est la même que la taille de la clé de chiffrement.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Signature(s) de périphérique détectée(s) sur %s. Continuer risque d'endommager les données existantes."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "Opération interrompue.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "L'option --key-file est requise."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Entrez le PIN VeraCrypt : "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Valeur PIN invalide : erreur d'analyse"
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Valeur PIN invalide: 0"
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Valeur PIN invalide: hors des limites."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Aucun en-tête détecté avec cette phrase secrète sur le périphérique."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Le périphérique %s n'est pas un périphérique BITLK valide."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Impossible de déterminer la taille de la clé de volume pour BITLK, veuillez utiliser l'option --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n"
"Ce contenu devrait toujours être stocké, chiffré, en lieu sûr."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Le contenu de l'en-tête avec la clé de volume est une information\n"
+"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n"
+"Ce contenu devrait être stocké, chiffré, en lieu sûr."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Le périphérique %s n'est pas un périphérique FVAULT2 valide."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Impossible de déterminer la taille de la clé de volume pour FVAULT2, veuillez utiliser l'option --key-size."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Le périphérique %s est toujours actif et prévu pour une suppression différée.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Le redimensionnement d'un périphérique actif requiert que la clé du volume soit dans le porte-clé mais l'option --disable-keyring est définie."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Test de performance interrompu."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/A\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u itérations par seconde pour une clé de %zu bits\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/A\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u itérations, %5u mémoire, %1u threads parallèles (CPUs) pour une clé de %zu bits (temps de %u ms demandé)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Le résultat de l'évaluation de performance n'est pas fiable."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algorithme | Clé | Chiffrement | Déchiffrement\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Le chiffrement %s (avec une clé de %i bits) n'est pas disponible."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algorithme | Clé | Chiffrement | Déchiffrement\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "N/D"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Des métadonnées de rechiffrement LUKS2 non protégées ont été détectées. Veuillez vérifier si l'opération de rechiffrement est\n"
+"désirable (consultez la sortie de luksDump) et continuez (mise à niveau des métadonnées) uniquement si vous constatez que\n"
+"l'opération est légitime."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Entrez la phrase secrète pour protéger et mettre à niveau les métadonnées de rechiffrement : "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Réellement procéder à la récupération du rechiffrement LUKS2 ?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : "
+msgstr "Entrez la phrase secrète pour vérifier le résumé des métadonnées du rechiffrement : "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "Entrez la phrase secrète pour la récupération du rechiffrement : "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Réellement essayer de réparer l'en-tête du périphérique LUKS ?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Effacement interrompu."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Effacement du périphérique pour initialiser les sommes de contrôle d'intégrité.\n"
"Vous pouvez interrompre ceci en appuyant sur CTRL+c (le reste du périphérique effacé contiendra toujours des sommes de contrôle invalides).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Impossible de désactiver le périphérique temporaire %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "L'option d'intégrité peut uniquement être utilisée avec le format LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Options de taille des métadonnées LUKS2 non supportées."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Le fichier d'en-tête n'existe pas, voulez-vous le créer ?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Impossible de créer le fichier d'en-tête %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Aucun motif connu de spécification d'intégrité n'a été détecté."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Ne peut utiliser %s comme en-tête sur disque."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Cette action écrasera définitivement les données sur %s."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Impossible de définir les paramètres pbkdf."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Décalage réduit de données est uniquement permis dans un en-tête LUKS détaché."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Le container %s du fichier LUKS est trop petit pour l'activation, il ne reste pas d'espace pour les données."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Impossible de déterminer la taille de la clé de volume pour LUKS sans emplacement de clé, veuillez utiliser l'option --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Le périphérique a été activé mais les fanions ne peuvent pas être rendus permanents."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Emplacement de clé %d sélectionné pour suppression."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Ceci est le dernier emplacement de clé. Le périphérique sera inutilisable après la suppression de cette clé."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Entrez toute phrase secrète restante : "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Opération interrompue, l'emplacement de clé n'a PAS été effacé.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Entrez la phrase secrète à effacer : "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "%s n'est pas un périphérique LUKS2 valide."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Entrez une nouvelle phrase secrète pour l'emplacement de clé : "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "ATTENTION: Le paramètre --key-slot est utilisé pour le nouveau numéro de l'emplacement de clé.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Entrez une phrase secrète existante : "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Entrez la phrase secrète à changer : "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Entrez la nouvelle phrase secrète : "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Entrez la phrase secrète pour l'emplacement de clé à convertir: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "L'opération isLuks supporte seulement un périphérique en argument."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Le contenu de l'en-tête avec la clé de volume est une information\n"
-"sensible qui permet d'accéder à la partition chiffrée sans mot de passe.\n"
-"Ce contenu devrait être stocké, chiffré, en lieu sûr."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "L'emplacement de clé %d ne contient pas de clé non liée."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Le contenu de l'en-tête avec une clé non liée est une information sensible.\n"
"Ce contenu devrait être stocké, chiffré, en lieu sûr."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s n'est pas un nom de périphérique %s actif."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s n'est pas un nom de périphérique LUKS actif ou l'en-tête est manquant."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "L'option --header-backup-file est requise."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s n'est pas un périphérique géré par cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Le rafraîchissement n'est pas supporté pour un périphérique de type %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Type de métadonnée du périphérique %s non reconnu."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "La commande exige un périphérique et un nom de correspondance comme arguments."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Cette opération va supprimer tous les emplacements de clés du périphérique %s.\n"
"Le périphérique sera inutilisable après cette opération."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Opération interrompue, les emplacements de clés n'ont PAS été effacés.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Type LUKS invalide, seuls luks1 et luks2 sont supportés."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Le périphérique est déjà du type %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Cette opération va convertir %s au format %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Opération interrompue, le périphérique n'a PAS été converti.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "L'option --priority, --label ou --subsystem est manquante."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "Le jeton %d est invalide."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "Le jeton %d est utilisé."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Échec lors de l'ajout du jeton %d au porte-clé luks2."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Échec lors de l'affectation du jeton %d à l'emplacement de clé %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "Le jeton %d n'est pas utilisé."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "Impossible d'importer le jeton depuis le fichier."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "Impossible d'obtenir le jeton %d pour l'export."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Le paramètre --key-description est requis pour l'action d'ajout d'un jeton."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --token-id."
-
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr "L'opération de jeton %s est invalide."
-
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Périphérique dm actif auto-détecté « %s » pour le périphérique de données %s.\n"
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Le jeton %d n'est pas assigné à l'emplacement de clé %d."
-#: src/cryptsetup.c:2802
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Le périphérique %s n'est pas un périphérique blocs.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Impossible de dissocier le jeton %d de l'emplacement de clé %d."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Échec de l'auto-détection des containers du périphérique %s."
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont supportées seulement pour un périphérique TCRYPT."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Impossible de décider si le périphérique %s est actif ou non.\n"
-"Êtes-vous sûr de vouloir procéder au rechiffrement en mode hors-ligne ?\n"
-"Les données pourraient être corrompues si le périphérique est réellement activé.\n"
-"Pour exécuter le rechiffrement en mode en ligne, utilisez le paramètre --active-name.\n"
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "L'option --veracrypt ou --disable-veracrypt est uniquement supportée pour un périphérique de type TCRYPT."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Type de périphérique LUKS invalide."
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "L'option --veracrypt-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "Le chiffrement sans en-tête détaché (--header) n'est pas possible sans une réduction de la taille du périphérique de données (--reduce-device-size)"
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "L'option --veracrypt-query-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Le décalage de données demandé doit être inférieur ou égal à la moitié du paramètre --reduce-device-size."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Les options --veracrypt-pim et --veracrypt-query-pim sont mutuellement exclusives."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Ajustement de la valeur de --reduce-device-size à deux fois --offset %<PRIu64> (secteurs).\n"
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "L'option --persistent n'est pas permise avec --test-passphrase."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Le chiffrement est uniquement supporté avec le format LUKS2."
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Les options --refresh et --test-passphrase sont mutuellement exclusives."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Périphérique LUKS détecté sur %s. Voulez-vous chiffrer à nouveau ce périphérique LUKS ?"
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "L'option --shared est permise uniquement pour ouvrir un périphérique ordinaire."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Le fichier temporaire d'en-tête %s existe déjà. Abandon."
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "L'option --skip est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Impossible de créer le fichier temporaire d'en-tête %s."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "L'option --offset avec l'action d'ouverture est supportée uniquement pour des périphériques ordinaires et loopaes."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s est maintenant actif et prêt pour un chiffrement en ligne.\n"
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "Le déchiffrement LUKS2 est uniquement supporté avec un périphérique à l'en-tête détaché."
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "L'option de taille de secteur avec l'action d'ouverture est uniquement supportée pour des périphérique ordinaires."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Pas assez d'emplacements de clés libres pour le rechiffrement."
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "L'option des secteurs IV (vecteur d'initialisation) de grande taille est supportée uniquement à l'ouverture de périphériques de type simple avec une taille de secteur supérieure à 512 octets."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec exactement un seul emplacement de clé actif."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT, BITLK et FVAULT2."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Entrez la phrase secrète pour l'emplacement de clé %d : "
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Les options --device-size et --size ne peuvent pas être combinées."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "L'option --unbound est permise uniquement pour ouvrir un périphérique luks."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Basculement de l'algorithme de chiffrement de données vers %s.\n"
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "L'option --unbound ne peut pas être utilisée sans --test-passphrase."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "La commande exige un périphérique comme argument."
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Les options --cancel-deferred et --deferred ne peuvent pas être utilisées en même temps."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Seul le format LUKS2 est actuellement supporté. Veuillez utiliser l'outil cryptsetup-reencrypt pour LUKS1."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Les options --reduce-device-size et --data-size ne peuvent pas être combinées."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Un rechiffrement hors-ligne historique est déjà en cours. Utilisez l'utilitaire cryptsetup-reencrypt."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "L'option --active-name peut uniquement être définie pour un périphérique LUKS2."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Le rechiffrement d'un périphérique avec un profil d'intégrité n'est pas supporté."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Les options --active-name et --force-offline-reencrypt ne peuvent pas être combinées."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Rechiffrement LUKS2 déjà initialisé. Abandon de l'opération."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "Une spécification d'emplacement de clé est requise."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "Le périphérique LUKS2 n'est pas en rechiffrement."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Les options --align-payload et --offset ne peuvent pas être combinées."
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<périphérique> [--type <type>] [<nom>]"
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "L'option --integrity-no-wipe peut uniquement être utilisée pour une action de formatage avec l'extension d'intégrité."
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "ouvrir le périphérique comme <nom>"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Seule une des deux possibilités --use-[u]random est autorisée."
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<nom>"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "La taille de clé est requise avec l'option --unbound."
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr "fermeture du périphérique (supprime le « mapping »)"
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "L'action de jeton est invalide."
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Le paramètre --key-description est requis pour l'action d'ajout d'un jeton."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "L'option --unbound est uniquement valable avec l'action d'ajout d'un jeton."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Les options --key-slot et --unbound ne peuvent pas être combinées."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "L'action requiert un jeton spécifique. Utilisez le paramètre --key-slot."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<périphérique> [--type <type>] [<nom>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "ouvrir le périphérique comme <nom>"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<nom>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
+msgid "close device (remove mapping)"
+msgstr "fermeture du périphérique (supprime le « mapping »)"
+
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr "redimensionner le périphérique actif"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "afficher le statut du périphérique"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <chiffrement>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "chiffrement pour test de performance"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<périphérique>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "essayer de réparer les métadonnées sur le disque"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "rechiffrer le périphérique LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "supprimer tous les emplacements de clés (supprime la clé de chiffrement)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "convertir LUKS depuis/vers le format LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "définir les options de configuration permanentes pour LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<périphérique> [<fichier de la nouvelle clé>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "formater un périphérique LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "ajouter une clé au périphérique LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<périphérique> [<fichier de clé>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "retire du périphérique LUKS la clé ou le fichier de clé fourni"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "modifie la clé ou le fichier de clé fourni pour le périphérique LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "converti une clé vers les nouveaux paramètres pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<périphérique> <emplacement de clé>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "efface de façon sécurisée la clé avec le numéro <emplacement de clé> du périphérique LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "afficher l'UUID du périphérique LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "teste si <périphérique> a un en-tête de partition LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "affiche les informations LUKS de la partition"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "affiche les informations du périphérique TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "affiche les informations du périphérique BITLK"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "affiche les informations du périphérique FVAULT2"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Suspendre le périphérique LUKS et effacer de façon sécurisée la clé (toutes les entrées/sorties sont suspendues)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "Remettre en service le périphérique LUKS suspendu"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Sauvegarder l'en-tête et les emplacements de clés du périphérique LUKS"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Restaurer l'en-tête et les emplacements de clés du périphérique LUKS"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <périphérique>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "Manipuler les jetons LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<action> est l'une de :\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Vous pouvez aussi utiliser les alias de l'ancienne syntaxe <action> :\n"
-"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\touvrir : create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tfermer : remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<emplacement> est le numéro de l'emplacement de clé LUKS à modifier\n"
"<fichier de clé> est un fichier optionnel contenant la nouvelle clé pour l'action luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Le format de métadonnées compilé par défaut est %s (pour l'action luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Le support du greffon de jeton externe LUKS2 est %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "intégré dans la compilation"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Chemin du greffon de jeton externe LUKS2 : %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "désactivé"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"PBKDF par défaut pour LUKS2 : %s\n"
"\tTemps d'itération: %d, Mémoire requise: %d ko, Threads parallèles: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, Clé: %d bits, Hachage mot de passe: %s\n"
"\tLUKS: %s, Clé: %d bits, Hachage en-tête LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: La taille de clé par défaut en mode XTS (deux clés internes) sera doublée.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s : exige %s comme arguments."
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Emplacement de clé non valide."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "La taille du périphérique doit être un multiple d'un secteur de 512 octets."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "La spécification de la taille maximale de la zone chaude de rechiffrement est invalide."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "La taille de la clé doit être un multiple de 8 bits"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "La taille maximum réduite pour le périphérique est 1 GiB."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "L'option --priority peut uniquement être ignore/normal/prefer."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Afficher ce message d'aide"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Afficher, en résumé, la syntaxe d'invocation"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Afficher la version du paquet"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Options d'aide :"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Afficher des messages d'erreur plus détaillés"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Afficher les messages de débogage"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Montrer les messages de débogage incluant les métadonnées JSON"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "L'algorithme de chiffrement utilisé pour chiffrer le disque (voir /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "L'algorithme de hachage utilisé pour créer la clé de chiffrement à partir de la phrase secrète"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Vérifier la phrase secrète en la demandant deux fois"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Lire la clef depuis un fichier"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Lire la clé (maîtresse) du volume depuis un fichier."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Lister les informations de la clé (maîtresse) de volume au lieu des autres emplacements de clefs"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "La taille de la clé de chiffrement"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITS"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Limite la lecture d'un fichier de clé"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "octets"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Nombre d'octets à ignorer dans le fichier de clé"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Limite la lecture d'un nouveau fichier de clé ajouté"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Nombre d'octets à ignorer dans le fichier de clé nouvellement ajouté"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Numéro de l'emplacement pour la nouvelle clé (par défaut, le premier disponible)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "La taille du périphérique"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SECTEURS"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Utiliser uniquement la taille demandée du périphérique (ignore le reste du périphérique). DANGEREUX !"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Le décalage de départ dans le périphérique sous-jacent"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Combien de secteurs de données chiffrées à ignorer au début"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Crée une association en lecture seule"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Ne pas demander confirmation"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Délai d'expiration de la demande interactive de phrase secrète (en secondes)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "s"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Mise à jour de la ligne de progression (en secondes)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Nombre de tentatives possibles pour entrer la phrase secrète"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Utiliser une limite de <n> secteurs pour aligner les données – pour luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Fichier contenant une sauvegarde de l'en-tête LUKS et des emplacements de clés"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Utiliser /dev/random pour générer la clé de volume"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Utiliser /dev/urandom pour générer la clé de volume"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Partager le périphérique avec un autre segment chiffré sans recouvrement"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID du périphérique à utiliser"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Autoriser les demandes d'abandon (TRIM) pour le périphérique"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Périphérique ou fichier avec un en-tête LUKS séparé"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Ne pas activer le périphérique. Vérifie simplement le phrase secrète"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Utilise l'en-tête caché (périphérique TCRYPT caché)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Le périphérique est un lecteur TCRYPT système (avec secteur d'amorçage)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Utiliser l'en-tête TCRYPT de secours (secondaire)"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Recherche aussi des périphériques compatibles avec VeraCrypt"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Interroger le Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Type de métadonnées du périphérique : luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Désactive la vérification de la qualité du mot de passe (si activé)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Utilise l'option de compatibilité de performance dm-crypt same_cpu_crypt"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Utilise l'option de compatibilité de performance dm-crypt submit_from_crypt_cpus"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Passer outre la queue de travail de dm-crypt et traiter les requêtes en lecture de manière synchrone"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Passer outre la queue de travail de dm-crypt et traiter les requêtes en écriture de manière synchrone"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "La suppression du périphérique est différée jusqu'à ce que le dernier utilisateur le ferme"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Utiliser un verrou global pour sérialiser PBKDF qui utilise beaucoup de mémoire (évite le OOM)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Temps d'itération de PBKDF pour LUKS (en ms)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ms"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Algorithme PBKDF (pour LUKS2): argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Limite de coût mémoire PBKDF"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "kilooctets"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Coût parallèle PBKDF"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "threads"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Coût d'itération PBKDF (forcé, désactive l'étalon)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Priorité de l'emplacement de clé: ignore, normal, prefer"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Désactiver le verrouillage des métadonnées sur le disque"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Désactiver le chargement des clés de volume via le porte-clé du noyau"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Algorithme d'intégrité des données (uniquement LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Désactiver le journal pour le périphérique d'intégrité"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Ne pas effacer le périphérique après le formatage"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Utiliser le rembourrage historique inefficace (vieux noyaux)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Ne pas demander le mot de passe si l'activation par jeton échoue"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Numéro de jeton (défaut: n'importe lequel)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Description de clé"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Taille du secteur de chiffrement (défaut: 512 octets)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Utiliser le IV (vecteur d'initialisation) compté en taille de secteurs (pas en multiple de 512 octets)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Définir les fanions d'activation comme permanents pour le périphérique"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Définir l'étiquette pour le périphérique LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Définir l'étiquette de sous-système pour le périphérique LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Créer ou déverser un emplacement de clé LUKS2 non lié (aucun segment de donnée assigné)"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Lire ou écrire le json depuis ou vers un fichier"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Taille de la zone de métadonnées de l'en-tête LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Taille de la zone des emplacements de clés de l'en-tête LUKS2"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Rafraîchir (réactiver) le périphérique avec de nouveaux paramètres"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Emplacement de clé LUKS2: La taille de la clé de chiffrement"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Emplacement de clé LUKS2: Le chiffrement utilisé pour le chiffrement de l'emplacement de clé"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Chiffrer le périphérique LUKS2 (chiffrement sur place)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Déchiffrer le périphérique LUKS2 (supprime le chiffrement)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Initialiser le rechiffrement LUKS2 uniquement dans les métadonnées."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Redémarrer uniquement le rechiffrement LUKS2 initialisé."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Réduire la taille des données du périphérique (déplace le décalage des données). DANGEREUX !"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Taille maximale de la zone chaude de rechiffrement."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Rechiffre le type de résilience de la zone chaude (checksum,journal,none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Rechiffrer le hachage des sommes de contrôle de la zone chaude"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Outrepasser l'auto-détection du périphérique pour le périphérique dm à rechiffrer"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPTION...] <action> <paramètres de l'action>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Il manque l'argument <action>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Action inconnue."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Les options --refresh et --test-passphrase sont mutuellement exclusives."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "L'option --deferred est permise uniquement avec la commande close."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "L'option --shared est permise uniquement pour ouvrir un périphérique ordinaire."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "L'option --allow-discards est permise uniquement pour une opération d'ouverture."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "L'option --persistent est permise uniquement pour une opération d'ouverture."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "L'option --serialize-memory-hard-pbkdf est permise uniquement pour une opération d'ouverture."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "L'option --persistent n'est pas permise avec --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"L'option --key-size est permise seulement avec les actions luksFormat, luksAddKey,\n"
-"open et benchmark. Pour limiter la lecture depuis un fichier de clé, utilisez --keyfile-size=(octets)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "L'option --integrity est autorisée uniquement avec luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "L'option --integrity-no-wipe peut uniquement être utilisée pour une action de formatage avec l'extension d'intégrité."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Les options --label et --subsystem sont permises uniquement pour les opérations luksFormat et config LUKS2."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "L'option --test-passphrase est autorisée uniquement pour ouvrir des périphériques LUKS, TCRYPT et BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "La taille de la clé doit être un multiple de 8 bits"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Emplacement de clé non valide."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "L'option --key-file est prioritaire par rapport à un fichier de clé spécifié en argument."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Nombre négatif non autorisé pour l'option."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Un seul argument --key-file est autorisé."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Seule une des deux possibilités --use-[u]random est autorisée."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "L'option --use-[u]random est autorisée seulement avec luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "L'option --uuid est autorisée seulement avec luksFormat et luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "L'option --align-payload est autorisée uniquement avec luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Les options --luks2-metadata-size et --opt-luks2-keyslots-size sont permises uniquement pour luksFormat avec LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Spécification de taille de métadonnées LUKS2 invalide."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Spécification de taille d'emplacements de clés LUKS2 invalide."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Les options --align-payload et --offset ne peuvent pas être combinées."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "L'option --skip est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "L'option --offset est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes, luksFormat et le rechiffrement de périphérique."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Les options --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup sont supportées seulement pour un périphérique TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "L'option --tcrypt-hidden ne peut pas être combinée avec --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "L'option --veracrypt est uniquement supportée pour un périphérique de type TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Argument invalide fourni pour le paramètre --veracrypt-pim."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "L'option --veracrypt-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "L'option --veracrypt-query-pim est uniquement supportée pour un périphérique compatible avec VeraCrypt."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Les options --veracrypt-pim et --veracrypt-query-pim sont mutuellement exclusives."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "L'option --priority peut uniquement être ignore/normal/prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Une spécification d'emplacement de clé est requise."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "La fonction de dérivation d'une clé basée sur un mot de passe (PBKDF = Password-Based Key Derivation Function) peut uniquement être pbkdf2 ou argon2i/argon2id."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Les itérations forcées de PBKDF ne peuvent pas être combinées avec l'option de temps d'itération."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "L'option de taille de secteur n'est pas supportée pour cette commande."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "L'option des secteurs IV (vecteur d'initialisation) de grande taille est supportée uniquement à l'ouverture de périphériques de type simple avec une taille de secteur supérieure à 512 octets."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "La taille de clé est requise avec l'option --unbound."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "L'option --unbound peut uniquement être utilisée avec les actions luksAddKey et luksDump."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Les options --keyslot-cipher et --keyslot-key-size doivent être utilisées ensembles."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "L'option --refresh peut uniquement être utilisée avec l'action open."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Aucune action réalisée. Invoqué avec l'option --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Impossible de désactiver le verrouillage des métadonnées."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "La spécification de la taille maximale de la zone chaude de rechiffrement est invalide."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "La taille de périphérique spécifiée est invalide."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "La taille maximum réduite pour le périphérique est 1 GiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "La taille réduite doit être un multiple d'un secteur de 512 octets."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "La taille des données spécifiée est invalide."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Débordement de la taille de réduction."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "Le déchiffrement LUKS2 requiert l'option --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "La taille du périphérique doit être un multiple d'un secteur de 512 octets."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Les options --reduce-device-size et --data-size ne peuvent pas être combinées."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Les options --device-size et --size ne peuvent pas être combinées."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Les options --keyslot-cipher et --keyslot-key-size doivent être utilisées ensembles."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Chaîne d'aléa spécifiée invalide."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Impossible de créer l'image de hachage %s en écriture."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Impossible de créer l'image FEC %s en écriture."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Impossible de créer le fichier de hachage racine %s en écriture."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Impossible d'écrire dans le fichier de hachage racine %s."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Le périphérique %s n'est pas un périphérique VERITY valable."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Impossible de lire le fichier de hachage racine %s."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Fichier de hachage racine %s invalide."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Chaîne de hachage racine invalide."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Fichier de signature %s invalide."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Impossible de lire le fichier de signature %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "La commande exige <hachage_racine> ou l'option --root-hash-file comme argument."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<périph_données> <périph_hachage>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "formater le périphérique"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<périph_données> <périph_hachage> <hachage_racine>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<périph_données> <périph_hachage> [<hachage_racine>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "vérifier le périphérique"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<périph_données> <nom> <périph_hachage> <hachage_racine>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<périph_données> <nom> <périph_hachage> [<hachage_racine>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "afficher le statut du périphérique actif"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<périph_hachage>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "afficher les informations sur le disque"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<périph_hachage> est le périphérique contenant les données de vérification\n"
"<hachage_racine> hachage du nœud racine sur <périph_hachage>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Paramètres compilés par défaut dans dm-verity :\n"
"\tHachage: %s, Bloc données (octets): %u, Bloc hachage (octets): %u, Taille aléa: %u, Format hachage: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Ne pas utiliser le superbloc de verity"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Type de format (1: normal ; 0: Chrome OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "nombre"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles."
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Taille de bloc sur le périphérique de données"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Les options --panic-on-corruption et --restart-on-corruption ne peuvent être utilisées ensembles."
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Taille de bloc sur le périphérique de hachage"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Ceci écrasera les données sur %s et %s de manière irrévocable.\n"
+"Pour préserver le périphérique de données, utilisez l'option --no-wipe (et ensuite activez-le avec --integrity-recalculate)."
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "Octets de parité FEC"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Formaté avec une taille de balise de %u, intégrité interne %s.\n"
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Le nombre de blocs dans le fichier de données"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Définir le fanion pour le recalcul n'est pas supporté, envisagez plutôt d'utiliser --wipe."
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "blocs"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Le périphérique %s n'est pas un périphérique INTEGRITY valable."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Chemin vers le périphérique avec les données de correction d'erreurs"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<périph_intégrité>"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "chemin"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<périph_intégrigé> <nom>"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Décalage de départ sur le périphérique de hachage"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<nom> est le périphérique à créer sous %s\n"
+"<périph_intégrité> est le périphérique contenant les données avec les balises d'intégrité\n"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Décalage de départ sur le périphérique FEC"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Paramètres compilés par défaut dans dm-integrity :\n"
+"\tAlgorithme de somme de contrôle : %s\n"
+"\tTaille maximale du fichier de clé : %dko\n"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Algorithme de hachage"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "La taille --%s n'est pas valide. Le maximum est %u octets."
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "chaîne"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Les options du fichier de clé et de la taille de la clé doivent être spécifiées toutes les deux."
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Aléa"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Les options du fichier de clé de l'intégrité du journal et de la taille de la clé doivent être spécifiées toutes les deux."
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "chaîne hexa"
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "L'algorithme d'intégrité du journal doit être spécifié si la clé d'intégrité du journal est utilisée."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Les options du fichier de clé de chiffrement du journal et de la taille de la clé doivent être spécifiées toutes les deux."
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Chemin du fichier de signature du hachage racine"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "L'algorithme de chiffrement du journal doit être spécifié si la clé de chiffrement du journal est utilisée."
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Redémarrer le noyau si une corruption est détectée"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Les options de mode récupération et champ de bits sont mutuellement exclusives."
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Faire paniquer le noyau si une corruption est détectée"
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Les options de journal ne peuvent pas être utilisées en mode champ de bits."
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ignore la corruption, elle est seulement enregistrée dans le journal"
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Les options de champ de bits peuvent uniquement être utilisées en mode champ de bits."
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Ne pas vérifier les blocs mis à zéro"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"ATTENTION !\n"
+"===========\n"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Vérifier le bloc de données uniquement à la première lecture"
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Êtes-vous sûr ? (Typez « yes » en majuscules) : "
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "L'option --ignore-corruption, --restart-on-corruption ou --ignore-zero-blocks est seulement permise pour une opération d'ouverture."
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Erreur de lecture de la réponse depuis le terminal."
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "L'option --root-hash-signature peut uniquement être utilisée avec l'opération open."
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Commande réussie."
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Les options --ignore-corruption et --restart-on-corruption ne peuvent être utilisées ensembles."
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "paramètres erronés ou manquants"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Les options --panic-on-corruption et --restart-on-corruption ne peuvent être utilisées ensembles."
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "Aucune permission ou mauvais mot de passe"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "mémoire épuisée"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "mauvais périphérique ou fichier spécifié"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "le périphérique existe déjà ou est utilisé"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "erreur inconnue"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "La commande a échoué avec le code %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Emplacement de clef %i créé."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Emplacement de clé %i déverrouillé."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Emplacement de clé %i supprimé."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Jeton %i créé."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Jeton %i supprimé."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Aucun jeton n'a pu être déverrouillé avec ce code PIN."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Jeton %i requiert un code PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Le jeton (type %s) exige un code PIN."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Le jeton %i ne sait pas déverrouiller le/les emplacement(s) de clé assigné(s) (mauvaise phrase secrète pour l'emplacement de clé)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Le jeton (type %s) ne sait pas déverrouiller le/les emplacement(s) de clé assigné(s) (mauvaise phrase secrète pour l'emplacement de clé)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Le jeton %i a besoin d'une ressource supplémentaire qui est manquante."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Le jeton (type %s) a besoin d'une ressource supplémentaire qui est manquante."
-#: src/integritysetup.c:85
+#: src/utils_tools.c:298
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "La taille de la clé n'est pas valide. Le maximum est %u octets."
+msgid "No usable token (type %s) is available."
+msgstr "Aucun jeton (type %s) utilisable est disponible."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Aucun jeton utilisable est disponible."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Impossible de lire le fichier de clé %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/utils_tools.c:398
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Échec à la lecture de %d octets du fichier de clé %s."
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Formaté avec une taille de balise de %u, intégrité interne %s.\n"
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Impossible d'ouvrir le fichier de clé %s en écriture."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Impossible d'écrire dans le fichier de clé %s."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> jours"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s écrits"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "vitesse %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Progression : %5.1f%%, Fin prévue %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Terminé, temps %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Ne peut vérifier la qualité du mot de passe : %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Échec de la vérification de la qualité du mot de passe :\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Échec de la vérification de la qualité du mot de passe : Mauvais mot de passe (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "Erreur de lecture de la phrase secrète depuis la console."
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "Vérifiez la phrase secrète : "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "Les phrases secrètes ne sont pas identiques."
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "Le décalage n'est pas possible si l'entrée provient de la console."
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Saisissez la phrase secrète : "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Saisissez la phrase secrète pour %s : "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "Aucune clé disponible avec cette phrase secrète."
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "Aucun emplacement de clé utilisable est disponible."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Impossible de vérifier une phrase secrète non saisie sur une console."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Impossible d'ouvrir le fichier %s en lecture seule."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Fournissez le jeton LUKS valide au format JSON:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Impossible de lire le fichier JSON."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Lecture interrompue."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Impossible d'ouvrir le fichier %s en écriture seule."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Écriture interrompue."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Erreur lors de l'écriture du fichier JSON."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Périphérique dm actif auto-détecté « %s » pour le périphérique de données %s.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Échec de l'auto-détection des containers du périphérique %s."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Le périphérique %s n'est pas un périphérique blocs.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Impossible de décider si le périphérique %s est actif ou non.\n"
+"Êtes-vous sûr de vouloir procéder au rechiffrement en mode hors-ligne ?\n"
+"Les données pourraient être corrompues si le périphérique est réellement activé.\n"
+"Pour exécuter le rechiffrement en mode en ligne, utilisez le paramètre --active-name.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Le périphérique %s n'est pas un périphérique bloc. Impossible de détecter s'il est actif ou non.\n"
+"Utilisez --force-offline-reencrypt pour passer outre la vérification et exécuter en mode hors-ligne (dangereux !)."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "L'option --resilience demandée ne peut pas être appliquée à l'opération de rechiffrement courante."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Le périphérique n'est pas en cour de chiffrement LUKS2. Option --encrypt conflictuelle."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Le périphérique n'est pas en cours de déchiffrement LUKS2. Option --decrypt conflictuelle."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Le périphérique est en cours de rechiffrement en utilisant la résilience datashift. L'option --resilience demandée ne peut pas être appliquée."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Le périphérique requiert une récupération de rechiffrement. Exécuter d'abord une réparation."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS2. Voulez-vous redémarrer l'opération précédemment initialisée ?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Le rechiffrement LUKS2 historique n'est plus supporté."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Le rechiffrement d'un périphérique avec un profil d'intégrité n'est pas supporté."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"La taille de secteur demandée avec --sector-size %<PRIu32> est incompatible avec le superbloc %s\n"
+"(taille de bloc : %<PRIu32> octets) détecté sur le périphérique %s."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Le chiffrement sans en-tête détaché (--header) n'est pas possible sans une réduction de la taille du périphérique de données (--reduce-device-size)"
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Le décalage de données demandé doit être inférieur ou égal à la moitié du paramètre --reduce-device-size."
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Ajustement de la valeur de --reduce-device-size à deux fois --offset %<PRIu64> (secteurs).\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Le fichier temporaire d'en-tête %s existe déjà. Abandon."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Impossible de créer le fichier temporaire d'en-tête %s."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "La taille des métadonnées LUKS2 est plus grande que la valeur de décalage des données."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Impossible de placer le nouvel en-tête au début du périphérique %s."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s est maintenant actif et prêt pour un chiffrement en ligne.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Le périphérique actif %s n'est pas LUKS2."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Restauration de l'en-tête LUKS2 original."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Échec de la restauration de l'en-tête LUKS2 original."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Le fichier d'en-tête %s n'existe pas. Voulez-vous initialiser le déchiffrement LUKS2 du périphérique %s et exporter l'en-tête LUKS2 dans le fichier %s ?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Échec de l'ajout des permissions lecture/écriture pour exporter le fichier d'en-tête."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "L'initialisation du rechiffrement a échoué. La sauvegarde de l'en-tête est disponible dans %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Le déchiffrement LUKS2 est uniquement supporté avec un périphérique à l'en-tête détaché (avec l'offset de données défini à 0)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Pas assez d'emplacements de clés libres pour le rechiffrement."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Le fichier de clé peut uniquement être utilisé avec --key-slot ou avec exactement un seul emplacement de clé actif."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Entrez la phrase secrète pour l'emplacement de clé %d : "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Entrez la phrase secrète pour l'emplacement de clé %u : "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Basculement de l'algorithme de chiffrement de données vers %s.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Aucun paramètre de segment de donnée changé. Rechiffrement abandonné."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"L'augmentation de la taille du secteur de chiffrement n'est pas supportée sur un périphérique hors-ligne.\n"
+"Activez d'abord le périphérique ou utilisez l'option --force-offline-reencrypt (dangereux !)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Rechiffrement interrompu."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Redémarrage du rechiffrement LUKS en mode hors-ligne forcé.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Le périphérique %s contient des métadonnées LUKS endommagées. L'opération est abandonnée."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Le périphérique %s est déjà un périphérique LUKS. L'opération est abandonnée."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Le périphérique %s est déjà en cours de rechiffrement LUKS. L'opération est abandonnée."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "Le déchiffrement LUKS2 requiert l'option --header."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "La commande exige un périphérique comme argument."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Versions conflictuelles. Le périphérique %s est LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS1."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Versions conflictuelle. Le périphérique %s est LUKS2"
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Versions conflictuelles. Le périphérique %s est en cours de rechiffrement LUKS2."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Rechiffrement LUKS2 déjà initialisé. Abandon de l'opération."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Le rechiffrement du périphérique n'est pas en cours."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Impossible d'ouvrir exclusivement %s : périphérique utilisé."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "La réservation de la mémoire alignée a échoué."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Impossible de lire le périphérique %s."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Marque le périphérique LUKS1 %s comme inutilisable."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Impossible d'écrire le périphérique %s."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Impossible d'écrire le journal de re-chiffrement."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Impossible de lire le journal de re-chiffrement."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Format de journal incorrect."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Fichier journal %s existe. Reprise du re-chiffrement.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Activation du périphérique temporaire en utilisant l'ancien en-tête LUKS."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Activation du périphérique temporaire un utilisant le nouvel en-tête LUKS."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Échec de l'activation des périphériques temporaires."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Impossible de définir les offsets des données."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Impossible de définir la taille des métadonnées."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Nouvel en-tête LUKS créé pour le périphérique %s."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Sauvegarde de l'en-tête %s du périphérique %s créée."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "La création de la sauvegarde des en-têtes LUKS a échoué."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Impossible de rétablir l'en-tête %s sur le périphérique %s."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "En-tête %s rétabli sur le périphérique %s."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Impossible d'ouvrir le périphérique LUKS temporaire."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Impossible d'obtenir la taille du périphérique."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "Erreur E/S pendant le re-chiffrement."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Le UUID fourni est invalide."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Impossible d'ouvrir le journal de re-chiffrement."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Pas de déchiffrement en cours. Le UUID fourni ne peut être utilisé que pour reprendre un déchiffrement suspendu."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Le re-chiffrement va changer : %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "clé de volume"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "change hachage en "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", change chiffrement en "
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour une partition « %s ».\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour un superblock « %s ».\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Impossible d'initialiser les sondes de la signature du périphérique."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Impossible d'exécuter « stat » sur le périphérique %s."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Impossible d'ouvrir le fichier %s en mode lecture/écriture."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "La signature de partition « %s » existante sur le périphérique %s sera effacée."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "La signature de superbloc « %s » existante sur le périphérique %s sera effacée."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Impossible d'effacer la signature du périphérique."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Impossible de sonder le périphérique %s pour une signature."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "La spécification de taille est invalide dans le paramètre --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "L'option --%s n'est pas permise avec l'action %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Erreur lors de l'écriture du json du jeton ssh."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Greffon expérimental pour cryptsetup ayant pour but de déverrouiller des périphériques LUKS2 avec un jeton connecté à un serveur SSH\vCe greffon permet actuellement d'ajouter un jeton à un emplacement de clé existant.\n"
+"\n"
+"Le serveur SSH spécifié doit contenir un fichier de clé dans le chemin spécifié avec une phrase secrète pour l'emplacement de clé existant sur le périphérique.\n"
+"Les informations d'identification fournies seront utilisées par cryptsetup pour obtenir le mot de passe lors de l'ouverture du périphérique utilisant le jeton.\n"
+"\n"
+"Note : L'information fournie en ajoutant le jeton (adresse du serveur SSH, utilisateur et chemins) sont stockés dans l'en-tête LUKS2 sous forme de texte clair."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<action> <périphérique>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Options pour l'action « add » :"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "Adresse IP/URL du serveur distant pour ce jeton"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Nom d'utilisateur utilisé pour le serveur distant"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Chemin vers le fichier de clé sur le serveur distant"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Chemin vers la clé SSH pour se connecter au serveur distant"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Emplacement de clé à assigner au jeton. Si non spécifié, le jeton sera assigné au premier emplacement de clé correspondant à la phrase secrète fournie."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Options génériques :"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Afficher des messages d'erreur plus détaillés"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Afficher les messages de débogage"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Montrer les messages de débogage incluant les métadonnées JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Impossible d'ouvrir et d'importer la clé privée :\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Impossible d'importer la clé privée (protégée par mot de passe ?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "mot de passe de %s@%s : "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Échec lors de l'analyse des arguments.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Une action doit être spécifiée\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Le périphérique doit être spécifié pour l'action « %s ».\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Le serveur SSH doit être spécifié pour l'action « %s ».\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "L'utilisateur SSH doit être spécifié pour l'action « %s ».\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Le chemin SSH doit être spécifié pour l'action « %s ».\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Le chemin de la clé SSH doit être spécifié pour l'action « %s ».\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Échec de l'ouverture de %s en utilisant les identifiants fournis.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Seule l'action « add » est actuellement supportée par ce greffon.\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Impossible de créer la session sftp : "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Impossible d'initialiser la session sftp : "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Impossible d'ouvrir la session sftp : "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Impossible d'exécuter stat sur le fichier sftp : "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Pas assez de mémoire.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Impossible de lire la clé distante : "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Échec de connexion : "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Serveur inconnu : "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "La méthode d'authentification par clé publique n'est pas permise sur l'hôte.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Erreur durant l'authentification par clé publique : "
+
+#~ msgid "WARNING: Data offset is outside of currently available data device.\n"
+#~ msgstr "AVERTISSEMENT: L'offset des données est en dehors du périphérique de données actuellement disponible.\n"
+
+#~ msgid "Cannot get process priority."
+#~ msgstr "Impossible d'obtenir la priorité du processus."
+
+#~ msgid "Cannot unlock memory."
+#~ msgstr "Impossible de déverrouiller la mémoire."
+
+#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+#~ msgstr "Le répertoire de verrouillage %s/%s sera créé avec les permissions par défaut fournies durant la compilation."
+
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Impossible de lire la signature BITLK depuis %s."
+
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Signature invalide ou inconnue pour le périphérique BITLK."
+
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Échec lors de l'effacement des données du segment de sauvegarde."
+
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Impossible de désactiver le fanion de demande de rechiffrement."
+
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Le chiffrement est uniquement supporté avec le format LUKS2."
+
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "Périphérique LUKS détecté sur %s. Voulez-vous chiffrer à nouveau ce périphérique LUKS ?"
+
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "Seul le format LUKS2 est actuellement supporté. Veuillez utiliser l'outil cryptsetup-reencrypt pour LUKS1."
+
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Un rechiffrement hors-ligne historique est déjà en cours. Utilisez l'utilitaire cryptsetup-reencrypt."
+
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "Le périphérique LUKS2 n'est pas en rechiffrement."
+
+#~ msgid "Reencryption already in-progress."
+#~ msgstr "Re-chiffrement déjà en cours."
+
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Activation du fanion de re-chiffrement hors-ligne de LUKS2 sur le périphérique %s."
+
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Cette version de cryptsetup-reencrypt ne gère pas le nouveau type de jeton interne %s."
+
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Échec lors de la lecture des fanions d'activation depuis l'en-tête de sauvegarde."
+
+#~ msgid "Failed to write activation flags to new header."
+#~ msgstr "Échec lors de l'écriture des fanions d'activation dans le nouvel en-tête."
+
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Les paramètres pbkdf ont été changés dans l'emplacement de clé %i."
+
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Seules les valeurs entre 1 MiB et 64 MiB sont permises pour la taille des blocs de re-chiffrement."
+
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "La taille maximum réduite pour le périphérique est 64 MiB."
+
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[OPTION...] <périph>"
+
+#~ msgid "Argument required."
+#~ msgstr "Argument requis."
+
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "L'option --new doit être utilisée avec --reduce-device-size ou --header."
+
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "L'option --keep-key ne peut être utilisée que avec --hash, --iter-time ou --pbkdf-force-iterations²."
+
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "L'option --new ne peut pas être utilisée avec --decrypt."
+
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "L'option --decrypt est incompatible avec les paramètres spécifiés."
+
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "L'option --uuid ne peut être utilisée qu'avec --decrypt."
+
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Type luks invalide. Utilisez « luks », « luks1 » ou « luks2 »."
+
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Le périphérique %s est utilisé. Impossible de continuer avec l'opération de formatage."
+
+#~ msgid "No free token slot."
+#~ msgstr "Aucun emplacement de jeton libre"
+
+#~ msgid "Failed to create builtin token %s."
+#~ msgstr "Échec lors de la création du jeton intégré %s"
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Type de périphérique LUKS invalide."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "L'algorithme de chiffrement utilisé pour chiffrer le disque (voir /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "L'algorithme de hachage utilisé pour créer la clé de chiffrement à partir de la phrase secrète"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Vérifier la phrase secrète en la demandant deux fois"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Lire la clef depuis un fichier"
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Lire la clé (maîtresse) du volume depuis un fichier."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Lister les informations de la clé (maîtresse) de volume au lieu des autres emplacements de clefs"
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "La taille de la clé de chiffrement"
+
+#~ msgid "BITS"
+#~ msgstr "BITS"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Limite la lecture d'un fichier de clé"
+
+#~ msgid "bytes"
+#~ msgstr "octets"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Nombre d'octets à ignorer dans le fichier de clé"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Limite la lecture d'un nouveau fichier de clé ajouté"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Nombre d'octets à ignorer dans le fichier de clé nouvellement ajouté"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Numéro de l'emplacement pour la nouvelle clé (par défaut, le premier disponible)"
+
+#~ msgid "The size of the device"
+#~ msgstr "La taille du périphérique"
+
+#~ msgid "SECTORS"
+#~ msgstr "SECTEURS"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Utiliser uniquement la taille demandée du périphérique (ignore le reste du périphérique). DANGEREUX !"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Le décalage de départ dans le périphérique sous-jacent"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Combien de secteurs de données chiffrées à ignorer au début"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Crée une association en lecture seule"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Ne pas demander confirmation"
+
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Délai d'expiration de la demande interactive de phrase secrète (en secondes)"
+
+#~ msgid "secs"
+#~ msgstr "s"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Mise à jour de la ligne de progression (en secondes)"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<périph_intégrité>"
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Nombre de tentatives possibles pour entrer la phrase secrète"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<périph_intégrigé> <nom>"
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Utiliser une limite de <n> secteurs pour aligner les données – pour luksFormat"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<nom> est le périphérique à créer sous %s\n"
-"<périph_intégrité> est le périphérique contenant les données avec les balises d'intégrité\n"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Fichier contenant une sauvegarde de l'en-tête LUKS et des emplacements de clés"
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Paramètres compilés par défaut dans dm-integrity :\n"
-"\tAlgorithme de somme de contrôle : %s\n"
-"\tTaille maximale du fichier de clé : %dko\n"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Utiliser /dev/random pour générer la clé de volume"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Chemin vers le périphérique de données (si séparé)"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Utiliser /dev/urandom pour générer la clé de volume"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Taille du journal"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Partager le périphérique avec un autre segment chiffré sans recouvrement"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Secteurs d'entrelacement"
+#~ msgid "UUID for device to use"
+#~ msgstr "UUID du périphérique à utiliser"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Filigrane du journal"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Autoriser les demandes d'abandon (TRIM) pour le périphérique"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "pourcent"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Périphérique ou fichier avec un en-tête LUKS séparé"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Temps pour écrire le journal"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Ne pas activer le périphérique. Vérifie simplement le phrase secrète"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Utilise l'en-tête caché (périphérique TCRYPT caché)"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Nombre de secteurs de 512 octets par bit (mode champ de bit)."
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Le périphérique est un lecteur TCRYPT système (avec secteur d'amorçage)"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Temps de purge du mode champ de bit"
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Utiliser l'en-tête TCRYPT de secours (secondaire)"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Taille de balise (par secteur)"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Recherche aussi des périphériques compatibles avec VeraCrypt"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Taille de secteur"
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Taille des tampons"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Interroger le Multiplicateur d'Itération Personnel pour le périphérique compatible avec VeraCrypt"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Algorithme d'intégrité des données"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Type de métadonnées du périphérique : luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "La taille de la clé d'intégrité des données"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Désactive la vérification de la qualité du mot de passe (si activé)"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Lire la clef d'intégrité depuis un fichier"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Utilise l'option de compatibilité de performance dm-crypt same_cpu_crypt"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Algorithme d'intégrité du journal"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Utilise l'option de compatibilité de performance dm-crypt submit_from_crypt_cpus"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "La taille de la clé du journal d'intégrité"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Passer outre la queue de travail de dm-crypt et traiter les requêtes en lecture de manière synchrone"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Lire la clé du journal d'intégrité depuis un fichier"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Passer outre la queue de travail de dm-crypt et traiter les requêtes en écriture de manière synchrone"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Algorithme de chiffrement du journal"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "La suppression du périphérique est différée jusqu'à ce que le dernier utilisateur le ferme"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "La taille de la clé de chiffrement du journal"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Utiliser un verrou global pour sérialiser PBKDF qui utilise beaucoup de mémoire (évite le OOM)"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Lire la clé de chiffrement du journal depuis un fichier"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Temps d'itération de PBKDF pour LUKS (en ms)"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Mode récupération (pas de journal, pas de vérification des balises)"
+#~ msgid "msecs"
+#~ msgstr "ms"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Utiliser un champ de bits pour garder une trace des changements et désactiver le journal sur le périphérique d'intégrité"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "Algorithme PBKDF (pour LUKS2): argon2i, argon2id, pbkdf2"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Recalculer les balises initiales automatiquement."
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Limite de coût mémoire PBKDF"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Ne pas protéger le superbloc avec HMAC (anciens noyaux)"
+#~ msgid "kilobytes"
+#~ msgstr "kilooctets"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Autoriser le recalcul des volumes avec des clés HMAC (anciens noyaux)"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Coût parallèle PBKDF"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "L'option --integrity-recalculate peut uniquement être utilisée avec l'action open."
+#~ msgid "threads"
+#~ msgstr "threads"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Les options --journal-size, --interleave-sectors, --sector-size, --tag-size et --no-wipe peuvent uniquement être utilisée avec l'action de format."
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Coût d'itération PBKDF (forcé, désactive l'étalon)"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "La spécification de la taille du journal est invalide."
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Priorité de l'emplacement de clé: ignore, normal, prefer"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Les options du fichier de clé et de la taille de la clé doivent être spécifiées toutes les deux."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Désactiver le verrouillage des métadonnées sur le disque"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Les options du fichier de clé de l'intégrité du journal et de la taille de la clé doivent être spécifiées toutes les deux."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Désactiver le chargement des clés de volume via le porte-clé du noyau"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "L'algorithme d'intégrité du journal doit être spécifié si la clé d'intégrité du journal est utilisée."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Algorithme d'intégrité des données (uniquement LUKS2)"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Les options du fichier de clé de chiffrement du journal et de la taille de la clé doivent être spécifiées toutes les deux."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Désactiver le journal pour le périphérique d'intégrité"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "L'algorithme de chiffrement du journal doit être spécifié si la clé de chiffrement du journal est utilisée."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Ne pas effacer le périphérique après le formatage"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Les options de mode récupération et champ de bits sont mutuellement exclusives."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Utiliser le rembourrage historique inefficace (vieux noyaux)"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Les options de journal ne peuvent pas être utilisées en mode champ de bits."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Ne pas demander le mot de passe si l'activation par jeton échoue"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Les options de champ de bits peuvent uniquement être utilisées en mode champ de bits."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Numéro de jeton (défaut: n'importe lequel)"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Re-chiffrement déjà en cours."
+#~ msgid "Key description"
+#~ msgstr "Description de clé"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Impossible d'ouvrir exclusivement %s : périphérique utilisé."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Taille du secteur de chiffrement (défaut: 512 octets)"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "La réservation de la mémoire alignée a échoué."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Utiliser le IV (vecteur d'initialisation) compté en taille de secteurs (pas en multiple de 512 octets)"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Impossible de lire le périphérique %s."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Définir les fanions d'activation comme permanents pour le périphérique"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "Marque le périphérique LUKS1 %s comme inutilisable."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Définir l'étiquette pour le périphérique LUKS2"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Activation du fanion de re-chiffrement hors-ligne de LUKS2 sur le périphérique %s."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Définir l'étiquette de sous-système pour le périphérique LUKS2"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Impossible d'écrire le périphérique %s."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Créer ou déverser un emplacement de clé LUKS2 non lié (aucun segment de donnée assigné)"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Impossible d'écrire le journal de re-chiffrement."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Lire ou écrire le json depuis ou vers un fichier"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Impossible de lire le journal de re-chiffrement."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Taille de la zone de métadonnées de l'en-tête LUKS2"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Fichier journal %s existe. Reprise du re-chiffrement.\n"
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Taille de la zone des emplacements de clés de l'en-tête LUKS2"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Activation du périphérique temporaire en utilisant l'ancien en-tête LUKS."
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Rafraîchir (réactiver) le périphérique avec de nouveaux paramètres"
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Activation du périphérique temporaire un utilisant le nouvel en-tête LUKS."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "Emplacement de clé LUKS2: La taille de la clé de chiffrement"
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Échec de l'activation des périphériques temporaires."
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "Emplacement de clé LUKS2: Le chiffrement utilisé pour le chiffrement de l'emplacement de clé"
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Impossible de définir les offsets des données."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Chiffrer le périphérique LUKS2 (chiffrement sur place)."
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Impossible de définir la taille des métadonnées."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Déchiffrer le périphérique LUKS2 (supprime le chiffrement)"
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Nouvel en-tête LUKS créé pour le périphérique %s."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Initialiser le rechiffrement LUKS2 uniquement dans les métadonnées."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Cette version de cryptsetup-reencrypt ne gère pas le nouveau type de jeton interne %s."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Redémarrer uniquement le rechiffrement LUKS2 initialisé."
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Échec lors de la lecture des fanions d'activation depuis l'en-tête de sauvegarde."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Réduire la taille des données du périphérique (déplace le décalage des données). DANGEREUX !"
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Échec lors de l'écriture des fanions d'activation dans le nouvel en-tête."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Taille maximale de la zone chaude de rechiffrement."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Échec lors de la lecture des exigences de l'en-tête de sauvegarde."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Rechiffre le type de résilience de la zone chaude (checksum,journal,none)"
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Sauvegarde de l'en-tête %s du périphérique %s créée."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Rechiffrer le hachage des sommes de contrôle de la zone chaude"
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "La création de la sauvegarde des en-têtes LUKS a échoué."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Outrepasser l'auto-détection du périphérique pour le périphérique dm à rechiffrer"
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Impossible de rétablir l'en-tête %s sur le périphérique %s."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "L'option --deferred est permise uniquement avec la commande close."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "En-tête %s rétabli sur le périphérique %s."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "L'option --allow-discards est permise uniquement pour une opération d'ouverture."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Impossible d'ouvrir le périphérique LUKS temporaire."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "L'option --persistent est permise uniquement pour une opération d'ouverture."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Impossible d'obtenir la taille du périphérique."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "L'option --serialize-memory-hard-pbkdf est permise uniquement pour une opération d'ouverture."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "Erreur E/S pendant le re-chiffrement."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "L'option --key-size est permise seulement avec les actions luksFormat, luksAddKey,\n"
+#~ "open et benchmark. Pour limiter la lecture depuis un fichier de clé, utilisez --keyfile-size=(octets)."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Le UUID fourni est invalide."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "L'option --integrity est autorisée uniquement avec luksFormat (LUKS2)."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Impossible d'ouvrir le journal de re-chiffrement."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Les options --label et --subsystem sont permises uniquement pour les opérations luksFormat et config LUKS2."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Pas de déchiffrement en cours. Le UUID fourni ne peut être utilisé que pour reprendre un déchiffrement suspendu."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "Nombre négatif non autorisé pour l'option."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Les paramètres pbkdf ont été changés dans l'emplacement de clé %i."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "L'option --use-[u]random est autorisée seulement avec luksFormat."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Taille de bloc de re-chiffrement"
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "L'option --uuid est autorisée seulement avec luksFormat et luksUUID."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "L'option --align-payload est autorisée uniquement avec luksFormat."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Ne pas changer la clé, pas de re-chiffrement de la zone de donnée"
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Les options --luks2-metadata-size et --opt-luks2-keyslots-size sont permises uniquement pour luksFormat avec LUKS2."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Lire la nouvelle clé (maîtresse) du volume depuis un fichier"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Spécification de taille de métadonnées LUKS2 invalide."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Temps d'itération de PBKDF2 pour LUKS (en ms)"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Spécification de taille d'emplacements de clés LUKS2 invalide."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Utiliser direct-io pour accéder aux périphériques"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "L'option --offset est supportée uniquement pour ouvrir des périphériques ordinaires et loopaes, luksFormat et le rechiffrement de périphérique."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Utiliser fsync après chaque bloc"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Argument invalide fourni pour le paramètre --veracrypt-pim."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Mettre le journal à jour après chaque bloc"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "L'option de taille de secteur n'est pas supportée pour cette commande."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Utiliser uniquement cet emplacement (les autres seront désactivés)"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "L'option --refresh peut uniquement être utilisée avec l'action open."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Créer un nouvel en-tête sur le périphérique non chiffré"
+#~ msgid "Invalid device size specification."
+#~ msgstr "La taille de périphérique spécifiée est invalide."
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Déchiffrer le périphérique de manière permanente (supprime le chiffrement)"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Débordement de la taille de réduction."
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "Le UUID utilisé pour poursuivre le déchiffrement"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Ne pas utiliser le superbloc de verity"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Type de métadonnées LUKS: luks1, luks2"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Type de format (1: normal ; 0: Chrome OS)"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[OPTION...] <périph>"
+#~ msgid "number"
+#~ msgstr "nombre"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Le re-chiffrement va changer : %s%s%s%s%s%s."
+#~ msgid "Block size on the data device"
+#~ msgstr "Taille de bloc sur le périphérique de données"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "clé de volume"
+#~ msgid "Block size on the hash device"
+#~ msgstr "Taille de bloc sur le périphérique de hachage"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "change hachage en "
+#~ msgid "FEC parity bytes"
+#~ msgstr "Octets de parité FEC"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", change chiffrement en "
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Le nombre de blocs dans le fichier de données"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Argument requis."
+#~ msgid "blocks"
+#~ msgstr "blocs"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Seules les valeurs entre 1 MiB et 64 MiB sont permises pour la taille des blocs de re-chiffrement."
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Chemin vers le périphérique avec les données de correction d'erreurs"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "La taille maximum réduite pour le périphérique est 64 MiB."
+#~ msgid "path"
+#~ msgstr "chemin"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "L'option --new doit être utilisée avec --reduce-device-size ou --header."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Décalage de départ sur le périphérique de hachage"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "L'option --keep-key ne peut être utilisée que avec --hash, --iter-time ou --pbkdf-force-iterations²."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Décalage de départ sur le périphérique FEC"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "L'option --new ne peut pas être utilisée avec --decrypt."
+#~ msgid "Hash algorithm"
+#~ msgstr "Algorithme de hachage"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "L'option --decrypt est incompatible avec les paramètres spécifiés."
+#~ msgid "string"
+#~ msgstr "chaîne"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "L'option --uuid ne peut être utilisée qu'avec --decrypt."
+#~ msgid "Salt"
+#~ msgstr "Aléa"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Type luks invalide. Utilisez « luks », « luks1 » ou « luks2 »."
+#~ msgid "hex string"
+#~ msgstr "chaîne hexa"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Erreur de lecture de la réponse depuis le terminal."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Chemin du fichier de signature du hachage racine"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Opération réussie.\n"
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Redémarrer le noyau si une corruption est détectée"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "paramètres erronés ou manquants"
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Faire paniquer le noyau si une corruption est détectée"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "Aucune permission ou mauvais mot de passe"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Ignore la corruption, elle est seulement enregistrée dans le journal"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "mémoire épuisée"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Ne pas vérifier les blocs mis à zéro"
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "mauvais périphérique ou fichier spécifié"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Vérifier le bloc de données uniquement à la première lecture"
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "le périphérique existe déjà ou est utilisé"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "L'option --ignore-corruption, --restart-on-corruption ou --ignore-zero-blocks est seulement permise pour une opération d'ouverture."
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "erreur inconnue"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "L'option --root-hash-signature peut uniquement être utilisée avec l'opération open."
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "La commande a échoué avec le code %i (%s).\n"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Chemin vers le périphérique de données (si séparé)"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Emplacement de clef %i créé."
+#~ msgid "Journal size"
+#~ msgstr "Taille du journal"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Emplacement de clé %i déverrouillé."
+#~ msgid "Interleave sectors"
+#~ msgstr "Secteurs d'entrelacement"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Emplacement de clé %i supprimé."
+#~ msgid "Journal watermark"
+#~ msgstr "Filigrane du journal"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Jeton %i créé."
+#~ msgid "percent"
+#~ msgstr "pourcent"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Jeton %i supprimé."
+#~ msgid "Journal commit time"
+#~ msgstr "Temps pour écrire le journal"
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Effacement interrompu."
+#~ msgid "ms"
+#~ msgstr "ms"
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour une partition « %s ».\n"
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Nombre de secteurs de 512 octets par bit (mode champ de bit)."
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "ATTENTION: Le périphérique %s contient déjà une signature pour un superblock « %s ».\n"
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Temps de purge du mode champ de bit"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Impossible d'initialiser les sondes de la signature du périphérique."
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Taille de balise (par secteur)"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "Impossible d'exécuter « stat » sur le périphérique %s."
+#~ msgid "Sector size"
+#~ msgstr "Taille de secteur"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Le périphérique %s est utilisé. Impossible de continuer avec l'opération de formatage."
+#~ msgid "Buffers size"
+#~ msgstr "Taille des tampons"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Impossible d'ouvrir le fichier %s en mode lecture/écriture."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Algorithme d'intégrité des données"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "La signature de partition « %s » existante (offset: %<PRIi64> octets) sur le périphérique %s sera effacée."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "La taille de la clé d'intégrité des données"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "La signature de superbloc « %s » existante (offset: %<PRIi64> octets) sur le périphérique %s sera effacée."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Lire la clef d'intégrité depuis un fichier"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Impossible d'effacer la signature du périphérique."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Algorithme d'intégrité du journal"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Impossible de sonder le périphérique %s pour une signature."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "La taille de la clé du journal d'intégrité"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Rechiffrement interrompu."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Lire la clé du journal d'intégrité depuis un fichier"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Ne peut vérifier la qualité du mot de passe : %s"
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Algorithme de chiffrement du journal"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Échec de la vérification de la qualité du mot de passe :\n"
-" %s"
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "La taille de la clé de chiffrement du journal"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Échec de la vérification de la qualité du mot de passe : Mauvais mot de passe (%s)"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Lire la clé de chiffrement du journal depuis un fichier"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Erreur de lecture de la phrase secrète depuis la console."
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Mode récupération (pas de journal, pas de vérification des balises)"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Vérifiez la phrase secrète : "
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Utiliser un champ de bits pour garder une trace des changements et désactiver le journal sur le périphérique d'intégrité"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Les phrases secrètes ne sont pas identiques."
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Recalculer les balises initiales automatiquement."
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Le décalage n'est pas possible si l'entrée provient de la console."
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Ne pas protéger le superbloc avec HMAC (anciens noyaux)"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Saisissez la phrase secrète : "
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Autoriser le recalcul des volumes avec des clés HMAC (anciens noyaux)"
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Saisissez la phrase secrète pour %s : "
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "L'option --integrity-recalculate peut uniquement être utilisée avec l'action open."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Aucune clé disponible avec cette phrase secrète."
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Les options --journal-size, --interleave-sectors, --sector-size, --tag-size et --no-wipe peuvent uniquement être utilisée avec l'action de format."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Aucun emplacement de clé utilisable est disponible."
+#~ msgid "Invalid journal size specification."
+#~ msgstr "La spécification de la taille du journal est invalide."
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Impossible d'ouvrir le fichier de clé %s en écriture."
+#~ msgid "Reencryption block size"
+#~ msgstr "Taille de bloc de re-chiffrement"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Impossible d'écrire dans le fichier de clé %s."
+#~ msgid "MiB"
+#~ msgstr "MiB"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Impossible d'ouvrir le fichier %s en lecture seule."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Ne pas changer la clé, pas de re-chiffrement de la zone de donnée"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Fournissez le jeton LUKS valide au format JSON:\n"
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Lire la nouvelle clé (maîtresse) du volume depuis un fichier"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Impossible de lire le fichier JSON."
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Utiliser direct-io pour accéder aux périphériques"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Lecture interrompue."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Utiliser fsync après chaque bloc"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Impossible d'ouvrir le fichier %s en écriture seule."
+#~ msgid "Update log file after every block"
+#~ msgstr "Mettre le journal à jour après chaque bloc"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Écriture interrompue."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Utiliser uniquement cet emplacement (les autres seront désactivés)"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Erreur lors de l'écriture du fichier JSON."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Créer un nouvel en-tête sur le périphérique non chiffré"
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Impossible de désactiver le fanion de demande de rechiffrement."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Déchiffrer le périphérique de manière permanente (supprime le chiffrement)"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Le périphérique seems ne requière pas de récupération de rechiffrement.\n"
-#~ "Voulez-vous quand-même continuer ?"
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "Le UUID utilisé pour poursuivre le déchiffrement"
+
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Type de métadonnées LUKS: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "ATTENTION: Le répertoire verrou %s/%s est manquant !\n"
#~ msgid "Parameter --refresh is only allowed with open or refresh commands."
#~ msgstr "Le paramètre --refresh est permis uniquement avec les commandes open ou refresh."
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Le chiffrement %s n'est pas disponible."
-
#~ msgid "Unsupported encryption sector size.\n"
#~ msgstr "Taille de secteur de chiffrement non supportée.\n"
#~ msgid "Online reencryption in progress. Aborting."
#~ msgstr "Un rechiffrement en-ligne est en cours. Interruption."
-#~ msgid "No LUKS2 reencryption in progress."
-#~ msgstr "Pas de rechiffrement LUKS2 en cours."
-
#~ msgid "Interrupted by a signal."
#~ msgstr "Interrompu par un signal."
#~ msgid "Function not available in FIPS mode."
#~ msgstr "Fonction pas disponible en mode FIPS."
-#~ msgid "Failed to write hash."
-#~ msgstr "Erreur lors de l'écriture du hachage."
-
#~ msgid "Failed to finalize hash."
#~ msgstr "Impossible de terminer le hachage."
#~ msgid "Failed to assign digest %u to segment %u."
#~ msgstr "Impossible d'affecter le résumé %u au segment %u."
-#~ msgid "Failed to set segments."
-#~ msgstr "Échec lors de la définition des segments."
-
#~ msgid "Failed to assign reencrypt previous backup segment."
#~ msgstr "Échec lors de l'assignation du segment de sauvegarde précédent rechiffré."
#~ msgid "Error: Calculated reencryption offset %<PRIu64> is beyond device size %<PRIu64>."
#~ msgstr "Erreur: Le décalage de rechiffrement calculé %<PRIu64> est au delà de la taille du périphérique %<PRIu64>"
-#~ msgid "Device is not in clean reencryption state."
-#~ msgstr "Le périphérique n'est pas dans un état de rechiffrement propre."
-
#~ msgid "Failed to calculate new segments."
#~ msgstr "Échec lors du calcul des nouveaux segments."
-#~ msgid "Failed to assign pre reenc segments."
-#~ msgstr "Échec de l'affectation des segments pre reenc."
-
#~ msgid "Failed finalize hotzone resilience, retval = %d"
#~ msgstr "Échec de finalisation de la résilience de la zone chaude, retval = %d"
#~ msgid "WARNING: device %s is a partition, for TCRYPT system encryption you usually need to use whole block device path.\n"
#~ msgstr "ATTENTION : le périphérique %s est une partition. Pour le chiffrement de système TCRYPT, vous avez généralement besoin du chemin d'un périphérique bloc entier.\n"
-#~ msgid "Kernel doesn't support plain64 IV.\n"
-#~ msgstr "Le noyau ne supporte pas plain64 IV.\n"
-
#~ msgid "Enter LUKS passphrase: "
#~ msgstr "Saisissez la phrase secrète LUKS : "
#~ msgid "exclusive "
#~ msgstr "exclusif "
-#~ msgid "writable"
-#~ msgstr "en écriture"
-
#~ msgid "read-only"
#~ msgstr "en lecture seule"
msgstr ""
"Project-Id-Version: cryptsetup 1.1.0-rc4\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2009-12-30 20:09+0100\n"
"PO-Revision-Date: 2010-01-27 07:30+0700\n"
"Last-Translator: Arif E. Nugroho <arif_endro@yahoo.com>\n"
"Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
-"Language: id\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=ISO-8859-1\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Bugs: Report translation errors to the Language-Team address.\n"
-#: lib/libdevmapper.c:408
-#, fuzzy
-msgid "Cannot initialize device-mapper, running as non-root user."
+#: lib/libdevmapper.c:48
+msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr "Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod telah dimuat?\n"
-#: lib/libdevmapper.c:411
-#, fuzzy
-msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
-msgstr "Tidak dapat menginisialisasi pemeta-perangkat. Apakah kernel modul dm_mod telah dimuat?\n"
+#: lib/libdevmapper.c:304
+#, c-format
+msgid "DM-UUID for device %s was truncated.\n"
+msgstr "DM-UUID untuk perangkat %s telah terpotong.\n"
-#: lib/libdevmapper.c:1180
-#, fuzzy
-msgid "Requested deferred flag is not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:103
+#, c-format
+msgid "Cannot not read %d bytes from key file %s.\n"
+msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n"
-#: lib/libdevmapper.c:1249
-#, fuzzy, c-format
-msgid "DM-UUID for device %s was truncated."
-msgstr "DM-UUID untuk perangkat %s telah terpotong.\n"
+#: lib/setup.c:115
+msgid "Key processing error.\n"
+msgstr "Terjadi kesalahan dalam pengolahan kunci.\n"
-#: lib/libdevmapper.c:1580
-msgid "Unknown dm target type."
-msgstr ""
+#: lib/setup.c:169
+msgid "All key slots full.\n"
+msgstr "Semua slot kunci telah penuh.\n"
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
-#, fuzzy
-msgid "Requested dm-crypt performance options are not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:176 lib/setup.c:304 lib/setup.c:778
+#, c-format
+msgid "Key slot %d is invalid, please select between 0 and %d.\n"
+msgstr "Slot kunci %d tidak valid, mohon pilih diantara 0 dan %d.\n"
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
-msgid "Requested dm-verity data corruption handling options are not supported."
-msgstr ""
+#: lib/setup.c:182
+#, c-format
+msgid "Key slot %d is full, please select another one.\n"
+msgstr "Slot kunci %d penuh, mohon pilih yang lain.\n"
-#: lib/libdevmapper.c:1721
-#, fuzzy
-msgid "Requested dm-verity FEC options are not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:201
+msgid "Enter any remaining LUKS passphrase: "
+msgstr "Masukan kata sandi LUKS yang tersisa: "
-#: lib/libdevmapper.c:1725
-#, fuzzy
-msgid "Requested data integrity options are not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:222
+#, c-format
+msgid "Key slot %d verified.\n"
+msgstr "Slot kunci %d telah terverifikasi.\n"
-#: lib/libdevmapper.c:1727
-#, fuzzy
-msgid "Requested sector_size option is not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:257
+#, c-format
+msgid "Cannot get info about device %s.\n"
+msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n"
-#: lib/libdevmapper.c:1732
-msgid "Requested automatic recalculation of integrity tags is not supported."
-msgstr ""
+#: lib/setup.c:264
+#, c-format
+msgid "Device %s has zero size.\n"
+msgstr "Perangkat %s memiliki ukuran nol.\n"
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-msgid "Discard/TRIM is not supported."
-msgstr ""
+#: lib/setup.c:268
+#, c-format
+msgid "Device %s is too small.\n"
+msgstr "Perangkat %s terlalu kecil.\n"
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:293
+msgid "Enter LUKS passphrase to be deleted: "
+msgstr "Masukan kata sandi LUKS yang akan dihapus: "
-#: lib/libdevmapper.c:2713
+#: lib/setup.c:299
#, c-format
-msgid "Failed to query dm-%s segment."
-msgstr ""
+msgid "key slot %d selected for deletion.\n"
+msgstr "slot kunci %d terpilih untuk penghapusan.\n"
-#: lib/random.c:75
-msgid ""
-"System is out of entropy while generating volume key.\n"
-"Please move mouse or type some text in another window to gather some random events.\n"
-msgstr ""
+#: lib/setup.c:310
+#, c-format
+msgid "Key %d not active. Can't wipe.\n"
+msgstr "Kunci %d tidak aktif. Tidak dapat menghapus.\n"
+
+#: lib/setup.c:316
+msgid "This is the last keyslot. Device will become unusable after purging this key."
+msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini."
-#: lib/random.c:79
+#: lib/setup.c:364 lib/setup.c:1651 lib/setup.c:1704 lib/setup.c:1761
#, c-format
-msgid "Generating key (%d%% done).\n"
-msgstr ""
+msgid "Device %s already exists.\n"
+msgstr "Perangkat %s telah ada.\n"
-#: lib/random.c:165
-msgid "Running in FIPS mode."
-msgstr ""
+#: lib/setup.c:369
+#, c-format
+msgid "Invalid key size %d.\n"
+msgstr "Besar kunci %d tidak valid.\n"
-#: lib/random.c:171
-msgid "Fatal error during RNG initialisation."
-msgstr ""
+#: lib/setup.c:471 lib/setup.c:1656
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Masukan kata sandi untuk %s: "
-#: lib/random.c:208
-#, fuzzy
-msgid "Unknown RNG quality requested."
-msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n"
+#: lib/setup.c:600 lib/setup.c:628 lib/setup.c:1365 lib/setup.c:1712
+msgid "Enter passphrase: "
+msgstr "Masukan kata sandi: "
-#: lib/random.c:213
-#, fuzzy
-msgid "Error reading from RNG."
-msgstr "Kesalahan dalam pembacaan kata sandi.\n"
+#: lib/setup.c:661 lib/setup.c:1040 lib/setup.c:1803
+#, c-format
+msgid "Device %s is not active.\n"
+msgstr "Perangkat %s tidak aktif.\n"
-#: lib/setup.c:229
-#, fuzzy
-msgid "Cannot initialize crypto RNG backend."
-msgstr "Tidak dapat menginisialisasi backend crypto.\n"
+#: lib/setup.c:770
+msgid "No known cipher specification pattern detected.\n"
+msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n"
-#: lib/setup.c:235
-#, fuzzy
-msgid "Cannot initialize crypto backend."
-msgstr "Tidak dapat menginisialisasi backend crypto.\n"
+#: lib/setup.c:784
+msgid "Enter LUKS passphrase: "
+msgstr "Masukan kata sandi LUKS: "
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
-#, fuzzy, c-format
-msgid "Hash algorithm %s not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
+#: lib/setup.c:1060
+msgid "Invalid plain crypt parameters.\n"
+msgstr "Parameter crypt tidak valid.\n"
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
-#, fuzzy, c-format
-msgid "Key processing error (using hash %s)."
-msgstr "Terjadi kesalahan dalam pengolahan kunci.\n"
+#: lib/setup.c:1065
+msgid "Invalid key size.\n"
+msgstr "Ukuran kunci tidak valid.\n"
-#: lib/setup.c:335 lib/setup.c:362
-msgid "Cannot determine device type. Incompatible activation of device?"
-msgstr ""
+#: lib/setup.c:1097
+msgid "Can't format LUKS without device.\n"
+msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n"
-#: lib/setup.c:341 lib/setup.c:3058
-#, fuzzy
-msgid "This operation is supported only for LUKS device."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
+#: lib/setup.c:1112
+#, c-format
+msgid "Can't wipe header on device %s.\n"
+msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
-#: lib/setup.c:368
-#, fuzzy
-msgid "This operation is supported only for LUKS2 device."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
+#: lib/setup.c:1154
+#, c-format
+msgid "Unknown crypt device type %s requested.\n"
+msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n"
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
-#, fuzzy
-msgid "All key slots full."
-msgstr "Semua slot kunci telah penuh.\n"
+#: lib/setup.c:1187
+msgid "Cannot initialize crypto backend.\n"
+msgstr "Tidak dapat menginisialisasi backend crypto.\n"
-#: lib/setup.c:434
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select between 0 and %d."
-msgstr "Slot kunci %d tidak valid, mohon pilih diantara 0 dan %d.\n"
+#: lib/setup.c:1261
+#, c-format
+msgid "Volume %s is not active.\n"
+msgstr "Volume %s tidak aktif.\n"
-#: lib/setup.c:440
-#, fuzzy, c-format
-msgid "Key slot %d is full, please select another one."
-msgstr "Slot kunci %d penuh, mohon pilih yang lain.\n"
+#: lib/setup.c:1274
+#, c-format
+msgid "Volume %s is already suspended.\n"
+msgstr "Volume %s telah disuspend.\n"
-#: lib/setup.c:525 lib/setup.c:2832
-msgid "Device size is not aligned to device logical block size."
-msgstr ""
+#: lib/setup.c:1300 lib/setup.c:1347 lib/setup.c:1406 lib/setup.c:1484
+#: lib/setup.c:1556 lib/setup.c:1601 lib/setup.c:1695 lib/setup.c:1752
+#: lib/setup.c:1873 lib/setup.c:1956 lib/setup.c:2056
+msgid "This operation is supported only for LUKS device.\n"
+msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-#: lib/setup.c:624
-#, fuzzy, c-format
-msgid "Header detected but device %s is too small."
-msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n"
+#: lib/setup.c:1311 lib/setup.c:1358
+#, c-format
+msgid "Volume %s is not suspended.\n"
+msgstr "Volume %s tidak disuspend.\n"
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
-#, fuzzy
-msgid "This operation is not supported for this device type."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
+#: lib/setup.c:1420 lib/setup.c:1498
+msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
+msgstr "Tidak dapat menambahkan slot kunci, seluruh slot tidak aktif dan tidak ada volume kunci yang disediakan.\n"
-#: lib/setup.c:666
-msgid "Illegal operation with reencryption in-progress."
-msgstr ""
+#: lib/setup.c:1429 lib/setup.c:1504 lib/setup.c:1507
+msgid "Enter any passphrase: "
+msgstr "Masukan kata sandi: "
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
-#, fuzzy, c-format
-msgid "Unsupported LUKS version %d."
-msgstr "versi LUKS %d tidak didukung.\n"
+#: lib/setup.c:1448 lib/setup.c:1522 lib/setup.c:1526 lib/setup.c:1579
+msgid "Enter new passphrase for key slot: "
+msgstr "Masukan kasa sandi baru untuk slot kunci: "
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
-#, fuzzy, c-format
-msgid "Device %s is not active."
-msgstr "Perangkat %s tidak aktif.\n"
+#: lib/setup.c:1570 lib/setup.c:1772 lib/setup.c:1884
+msgid "Volume key does not match the volume.\n"
+msgstr "Kunci volume tidak cocok dengan volume.\n"
-#: lib/setup.c:1444
+#: lib/setup.c:1607
#, c-format
-msgid "Underlying device for crypt device %s disappeared."
-msgstr ""
+msgid "Key slot %d is invalid.\n"
+msgstr "Slot kunci %d tidak valid.\n"
-#: lib/setup.c:1524
-#, fuzzy
-msgid "Invalid plain crypt parameters."
-msgstr "Parameter crypt tidak valid.\n"
+#: lib/setup.c:1612
+#, c-format
+msgid "Key slot %d is not used.\n"
+msgstr "Slot kunci %d tidak digunakan.\n"
-#: lib/setup.c:1529 lib/setup.c:1949
-#, fuzzy
-msgid "Invalid key size."
-msgstr "Ukuran kunci tidak valid.\n"
+#: lib/setup.c:1799
+#, c-format
+msgid "Device %s is busy.\n"
+msgstr "Perangkat %s sibuk.\n"
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
-#, fuzzy
-msgid "UUID is not supported for this crypt type."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
+#: lib/setup.c:1807
+#, c-format
+msgid "Invalid device %s.\n"
+msgstr "Perangkat %s tidak valid.\n"
-#: lib/setup.c:1539 lib/setup.c:1959
-#, fuzzy
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
+#: lib/setup.c:1831
+msgid "Volume key buffer too small.\n"
+msgstr "Penyangga kunci volume terlalu kecil.\n"
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
-msgid "Unsupported encryption sector size."
-msgstr ""
+#: lib/setup.c:1839
+msgid "Cannot retrieve volume key for plain device.\n"
+msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n"
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
-msgid "Device size is not aligned to requested sector size."
-msgstr ""
+#: lib/setup.c:1861
+#, c-format
+msgid "This operation is not supported for %s crypt device.\n"
+msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-#: lib/setup.c:1608 lib/setup.c:1727
-#, fuzzy
-msgid "Can't format LUKS without device."
-msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n"
+#: lib/utils.c:416
+#, c-format
+msgid "Failed to open key file %s.\n"
+msgstr "Gagal membuka berkas kunci %s.\n"
-#: lib/setup.c:1614 lib/setup.c:1733
-msgid "Requested data alignment is not compatible with data offset."
-msgstr ""
+#: lib/utils.c:436
+msgid "Error reading passphrase from terminal.\n"
+msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n"
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr ""
+#: lib/utils.c:441
+msgid "Verify passphrase: "
+msgstr "Memverifikasi kata sandi: "
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
-#, fuzzy, c-format
-msgid "Cannot wipe header on device %s."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
+#: lib/utils.c:443
+msgid "Passphrases do not match.\n"
+msgstr "Kata sandi tidak cocok.\n"
-#: lib/setup.c:1744
-msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
-msgstr ""
+#: lib/utils.c:458
+msgid "Can't do passphrase verification on non-tty inputs.\n"
+msgstr "Tidak dapat melakukan verifikasi kata sandi di masukan bukan tty.\n"
-#: lib/setup.c:1766
-msgid "Volume key is too small for encryption with integrity extensions."
-msgstr ""
+#: lib/utils.c:471
+#, c-format
+msgid "Failed to stat key file %s.\n"
+msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-#: lib/setup.c:1821
+#: lib/utils.c:475
#, c-format
-msgid "Cipher %s-%s (key size %zd bits) is not available."
-msgstr ""
+msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
+msgstr "Peringatan: pembacaan yang melelahkan diminta, tetapi berkas kunci %s bukan sebuah berkas biasa, fungsi mungkin tidak pernah kembali.\n"
-#: lib/setup.c:1854
+#: lib/utils.c:487
+msgid "Out of memory while reading passphrase.\n"
+msgstr "Kehabisan memori ketika membaca kata sandi.\n"
+
+#: lib/utils.c:494
+msgid "Error reading passphrase.\n"
+msgstr "Kesalahan dalam pembacaan kata sandi.\n"
+
+#: lib/utils.c:531
#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
+msgid "Device %s doesn't exist or access denied.\n"
+msgstr "Perangkat %s tidak ada atau akses ditolak.\n"
-#: lib/setup.c:1858
+#: lib/utils.c:538
#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
+msgid "Cannot open device %s for %s%s access.\n"
+msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
-#, fuzzy, c-format
-msgid "Device %s is too small."
-msgstr "Perangkat %s terlalu kecil.\n"
+#: lib/utils.c:539
+msgid "exclusive "
+msgstr "ekslusif "
+
+#: lib/utils.c:540
+msgid "writable"
+msgstr "dapat-ditulis"
-#: lib/setup.c:1893 lib/setup.c:1919
-#, fuzzy, c-format
-msgid "Cannot format device %s in use."
+#: lib/utils.c:540
+msgid "read-only"
+msgstr "baca-saja"
+
+#: lib/utils.c:547
+#, c-format
+msgid "Cannot read device %s.\n"
msgstr "Tidak dapat membaca perangkat %s.\n"
-#: lib/setup.c:1896 lib/setup.c:1922
-#, fuzzy, c-format
-msgid "Cannot format device %s, permission denied."
-msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n"
+#: lib/utils.c:577
+#, c-format
+msgid "Cannot open device: %s\n"
+msgstr "Tidak dapat membuka perangkat: %s\n"
-#: lib/setup.c:1908 lib/setup.c:2229
-#, fuzzy, c-format
-msgid "Cannot format integrity for device %s."
-msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n"
+#: lib/utils.c:587
+#, c-format
+msgid "BLKROGET failed on device %s.\n"
+msgstr "BLKROGET gagal di perangkat %s.\n"
-#: lib/setup.c:1926
-#, fuzzy, c-format
-msgid "Cannot format device %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
+#: lib/utils.c:612
+#, c-format
+msgid "BLKGETSIZE failed on device %s.\n"
+msgstr "BLKGETSIZE gagal di perangkat %s.\n"
-#: lib/setup.c:1944
-#, fuzzy
-msgid "Can't format LOOPAES without device."
-msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n"
+#: lib/utils.c:660
+msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
+msgstr "PERINGATAN!!! Kemungkinan menggunakan memori tidak aman. Apakah anda root?\n"
-#: lib/setup.c:1989
-#, fuzzy
-msgid "Can't format VERITY without device."
-msgstr "Tidak dapat memformat LUKS tanpat perangkat.\n"
+#: lib/utils.c:666
+msgid "Cannot get process priority.\n"
+msgstr "Tidak dapat mendapatkan prioritas proses.\n"
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/utils.c:669 lib/utils.c:682
#, c-format
-msgid "Unsupported VERITY hash type %d."
-msgstr ""
+msgid "setpriority %u failed: %s"
+msgstr "setpriority %u gagal: %s"
-#: lib/setup.c:2006 lib/verity/verity.c:111
-msgid "Unsupported VERITY block size."
-msgstr ""
+#: lib/utils.c:680
+msgid "Cannot unlock memory."
+msgstr "Tidak dapat membuka kunci memori."
-#: lib/setup.c:2011 lib/verity/verity.c:75
-msgid "Unsupported VERITY hash offset."
-msgstr ""
+#: luks/keyencryption.c:68
+#, c-format
+msgid "Unable to obtain sector size for %s"
+msgstr "Tidak dapat mendapatkan ukuran sektor untuk %s"
-#: lib/setup.c:2016
-msgid "Unsupported VERITY FEC offset."
-msgstr ""
+#: luks/keyencryption.c:137
+msgid "Failed to obtain device mapper directory."
+msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
-#: lib/setup.c:2040
-msgid "Data area overlaps with hash area."
+#: luks/keyencryption.c:153
+#, c-format
+msgid ""
+"Failed to setup dm-crypt key mapping for device %s.\n"
+"Check that kernel supports %s cipher (check syslog for more info).\n"
+"%s"
msgstr ""
+"Gagal untuk mengkonfigurasi pemetaan kunci dm-crypt untuk perangkat %s.\n"
+"Periksa apakah kernel mendukung cipher %s (periksa syslog untuk informasi lebih lanjut).\n"
+"%s"
-#: lib/setup.c:2065
-msgid "Hash area overlaps with FEC area."
-msgstr ""
+#: luks/keyencryption.c:163
+msgid "Failed to open temporary keystore device.\n"
+msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n"
-#: lib/setup.c:2072
-msgid "Data area overlaps with FEC area."
-msgstr ""
+#: luks/keyencryption.c:170
+msgid "Failed to access temporary keystore device.\n"
+msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
-#: lib/setup.c:2208
+#: luks/keymanage.c:91
#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
+msgid "Requested file %s already exist.\n"
+msgstr "Berkas %s yang diminta telah ada.\n"
-#: lib/setup.c:2286
-#, fuzzy, c-format
-msgid "Unknown crypt device type %s requested."
-msgstr "Tipe perangkat sandi %s yang diminta tidak diketahui.\n"
+#: luks/keymanage.c:111
+#, c-format
+msgid "Device %s is not LUKS device.\n"
+msgstr "Perangkat %s bukan perangkat LUKS.\n"
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
-#, fuzzy, c-format
-msgid "Unsupported parameters on device %s."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
+#: luks/keymanage.c:131
+#, c-format
+msgid "Cannot write header backup file %s.\n"
+msgstr "Tidak dapat menulis berkas cadangan header %s.\n"
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
-#, fuzzy, c-format
-msgid "Mismatching parameters on device %s."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
+#: luks/keymanage.c:158
+#, c-format
+msgid "Backup file %s doesn't exist.\n"
+msgstr "Berkas cadangan %s tidak ada.\n"
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
+#: luks/keymanage.c:166
+msgid "Backup file do not contain valid LUKS header.\n"
+msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n"
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
+#: luks/keymanage.c:179
+#, c-format
+msgid "Cannot open header backup file %s.\n"
+msgstr "Tidak dapat membuka berkas cadangan header %s.\n"
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: luks/keymanage.c:185
+#, c-format
+msgid "Cannot read header backup file %s.\n"
+msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: luks/keymanage.c:196
+msgid "Data offset or key size differs on device and backup, restore failed.\n"
+msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n"
-#: lib/setup.c:2735
+#: luks/keymanage.c:204
#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
+msgid "Device %s %s%s"
+msgstr "Perangkat %s %s%s"
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
+#: luks/keymanage.c:205
+msgid "does not contain LUKS header. Replacing header can destroy data on that device."
+msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu."
-#: lib/setup.c:2817
-#, fuzzy
-msgid "Cannot resize loop device."
-msgstr "Tidak dapat membaca perangkat %s.\n"
+#: luks/keymanage.c:206
+msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
+msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada."
-#: lib/setup.c:2890
-msgid "Do you really want to change UUID of device?"
+#: luks/keymanage.c:207
+msgid ""
+"\n"
+"WARNING: real device header has different UUID than backup!"
msgstr ""
+"\n"
+"PERINGATAN: header perangkat ril memiliki UUID berbeda dengan cadangan!"
-#: lib/setup.c:2966
-#, fuzzy
-msgid "Header backup file does not contain compatible LUKS header."
-msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n"
+#: luks/keymanage.c:222 luks/keymanage.c:319 luks/keymanage.c:354
+#, c-format
+msgid "Cannot open device %s.\n"
+msgstr "Tidak dapat membuka perangkat %s.\n"
-#: lib/setup.c:3066
-#, fuzzy, c-format
-msgid "Volume %s is not active."
-msgstr "Volume %s tidak aktif.\n"
+#: luks/keymanage.c:254
+#, c-format
+msgid "%s is not LUKS device.\n"
+msgstr "%s bukan perangkat LUKS.\n"
-#: lib/setup.c:3077
-#, fuzzy, c-format
-msgid "Volume %s is already suspended."
-msgstr "Volume %s telah disuspend.\n"
+#: luks/keymanage.c:256
+#, c-format
+msgid "%s is not LUKS device."
+msgstr "%s bukan perangkat LUKS."
-#: lib/setup.c:3090
-#, fuzzy, c-format
-msgid "Suspend is not supported for device %s."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
+#: luks/keymanage.c:259
+#, c-format
+msgid "Unsupported LUKS version %d.\n"
+msgstr "versi LUKS %d tidak didukung.\n"
-#: lib/setup.c:3092
-#, fuzzy, c-format
-msgid "Error during suspending device %s."
-msgstr "Error selama memperbarui header LUKS di perangkat %s.\n"
+#: luks/keymanage.c:262
+#, c-format
+msgid "Requested LUKS hash %s is not supported.\n"
+msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
-#: lib/setup.c:3128
-#, fuzzy, c-format
-msgid "Resume is not supported for device %s."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
+#: luks/keymanage.c:293
+#, c-format
+msgid "Cannot open file %s.\n"
+msgstr "Tidak dapat membuka berkas %s.\n"
-#: lib/setup.c:3130
-#, fuzzy, c-format
-msgid "Error during resuming device %s."
+#: luks/keymanage.c:331
+#, c-format
+msgid "LUKS header detected but device %s is too small.\n"
+msgstr "Header LUKS terdeteksi tetapi perangkat %s terlalu kecil.\n"
+
+#: luks/keymanage.c:375
+#, c-format
+msgid "Error during update of LUKS header on device %s.\n"
msgstr "Error selama memperbarui header LUKS di perangkat %s.\n"
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, fuzzy, c-format
-msgid "Volume %s is not suspended."
-msgstr "Volume %s tidak disuspend.\n"
+#: luks/keymanage.c:382
+#, c-format
+msgid "Error re-reading LUKS header after update on device %s.\n"
+msgstr "Error membaca-kembali header LUKS setelah memperbarui di perangkat %s.\n"
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-#, fuzzy
-msgid "Volume key does not match the volume."
-msgstr "Kunci volume tidak cocok dengan volume.\n"
+#: luks/keymanage.c:394
+#, c-format
+msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
+msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)."
-#: lib/setup.c:3344 lib/setup.c:3535
-#, fuzzy
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Tidak dapat menambahkan slot kunci, seluruh slot tidak aktif dan tidak ada volume kunci yang disediakan.\n"
+#: luks/keymanage.c:439
+msgid "Cannot create LUKS header: reading random salt failed.\n"
+msgstr "Tidak dapat membuat header LUKS: pembacaan garam acak gagal.\n"
-#: lib/setup.c:3487
-#, fuzzy
-msgid "Failed to swap new key slot."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
+#: luks/keymanage.c:456
+#, c-format
+msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
+msgstr "Tidak dapat membuat header LUKS: digest header gagal (menggunakan hash %s).\n"
-#: lib/setup.c:3673
-#, fuzzy, c-format
-msgid "Key slot %d is invalid."
-msgstr "Slot kunci %d tidak valid.\n"
+#: luks/keymanage.c:473
+msgid "Wrong UUID format provided, generating new one.\n"
+msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n"
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
-#, fuzzy, c-format
-msgid "Keyslot %d is not active."
-msgstr "Slot kunci %d tidak digunakan.\n"
+#: luks/keymanage.c:500
+#, c-format
+msgid "Key slot %d active, purge first.\n"
+msgstr "Slot kunci %d aktif, hapus terlebih dahulu.\n"
-#: lib/setup.c:3698
-msgid "Device header overlaps with data area."
-msgstr ""
+#: luks/keymanage.c:505
+#, c-format
+msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
+msgstr "Slot kunci %d material terdapat terlalu sedikit stripes. Manipulasi header?\n"
-#: lib/setup.c:3992
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr ""
+#: luks/keymanage.c:564
+msgid "Failed to write to key storage.\n"
+msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "Besar dari kunci enkripsi"
+#: luks/keymanage.c:641
+msgid "Failed to read from key storage.\n"
+msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-msgid "LUKS2 reencryption recovery failed."
-msgstr ""
+#: luks/keymanage.c:650
+#, c-format
+msgid "Key slot %d unlocked.\n"
+msgstr "Slot kunci %d tidak terkunci.\n"
-#: lib/setup.c:4175 lib/setup.c:4437
-msgid "Device type is not properly initialized."
-msgstr ""
+#: luks/keymanage.c:683
+msgid "No key available with this passphrase.\n"
+msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n"
-#: lib/setup.c:4223
-#, fuzzy, c-format
-msgid "Device %s already exists."
-msgstr "Perangkat %s telah ada.\n"
+#: luks/keymanage.c:760
+#, c-format
+msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
+msgstr "Slot kunci %d tidak valid, mohon pilih slot kunci diantara 0 dan %d.\n"
-#: lib/setup.c:4230
+#: luks/keymanage.c:772
#, c-format
-msgid "Cannot use device %s, name is invalid or still in use."
-msgstr ""
-
-#: lib/setup.c:4350
-#, fuzzy
-msgid "Incorrect volume key specified for plain device."
-msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n"
-
-#: lib/setup.c:4463
-msgid "Incorrect root hash specified for verity device."
-msgstr ""
-
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr ""
-
-#: lib/setup.c:4496 lib/setup.c:5976
-#, fuzzy
-msgid "Failed to load key in kernel keyring."
-msgstr "Gagal membuka berkas kunci %s.\n"
-
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
-#, fuzzy, c-format
-msgid "Device %s is still in use."
-msgstr "Perangkat %s sibuk.\n"
-
-#: lib/setup.c:4574
-#, fuzzy, c-format
-msgid "Invalid device %s."
-msgstr "Perangkat %s tidak valid.\n"
-
-#: lib/setup.c:4690
-#, fuzzy
-msgid "Volume key buffer too small."
-msgstr "Penyangga kunci volume terlalu kecil.\n"
-
-#: lib/setup.c:4698
-#, fuzzy
-msgid "Cannot retrieve volume key for plain device."
-msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n"
-
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "Tidak dapat mendapatkan kunci volume untuk perangkat.\n"
-
-#: lib/setup.c:4717
-#, fuzzy, c-format
-msgid "This operation is not supported for %s crypt device."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: lib/setup.c:4923
-#, fuzzy
-msgid "Dump operation is not supported for this device type."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
-#, fuzzy, c-format
-msgid "Cannot convert device %s which is still in use."
-msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n"
-
-#: lib/setup.c:5833
-#, c-format
-msgid "Failed to assign keyslot %u as the new volume key."
-msgstr ""
-
-#: lib/setup.c:5906
-msgid "Failed to initialize default LUKS2 keyslot parameters."
-msgstr ""
-
-#: lib/setup.c:5912
-#, fuzzy, c-format
-msgid "Failed to assign keyslot %d to digest."
-msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
-
-#: lib/setup.c:6043
-msgid "Kernel keyring is not supported by the kernel."
-msgstr ""
-
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
-#, fuzzy, c-format
-msgid "Failed to read passphrase from keyring (error %d)."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
-
-#: lib/utils.c:80
-#, fuzzy
-msgid "Cannot get process priority."
-msgstr "Tidak dapat mendapatkan prioritas proses.\n"
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Tidak dapat membuka kunci memori."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
-#, fuzzy
-msgid "Failed to open key file."
-msgstr "Gagal membuka berkas kunci %s.\n"
-
-#: lib/utils.c:173
-#, fuzzy
-msgid "Cannot read keyfile from a terminal."
-msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n"
-
-#: lib/utils.c:190
-#, fuzzy
-msgid "Failed to stat key file."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: lib/utils.c:198 lib/utils.c:219
-msgid "Cannot seek to requested keyfile offset."
-msgstr ""
-
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
-#, fuzzy
-msgid "Out of memory while reading passphrase."
-msgstr "Kehabisan memori ketika membaca kata sandi.\n"
-
-#: lib/utils.c:248
-#, fuzzy
-msgid "Error reading passphrase."
-msgstr "Kesalahan dalam pembacaan kata sandi.\n"
-
-#: lib/utils.c:265
-msgid "Nothing to read on input."
-msgstr ""
-
-#: lib/utils.c:272
-msgid "Maximum keyfile size exceeded."
-msgstr ""
-
-#: lib/utils.c:277
-msgid "Cannot read requested amount of data."
-msgstr ""
-
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
-msgstr "Perangkat %s tidak ada atau akses ditolak.\n"
-
-#: lib/utils_device.c:200
-#, fuzzy, c-format
-msgid "Device %s is not compatible."
-msgstr "Perangkat %s tidak aktif.\n"
-
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
-#, c-format
-msgid "Device %s is too small. Need at least %<PRIu64> bytes."
-msgstr ""
-
-#: lib/utils_device.c:747
-#, c-format
-msgid "Cannot use device %s which is in use (already mapped or mounted)."
-msgstr ""
-
-#: lib/utils_device.c:751
-#, fuzzy, c-format
-msgid "Cannot use device %s, permission denied."
-msgstr "Tidak dapat membuka perangkat %s untuk akses %s%s.\n"
-
-#: lib/utils_device.c:754
-#, fuzzy, c-format
-msgid "Cannot get info about device %s."
-msgstr "Tidak dapat mendapatkan informasi mengenai perangkat %s.\n"
-
-#: lib/utils_device.c:777
-msgid "Cannot use a loopback device, running as non-root user."
-msgstr ""
-
-#: lib/utils_device.c:787
-msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
-msgstr ""
-
-#: lib/utils_device.c:833
-#, c-format
-msgid "Requested offset is beyond real size of device %s."
-msgstr ""
-
-#: lib/utils_device.c:841
-#, fuzzy, c-format
-msgid "Device %s has zero size."
-msgstr "Perangkat %s memiliki ukuran nol.\n"
-
-#: lib/utils_pbkdf.c:100
-msgid "Requested PBKDF target time cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:106
-#, c-format
-msgid "Unknown PBKDF type %s."
-msgstr ""
-
-#: lib/utils_pbkdf.c:111
-#, fuzzy, c-format
-msgid "Requested hash %s is not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
-
-#: lib/utils_pbkdf.c:122
-#, fuzzy
-msgid "Requested PBKDF type is not supported for LUKS1."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
-
-#: lib/utils_pbkdf.c:128
-msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
-msgstr ""
-
-#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
-#, c-format
-msgid "Forced iteration count is too low for %s (minimum is %u)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:148
-#, c-format
-msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:155
-#, c-format
-msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:160
-msgid "Requested maximum PBKDF memory cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:164
-msgid "Requested PBKDF parallel threads cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
-
-#: lib/utils_benchmark.c:172
-msgid "PBKDF benchmark disabled but iterations not set."
-msgstr ""
-
-#: lib/utils_benchmark.c:191
-#, c-format
-msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
-msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)."
-
-#: lib/utils_benchmark.c:211
-#, fuzzy
-msgid "Not compatible PBKDF options."
-msgstr "Pilihan PBKDF2 tidak kompatibel (menggunakan algoritma hash %s)."
-
-#: lib/utils_device_locking.c:102
-#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
-msgstr ""
-
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
-
-#: lib/utils_device_locking.c:119
-#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
-msgstr ""
-
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-#, fuzzy
-msgid "Cannot seek to device offset."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: lib/utils_wipe.c:208
-#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:39
-#, fuzzy, c-format
-msgid ""
-"Failed to setup dm-crypt key mapping for device %s.\n"
-"Check that kernel supports %s cipher (check syslog for more info)."
-msgstr ""
-"Gagal untuk mengkonfigurasi pemetaan kunci dm-crypt untuk perangkat %s.\n"
-"Periksa apakah kernel mendukung cipher %s (periksa syslog untuk informasi lebih lanjut).\n"
-"%s"
-
-#: lib/luks1/keyencryption.c:44
-#, fuzzy
-msgid "Key size in XTS mode must be 256 or 512 bits."
-msgstr "Kunci harus kelipatan dari 8 bit"
-
-#: lib/luks1/keyencryption.c:46
-msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
-#, fuzzy, c-format
-msgid "Cannot write to device %s, permission denied."
-msgstr "Tidak dapat menghapus perangkat %s.\n"
-
-#: lib/luks1/keyencryption.c:120
-#, fuzzy
-msgid "Failed to open temporary keystore device."
-msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n"
-
-#: lib/luks1/keyencryption.c:127
-#, fuzzy
-msgid "Failed to access temporary keystore device."
-msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
-
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
-#, fuzzy
-msgid "IO error while encrypting keyslot."
-msgstr "Besar dari kunci enkripsi"
-
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
-#, fuzzy, c-format
-msgid "Cannot open device %s."
-msgstr "Tidak dapat membuka perangkat %s.\n"
-
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
-msgid "IO error while decrypting keyslot."
-msgstr ""
-
-#: lib/luks1/keymanage.c:110
-#, c-format
-msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
-msgstr ""
-
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
-#, fuzzy, c-format
-msgid "LUKS keyslot %u is invalid."
-msgstr "Slot kunci %d tidak valid.\n"
-
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, fuzzy, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Perangkat %s bukan perangkat LUKS.\n"
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
-#, fuzzy, c-format
-msgid "Requested header backup file %s already exists."
-msgstr "Berkas %s yang diminta telah ada.\n"
-
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
-#, fuzzy, c-format
-msgid "Cannot create header backup file %s."
-msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
-#, fuzzy, c-format
-msgid "Cannot write header backup file %s."
-msgstr "Tidak dapat menulis berkas cadangan header %s.\n"
-
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
-msgstr "Berkas cadangan tidak berisi header LUKS yang valid.\n"
-
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
-#, fuzzy, c-format
-msgid "Cannot open header backup file %s."
-msgstr "Tidak dapat membuka berkas cadangan header %s.\n"
-
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
-#, fuzzy, c-format
-msgid "Cannot read header backup file %s."
-msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-
-#: lib/luks1/keymanage.c:317
-#, fuzzy
-msgid "Data offset or key size differs on device and backup, restore failed."
-msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n"
-
-#: lib/luks1/keymanage.c:325
-#, c-format
-msgid "Device %s %s%s"
-msgstr "Perangkat %s %s%s"
-
-#: lib/luks1/keymanage.c:326
-msgid "does not contain LUKS header. Replacing header can destroy data on that device."
-msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu."
-
-#: lib/luks1/keymanage.c:327
-msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
-msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada."
-
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
-msgid ""
-"\n"
-"WARNING: real device header has different UUID than backup!"
-msgstr ""
-"\n"
-"PERINGATAN: header perangkat ril memiliki UUID berbeda dengan cadangan!"
-
-#: lib/luks1/keymanage.c:375
-msgid "Non standard key size, manual repair required."
-msgstr ""
-
-#: lib/luks1/keymanage.c:385
-msgid "Non standard keyslots alignment, manual repair required."
-msgstr ""
-
-#: lib/luks1/keymanage.c:397
-msgid "Repairing keyslots."
-msgstr ""
-
-#: lib/luks1/keymanage.c:416
-#, c-format
-msgid "Keyslot %i: offset repaired (%u -> %u)."
-msgstr ""
-
-#: lib/luks1/keymanage.c:424
-#, c-format
-msgid "Keyslot %i: stripes repaired (%u -> %u)."
-msgstr ""
-
-#: lib/luks1/keymanage.c:433
-#, c-format
-msgid "Keyslot %i: bogus partition signature."
-msgstr ""
-
-#: lib/luks1/keymanage.c:438
-#, fuzzy, c-format
-msgid "Keyslot %i: salt wiped."
-msgstr "Slot kunci %d tidak valid.\n"
-
-#: lib/luks1/keymanage.c:455
-msgid "Writing LUKS header to disk."
-msgstr ""
-
-#: lib/luks1/keymanage.c:460
-msgid "Repair failed."
-msgstr ""
-
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
-#, fuzzy, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Hash %s LUKS yang diminta tidak didukung.\n"
-
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
-msgid "No known problems detected for LUKS header."
-msgstr ""
-
-#: lib/luks1/keymanage.c:667
-#, fuzzy, c-format
-msgid "Error during update of LUKS header on device %s."
-msgstr "Error selama memperbarui header LUKS di perangkat %s.\n"
-
-#: lib/luks1/keymanage.c:675
-#, fuzzy, c-format
-msgid "Error re-reading LUKS header after update on device %s."
-msgstr "Error membaca-kembali header LUKS setelah memperbarui di perangkat %s.\n"
-
-#: lib/luks1/keymanage.c:751
-msgid "Data offset for LUKS header must be either 0 or higher than header size."
-msgstr ""
-
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
-#, fuzzy
-msgid "Wrong LUKS UUID format provided."
-msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n"
-
-#: lib/luks1/keymanage.c:785
-#, fuzzy
-msgid "Cannot create LUKS header: reading random salt failed."
-msgstr "Tidak dapat membuat header LUKS: pembacaan garam acak gagal.\n"
-
-#: lib/luks1/keymanage.c:811
-#, fuzzy, c-format
-msgid "Cannot create LUKS header: header digest failed (using hash %s)."
-msgstr "Tidak dapat membuat header LUKS: digest header gagal (menggunakan hash %s).\n"
-
-#: lib/luks1/keymanage.c:855
-#, fuzzy, c-format
-msgid "Key slot %d active, purge first."
-msgstr "Slot kunci %d aktif, hapus terlebih dahulu.\n"
-
-#: lib/luks1/keymanage.c:861
-#, fuzzy, c-format
-msgid "Key slot %d material includes too few stripes. Header manipulation?"
-msgstr "Slot kunci %d material terdapat terlalu sedikit stripes. Manipulasi header?\n"
-
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Tidak dapat membuka perangkat %s.\n"
-
-#: lib/luks1/keymanage.c:1080
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
-msgstr "Slot kunci %d tidak valid, mohon pilih slot kunci diantara 0 dan %d.\n"
-
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
-#, fuzzy, c-format
-msgid "Cannot wipe device %s."
-msgstr "Tidak dapat menghapus perangkat %s.\n"
-
-#: lib/loopaes/loopaes.c:146
-msgid "Detected not yet supported GPG encrypted keyfile."
-msgstr ""
-
-#: lib/loopaes/loopaes.c:147
-msgid "Please use gpg --decrypt <KEYFILE> | cryptsetup --keyfile=- ...\n"
-msgstr ""
-
-#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188
-msgid "Incompatible loop-AES keyfile detected."
-msgstr ""
-
-#: lib/loopaes/loopaes.c:245
-msgid "Kernel does not support loop-AES compatible mapping."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:504
-#, fuzzy, c-format
-msgid "Error reading keyfile %s."
-msgstr "Kesalahan dalam pembacaan kata sandi.\n"
-
-#: lib/tcrypt/tcrypt.c:554
-#, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:595
-#, c-format
-msgid "PBKDF2 hash algorithm %s not available, skipping."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
-msgid "Required kernel crypto interface not available."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
-msgid "Ensure you have algif_skcipher kernel module loaded."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:753
-#, fuzzy, c-format
-msgid "Activation is not supported for %d sector size."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: lib/tcrypt/tcrypt.c:759
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:790
-#, c-format
-msgid "Activating TCRYPT system encryption for partition %s."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:868
-msgid "Kernel does not support TCRYPT compatible mapping."
-msgstr ""
-
-#: lib/tcrypt/tcrypt.c:1090
-#, fuzzy
-msgid "This function is not supported without TCRYPT header load."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: lib/bitlk/bitlk.c:350
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:402
-#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:419
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:502
-#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "versi LUKS %d tidak didukung.\n"
-
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: lib/bitlk/bitlk.c:571
-#, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:622
-msgid "Unknown or unsupported encryption type."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:655
-#, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr ""
-
-#: lib/verity/verity.c:91
-#, fuzzy, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Perangkat %s bukan perangkat LUKS.\n"
-
-#: lib/verity/verity.c:98
-#, fuzzy, c-format
-msgid "Unsupported VERITY version %d."
-msgstr "versi LUKS %d tidak didukung.\n"
-
-#: lib/verity/verity.c:129
-msgid "VERITY header corrupted."
-msgstr ""
-
-#: lib/verity/verity.c:174
-#, fuzzy, c-format
-msgid "Wrong VERITY UUID format provided on device %s."
-msgstr "Format UUID yang disediakan berbeda, membuat yang baru.\n"
-
-#: lib/verity/verity.c:218
-#, fuzzy, c-format
-msgid "Error during update of verity header on device %s."
-msgstr "Error selama memperbarui header LUKS di perangkat %s.\n"
-
-#: lib/verity/verity.c:276
-msgid "Root hash signature verification is not supported."
-msgstr ""
-
-#: lib/verity/verity.c:288
-msgid "Errors cannot be repaired with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:290
-#, c-format
-msgid "Found %u repairable errors with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:333
-msgid "Kernel does not support dm-verity mapping."
-msgstr ""
-
-#: lib/verity/verity.c:337
-msgid "Kernel does not support dm-verity signature option."
-msgstr ""
-
-#: lib/verity/verity.c:348
-msgid "Verity device detected corruption after activation."
-msgstr ""
-
-#: lib/verity/verity_hash.c:59
-#, c-format
-msgid "Spare area is not zeroed at position %<PRIu64>."
-msgstr ""
-
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
-msgid "Device offset overflow."
-msgstr ""
-
-#: lib/verity/verity_hash.c:194
-#, c-format
-msgid "Verification failed at position %<PRIu64>."
-msgstr ""
-
-#: lib/verity/verity_hash.c:273
-msgid "Hash area overflow."
-msgstr ""
-
-#: lib/verity/verity_hash.c:346
-msgid "Verification of data area failed."
-msgstr ""
-
-#: lib/verity/verity_hash.c:351
-msgid "Verification of root hash failed."
-msgstr ""
-
-#: lib/verity/verity_hash.c:357
-#, fuzzy
-msgid "Input/output error while creating hash area."
-msgstr "Kehabisan memori ketika membaca kata sandi.\n"
-
-#: lib/verity/verity_hash.c:359
-msgid "Creation of hash area failed."
-msgstr ""
-
-#: lib/verity/verity_hash.c:394
-#, c-format
-msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
-msgstr ""
-
-#: lib/verity/verity_fec.c:131
-msgid "Failed to allocate RS context."
-msgstr ""
-
-#: lib/verity/verity_fec.c:149
-#, fuzzy
-msgid "Failed to allocate buffer."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: lib/verity/verity_fec.c:159
-#, c-format
-msgid "Failed to read RS block %<PRIu64> byte %d."
-msgstr ""
-
-#: lib/verity/verity_fec.c:172
-#, c-format
-msgid "Failed to read parity for RS block %<PRIu64>."
-msgstr ""
-
-#: lib/verity/verity_fec.c:180
-#, c-format
-msgid "Failed to repair parity for block %<PRIu64>."
-msgstr ""
-
-#: lib/verity/verity_fec.c:191
-#, c-format
-msgid "Failed to write parity for RS block %<PRIu64>."
-msgstr ""
-
-#: lib/verity/verity_fec.c:227
-msgid "Block sizes must match for FEC."
-msgstr ""
-
-#: lib/verity/verity_fec.c:233
-msgid "Invalid number of parity bytes."
-msgstr ""
-
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
-msgstr ""
-
-#: lib/verity/verity_fec.c:302
-#, fuzzy, c-format
-msgid "Failed to determine size for device %s."
-msgstr "Gagal membuka berkas kunci %s.\n"
-
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-msgid "Kernel does not support dm-integrity mapping."
-msgstr ""
-
-#: lib/integrity/integrity.c:278
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
-msgstr ""
-
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
-#, fuzzy, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
-
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
-msgid ""
-"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
-"Please run \"cryptsetup repair\" for recovery."
-msgstr ""
-
-#: lib/luks2/luks2_json_format.c:227
-#, fuzzy
-msgid "Requested data offset is too small."
-msgstr "Perangkat %s terlalu kecil.\n"
-
-#: lib/luks2/luks2_json_format.c:272
-#, c-format
-msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
-#, fuzzy, c-format
-msgid "Failed to acquire read lock on device %s."
-msgstr "Gagal untuk mengakses perangkat penyimpan kunci sementara.\n"
-
-#: lib/luks2/luks2_json_metadata.c:1262
-#, c-format
-msgid "Forbidden LUKS2 requirements detected in backup %s."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:1303
-#, fuzzy
-msgid "Data offset differ on device and backup, restore failed."
-msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n"
-
-#: lib/luks2/luks2_json_metadata.c:1309
-#, fuzzy
-msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
-msgstr "Data offset atau ukuran kunci berbeda di perangkat dan cadangan, pengembalian gagal.\n"
-
-#: lib/luks2/luks2_json_metadata.c:1316
-#, fuzzy, c-format
-msgid "Device %s %s%s%s%s"
-msgstr "Perangkat %s %s%s"
-
-#: lib/luks2/luks2_json_metadata.c:1317
-#, fuzzy
-msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
-msgstr "tidak berisi header LUKS. Mengganti header dapat menghancurkan data di perangkat itu."
-
-#: lib/luks2/luks2_json_metadata.c:1318
-#, fuzzy
-msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
-msgstr "telah berisi header LUKS. Mengganti header dapat mengganti slot kunci yang telah ada."
-
-#: lib/luks2/luks2_json_metadata.c:1320
-msgid ""
-"\n"
-"WARNING: unknown LUKS2 requirements detected in real device header!\n"
-"Replacing header with backup may corrupt the data on that device!"
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:1322
-msgid ""
-"\n"
-"WARNING: Unfinished offline reencryption detected on the device!\n"
-"Replacing header with backup may corrupt data."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:1420
-#, c-format
-msgid "Ignored unknown flag %s."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
-#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-#, fuzzy
-msgid "Failed to set dm-linear segment."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
-#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2519
-msgid "Failed to read LUKS2 requirements."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2526
-msgid "Unmet LUKS2 requirements detected."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "Slot kunci %d telah terverifikasi.\n"
-
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot_luks2.c:480
-msgid "No space for new keyslot."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:482
-#, c-format
-msgid "Cannot check status of device with uuid: %s."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:508
-msgid "Unable to convert header with LUKSMETA additional metadata."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:548
-msgid "Unable to move keyslot area. Not enough space."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:599
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
-msgid "Unable to move keyslot area."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:697
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:705
-msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:717
-#, c-format
-msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:725
-#, c-format
-msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:739
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:744
-#, c-format
-msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:749
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1007
-#, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "versi LUKS %d tidak didukung.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2092
-#, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2170
-msgid "Failed to refresh reencryption devices stack."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2430
-#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2451
-#, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2472
-#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2647
-msgid "Device not marked for LUKS2 reencryption."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-msgid "Failed to load LUKS2 reencryption context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "Perangkat %s tidak aktif.\n"
-
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-msgid "Reencryption process is already running."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-msgid "Failed to acquire reencryption lock."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2889
-msgid "Active device size and requested reencryption size don't match."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2973
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3136
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3225
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3267
-msgid "Failed to write reencryption resilience metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3274
-msgid "Decryption failed."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3284
-msgid "Failed to sync data."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3388
-#, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "Tidak dapat menginisialisasi backend crypto.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-msgid "Failed to update reencryption context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt_digest.c:376
-msgid "Reencryption metadata is invalid."
-msgstr ""
-
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr ""
-
-#: lib/luks2/luks2_token.c:270
-#, fuzzy, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: src/cryptsetup.c:198
-#, fuzzy
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Tidak dapat melakukan verifikasi kata sandi di masukan bukan tty.\n"
-
-#: src/cryptsetup.c:261
-#, fuzzy
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
-#, fuzzy
-msgid "No known cipher specification pattern detected."
-msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n"
-
-#: src/cryptsetup.c:299
-msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
-msgstr ""
-
-#: src/cryptsetup.c:307
-msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
-msgstr ""
-
-#: src/cryptsetup.c:347
-#, c-format
-msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
-msgstr ""
-
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
-msgid "Operation aborted.\n"
-msgstr ""
-
-#: src/cryptsetup.c:421
-#, fuzzy
-msgid "Option --key-file is required."
-msgstr "Pilihan --header-backup-file dibutuhkan.\n"
-
-#: src/cryptsetup.c:474
-msgid "Enter VeraCrypt PIM: "
-msgstr ""
-
-#: src/cryptsetup.c:483
-msgid "Invalid PIM value: parse error."
-msgstr ""
-
-#: src/cryptsetup.c:486
-#, fuzzy
-msgid "Invalid PIM value: 0."
-msgstr "Perangkat %s tidak valid.\n"
-
-#: src/cryptsetup.c:489
-msgid "Invalid PIM value: outside of range."
-msgstr ""
-
-#: src/cryptsetup.c:512
-#, fuzzy
-msgid "No device header detected with this passphrase."
-msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n"
-
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "Perangkat %s bukan perangkat LUKS.\n"
-
-#: src/cryptsetup.c:617
-msgid ""
-"Header dump with volume key is sensitive information\n"
-"which allows access to encrypted partition without passphrase.\n"
-"This dump should be always stored encrypted on safe place."
-msgstr ""
-
-#: src/cryptsetup.c:714
-#, c-format
-msgid "Device %s is still active and scheduled for deferred removal.\n"
-msgstr ""
-
-#: src/cryptsetup.c:742
-msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
-msgstr ""
-
-#: src/cryptsetup.c:885
-msgid "Benchmark interrupted."
-msgstr ""
-
-#: src/cryptsetup.c:906
-#, c-format
-msgid "PBKDF2-%-9s N/A\n"
-msgstr ""
-
-#: src/cryptsetup.c:908
-#, c-format
-msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
-msgstr ""
-
-#: src/cryptsetup.c:922
-#, c-format
-msgid "%-10s N/A\n"
-msgstr ""
-
-#: src/cryptsetup.c:924
-#, c-format
-msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
-msgstr ""
-
-#: src/cryptsetup.c:948
-msgid "Result of benchmark is not reliable."
-msgstr ""
-
-#: src/cryptsetup.c:998
-msgid "# Tests are approximate using memory only (no storage IO).\n"
-msgstr ""
-
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
-#, c-format
-msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
-msgstr ""
-
-#: src/cryptsetup.c:1022
-#, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr ""
-
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
-msgid "# Algorithm | Key | Encryption | Decryption\n"
-msgstr ""
-
-#: src/cryptsetup.c:1052
-msgid "N/A"
-msgstr ""
-
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr ""
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Masukan kata sandi LUKS yang akan dihapus: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "Masukan kasa sandi baru untuk slot kunci: "
-
-#: src/cryptsetup.c:1245
-#, fuzzy
-msgid "Really try to repair LUKS device header?"
-msgstr "Kembalikan header perangkat LUKS dan slot kunci"
-
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
-msgid ""
-"Wiping device to initialize integrity checksum.\n"
-"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
-msgstr ""
-
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
-#, fuzzy, c-format
-msgid "Cannot deactivate temporary device %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: src/cryptsetup.c:1351
-msgid "Integrity option can be used only for LUKS2 format."
-msgstr ""
-
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
-#, fuzzy
-msgid "Unsupported LUKS2 metadata size options."
-msgstr "versi LUKS %d tidak didukung.\n"
-
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
-#, fuzzy, c-format
-msgid "Cannot create header file %s."
-msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
-#, fuzzy
-msgid "No known integrity specification pattern detected."
-msgstr "Tidak ada pola spesifikasi cipher yang dikenal terdeteksi.\n"
-
-#: src/cryptsetup.c:1409
-#, c-format
-msgid "Cannot use %s as on-disk header."
-msgstr ""
-
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
-#, c-format
-msgid "This will overwrite data on %s irrevocably."
-msgstr "Ini akan memaksa menulis data di %s secara permanen."
-
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
-#, fuzzy
-msgid "Failed to set pbkdf parameters."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: src/cryptsetup.c:1551
-msgid "Reduced data offset is allowed only for detached LUKS header."
-msgstr ""
-
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
-msgid "Device activated but cannot make flags persistent."
-msgstr ""
-
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
-#, fuzzy, c-format
-msgid "Keyslot %d is selected for deletion."
-msgstr "slot kunci %d terpilih untuk penghapusan.\n"
-
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
-msgid "This is the last keyslot. Device will become unusable after purging this key."
-msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini."
-
-#: src/cryptsetup.c:1694
-#, fuzzy
-msgid "Enter any remaining passphrase: "
-msgstr "Masukan kata sandi LUKS yang tersisa: "
-
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
-msgid "Operation aborted, the keyslot was NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:1733
-#, fuzzy
-msgid "Enter passphrase to be deleted: "
-msgstr "Masukan kata sandi LUKS yang akan dihapus: "
-
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
-msgid "Enter new passphrase for key slot: "
-msgstr "Masukan kasa sandi baru untuk slot kunci: "
-
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
-#, fuzzy, c-format
-msgid "Enter any existing passphrase: "
-msgstr "Masukan kata sandi: "
-
-#: src/cryptsetup.c:1973
-#, fuzzy
-msgid "Enter passphrase to be changed: "
-msgstr "Masukan kata sandi LUKS yang akan dihapus: "
-
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
-#, fuzzy
-msgid "Enter new passphrase: "
-msgstr "Masukan kata sandi: "
-
-#: src/cryptsetup.c:2039
-#, fuzzy
-msgid "Enter passphrase for keyslot to be converted: "
-msgstr "Masukan kasa sandi baru untuk slot kunci: "
-
-#: src/cryptsetup.c:2063
-msgid "Only one device argument for isLuks operation is supported."
-msgstr ""
-
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Slot kunci %d tidak digunakan.\n"
-
-#: src/cryptsetup.c:2184
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s bukan perangkat LUKS."
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
-#, fuzzy
-msgid "Option --header-backup-file is required."
-msgstr "Pilihan --header-backup-file dibutuhkan.\n"
-
-#: src/cryptsetup.c:2386
-#, fuzzy, c-format
-msgid "%s is not cryptsetup managed device."
-msgstr "%s bukan perangkat LUKS."
-
-#: src/cryptsetup.c:2397
-#, fuzzy, c-format
-msgid "Refresh is not supported for device type %s"
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: src/cryptsetup.c:2439
-#, c-format
-msgid "Unrecognized metadata device type %s."
-msgstr ""
-
-#: src/cryptsetup.c:2442
-msgid "Command requires device and mapped name as arguments."
-msgstr ""
-
-#: src/cryptsetup.c:2464
-#, fuzzy, c-format
-msgid ""
-"This operation will erase all keyslots on device %s.\n"
-"Device will become unusable after this operation."
-msgstr "Ini adalah slot kunci terakhir. Perangkat mungkin akan menjadi tidak stabil setelah menghapus kunci ini."
-
-#: src/cryptsetup.c:2471
-msgid "Operation aborted, keyslots were NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2510
-msgid "Invalid LUKS type, only luks1 and luks2 are supported."
-msgstr ""
-
-#: src/cryptsetup.c:2528
-#, fuzzy, c-format
-msgid "Device is already %s type."
-msgstr "Perangkat %s telah ada.\n"
-
-#: src/cryptsetup.c:2533
-#, fuzzy, c-format
-msgid "This operation will convert %s to %s format.\n"
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: src/cryptsetup.c:2539
-msgid "Operation aborted, device was NOT converted.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2579
-msgid "Option --priority, --label or --subsystem is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
-#, fuzzy, c-format
-msgid "Token %d is invalid."
-msgstr "Slot kunci %d tidak valid.\n"
-
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
-#, c-format
-msgid "Token %d in use."
-msgstr ""
-
-#: src/cryptsetup.c:2623
-#, fuzzy, c-format
-msgid "Failed to add luks2-keyring token %d."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
-#, fuzzy, c-format
-msgid "Failed to assign token %d to keyslot %d."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: src/cryptsetup.c:2649
-#, fuzzy, c-format
-msgid "Token %d is not in use."
-msgstr "Slot kunci %d tidak digunakan.\n"
-
-#: src/cryptsetup.c:2684
-#, fuzzy
-msgid "Failed to import token from file."
-msgstr "Gagal membuka berkas kunci %s.\n"
-
-#: src/cryptsetup.c:2709
-#, fuzzy, c-format
-msgid "Failed to get token %d for export."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr ""
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2743
-#, fuzzy, c-format
-msgid "Invalid token operation %s."
-msgstr "Besar kunci %d tidak valid.\n"
-
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Perangkat %s bukan perangkat LUKS.\n"
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "Perangkat %s tidak valid.\n"
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Berkas %s yang diminta telah ada.\n"
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr ""
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr ""
-
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Masukan kasa sandi baru untuk slot kunci: "
-
-#: src/cryptsetup.c:3240
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Masukan kasa sandi baru untuk slot kunci: "
-
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "%s: membutuhkan %s sebagai argumen"
-
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
-
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
-
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr ""
-
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
-
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr ""
-
-#: src/cryptsetup.c:3502
-#, fuzzy
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<perangkat> <nama>"
-
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-#, fuzzy
-msgid "open device as <name>"
-msgstr "buka perangkat LUKS sebagai pemetaan <nama>"
-
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<nama>"
-
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr ""
-
-#: src/cryptsetup.c:3504
-msgid "resize active device"
-msgstr "ubah ukuran perangkat aktif"
-
-#: src/cryptsetup.c:3505
-msgid "show device status"
-msgstr "tampilkan status perangkat"
-
-#: src/cryptsetup.c:3506
-msgid "[--cipher <cipher>]"
-msgstr ""
-
-#: src/cryptsetup.c:3506
-msgid "benchmark cipher"
-msgstr ""
-
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
-msgid "<device>"
-msgstr "<perangkat>"
-
-#: src/cryptsetup.c:3507
-msgid "try to repair on-disk metadata"
-msgstr ""
-
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "tambahkan kunci ke perangkat LUKS"
-
-#: src/cryptsetup.c:3509
-#, fuzzy
-msgid "erase all keyslots (remove encryption key)"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/cryptsetup.c:3510
-msgid "convert LUKS from/to LUKS2 format"
-msgstr ""
-
-#: src/cryptsetup.c:3511
-msgid "set permanent configuration options for LUKS2"
-msgstr ""
-
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
-msgid "<device> [<new key file>]"
-msgstr "<perangkat> [<berkas kunci baru>]"
-
-#: src/cryptsetup.c:3512
-msgid "formats a LUKS device"
-msgstr "format sebuah perangkat LUKS"
-
-#: src/cryptsetup.c:3513
-msgid "add key to LUKS device"
-msgstr "tambahkan kunci ke perangkat LUKS"
-
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
-msgid "<device> [<key file>]"
-msgstr "<perangkat> [<berkas kunci>]"
-
-#: src/cryptsetup.c:3514
-msgid "removes supplied key or key file from LUKS device"
-msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS"
-
-#: src/cryptsetup.c:3515
-#, fuzzy
-msgid "changes supplied key or key file of LUKS device"
-msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS"
-
-#: src/cryptsetup.c:3516
-msgid "converts a key to new pbkdf parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3517
-msgid "<device> <key slot>"
-msgstr "<perangkat> <slot kunci>"
-
-#: src/cryptsetup.c:3517
-msgid "wipes key with number <key slot> from LUKS device"
-msgstr "hapus kunci dengan nomor <slot kunci> dari perangkat LUKS"
-
-#: src/cryptsetup.c:3518
-msgid "print UUID of LUKS device"
-msgstr "tampilkan UUID dari perangkat LUKS"
-
-#: src/cryptsetup.c:3519
-msgid "tests <device> for LUKS partition header"
-msgstr "periksa <perangkat> untuk header partisi LUKS"
-
-#: src/cryptsetup.c:3520
-msgid "dump LUKS partition information"
-msgstr "dump informasi partisi LUKS"
-
-#: src/cryptsetup.c:3521
-#, fuzzy
-msgid "dump TCRYPT device information"
-msgstr "dump informasi partisi LUKS"
-
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "dump informasi partisi LUKS"
-
-#: src/cryptsetup.c:3523
-#, fuzzy
-msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
-msgstr "Hentikan perangkat LUKS dan hapus kunci (semua IO dihentikan)."
-
-#: src/cryptsetup.c:3524
-#, fuzzy
-msgid "Resume suspended LUKS device"
-msgstr "Lanjutkan perangkat LUKS yang dihentikan."
-
-#: src/cryptsetup.c:3525
-msgid "Backup LUKS device header and keyslots"
-msgstr "Buat cadangan header perangkat LUKS dan slot kunci"
-
-#: src/cryptsetup.c:3526
-msgid "Restore LUKS device header and keyslots"
-msgstr "Kembalikan header perangkat LUKS dan slot kunci"
-
-#: src/cryptsetup.c:3527
-msgid "<add|remove|import|export> <device>"
-msgstr ""
-
-#: src/cryptsetup.c:3527
-msgid "Manipulate LUKS2 tokens"
-msgstr ""
-
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
-msgid ""
-"\n"
-"<action> is one of:\n"
-msgstr ""
-"\n"
-"<aksi> adalah salah satu dari:\n"
-
-#: src/cryptsetup.c:3551
-msgid ""
-"\n"
-"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-msgstr ""
-
-#: src/cryptsetup.c:3555
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<device> is the encrypted device\n"
-"<key slot> is the LUKS key slot number to modify\n"
-"<key file> optional key file for the new key for luksAddKey action\n"
-msgstr ""
-"\n"
-"<nama> adalah perangkat untuk dibuat dibawah %s\n"
-"<perangkat> adalah perangkat terenkripsi\n"
-"<slot kunci> adalah nomor slot kunci LUKS untuk dimodifikasi\n"
-"<berkas kunci> adalah berkas kunci opsional untuk kunci baru untuk aksi luksAddKey\n"
-
-#: src/cryptsetup.c:3562
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in metadata format is %s (for luksFormat action).\n"
-msgstr ""
-
-#: src/cryptsetup.c:3567
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in key and passphrase parameters:\n"
-"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
-"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
-"Default PBKDF for LUKS2: %s\n"
-"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
-msgstr ""
-
-#: src/cryptsetup.c:3578
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in device cipher parameters:\n"
-"\tloop-AES: %s, Key %d bits\n"
-"\tplain: %s, Key: %d bits, Password hashing: %s\n"
-"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
-msgstr ""
-"\n"
-"Parameter baku yang terkompilasi dalam perangkat penyandi:\n"
-"\tterbuka: %s, Kunci: %d bits, Hash kata sandi : %s\n"
-"\tLUKS1 : %s, Kunci: %d bits, Hash kepala LUKS: %s\n"
-
-#: src/cryptsetup.c:3587
-msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
-#, c-format
-msgid "%s: requires %s as arguments"
-msgstr "%s: membutuhkan %s sebagai argumen"
-
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
-msgid "Show this help message"
-msgstr "Tampilkan pesan bantuan ini"
-
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
-msgid "Display brief usage"
-msgstr "Tampilkan penggunaan singkat"
-
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Tampilkan versi paket"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
-msgid "Help options:"
-msgstr "Pilihan bantuan:"
-
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Tampilkan pesan kesalahan secara lebih detail"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Tampilkan pesan penelusuran"
-
-#: src/cryptsetup.c:3646
-#, fuzzy
-msgid "Show debug messages including JSON metadata"
-msgstr "Tampilkan pesan penelusuran"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Cipher yang digunakan untuk mengenkripsi ke disk (lihat /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Hash yang digunakan untuk membuat kunci enkripsi dari kata sandi"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Verifikasi kata sandi dengan menanyakan itu dua kali"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-#, fuzzy
-msgid "Read the key from a file"
-msgstr "Baca volume (master) kunci dari berkas."
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Baca volume (master) kunci dari berkas."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr ""
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITS"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr ""
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr ""
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr ""
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr ""
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr ""
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Nomor slot untuk kunci baru (baku adalah yang kosong pertama)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Besar dari perangkat"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTOR"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr ""
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Awal ofset dalam perangkat backend"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Berapa banyak sektor dari data terenkripsi yang dilewatkan di awal"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Buat pemetaan baca-saja"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Jangan tanya untuk konfirmasi"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Waktu habis untuk pertanyaan interaktif kata sandi (dalam detik)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "detik"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr ""
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Seberapa sering masukan dari kata sandi dapat dicoba"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Sesuaikan muatan di batas sektor <n> - untuk luksFormat"
-
-#: src/cryptsetup.c:3669
-#, fuzzy
-msgid "File with LUKS header and keyslots backup"
-msgstr "Berkas dengan header LUKS dan cadangan slot kunci."
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr ""
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr ""
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr ""
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-#, fuzzy
-msgid "UUID for device to use"
-msgstr "DM-UUID untuk perangkat %s telah terpotong.\n"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr ""
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr ""
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr ""
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr ""
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr ""
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr ""
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr ""
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr ""
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr ""
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr ""
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr ""
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr ""
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr ""
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr ""
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
-#, fuzzy
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "mdetik"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr ""
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr ""
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr ""
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr ""
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr ""
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr ""
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr ""
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr ""
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr ""
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr ""
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr ""
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr ""
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr ""
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr ""
-
-#: src/cryptsetup.c:3709
-#, fuzzy
-msgid "Set label for the LUKS2 device"
-msgstr "format sebuah perangkat LUKS"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr ""
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr ""
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr ""
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr ""
-
-#: src/cryptsetup.c:3714
-#, fuzzy
-msgid "LUKS2 header keyslots area size"
-msgstr "Berkas dengan header LUKS dan cadangan slot kunci."
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3716
-#, fuzzy
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr ""
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr ""
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr ""
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr ""
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr ""
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr ""
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr ""
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-#, fuzzy
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[PILIHAN...] <aksi> <aksi-spesifik>]"
-
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "Argumen <aksi> hilang."
-
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Aksi tidak diketahui."
-
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr ""
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr ""
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr ""
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr ""
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr ""
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr ""
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr ""
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr ""
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr ""
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr ""
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Kunci harus kelipatan dari 8 bit"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-#, fuzzy
-msgid "Key slot is invalid."
-msgstr "Slot kunci %d tidak valid.\n"
-
-#: src/cryptsetup.c:3958
-msgid "Option --key-file takes precedence over specified key file argument."
-msgstr ""
-
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr ""
-
-#: src/cryptsetup.c:3969
-msgid "Only one --key-file argument is allowed."
-msgstr ""
-
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr ""
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr ""
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr ""
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr ""
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr ""
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr ""
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr ""
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr ""
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr ""
-
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr ""
-
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Operasi ini hanya didukunga untuk perangkat LUKS.\n"
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr ""
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr ""
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr ""
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr ""
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr ""
-
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
-msgstr "Operasi ini tidak didukung untuk perangkat crypt %s.\n"
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr ""
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr ""
-
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr ""
-
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr ""
-
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-#, fuzzy
-msgid "Invalid device size specification."
-msgstr "Perangkat %s tidak valid.\n"
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr ""
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-#, fuzzy
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Kunci harus kelipatan dari 8 bit"
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr ""
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr ""
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Kunci harus kelipatan dari 8 bit"
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr ""
-
-#: src/veritysetup.c:76
-msgid "Invalid salt string specified."
-msgstr ""
-
-#: src/veritysetup.c:107
-#, c-format
-msgid "Cannot create hash image %s for writing."
-msgstr ""
-
-#: src/veritysetup.c:117
-#, c-format
-msgid "Cannot create FEC image %s for writing."
-msgstr ""
-
-#: src/veritysetup.c:191
-msgid "Invalid root hash string specified."
-msgstr ""
-
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "Perangkat %s tidak valid.\n"
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: src/veritysetup.c:406
-#, fuzzy
-msgid "<data_device> <hash_device>"
-msgstr "<nama> <perangkat>"
-
-#: src/veritysetup.c:406 src/integritysetup.c:492
-#, fuzzy
-msgid "format device"
-msgstr "buat perangkat"
-
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr ""
-
-#: src/veritysetup.c:407
-#, fuzzy
-msgid "verify device"
-msgstr "hapus perangkat"
-
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr ""
-
-#: src/veritysetup.c:410 src/integritysetup.c:495
-#, fuzzy
-msgid "show active device status"
-msgstr "tampilkan status perangkat"
-
-#: src/veritysetup.c:411
-#, fuzzy
-msgid "<hash_device>"
-msgstr "<perangkat>"
-
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
-msgstr ""
-
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
-msgstr ""
-
-#: src/veritysetup.c:437
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
-msgstr ""
-
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr ""
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr ""
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr ""
-
-#: src/veritysetup.c:483
-#, fuzzy
-msgid "Block size on the data device"
-msgstr "Besar dari perangkat"
-
-#: src/veritysetup.c:484
-#, fuzzy
-msgid "Block size on the hash device"
-msgstr "Besar dari perangkat"
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr ""
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr ""
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr ""
-
-#: src/veritysetup.c:488
-#, fuzzy
-msgid "Starting offset on the hash device"
-msgstr "Awal ofset dalam perangkat backend"
-
-#: src/veritysetup.c:489
-#, fuzzy
-msgid "Starting offset on the FEC device"
-msgstr "Awal ofset dalam perangkat backend"
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr ""
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr ""
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr ""
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr ""
-
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr ""
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr ""
-
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr ""
-
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr ""
-
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr ""
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr ""
-
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr ""
-
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr ""
-
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr ""
-
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr ""
-
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Besar kunci %d tidak valid.\n"
-
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, fuzzy, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, fuzzy, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Tidak dapat membaca %d bytes dari berkas kunci %s.\n"
-
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr ""
-
-#: src/integritysetup.c:492 src/integritysetup.c:496
-#, fuzzy
-msgid "<integrity_device>"
-msgstr "<perangkat>"
-
-#: src/integritysetup.c:493
-#, fuzzy
-msgid "<integrity_device> <name>"
-msgstr "<perangkat> <nama>"
-
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr ""
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr ""
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr ""
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr ""
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr ""
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr ""
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr ""
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr ""
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:579
-#, fuzzy
-msgid "The size of the data integrity key"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/integritysetup.c:580
-#, fuzzy
-msgid "Read the integrity key from a file"
-msgstr "Baca volume (master) kunci dari berkas."
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:583
-#, fuzzy
-msgid "The size of the journal integrity key"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/integritysetup.c:584
-#, fuzzy
-msgid "Read the journal integrity key from a file"
-msgstr "Baca volume (master) kunci dari berkas."
-
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr ""
-
-#: src/integritysetup.c:587
-#, fuzzy
-msgid "The size of the journal encryption key"
-msgstr "Besar dari kunci enkripsi"
-
-#: src/integritysetup.c:588
-#, fuzzy
-msgid "Read the journal encryption key from a file"
-msgstr "Baca volume (master) kunci dari berkas."
-
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr ""
-
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr ""
-
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr ""
-
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr ""
-
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr ""
-
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr ""
-
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr ""
-
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr ""
-
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr ""
-
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr ""
-
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr ""
-
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr ""
-
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
-
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:226
-#, fuzzy, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Tidak dapat membuka perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:247
-#, fuzzy, c-format
-msgid "Cannot read device %s."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:279
-#, fuzzy, c-format
-msgid "Cannot write device %s."
-msgstr "Tidak dapat menghapus perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:327
-#, fuzzy
-msgid "Cannot write reencryption log file."
-msgstr "Tidak dapat menulis berkas cadangan header %s.\n"
-
-#: src/cryptsetup_reencrypt.c:383
-#, fuzzy
-msgid "Cannot read reencryption log file."
-msgstr "Tidak dapat membaca berkas cadangan header %s.\n"
-
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:577
-#, fuzzy
-msgid "Failed to set data offset."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
-
-#: src/cryptsetup_reencrypt.c:591
-#, fuzzy, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:677
-#, fuzzy
-msgid "Failed to write activation flags to new header."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-#, fuzzy
-msgid "Failed to read requirements from backup header."
-msgstr "Gagal untuk membaca dari penyimpanan kunci.\n"
-
-#: src/cryptsetup_reencrypt.c:723
-#, fuzzy, c-format
-msgid "%s header backup of device %s created."
-msgstr "Pilihan --header-backup-file dibutuhkan.\n"
-
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:919
-#, fuzzy, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:921
-#, fuzzy, c-format
-msgid "%s header on device %s restored."
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-#, fuzzy
-msgid "Cannot open temporary LUKS device."
-msgstr "Gagal untuk membuka perangkat penyimpan kunci sementara.\n"
-
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-#, fuzzy
-msgid "Cannot get device size."
-msgstr "Tidak dapat membaca perangkat %s.\n"
-
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1441
-#, fuzzy
-msgid "Cannot open reencryption log file."
-msgstr "Tidak dapat membuka berkas cadangan header %s.\n"
-
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr ""
+msgid "Cannot wipe device %s.\n"
+msgstr "Tidak dapat menghapus perangkat %s.\n"
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr ""
+#: src/cryptsetup.c:71 src/cryptsetup.c:89
+msgid "<name> <device>"
+msgstr "<nama> <perangkat>"
-#: src/cryptsetup_reencrypt.c:1642
-#, fuzzy
-msgid "Read new volume (master) key from file"
-msgstr "Baca volume (master) kunci dari berkas."
+#: src/cryptsetup.c:71
+msgid "create device"
+msgstr "buat perangkat"
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)"
+#: src/cryptsetup.c:72 src/cryptsetup.c:73 src/cryptsetup.c:74
+#: src/cryptsetup.c:82
+msgid "<name>"
+msgstr "<nama>"
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr ""
+#: src/cryptsetup.c:72
+msgid "remove device"
+msgstr "hapus perangkat"
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr ""
+#: src/cryptsetup.c:73
+msgid "resize active device"
+msgstr "ubah ukuran perangkat aktif"
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr ""
+#: src/cryptsetup.c:74
+msgid "show device status"
+msgstr "tampilkan status perangkat"
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr ""
+#: src/cryptsetup.c:75 src/cryptsetup.c:77
+msgid "<device> [<new key file>]"
+msgstr "<perangkat> [<berkas kunci baru>]"
-#: src/cryptsetup_reencrypt.c:1657
-#, fuzzy
-msgid "Create new header on not encrypted device"
-msgstr "Tidak dapat menghapus kepala di perangkat %s.\n"
+#: src/cryptsetup.c:75
+msgid "formats a LUKS device"
+msgstr "format sebuah perangkat LUKS"
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr ""
+#: src/cryptsetup.c:76
+msgid "<device> <name> "
+msgstr "<perangkat> <nama>"
-#: src/cryptsetup_reencrypt.c:1659
-#, fuzzy
-msgid "The UUID used to resume decryption"
-msgstr "Besar dari kunci enkripsi"
+#: src/cryptsetup.c:76
+msgid "open LUKS device as mapping <name>"
+msgstr "buka perangkat LUKS sebagai pemetaan <nama>"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr ""
+#: src/cryptsetup.c:77
+msgid "add key to LUKS device"
+msgstr "tambahkan kunci ke perangkat LUKS"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr ""
+#: src/cryptsetup.c:78
+msgid "<device> [<key file>]"
+msgstr "<perangkat> [<berkas kunci>]"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr ""
+#: src/cryptsetup.c:78
+msgid "removes supplied key or key file from LUKS device"
+msgstr "hapus kunci yang diberikan atau berkas kunci dari perangkat LUKS"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr ""
+#: src/cryptsetup.c:79 src/cryptsetup.c:88
+msgid "<device> <key slot>"
+msgstr "<perangkat> <slot kunci>"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr ""
+#: src/cryptsetup.c:79
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr "hapus kunci dengan nomor <slot kunci> dari perangkat LUKS"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ""
+#: src/cryptsetup.c:80 src/cryptsetup.c:81 src/cryptsetup.c:83
+#: src/cryptsetup.c:84 src/cryptsetup.c:85 src/cryptsetup.c:86
+#: src/cryptsetup.c:87
+msgid "<device>"
+msgstr "<perangkat>"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr ""
+#: src/cryptsetup.c:80
+msgid "print UUID of LUKS device"
+msgstr "tampilkan UUID dari perangkat LUKS"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr ""
+#: src/cryptsetup.c:81
+msgid "tests <device> for LUKS partition header"
+msgstr "periksa <perangkat> untuk header partisi LUKS"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr ""
+#: src/cryptsetup.c:82
+msgid "remove LUKS mapping"
+msgstr "hapus pemetaan LUKS"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr ""
+#: src/cryptsetup.c:83
+msgid "dump LUKS partition information"
+msgstr "dump informasi partisi LUKS"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr ""
+#: src/cryptsetup.c:84
+msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
+msgstr "Hentikan perangkat LUKS dan hapus kunci (semua IO dihentikan)."
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr ""
+#: src/cryptsetup.c:85
+msgid "Resume suspended LUKS device."
+msgstr "Lanjutkan perangkat LUKS yang dihentikan."
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr ""
+#: src/cryptsetup.c:86
+msgid "Backup LUKS device header and keyslots"
+msgstr "Buat cadangan header perangkat LUKS dan slot kunci"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr ""
+#: src/cryptsetup.c:87
+msgid "Restore LUKS device header and keyslots"
+msgstr "Kembalikan header perangkat LUKS dan slot kunci"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr ""
+#: src/cryptsetup.c:88
+msgid "identical to luksKillSlot - DEPRECATED - see man page"
+msgstr "identik ke luksKillSlot - DITINGGALKAN - lihat halaman petunjuk penggunaan"
-#: src/utils_tools.c:151
-#, fuzzy
-msgid "Error reading response from terminal."
-msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n"
+#: src/cryptsetup.c:89
+msgid "modify active device - DEPRECATED - see man page"
+msgstr "modifikasi perangkat aktif - DITINGGALKAN - lihat halaman petunjuk penggunaan"
-#: src/utils_tools.c:186
+#: src/cryptsetup.c:180
msgid "Command successful.\n"
msgstr "Perintah berhasil.\n"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr ""
-
-#: src/utils_tools.c:196
-#, fuzzy
-msgid "no permission or bad passphrase"
-msgstr "Masukan kata sandi: "
-
-#: src/utils_tools.c:198
-#, fuzzy
-msgid "out of memory"
-msgstr "Tidak dapat membuka kunci memori."
-
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr ""
-
-#: src/utils_tools.c:202
-#, fuzzy
-msgid "device already exists or device is busy"
-msgstr "Perangkat %s telah ada.\n"
-
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr ""
-
-#: src/utils_tools.c:206
-#, fuzzy, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Perintah gagal dengan kode %i"
-
-#: src/utils_tools.c:284
-#, fuzzy, c-format
-msgid "Key slot %i created."
-msgstr "Slot kunci %d telah terverifikasi.\n"
-
-#: src/utils_tools.c:286
-#, fuzzy, c-format
-msgid "Key slot %i unlocked."
-msgstr "Slot kunci %d tidak terkunci.\n"
-
-#: src/utils_tools.c:288
-#, fuzzy, c-format
-msgid "Key slot %i removed."
-msgstr "Slot kunci %d telah terverifikasi.\n"
-
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr ""
-
-#: src/utils_tools.c:299
+#: src/cryptsetup.c:194
#, c-format
-msgid "Token %i removed."
-msgstr ""
+msgid "Command failed with code %i"
+msgstr "Perintah gagal dengan kode %i"
-#: src/utils_tools.c:465
+#: src/cryptsetup.c:222
msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+"The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
+"WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
msgstr ""
+"Aksi muat kembali telah ditinggalkan. Mohon gunakan \"dmsetup reload\" dalam kasus anda benar benar membutuhkan fungsi ini.\n"
+"PERINGATAN: jangan gunakan muat-kembali untuk menyentuk perangkat LUKS. Jika itu masalahnya, tekan Ctrl-C sekarang.\n"
-#: src/utils_tools.c:484
+#: src/cryptsetup.c:390
#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:505 src/utils_tools.c:569
-#, fuzzy
-msgid "Failed to initialize device signature probes."
-msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
+msgid "This will overwrite data on %s irrevocably."
+msgstr "Ini akan memaksa menulis data di %s secara permanen."
-#: src/utils_tools.c:549
-#, fuzzy, c-format
-msgid "Failed to stat device %s."
-msgstr "Gagal memperoleh data statistik berkas kunci %s.\n"
+#: src/cryptsetup.c:391
+msgid "memory allocation error in action_luksFormat"
+msgstr "alokasi memori error dalam action_luksFormat"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr ""
+#: src/cryptsetup.c:421
+msgid "Obsolete option --non-exclusive is ignored.\n"
+msgstr "Pilihan sudah ditinggalkan --no-exclusive diabaikan.\n"
-#: src/utils_tools.c:564
-#, fuzzy, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: src/cryptsetup.c:581 src/cryptsetup.c:603
+msgid "Option --header-backup-file is required.\n"
+msgstr "Pilihan --header-backup-file dibutuhkan.\n"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
+#: src/cryptsetup.c:637
+msgid ""
+"\n"
+"<action> is one of:\n"
msgstr ""
+"\n"
+"<aksi> adalah salah satu dari:\n"
-#: src/utils_tools.c:581
+#: src/cryptsetup.c:643
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
-#, fuzzy
-msgid "Failed to wipe device signature."
-msgstr "Gagal untuk menulis di penyimpanan kunci.\n"
-
-#: src/utils_tools.c:591
-#, fuzzy, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Gagal untuk memperoleh direktori pemeta-perangkat."
-
-#: src/utils_tools.c:622
msgid ""
"\n"
-"Reencryption interrupted."
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
+"\n"
+"<nama> adalah perangkat untuk dibuat dibawah %s\n"
+"<perangkat> adalah perangkat terenkripsi\n"
+"<slot kunci> adalah nomor slot kunci LUKS untuk dimodifikasi\n"
+"<berkas kunci> adalah berkas kunci opsional untuk kunci baru untuk aksi luksAddKey\n"
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/cryptsetup.c:650
#, c-format
-msgid "Cannot check password quality: %s"
-msgstr ""
-
-#: src/utils_password.c:51
-#, fuzzy, c-format
msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr "setpriority %u gagal: %s"
-
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr ""
-
-#: src/utils_password.c:228 src/utils_password.c:242
-#, fuzzy
-msgid "Error reading passphrase from terminal."
-msgstr "Kesalahan dalam pembacaan kata sandi dari terminal.\n"
-
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Memverifikasi kata sandi: "
-
-#: src/utils_password.c:247
-#, fuzzy
-msgid "Passphrases do not match."
-msgstr "Kata sandi tidak cocok.\n"
-
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
+"\n"
+"Default compiled-in device cipher parameters:\n"
+"\tplain: %s, Key: %d bits, Password hashing: %s\n"
+"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"
msgstr ""
+"\n"
+"Parameter baku yang terkompilasi dalam perangkat penyandi:\n"
+"\tterbuka: %s, Kunci: %d bits, Hash kata sandi : %s\n"
+"\tLUKS1 : %s, Kunci: %d bits, Hash kepala LUKS: %s\n"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Masukan kata sandi: "
-
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Masukan kata sandi untuk %s: "
+#: src/cryptsetup.c:697
+msgid "Show this help message"
+msgstr "Tampilkan pesan bantuan ini"
-#: src/utils_password.c:321
-#, fuzzy
-msgid "No key available with this passphrase."
-msgstr "Tidak ada kunci tersedia dengan kata sandi ini.\n"
+#: src/cryptsetup.c:698
+msgid "Display brief usage"
+msgstr "Tampilkan penggunaan singkat"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
+#: src/cryptsetup.c:702
+msgid "Help options:"
+msgstr "Pilihan bantuan:"
-#: src/utils_password.c:365
-#, fuzzy, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Tidak dapat membuka berkas %s.\n"
+#: src/cryptsetup.c:703
+msgid "Shows more detailed error messages"
+msgstr "Tampilkan pesan kesalahan secara lebih detail"
-#: src/utils_password.c:372
-#, fuzzy, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Tidak dapat menulis berkas cadangan header %s.\n"
+#: src/cryptsetup.c:704
+msgid "Show debug messages"
+msgstr "Tampilkan pesan penelusuran"
-#: src/utils_luks2.c:47
-#, fuzzy, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: src/cryptsetup.c:705
+msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+msgstr "Cipher yang digunakan untuk mengenkripsi ke disk (lihat /proc/crypto)"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr ""
+#: src/cryptsetup.c:706
+msgid "The hash used to create the encryption key from the passphrase"
+msgstr "Hash yang digunakan untuk membuat kunci enkripsi dari kata sandi"
-#: src/utils_luks2.c:67
-#, fuzzy
-msgid "Failed to read JSON file."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: src/cryptsetup.c:707
+msgid "Verifies the passphrase by asking for it twice"
+msgstr "Verifikasi kata sandi dengan menanyakan itu dua kali"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
+#: src/cryptsetup.c:708
+msgid "Read the key from a file (can be /dev/random)"
+msgstr "Baca kunci dari sebuah berkas (dapat berupa /dev/random)"
-#: src/utils_luks2.c:113
-#, fuzzy, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: src/cryptsetup.c:709
+msgid "Read the volume (master) key from file."
+msgstr "Baca volume (master) kunci dari berkas."
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
+#: src/cryptsetup.c:710
+msgid "The size of the encryption key"
+msgstr "Besar dari kunci enkripsi"
-#: src/utils_luks2.c:126
-#, fuzzy
-msgid "Failed to write JSON file."
-msgstr "Gagal membuka berkas kunci %s.\n"
+#: src/cryptsetup.c:710
+msgid "BITS"
+msgstr "BITS"
-#, c-format
-#~ msgid "Key %d not active. Can't wipe.\n"
-#~ msgstr "Kunci %d tidak aktif. Tidak dapat menghapus.\n"
+#: src/cryptsetup.c:711
+msgid "Slot number for new key (default is first free)"
+msgstr "Nomor slot untuk kunci baru (baku adalah yang kosong pertama)"
-#~ msgid "Enter LUKS passphrase: "
-#~ msgstr "Masukan kata sandi LUKS: "
+#: src/cryptsetup.c:712
+msgid "The size of the device"
+msgstr "Besar dari perangkat"
-#, c-format
-#~ msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
-#~ msgstr "Peringatan: pembacaan yang melelahkan diminta, tetapi berkas kunci %s bukan sebuah berkas biasa, fungsi mungkin tidak pernah kembali.\n"
+#: src/cryptsetup.c:712 src/cryptsetup.c:713 src/cryptsetup.c:714
+#: src/cryptsetup.c:722
+msgid "SECTORS"
+msgstr "SEKTOR"
-#~ msgid "exclusive "
-#~ msgstr "ekslusif "
+#: src/cryptsetup.c:713
+msgid "The start offset in the backend device"
+msgstr "Awal ofset dalam perangkat backend"
-#~ msgid "writable"
-#~ msgstr "dapat-ditulis"
+#: src/cryptsetup.c:714
+msgid "How many sectors of the encrypted data to skip at the beginning"
+msgstr "Berapa banyak sektor dari data terenkripsi yang dilewatkan di awal"
-#~ msgid "read-only"
-#~ msgstr "baca-saja"
+#: src/cryptsetup.c:715
+msgid "Create a readonly mapping"
+msgstr "Buat pemetaan baca-saja"
-#, c-format
-#~ msgid "Cannot open device: %s\n"
-#~ msgstr "Tidak dapat membuka perangkat: %s\n"
+#: src/cryptsetup.c:716
+msgid "PBKDF2 iteration time for LUKS (in ms)"
+msgstr "waktu iterasi PBKDF2 untuk LUKS (dalam mdet)"
-#, c-format
-#~ msgid "BLKROGET failed on device %s.\n"
-#~ msgstr "BLKROGET gagal di perangkat %s.\n"
+#: src/cryptsetup.c:717
+msgid "msecs"
+msgstr "mdetik"
-#, c-format
-#~ msgid "BLKGETSIZE failed on device %s.\n"
-#~ msgstr "BLKGETSIZE gagal di perangkat %s.\n"
+#: src/cryptsetup.c:718
+msgid "Do not ask for confirmation"
+msgstr "Jangan tanya untuk konfirmasi"
-#~ msgid "WARNING!!! Possibly insecure memory. Are you root?\n"
-#~ msgstr "PERINGATAN!!! Kemungkinan menggunakan memori tidak aman. Apakah anda root?\n"
+#: src/cryptsetup.c:719
+msgid "Print package version"
+msgstr "Tampilkan versi paket"
-#, c-format
-#~ msgid "Unable to obtain sector size for %s"
-#~ msgstr "Tidak dapat mendapatkan ukuran sektor untuk %s"
+#: src/cryptsetup.c:720
+msgid "Timeout for interactive passphrase prompt (in seconds)"
+msgstr "Waktu habis untuk pertanyaan interaktif kata sandi (dalam detik)"
-#, c-format
-#~ msgid "Backup file %s doesn't exist.\n"
-#~ msgstr "Berkas cadangan %s tidak ada.\n"
+#: src/cryptsetup.c:720
+msgid "secs"
+msgstr "detik"
-#, c-format
-#~ msgid "%s is not LUKS device.\n"
-#~ msgstr "%s bukan perangkat LUKS.\n"
+#: src/cryptsetup.c:721
+msgid "How often the input of the passphrase can be retried"
+msgstr "Seberapa sering masukan dari kata sandi dapat dicoba"
-#~ msgid "remove LUKS mapping"
-#~ msgstr "hapus pemetaan LUKS"
+#: src/cryptsetup.c:722
+msgid "Align payload at <n> sector boundaries - for luksFormat"
+msgstr "Sesuaikan muatan di batas sektor <n> - untuk luksFormat"
-#~ msgid "identical to luksKillSlot - DEPRECATED - see man page"
-#~ msgstr "identik ke luksKillSlot - DITINGGALKAN - lihat halaman petunjuk penggunaan"
+#: src/cryptsetup.c:723
+msgid "(Obsoleted, see man page.)"
+msgstr "(Ditinggalkan, lihat halaman petunjuk penggunaan.)"
-#~ msgid "modify active device - DEPRECATED - see man page"
-#~ msgstr "modifikasi perangkat aktif - DITINGGALKAN - lihat halaman petunjuk penggunaan"
+#: src/cryptsetup.c:724
+msgid "File with LUKS header and keyslots backup."
+msgstr "Berkas dengan header LUKS dan cadangan slot kunci."
-#~ msgid ""
-#~ "The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\n"
-#~ "WARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"
-#~ msgstr ""
-#~ "Aksi muat kembali telah ditinggalkan. Mohon gunakan \"dmsetup reload\" dalam kasus anda benar benar membutuhkan fungsi ini.\n"
-#~ "PERINGATAN: jangan gunakan muat-kembali untuk menyentuk perangkat LUKS. Jika itu masalahnya, tekan Ctrl-C sekarang.\n"
+#: src/cryptsetup.c:742
+msgid "[OPTION...] <action> <action-specific>]"
+msgstr "[PILIHAN...] <aksi> <aksi-spesifik>]"
-#~ msgid "memory allocation error in action_luksFormat"
-#~ msgstr "alokasi memori error dalam action_luksFormat"
+#: src/cryptsetup.c:778
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Kunci harus kelipatan dari 8 bit"
-#~ msgid "Obsolete option --non-exclusive is ignored.\n"
-#~ msgstr "Pilihan sudah ditinggalkan --no-exclusive diabaikan.\n"
+#: src/cryptsetup.c:782
+msgid "Argument <action> missing."
+msgstr "Argumen <aksi> hilang."
-#~ msgid "Read the key from a file (can be /dev/random)"
-#~ msgstr "Baca kunci dari sebuah berkas (dapat berupa /dev/random)"
+#: src/cryptsetup.c:788
+msgid "Unknown action."
+msgstr "Aksi tidak diketahui."
-#~ msgid "(Obsoleted, see man page.)"
-#~ msgstr "(Ditinggalkan, lihat halaman petunjuk penggunaan.)"
+#: src/cryptsetup.c:803
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr "%s: membutuhkan %s sebagai argumen"
+++ /dev/null
-# Sed script that inserts the file called HEADER before the header entry.
-#
-# At each occurrence of a line starting with "msgid ", we execute the following
-# commands. At the first occurrence, insert the file. At the following
-# occurrences, do nothing. The distinction between the first and the following
-# occurrences is achieved by looking at the hold space.
-/^msgid /{
-x
-# Test if the hold space is empty.
-s/m/m/
-ta
-# Yes it was empty. First occurrence. Read the file.
-r HEADER
-# Output the file's contents by reading the next line. But don't lose the
-# current line while doing this.
-g
-N
-bb
-:a
-# The hold space was nonempty. Following occurrences. Do nothing.
-x
-:b
-}
msgstr ""
"Project-Id-Version: cryptsetup-2.1.0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2019-01-26 19:02+0100\n"
"PO-Revision-Date: 2019-01-28 09:18+0100\n"
"Last-Translator: Milo Casagrande <milo@milo.name>\n"
"Language-Team: Italian <tp@lists.linux.it>\n"
"Plural-Forms: nplurals=2; plural=(n!=1);\n"
"X-Generator: Poedit 2.2.1\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:336
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Impossibile inizializzare device-mapper: in esecuzione come utente non-root."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:339
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Impossibile inizializzare device-mapper. Forse il modulo kernel dm_mod non è caricato."
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1010
msgid "Requested deferred flag is not supported."
msgstr "Il flag posticipato richiesto non è supportato."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1077
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "Il DM-UUID per il dispositivo %s è stato troncato."
-#: lib/libdevmapper.c:1580
-#, fuzzy
-msgid "Unknown dm target type."
-msgstr "Tipo PBKDF %s non riconosciuto."
-
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1486
msgid "Requested dm-crypt performance options are not supported."
msgstr "Le opzioni di prestazioni richieste per dm-crypt non sono supportate."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1493
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Le opzioni di gestione dei dati rovinati richieste per dm-verity non sono supportate."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1497
msgid "Requested dm-verity FEC options are not supported."
msgstr "Le opzioni FEC dm-verity richieste non sono supportate."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1501
msgid "Requested data integrity options are not supported."
msgstr "Le opzioni di integrità dei dati richieste non sono supportate."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1503
msgid "Requested sector_size option is not supported."
msgstr "L'opzione sector_size richiesta non è supportata."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1508
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Il ricalcolo automatico dei tag d'integrità non è supportato."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1534
+msgid "Requested dmcrypt performance options are not supported."
+msgstr "Le opzioni di prestazioni richieste per dmcrypt non sono supportate."
+
+#: lib/libdevmapper.c:1537
msgid "Discard/TRIM is not supported."
msgstr "Discard/TRIM non è supportato."
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
-msgstr "Le opzioni di integrità dei dati richieste non sono supportate."
-
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2413
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Interrogazione del segmento dm-%s non riuscita."
-#: lib/random.c:75
+#: lib/random.c:80
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Il sistema non ha un'entropia sufficiente mentre viene generata la chiave di volume.\n"
"Muovere il mouse o digitare del testo in un'altra finestra per accumulare più eventi casuali.\n"
-#: lib/random.c:79
+#: lib/random.c:84
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Generazione chiave (%d%% completato).\n"
-#: lib/random.c:165
+#: lib/random.c:170
msgid "Running in FIPS mode."
msgstr "Esecuzione in modalità FIPS."
-#: lib/random.c:171
+#: lib/random.c:176
msgid "Fatal error during RNG initialisation."
msgstr "Errore fatale durante l'inizializzazione dell'RNG."
-#: lib/random.c:208
+#: lib/random.c:213
msgid "Unknown RNG quality requested."
msgstr "Qualità richiesta per l'RNG sconosciuta."
-#: lib/random.c:213
+#: lib/random.c:218
msgid "Error reading from RNG."
msgstr "Errore nel leggere dall'RNG."
-#: lib/setup.c:229
+#: lib/setup.c:214
msgid "Cannot initialize crypto RNG backend."
msgstr "Impossibile inizializzare il backend crypto RNG."
-#: lib/setup.c:235
+#: lib/setup.c:220
msgid "Cannot initialize crypto backend."
msgstr "Impossibile inizializzare il backend crypto."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:251 lib/setup.c:1899 lib/verity/verity.c:123
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Algoritmo di hash %s non supportato."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:254 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Errore nell'elaborazione della chiave (usando l'hash %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:315 lib/setup.c:342
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Impossibile determinare il tipo di dispositivo. Attivazione incompatibile del dispositivo?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:321 lib/setup.c:2892
msgid "This operation is supported only for LUKS device."
msgstr "Questa operazione è supportata solo per il dispositivo LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:348
msgid "This operation is supported only for LUKS2 device."
msgstr "Questa operazione è supportata solo per il dispositivo LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:396
msgid "All key slots full."
msgstr "Tutti gli slot di chiave sono pieni."
-#: lib/setup.c:434
+#: lib/setup.c:407
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d."
-#: lib/setup.c:440
+#: lib/setup.c:413
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Lo slot di chiave %d è pieno, selezionarne un altro."
-#: lib/setup.c:525 lib/setup.c:2832
-#, fuzzy
-msgid "Device size is not aligned to device logical block size."
-msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta."
-
-#: lib/setup.c:624
+#: lib/setup.c:589
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Rilevato un header, ma il dispositivo %s è troppo piccolo."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:626
msgid "This operation is not supported for this device type."
msgstr "Questa operazione non è supportata per questo tipo di dispositivo."
-#: lib/setup.c:666
-#, fuzzy
-msgid "Illegal operation with reencryption in-progress."
-msgstr "Re-cifratura offline in corso. Terminato."
-
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:791 lib/luks1/keymanage.c:481
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Versione %d di LUKS non supportata."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:808 lib/setup.c:1403 lib/setup.c:1812
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr "Il dispositivo di metadati scollegato non è supportato per questo tipo di cifratura."
+
+#: lib/setup.c:1288 lib/setup.c:2392 lib/setup.c:2464 lib/setup.c:2476
+#: lib/setup.c:2625 lib/setup.c:4021
#, c-format
msgid "Device %s is not active."
msgstr "Il dispositivo %s non è attivo."
-#: lib/setup.c:1444
+#: lib/setup.c:1310
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Device sottostante a quello cifrato %s scomparso."
-#: lib/setup.c:1524
+#: lib/setup.c:1388
msgid "Invalid plain crypt parameters."
msgstr "Parametri di cifratura in chiaro non validi."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1393 lib/setup.c:1802 src/integritysetup.c:72
msgid "Invalid key size."
msgstr "Dimensione della chiave non valida."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1398 lib/setup.c:1807 lib/setup.c:2009
msgid "UUID is not supported for this crypt type."
msgstr "UUID non è supportato per questo tipo di cifratura."
-#: lib/setup.c:1539 lib/setup.c:1959
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "Il dispositivo di metadati scollegato non è supportato per questo tipo di cifratura."
-
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1413 lib/setup.c:1603 src/cryptsetup.c:1045
msgid "Unsupported encryption sector size."
msgstr "Dimensione settore di cifratura non supportato."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1421 lib/setup.c:1720
msgid "Device size is not aligned to requested sector size."
msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1472 lib/setup.c:1591
msgid "Can't format LUKS without device."
msgstr "Impossibile formattare LUKS senza dispositivo."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1478 lib/setup.c:1597
msgid "Requested data alignment is not compatible with data offset."
msgstr "L'allineamento dei dati richiesti non è compatibile con l'offset dei dati."
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1546 lib/setup.c:1715
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr "Attenzione: l'offset dei dati è al di fuori del dispositivo dati attualmente disponibile.\n"
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1556 lib/setup.c:1735 lib/setup.c:1754 lib/setup.c:2021
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Impossibile ripulire l'header sul dispositivo %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1608
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "Attenzione: l'attivazione del dispositivo non riuscirà, dm-crypt manca il supporto per la dimensione del settore di crittografia richiesta.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1630
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "La chiave di volume è troppo piccola per la cifratura con estensioni di integrità."
-#: lib/setup.c:1821
+#: lib/setup.c:1685
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Il cifrario %s-%s (dimensione chiave di %zd byte) non è disponibile."
-#: lib/setup.c:1854
-#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1858
-#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1747
#, c-format
-msgid "Device %s is too small."
-msgstr "Il dispositivo %s è troppo piccolo."
-
-#: lib/setup.c:1893 lib/setup.c:1919
-#, c-format
-msgid "Cannot format device %s in use."
+msgid "Cannot format device %s which is still in use."
msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1750 lib/setup.c:1775
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Impossibile formattare il dispositivo %s, permessi non concessi."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1762 lib/setup.c:2073
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Impossibile formattare l'integrità per il dispositivo %s."
-#: lib/setup.c:1926
+#: lib/setup.c:1772
+#, c-format
+msgid "Cannot format device %s in use."
+msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso."
+
+#: lib/setup.c:1779
#, c-format
msgid "Cannot format device %s."
msgstr "Impossibile formattare il dispositivo %s."
-#: lib/setup.c:1944
+#: lib/setup.c:1797
msgid "Can't format LOOPAES without device."
msgstr "Impossibile formattare LOOPAES senza dispositivo."
-#: lib/setup.c:1989
+#: lib/setup.c:1842
msgid "Can't format VERITY without device."
msgstr "Impossibile formattare VERITY senza dispositivo."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:1853 lib/verity/verity.c:106
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Tipo di hash %d VERITY non supportato."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:1859 lib/verity/verity.c:114
msgid "Unsupported VERITY block size."
msgstr "Dimensione blocco VERITY non supportata."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:1864 lib/verity/verity.c:75
msgid "Unsupported VERITY hash offset."
msgstr "Offset hash VERITY non supportato."
-#: lib/setup.c:2016
+#: lib/setup.c:1869
msgid "Unsupported VERITY FEC offset."
msgstr "Offset FEC VERITY non supportato."
-#: lib/setup.c:2040
+#: lib/setup.c:1893
msgid "Data area overlaps with hash area."
msgstr "L'area dati si sovrappone a quella di hash."
-#: lib/setup.c:2065
+#: lib/setup.c:1918
msgid "Hash area overlaps with FEC area."
msgstr "L'area di hash si sovrappone a quella FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:1925
msgid "Data area overlaps with FEC area."
msgstr "L'area dati si sovrappone a quella FEC."
-#: lib/setup.c:2208
-#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
-
-#: lib/setup.c:2286
+#: lib/setup.c:2130
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Richiesto dispositivo cifrato di tipo %s sconosciuto."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2398 lib/setup.c:2470 lib/setup.c:2483
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Parametri non supportati sul dispositivo %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2404 lib/setup.c:2489
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Parametri non corrispondenti sul dispositivo %s."
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
-
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/setup.c:2735
-#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
-
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/setup.c:2817
+#: lib/setup.c:2657
msgid "Cannot resize loop device."
msgstr "Impossibile ridimensionare un dispositivo di loopback."
-#: lib/setup.c:2890
+#: lib/setup.c:2666
+#, c-format
+msgid "Device %s size is not aligned to requested sector size (%u bytes)."
+msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)."
+
+#: lib/setup.c:2725
msgid "Do you really want to change UUID of device?"
msgstr "Cambiare veramente l'UUID del dispositivo?"
-#: lib/setup.c:2966
+#: lib/setup.c:2801
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Il file di backup dell'header non contiene un header LUKS compatibile."
-#: lib/setup.c:3066
+#: lib/setup.c:2900
#, c-format
msgid "Volume %s is not active."
msgstr "Il volume %s non è attivo."
-#: lib/setup.c:3077
+#: lib/setup.c:2911
#, c-format
msgid "Volume %s is already suspended."
msgstr "Il volume %s è già sospeso."
-#: lib/setup.c:3090
+#: lib/setup.c:2925
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "La sospensione non è supportata per il dispositivo %s."
-#: lib/setup.c:3092
+#: lib/setup.c:2927
#, c-format
msgid "Error during suspending device %s."
msgstr "Errore durante la sospensione del dispositivo %s."
-#: lib/setup.c:3128
+#: lib/setup.c:2960 lib/setup.c:3027
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "Il volume %s non è sospeso."
+
+#: lib/setup.c:2989
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Il ripristino non è supportato per il dispositivo %s."
-#: lib/setup.c:3130
+#: lib/setup.c:2991 lib/setup.c:3059
#, c-format
msgid "Error during resuming device %s."
msgstr "Errore durante il ripristino del dispositivo %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, c-format
-msgid "Volume %s is not suspended."
-msgstr "Il volume %s non è sospeso."
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-msgid "Volume key does not match the volume."
-msgstr "La chiave di volume non corrisponde al volume."
-
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3127 lib/setup.c:3315
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Impossibile aggiungere uno slot di chiave, tutti gli slot sono disabilitati e nessuna chiave di volume è stata fornita."
-#: lib/setup.c:3487
+#: lib/setup.c:3267
msgid "Failed to swap new key slot."
msgstr "Sostituzione del nuovo slot di chiave non riuscita."
-#: lib/setup.c:3673
+#: lib/setup.c:3432 lib/setup.c:3865 lib/setup.c:3878 lib/setup.c:3886
+#: lib/setup.c:3899 lib/setup.c:4198 lib/setup.c:5274
+msgid "Volume key does not match the volume."
+msgstr "La chiave di volume non corrisponde al volume."
+
+#: lib/setup.c:3453
#, c-format
msgid "Key slot %d is invalid."
msgstr "Lo slot di chiave %d non è valido."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3459
#, c-format
-msgid "Keyslot %d is not active."
-msgstr "Lo slot di chiave %d non è attivo."
+msgid "Key slot %d is not used."
+msgstr "Lo slot di chiave %d non è utilizzato."
-#: lib/setup.c:3698
+#: lib/setup.c:3478
msgid "Device header overlaps with data area."
msgstr "L'header del dispositivo si sovrappone all'area dati."
-#: lib/setup.c:3992
-#, fuzzy
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr "Re-cifratura in corso."
-
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "Impossibile acquisire blocco del dispositivo di scrittura."
-
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-#, fuzzy
-msgid "LUKS2 reencryption recovery failed."
-msgstr "Dimensione settore di cifratura non supportato."
-
-#: lib/setup.c:4175 lib/setup.c:4437
-#, fuzzy
-msgid "Device type is not properly initialized."
+#: lib/setup.c:3684 lib/setup.c:3952
+msgid "Device type is not properly initialised."
msgstr "Il tipo di dispositivo non è inizializzato correttamente."
-#: lib/setup.c:4223
-#, c-format
-msgid "Device %s already exists."
-msgstr "Esiste già un dispositivo %s."
-
-#: lib/setup.c:4230
+#: lib/setup.c:3726
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso."
-#: lib/setup.c:4350
+#: lib/setup.c:3729
+#, c-format
+msgid "Device %s already exists."
+msgstr "Esiste già un dispositivo %s."
+
+#: lib/setup.c:3852
msgid "Incorrect volume key specified for plain device."
msgstr "Specificata una chiave di volume non corretta per il dispositivo in chiaro."
-#: lib/setup.c:4463
+#: lib/setup.c:3918
msgid "Incorrect root hash specified for verity device."
msgstr "Specificato un hash root non corretto per il dispositivo verity."
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-#, fuzzy
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr "Il portachiavi del kernel non è supportato dal kernel."
-
-#: lib/setup.c:4496 lib/setup.c:5976
-msgid "Failed to load key in kernel keyring."
-msgstr "Caricamento chiave nel portachiavi del kernel non riuscito."
-
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:3995 lib/setup.c:4010
#, c-format
msgid "Device %s is still in use."
msgstr "Il dispositivo %s è ancora in uso."
-#: lib/setup.c:4574
+#: lib/setup.c:4025
#, c-format
msgid "Invalid device %s."
msgstr "Device %s non valido."
-#: lib/setup.c:4690
+#: lib/setup.c:4134
+msgid "Function not available in FIPS mode."
+msgstr "Funzione non disponibile in modalità FIPS."
+
+#: lib/setup.c:4148
msgid "Volume key buffer too small."
msgstr "Buffer di chiave del volume troppo piccolo."
-#: lib/setup.c:4698
+#: lib/setup.c:4156
msgid "Cannot retrieve volume key for plain device."
msgstr "Impossibile recuperare la chiave di volume per il dispositivo in chiaro."
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "Specificato un hash root non corretto per il dispositivo verity."
-
-#: lib/setup.c:4717
+#: lib/setup.c:4167
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Questa operazione non è supportata per il dispositivo cifrato %s."
-#: lib/setup.c:4923
+#: lib/setup.c:4354
msgid "Dump operation is not supported for this device type."
msgstr "L'operazione di dump non è supportata per questo tipo di dispositivo."
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
+#: lib/setup.c:4930
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Impossibile convertire il dispositivo %s che risulta ancora in uso."
-#: lib/setup.c:5833
+#: lib/setup.c:5213
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Assegnamento slot di chiave %u come nuova chiave del volume non riuscito."
-#: lib/setup.c:5906
-#, fuzzy
-msgid "Failed to initialize default LUKS2 keyslot parameters."
+#: lib/setup.c:5280
+msgid "Failed to initialise default LUKS2 keyslot parameters."
msgstr "Inizializzazione parametri predefiniti per lo slot di chiave LUKS2 non riuscita."
-#: lib/setup.c:5912
+#: lib/setup.c:5286
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Assegnazione slot di chiave %d al digest non riuscita."
-#: lib/setup.c:6043
+#: lib/setup.c:5370
+msgid "Failed to load key in kernel keyring."
+msgstr "Caricamento chiave nel portachiavi del kernel non riuscito."
+
+#: lib/setup.c:5425
msgid "Kernel keyring is not supported by the kernel."
msgstr "Il portachiavi del kernel non è supportato dal kernel."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:5435
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Lettura della passphrase dal portachiavi non riuscita (errore %d)."
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
-
-#: lib/utils.c:80
+#: lib/utils.c:81
msgid "Cannot get process priority."
msgstr "Impossibile ottenere la priorità del processo."
-#: lib/utils.c:94
+#: lib/utils.c:95
msgid "Cannot unlock memory."
msgstr "Impossibile sbloccare la memoria."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:169 lib/tcrypt/tcrypt.c:498
msgid "Failed to open key file."
msgstr "Apertura del file chiave non riuscita."
-#: lib/utils.c:173
+#: lib/utils.c:174
msgid "Cannot read keyfile from a terminal."
msgstr "Impossibile leggere il file chiave dal terminale."
-#: lib/utils.c:190
+#: lib/utils.c:191
msgid "Failed to stat key file."
msgstr "Stat del file chiave non riuscito."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:199 lib/utils.c:220
msgid "Cannot seek to requested keyfile offset."
msgstr "Impossibile posizionarsi all'offset del file di chiave richiesto."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:214 lib/utils.c:229 src/utils_password.c:188
+#: src/utils_password.c:201
msgid "Out of memory while reading passphrase."
msgstr "Memoria esaurita durante la lettura della passphrase."
-#: lib/utils.c:248
+#: lib/utils.c:249
msgid "Error reading passphrase."
msgstr "Errore nel leggere la passphrase."
-#: lib/utils.c:265
+#: lib/utils.c:266
msgid "Nothing to read on input."
msgstr "Nessun dato da leggere sull'input."
-#: lib/utils.c:272
+#: lib/utils.c:273
msgid "Maximum keyfile size exceeded."
msgstr "Dimensione massima del file chiave superata."
-#: lib/utils.c:277
+#: lib/utils.c:278
msgid "Cannot read requested amount of data."
msgstr "Impossibile leggere la quantità richiesta di dati."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
+#: lib/utils_device.c:184 lib/luks1/keyencryption.c:92
+#, c-format
+msgid "Device %s doesn't exist or access denied."
msgstr "Il dispositivo %s non esiste oppure è negato l'accesso."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:194
#, c-format
msgid "Device %s is not compatible."
msgstr "Il dispositivo %s non è compatibile."
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
+#: lib/utils_device.c:560
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Il dispositivo %s è troppo piccolo, sono necessari almeno %<PRIu64> byte."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:641
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Impossibile utilizzare il dispositivo %s il quale è in uso (già mappato o montato)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:645
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Impossibile usare il dispositivo %s, permessi negati."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:648
#, c-format
msgid "Cannot get info about device %s."
msgstr "Impossibile ottenere informazioni sul dispositivo %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:671
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Impossibile usare un dispositivo di loopback, in esecuzione come utente non root."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:681
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Collegamento del dispositivo di loopback non riuscito (è richiesto un dispositivo di loop con flag autoclear)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:727
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "L'offset richiesto è oltre la dimensione reale del dispositivo %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:735
#, c-format
msgid "Device %s has zero size."
msgstr "Il dispositivo %s ha dimensione zero."
+#: lib/utils_device.c:746 lib/luks1/keyencryption.c:252
+#, c-format
+msgid "Device %s is too small."
+msgstr "Il dispositivo %s è troppo piccolo."
+
#: lib/utils_pbkdf.c:100
msgid "Requested PBKDF target time cannot be zero."
msgstr "Il tempo PBKDF richiesto non può essere zero."
msgid "Requested PBKDF parallel threads cannot be zero."
msgstr "I thread paralleli PBKDF richiesti non possono essere zero."
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
-
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:317
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Benchmark PBKDF disabilitato, ma iterazioni non impostate."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:336
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Opzioni PBKDF2 non compatibili (usando l'algoritmo di hash %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:356
msgid "Not compatible PBKDF options."
msgstr "Opzioni PBKDF non compatibili."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:80
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Blocco interrotto. Il percorso di blocco %s/%s è inutilizzabile (non una directory o mancante)."
-#: lib/utils_device_locking.c:109
+#: lib/utils_device_locking.c:87
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "WARNING: Locking directory %s/%s is missing!\n"
+msgstr "Attenzione: la directory di blocco %s/%s non esiste.\n"
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:97
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Blocco interrotto. Il percorso di blocco %s/%s è inutilizzabile (%s non è una directory)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-msgid "Cannot seek to device offset."
-msgstr "Impossibile posizionarsi all'offset del dispositivo."
-
-#: lib/utils_wipe.c:208
-#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:39
+#: lib/luks1/keyencryption.c:40
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Impostazione mappatura di chiave dm-crypt non riuscita per il dispositivo %s.\n"
"Controllare che il kernel supporti il cifrario %s (controllare syslog per maggiori informazioni)."
-#: lib/luks1/keyencryption.c:44
+#: lib/luks1/keyencryption.c:45
msgid "Key size in XTS mode must be 256 or 512 bits."
msgstr "La dimensione della chiave in modalità XTS deve essere 256 o 512 bit."
-#: lib/luks1/keyencryption.c:46
+#: lib/luks1/keyencryption.c:47
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "La specifica del cifrario dovrebbe essere nel formato [cifrario]-[modalità]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:98 lib/luks1/keymanage.c:345
+#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1079
+#: lib/luks2/luks2_json_metadata.c:1157 lib/luks2/luks2_keyslot.c:448
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Impossibile scrivere sul dispositivo %s, permessi negati."
msgid "Failed to access temporary keystore device."
msgstr "Accesso al dispositivo temporaneo di deposito chiavi non riuscito."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:91
msgid "IO error while encrypting keyslot."
msgstr "Errore di IO durante la cifratura dello slot di chiave."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:243 lib/luks1/keymanage.c:348
+#: lib/luks1/keymanage.c:594 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:663
+#: lib/verity/verity.c:81 lib/verity/verity.c:182 lib/verity/verity_hash.c:308
+#: lib/verity/verity_hash.c:319 lib/verity/verity_hash.c:339
+#: lib/verity/verity_fec.c:242 lib/verity/verity_fec.c:254
+#: lib/verity/verity_fec.c:259 lib/luks2/luks2_json_metadata.c:1160
+#: src/cryptsetup_reencrypt.c:208
#, c-format
msgid "Cannot open device %s."
msgstr "Impossibile aprire il dispositivo %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:254 lib/luks2/luks2_keyslot_luks2.c:152
msgid "IO error while decrypting keyslot."
msgstr "Errore di IO durante la decifratura dello slot di chiave."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:111
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Il dispositivo %s è troppo piccolo (LUKS1 richiede almeno %<PRIu64> byte)."
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:132 lib/luks1/keymanage.c:140
+#: lib/luks1/keymanage.c:152 lib/luks1/keymanage.c:163
+#: lib/luks1/keymanage.c:175
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "Lo slot di chiave LUKS %u non è valido."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:478
+#: lib/luks2/luks2_json_metadata.c:991 src/cryptsetup.c:1236
+#: src/cryptsetup.c:1355 src/cryptsetup.c:1412 src/cryptsetup.c:1468
+#: src/cryptsetup.c:1535 src/cryptsetup.c:1631 src/cryptsetup.c:1695
+#: src/cryptsetup.c:1855 src/cryptsetup.c:2044 src/cryptsetup.c:2104
+#: src/cryptsetup.c:2170 src/cryptsetup.c:2334 src/cryptsetup_reencrypt.c:1397
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "Il dispositivo %s non è un dispositivo LUKS valido."
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:247 lib/luks2/luks2_json_metadata.c:1010
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Il file di backup dell'header %s richiesto esiste già."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:249 lib/luks2/luks2_json_metadata.c:1012
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Impossibile creare il file di backup dell'header %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:254 lib/luks2/luks2_json_metadata.c:1017
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Impossibile scrivere il file di backup dell'header %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
+#: lib/luks1/keymanage.c:287 lib/luks2/luks2_json_metadata.c:1066
+msgid "Backup file doesn't contain valid LUKS header."
msgstr "Il file di backup non contiene un header LUKS valido."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:300 lib/luks1/keymanage.c:555
+#: lib/luks2/luks2_json_metadata.c:1087
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Impossibile aprire il file di backup dell'header %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1093
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Impossibile leggere il file di backup dell'header %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:318
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "L'offset di dati oppure la dimensione della chiave sono diversi tra il dispositivo e il backup, ripristino non riuscito."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:326
#, c-format
msgid "Device %s %s%s"
msgstr "Il dispositivo %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:327
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "non contiene un header LUKS. La sostituzione dell'header può distruggere i dati in quel dispositivo."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:328
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "contiene già un header LUKS. La sostituzione dell'header distruggerà gli slot di chiave esistenti."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1129
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"Attenzione: l'header reale del dispositivo ha un UUID diverso da quello di backup."
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:381
msgid "Non standard key size, manual repair required."
msgstr "Dimensione non standard della chiave, è richiesta una riparazione manuale."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:386
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Allineamento slot di chiave non standard, richiesta riparazione manuale."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:396
msgid "Repairing keyslots."
msgstr "Riparazione degli slot di chiave."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:415
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Slot di chiave %i: offset riparato (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:423
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Slot di chiave %i: strisce riparate (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:432
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Slot di chiave %i: firma della partizione non corretta."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:437
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Slot di chiave %i: salt ripulito."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:454
msgid "Writing LUKS header to disk."
msgstr "Scrittura dell'header LUKS sul disco."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:459
msgid "Repair failed."
msgstr "Riparazione non riuscita."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:487 lib/luks1/keymanage.c:758
#, c-format
msgid "Requested LUKS hash %s is not supported."
msgstr "L'hash %s di LUKS richiesto non è supportato."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:515 src/cryptsetup.c:960
msgid "No known problems detected for LUKS header."
msgstr "Nessun problema conosciuto rilevato per l'header LUKS."
msgid "Error during update of LUKS header on device %s."
msgstr "Errore durante l'aggiornamento dell'header LUKS sul dispositivo %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:676
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Errore nel rileggere l'header LUKS dopo l'aggiornamento sul dispositivo %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:752
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "L'offset dei dati per l'header LUKS deve essere 0 o maggiore della dimensione dell'header."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:763 lib/luks1/keymanage.c:828
+#: lib/luks2/luks2_json_format.c:207 lib/luks2/luks2_json_metadata.c:909
msgid "Wrong LUKS UUID format provided."
msgstr "Fornito un formato UUID per LUKS errato."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:786
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Impossibile creare l'header LUKS: lettura salt casuale non riuscita."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:807
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Impossibile creare l'header LUKS: digest dell'header non riuscito (usando l'hash %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:851
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Slot di chiave %d attivo, eliminarlo prima."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:857
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Il materiale dello slot di chiave %d contiene troppe poche strisce. Manipolazione dell'header?"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Errore nell'elaborazione della chiave (usando l'hash %s)."
-
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1065
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Lo slot di chiave %d non è valido, selezionarne uno tra 0 e %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1083 lib/luks2/luks2_keyslot.c:452
#, c-format
msgid "Cannot wipe device %s."
msgstr "Impossibile ripulire il dispositivo %s."
msgstr "Rilevato file chiave loop-AES non compatibile."
#: lib/loopaes/loopaes.c:245
-#, fuzzy
-msgid "Kernel does not support loop-AES compatible mapping."
+msgid "Kernel doesn't support loop-AES compatible mapping."
msgstr "Il kernel non supporta la mappatura compatibile loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:505
#, c-format
msgid "Error reading keyfile %s."
msgstr "Errore nel leggere il file chiave %s."
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:545
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded."
msgstr "Lunghezza massima (%d) della passphrase TCRYPT superata."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:586
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "L'algoritmo di hash PBKDF2 %s non è disponibile, viene saltato."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:604 src/cryptsetup.c:915
msgid "Required kernel crypto interface not available."
msgstr "L'interfaccia kernel richiesta del cifrario non è disponibile."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:606 src/cryptsetup.c:917
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Assicurarsi di avere il modulo del kernel algif_skcipher caricato."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:746
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Attivazione non supportata per la dimensione del settore di %d."
-#: lib/tcrypt/tcrypt.c:759
-#, fuzzy
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
+#: lib/tcrypt/tcrypt.c:752
+msgid "Kernel doesn't support activation for this TCRYPT legacy mode."
msgstr "Il kernel non supporta l'attivazione per questa modalità legacy TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:786
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Attivazione sistema di cifratura TCRYPT per la partizione %s."
-#: lib/tcrypt/tcrypt.c:868
-#, fuzzy
-msgid "Kernel does not support TCRYPT compatible mapping."
+#: lib/tcrypt/tcrypt.c:864
+msgid "Kernel doesn't support TCRYPT compatible mapping."
msgstr "Il kernel non supporta la mappatura compatibile TCYPRT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1085
msgid "This function is not supported without TCRYPT header load."
msgstr "Questa funzione non è supportata senza l'header TCRYPT caricato."
-#: lib/bitlk/bitlk.c:350
+#: lib/verity/verity.c:69 lib/verity/verity.c:175
#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:402
-#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:419
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:502
-#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Letture dei requisiti LUKS2 non riuscita."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Dimensione settore di cifratura non supportato."
-
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "Letture dei requisiti LUKS2 non riuscita."
-
-#: lib/bitlk/bitlk.c:571
-#, fuzzy, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr "Letture dei requisiti LUKS2 non riuscita."
-
-#: lib/bitlk/bitlk.c:622
-#, fuzzy
-msgid "Unknown or unsupported encryption type."
-msgstr "Dimensione settore di cifratura non supportato."
-
-#: lib/bitlk/bitlk.c:655
-#, fuzzy, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr "Letture dei requisiti LUKS2 non riuscita."
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "Questa operazione non è supportata per il dispositivo cifrato %s."
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-#, fuzzy
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr "Attivazione del dispositivo temporaneo non riuscita."
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, fuzzy, c-format
-msgid "Verity device %s does not use on-disk header."
+msgid "Verity device %s doesn't use on-disk header."
msgstr "Il dispositivo verity %s non usa header su disco."
-#: lib/verity/verity.c:91
+#: lib/verity/verity.c:94
#, c-format
msgid "Device %s is not a valid VERITY device."
msgstr "Il dispositivo %s non è un dispositivo VERITY valido."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Versione %d di VERITY non supportata."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:132
msgid "VERITY header corrupted."
msgstr "Header VERITY danneggiato."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:169
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Fornito un formato UUID per VERITY errato sul dispositivo %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:202
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Errore durante l'aggiornamento dell'header verity sul dispositivo %s."
-#: lib/verity/verity.c:276
-#, fuzzy
-msgid "Root hash signature verification is not supported."
-msgstr "L'hash %s richiesto non è supportato."
-
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:266
msgid "Errors cannot be repaired with FEC device."
msgstr "Impossibile risolvere gli errori con dispositivo FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:268
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Trovati %u errori risolubili con dispositivo FEC."
-#: lib/verity/verity.c:333
-#, fuzzy
-msgid "Kernel does not support dm-verity mapping."
+#: lib/verity/verity.c:306
+msgid "Kernel doesn't support dm-verity mapping."
msgstr "Il kernel non supporta la mappatura dm-verity."
-#: lib/verity/verity.c:337
-#, fuzzy
-msgid "Kernel does not support dm-verity signature option."
-msgstr "Il kernel non supporta la mappatura dm-verity."
-
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:317
msgid "Verity device detected corruption after activation."
msgstr "Il dispositivo verity ha rilevato un'anomalia dopo l'attivazione."
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "L'area spare non risulta essere a zero alla posizione %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:160 lib/verity/verity_hash.c:287
+#: lib/verity/verity_hash.c:300
msgid "Device offset overflow."
msgstr "Overflow offset del dispositivo."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:200
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Verifica alla posizione %<PRIu64> non riuscita."
#: lib/verity/verity_hash.c:273
+msgid "Invalid size parameters for verity device."
+msgstr "Parametri della dimensione non validi per il dispositivo verity."
+
+#: lib/verity/verity_hash.c:293
msgid "Hash area overflow."
msgstr "Overflow dell'area di hash."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:370
msgid "Verification of data area failed."
msgstr "Verifica dell'area dati non riuscita."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:375
msgid "Verification of root hash failed."
msgstr "Verifica dall'hash root non riuscita."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:381
msgid "Input/output error while creating hash area."
msgstr "Errore di input/output nel creare l'area hash."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:383
msgid "Creation of hash area failed."
msgstr "Creazione dell'area hash non riuscita."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:430
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "Attenzione: il kernel non può attivare il dispositivo se la dimensione del blocco dati supera la dimensione di pagina (%u)."
-#: lib/verity/verity_fec.c:131
+#: lib/verity/verity_fec.c:132
msgid "Failed to allocate RS context."
msgstr "Allocazione contesto RS non riuscita."
-#: lib/verity/verity_fec.c:149
+#: lib/verity/verity_fec.c:147
msgid "Failed to allocate buffer."
msgstr "Allocazione buffer non riuscita."
-#: lib/verity/verity_fec.c:159
+#: lib/verity/verity_fec.c:157
#, c-format
msgid "Failed to read RS block %<PRIu64> byte %d."
msgstr "Lettura del blocco RS %<PRIu64> byte %d non riuscita."
-#: lib/verity/verity_fec.c:172
+#: lib/verity/verity_fec.c:170
#, c-format
msgid "Failed to read parity for RS block %<PRIu64>."
msgstr "Lettura bit di parità per il blocco RS %<PRIu64> non riuscita."
-#: lib/verity/verity_fec.c:180
+#: lib/verity/verity_fec.c:178
#, c-format
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Ripristino della parità per il blocco %<PRIu64> non riuscito."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:189
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Scrittura della parità per il blocco RS %<PRIu64> non riuscita."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:224
msgid "Block sizes must match for FEC."
msgstr "Le dimensioni del blocco devono corrispondere per FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:230
msgid "Invalid number of parity bytes."
msgstr "Numero di byte di parità non valido."
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
-msgstr ""
-
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:266
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Impossibile determinare la dimensione per il dispositivo %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-#, fuzzy
-msgid "Kernel does not support dm-integrity mapping."
-msgstr "Il kernel non supporta la mappatura dm-integrity."
-
-#: lib/integrity/integrity.c:278
-#, fuzzy
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
+#: lib/integrity/integrity.c:239 lib/integrity/integrity.c:304
+msgid "Kernel doesn't support dm-integrity mapping."
msgstr "Il kernel non supporta la mappatura dm-integrity."
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
-#, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "Impossibile acquisire il blocco di scrittura sul dispositivo %s."
-
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
+#: lib/luks2/luks2_disk_metadata.c:413
+msgid "Failed to acquire write device lock."
+msgstr "Impossibile acquisire blocco del dispositivo di scrittura."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:654 lib/luks2/luks2_disk_metadata.c:675
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Il dispositivo contiene firme ambigue, impossibile recuperare automaticamente LUKS2.\n"
"Eseguire \"cryptsetup repair\" per il recupero."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:99
+msgid "No space for new keyslot."
+msgstr "Spazio insufficiente per il nuovo slot di chiave."
+
+#: lib/luks2/luks2_json_format.c:158
msgid "Requested data offset is too small."
msgstr "L'offset dati richiesto è troppo piccolo."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:195
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "Attenzione: l'area degli slot di chiave è molto piccola (%<PRIu64> byte), il conteggio degli slot di chiave LUKS2 disponibili è limitato.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:866 lib/luks2/luks2_json_metadata.c:982
+#: lib/luks2/luks2_json_metadata.c:1055 lib/luks2/luks2_keyslot_luks2.c:105
+#: lib/luks2/luks2_keyslot_luks2.c:128
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Impossibile acquisire il blocco di lettura sul dispositivo %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:878 lib/luks2/luks2_json_metadata.c:1149
+#: lib/luks2/luks2_keyslot.c:431 lib/luks2/luks2_keyslot_luks2.c:40
+#: lib/luks2/luks2_keyslot_luks2.c:69
+#, c-format
+msgid "Failed to acquire write lock on device %s."
+msgstr "Impossibile acquisire il blocco di scrittura sul dispositivo %s."
+
+#: lib/luks2/luks2_json_metadata.c:1072
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Rilevati requisiti LUKS2 proibiti nel backup %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1113
msgid "Data offset differ on device and backup, restore failed."
msgstr "L'offset di dati è diverso tra il dispositivo e il backup, ripristino non riuscito."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1119
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "L'header binario con dimensione aree dello slot di chiave è diverso tra il dispositivo e il backup, ripristino non riuscito."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1126
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Il dispositivo %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1127
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "non contiene un header LUKS2. La sostituzione dell'header può distruggere i dati su quel dispositivo."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1128
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "contiene già un header LUKS2. La sostituzione dell'header distruggerà gli slot di chiave esistenti."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1130
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"Attenzione: requisiti LUKS2 sconosciuti rilevati nell'header del dispositivo reale.\n"
"La sostituzione dell'header con il backup può danneggiare i dati su quel dispositivo."
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1132
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Attenzione: rilevata re-cifratura non completata sul dispositivo.\n"
"La sostituzione dell'header con il backup potrebbe danneggiare i dati."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1234
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Flag %s sconosciuto ignorato."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
-#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "Interrogazione del segmento dm-%s non riuscita."
-
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-#, fuzzy
-msgid "Failed to set dm-linear segment."
-msgstr "Interrogazione del segmento dm-%s non riuscita."
-
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
-#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:1869
msgid "Failed to read LUKS2 requirements."
msgstr "Letture dei requisiti LUKS2 non riuscita."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:1876
msgid "Unmet LUKS2 requirements detected."
msgstr "Rilevati requisiti LUKS2 non soddisfatti."
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "Slot di chiave %i: salt ripulito."
-
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, fuzzy, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr "Slot di chiave LUKS2: il cifrario usato per la cifratura dello slot di chiave"
-
-#: lib/luks2/luks2_keyslot_luks2.c:480
-msgid "No space for new keyslot."
-msgstr "Spazio insufficiente per il nuovo slot di chiave."
+#: lib/luks2/luks2_json_metadata.c:1884
+msgid "Offline reencryption in progress. Aborting."
+msgstr "Re-cifratura offline in corso. Terminato."
-#: lib/luks2/luks2_luks1_convert.c:482
-#, fuzzy, c-format
-msgid "Cannot check status of device with uuid: %s."
+#: lib/luks2/luks2_luks1_convert.c:474
+#, c-format
+msgid "Can not check status of device with uuid: %s."
msgstr "Impossibile controllare lo stato del dispositivo con UUID: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:500
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Impossibile convertire l'header con metadati LUKSMETA aggiuntivi."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:537
msgid "Unable to move keyslot area. Not enough space."
msgstr "Impossibile spostare l'area dello slot di chiave: spazio insufficiente."
-#: lib/luks2/luks2_luks1_convert.c:599
-#, fuzzy
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr "Impossibile spostare l'area dello slot di chiave: spazio insufficiente."
-
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:577 lib/luks2/luks2_luks1_convert.c:854
msgid "Unable to move keyslot area."
msgstr "Impossibile spostare l'area dello slot di chiave."
-#: lib/luks2/luks2_luks1_convert.c:697
-#, fuzzy
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u non è compatibile con LUKS1."
-
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:672
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Impossibile convertire al formato LUKS1: i digest dello slot di chiave non sono compatibili con LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:684
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Impossibile convertire al formato LUKS1: il dispositivo utilizza una chiave di cifrario %s con wrapper."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:692
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Impossibile convertire al formato LUKS1: l'header LUKS2 contiene %u token."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:706
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u è in uno stato non valido."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:711
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Impossibile convertire al formato LUKS1: lo slot %u (oltre gli slot massimi) è ancora attivo."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:716
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Impossibile convertire al formato LUKS1: lo slot di chiave %u non è compatibile con LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1007
-#, fuzzy, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)."
-
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Parametri non supportati sul dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "Lettura dei requisiti dall'header di backup non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, fuzzy, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr "Lettura bit di parità per il blocco RS %<PRIu64> non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "Impossibile determinare la dimensione per il dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:2092
-#, fuzzy, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
-msgstr "Esame del dispositivo %s per una firma non riuscito."
-
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "Impossibile determinare la dimensione per il dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:2170
-#, fuzzy
-msgid "Failed to refresh reencryption devices stack."
-msgstr "Impossibile acquisire il blocco di lettura sul dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "Sostituzione del nuovo slot di chiave non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:2430
-#, fuzzy, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)."
-
-#: lib/luks2/luks2_reencrypt.c:2451
-#, fuzzy, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "La dimensione del dispositivo %s non è allineata con la dimensione del settore richiesta (%u byte)."
-
-#: lib/luks2/luks2_reencrypt.c:2472
-#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, fuzzy, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr "Impossibile utilizzare il dispositivo %s il quale è in uso (già mappato o montato)."
-
-#: lib/luks2/luks2_reencrypt.c:2647
-msgid "Device not marked for LUKS2 reencryption."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-#, fuzzy
-msgid "Failed to load LUKS2 reencryption context."
-msgstr "Allocazione contesto RS non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "Recupero del token %d per l'esportazione non riuscito."
-
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "Il dispositivo %s non è attivo."
-
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-#, fuzzy
-msgid "Reencryption process is already running."
-msgstr "Re-cifratura in corso."
-
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-#, fuzzy
-msgid "Failed to acquire reencryption lock."
-msgstr "Impossibile acquisire blocco del dispositivo di scrittura."
-
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2889
-#, fuzzy
-msgid "Active device size and requested reencryption size don't match."
-msgstr "La dimensione del dispositivo non è allineata con la dimensione del settore richiesta."
-
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2973
-#, fuzzy
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr "Re-cifratura in corso."
-
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3136
-#, fuzzy
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr "Inizializzazione parametri predefiniti per lo slot di chiave LUKS2 non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3225
-#, fuzzy
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr "Esame del dispositivo %s per una firma non riuscito."
-
-#: lib/luks2/luks2_reencrypt.c:3267
-#, fuzzy
-msgid "Failed to write reencryption resilience metadata."
-msgstr "Scrittura dei flag di attivazione sul nuovo header non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3274
-#, fuzzy
-msgid "Decryption failed."
-msgstr "Riparazione non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "Scrittura della parità per il blocco RS %<PRIu64> non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3284
-#, fuzzy
-msgid "Failed to sync data."
-msgstr "Impostazione offset dei dati non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "Letture dei requisiti LUKS2 non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3382
-#, fuzzy
-msgid "Failed to wipe backup segment data."
-msgstr "Pulizia della firma del dispositivo non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Assegnazione del token %d allo slot di chiave %d non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "Elimina tutti gli slot di chiavi (rimuove chiave di cifratura)"
-
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita."
-
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-#, fuzzy
-msgid "Failed to update reencryption context."
-msgstr "Allocazione contesto RS non riuscita."
-
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "Lo slot di chiave %d non è valido."
-
-#: lib/luks2/luks2_token.c:263
+#: lib/luks2/luks2_token.c:262
msgid "No free token slot."
msgstr "Nessun slot token libero."
-#: lib/luks2/luks2_token.c:270
+#: lib/luks2/luks2_token.c:269
#, c-format
msgid "Failed to create builtin token %s."
msgstr "Impossibile creare token integrato %s."
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:141
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "Impossibile verificare la passphrase su input non tty."
-#: src/cryptsetup.c:261
+#: src/cryptsetup.c:182
msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr "I parametri di cifratura dello slot di chiave possono essere impostati solo per dispositivi LUKS2."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:212 src/cryptsetup.c:849 src/cryptsetup.c:1088
+#: src/cryptsetup_reencrypt.c:749 src/cryptsetup_reencrypt.c:814
msgid "No known cipher specification pattern detected."
msgstr "Non è stato rilevato alcun modello noto di specifica di cifrario."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:220
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "Attenzione: il parametro --hash viene ignorato in modalità normale con file di chiave specificato.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:228
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "Attenzione: l'opzione --keyfile-size viene ignorata, la dimensione di lettura è la stessa della dimensione della chiave di cifratura.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:268
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Rilevata firma dispositivo su %s. Attenzione: continuare potrebbe danneggiare i dati esistenti."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:274 src/cryptsetup.c:969 src/cryptsetup.c:1065
+#: src/cryptsetup.c:1138 src/cryptsetup.c:1763 src/integritysetup.c:230
msgid "Operation aborted.\n"
msgstr "Operazione interrotta.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:342
msgid "Option --key-file is required."
msgstr "È richiesta l'opzione --key-file."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:395
msgid "Enter VeraCrypt PIM: "
msgstr "Inserire PIM VeraCrypt: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:404
msgid "Invalid PIM value: parse error."
msgstr "Valore PIM non valido: errore di lettura."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:407
msgid "Invalid PIM value: 0."
msgstr "Valore PIM non valido: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:410
msgid "Invalid PIM value: outside of range."
msgstr "Valore PIM non valido: fuori dall'intervallo."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:433
msgid "No device header detected with this passphrase."
msgstr "Nessun header di dispositivo rilevato con questa passphrase."
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "Il dispositivo %s non è un dispositivo LUKS valido."
-
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:495 src/cryptsetup.c:1790
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n"
"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:574
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Il dispositivo %s è ancora attivo ed è pianificato per essere rimosso.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:602
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Il ridimensionamento di un dispositivo attivo richiede la chiave del volume nel portachiavi, ma l'opzione --disable-keyring è impostata."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:727
msgid "Benchmark interrupted."
msgstr "Benchmark interrotto."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:748
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/D\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:750
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iterazioni per secondo per chiave di %zu-bit\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:764
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/D\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:766
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iterazioni, %5u memoria, %1u thread paralleli (CPU) per chiave di %zu-bit (tempo richiesto %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:790
msgid "Result of benchmark is not reliable."
msgstr "Il risultato del benchmark non è attendibile."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:841
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# I test sono approssimati usando solo la memoria (nessun IO dall'archivio).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:875
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr ""
"#%*s Algoritmo | Chiave | Cifratura | Decrifrazione\n"
"\n"
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "Il cifrario %s-%s (dimensione chiave di %zd byte) non è disponibile."
+#: src/cryptsetup.c:879
+#, c-format
+msgid "Cipher %s is not available."
+msgstr "Il cifrario %s non è disponibile."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:899
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr ""
"# Algoritmo | Chiave | Cifratura | Decrifrazione\n"
"\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:908
msgid "N/A"
msgstr "N/D"
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Inserire la passphrase da eliminare: "
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Inserire la passphrase da eliminare: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "Inserire la passphrase per lo slot da convertire: "
-
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:968
msgid "Really try to repair LUKS device header?"
msgstr "Provare a riparare l'header del dispositivo LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:984 src/integritysetup.c:144
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"È possibile interrompere questa operazione premendo Ctrl+C: la parte del dispositivo non pulita\n"
"conterrà dati di controllo non validi.\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1006 src/integritysetup.c:166
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Impossibile disattivare il dispositivo %s temporaneo."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1050
msgid "Integrity option can be used only for LUKS2 format."
msgstr "L'opzione di integrità può essere usata solo col formato LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1055 src/cryptsetup.c:1115
msgid "Unsupported LUKS2 metadata size options."
msgstr "Opzioni dimensione metadati LUKS2 non supportate."
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1072
#, c-format
msgid "Cannot create header file %s."
msgstr "Impossibile creare il file header %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1095 src/integritysetup.c:192 src/integritysetup.c:201
+#: src/integritysetup.c:210 src/integritysetup.c:276 src/integritysetup.c:285
+#: src/integritysetup.c:295
msgid "No known integrity specification pattern detected."
msgstr "Non è stato rilevato alcun modello noto di specifica di integrità."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1108
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Impossibile usare %s come header on-disk."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1132 src/integritysetup.c:224
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Ciò sovrascriverà i dati in %s in modo irreversibile."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1173 src/cryptsetup.c:1484 src/cryptsetup.c:1551
+#: src/cryptsetup.c:1646 src/cryptsetup.c:1712
msgid "Failed to set pbkdf parameters."
msgstr "Impostazione dei parametri pbkdf non riuscita."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1242
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "L'offset di dati ridotti è ammesso solo per l'header LUKS scollegato."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1284
msgid "Device activated but cannot make flags persistent."
msgstr "Dispositivo attivato, ma non è possibile rendere i flag permanenti."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1365
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Slot di chiave %d selezionato per l'eliminazione."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1368 src/cryptsetup.c:1706
+#, c-format
+msgid "Keyslot %d is not active."
+msgstr "Lo slot di chiave %d non è attivo."
+
+#: src/cryptsetup.c:1377 src/cryptsetup.c:1438
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Questo è l'ultimo slot di chiave. Il dispositivo sarà inutilizzabile dopo aver eliminato questa chiave."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1378
msgid "Enter any remaining passphrase: "
msgstr "Inserire una delle passphrase rimanenti: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1379 src/cryptsetup.c:1440
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operazione terminata, lo slot di chiave NON è stato pulito.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1417
msgid "Enter passphrase to be deleted: "
msgstr "Inserire la passphrase da eliminare: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1435
+#, c-format
+msgid "Key slot %d selected for deletion."
+msgstr "Slot di chiave %d selezionato per l'eliminazione."
+
+#: src/cryptsetup.c:1498 src/cryptsetup.c:1565 src/cryptsetup.c:1599
msgid "Enter new passphrase for key slot: "
msgstr "Inserire la nuova passphrase per lo slot di chiave: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1582 src/cryptsetup_reencrypt.c:1352
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Inserire una delle passphrase esistenti: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1650
msgid "Enter passphrase to be changed: "
msgstr "Inserire la passphrase da cambiare: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1666 src/cryptsetup_reencrypt.c:1338
msgid "Enter new passphrase: "
msgstr "Inserire la nuova passphrase: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1716
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Inserire la passphrase per lo slot da convertire: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1740
msgid "Only one device argument for isLuks operation is supported."
msgstr "È supportato un solo argomento dispositivo per ogni operazione isLuks."
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Il dump dell'header con la chiave di volume contiene informazioni\n"
-"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n"
-"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Lo slot di chiave %d non è attivo."
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Il dump dell'header con la chiave di volume contiene informazioni\n"
-"confidenziali che permettono di accedere alla partizione cifrata senza passphrase.\n"
-"Questo dump dovrebbe sempre essere salvato in modo cifrato in un luogo sicuro."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s non è un dispositivo gestito via cryptsetup."
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:1924 src/cryptsetup.c:1945
msgid "Option --header-backup-file is required."
msgstr "È richiesta l'opzione --header-backup-file."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:1975
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s non è un dispositivo gestito via cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:1986
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "L'aggiornamento non è supportato per dispositivi di tipo %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2024
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Tipo di dispositivo metadati %s non riconosciuto."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2027
msgid "Command requires device and mapped name as arguments."
msgstr "Il comando richiede un dispositivo e un nome di mappatura come argomenti."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2049
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Questa operazione eliminerà tutti gli slot di chiave sul dispositivo %s.\n"
"Il dispositivo sarà inutilizzabile dopo questa operazione."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2056
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operazione terminata, gli slot di chiave NON sono stati puliti.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2093
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Tipo LUKS non valido, solo «luks1» o «luks2» sono supportati."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2111
#, c-format
msgid "Device is already %s type."
msgstr "Il dispositivo è già di tipo %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2116
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr ""
"Questa operazione converte %s nel formato %s.\n"
"\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2122
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operazione terminata, il dispositivo NON è stato convertito.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2162
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Manca l'opzione --priority, --label o --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2196 src/cryptsetup.c:2229 src/cryptsetup.c:2252
#, c-format
msgid "Token %d is invalid."
msgstr "Il token %d non è valido."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2199 src/cryptsetup.c:2255
#, c-format
msgid "Token %d in use."
-msgstr "Il token %d è in uso."
-
-#: src/cryptsetup.c:2623
-#, c-format
-msgid "Failed to add luks2-keyring token %d."
-msgstr "Aggiunta del token luks2-keyring %d non riuscita."
-
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
-#, c-format
-msgid "Failed to assign token %d to keyslot %d."
-msgstr "Assegnazione del token %d allo slot di chiave %d non riuscita."
-
-#: src/cryptsetup.c:2649
-#, c-format
-msgid "Token %d is not in use."
-msgstr "Il token %d non è in uso."
-
-#: src/cryptsetup.c:2684
-msgid "Failed to import token from file."
-msgstr "Importazione del token da file non riuscita."
-
-#: src/cryptsetup.c:2709
-#, c-format
-msgid "Failed to get token %d for export."
-msgstr "Recupero del token %d per l'esportazione non riuscito."
-
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Il parametro --key-description è obbligatorio per l'azione di aggiunta token."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "L'azione richiede un token specifico. Utilizzare il parametro --token-id."
-
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr "Operazione token %s non valida."
-
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Il dispositivo %s non è un dispositivo LUKS valido."
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Stat del dispositivo %s non riuscita."
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "Device %s non valido."
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "L'opzione di integrità può essere usata solo col formato LUKS2."
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Il file di backup dell'header %s richiesto esiste già."
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Impossibile creare il file header %s."
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-#, fuzzy
-msgid "Not enough free keyslots for reencryption."
-msgstr "Non cambia chiave, nessuna re-cifratura dei dati"
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Il file chiave può essere usato solamente con --key-slot o con esattamente uno slot di chiave attivo."
-
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Inserire la passphrase per lo slot di chiave %u: "
+msgstr "Il token %d è in uso."
-#: src/cryptsetup.c:3240
+#: src/cryptsetup.c:2206
#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Inserire la passphrase per lo slot di chiave %u: "
+msgid "Failed to add luks2-keyring token %d."
+msgstr "Aggiunta del token luks2-keyring %d non riuscita."
-#: src/cryptsetup.c:3286
+#: src/cryptsetup.c:2215 src/cryptsetup.c:2277
#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
+msgid "Failed to assign token %d to keyslot %d."
+msgstr "Assegnazione del token %d allo slot di chiave %d non riuscita."
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "Il comando richiede un dispositivo e un nome di mappatura come argomenti."
+#: src/cryptsetup.c:2232
+#, c-format
+msgid "Token %d is not in use."
+msgstr "Il token %d non è in uso."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
+#: src/cryptsetup.c:2267
+msgid "Failed to import token from file."
+msgstr "Importazione del token da file non riuscita."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
+#: src/cryptsetup.c:2292
+#, c-format
+msgid "Failed to get token %d for export."
+msgstr "Recupero del token %d per l'esportazione non riuscito."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "La re-cifratura del dispositivo con un profilo di integrità non è supportata."
+#: src/cryptsetup.c:2307
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Il parametro --key-description è obbligatorio per l'azione di aggiunta token."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
+#: src/cryptsetup.c:2313 src/cryptsetup.c:2321
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "L'azione richiede un token specifico. Utilizzare il parametro --token-id."
-#: src/cryptsetup.c:3475
-#, fuzzy
-msgid "LUKS2 device is not in reencryption."
-msgstr "Il file di registro %s esiste, viene ripristinata la re-cifratura.\n"
+#: src/cryptsetup.c:2326
+#, c-format
+msgid "Invalid token operation %s."
+msgstr "Operazione token %s non valida."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:2366
msgid "<device> [--type <type>] [<name>]"
msgstr "<dispositivo> [--type <tipo>] [<nome>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "Apre il dispositivo come <nome>"
+#: src/cryptsetup.c:2366
+msgid "open device as mapping <name>"
+msgstr "Apre il dispositivo come mappatura in <nome>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:2367 src/cryptsetup.c:2368 src/cryptsetup.c:2369
+#: src/veritysetup.c:363 src/veritysetup.c:364 src/integritysetup.c:464
+#: src/integritysetup.c:465
msgid "<name>"
msgstr "<nome>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:2367
msgid "close device (remove mapping)"
msgstr "Chiude il dispositivo (rimuove la mappatura)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:2368
msgid "resize active device"
msgstr "Ridimensiona il dispositivo attivo"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:2369
msgid "show device status"
msgstr "Mostra lo stato del dispositivo"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2370
msgid "[--cipher <cipher>]"
msgstr "[--cipher <cifrario>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2370
msgid "benchmark cipher"
msgstr "Esegue benchmark del cifrario"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:2371 src/cryptsetup.c:2372 src/cryptsetup.c:2373
+#: src/cryptsetup.c:2374 src/cryptsetup.c:2381 src/cryptsetup.c:2382
+#: src/cryptsetup.c:2383 src/cryptsetup.c:2384 src/cryptsetup.c:2385
+#: src/cryptsetup.c:2386 src/cryptsetup.c:2387 src/cryptsetup.c:2388
msgid "<device>"
msgstr "<dispositivo>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:2371
msgid "try to repair on-disk metadata"
msgstr "Prova a riparare i metadati on-disk"
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "Aggiunge chiave al dispositivo LUKS"
-
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:2372
msgid "erase all keyslots (remove encryption key)"
msgstr "Elimina tutti gli slot di chiavi (rimuove chiave di cifratura)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:2373
msgid "convert LUKS from/to LUKS2 format"
msgstr "Converte LUKS dal/al formato LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:2374
msgid "set permanent configuration options for LUKS2"
msgstr "Imposta opzioni di configurazione permanenti per LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:2375 src/cryptsetup.c:2376
msgid "<device> [<new key file>]"
msgstr "<dispositivo> [<nuovo file chiave>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:2375
msgid "formats a LUKS device"
msgstr "Formatta un dispositivo LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:2376
msgid "add key to LUKS device"
msgstr "Aggiunge chiave al dispositivo LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:2377 src/cryptsetup.c:2378 src/cryptsetup.c:2379
msgid "<device> [<key file>]"
msgstr "<dispositivo> [<file chiave>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:2377
msgid "removes supplied key or key file from LUKS device"
msgstr "Rimuove la chiave fornita o il file chiave dal dispositivo LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:2378
msgid "changes supplied key or key file of LUKS device"
msgstr "Cambia la chiave fornita o il file chiave del dispositivo LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:2379
msgid "converts a key to new pbkdf parameters"
msgstr "Converte una chiave nei nuovi parametri pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2380
msgid "<device> <key slot>"
msgstr "<dispositivo> <slot di chiave>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2380
msgid "wipes key with number <key slot> from LUKS device"
msgstr "Ripulisce la chiave con numero <slot di chiave> dal dispositivo LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:2381
msgid "print UUID of LUKS device"
msgstr "Stampa l'UUID del dispositivo LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:2382
msgid "tests <device> for LUKS partition header"
msgstr "Verifica l'header della partizione LUKS di <dispositivo>"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:2383
msgid "dump LUKS partition information"
msgstr "Esegue il dump delle informazioni della partizione LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:2384
msgid "dump TCRYPT device information"
msgstr "Esegue il dump delle informazioni TCRYPT del dispositivo"
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "Esegue il dump delle informazioni TCRYPT del dispositivo"
-
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:2385
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Sospende il dispositivo LUKS e ripulisce la chiave (operazioni I/O bloccate)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:2386
msgid "Resume suspended LUKS device"
msgstr "Ripristina il dispositivo LUKS sospeso"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:2387
msgid "Backup LUKS device header and keyslots"
msgstr "Fa il backup dell'header del dispositivo e degli slot di chiave"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:2388
msgid "Restore LUKS device header and keyslots"
msgstr "Ripristina l'header del dispositivo LUKS e gli slot di chiave"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2389
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <dispositivo>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2389
msgid "Manipulate LUKS2 tokens"
msgstr "Gestisce token LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:2407 src/veritysetup.c:380 src/integritysetup.c:481
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<azione> è una tra:\n"
-#: src/cryptsetup.c:3551
-#, fuzzy
+#: src/cryptsetup.c:2413
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
msgstr ""
"\n"
"È possibile usare anche la vecchia sintassi <azione>:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:2417
#, c-format
msgid ""
"\n"
"<slot di chiave> è il numero dello slot di chiave LUKS da modificare\n"
"<file chiave> è il file chiave opzionale per la nuova chiave per l'azione luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:2424
#, c-format
msgid ""
"\n"
"\n"
"Formato predefinito metadati compilati: %s (per azione luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:2429
#, c-format
msgid ""
"\n"
"PBKDF predefinito per LUKS2: %s\n"
"\tTempo iterazione: %d, memoria richiesta: %dkB, thread paralleli: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:2440
#, c-format
msgid ""
"\n"
"\tin chiaro: %s, chiave: %d bit, hash della password: %s\n"
"\tLUKS: %s, chiave: %d bit, hash dell'header LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:2449
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: la dimensione predefinita della chiave in modalità XTS (due chiavi interne) viene raddoppiata.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:2460 src/veritysetup.c:537 src/integritysetup.c:621
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: richiede %s come argomenti"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:2498 src/veritysetup.c:420 src/integritysetup.c:515
+#: src/cryptsetup_reencrypt.c:1611
msgid "Show this help message"
msgstr "Mostra questo messaggio d'aiuto"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:2499 src/veritysetup.c:421 src/integritysetup.c:516
+#: src/cryptsetup_reencrypt.c:1612
msgid "Display brief usage"
msgstr "Mostra il modo d'uso sintetico"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Stampa la versione del pacchetto"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:2503 src/veritysetup.c:425 src/integritysetup.c:520
+#: src/cryptsetup_reencrypt.c:1616
msgid "Help options:"
msgstr "Opzioni di aiuto:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
+#: src/cryptsetup.c:2504 src/veritysetup.c:426 src/integritysetup.c:521
+#: src/cryptsetup_reencrypt.c:1617
+msgid "Print package version"
+msgstr "Stampa la versione del pacchetto"
+
+#: src/cryptsetup.c:2505 src/veritysetup.c:427 src/integritysetup.c:522
+#: src/cryptsetup_reencrypt.c:1618
msgid "Shows more detailed error messages"
msgstr "Mostra i messaggi di errore con maggior dettaglio"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup.c:2506 src/veritysetup.c:428 src/integritysetup.c:523
+#: src/cryptsetup_reencrypt.c:1619
msgid "Show debug messages"
msgstr "Mostra i messaggi di debug"
-#: src/cryptsetup.c:3646
+#: src/cryptsetup.c:2507
msgid "Show debug messages including JSON metadata"
msgstr "Mostra i messaggi di debug compresi i metadati JSON"
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
+#: src/cryptsetup.c:2508 src/cryptsetup_reencrypt.c:1621
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Il cifrario usato per cifrare il disco (vedere /proc/crypto)"
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
+#: src/cryptsetup.c:2509 src/cryptsetup_reencrypt.c:1623
msgid "The hash used to create the encryption key from the passphrase"
msgstr "L'hash usato per creare la chiave di cifratura dalla passphrase"
-#: src/cryptsetup.c:3649
+#: src/cryptsetup.c:2510
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifica la passphrase chiedendola due volte"
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
+#: src/cryptsetup.c:2511 src/cryptsetup_reencrypt.c:1625
msgid "Read the key from a file"
msgstr "Legge la chiave da un file"
-#: src/cryptsetup.c:3651
+#: src/cryptsetup.c:2512
msgid "Read the volume (master) key from file."
msgstr "Legge la chiave (master) del volume dal file."
-#: src/cryptsetup.c:3652
+#: src/cryptsetup.c:2513
msgid "Dump volume (master) key instead of keyslots info"
msgstr "Esegue il dump della chiave (master) del volume invece delle informazioni sugli slot di chiave"
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2514 src/cryptsetup_reencrypt.c:1622
msgid "The size of the encryption key"
msgstr "La dimensione della chiave di cifratura"
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2514 src/cryptsetup.c:2571 src/integritysetup.c:539
+#: src/integritysetup.c:543 src/integritysetup.c:547
+#: src/cryptsetup_reencrypt.c:1622
msgid "BITS"
msgstr "BIT"
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
+#: src/cryptsetup.c:2515 src/cryptsetup_reencrypt.c:1638
msgid "Limits the read from keyfile"
msgstr "Limita la lettura dal file di chiave"
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:2515 src/cryptsetup.c:2516 src/cryptsetup.c:2517
+#: src/cryptsetup.c:2518 src/cryptsetup.c:2568 src/cryptsetup.c:2569
+#: src/veritysetup.c:431 src/veritysetup.c:432 src/veritysetup.c:433
+#: src/veritysetup.c:436 src/veritysetup.c:437 src/integritysetup.c:530
+#: src/integritysetup.c:534 src/integritysetup.c:535
+#: src/cryptsetup_reencrypt.c:1637 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup_reencrypt.c:1639 src/cryptsetup_reencrypt.c:1640
msgid "bytes"
msgstr "byte"
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
+#: src/cryptsetup.c:2516 src/cryptsetup_reencrypt.c:1637
msgid "Number of bytes to skip in keyfile"
msgstr "Numero di byte da saltare nel file di chiave"
-#: src/cryptsetup.c:3656
+#: src/cryptsetup.c:2517
msgid "Limits the read from newly added keyfile"
msgstr "Limita la lettura dal file di chiave appena aggiunto"
-#: src/cryptsetup.c:3657
+#: src/cryptsetup.c:2518
msgid "Number of bytes to skip in newly added keyfile"
msgstr "Numero di byte da saltare nel file di chiave appena aggiunto"
-#: src/cryptsetup.c:3658
+#: src/cryptsetup.c:2519
msgid "Slot number for new key (default is first free)"
msgstr "Numero dello slot per la nuova chiave (il primo libero è quello predefinito)"
-#: src/cryptsetup.c:3659
+#: src/cryptsetup.c:2520
msgid "The size of the device"
msgstr "La dimensione del dispositivo"
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
+#: src/cryptsetup.c:2520 src/cryptsetup.c:2521 src/cryptsetup.c:2522
+#: src/cryptsetup.c:2528 src/integritysetup.c:531 src/integritysetup.c:536
msgid "SECTORS"
msgstr "SETTORI"
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Usa solo la dimensione specificata del dispositivo (ignora il resto del dispositivo) PERICOLOSO"
-
-#: src/cryptsetup.c:3661
+#: src/cryptsetup.c:2521
msgid "The start offset in the backend device"
msgstr "L'offset iniziale del dispositivo di backend"
-#: src/cryptsetup.c:3662
+#: src/cryptsetup.c:2522
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Quanti settori dei dati cifrati saltare dall'inizio"
-#: src/cryptsetup.c:3663
+#: src/cryptsetup.c:2523
msgid "Create a readonly mapping"
msgstr "Crea una mappatura in sola lettura"
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
+#: src/cryptsetup.c:2524 src/integritysetup.c:524
+#: src/cryptsetup_reencrypt.c:1628
msgid "Do not ask for confirmation"
msgstr "Non chiede conferma"
-#: src/cryptsetup.c:3665
+#: src/cryptsetup.c:2525
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Timeout per il prompt interattivo della passphrase (in secondi)"
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2525 src/cryptsetup.c:2526 src/integritysetup.c:525
+#: src/cryptsetup_reencrypt.c:1629
msgid "secs"
msgstr "sec"
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2526 src/integritysetup.c:525
+#: src/cryptsetup_reencrypt.c:1629
msgid "Progress line update (in seconds)"
msgstr "Aggiornamento linea di avanzamento (in secondi)"
# (NDT) Descrizione dell'opzione
# --tries, indica il numero di tentativi per richiesta
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
+#: src/cryptsetup.c:2527 src/cryptsetup_reencrypt.c:1630
msgid "How often the input of the passphrase can be retried"
msgstr "Quante volte può essere ritentato l'inserimento della passphrase"
-#: src/cryptsetup.c:3668
+#: src/cryptsetup.c:2528
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Allinea il payload agli estremi del settore <n> - per luksFormat"
-#: src/cryptsetup.c:3669
+#: src/cryptsetup.c:2529
msgid "File with LUKS header and keyslots backup"
msgstr "File con header LUKS e backup degli slot di chiave"
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
+#: src/cryptsetup.c:2530 src/cryptsetup_reencrypt.c:1631
msgid "Use /dev/random for generating volume key"
msgstr "Usa /dev/random per generare la chiave di volume"
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
+#: src/cryptsetup.c:2531 src/cryptsetup_reencrypt.c:1632
msgid "Use /dev/urandom for generating volume key"
msgstr "Usa /dev/urandom per generare la chiave di volume"
-#: src/cryptsetup.c:3672
+#: src/cryptsetup.c:2532
msgid "Share device with another non-overlapping crypt segment"
msgstr "Condivide il dispositivo con un altro segmento cifrato non sovrapposto"
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
+#: src/cryptsetup.c:2533 src/veritysetup.c:440
msgid "UUID for device to use"
msgstr "UUID per il dispositivo da usare"
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
+#: src/cryptsetup.c:2534
msgid "Allow discards (aka TRIM) requests for device"
msgstr "Ammette le richieste di scarto (funzione TRIM) per il dispositivo"
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
+#: src/cryptsetup.c:2535 src/cryptsetup_reencrypt.c:1649
msgid "Device or file with separated LUKS header"
msgstr "Device o file con header LUKS separato"
-#: src/cryptsetup.c:3676
+#: src/cryptsetup.c:2536
msgid "Do not activate device, just check passphrase"
msgstr "Non attiva il dispositivo, verifica solamente la passphrase"
-#: src/cryptsetup.c:3677
+#: src/cryptsetup.c:2537
msgid "Use hidden header (hidden TCRYPT device)"
msgstr "Usa header nascosto (dispositivo TCRYPT nascosto)"
-#: src/cryptsetup.c:3678
+#: src/cryptsetup.c:2538
msgid "Device is system TCRYPT drive (with bootloader)"
msgstr "Il dispositivo è l'unità TCRYPT di sistema (con bootloader)"
-#: src/cryptsetup.c:3679
+#: src/cryptsetup.c:2539
msgid "Use backup (secondary) TCRYPT header"
msgstr "Usa header TCRYPT di backup (secondario)"
-#: src/cryptsetup.c:3680
+#: src/cryptsetup.c:2540
msgid "Scan also for VeraCrypt compatible device"
msgstr "Ricerca anche dispositivo compatibile VeraCrypt"
-#: src/cryptsetup.c:3681
+#: src/cryptsetup.c:2541
msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "PIM (Personal Iteration Multiplier) per dispositivo VeraCrypt compatibile"
-#: src/cryptsetup.c:3682
+#: src/cryptsetup.c:2542
msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Interroga PIM (Personal Iteration Multiplier) per dispositivo VeraCrypt compatibile"
-#: src/cryptsetup.c:3683
-#, fuzzy
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#: src/cryptsetup.c:2543
+msgid "Type of device metadata: luks, plain, loopaes, tcrypt"
msgstr "Tipo di metadati del dispositivo: luks, plain, loopaes, tcrypt"
-#: src/cryptsetup.c:3684
+#: src/cryptsetup.c:2544
msgid "Disable password quality check (if enabled)"
msgstr "Disabilita la verifica della qualità della password (se abilitata)"
-#: src/cryptsetup.c:3685
+#: src/cryptsetup.c:2545
msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
msgstr "Usa l'opzione compatibile per prestazioni same_cpu_crypt di dm-crypt"
-#: src/cryptsetup.c:3686
+#: src/cryptsetup.c:2546
msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
msgstr "Usa l'opzione compatibile per prestazioni submit_from_crypt_cpus di dm-crypt"
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
+#: src/cryptsetup.c:2547
msgid "Device removal is deferred until the last user closes it"
msgstr "La rimozione del dispositivo è posticipata fino a quando l'ultimo utente lo chiude"
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
+#: src/cryptsetup.c:2548
msgid "PBKDF iteration time for LUKS (in ms)"
msgstr "Tempo di iterazione di PBKDF per LUKS (in ms)"
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup.c:2548 src/cryptsetup_reencrypt.c:1627
msgid "msecs"
msgstr "msec"
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
+#: src/cryptsetup.c:2549 src/cryptsetup_reencrypt.c:1645
msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
msgstr "Algoritmo PBKDF (per LUKS2): argon2i, argon2id, pbkdf2"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2550 src/cryptsetup_reencrypt.c:1646
msgid "PBKDF memory cost limit"
msgstr "Limite costo memoria PBKDF"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2550 src/cryptsetup_reencrypt.c:1646
msgid "kilobytes"
msgstr "kilobyte"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2551 src/cryptsetup_reencrypt.c:1647
msgid "PBKDF parallel cost"
msgstr "Costo PBKDF parallelo"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2551 src/cryptsetup_reencrypt.c:1647
msgid "threads"
msgstr "thread"
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
+#: src/cryptsetup.c:2552 src/cryptsetup_reencrypt.c:1648
msgid "PBKDF iterations cost (forced, disables benchmark)"
msgstr "Costo iterazioni PBKDF (forzato, disabilita benchmark)"
-#: src/cryptsetup.c:3696
+#: src/cryptsetup.c:2553
msgid "Keyslot priority: ignore, normal, prefer"
msgstr "Priorità slot di chiave: ignore, normal, prefer"
-#: src/cryptsetup.c:3697
+#: src/cryptsetup.c:2554
msgid "Disable locking of on-disk metadata"
msgstr "Disabilita il blocco dei metadati su disco"
-#: src/cryptsetup.c:3698
+#: src/cryptsetup.c:2555
msgid "Disable loading volume keys via kernel keyring"
msgstr "Disabilita il caricamento delle chiavi di volume tramite il portachiavi del kernel"
-#: src/cryptsetup.c:3699
+#: src/cryptsetup.c:2556
msgid "Data integrity algorithm (LUKS2 only)"
msgstr "Algoritmo integrità dei dati (solo LUKS2)"
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
+#: src/cryptsetup.c:2557 src/integritysetup.c:550
msgid "Disable journal for integrity device"
msgstr "Disabilita il journal per il dispositivo di integrità"
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
+#: src/cryptsetup.c:2558 src/integritysetup.c:526
msgid "Do not wipe device after format"
msgstr "Non pulisce il dispositivo dopo la formattazione"
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
+#: src/cryptsetup.c:2559
msgid "Do not ask for passphrase if activation by token fails"
msgstr "Non chiede la passphrase se l'attivazione con token non riesce"
-#: src/cryptsetup.c:3704
+#: src/cryptsetup.c:2560
msgid "Token number (default: any)"
msgstr "Numero token (predefinito: any)"
-#: src/cryptsetup.c:3705
+#: src/cryptsetup.c:2561
msgid "Key description"
msgstr "Descrizione chiave"
-#: src/cryptsetup.c:3706
+#: src/cryptsetup.c:2562
msgid "Encryption sector size (default: 512 bytes)"
msgstr "Dimensione settore di cifratura (predefinito: 512 byte)"
-#: src/cryptsetup.c:3707
-#, fuzzy
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Dimensione settore di cifratura (predefinito: 512 byte)"
-
-#: src/cryptsetup.c:3708
+#: src/cryptsetup.c:2563
msgid "Set activation flags persistent for device"
msgstr "Imposta flag attivazione persistente per il dispositivo"
-#: src/cryptsetup.c:3709
+#: src/cryptsetup.c:2564
msgid "Set label for the LUKS2 device"
msgstr "Imposta l'etichetta per il dispositivo LUKS2"
-#: src/cryptsetup.c:3710
+#: src/cryptsetup.c:2565
msgid "Set subsystem label for the LUKS2 device"
msgstr "Imposta l'etichetta del sottosistema per il dispositivo LUKS2"
-#: src/cryptsetup.c:3711
-#, fuzzy
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#: src/cryptsetup.c:2566
+msgid "Create unbound (no assigned data segment) LUKS2 keyslot"
msgstr "Crea slot di chiave LUKS2 non vincolato (segmento dati non assegnato)"
-#: src/cryptsetup.c:3712
+#: src/cryptsetup.c:2567
msgid "Read or write the json from or to a file"
msgstr "Legge/Scrive JSON da/su file"
-#: src/cryptsetup.c:3713
+#: src/cryptsetup.c:2568
msgid "LUKS2 header metadata area size"
msgstr "Dimensione area metadati header LUKS2"
-#: src/cryptsetup.c:3714
+#: src/cryptsetup.c:2569
msgid "LUKS2 header keyslots area size"
msgstr "Dimensione area slot di chiave header LUKS2"
-#: src/cryptsetup.c:3715
+#: src/cryptsetup.c:2570
msgid "Refresh (reactivate) device with new parameters"
msgstr "Aggiorna (riattiva) il dispositivo con nuovi parametri"
-#: src/cryptsetup.c:3716
+#: src/cryptsetup.c:2571
msgid "LUKS2 keyslot: The size of the encryption key"
msgstr "Slot di chiave LUKS2: la dimensione della chiave di cifratura"
-#: src/cryptsetup.c:3717
+#: src/cryptsetup.c:2572
msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
msgstr "Slot di chiave LUKS2: il cifrario usato per la cifratura dello slot di chiave"
-#: src/cryptsetup.c:3718
-#, fuzzy
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)"
-
-#: src/cryptsetup.c:3719
-#, fuzzy
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Riduce la dimensione dei dati del dispositivo (muove l'offset dei dati) PERICOLOSO"
-
-#: src/cryptsetup.c:3723
-#, fuzzy
-msgid "Maximal reencryption hotzone size."
-msgstr "Dimensione blocco re-cifratura"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-#, fuzzy
-msgid "Reencryption hotzone checksums hash"
-msgstr "Dimensione blocco re-cifratura"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr ""
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:2588 src/veritysetup.c:461 src/integritysetup.c:568
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPZIONE...] <azione> <azione-specifica>]"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:2645 src/veritysetup.c:501 src/integritysetup.c:585
msgid "Argument <action> missing."
msgstr "Argomento <azione> mancante."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:2708 src/veritysetup.c:532 src/integritysetup.c:616
msgid "Unknown action."
msgstr "Azione sconosciuta."
-#: src/cryptsetup.c:3877
-#, fuzzy
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
+#: src/cryptsetup.c:2718
+msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
+msgstr ""
+"Il parametro --refresh è consentito solo col comando open o refresh.\n"
+"\n"
+
+#: src/cryptsetup.c:2723
+msgid "Options --refresh and --test-passphrase are mutually exclusive.\n"
msgstr ""
"Solo un'opzione tra --refresh e --test-passphrase può essere usata.\n"
"\n"
-#: src/cryptsetup.c:3882
-#, fuzzy
-msgid "Option --deferred is allowed only for close command."
+#: src/cryptsetup.c:2728
+msgid "Option --deferred is allowed only for close command.\n"
msgstr ""
"L'opzione --deferred è consentita solo per il comando close.\n"
"\n"
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
+#: src/cryptsetup.c:2733
+msgid "Option --shared is allowed only for open of plain device.\n"
msgstr "L'opzione --shared è consentita solo per l'azione open di dispositivo in chiaro.\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
+#: src/cryptsetup.c:2738
+msgid "Option --allow-discards is allowed only for open operation.\n"
msgstr "L'opzione --allow-discards è consentita solo per l'azione open.\n"
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
+#: src/cryptsetup.c:2743
+msgid "Option --persistent is allowed only for open operation.\n"
msgstr "L'opzione --persistent è consentita solo per l'azione open.\n"
-#: src/cryptsetup.c:3902
-#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "L'opzione --allow-discards è consentita solo per l'azione open.\n"
-
-#: src/cryptsetup.c:3907
-#, fuzzy
-msgid "Option --persistent is not allowed with --test-passphrase."
+#: src/cryptsetup.c:2748
+msgid "Option --persistent is not allowed with --test-passphrase.\n"
msgstr "L'opzione --persistent non è consentita con --test-passphrase.\n"
-#: src/cryptsetup.c:3917
-#, fuzzy
+#: src/cryptsetup.c:2757
msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+"Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n"
"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
msgstr ""
"L'opzione --key-size è consentita solo per le azioni luksFormat, luksAddKey (con --unbound),\n"
"open e benchmark. Per limitare la lettura dal file chiave usare --keyfile-size=(byte)."
-#: src/cryptsetup.c:3923
-#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#: src/cryptsetup.c:2763
+msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n"
msgstr "L'opzione --integrity è consentita solo per luksFormat (LUKS2).\n"
-#: src/cryptsetup.c:3928
-#, fuzzy
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+#: src/cryptsetup.c:2768
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n"
msgstr ""
"L'opzione --integrity-no-wipe può essere usata solo con l'azione format con estensione di integrità.\n"
"\n"
-#: src/cryptsetup.c:3934
-#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#: src/cryptsetup.c:2774
+msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"
msgstr "Le opzioni --label e --subsystem sono consentite solo per operazioni LUKS2 luksFormat e config.\n"
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+#: src/cryptsetup.c:2780
+msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
msgstr "L'opzione --test-passphrase è consentita solo per l'operazione open di dispositivo LUKS e TCRYPT.\n"
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:2785 src/cryptsetup_reencrypt.c:1718
msgid "Key size must be a multiple of 8 bits"
msgstr "La dimensione della chiave deve essere un multiplo di 8 bit"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:2791 src/cryptsetup_reencrypt.c:1403
+#: src/cryptsetup_reencrypt.c:1723
msgid "Key slot is invalid."
msgstr "Lo slot di chiave non è valido."
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:2798
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "L'opzione --key-file ha la precedenza sull'argomento specificato per il file chiave."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:2805 src/veritysetup.c:544 src/integritysetup.c:640
+#: src/cryptsetup_reencrypt.c:1697
msgid "Negative number for option not permitted."
msgstr "Non è ammesso un numero negativo per l'opzione."
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:2809
msgid "Only one --key-file argument is allowed."
msgstr "È consentito solo un argomento --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:2813 src/cryptsetup_reencrypt.c:1689
+#: src/cryptsetup_reencrypt.c:1727
msgid "Only one of --use-[u]random options is allowed."
msgstr "È consentita solo una tra le opzioni --use-[u]random."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:2817
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "L'opzione --use-[u]random è consentita solo per luksFormat."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:2821
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "L'opzione --uuid è consentita solo per luksFormat e luksUUID."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:2825
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "L'opzione --align-payload è consentita solo per luksFormat."
-#: src/cryptsetup.c:3989
+#: src/cryptsetup.c:2829
msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
msgstr "Le opzioni --luks2-metadata-size e --opt-luks2-keyslots-size sono consentite solo luksFormat con LUKS2."
-#: src/cryptsetup.c:3994
+#: src/cryptsetup.c:2834
msgid "Invalid LUKS2 metadata size specification."
msgstr "Specifica di dimensione dei metadati LUKS2 non valida."
-#: src/cryptsetup.c:3998
+#: src/cryptsetup.c:2838
msgid "Invalid LUKS2 keyslots size specification."
msgstr "Specifica di dimensione dello slot di chiave LUKS2 non valida."
-#: src/cryptsetup.c:4002
-#, fuzzy
-msgid "Options --align-payload and --offset cannot be combined."
+#: src/cryptsetup.c:2842
+msgid "Option --align-payload and --offset cannot be combined."
msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme."
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:2848
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "L'opzione --skip è supportata solo per l'azione open di dispositivi in chiaro e loopaes.\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:2855
+msgid "Option --offset is supported only for open of plain and loopaes devices and for luksFormat.\n"
msgstr "L'opzione --offset è supportata solo per l'azione open di dispositivi in chiaro e loopaes e per luksFormat.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:2861
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "L'opzione --tcrypt-hidden, --tcrypt-system o --tcrypt-backup è supportata solo per dispositivo TCRYPT.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:2866
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "L'opzione --tcrypt-hidden non può essere utilizzata con --allow-discards.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
+#: src/cryptsetup.c:2871
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "L'opzione --veracrypt è supportata solo per dispositivo TCRYPT.\n"
-#: src/cryptsetup.c:4037
-#, fuzzy
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#: src/cryptsetup.c:2877
+msgid "Invalid argument for parameter --veracrypt-pim supplied.\n"
msgstr "Argomento fornito per il parametro --veracrypt-pim non valido.\n"
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:2881
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"
msgstr ""
"L'opzione --veracrypt-pim è supportata solo per dispositivi compatibili VeraCrypt.\n"
"\n"
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:2889
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "L'opzione --veracrypt-query-pim è supportata solo per dispositivi compatibili VeraCrypt.\n"
-#: src/cryptsetup.c:4053
-#, fuzzy
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+#: src/cryptsetup.c:2893
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"
msgstr ""
"Solo un'opzione tra --veracrypt-pim e --veracrypt-query-pim può essere usata.\n"
"\n"
-#: src/cryptsetup.c:4060
-#, fuzzy
-msgid "Option --priority can be only ignore/normal/prefer."
+#: src/cryptsetup.c:2900
+msgid "Option --priority can be only ignore/normal/prefer.\n"
msgstr "L'opzione --priority può essere solamente ignore/normal/prefer.\n"
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-#, fuzzy
-msgid "Keyslot specification is required."
+#: src/cryptsetup.c:2905
+msgid "Keyslot specification is required.\n"
msgstr "È richiesta la specifica dello slot di chiave.\n"
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-#, fuzzy
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+#: src/cryptsetup.c:2910 src/cryptsetup_reencrypt.c:1703
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"
msgstr "La funzione di derivazione della chiave basata su password (PBKDF) può essere solamente pbkdf2 oppure argon2i/argon2id.\n"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-#, fuzzy
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
+#: src/cryptsetup.c:2915 src/cryptsetup_reencrypt.c:1708
+msgid "PBKDF forced iterations cannot be combined with iteration time option.\n"
msgstr "Le iterazioni forzate PBKDF non possono essere usate assieme all'opzione del tempo delle iterazioni.\n"
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
+#: src/cryptsetup.c:2921
+msgid "Sector size option is not supported for this command.\n"
msgstr "L'opzione della dimensione del settore non è supportata con questo comando.\n"
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:2927
+msgid "Unsupported encryption sector size.\n"
+msgstr "Dimensione settore di cifratura non supportata.\n"
-#: src/cryptsetup.c:4098
-#, fuzzy
-msgid "Key size is required with --unbound option."
+#: src/cryptsetup.c:2932
+msgid "Key size is required with --unbound option.\n"
msgstr "La dimensione della chiave è richiesta con l'opzione --unbound.\n"
-#: src/cryptsetup.c:4108
-#, fuzzy
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#: src/cryptsetup.c:2937
+msgid "Option --unbound may be used only with luksAddKey action.\n"
msgstr "L'opzione --unbound può essere usata solamente con l'azione luksAddKey.\n"
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
+#: src/cryptsetup.c:2942
+msgid "Option --refresh may be used only with open action.\n"
msgstr "L'opzione --refresh può essere usata solamente con l'azione open.\n"
-#: src/cryptsetup.c:4124
-#, fuzzy
-msgid "Cannot disable metadata locking."
+#: src/cryptsetup.c:2953
+msgid "Cannot disable metadata locking.\n"
msgstr "Impossibile disabilitare il blocco dei metadati.\n"
-#: src/cryptsetup.c:4135
-#, fuzzy
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Specifica di dimensione del dispositivo non valida."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Specifica di dimensione del dispositivo non valida."
-
-#: src/cryptsetup.c:4146
-#, fuzzy
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "La dimensione massima di riduzione del dispositivo è 64 MiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte."
-
-#: src/cryptsetup.c:4154
-#, fuzzy
-msgid "Invalid data size specification."
-msgstr "Specifica di dimensione del dispositivo non valida."
-
-#: src/cryptsetup.c:4159
-#, fuzzy
-msgid "Reduce size overflow."
-msgstr "Overflow offset del dispositivo."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte."
-
-#: src/cryptsetup.c:4171
-#, fuzzy
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme."
-
-#: src/cryptsetup.c:4175
-#, fuzzy
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Le opzioni --align-payload --offset cannot non possono essere utilizzate assieme."
-
-#: src/cryptsetup.c:4179
-#, fuzzy
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Le opzioni --ignore-corruption e --restart-on-corruption non possono essere utilizzate assieme.\n"
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:67
msgid "Invalid salt string specified."
msgstr "Stringa salt specificata non valida."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:98
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Impossibile creare l'immagine hash %s per la scrittura."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:108
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Impossibile creare l'immagine FEC %s per la scrittura."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:178
msgid "Invalid root hash string specified."
msgstr "Stringa hash root specificata non valida."
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "Device %s non valido."
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr "Impossibile leggere il file chiave %s."
-
-#: src/veritysetup.c:406
+#: src/veritysetup.c:360
msgid "<data_device> <hash_device>"
msgstr "<dispositivo_dati> <dispositivo_hash>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:360 src/integritysetup.c:462
msgid "format device"
msgstr "Formatta il dispositivo"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:361
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<dispositivo_dati> <dispositivo_hash> <hash_root>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:361
msgid "verify device"
msgstr "Verifica il dispositivo"
-#: src/veritysetup.c:408
+#: src/veritysetup.c:362
msgid "<data_device> <name> <hash_device> <root_hash>"
msgstr "<dispositivo_dati> <nome> <dispositivo_hash> <hash_root>"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:362 src/integritysetup.c:463
+msgid "open device as <name>"
+msgstr "Apre il dispositivo come <nome>"
+
+#: src/veritysetup.c:363 src/integritysetup.c:464
+msgid "close device (deactivate and remove mapping)"
+msgstr "Chiude il dispositivo (disattiva e rimuove la mappatura)"
+
+#: src/veritysetup.c:364 src/integritysetup.c:465
msgid "show active device status"
msgstr "Mostra lo stato del dispositivo attivo"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:365
msgid "<hash_device>"
msgstr "<dispositivo_hash>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:365 src/integritysetup.c:466
msgid "show on-disk information"
msgstr "Mostra informazioni on-disk"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:384
#, c-format
msgid ""
"\n"
"<dispositivo_hash> è il dispositivo che contiene i dati di verifica\n"
"<hash_root> è l'hash del nodo radice nel <dispositivo_hash>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:391
#, c-format
msgid ""
"\n"
"Parametri predefiniti compilati in dm-verity:\n"
"\tHash: %s, Blocco dati (byte): %u, Blocco hash (byte): %u, Dimensione salt: %u, Formato hash: %u\n"
-#: src/veritysetup.c:481
+#: src/veritysetup.c:429
msgid "Do not use verity superblock"
msgstr "Non usa il super-blocco verity"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:430
msgid "Format type (1 - normal, 0 - original Chrome OS)"
msgstr "Tipo di formato (1 - normale, 0 - ChromeOS originale)"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:430
msgid "number"
msgstr "numero"
-#: src/veritysetup.c:483
+#: src/veritysetup.c:431
msgid "Block size on the data device"
msgstr "La dimensione del blocco sul dispositivo dati"
-#: src/veritysetup.c:484
+#: src/veritysetup.c:432
msgid "Block size on the hash device"
msgstr "La dimensione del blocco sul dispositivo hash"
-#: src/veritysetup.c:485
+#: src/veritysetup.c:433
msgid "FEC parity bytes"
msgstr "Byte di parità FEC"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:434
msgid "The number of blocks in the data file"
msgstr "Il numero di blocchi nel file dati"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:434
msgid "blocks"
msgstr "blocchi"
-#: src/veritysetup.c:487
+#: src/veritysetup.c:435
msgid "Path to device with error correction data"
msgstr "Percorso al dispositivo con i dati di correzione degli errori"
-#: src/veritysetup.c:487 src/integritysetup.c:566
+#: src/veritysetup.c:435 src/integritysetup.c:528
msgid "path"
msgstr "percorso"
-#: src/veritysetup.c:488
+#: src/veritysetup.c:436
msgid "Starting offset on the hash device"
msgstr "L'offset iniziale del dispositivo di hash"
-#: src/veritysetup.c:489
+#: src/veritysetup.c:437
msgid "Starting offset on the FEC device"
msgstr "L'offset iniziale del dispositivo FEC"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:438
msgid "Hash algorithm"
msgstr "Algoritmo di hash"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:438
msgid "string"
msgstr "stringa"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:439
msgid "Salt"
msgstr "Salt"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:439
msgid "hex string"
msgstr "stringa esadecimale"
-#: src/veritysetup.c:493
-#, fuzzy
-msgid "Path to root hash signature file"
-msgstr "Creazione dell'area hash non riuscita."
-
-#: src/veritysetup.c:494
+#: src/veritysetup.c:441
msgid "Restart kernel if corruption is detected"
msgstr "Riavvia il kernel se sono rilevati dati rovinati"
-#: src/veritysetup.c:495
-#, fuzzy
-msgid "Panic kernel if corruption is detected"
-msgstr "Riavvia il kernel se sono rilevati dati rovinati"
-
-#: src/veritysetup.c:496
+#: src/veritysetup.c:442
msgid "Ignore corruption, log it only"
msgstr "Ignora i dati rovinati, li registra solamente"
-#: src/veritysetup.c:497
+#: src/veritysetup.c:443
msgid "Do not verify zeroed blocks"
msgstr "Non verifica i blocchi azzerati"
-#: src/veritysetup.c:498
+#: src/veritysetup.c:444
msgid "Verify data block only the first time it is read"
msgstr "Verifica i blocchi dati solo alla prima lettura"
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#: src/veritysetup.c:550
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"
msgstr "L'opzione --ignore-corruption, --restart-on-corruption o --ignore-zero-blocks è consentita solo per l'operazione di apertura.\n"
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "L'opzione --integrity-recalculate può essere usata solo con l'azione open."
-
-#: src/veritysetup.c:610
-#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Le opzioni --ignore-corruption e --restart-on-corruption non possono essere utilizzate assieme.\n"
-
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+#: src/veritysetup.c:555
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
msgstr "Le opzioni --ignore-corruption e --restart-on-corruption non possono essere utilizzate assieme.\n"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Dimensione della chiave non valida."
-
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:82 src/utils_password.c:298
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Impossibile leggere il file chiave %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/integritysetup.c:86 src/utils_password.c:302
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Impossibile leggere %d byte dal file chiave %s."
-#: src/integritysetup.c:266
+#: src/integritysetup.c:248
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr "Formattato con dimensione tag di %u, integrità interna %s.\n"
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:462 src/integritysetup.c:466
msgid "<integrity_device>"
msgstr "<dispositivo_integrità>"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:463
msgid "<integrity_device> <name>"
msgstr "<dispositivo_integrità> <nome>"
-#: src/integritysetup.c:515
+#: src/integritysetup.c:485
#, c-format
msgid ""
"\n"
"<nome> è il dispositivo da creare in %s\n"
"<dispositivo_integrità> è il dispositivo che contiene dai con i tag di integrità\n"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
+#: src/integritysetup.c:490
+#, c-format
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
+"\tTag size: %u bytes, Checksum algorithm: %s\n"
msgstr ""
"\n"
"Parametri predefiniti compilati in dm-integrity:\n"
"\tDimensione tag: %u byte - Algoritmo di controllo: %s\n"
-#: src/integritysetup.c:566
+#: src/integritysetup.c:528
msgid "Path to data device (if separated)"
msgstr "Percorso al dispositivo dati (se scollegato)"
-#: src/integritysetup.c:568
+#: src/integritysetup.c:530
msgid "Journal size"
msgstr "Dimensione journal"
-#: src/integritysetup.c:569
+#: src/integritysetup.c:531
msgid "Interleave sectors"
msgstr "Settori di interfogliazione"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:532
msgid "Journal watermark"
msgstr "Watermark del journal"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:532
msgid "percent"
msgstr "percento"
-#: src/integritysetup.c:571
+#: src/integritysetup.c:533
msgid "Journal commit time"
msgstr "Tempo scrittura del journal"
-#: src/integritysetup.c:571 src/integritysetup.c:573
+#: src/integritysetup.c:533
msgid "ms"
msgstr "ms"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
+#: src/integritysetup.c:534
msgid "Tag size (per-sector)"
msgstr "Dimensione tag (per settore)"
-#: src/integritysetup.c:575
+#: src/integritysetup.c:535
msgid "Sector size"
msgstr "Dimensione settore"
-#: src/integritysetup.c:576
+#: src/integritysetup.c:536
msgid "Buffers size"
msgstr "Dimensione buffer"
-#: src/integritysetup.c:578
+#: src/integritysetup.c:538
msgid "Data integrity algorithm"
msgstr "Algoritmo integrità dati"
-#: src/integritysetup.c:579
+#: src/integritysetup.c:539
msgid "The size of the data integrity key"
msgstr "La dimensione della chiave di integrità dei dati"
-#: src/integritysetup.c:580
+#: src/integritysetup.c:540
msgid "Read the integrity key from a file"
msgstr "Legge la chiave di integrità da un file"
-#: src/integritysetup.c:582
+#: src/integritysetup.c:542
msgid "Journal integrity algorithm"
msgstr "Algoritmo integrità journal"
-#: src/integritysetup.c:583
+#: src/integritysetup.c:543
msgid "The size of the journal integrity key"
msgstr "La dimensione della chiave di integrità del journal"
-#: src/integritysetup.c:584
+#: src/integritysetup.c:544
msgid "Read the journal integrity key from a file"
msgstr "Legge la chiave di integrità del journal da un file"
-#: src/integritysetup.c:586
+#: src/integritysetup.c:546
msgid "Journal encryption algorithm"
msgstr "Algoritmo cifratura journal"
-#: src/integritysetup.c:587
+#: src/integritysetup.c:547
msgid "The size of the journal encryption key"
msgstr "La dimensione della chiave di cifratura del journal"
-#: src/integritysetup.c:588
+#: src/integritysetup.c:548
msgid "Read the journal encryption key from a file"
msgstr "Legge la chiave di cifratura del journal da un file"
-#: src/integritysetup.c:591
+#: src/integritysetup.c:551
msgid "Recovery mode (no journal, no tag checking)"
msgstr "Modalità ripristino (jorunal e verifica tag disattivai)"
-#: src/integritysetup.c:592
-#, fuzzy
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Disabilita il journal per il dispositivo di integrità"
-
-#: src/integritysetup.c:593
+#: src/integritysetup.c:552
msgid "Recalculate initial tags automatically."
msgstr "Ricalcola i tag iniziali automaticamente"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
+#: src/integritysetup.c:631
msgid "Option --integrity-recalculate can be used only for open action."
msgstr "L'opzione --integrity-recalculate può essere usata solo con l'azione open."
-#: src/integritysetup.c:692
-#, fuzzy
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#: src/integritysetup.c:646
+msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n"
msgstr "Le opzioni --journal-size, --interleave-sectors, --sector-size, --tag-size e --no-wipe possono essere usate solamente per azioni di formattazione.\n"
-#: src/integritysetup.c:698
+#: src/integritysetup.c:652
msgid "Invalid journal size specification."
msgstr "Specifica di dimensione del journal non valida."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:657
msgid "Both key file and key size options must be specified."
msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione delle chiave."
-#: src/integritysetup.c:708
+#: src/integritysetup.c:660
+msgid "Integrity algorithm must be specified if integrity key is used."
+msgstr "L'algoritmo di integrità deve essere specificato se viene usata la chiave di integrità."
+
+#: src/integritysetup.c:665
msgid "Both journal integrity key file and key size options must be specified."
msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione della chiave di integrità del journal."
-#: src/integritysetup.c:711
+#: src/integritysetup.c:668
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "L'algoritmo di integrità del journal deve essere specificato se viene usata la chiave di integrità del journal."
-#: src/integritysetup.c:716
+#: src/integritysetup.c:673
msgid "Both journal encryption key file and key size options must be specified."
msgstr "Devono essere specificate entrambe le opzioni file della chiave e dimensione della chiave di cifratura del journal."
-#: src/integritysetup.c:719
+#: src/integritysetup.c:676
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "L'algoritmo di cifratura del journal deve essere specificato se viene usata la chiave di cifratura del journal."
-#: src/integritysetup.c:723
-#, fuzzy
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr ""
-"Solo un'opzione tra --refresh e --test-passphrase può essere usata.\n"
-"\n"
-
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
-
-#: src/integritysetup.c:731
-#, fuzzy
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "L'opzione di integrità può essere usata solo col formato LUKS2."
-
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:175
msgid "Reencryption already in-progress."
msgstr "Re-cifratura in corso."
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:181
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "La re-cifratura del dispositivo con un profilo di integrità non è supportata."
+
+#: src/cryptsetup_reencrypt.c:204
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "Impossibile aprire esclusivamente il dispositivo %s, già in uso."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:1148
msgid "Allocation of aligned memory failed."
msgstr "Allocazione di memoria allineata non riuscita."
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:225
#, c-format
msgid "Cannot read device %s."
msgstr "Impossibile leggere il dispositivo %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:236
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "Impostazione dispositivo LUKS %s come inutilizzabile."
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:240
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr "Impostazione flag re-cifratura offline LUKS2 sul dispositivo %s."
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:257
#, c-format
msgid "Cannot write device %s."
msgstr "Impossibile scrivere il dispositivo %s."
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:345
msgid "Cannot write reencryption log file."
msgstr "Impossibile scrivere il file di registro di re-cifratura."
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:401
msgid "Cannot read reencryption log file."
msgstr "Impossibile leggere il file di registro di re-cifratura."
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:439
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Il file di registro %s esiste, viene ripristinata la re-cifratura.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:488
msgid "Activating temporary device using old LUKS header."
msgstr "Attivazione dispositivo temporaneo usando il vecchio header LUKS."
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:498
msgid "Activating temporary device using new LUKS header."
msgstr "Attivazione dispositivo temporaneo usando il nuovo header LUKS."
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:508
msgid "Activation of temporary devices failed."
msgstr "Attivazione del dispositivo temporaneo non riuscita."
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Impostazione offset dei dati non riuscita."
+#: src/cryptsetup_reencrypt.c:586
+msgid "Failed to set PBKDF parameters."
+msgstr "Impostazione parametri PBKDF non riuscita."
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
+#: src/cryptsetup_reencrypt.c:592
+msgid "Failed to set data offset."
msgstr "Impostazione offset dei dati non riuscita."
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:600
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Creato nuovo header LUKS per il dispositivo %s."
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:660
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr "Questa versione di cryptsetup-reencrypt non può gestire token interni di tipo %s."
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:682
msgid "Failed to read activation flags from backup header."
msgstr "Lettura dei flag di attivazione dall'header di backup non riuscita."
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:686
msgid "Failed to write activation flags to new header."
msgstr "Scrittura dei flag di attivazione sul nuovo header non riuscita."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:690 src/cryptsetup_reencrypt.c:694
msgid "Failed to read requirements from backup header."
msgstr "Lettura dei requisiti dall'header di backup non riuscita."
-#: src/cryptsetup_reencrypt.c:723
+#: src/cryptsetup_reencrypt.c:731
#, c-format
msgid "%s header backup of device %s created."
msgstr "Header %s di backup del dispositivo %s creato."
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:789
msgid "Creation of LUKS backup headers failed."
msgstr "Creazione degli header di backup LUKS non riuscita."
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:918
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "Impossibile ripristinare l'header %s sul dispositivo %s."
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:920
#, c-format
msgid "%s header on device %s restored."
msgstr "Ripristinato l'header %s sul dispositivo %s."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:958 src/cryptsetup_reencrypt.c:1038
+msgid "Cannot seek to device offset."
+msgstr "Impossibile posizionarsi all'offset del dispositivo."
+
+#: src/cryptsetup_reencrypt.c:1081
+msgid "Cannot seek to device offset.\n"
+msgstr "Impossibile posizionarsi all'offset del dispositivo.\n"
+
+#: src/cryptsetup_reencrypt.c:1120 src/cryptsetup_reencrypt.c:1126
msgid "Cannot open temporary LUKS device."
msgstr "Impossibile aprire il dispositivo temporaneo LUKS."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1131 src/cryptsetup_reencrypt.c:1136
msgid "Cannot get device size."
msgstr "Impossibile ottenere la dimensione del dispositivo."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1173
+msgid "Interrupted by a signal."
+msgstr "Interrotto da un segnale."
+
+#: src/cryptsetup_reencrypt.c:1175
msgid "IO error during reencryption."
msgstr "Errore di IO durante la re-cifratura."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1206
msgid "Provided UUID is invalid."
msgstr "Lo UUID fornito non è valido."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1309
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Il file chiave può essere usato solamente con --key-slot o con esattamente uno slot di chiave attivo."
+
+#: src/cryptsetup_reencrypt.c:1350 src/cryptsetup_reencrypt.c:1361
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Inserire la passphrase per lo slot di chiave %u: "
+
+#: src/cryptsetup_reencrypt.c:1432
msgid "Cannot open reencryption log file."
msgstr "Impossibile aprire il file di registro di re-cifratura."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1438
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "Nessuna decifrazione in corso: lo UUID fornito può essere usato solamente per riprendere un processo di decifrazione."
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1513
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr "Parametri pbkdf modificati nello slot di chiave %i."
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1620
msgid "Reencryption block size"
msgstr "Dimensione blocco re-cifratura"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1620
msgid "MiB"
msgstr "MiB"
-#: src/cryptsetup_reencrypt.c:1640
+#: src/cryptsetup_reencrypt.c:1624
msgid "Do not change key, no data area reencryption"
msgstr "Non cambia chiave, nessuna re-cifratura dei dati"
-#: src/cryptsetup_reencrypt.c:1642
+#: src/cryptsetup_reencrypt.c:1626
msgid "Read new volume (master) key from file"
msgstr "Legge la chiave (master) del volume da file"
-#: src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup_reencrypt.c:1627
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "Tempo di iterazione di PBKDF2 per LUKS (in ms)"
-#: src/cryptsetup_reencrypt.c:1649
+#: src/cryptsetup_reencrypt.c:1633
msgid "Use direct-io when accessing devices"
msgstr "Usa IO diretto negli accessi ai dispositivi"
-#: src/cryptsetup_reencrypt.c:1650
+#: src/cryptsetup_reencrypt.c:1634
msgid "Use fsync after each block"
msgstr "Usa fsync dopo ogni blocco"
-#: src/cryptsetup_reencrypt.c:1651
+#: src/cryptsetup_reencrypt.c:1635
msgid "Update log file after every block"
msgstr "Aggiorna il registro a ogni blocco"
-#: src/cryptsetup_reencrypt.c:1652
+#: src/cryptsetup_reencrypt.c:1636
msgid "Use only this slot (others will be disabled)"
msgstr "Usa solo questo slot (gli altri vengono disabilitati)"
-#: src/cryptsetup_reencrypt.c:1657
+#: src/cryptsetup_reencrypt.c:1639
+msgid "Reduce data device size (move data offset). DANGEROUS!"
+msgstr "Riduce la dimensione dei dati del dispositivo (muove l'offset dei dati) PERICOLOSO"
+
+#: src/cryptsetup_reencrypt.c:1640
+msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+msgstr "Usa solo la dimensione specificata del dispositivo (ignora il resto del dispositivo) PERICOLOSO"
+
+#: src/cryptsetup_reencrypt.c:1641
msgid "Create new header on not encrypted device"
msgstr "Crea un nuovo header su un dispositivo non cifrato"
-#: src/cryptsetup_reencrypt.c:1658
+#: src/cryptsetup_reencrypt.c:1642
msgid "Permanently decrypt device (remove encryption)"
msgstr "Decifra definitivamente il dispositivo (rimuove la cifratura)"
-#: src/cryptsetup_reencrypt.c:1659
+#: src/cryptsetup_reencrypt.c:1643
msgid "The UUID used to resume decryption"
msgstr "Lo UUID utilizzato per riprendere la decifrazione"
-#: src/cryptsetup_reencrypt.c:1660
+#: src/cryptsetup_reencrypt.c:1644
msgid "Type of LUKS metadata: luks1, luks2"
msgstr "Metadati di tipo LUKS: luks1, luks2"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1663
msgid "[OPTION...] <device>"
msgstr "[OPZIONI...] <dispositivo>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1677
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "La re-cifratura modificherà: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1678
msgid "volume key"
msgstr "chiave volume"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1680
msgid "set hash to "
msgstr "imposta l'hash a "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1681
msgid ", set cipher to "
msgstr ", imposta il cifrario a "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1685
msgid "Argument required."
msgstr "Argomento richiesto."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1713
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Solo valori tra 1 MiB e 64 MiB sono consentiti per la dimensione del blocco di re-cifratura."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1732 src/cryptsetup_reencrypt.c:1737
+msgid "Invalid device size specification."
+msgstr "Specifica di dimensione del dispositivo non valida."
+
+#: src/cryptsetup_reencrypt.c:1740
msgid "Maximum device reduce size is 64 MiB."
msgstr "La dimensione massima di riduzione del dispositivo è 64 MiB."
-#: src/cryptsetup_reencrypt.c:1757
+#: src/cryptsetup_reencrypt.c:1743
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "La dimensione di riduzione deve essere un multiplo di 512 byte."
+
+#: src/cryptsetup_reencrypt.c:1747
msgid "Option --new must be used together with --reduce-device-size or --header."
msgstr "L'opzione --new deve essere usata con --reduce-device-size o --header."
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1751
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "L'opzione --keep-key può essere usata solo con --hash, --iter-time --pbkdf-force-iterations."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1755
msgid "Option --new cannot be used together with --decrypt."
msgstr "L'opzione --new non può essere usata con --decrypt."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1759
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "L'opzione --decrypt non è compatibile con i parametri specificati."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1763
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "L'opzione --uuid può essere usata solo con --decrypt."
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1767
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr "Tipo luks non valido. Usare uno tra: \"luks\", \"luks1\" o \"luks2\"."
-#: src/utils_tools.c:151
+#: src/utils_tools.c:150
msgid "Error reading response from terminal."
msgstr "Errore nel leggere la risposta dal terminale."
-#: src/utils_tools.c:186
+#: src/utils_tools.c:175
msgid "Command successful.\n"
msgstr "Comando eseguito con successo.\n"
-#: src/utils_tools.c:194
+#: src/utils_tools.c:183
msgid "wrong or missing parameters"
msgstr "parametri errati o mancanti"
-#: src/utils_tools.c:196
+#: src/utils_tools.c:185
msgid "no permission or bad passphrase"
msgstr "permessi mancanti o passphrase errata"
-#: src/utils_tools.c:198
+#: src/utils_tools.c:187
msgid "out of memory"
msgstr "memoria esaurita"
-#: src/utils_tools.c:200
+#: src/utils_tools.c:189
msgid "wrong device or file specified"
msgstr "dispositivo o file specificato errato"
-#: src/utils_tools.c:202
+#: src/utils_tools.c:191
msgid "device already exists or device is busy"
msgstr "il dispositivo esiste già o è occupato"
-#: src/utils_tools.c:204
+#: src/utils_tools.c:193
msgid "unknown error"
msgstr "errore sconosciuto"
-#: src/utils_tools.c:206
+#: src/utils_tools.c:195
#, c-format
msgid "Command failed with code %i (%s).\n"
msgstr "Comando non riuscito con codice %i (%s).\n"
-#: src/utils_tools.c:284
+#: src/utils_tools.c:272
#, c-format
msgid "Key slot %i created."
msgstr "Slot di chiave %i creato."
-#: src/utils_tools.c:286
+#: src/utils_tools.c:274
#, c-format
msgid "Key slot %i unlocked."
msgstr "Slot di chiave %i sbloccato."
-#: src/utils_tools.c:288
+#: src/utils_tools.c:276
#, c-format
msgid "Key slot %i removed."
msgstr "Slot di chiave %i rimosso."
-#: src/utils_tools.c:297
+#: src/utils_tools.c:285
#, c-format
msgid "Token %i created."
msgstr "Token %i creato."
-#: src/utils_tools.c:299
+#: src/utils_tools.c:287
#, c-format
msgid "Token %i removed."
msgstr "Token %i rimosso."
-#: src/utils_tools.c:465
-#, fuzzy
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Scrittura interrotta."
-
-#: src/utils_tools.c:476
+#: src/utils_tools.c:453
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr "Attenzione: il dispositivo %s contiene già una firma di partizione «%s».\n"
-#: src/utils_tools.c:484
+#: src/utils_tools.c:461
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr "Attenzione: il dispositivo %s contiene già una firma di super-blocco «%s».\n"
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_tools.c:482 src/utils_tools.c:546
msgid "Failed to initialize device signature probes."
msgstr "Inizializzazione sonde per la firma del dispositivo non riuscita."
-#: src/utils_tools.c:549
+#: src/utils_tools.c:526
#, c-format
msgid "Failed to stat device %s."
msgstr "Stat del dispositivo %s non riuscita."
-#: src/utils_tools.c:562
+#: src/utils_tools.c:539
#, c-format
msgid "Device %s is in use. Can not proceed with format operation."
msgstr "Il dispositivo %s è in uso. Impossibile procedere con l'operazione di formattazione."
-#: src/utils_tools.c:564
+#: src/utils_tools.c:541
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr "Apertura del file %s in lettura/scrittura non riuscita."
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
+#: src/utils_tools.c:561
msgid "Failed to wipe device signature."
msgstr "Pulizia della firma del dispositivo non riuscita."
-#: src/utils_tools.c:591
+#: src/utils_tools.c:568
#, c-format
msgid "Failed to probe device %s for a signature."
msgstr "Esame del dispositivo %s per una firma non riuscito."
-#: src/utils_tools.c:622
-#, fuzzy
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Lettura interrotta."
-
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:43 src/utils_password.c:75
#, c-format
msgid "Cannot check password quality: %s"
msgstr "Impossibile controllare la qualità della password: %s"
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Controllo qualità della password non riuscito: passphrase non valida (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:193 src/utils_password.c:208
msgid "Error reading passphrase from terminal."
msgstr "Errore nel leggere la passphrase dal terminale."
-#: src/utils_password.c:240
+#: src/utils_password.c:206
msgid "Verify passphrase: "
msgstr "Verifica passphrase: "
-#: src/utils_password.c:247
+#: src/utils_password.c:213
msgid "Passphrases do not match."
msgstr "Le passphrase non corrispondono."
-#: src/utils_password.c:284
+#: src/utils_password.c:250
msgid "Cannot use offset with terminal input."
msgstr "Impossibile usare l'offset con l'input da terminale."
-#: src/utils_password.c:287
+#: src/utils_password.c:253
#, c-format
msgid "Enter passphrase: "
msgstr "Inserire la passphrase: "
-#: src/utils_password.c:290
+#: src/utils_password.c:255
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Inserire la passphrase per %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:285
msgid "No key available with this passphrase."
msgstr "Nessuna chiave disponibile con questa passphrase."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
-
-#: src/utils_password.c:365
+#: src/utils_password.c:320
#, c-format
msgid "Cannot open keyfile %s for write."
msgstr "Impossibile aprire il file chiave %s per la scrittura."
-#: src/utils_password.c:372
+#: src/utils_password.c:327
#, c-format
msgid "Cannot write to keyfile %s."
msgstr "Impossibile scrivere sul file chiave %s."
msgid "Failed to write JSON file."
msgstr "Scrittura file JSON non riuscita."
-#~ msgid "Requested dmcrypt performance options are not supported."
-#~ msgstr "Le opzioni di prestazioni richieste per dmcrypt non sono supportate."
-
-#, c-format
-#~ msgid "Cannot format device %s which is still in use."
-#~ msgstr "Impossibile formattare il dispositivo %s che risulta ancora in uso."
-
-#, c-format
-#~ msgid "Key slot %d is not used."
-#~ msgstr "Lo slot di chiave %d non è utilizzato."
-
-#~ msgid "Function not available in FIPS mode."
-#~ msgstr "Funzione non disponibile in modalità FIPS."
-
-#, c-format
-#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
-#~ msgstr "Attenzione: la directory di blocco %s/%s non esiste.\n"
-
-#~ msgid "Invalid size parameters for verity device."
-#~ msgstr "Parametri della dimensione non validi per il dispositivo verity."
-
-#, c-format
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Il cifrario %s non è disponibile."
-
-#, c-format
-#~ msgid "Key slot %d selected for deletion."
-#~ msgstr "Slot di chiave %d selezionato per l'eliminazione."
-
-#~ msgid "open device as mapping <name>"
-#~ msgstr "Apre il dispositivo come mappatura in <nome>"
-
-#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
-#~ msgstr ""
-#~ "Il parametro --refresh è consentito solo col comando open o refresh.\n"
-#~ "\n"
-
-#~ msgid "Unsupported encryption sector size.\n"
-#~ msgstr "Dimensione settore di cifratura non supportata.\n"
-
-#~ msgid "close device (deactivate and remove mapping)"
-#~ msgstr "Chiude il dispositivo (disattiva e rimuove la mappatura)"
-
-#~ msgid "Integrity algorithm must be specified if integrity key is used."
-#~ msgstr "L'algoritmo di integrità deve essere specificato se viene usata la chiave di integrità."
-
-#~ msgid "Failed to set PBKDF parameters."
-#~ msgstr "Impostazione parametri PBKDF non riuscita."
-
-#~ msgid "Cannot seek to device offset.\n"
-#~ msgstr "Impossibile posizionarsi all'offset del dispositivo.\n"
-
-#~ msgid "Interrupted by a signal."
-#~ msgstr "Interrotto da un segnale."
-
#~ msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)"
#~ msgstr "Il dispositivo %s è troppo piccolo (LUKS2 richiede almeno %<PRIu64> byte)."
# Japanese messages for cryptsetup.
# Copyright (C) 2019, 2020 Free Software Foundation, Inc.
# This file is put in the public domain, to the extent permitted under applicable law.
-# Hiroshi Takekawa <sian@big.or.jp>, <sian.ht@gmail.com>, 2019, 2020, 2021
+# Hiroshi Takekawa <sian@big.or.jp>, <sian.ht@gmail.com>, 2019, 2020, 2021, 2022, 2023
#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-23 20:54+0900\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 20:52+0900\n"
"Last-Translator: Hiroshi Takekawa <sian@big.or.jp>\n"
"Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n"
"Language: ja\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "device-mapper を初期化できません、non-root で実行します。"
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "device-mapper を初期化できません。dm_mod モジュールはロードされてますか?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "指定された延期フラグはサポートされていません。"
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "デバイス %s の DM-UUID は短縮されています。"
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "不明な dm target タイプです。"
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "指定された dm-crypt パフォーマンスオプションはサポートされていません。"
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "指定された dm-verity のデータ破壊時の対応についてのオプションはサポートされていません。"
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "指定された dm-verity のタスクレットオプションはサポートされていません。"
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "指定された dm-verity の誤り訂正(FEC)オプションはサポートされていません。"
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "指定されたデータの無改ざん確認のオプションはサポートされていません。"
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "指定された sector_size オプションはサポートされていません。"
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "指定された改ざん確認タグの自動再計算はサポートされていません。"
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Discard/TRIM はサポートしていません。"
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "要求された dm-integrity のビットマップモードはサポートされていません。"
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "dm-%s のクエリーに失敗しました。"
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"ボリュームキーを生成するためのエントロピー(この文脈では乱数の乱れ度合)が足りません。\n"
"マウスを動かしたり、他のウィンドウで文字を入力したりしてみてください。\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "キー生成中 (%d%% 完了)。\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "FIPS モードで実行中。"
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "RNG(乱数生成器)初期化中に重大なエラーが発生しました。"
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "不明な RNG(乱数生成器) の質(quality)が要求されました。"
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "RNG(乱数生成器)から読み込み中にエラー。"
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "暗号向けRNG(乱数生成器)バックエンドの初期化ができません。"
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "暗号バックエンドの初期化ができません。"
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "ハッシュアルゴリズム %s がサポートされていません。"
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "鍵の処理でエラー (ハッシュ %s を使用)。"
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "デバイスタイプがわかりません。互換性のないデバイスのアクティベーションをしようとしていませんか?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "この操作は LUKS デバイスでしかサポートされていません。"
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "この操作は LUKS2 デバイスでしかサポートされていません。"
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "キースロットがいっぱいです。"
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "キースロット %d は不正です。0 から %d の間を選んでください。"
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "キースロット %d は使われています。別の番号を選んでください。"
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "デバイスサイズが論理ブロックサイズのアライメントに合いません。"
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "ヘッダが検出されましたがデバイス %s が小さすぎます。"
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "この操作はこのデバイスタイプではサポートされていません。"
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "オフラインでの再暗号化中です。中止します。"
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "メモリ上の LUKS2 メタデータのロールバックに失敗しました。"
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "デバイス %s は有効な LUKS デバイスではありません。"
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "LUKS バージョン %d はサポートされていません。"
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "デバイス %s はアクティブではありません。"
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "暗号化されたデバイス %s の元になるデバイスが消滅しました。"
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "不正な plain crypt のパラメータ。"
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "不正なキーサイズ。"
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "UUID はこの暗号タイプではサポートされていません。"
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "分離したメタデータデバイスはこの暗号タイプではサポートされていません。"
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "サポートされていない暗号化セクタサイズです。"
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "デバイスサイズが要求されたセクタサイズのアライメントに合いません。"
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "デバイスなしには LUKS 形式にフォーマットできません。"
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "要求されたデータアライメントとデータオフセットが合いません。"
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "警告: データオフセットが現在利用可能なデータの外にあります。\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "デバイス %s のヘッダを消し去れません。"
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "デバイス %s はアクティベートするのに小さすぎます。データ用のスペースがありません。\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "警告: デバイスアクティベーションが失敗しました。dm-crypt が要求された暗号セクタサイズをサポートしていません。\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "ボリュームキーは改ざん耐性拡張のため暗号には鍵長が小さすぎます。"
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "暗号 %s-%s (キーサイズ %zd ビット) は利用できません。"
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "警告: LUKS2 メタデータサイズが %<PRIu64> バイトに変更されました。\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "警告: LUKS2 キースロット領域サイズが %<PRIu64> バイトに変更されました。\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "デバイス %s のサイズが小さすぎます。"
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "デバイス %s は使用中のためフォーマットできません。"
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "デバイス %s は権限がないためフォーマットできません。"
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "デバイス %s を改ざん耐性がつくようフォーマットできません。"
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "デバイス %s をフォーマットできません。"
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "LOOPAES としてフォーマットするにはデバイスが必要です。"
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "VERITY としてフォーマットするにはデバイスが必要です。"
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "VERITY ハッシュタイプ %d はサポートしていません。"
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "サポートしていない VERITY ブロックサイズです。"
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "サポートしていない VERITY ハッシュオフセットです。"
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "サポートしていない VERITY FEC オフセットです。"
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "データ領域がハッシュ領域と重なっています。"
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "ハッシュ領域が FEC 領域と重なっています。"
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "データ領域が FEC 領域と重なっています。"
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "警告: 指定されたタグのサイズ %d バイトが %s の出力サイズと異なります (%d バイト)。\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "不明な暗号デバイスタイプ %s が指定されました。"
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "デバイス %s のパラメータはサポートしていません。"
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "デバイス %s のパラメータがミスマッチしています。"
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Crypt デバイスが一致しません。"
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "デバイス %s のリロードに失敗しました。"
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "デバイス %s のサスペンドに失敗しました。"
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "デバイス %s のリジュームに失敗しました。"
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "デバイス %s のリロード中に致命的なエラー(デバイス %s の上で)。"
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "デバイス %s を dm-error にスイッチできません。"
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "ループデバイスはリサイズできません。"
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "警告: 最大サイズが既に設定済かカーネルがリサイズをサポートしていません。\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "リサイズに失敗しました。カーネルがサポートしていません。"
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "デバイスの UUID を本当に変更してもいいですか?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "ヘッダのバックアップファイルの中味が LUKS ヘッダと互換性がありません。"
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "ボリューム %s はアクティブではありません。"
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "ボリューム %s は既に停止されています。"
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "デバイス %s の停止はサポートされていません。"
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "デバイス %s 停止中にエラー。"
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "デバイス %s は再開をサポートしていません。"
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "デバイス %s の再開中にエラー。"
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "ボリューム %s は停止されていません。"
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "ボリュームキーがボリュームに合いません。"
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "キースロットを追加できません。全てのスロットが無効でボリュームキーが渡されませんでした。"
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "新しいキースロットを交換できませんでした。"
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "キースロット %d は不正です。"
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "キースロット %d は非アクティブです。"
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "デバイスヘッダがデータ領域に重なっています。"
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "既に再暗号化中です。デバイスをアクティベートできません。"
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "再暗号化ロックを取得できません。"
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "LUKS2 の再暗号化は既に初期化されました。"
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "デバイスタイプが正しく初期化されていません。"
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "デバイス %s は既に存在します。"
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "デバイス %s を使えません。名前が不正か使用中です。"
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "正しくないボリュームキーがプレーンデバイスに指定されました。"
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "正しくないルートハッシュが verity デバイスに指定されました。"
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "ルートハッシュ署名が必要です。"
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "署名をカーネルに渡すのに必要なカーネルキーリングをカーネルがサポートしていません。"
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "キーをカーネルキーリングにロードできません。"
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "デバイス %s からの遅延削除をキャンセルできませんでした。"
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "デバイス %s は使用中です。"
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "デバイス %s は不正です。"
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "ボリュームキーのバッファが小さすぎます。"
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "LUKS2 デバイス向けのボリュームキーが取得できません。"
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "LUKS1 デバイス向けのボリュームキーが取得できません。"
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "プレーンデバイス向けのボリュームキーが取得できません。"
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "verity デバイスのルートハッシュが読み出せません。"
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "BITLK デバイス向けのボリュームキーが取得できません。"
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "FVAULT2 デバイス向けのボリュームキーが取得できません。"
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "この操作は %s 暗号化デバイスではサポートされていません。"
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "このデバイスタイプはダンプ操作をサポートしていません。"
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "データオフセットが %u バイトの倍数である必要があります。"
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "使用中のデバイス %s を変換できません。"
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "新しいボリュームキー向けのキースロット %u を確保できません。"
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "デフォルト LUKS2 キースロットパラメータを初期化できません。"
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "ダイジェストするためのキースロット %d が確保できません。"
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "キースロットを追加できません。全てのスロットが無効でボリュームキーが渡されませんでした。"
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "カーネルがカーネルキーリングをサポートしていません。"
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "キーリングからパスフレーズが読み出せません (エラー %d)。"
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "グローバル memory-hard アクセス直列化ロックが取れません。"
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "プロセス優先度を取得できません。"
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "メモリをアンロックできません。"
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "キーファイルがオープンできません。"
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "ターミナルからキーファイルを読みこめません。"
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "キーファイルを stat() できません。"
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "指定されたキーファイルオフセットにシークできません。"
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "パスフレーズ読み込み中にメモリが不足しました。"
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "パスフレーズの読み込みでエラー。"
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "読もうとしたら入力が空です。"
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "キーファイルが最大サイズを超えています。"
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "指定されたサイズのデータを読み込めません。"
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "デバイス %s は存在しないかアクセスが拒否されました。"
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "デバイス %s は互換性がありません。"
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "データデバイスのおかしな(bogus) optimal-io サイズ (%u バイト) は無視します。"
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "デバイス %s が小さすぎます。少なくとも %<PRIu64> バイト必要です。"
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "デバイス %s は使用中で使えません (既にマップされているかマウントされています)。"
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "デバイス %s が使えません、拒否されました。"
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "デバイス %s についての情報が取得できません。"
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "ループバックデバイスが使えません、非 root ユーザで実行していませんか。"
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "ループデバイスのアタッチできません (autoclear 付きのループデバイスが必要です)。"
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "指定されたオフセットはデバイス %s の実際のサイズを超えています。"
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "デバイス %s のサイズが 0 です。"
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "FIPS モードでは PBKDF2 しかサポートしていません。"
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "PBKDF ベンチマークが無効ですが繰り返し回数が設定されていません。"
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "PBKDF2 と互換性のないオプションです (ハッシュアルゴリズム %s)。"
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "互換性のない PBKDF オプションです。"
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (ディレクトリでないか存在していません)。"
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "ロックディレクトリ %s/%s がコンパイル時に指定されたパーミッションで作成されます。"
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "ロックを中止します。ロックに使うパス %s/%s が使用できません (%s はディレクトリではありません)。"
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "デバイスオフセットまで seek できません。"
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "デバイスのワイプでエラー, オフセット %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "暗号の指定は [暗号]-[モード]-[初期ベクタ] という形式であるべきです。"
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "デバイス %s に書き込めません。パーミッションがありません。"
msgid "Failed to access temporary keystore device."
msgstr "一時的なキーストアデバイスにアクセスできません。"
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "キースロットを暗号化中にI/Oエラーが発生しました。"
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "デバイス %s を開けません。"
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "キースロットを復号化中にI/Oエラーが発生しました。"
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "デバイス %s が小さすぎます。(LUKS1 は最低でも %<PRIu64> バイト必要です。)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS キースロット %u は不正です。"
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "デバイス %s は有効な LUKS デバイスではありません。"
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "要求されたヘッダバックアップファイル %s は既に存在しています。"
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "ヘッダバックアップファイル %s が作成できません。"
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "ヘッダバックアップファイル %s に書き込めません。"
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "バックアップファイルが有効な LUKS ヘッダを含んでいません。"
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "ヘッダバックアップファイル %s をオープンできません。"
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "ヘッダバックアップファイル %s を読めません。"
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "データオフセットかキーサイズがデバイスとバックアップで異なるのでリストアできません。"
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "デバイス %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "LUKS ヘッダが含まれていません。ヘッダを置き換えるとデバイスのデータを破壊する恐れがあります。"
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "LUKS ヘッダを既に含んでいます。ヘッダを置き換えると既にあるキースロットを破壊します。"
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"警告: 実デバイスのヘッダはバックアップとUUIDが異なります!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "標準的でないキーサイズなので、手動の修復が必要です。"
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "標準的でないキースロットアライメントなので、手動の修復が必要です。"
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "暗号モードを修復しました (%s -> %s)。"
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "暗号ハッシュを小文字に修復しました (%s)。"
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "要求された LUKS ハッシュ %s はサポートしていません。"
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "キースロットを修復中です。"
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "キースロット %i: オフセットを修復 (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "キースロット %i: のストライプを修復 (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "キースロット %i: パーティションの印(signature)がおかしいです。"
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "キースロット %i: ソルトを消しました。"
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "LUKS ヘッダを書きこんでいます。"
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "修復に失敗しました。"
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "要求された LUKS ハッシュ %s はサポートしていません。"
+msgid "LUKS cipher mode %s is invalid."
+msgstr "LUKS 暗号モード %s は不正です。"
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "LUKS ハッシュ %s は不正です。"
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "LUKS ヘッダに既知の不具合は検出されませんでした。"
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "デバイス %s の LUKS ヘッダを更新中にエラーが発生しました。"
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "デバイス %s の LUKS ヘッダを更新後の再読み込み中にエラーが発生しました。"
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "LUKS ヘッダのデータへのオフセットは 0 かヘッダサイズより大きくなければいけません。"
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "LUKS UUID の形式が間違っています。"
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "LUKS ヘッダを作成できません: ランダムなソルトを読み込めません。"
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "LUKS ヘッダを作成できません: ヘッダのハッシュが求められません (ハッシュには %s を使用)。"
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "キースロット %d が使用中なので、パージしてください。"
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "キースロット %d のストライプが少なすぎます。ヘッダを細工でもしましたか?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "PBKDF2 イテレーション回数がオーバーフローしました。"
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "キースロットをオープンできません (ハッシュ %s を使用)。"
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "キースロット %d は不正です。0 から %d の間を選んでください。"
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "デバイス %s をワイプできません。"
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "カーネルが loop-AES 互換マッピングをサポートしていません。"
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "キーファイル %s を読み込み中にエラー。"
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "TCRYPT パスフレーズの最大長 (%zu) を超えました。"
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "PBKDF2 ハッシュアルゴリズム %s が利用できないのでスキップします。"
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "必要なカーネル crypto インターフェースが使用できません。"
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "algif_skcipher カーネルモジュールをロードしてください。"
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "アクティベーションは %d セクタサイズではサポートしていません。"
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "カーネルが TCRYPT レガシーモードのアクティベーションをサポートしていません。"
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "TCRYPT システム暗号をパーティション %s に対してアクティベーションしました。"
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "カーネルが TCRYPT 互換のマッピングをサポートしていません。"
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "この機能は TCRYPT ヘッダの読み込みなしではサポートしません。"
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリタイプ '%u' が見つかりました。"
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "ボリュームマスターキーを解釈中に不正な文字列が見つかりました。"
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "ボリュームマスターキーを解釈中に予期しない文字列 ('%s') が見つかりました。"
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "ボリュームマスターキーを解釈中に予期しないメタデータエントリー値 '%u' が見つかりました。"
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "%s から BITLK シグネチャを読み込めませんでした。"
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "BITLK デバイスのシグネチャが不正また不明です。"
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK version 1 はサポートされていません。"
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "BITLK デバイスのブートシグネチャが不正また不明です。"
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "サポートされていないセクタサイズ %<PRIu16> です。"
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "%s から BITLK ヘッダを読み出すのに失敗しました。"
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "%s から BITLK FVE メタデータを読み込めませんでした。"
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "不明かサポートされていない暗号化タイプです。"
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "%s から BITLK メタデータエントリを読み込めませんでした。"
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "BITLKボリュームの description を変換できません。"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "外部キーを解釈中に予期しないメタデータエントリタイプ '%u' が見つかりました。"
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "BEK ファイル GUID '%s' がボリュームの GUID と一致しません。"
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "外部キーを解釈中に予期しないメタデータエントリー値 '%u' が見つかりました。"
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "サポートされていない BEK メタデータバージョン %<PRIu32> です。"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "予期しない BEK メタデータサイズ %<PRIu32> は BEK ファイルサイズと合いません"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "スタートアップキーを解釈中に予期しないメタデータエントリが見つかりました。"
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "この操作はサポートされていません。"
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "予期しないキーデータサイズです。"
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "この BITLK デバイスはサポートされてない状態にあるためアクティベートできません。"
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "タイプ '%s' の BITLK デバイスはアクティベートできません。"
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "部分的に復号された BITLK デバイスのアクティベーションはサポートされていません。"
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "警告: BitLocker ボリュームサイズ %<PRIu64> がデバイスサイズ %<PRIu64> と一致しません"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "カーネルの dm-crypt が BITLK IV をサポートしていないためデバイスをアクティベートできません。"
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "カーネルの dm-crypt が BITLK Elephant diffuser をサポートしていないためデバイスをアクティベートできません。"
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "カーネルの dm-crypt がラージセクタサイズをサポートしていないためデバイスをアクティベートできません。"
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "カーネルの dm-zero モジュールがないためデバイスをアクティベートできません。"
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Verity デバイス %s はディスク上のヘッダを使いません。"
+msgid "Could not read %u bytes of volume header."
+msgstr "ボリュームヘッダの %u バイトを読みこめませんでした。"
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "デバイス %s が有効な VERITY デバイスではありません。"
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "FVAULT2 のバージョン %<PRIu16> はサポートされていません。"
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Verity デバイス %s はディスク上のヘッダを使いません。"
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "VERITY バージョン %d はサポートされていません。"
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "VERITY ヘッダが壊れています。"
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "デバイス %s の VERITY UUID フォーマットが間違っています。"
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "デバイス %s の verity ヘッダを更新中にエラー。"
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "ルートハッシュ署名の検証はサポートしていません。"
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "FEC デバイスのエラーが修復できません。"
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "FEC デバイスに %u 個の修復可能なエラーが見つかりました。"
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "カーネルが dm-verity マッピングをサポートしていません。"
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "カーネルが dm-verity 署名オプションをサポートしていません。"
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "アクティベーションされた Verity デバイスが破損が見つかりました。"
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "ポジション %<PRIu64> にあるスペア領域が 0 埋めされていません。"
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "デバイスオフセットオーバーフロー。"
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "検証がポジション %<PRIu64> で失敗しました。"
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "ハッシュ領域がオーバーフロー。"
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "データ領域の検証に失敗しました。"
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "ルートハッシュの検証に失敗しました。"
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "ハッシュ領域を生成中に I/O エラー。"
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "ハッシュ領域の作成に失敗しました。"
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "警告: カーネルはデータブロックサイズがページサイズ (%u) を超えているとアクティベートできません。"
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "ブロック %<PRIu64> のパリティが修復できませんでした。"
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Reed-Solomon ブロック %<PRIu64> のパリティの書き込みに失敗しました。"
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "ブロックサイズが FEC と合っていません。"
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "パリティのバイト数が不正です。"
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "FEC セグメント長が不正です。"
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "デバイス %s のサイズが不明です。"
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "互換性のないカーネルの dm-integrity のメタデータ (バージョン %u) が %s に検出されました。"
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "カーネルが dm-integrity マッピングをサポートしていません。"
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "カーネルが dm-integrity 固定メタデータアラインメントをサポートしていません。"
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "カーネルが安全でない再計算オプションを拒否しました (レガジーアクティベーションオプションでオーバーライドできます)。"
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "デバイス %s の書き込みのためのロックを取得できませんでした。"
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "LUKS2 メタデータの更新の並列実行をしそうになりました。実行を中止します。"
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"デバイスのシグネチャが曖昧なので、LUKS2 の自動修復ができません。.\n"
"修復するには \"cryptsetup repair\" を実行してください。"
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "要求されたデータオフセットが小さすぎます。"
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "警告: キースロット領域 (%<PRIu64> バイト) がとても小さいため、利用可能な LUKS2 キースロット数が制限されます。\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "デバイス %s の読み込みのためのロックを取得できませんでした。"
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "禁止された LUKS2 要求がバックアップ %s に検出されました。"
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "データオフセットがデバイスとバックアップと異なるため修復できません。"
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "キースロット領域のあるバイナリヘッダのサイズがデバイスとバックアップで異なるため修復できません。"
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "デバイス %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "LUKS2 ヘッダが含まれていません。ヘッダを置き換えるとデータを破壊しかねません。"
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "既に LUKS2 ヘッダがあります。ヘッダを置き換えると既にあるキースロットを破壊します。"
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"警告: 不明な LUKS2 への要求がリアルデバイスヘッダにあります!\n"
"ヘッダをバックアップで置き換えるとデータを破壊する恐れがあります!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"警告: オフラインの再暗号化が終了していません!\n"
"ヘッダを置き換えるとデータを破壊しかねません。"
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "不明なフラグ %s を無視しました。"
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "dm-crypt セグメント %u にキーがありません"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "dm-crypt セグメントの設定に失敗しました。"
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "dm-linear セグメントの設定に失敗しました。"
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "サポートしていないデバイス整合性設定です。"
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "再暗号化が実行中なのでデバイスのデアクティベートできません。. Cannot deactivate device."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "サスペンドされたデバイス %s を dm-error ターゲットで置き換えられません。"
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "LUKS2 の必要条件を読み込めませんでした。"
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "満たせない LUKS2 の必要条件があります。"
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "操作がレガシー再暗号化とマークされたデバイスと互換性がありません。中止します。"
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "操作が LUKS2 再暗号化とマークされたデバイスと互換性がありません。中止します。"
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "キースロットをオープンするのにメモリが足りません。"
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "キースロットのオープンに失敗しました。"
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "キースロットの暗号化に %s- %s 暗号は使えません。"
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "ハッシュアルゴリズム %s が利用できません。"
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "新しいキースロット用の領域がありません。"
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "不正な再暗号化耐性モード変更を要求されました。"
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "耐性タイプを更新できません。新しいタイプは %<PRIu64> バイトしかありませんが、%<PRIu64> バイト必要です。"
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "再暗号化検証ダイジェストのリフレッシュに失敗しました。"
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "UUID が %s のデバイスの状態が確認できません。"
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "LUKSMETA メタデータ付きのヘッダは変換できません。"
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "暗号スペック %s-%s は LUKS2 に使えません。"
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "領域が足りないのでキースロット領域を動かせません。"
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "LUKS2 形式に変換できません - メタデータが不正です。"
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "LUKS2 キースロット領域が足りないのでキースロット領域を動かせません。"
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "キースロット領域を動かせません。"
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "LUKS1 形式に変換できません - デフォルトの暗号セクタサイズが 512 バイトではありません。"
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "LUKS1 形式に変換できません - キースロットのハッシュ関数が LUKS1 互換ではありません。"
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "LUKS1 形式に変換できません - ラップされたキーの暗号に %s が使われています。"
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "LUKS1 形式に変換できません - デバイスが多くのセグメントを使っています。"
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "LUKS1 形式に変換できません - LUKS2 ヘッダ %u 個のトークンを含んでいます。"
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "LUKS1 形式に変換できません - キースロット %u が不正な状態です。"
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "LUKS1 形式に変換できません - スロット %u が(最大個数を超過して)有効です。"
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "LUKS1 形式に変換できません - キースロット %u が LUKS1 と互換ではありません。"
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "ホットゾーンサイズは計算されたゾーンアライメントの倍数である必要がありす (%zu バイト)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "デバイスサイズが計算ゾーンアライメント (%zu バイト) に合っていません。"
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "弾性(resilience)モード %s はサポートしていません"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "古いセグメントのストレージラッパの初期化に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "新しいセグメントのストレージラッパの初期化に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "ホットゾーン保護の初期化に失敗しました。"
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "現在のホットゾーンのチェックサムを読み込めません。"
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "%<PRIu64> から始めるホットゾーンエリアを読み込めません。"
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "セクタ %zu を復号できません。"
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "セクタ %zu を復元できません。"
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "ソースとターゲットデバイスのサイズが一致しません。ソース %<PRIu64>, ターゲット: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "ホットゾーンデバイス %s がアクティベートできません。"
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "実際の origin table があるオーバーレイデバイス %s をアクティベートできません。"
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "デバイス %s の新しいマッピングをロードできません。"
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "再暗号化デバイススタックのリフレッシュに失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "新しいキースロットエリアサイズを設定できません。"
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "データシフト値が要求された暗号化セクタサイズにアラインされていません(%<PRIu32> バイト)。"
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "耐性(resilience)モード %s はサポートしていません"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "移動されるセグメントサイズはデータシフト値より大きくできません。"
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "不正な再暗号化耐性パラメータを要求されました。"
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "データシフトが要求された暗号化セクタサイズにアラインされていません(%<PRIu32> bytes)。"
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "移動されるセグメントが大きすぎます。要求されているサイズは %<PRIu64> ですが、使えるサイズは %<PRIu64> です。"
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "テーブルをクリアできません。"
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "小さくしたデータサイズが実際のデバイスサイズより大きいです。"
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "データデバイスが要求された暗号化セクタサイズにアラインされていません(%<PRIu32> bytes)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "データデバイスが暗号化セクタサイズにアラインされていません(%<PRIu32> バイト)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "データシフト (%<PRIu64> セクタ) が今後のデータオフセットより少ないです (%<PRIu64> セクタ)。"
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "デバイス %s を排他モードでオープンでません (既にマップされているかマウントされています)。"
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "デバイスは LUKS2 再暗号化向けにマークされていません。"
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "LUKS2 再暗号化コンテキストをロードできません。"
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "再暗号化状態を取得できません。"
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "デバイス %s は再暗号化中ではありません。"
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "既に再暗号化中です。"
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "再暗号化ロックを取得できません。"
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "再暗号化を開始できません。再暗号化のリカバリを先にしてください。"
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "実際のデバイスサイズと要求された再暗号化サイズが一致しません。"
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "再暗号化のパラメータとして不正なデバイスサイズが要求されました。"
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "既に再暗号化中です。復元を実行できません。"
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "メタデータの LUKS2 の再暗号化は既に初期化されました。"
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "メタデータの LUKS2 再暗号化に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "デバイスセグメントの次の再暗号化ホットゾーンの設定に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "再暗号化した耐性用メタデータを書き込めません。"
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "復号に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "%<PRIu64> から始まるホットゾーンエリアに書き込めません。"
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "データを sync できません。"
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "現在のホットゾーンの再暗号化完了後にメタデータが更新できません。"
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "LUKS2 メタデータが書き込めません。"
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "バックアップセグメントデータを消せません。"
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "未使用データデバイス領域を消せません。"
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "トークン %d をキースロット %d に割りあてられませんでした。"
+msgstr "未使用のキースロット %d を削除できませんでした。"
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "å\86\8dæ\9a\97å\8f·å\8c\96ã\83ã\83\83ã\82¯ã\82\92å\8f\96å¾\97できません。"
+msgstr "å\86\8dæ\9a\97å\8f·å\8c\96ã\82ã\83¼ã\82¹ã\83ã\83\83ã\83\88ã\81\8cå\89\8aé\99¤できません。"
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "%<PRIu64> から %<PRIu64> セクタのチャンクの再暗号化中に致命的なエラー。"
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "オンライン再暗号化に失敗しました。"
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "手動でエラーターゲットに置き換えた場合以外はデバイスのレジュームをしないでください。"
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "再暗号化を開始できません。予期しない再暗号化状態です。"
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "ないか不正な再暗号化コンテキストです。"
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "再暗号化デバイススタックの初期化に失敗しました。"
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "再暗号化コンテキストが更新できません。"
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "キースロット %d は不正です。"
+msgstr "再暗号化メタデータが不正です。"
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "空きトークンスロットがありません。"
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "キースロットの暗号化パラメータは LUKS2 デバイスでしか設定できません。"
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "ビルトイントークン %s が作成できません。"
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "tty 入力以外ではパスフレーズ認証できません。"
+msgid "Enter token PIN: "
+msgstr "トークンPINを入力してください: "
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "キースロットの暗号化パラメータは LUKS2 デバイスでしか設定できません。"
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "トークン %d PINを入力してください: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "未知の暗号スペックです。"
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "警告: --hash パラメータは plain モードでキーファイルが指定されていると無視されます。\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "警告: --keyfile-size オプションは無視されて、読み込みサイズは暗号鍵のサイズと同じになります。\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "%s にデバイス署名が検出されました。既にあるデータを破壊しかねません。"
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "中止されました。\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "オプション --key-file が必要です。"
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "VeraCrypt PIM を入力してください: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "不正な PIM: 解釈できません。"
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "不正 PIM の値で 0 です。"
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "不正な PIM の値: 範囲外です。"
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "このパスフレーズではデバイスヘッダが検出されませんでした。"
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "デバイス %s は有効な BITLK デバイスではありません。"
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "BITLK のボリュームキーサイズが決定できないので、--key-size を使ってください。"
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"暗号化されたパーティションにパスフレーズなしでアクセス可能にます。\n"
"このダンプは暗号化された安全な所に保存してください。"
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"ボリュームキーを使ったヘッダダンプは取り扱いに注意すべき情報で\n"
+"暗号化されたパーティションにパスフレーズなしでアクセス可能になります。\n"
+"このダンプは暗号化された安全な所に保存してください。"
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "デバイス %s は有効な FVAULT2 デバイスではありません。"
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "FVAULT2 のボリュームキーサイズが決定できないので、--key-size を使ってください。"
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "デバイス %s はまたアクティブで後から削除される予定になっています。.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "アクティブなデバイスをリサイズするにはボリュームキーがキーリングに必要ですが、--disable-keyring が指定されています。"
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "ベンチマークが中止されました。"
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s 計測値なし\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u 回/秒 (%zu ビットの鍵)\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s 計測値なし\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u 回, %5u KB使用, %1u スレッド (%zu のビットの鍵) (%u ms 計測)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "ベンチマークの結果は信頼できません。"
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# テストはストレージI/Oがなくメモリ上のもののため目安です。\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algorithm | キー | 暗号化 | 復号化\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "暗号 %s (キーサイズ %i ビット) は利用できません。"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algorithm | キー | 暗号化 | 復号化\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "計測値なし"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"保護されていない LUKS2 再暗号化メタデータが検出されました。再暗号化操作が望ましいものか確認してください。(luksDump の出力を見てください)\n"
+"そのうえで、この操作が問題ないと確認できたら継続(メタデータのアップグレード)してください。"
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "再暗号化のリカバリのためのパスフレーズを入力してください: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "再暗号化メタデータの保護とアップグレードのためのパスフレーズを入力してください: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "本当に LUKS2 再暗号化リカバリを行いますか?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "å\86\8dæ\9a\97å\8f·å\8c\96ã\81®ã\83ªã\82«ã\83\90ã\83ªã\81®ためのパスフレーズを入力してください: "
+msgstr "å\86\8dæ\9a\97å\8f·å\8c\96ã\83¡ã\82¿ã\83\87ã\83¼ã\82¿ã\83\80ã\82¤ã\82¸ã\82§ã\82¹ã\83\88ã\82\92æ¤\9c証ã\81\99ã\82\8bためのパスフレーズを入力してください: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "再暗号化のリカバリのためのパスフレーズを入力してください: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "本当に LUKS デバイスヘッダの復元を試みていいですか?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"ワイプが中断されました。"
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"整合性チェックサムの初期化のためにデバイスのデータを消去しています。\n"
"CTRL+c で中止できます (初期化されなかったデバイスのチェックサムは正しくなくなります)。\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "一時的デバイス %s を非アクティブにできません。"
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "整合性オプションは LUKS2 形式でしか使えません。"
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "サポートされていない LUKS2 メタデータのサイズオプションです。"
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "ヘッダファイルがありません。作成しますか?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "ヘッダファイル %s を作成できません。"
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "サポートしている整合性確認方式が検出されませんでした。"
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "%s を on-disk ヘッダとして使えません。"
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "%s のデータを上書きします。戻せません。"
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "pbkdf パラメータを設定できません。"
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "分離された LUKS ヘッダでのみ少ないデータオフセットが使えます。"
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "LUKS ファイルコンテナ %s がアクティベートするには小さすぎます。データ用の領域に空きがありません。"
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "キースロットのない LUKS のボリュームキーサイズが決定できないので、--key-size を使ってください。"
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "デバイスはアクティベートされましたが、フラグを恒常的なものにできません。"
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "キースロット %d は削除対象として選択されました。"
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "これは最後のキースロットです。このキーがなくなるとデバイスは使用不能になります。"
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "残っているパスフレーズを入力してください: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "操作は中止されました。キースロットは消去されていません。\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "削除するキーのパスフレーズを入力してください: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "デバイス %s は有効な LUKS2 デバイスではありません。"
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "キースロットの新しいパスフレーズを入力してください: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "警告: --key-slot パラメータは新しいキースロット番号に使われます。\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "有効なパスフレーズをどれか入力してください: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "変更するキーのパスフレーズを入力してください: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "新しいキーのパスフレーズを入力してください: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "変換されるキースロットのパスフレーズを入力してください: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "isLuks は一つのデバイス引数しかサポートしていません。"
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"ボリュームキーを使ったヘッダダンプは取り扱いに注意すべき情報で\n"
-"暗号化されたパーティションにパスフレーズなしでアクセス可能になります。\n"
-"このダンプは暗号化された安全な所に保存してください。"
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "キースロット %d は unbound キーを含んでいません。"
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"unbound キーを使ったヘッダダンプは取り扱いに注意すべき情報です。\n"
"このダンプは暗号化された安全な所に保存してください。"
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s はアクティブな %s デバイスではありません。"
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s はアクティブな LUKS デバイス名ではないか、ヘッダがありません。"
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "オプション --header-backup-file が必要です。"
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s は cryptsetup で管理されているデバイスではありません。"
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "リフレッシュはデバイスタイプ %s ではサポートされていません。"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "%s は認識できないメタデータデータタイプです。"
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "コマンドはデバイスとマップされた名前を引数として必要とします。"
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"この処理はデバイス %s の全てのキースロットを消去します。\n"
"デバイスのデータは使用できなくなります。"
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "処理は中止されました。キースロットは消去されません。\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "不正な LUKS タイプです。luks1 と luks2 しかサポートしていません。"
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "デバイスは既にタイプ %s です。"
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "この処理は %s から %s フォーマットに変換します。\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "処理は中止されました。デバイスは変換されませんでした。\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "オプション --priority, --label か --subsystem がありません。"
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "トークン %d は不正です。"
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "トークン %d は使用中です。"
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "luks2-キーリングトークン %d を追加できませんでした。"
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "トークン %d をキースロット %d に割りあてられませんでした。"
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "トークン %d は使われていません。"
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "ファイルからトークンをインポートできません。"
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "トークン %d をエクスポートのために取得できませんでした。"
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "--key-description はトークン追加には必須です。"
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "トークンを必要としています。--token-id を使用してください。"
-
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "%s は不正なトークン処理です。"
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "トークン %d をキースロット %d に割りあてられませんでした。"
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "ã\83\87ã\83¼ã\82¿ã\83\87ã\83\90ã\82¤ã\82¹ %2s ã\81®ã\82¢ã\82¯ã\83\86ã\82£ã\83\96ã\81ª dm ã\83\87ã\83\90ã\82¤ã\82¹ '%1s'ã\82\92è\87ªå\8b\95æ¤\9cå\87ºã\81\97ã\81¾ã\81\97ã\81\9fã\80\82\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "ã\83\88ã\83¼ã\82¯ã\83³ %d ã\82\92ã\82ã\83¼ã\82¹ã\83ã\83\83ã\83\88 %d ã\81®å\89²ã\82\8aå½\93ã\81¦ã\81\8bã\82\89解é\99¤ã\81§ã\81\8dã\81¾ã\81\9bã\82\93ã\81§ã\81\97ã\81\9fã\80\82"
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "デバイス %s は有効なブロックデバイスではありません。\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "--tcrypt-hidden と --tcrypt-system と --tcrypt-backup は TCRYPT デバイスしか使えません。"
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "デバイス %s のホルダ(holders)を自動検出できません。"
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "--veracrypt や --disable-veracrypt は TCRYPT デバイスでしか使えません。"
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"デバイス %s がアクティベートされているかどうか判断できません。\n"
-"オフラインでの再暗号化を進めていいですか?\n"
-"アクティベートされていたらデータが破壊されるかもしれません。\n"
-"再暗号化をオンラインで行う場合は --active-name を代わりに使ってください。\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "--veracrypt-pim は VeraCrypt 互換デバイスにしか使えません。"
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "LUKS デバイスタイプが不正です。"
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "--veracrypt-query-pim は VeraCrypt 互換デバイスにしか使えません。"
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "データデバイスサイズの縮小(--reduce-device-size)なしに分離ヘッダ(--header)による暗号化はできません。"
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "--veracrypt-pim と --veracrypt-query-pim はどちらかしか使えません。"
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "要求されたデータオフセットは --reduce-device-size パラメータの半分以下である必要があります。"
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "--persistent は --test-passphrase と一緒には使えません。"
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "--reduce-device-size の値を --offset %<PRIu64> (セクタ) の倍にします。\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "--refresh と --test-passphrase は同時には使えません。"
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "暗号化は LUKS2 形式でしか使えません。"
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "--shared は plain デバイスの open にしか使えません。"
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "LUKS デバイスが %s に検出されました。もう一度 LUKS デバイスを暗号化したいのですか?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "--skip は plain か loopaes デバイスの open にしか使えません。"
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "テンポラリヘッダファイル %s は既に存在しているので、中止します。"
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "--offset は plain か loopaes デバイスの open にしか使えません。"
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "テンポラリヘッダファイル %s を作成できません。"
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "--tcrypt-hidden は --allow-discards と一緒に使えません。"
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s がアクティブでオンライン暗号化可能です。\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "オープン時のセクタサイズオプションは plain デバイスでしかサポートされていません。"
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "LUKS2 復号は detached ヘッダデバイスしかサポートしていません。"
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "大きな IV セクタオプションは plain タイプでセクタサイズが 512 バイトより大きいものをオープンする時しかサポートしていません。"
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "再暗号化に必要な空きキースロットがありません。"
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "--test-passphrase は LUKS か TCRYPT か BITLK か FVAULT2 デバイスの open にしか使えません。."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "キーファイルは --key-slot と使うか、1 つのキースロットだけアクティブの時にしか使えません。"
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "--device-size と --size は一緒に使えません。"
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "キースロット %d のパスフレーズを入力してください: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "オプション --unbound は luks デバイスの open にしか使えません。"
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "キースロット %u のパスフレーズを入力してください: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "オプション --unbound は --test-passphrase がないと使えません。"
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "データの暗号化用の暗号アルゴリズムを %s にします。\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "オプション --cancel-deferred と --deferred は同時に使えません。"
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "ã\82³ã\83\9eã\83³ã\83\89ã\81¯ã\83\87ã\83\90ã\82¤ã\82¹ã\82\92å¼\95æ\95°ã\81¨ã\81\97ã\81¦å¿\85è¦\81ã\81¨ã\81\97ã\81¾ã\81\99。"
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "ã\82ªã\83\97ã\82·ã\83§ã\83³ --reduce-device-size ã\81¨ --data-size ã\81¯ä¸\80ç·\92ã\81«ä½¿ã\81\88ã\81¾ã\81\9bã\82\93。"
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "現在 LUKS2 形式しかサポートされていません。LUKS1 には cryptsetup-reencrypt を使ってください。"
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "オプション --active-nameは LUKS2 デバイスでしか設定できません。"
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "古いオフライン再暗号化が実行中です。cryptsetup-reencrypt を使ってください。"
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "オプション --active-name と --force-offline-reencrypt は一緒に使えません。"
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "整合性プロファイルつきのデバイスの再暗号化はサポートされていません。"
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "キースロットの指定が必要です。"
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "LUKS2 再暗号化が既に初期化済なので操作を中止します。"
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "--align-payload と --offset は一緒に使えません。"
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "LUKS2 デバイスは再暗号化中ではありません。"
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "--integrity-no-wipe は format で integrity extension 付きの時しか使えません。"
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<デバイス> [--type <タイプ>] [<名前>]"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "--use-[u]random は一つしか使えません。"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "デバイスを <名前> としてオープン"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "--unbound にはキーサイズが必要です。"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<名前>"
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "不正なトークンアクションです。"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr "デバイスをクローズします (マッピングを削除します)"
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "--key-description はトークン追加には必須です。"
-#: src/cryptsetup.c:3504
-msgid "resize active device"
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "トークンを必要としています。--token-id を使用してください。"
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "オプション --unbound はトークンの追加にしか使えません。"
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "--key-slot と --unbound は一緒に使えません。"
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "特定のキースロットを必要としています。--key-slot を使用してください。"
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<デバイス> [--type <タイプ>] [<名前>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "デバイスを <名前> としてオープン"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<名前>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
+msgid "close device (remove mapping)"
+msgstr "デバイスをクローズします (マッピングを削除します)"
+
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
+msgid "resize active device"
msgstr "アクティブデバイスをリサイズ"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "デバイスステータスを表示"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <暗号>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "暗号ベンチマーク"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<デバイス>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "on-disk メタデータを修復しようとしています"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "LUKS2 デバイスを再暗号化"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "全てのキースロットを消去します (暗号鍵も削除します)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "LUKS2 から LUKS もしくは LUKS から LUKS2 形式に変換します"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "LUKS2 の permanent configuration オプションを設定します"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<デバイス> [<新しいキーファイル>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "LUKS デバイスをフォーマットします"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "LUKS デバイスにキーを追加します"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<デバイス> [<キーファイル>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "与えられたキーかキーファイルを LUKS デバイスから削除します。"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "与えられた LUKS デバイスのキーかキーファイルを変更します"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "キーを新しい pbkdf パラメータに変換します"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<デバイス> <キースロット>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "<キースロット>のキーを LUKS デバイスから削除します"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "LUKS デバイスの UUID を表示"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "<デバイス> の LUKS パーティションヘッダをテストします"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "LUKS パーティション情報をダンプします"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "TCRYPT デバイス情報をダンプします"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "BITLK デバイス情報をダンプします"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "FVAULT2 デバイス情報をダンプします"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "LUKS デバイスを停止してキーを削除します (全てのI/Oは停止します)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "停止していた LUKS デバイスを再開します"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "LUKS デバイスヘッダとキースロットをバックアップします"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "LUKS デバイスヘッダとキースロットをリストアします"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <デバイス>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "LUKS2 トークンを操作します"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<action> は以下のうちの一つです:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"古い <アクション> という形式も使えます:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<キースロット> は変更する LUKS キースロット番号\n"
"<キーファイル> は luskAddKey でオプションで与えられる新しいキーのキーファイル\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"デフォルトのコンパイル時に決められたメタデータ形式は %s です(luksFormat で使われます)。\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"LUKS2 外部トークンプラグインサポート: %s\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "本体に内蔵"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "LUKS2 外部トークンプラグインパス: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "利用不可"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"デフォルト LUKS2 向け PBKDF: %s\n"
"\t繰り返す時間: %d, 使うメモリ: %dkB, 並列スレッド: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, キー: %d ビット, パスワードハッシュ: %s\n"
"\tLUKS: %s, キー: %d ビット, LUKS ヘッダハッシュ: %s, 乱数生成: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: XTS モードのデフォルトキーサイズは (2つの内部キーがあるため) 倍になります。\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: は %s を引数で与える必要があります"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "キースロットは不正です。"
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "デバイスサイズは 512 バイトセクタの倍数である必要があります。"
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "再暗号化ホットゾーン最大サイズの指定が不正です。"
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "キーサイズは 8bit の倍数でなければなりません"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "デバイスを減らせる最大値は 1 GiB です。"
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "減らすサイズは 512 バイトセクタの倍数である必要があります。"
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "--priority の引数は ignore/normal/prefer のいずれかのみです。"
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "このヘルプを表示します"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "コンパクトな使用法表示をします"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "パッケージのバージョンを表示"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "ヘルプオプション:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "より詳細なエラーメッセージを表示"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "デバッグメッセージを表示"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "JSON メタデータを含むデバッグメッセージを表示"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "ディスクを暗号化するのに用いられる暗号 (/proc/crypto を参照のこと)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "パスフレーズから暗号鍵を作るのに使われるハッシュ"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "パスフレーズは2回入力してもらって検証します"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "ファイルからキーを読む"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "ボリューム(マスター)キーをファイルから読む。"
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "ボリューム(マスター)キーをキースロット情報の代わりにダンプします"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "暗号鍵のサイズ"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "ビット"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "キーファイルから読み込みの制限"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "バイト"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "キーファイルでスキップするバイト数"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "新しく追加するキーファイルの読み込みの制限"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "新しく追加するキーファイルでスキップするバイト数"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "新しいキーのスロット番号 (デフォルトは最初の空き)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "デバイスのサイズ"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "セクタ"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "指定されたデバイスサイズ分だけ使います (デバイスの残りは無視します). 危険!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "バックエンドデバイスの開始オフセット"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "最初の暗号化データのセクタを何セクタスキップするか"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "読み込み専用のマッピングを作成"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "確認をしません"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "パスフレーズの対話的入力のタイムアウト (秒単位)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "秒"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "進捗線の更新(秒単位)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "パスフレーズの再試行の回数"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "luksFormat 向けにペイロードを <n> セクタ境界に合わせます"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "LUKS ヘッダとキースロットバックアップのファイル"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "ボリュームキーの生成に /dev/random を使います"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "ボリュームキーの生成に /dev/urandom (擬似乱数)を使います"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "オーバーラップしない暗号セグメントのあるデバイスと共有します"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "使用するデバイスの UUID"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "デバイスに discards (TRIM) 処理を許可します"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "デバイスかファイルにある分離された LUKS ヘッダ"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "デバイスをアクティベートせず、パスフレーズだけ確認する"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "隠されたヘッダを使う (隠された TCRYPT デバイス)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "デバイスはシステム TCRYPT ドライブ (ブートローダの対応が必要)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "バックアップ (セカンダリ) TCRYPT ヘッダを使います"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "VeraCrypt 互換デバイスも探します"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "VeraCrypt 互換デバイス向けの Personal Iteration Multiplier"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "VeraCrypt互換デバイス向けの Query Personal Iteration Multiplier"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "デバイスメタデータのタイプ: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "パスワードの質の確認を無効にする (もし有効なら)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "dm-crypt の same_cpu_crypt performance compatibility オプションを使う"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "dm-crypt の submit_from_crypt_cpus performance compatibility オプションを使う"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "dm-crypt の workqueue をバイパスし読み込み要求を同期処理する"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "dm-crypt の workqueue をバイパスし書き込み要求を同期処理する"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "デバイスの削除はデバイス上のリソースを使う人がいなくなるまで遅延されます"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "OOM Killer を回避するために PBKDF メモリのシリアライズにグローバルロックを使います"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "LUKS 向けの PBKDF の繰り返し時間 (ms単位)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ミリ秒"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "LUKS2 向けの PBKDF アルゴリズム: argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "PBKDF メモリコスト制限"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "キロバイト"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "PBKDF 並列コスト"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "スレッド"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "PBKDF 繰り返しコスト (強制する, ベンチマークしない)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "キースロット優先度: ignore, normal, prefer"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "ディスク上のメタデータのロックをしない"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "ボリュームキーの読み込みをカーネルキーリング経由で行わない"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "データ改ざん検出アルゴリズム (LUKS2 のみ)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "データ改ざん検出が有効なデバイスのジャーナリングを禁止します"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "フォーマット後にデバイスのデータを消去しない"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "非効率的なレガシーパディングを使う (古いカーネル)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "トークンによるアクティベーションが失敗したらパスフレーズを入力させません"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "トークンナンバー (デフォルト: 任意)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "キーデスクリプション"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "暗号化セクタサイズ (デフォルト: 512 バイト)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "セクタサイズ (512バイトとは限らない) のIVを使う"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "デバイスのアクティベーションフラグを持続的にします"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "LUKS2 デバイスのラベルを設定"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "LUKS2 デバイスにサブシステムレベルを設定します"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "unbound (データセグメントが割り当てられていない) LUKS2 キースロットを作成またはダンプ"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "json をファイルに読み書きする"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "LUKS2 ヘッダメタデータ領域サイズ"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "LUKS2 ヘッダキースロット領域サイズ"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "デバイスを新しいパラメータデリフレッシュ(再アクティベート)する"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "LUKS2 キースロット: 暗号鍵のサイズ"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "LUKS2 キースロット: キースロットの暗号化に使う暗号"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "LUKS2 デバイスを暗号化 (in-place で暗号化)"
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "LUKS2 デバイスを復号 (つまり暗号化をやめる)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "LUKS2 再暗号化をメタデータだけ初期化。"
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "初期化済 LUKS2 再暗号化だけ再開。"
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "データデバイスサイズを減らす (データオフセットを移動する). 危険!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "最大再暗号化ホットゾーンサイズ"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "再暗号化ホットゾーン弾性(resilience)タイプe (checksum,journal,none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "再暗号化ホットゾーンチェックサムハッシュ"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "再暗号化する dm デバイスの自動検出を上書きする"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[オプション...] <アクション> <アクション特有>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "<アクション> がありません。"
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "未知のアクションです。"
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "--refresh と --test-passphrase は同時には使えません。"
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "--deferred は close でしか使えません。"
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "--shared は plain デバイスの open にしか使えません。"
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "--allow-discards は open でしか使えません。"
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "--persistent は open でしか使えません。"
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "--serialize-memory-hard-pbkdf は open でしか使えません。"
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "--persistent は --test-passphrase と一緒には使えません。"
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"--key-size は luksFormat か luksAddKey で --unbound をつけた場合か、\n"
-"open, benchmark の時しか使えません。キーファイルについて制限をつけたい場合は --keyfile-size=(バイト) を使ってください。"
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "--integrity は luksFormat (LUKS2) でしか使えません。"
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "--integrity-no-wipe は format で integrity extension 付きの時しか使えません。"
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "--label と --subsystem は luksFormat で config LUKS2 operations にしか使えません。"
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "--test-passphrase は LUKS か TCRYPT か BITLK デバイスの open にしか使えません。."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "キーサイズは 8bit の倍数でなければなりません"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "キースロットは不正です。"
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "--key-file は他で指定されたキーファイルを上書きします。"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "オプションに負の数を与えられません。"
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "--key-file は一つしか使えません。"
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "--use-[u]random は一つしか使えません。"
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "--use-[u]random は luksFormat にしか使えません。"
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "--uuid は luksFormat か luksUUID でしか使えません。"
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "--align-payload は luksFormat でしか使えません。"
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "--luks2-metadata-size と --opt-luks2-keyslots-size は LUKS2 で luksFormat でしか使えません。"
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "不正なLUKS2 メタデータサイズです。"
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "不正な LUKS2 キースロットサイズです。"
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "--align-payload と --offset は一緒に使えません。"
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "--skip は plain か loopaes デバイスの open にしか使えません。"
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "--offset は plain か loopaes デバイスの open、luksFormat と再暗号化にしか使えません。"
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "--tcrypt-hidden と --tcrypt-system と --tcrypt-backup は TCRYPT デバイスしか使えません。"
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "--tcrypt-hidden は --allow-discards と一緒に使えません。"
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "--veracrypt は TCRYPT デバイスでしか使えません。"
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "--veracrypt-pim の引数が不正です。"
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "--veracrypt-pim は VeraCrypt 互換デバイスにしか使えません。"
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "--veracrypt-query-pim は VeraCrypt 互換デバイスにしか使えません。"
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "--veracrypt-pim と --veracrypt-query-pim はどちらかしか使えません。"
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "--priority の引数は ignore/normal/prefer のいずれかのみです。"
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "キースロットの指定が必要です。"
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "パスワードからキーを作る関数 (PBKDF) は pbkdf2 argon2i argon2id のいずれかのみです。"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "PBKDF の繰り返し回数の強制と繰り返し時間指定オプションは共存できません。"
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "このコマンドでセクタサイズオプションはサポートされていません。"
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "大きな IV セクタオプションは plain タイプでセクタサイズが 512 バイトより大きいものをオープンする時しかサポートしていません。"
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "--unbound にはキーサイズが必要です。"
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "--unbound は luksAddKey か luksDump でしか使えません。"
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "--keyslot-cipher と --keyslot-key-size は同時に使う必要があります。"
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "--refresh は open でしか使えません。"
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "--test-args オプションつきだったため、何もしません。\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "メタデータロックを禁止できません。"
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "再暗号化ホットゾーン最大サイズの指定が不正です。"
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "デバイスサイズの指定が不正です。"
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "デバイスを減らせる最大値は 1 GiB です。"
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "減らすサイズは 512 バイトセクタの倍数である必要があります。"
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "データサイズの指定が不正です。"
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "減らすサイズのオーバーフロー。"
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "LUKS2 復号には --header が必要です。"
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "デバイスサイズは 512 バイトセクタの倍数である必要があります。"
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "--reduce-device-size と --data-size は一緒に使えません。"
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "--device-size と --size は一緒に使えません。"
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "--keyslot-cipher と --keyslot-key-size は同時に使う必要があります。"
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "不正なソルト文字列が指定されました。"
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "ハッシュイメージ %s を書けるように作成できませんでした。"
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "FEC イメージ %s を書けるように作成できませんでした。"
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "ルートハッシュファイル %s を書けるように作成できませんでした。"
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "ルートハッシュファイル %s に書き込めません。"
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "デバイス %s が有効な VERITY デバイスではありません。"
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "ルートハッシュファイル %s を読み込めません。"
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "不正なルートハッシュファイル %s です。"
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "不正なルートハッシュ文字列が指定されました。"
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "署名ファイル %s が不正です。"
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "署名ファイル %s を読み込めませんでした。"
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "コマンドは <root_hash> か --root-hash-file オプションを引数として必要とします。"
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<データデバイス> <ハッシュデバイス>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "デバイスをフォーマット"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<データデバイス> <ハッシュデバイス> <ルートハッシュ>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<データデバイス> <ハッシュデバイス> [<ルートハッシュ>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "デバイスを検証"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<データデバイス> <名前> <ハッシュデバイス> <ルートハッシュ>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<データデバイス> <名前> <ハッシュデバイス> [<ルートハッシュ>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "アクティブデバイスのステータスを表示"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<ハッシュデバイス>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "ディスク上の情報を表示"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<ハッシュデバイス> は検証用データが入るデバイス\n"
"<ルートハッシュ> は <ハッシュデバイス> のルートノードのハッシュ\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"コンパイル時に決めた dm-verity のデフォルトパラメータ:\n"
"\tハッシュ: %s, データブロック (バイト): %u, ハッシュブロック (バイト): %u, ソルトサイズ: %u, ハッシュフォーマット: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "verity スーパーブロックを使いません"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "フォーマットタイプ (1 - ノーマル, 0 - Chrome OS 形式)"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "--ignore-corruption と --restart-on-corruption は同時に使えません。"
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "数字"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "--panic-on-corruption と --restart-on-corruption は同時に使えません。"
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "データデバイスのブロックサイズ"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"%s と %s のデータを復元不能な形で上書きします。\n"
+"データデバイスを保持するにはオプション --no-wipe を使ってください (その後、--integrity-recalculate を付けてアクティベートしてください)。"
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "ハッシュデバイスのブロックサイズ"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "タグサイズ %u、内部整合性は %s でフォーマットされました。\n"
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "FEC パリティバイト"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "再計算フラグの設定はサポートされていません。代わりに --wipe を使うことを検討してください。"
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "データファイルのブロック数"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "デバイス %s が有効な INTEGRITY デバイスではありません。"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "ブロック"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<整合性デバイス>"
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "誤り訂正用データが格納されるデバイスのパス"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<整合性デバイス> <名前>"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "パス"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<名前> は %s に作られるデバイス\n"
+"<整合性デバイス> は整合性タグを格納するデバイス\n"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "ハッシュデバイスの開始オフセット"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"コンパイル時に決められたデフォルトの dm-integrity のパラメータ:\n"
+"\tチェックサムアルゴリズム: %s\n"
+" 最大キーファイルサイズ: %dkB\n"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "FEC デバイスの開始オフセット"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "不正な --%s サイズです。最大は %u バイトです。"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "ã\83\8fã\83\83ã\82·ã\83¥ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 "
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "ã\82ã\83¼ã\83\95ã\82¡ã\82¤ã\83«ã\81¨ã\82ã\83¼ã\82µã\82¤ã\82ºã\81®ä¸¡æ\96¹ã\81®æ\8c\87å®\9aã\81\8cå¿\85è¦\81ã\81§ã\81\99ã\80\82"
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "文字列"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "ジャーナル整合性キーファイルとキーサイズの両方の指定が必要です。"
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "ã\82½ã\83«ã\83\88"
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«æ\95´å\90\88æ\80§ã\82ã\83¼ã\82\92使ã\81\86å ´å\90\88ã\81¯ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 ã\81®æ\8c\87å®\9aã\81\8cå¿\85è¦\81ã\81§ã\81\99ã\80\82"
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "16進数文字列"
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "ジャーナル暗号キーファイルとキーサイズの両方の指定が必要です。"
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "ã\83«ã\83¼ã\83\88ã\83\8fã\83\83ã\82·ã\83¥ç½²å\90\8dã\83\95ã\82¡ã\82¤ã\83«ã\81®ã\83\91ã\82¹"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«æ\9a\97å\8f·ã\82ã\83¼ã\82\92使ã\81\86å ´å\90\88ã\81¯ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 ã\81®æ\8c\87å®\9aã\81\8cå¿\85è¦\81ã\81§ã\81\99ã\80\82"
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "破損が検出されたらカーネルを再起動する"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "リカバリと bitmap モードオプションは同時には使えません。"
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "ジャーナルオプションは bitmap モードでは使えません。"
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "破損が検出されたらカーネルパニックさせる"
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "bitmap オプションは bitmap モードでしか使えません。"
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "破損はログするだけで再起動まではしない"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"警告!!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"よろしいですか? ('yes' を大文字で入力してください): "
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "0 埋めされたブロックは検証しない"
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "端末から応答を読み込み中にエラー。"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "最初に読む時一度だけデータブロックを検証する"
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "コマンド成功。"
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "--ignore-corruption, --restart-on-corruption, --ignore-zero-blocks は open 時にか使えません。"
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "パラメータが間違っているか指定されていません"
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "--root-hash-signature は open でしか使えません。"
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "権限がないかパスフレーズが間違っています"
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "--ignore-corruption と --restart-on-corruption は同時に使えません。"
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "メモリ不足"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "--panic-on-corruption と --restart-on-corruption は同時に使えません。"
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "間違ったデバイスかファイルが指定されました"
-#: src/integritysetup.c:85
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "デバイスが既にあるかビジーです"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "不明なエラー"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "コマンド失敗:コード %i (%s)"
+
+#: src/utils_tools.c:256
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "不正なキーサイズです。最大は %u バイトです。"
+msgid "Key slot %i created."
+msgstr "キースロット %i が作成されました。"
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "キースロット %i がアンロックされました。"
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "キースロット %i が削除されました。"
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "トークン %i が作成されました。"
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "トークン %i が削除されました。"
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "この PIN でアンロックできるトークンがありません。"
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "トークン %i は PIN が必要です。"
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "トークン (タイプ %s) は PIN が必要です。"
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "トークン %i では割り当てられたキースロットをアンロックできません (間違ったキースロットパスフレーズ)。"
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "トークン (タイプ %s) では割り当てられたキースロットをアンロックできません (間違ったキースロットパスフレーズ)。"
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "トークン %i は追加のリソースが必要です。"
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "トークン (タイプ %s) は追加のリソースが必要です。"
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "使用可能なトークン (タイプ %s) がありません。"
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "使用可能なトークンがありません。"
+
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "キーファイル %s を読みこめませんでした。"
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/utils_tools.c:398
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "%d バイトをキーファイル %s から読みこめませんでした。"
-#: src/integritysetup.c:266
+#: src/utils_tools.c:423
#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "ã\82¿ã\82°ã\82µã\82¤ã\82º %uã\80\81å\86\85é\83¨æ\95´å\90\88æ\80§ã\81¯ %s ã\81§ã\83\95ã\82©ã\83¼ã\83\9eã\83\83ã\83\88ã\81\95ã\82\8cã\81¾ã\81\97ã\81\9fã\80\82\n"
+msgid "Cannot open keyfile %s for write."
+msgstr "ã\82ã\83¼ã\83\95ã\82¡ã\82¤ã\83« %s ã\82\92æ\9b¸ã\81\8dè¾¼ã\81¿ç\94¨ã\81«ã\82ªã\83¼ã\83\97ã\83³ã\81§ã\81\8dã\81¾ã\81\9bã\82\93ã\80\82"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<整合性デバイス>"
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "キーファイル %s に書き込めません。"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<整合性デバイス> <名前>"
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>分%02<PRIu64>秒"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>時間%02<PRIu64>分%02<PRIu64>秒"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> 日"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s 書き込み済"
-#: src/integritysetup.c:515
+#: src/utils_progress.c:109 src/utils_progress.c:142
#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "速度 %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "進捗: %5.1f%%, 残り時間 %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "終了。所要時間 %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "パスワードの質を確認できません: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"パスワードの質の確認に失敗:\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "パスワードの質が確認できません: 質の悪いパスフレーズ (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "端末からパスフレーズを読み込めません。"
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "同じパスフレーズを入力してください: "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "パスフレーズが一致しません。"
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "端末からの入力でオフセットは使用できません。"
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "パスフレーズを入力してください: "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "%s のパスフレーズを入力してください: "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "このパスフレーズで使用可能なキーはありません。"
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "使用可能なキースロットがありません。"
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "tty 入力以外ではパスフレーズ認証できません。"
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "ファイル %s を読み込み専用モードでオープンできません。"
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "妥当な LUKS2 トークンを JSON で与えてください:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "JSON ファイルを読み込めません。"
+
+#: src/utils_luks.c:207
msgid ""
"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
+"Read interrupted."
msgstr ""
"\n"
-"<名前> は %s に作られるデバイス\n"
-"<整合性デバイス> は整合性タグを格納するデバイス\n"
+"読み込みが中断されました。"
-#: src/integritysetup.c:520
+#: src/utils_luks.c:248
#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "ファイル %s を書き込みモードでオープンできません。"
+
+#: src/utils_luks.c:257
msgid ""
"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
+"Write interrupted."
msgstr ""
"\n"
-"コンパイル時に決められたデフォルトの dm-integrity のパラメータ:\n"
-"\tチェックサムアルゴリズム: %s\n"
-" 最大キーファイルサイズ: %dkB\n"
+"書き込みが中断されました。"
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "JSON ファイルに書き込めません。"
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "データデバイス %2s のアクティブな dm デバイス '%1s'を自動検出しました。\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "デバイス %s のホルダ(holders)を自動検出できません。"
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "デバイス %s は有効なブロックデバイスではありません。\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"デバイス %s がアクティベートされているかどうか判断できません。\n"
+"オフラインでの再暗号化を進めていいですか?\n"
+"アクティベートされていたらデータが破壊されるかもしれません。\n"
+"再暗号化をオンラインで行う場合は --active-name を代わりに使ってください。\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"デバイス %s はブロックデバイスではありません。アクティブであろうとなかろうと自動検出できません。\n"
+"このチェックをバイパスしてオフラインモードで動作するには --force-offline-reencrypt を使ってください。(ただし危険です!)。"
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "要求された --resilience オプションは現在の再暗号化処理に適用できません。"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "ã\83\87ã\83¼ã\82¿ã\83\87ã\83\90ã\82¤ã\82¹ã\81®ã\83\91ã\82¹ (å\88\86é\9b¢ã\81\95ã\82\8cã\81¦ã\81\84ã\82\8bå ´å\90\88)"
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "ã\83\87ã\83\90ã\82¤ã\82¹ã\81¯ LUKS2 æ\9a\97å\8f·å\8c\96ç\8a¶æ\85\8bã\81«ã\81\82ã\82\8aã\81¾ã\81\9bã\82\93ã\80\82ã\82ªã\83\97ã\82·ã\83§ã\83³ --encrypt ã\81¨ç«¶å\90\88ã\81\97ã\81¾ã\81\99ã\80\82"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "ジャーナルサイズ"
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "デバイスは LUKS2 復号状態にありません。オプション --decrypt と競合します。"
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "デバイスはデータシフト耐性を使った再暗号化状態にあります。--resilience オプションは適用できません。"
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "デバイスは再暗号化リカバリが必要です。先に修復してください。"
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "デバイス %s は既に LUKS2 再暗号化状態にあります。以前に初期化された処理に復帰しますか?"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "インターリーブするセクタ数"
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "古い LUKS2 再暗号化はサポートされなくなりました。"
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "整合性プロファイルつきのデバイスの再暗号化はサポートされていません。"
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"要求された --sector-size %<PRIu32> は %s superblock\n"
+"(ブロックサイズ: %<PRIu32> バイト、デバイス %s)と互換性がありません。"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«ã\82\92ã\83\95ã\83©ã\83\83ã\82·ã\83¥ã\81\99ã\82\8bé\96¾å\80¤"
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "ã\83\87ã\83¼ã\82¿ã\83\87ã\83\90ã\82¤ã\82¹ã\82µã\82¤ã\82ºã\81®ç¸®å°\8f(--reduce-device-size)ã\81ªã\81\97ã\81«å\88\86é\9b¢ã\83\98ã\83\83ã\83\80(--header)ã\81«ã\82\88ã\82\8bæ\9a\97å\8f·å\8c\96ã\81¯ã\81§ã\81\8dã\81¾ã\81\9bã\82\93ã\80\82"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "パーセント"
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "要求されたデータオフセットは --reduce-device-size パラメータの半分以下である必要があります。"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "ジャーナルがコミットされるまでの時間"
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "--reduce-device-size の値を --offset %<PRIu64> (セクタ) の倍にします。\n"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ミリ秒"
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "テンポラリヘッダファイル %s は既に存在しているので、中止します。"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "ビットあたりの 512 バイトセクタ (bitmap モード)。"
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "テンポラリヘッダファイル %s を作成できません。"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Bitmap モードのフラッシュ時間"
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "LUKS2 メタデータサイズがデータシフト値より大きいです。"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "タグサイズ (セクタ毎)"
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "デバイス %s の先頭に新しいヘッダを置けません。"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "セクタサイズ"
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s がアクティブでオンライン暗号化可能です。\n"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "バッファサイズ"
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "アクティブなデバイス %s は LUKS2 ではありません。"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "ã\83\87ã\83¼ã\82¿æ\95´å\90\88æ\80§ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 "
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "ã\82ªã\83ªã\82¸ã\83\8aã\83«ã\81® LUKS2 ã\83\98ã\83\83ã\83\80ã\82\92復å\85\83ã\81\97ã\81¦ã\81\84ã\81¾ã\81\99ã\80\82"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "ã\83\87ã\83¼ã\82¿æ\95´å\90\88æ\80§ã\82ã\83¼ã\81®ã\82µã\82¤ã\82º"
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "ã\82ªã\83ªã\82¸ã\83\8aã\83«ã\81® LUKS ã\83\98ã\83\83ã\83\80ã\81®å¾©å\85\83ã\81«å¤±æ\95\97ã\81\97ã\81¾ã\81\97ã\81\9fã\80\82"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "整合性キーをファイルから読み込む"
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "ヘッダファイル %s が存在しません。デバイス %s の復号化をして LUKS2 ヘッダをファイル %s に出力しますか?"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«æ\95´å\90\88æ\80§ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 "
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "ã\82¨ã\82¯ã\82¹ã\83\9dã\83¼ã\83\88ã\81\95ã\82\8cã\81\9fã\83\98ã\83\83ã\83\80ã\83\95ã\82¡ã\82¤ã\83«ã\81«èªã\81¿æ\9b¸ã\81\8d権é\99\90ã\82\92ä»\98ä¸\8eã\81§ã\81\8dã\81¾ã\81\9bã\82\93ã\80\82"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "ジャーナル整合性キーのサイズ"
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "再暗号化の初期化に失敗しました。ヘッダのバックアップは %s にあります。"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "ジャーナル整合性キーをファイルから読み込む"
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "LUKS2 復号は分離(detached)ヘッダデバイスしかサポートしていません(データへのオフセットが0)。"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "ジャーナル暗号化アルゴリズム"
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "再暗号化に必要な空きキースロットがありません。"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«æ\9a\97å\8f·å\8c\96ã\82ã\83¼ã\81®ã\82µã\82¤ã\82º"
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "ã\82ã\83¼ã\83\95ã\82¡ã\82¤ã\83«ã\81¯ --key-slot ã\81¨ä½¿ã\81\86ã\81\8bã\80\811 ã\81¤ã\81®ã\82ã\83¼ã\82¹ã\83ã\83\83ã\83\88ã\81 ã\81\91ã\82¢ã\82¯ã\83\86ã\82£ã\83\96ã\81®æ\99\82ã\81«ã\81\97ã\81\8b使ã\81\88ã\81¾ã\81\9bã\82\93ã\80\82"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "ジャーナル暗号化キーをファイルから読み込む"
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "キースロット %d のパスフレーズを入力してください: "
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "リカバリモード (ジャーナル不使用、タグ確認なし)"
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "キースロット %u のパスフレーズを入力してください: "
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "変更の追跡に bitmap を使いジャーナルの整合性デバイスの無効にします"
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "データの暗号化用の暗号アルゴリズムを %s にします。\n"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "初期タグを自動で再計算する。"
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "データセグメントのパラメータが変わっていません。再暗号化を中止します。"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "スーパーブロックを HMAC で保護しません(古いカーネル)"
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"オフラインデバイスの暗号化セクタサイズの増加はサポートしていません。\n"
+"まずデバイスをアクティベートするか、--force-offline-reencrypt オプションを使ってください (ただし危険です!)。"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "ボリュームの HMAC キーによる再計算を許可(古いカーネル)"
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"再暗号化が中断されました。"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "--integrity-recalculate は open でしか使えません。"
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "LUKS 再暗号化を強制オフラインモードで再開します。\n"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "--journal-size, --interleave-sectors, --sector-size, --tag-size, --no-wipe は format でしか使えません。"
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "デバイス %s は壊れた LUKS メタデータを含んでいます。処理を中止します。"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "不正なジャーナルサイズの指定です。"
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "デバイス %s は既に LUKS デバイスです。処理を中止します。"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "キーファイルとキーサイズの両方の指定が必要です。"
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "デバイス %s は既に LUKS 再暗号化状態にあります。処理を中止します。"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "ジャーナル整合性キーファイルとキーサイズの両方の指定が必要です。"
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "LUKS2 復号には --header オプションが必要です。"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "ã\82¸ã\83£ã\83¼ã\83\8aã\83«æ\95´å\90\88æ\80§ã\82ã\83¼ã\82\92使ã\81\86å ´å\90\88ã\81¯ã\82¢ã\83«ã\82´ã\83ªã\82ºã\83 ã\81®æ\8c\87å®\9aã\81\8cå¿\85è¦\81ã\81§す。"
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "ã\82³ã\83\9eã\83³ã\83\89ã\81¯ã\83\87ã\83\90ã\82¤ã\82¹ã\82\92å¼\95æ\95°ã\81¨ã\81\97ã\81¦å¿\85è¦\81ã\81¨ã\81\97ã\81¾す。"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "ジャーナル暗号キーファイルとキーサイズの両方の指定が必要です。"
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "バージョンが衝突しています。デバイス %s は LUKS1 です。"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "ジャーナル暗号キーを使う場合はアルゴリズムの指定が必要です。"
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "バージョンが衝突しています。デバイス %s は LUKS1 再暗号化状態にあります。"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "リカバリと bitmap モードオプションは同時には使えません。"
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "バージョンが衝突しています。デバイス %s は LUKS2 です。"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "ジャーナルオプションは bitmap モードでは使えません。"
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "バージョンが衝突しています。デバイス %s は LUKS2 再暗号化状態にあります。"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "bitmap オプションは bitmap モードでしか使えません。"
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "LUKS2 再暗号化が既に初期化済なので操作を中止します。"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "既に再暗号化中です。"
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "再暗号化処理を実行中ではありません。"
-#: src/cryptsetup_reencrypt.c:226
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "デバイスが使用中のため %s を排他的にオープンできません。"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
msgid "Allocation of aligned memory failed."
msgstr "アライメントつきメモリの確保ができませんでした。"
-#: src/cryptsetup_reencrypt.c:247
+#: src/utils_reencrypt_luks1.c:150
#, c-format
msgid "Cannot read device %s."
msgstr "デバイス %s を読めません。"
-#: src/cryptsetup_reencrypt.c:258
+#: src/utils_reencrypt_luks1.c:161
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "LUKS1 デバイス %s を使用不可としてマークします。"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "LUKS2 offline reencrypt フラグをデバイス %s に設定します。"
-
-#: src/cryptsetup_reencrypt.c:279
+#: src/utils_reencrypt_luks1.c:177
#, c-format
msgid "Cannot write device %s."
msgstr "デバイス %s に書き込めません。"
-#: src/cryptsetup_reencrypt.c:327
+#: src/utils_reencrypt_luks1.c:226
msgid "Cannot write reencryption log file."
msgstr "再暗号化ログファイルに書きこめません。"
-#: src/cryptsetup_reencrypt.c:383
+#: src/utils_reencrypt_luks1.c:282
msgid "Cannot read reencryption log file."
msgstr "再暗号化ログファイルを読み込めません。"
-#: src/cryptsetup_reencrypt.c:421
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "誤ったログフォーマットです。"
+
+#: src/utils_reencrypt_luks1.c:320
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "ログファイル %s が既にあるので再暗号化を再開します。\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/utils_reencrypt_luks1.c:369
msgid "Activating temporary device using old LUKS header."
msgstr "古い LUKS ヘッダを使っているテンポラリデバイスを有効にします。"
-#: src/cryptsetup_reencrypt.c:480
+#: src/utils_reencrypt_luks1.c:379
msgid "Activating temporary device using new LUKS header."
msgstr "新しい LUKS ヘッダを使っているテンポラリデバイスを有効にします。"
-#: src/cryptsetup_reencrypt.c:490
+#: src/utils_reencrypt_luks1.c:389
msgid "Activation of temporary devices failed."
msgstr "テンポラリデバイスの有効化に失敗しました。"
-#: src/cryptsetup_reencrypt.c:577
+#: src/utils_reencrypt_luks1.c:449
msgid "Failed to set data offset."
msgstr "データオフセットの設定に失敗しました。"
-#: src/cryptsetup_reencrypt.c:583
+#: src/utils_reencrypt_luks1.c:455
msgid "Failed to set metadata size."
msgstr "メタデータサイズの設定に失敗しました。"
-#: src/cryptsetup_reencrypt.c:591
+#: src/utils_reencrypt_luks1.c:463
#, c-format
msgid "New LUKS header for device %s created."
msgstr "デバイス %s の新しい LUKS ヘッダを作成しました。"
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "このバージョンの cryptsetup-reencrypt は新しい内部トークンタイプ %s を扱えません。"
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "アクティベーションフラグをバックアップヘッダから読み込めません。"
-
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "アクティベーションフラグを新しいヘッダに書き込めません。"
-
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "バックアップヘッダから要求(requirements)を読み込めません。"
-
-#: src/cryptsetup_reencrypt.c:723
+#: src/utils_reencrypt_luks1.c:500
#, c-format
msgid "%s header backup of device %s created."
msgstr "%s ヘッダバックアップデバイス %s が作成されました。"
-#: src/cryptsetup_reencrypt.c:786
+#: src/utils_reencrypt_luks1.c:556
msgid "Creation of LUKS backup headers failed."
msgstr "LUKS バックアップヘッダが作成できません。"
-#: src/cryptsetup_reencrypt.c:919
+#: src/utils_reencrypt_luks1.c:685
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "デバイス %2s の %1s ヘッダが復元できません。"
-#: src/cryptsetup_reencrypt.c:921
+#: src/utils_reencrypt_luks1.c:687
#, c-format
msgid "%s header on device %s restored."
msgstr "デバイス %2s の %1s ヘッダを復元しました。"
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
msgid "Cannot open temporary LUKS device."
msgstr "テンポラリ LUKS デバイスをオープンできません。"
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
msgid "Cannot get device size."
msgstr "デバイスサイズを取得できません。"
-#: src/cryptsetup_reencrypt.c:1176
+#: src/utils_reencrypt_luks1.c:968
msgid "IO error during reencryption."
msgstr "再暗号化中に I/O エラーが発生しました。"
-#: src/cryptsetup_reencrypt.c:1207
+#: src/utils_reencrypt_luks1.c:998
msgid "Provided UUID is invalid."
msgstr "与えられた UUID が不正です。"
-#: src/cryptsetup_reencrypt.c:1441
+#: src/utils_reencrypt_luks1.c:1224
msgid "Cannot open reencryption log file."
msgstr "再暗号化ログファイルを開けません。"
-#: src/cryptsetup_reencrypt.c:1447
+#: src/utils_reencrypt_luks1.c:1230
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "復号を実行中ではありません。与えられた UUID は中止された復号を再開するためだけに使えます。"
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "キースロット %i の pbkdf パラメータを変更しました。"
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "再暗号化のブロックサイズ"
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
-
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "キーを変えず、データ領域の再暗号化を行わない"
-
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "新しいボリューム(マスター)キーをファイルから読み込む"
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "LUKS 向け PBKDF2 の繰り返し時間 (ミリ秒単位)"
-
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "デバイスアクセス時に direct-io を使う"
-
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "ブロック毎に fsync() する"
-
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "ログファイルをブロック毎に更新する"
-
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "このスロットだけ使う (残りは無効化されます)"
-
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "暗号化されていないデバイスに新しいヘッダを作成する"
-
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "デバイスを恒久的に復号状態にする (つまり暗号化をやめる)"
-
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "復号の再開に使う UUID"
-
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "メタデータタイプ: luks1, luks2"
-
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[オプション...] <デバイス>"
-
-#: src/cryptsetup_reencrypt.c:1687
+#: src/utils_reencrypt_luks1.c:1286
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "再暗号化で以下が変わります: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/utils_reencrypt_luks1.c:1287
msgid "volume key"
msgstr "ボリュームキー"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/utils_reencrypt_luks1.c:1289
msgid "set hash to "
msgstr "ハッシュ"
-#: src/cryptsetup_reencrypt.c:1691
+#: src/utils_reencrypt_luks1.c:1290
msgid ", set cipher to "
msgstr "暗号(cipher)"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "引数が必要です。"
-
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "再暗号化のブロックサイズは 1 MiB から 64 MiB までの値しか使えません。"
-
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "デバイスを減らせる最大値は 64 MiB です。"
-
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "--new は --reduce-device-size か --header と一緒に使う必要があります"
-
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "--keep-key は --hash か --iter-time か --pbkdf-force-iterations と使う必要があります。"
-
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "--new は --decrypt と一緒に使えません。"
-
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "--decrypt は指定されたパラメータと互換性がありません。"
-
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "--uuid は --decrypt と一緒にしか使えません。"
-
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "不正な luks タイプです。'luks', 'luks1', 'luks2' のいずれかを使ってください。"
-
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "端末から応答を読み込み中にエラー。"
-
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "コマンド成功。\n"
-
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "パラメータが間違っているか指定されていません"
-
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "権限がないかパスフレーズが間違っています"
-
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "メモリ不足"
-
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "間違ったデバイスかファイルが指定されました"
-
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "デバイスが既にあるかビジーです"
-
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "不明なエラー"
-
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "コマンド失敗:コード %i (%s)\n"
-
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "キースロット %i が作成されました。"
-
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "キースロット %i がアンロックされました。"
-
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "キースロット %i が削除されました。"
-
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "トークン %i が作成されました。"
-
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "トークン %i が削除されました。"
-
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"ワイプが中断されました。"
-
-#: src/utils_tools.c:476
+#: src/utils_blockdev.c:189
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr "警告: デバイス %s が既に '%s' パーティションシグネチャを含んでいます。\n"
-#: src/utils_tools.c:484
+#: src/utils_blockdev.c:197
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr "警告: デバイス %s が既に '%s' のスーパーブロックシグネチャを含んでいます。\n"
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
msgid "Failed to initialize device signature probes."
msgstr "デバイスシグネチャ検出の初期化に失敗しました。"
-#: src/utils_tools.c:549
+#: src/utils_blockdev.c:274
#, c-format
msgid "Failed to stat device %s."
msgstr "デバイス %s の stat() に失敗しました。"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "デバイス %s は使用中です。フォーマットを始められません。"
-
-#: src/utils_tools.c:564
+#: src/utils_blockdev.c:289
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr "ファイル %s を読み書き可能なモードでオープンできません。"
-#: src/utils_tools.c:578
+#: src/utils_blockdev.c:307
#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "ä»\8aã\81\82ã\82\8b '%s' ã\83\91ã\83¼ã\83\86ã\82£ã\82·ã\83§ã\83³ã\81®ã\82·ã\82°ã\83\8dã\83\81ã\83£(ã\82ªã\83\95ã\82»ã\83\83ã\83\88: %<PRIi64> ã\83\90ã\82¤ã\83\88ã\80\81ã\83\87ã\83\90ã\82¤ã\82¹ %s)ã\81¯æ¶\88å\8e»されます。"
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "ä»\8aã\81\82ã\82\8b '%s' ã\83\91ã\83¼ã\83\86ã\82£ã\82·ã\83§ã\83³ã\82·ã\82°ã\83\8dã\83\81ã\83£ã\81¯ã\83\87ã\83\90ã\82¤ã\82¹ %s ã\81\8bã\82\89æ¶\88されます。"
-#: src/utils_tools.c:581
+#: src/utils_blockdev.c:310
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "ä»\8aã\81\82ã\82\8b '%s' ã\82¹ã\83¼ã\83\91ã\83¼ã\83\96ã\83ã\83\83ã\82¯ã\81®ã\82·ã\82°ã\83\8dã\83\81ã\83£(ã\82ªã\83\95ã\82»ã\83\83ã\83\88: %<PRIi64> ã\83\90ã\82¤ã\83\88ã\80\81ã\83\87ã\83\90ã\82¤ã\82¹ %s)ã\81¯æ¶\88å\8e»されます。"
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "ä»\8aã\81\82ã\82\8b '%s' ã\82¹ã\83¼ã\83\91ã\83¼ã\83\96ã\83ã\83\83ã\82¯ã\82·ã\82°ã\83\8dã\83\81ã\83£ã\81¯ã\83\87ã\83\90ã\82¤ã\82¹ %s ã\81\8bã\82\89æ¶\88されます。"
-#: src/utils_tools.c:584
+#: src/utils_blockdev.c:313
msgid "Failed to wipe device signature."
msgstr "デバイスシグネチャを消せません。"
-#: src/utils_tools.c:591
+#: src/utils_blockdev.c:320
#, c-format
msgid "Failed to probe device %s for a signature."
msgstr "デバイス %s のシグネチャが検出できません。"
-#: src/utils_tools.c:622
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "--%s のサイズの指定が不正です。"
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "オプション --%s は %s アクションと一緒には使えません。"
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "ssh token json ファイルに書き込めません。"
+
+#: tokens/ssh/cryptsetup-ssh.c:128
msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
"\n"
-"Reencryption interrupted."
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
msgstr ""
+"SSH サーバに接続されたトークンで LUKS2 デバイスをアンロックする cryptsetup プラグイン。このプラグインは既に存在するキースロットにトークンを追加できます。\n"
"\n"
-"再暗号化が中断されました。"
+"デバイスに存在するキースロットに対して、SSH サーバは指定されたパスにあるパスフレーズ付きのキーファイルを持っていなければなりません。\n"
+"与えられた credential がトークンを使ってデバイスをオープンする時のパスワードを得るのに使われます。\n"
+"\n"
+"Note: トークンを追加する時に与えられる情報 (SSH server address, user and paths) は LUKS2 ヘッダに平文で保存されます。"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "パスワードの質を確認できません: %s"
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<アクション> <デバイス>"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"パスワードの質の確認に失敗:\n"
-" %s"
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "'add' アクションのオプション:"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "パスワードの質が確認できません: 質の悪いパスフレーズ (%s)"
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "このトークンのリモートサーバのIPアドレス/URL"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "端末からパスフレーズを読み込めません。"
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "リモートサーバで使うユーザ名"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "同じパスフレーズを入力してください: "
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "リモートサーバのキーファイルのパス"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "ã\83\91ã\82¹ã\83\95ã\83¬ã\83¼ã\82ºã\81\8cä¸\80è\87´ã\81\97ã\81¾ã\81\9bã\82\93ã\80\82"
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "ã\83ªã\83¢ã\83¼ã\83\88ã\82µã\83¼ã\83\90ã\81«æ\8e¥ç¶\9aã\81\99ã\82\8bã\81\9fã\82\81ã\81® SSH ã\82ã\83¼ã\81¸ã\81®ã\83\91ã\82¹"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "端末からの入力でオフセットは使用できません。"
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "トークンが割り当てられるキースロット。指定されなければトークンは与えられたパスフレーズがマッチする最初のキースロットに割り当てられます。"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "パスフレーズを入力してください: "
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "一般オプション:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "より詳細なエラーメッセージを表示します"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "デバッグメッセージを表示します"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "JSON メタデータを含むデバッグメッセージを表示する"
-#: src/utils_password.c:290
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "秘密鍵を開いてインポートできませんでした:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "秘密鍵のインポートに失敗しました(パスワードで保護されているのでは?)。\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "%s のパスフレーズを入力してください: "
+msgid "%s@%s's password: "
+msgstr "%s@%s のパスワード: "
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "このパスフレーズで使用可能なキーはありません。"
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "引数の解釈に失敗しました。\n"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "使用可能なキースロットがありません。"
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "アクションの指定が必要です\n"
-#: src/utils_password.c:365
+#: tokens/ssh/cryptsetup-ssh.c:374
#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "キーファイル %s を書き込み用にオープンできません。"
+msgid "Device must be specified for '%s' action.\n"
+msgstr "'%s' アクションにはデバイスの指定が必要です。\n"
-#: src/utils_password.c:372
+#: tokens/ssh/cryptsetup-ssh.c:379
#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "キーファイル %s に書き込めません。"
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "'%s' アクションには SSH サーバの指定が必要です。\n"
-#: src/utils_luks2.c:47
+#: tokens/ssh/cryptsetup-ssh.c:384
#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "ファイル %s を読み込み専用モードでオープンできません。"
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "'%s' アクションには SSH ユーザの指定が必要です。\n"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "妥当な LUKS2 トークンを JSON で与えてください:\n"
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "'%s' アクションには SSH パスの指定が必要です。\n"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "JSON ファイルを読み込めません。"
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "'%s' アクションには SSH キーパスの指定が必要です。\n"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"読み込みが中断されました。"
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "与えられた credential ではファイル %s をオープンできません。\n"
-#: src/utils_luks2.c:113
+#: tokens/ssh/cryptsetup-ssh.c:417
#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "ファイル %s を書き込みモードでオープンできません。"
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "今のところ、このプラグインでは 'add' アクションしかサポートされていません。\n"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"書き込みが中断されました。"
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "sftp セッションが作成できません: "
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "JSON ファイルに書き込めません。"
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "sftp セッションが初期化できません: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "sftp セッションをオープンできません: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "sftp ファイルの stat できません: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "メモリ不足。\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "リモートキーを読み込めません: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "接続に失敗しました: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "サーバが不明です: "
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "再暗号化の要求(requirement)フラグを禁止できません。"
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "公開鍵暗号認証がホストで許可されていません。\n"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "デバイスは再暗号化のリカバリを必要としていなそうです。\n"
-#~ "本当にやりますか?"
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "公開鍵認証エラー: "
--- /dev/null
+# Georgian translation for cryptsetup.
+# Copyright (C) 2022 Free Software Foundation, Inc.
+# This file is distributed under the same license as the cryptsetup package.
+# Temuri Doghonadze <temuri.doghonadze@gmail.com>, 2022.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: cryptsetup 2.6.0-rc1\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2022-11-20 12:38+0100\n"
+"PO-Revision-Date: 2022-12-28 18:51+0100\n"
+"Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n"
+"Language-Team: Georgian <(nothing)>\n"
+"Language: ka\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Poedit 3.2.2\n"
+
+#: lib/libdevmapper.c:419
+msgid "Cannot initialize device-mapper, running as non-root user."
+msgstr ""
+
+#: lib/libdevmapper.c:422
+msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
+msgstr ""
+
+#: lib/libdevmapper.c:1102
+msgid "Requested deferred flag is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1171
+#, c-format
+msgid "DM-UUID for device %s was truncated."
+msgstr ""
+
+#: lib/libdevmapper.c:1501
+msgid "Unknown dm target type."
+msgstr "უცნობი dm სამიზნის ტიპი."
+
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
+msgid "Requested dm-crypt performance options are not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
+msgid "Requested dm-verity data corruption handling options are not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1653
+msgid "Requested dm-verity FEC options are not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1659
+msgid "Requested data integrity options are not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1663
+msgid "Requested sector_size option is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
+msgid "Requested automatic recalculation of integrity tags is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
+msgid "Discard/TRIM is not supported."
+msgstr "Discard/TRIM მხარდაუჭერელია."
+
+#: lib/libdevmapper.c:1688
+msgid "Requested dm-integrity bitmap mode is not supported."
+msgstr ""
+
+#: lib/libdevmapper.c:2724
+#, c-format
+msgid "Failed to query dm-%s segment."
+msgstr ""
+
+#: lib/random.c:73
+msgid ""
+"System is out of entropy while generating volume key.\n"
+"Please move mouse or type some text in another window to gather some random events.\n"
+msgstr ""
+
+#: lib/random.c:77
+#, c-format
+msgid "Generating key (%d%% done).\n"
+msgstr "გასაღების გენერაცია (%d%% მზადაა).\n"
+
+#: lib/random.c:163
+msgid "Running in FIPS mode."
+msgstr "FIPS რეჟიმში მუშაობა."
+
+#: lib/random.c:169
+msgid "Fatal error during RNG initialisation."
+msgstr "ფატალური შეცდომა RNG-ის ინიციალიზაციისას."
+
+#: lib/random.c:207
+msgid "Unknown RNG quality requested."
+msgstr "RNG-ის მოთხოვნილი ხარისხი უცნობია."
+
+#: lib/random.c:212
+msgid "Error reading from RNG."
+msgstr "RNG-დან წაკითხვის შეცდომა."
+
+#: lib/setup.c:231
+msgid "Cannot initialize crypto RNG backend."
+msgstr "კრიპტოს RNG უკანაბოლოს ინიციალიზაციის შეცდომა."
+
+#: lib/setup.c:237
+msgid "Cannot initialize crypto backend."
+msgstr "კრიპტო უკანაბოლოს ინიციალიზაციის შეცდომა."
+
+#: lib/setup.c:268 lib/setup.c:2139 lib/verity/verity.c:122
+#, c-format
+msgid "Hash algorithm %s not supported."
+msgstr ""
+
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
+#, c-format
+msgid "Key processing error (using hash %s)."
+msgstr "გასაღების დამუშავების შეცდომა (გამოყენებული ჰეში %s)."
+
+#: lib/setup.c:342 lib/setup.c:369
+msgid "Cannot determine device type. Incompatible activation of device?"
+msgstr ""
+
+#: lib/setup.c:348 lib/setup.c:3308
+msgid "This operation is supported only for LUKS device."
+msgstr ""
+
+#: lib/setup.c:375
+msgid "This operation is supported only for LUKS2 device."
+msgstr ""
+
+#: lib/setup.c:430 lib/luks2/luks2_reencrypt.c:3010
+msgid "All key slots full."
+msgstr "გასაღების ყველა სლოტი სავსეა."
+
+#: lib/setup.c:441
+#, c-format
+msgid "Key slot %d is invalid, please select between 0 and %d."
+msgstr ""
+
+#: lib/setup.c:447
+#, c-format
+msgid "Key slot %d is full, please select another one."
+msgstr ""
+
+#: lib/setup.c:532 lib/setup.c:3030
+msgid "Device size is not aligned to device logical block size."
+msgstr ""
+
+#: lib/setup.c:630
+#, c-format
+msgid "Header detected but device %s is too small."
+msgstr ""
+
+#: lib/setup.c:671 lib/setup.c:2930 lib/setup.c:4275
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
+msgid "This operation is not supported for this device type."
+msgstr ""
+
+#: lib/setup.c:676
+msgid "Illegal operation with reencryption in-progress."
+msgstr ""
+
+#: lib/setup.c:762
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr ""
+
+#: lib/setup.c:849 lib/luks1/keymanage.c:247 lib/luks1/keymanage.c:525
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1433
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr ""
+
+#: lib/setup.c:852 lib/luks1/keymanage.c:528
+#, c-format
+msgid "Unsupported LUKS version %d."
+msgstr "LUKS-ის მხარდაუჭერელი ვერსია %d."
+
+#: lib/setup.c:1479 lib/setup.c:2679 lib/setup.c:2761 lib/setup.c:2773
+#: lib/setup.c:2940 lib/setup.c:4752
+#, c-format
+msgid "Device %s is not active."
+msgstr "მოწყობილობა %s აქტიური არაა."
+
+#: lib/setup.c:1496
+#, c-format
+msgid "Underlying device for crypt device %s disappeared."
+msgstr "ქვეშმყოფი მოწყობილობა დაშიფრული მოწყობილობისთვის %s სადღაც აორთქლდა."
+
+#: lib/setup.c:1578
+msgid "Invalid plain crypt parameters."
+msgstr "უბრალოდ შიფრაციის არასწორი პარამეტრები."
+
+#: lib/setup.c:1583 lib/setup.c:2042
+msgid "Invalid key size."
+msgstr "გასაღების არასწორი ზომა."
+
+#: lib/setup.c:1588 lib/setup.c:2047 lib/setup.c:2250
+msgid "UUID is not supported for this crypt type."
+msgstr ""
+
+#: lib/setup.c:1593 lib/setup.c:2052
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr ""
+
+#: lib/setup.c:1603 lib/setup.c:1819 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
+msgid "Unsupported encryption sector size."
+msgstr ""
+
+#: lib/setup.c:1611 lib/setup.c:1947 lib/setup.c:3024
+msgid "Device size is not aligned to requested sector size."
+msgstr ""
+
+#: lib/setup.c:1663 lib/setup.c:1787
+msgid "Can't format LUKS without device."
+msgstr ""
+
+#: lib/setup.c:1669 lib/setup.c:1793
+msgid "Requested data alignment is not compatible with data offset."
+msgstr ""
+
+#: lib/setup.c:1744 lib/setup.c:1964 lib/setup.c:1985 lib/setup.c:2262
+#, c-format
+msgid "Cannot wipe header on device %s."
+msgstr ""
+
+#: lib/setup.c:1757 lib/setup.c:2024
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr ""
+
+#: lib/setup.c:1828
+msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
+msgstr ""
+
+#: lib/setup.c:1851
+msgid "Volume key is too small for encryption with integrity extensions."
+msgstr ""
+
+#: lib/setup.c:1911
+#, c-format
+msgid "Cipher %s-%s (key size %zd bits) is not available."
+msgstr ""
+
+#: lib/setup.c:1937
+#, c-format
+msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
+msgstr ""
+
+#: lib/setup.c:1941
+#, c-format
+msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
+msgstr ""
+
+#: lib/setup.c:1967 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
+#, c-format
+msgid "Device %s is too small."
+msgstr "მოწყობილობა ძალიან პატარაა %s."
+
+#: lib/setup.c:1978 lib/setup.c:2004
+#, c-format
+msgid "Cannot format device %s in use."
+msgstr ""
+
+#: lib/setup.c:1981 lib/setup.c:2007
+#, c-format
+msgid "Cannot format device %s, permission denied."
+msgstr ""
+
+#: lib/setup.c:1993 lib/setup.c:2322
+#, c-format
+msgid "Cannot format integrity for device %s."
+msgstr ""
+
+#: lib/setup.c:2011
+#, c-format
+msgid "Cannot format device %s."
+msgstr "მოწყობილობის ფორმატირების (%s) შეცდომა."
+
+#: lib/setup.c:2037
+msgid "Can't format LOOPAES without device."
+msgstr ""
+
+#: lib/setup.c:2082
+msgid "Can't format VERITY without device."
+msgstr ""
+
+#: lib/setup.c:2093 lib/verity/verity.c:101
+#, c-format
+msgid "Unsupported VERITY hash type %d."
+msgstr ""
+
+#: lib/setup.c:2099 lib/verity/verity.c:109
+msgid "Unsupported VERITY block size."
+msgstr ""
+
+#: lib/setup.c:2104 lib/verity/verity.c:74
+msgid "Unsupported VERITY hash offset."
+msgstr ""
+
+#: lib/setup.c:2109
+msgid "Unsupported VERITY FEC offset."
+msgstr ""
+
+#: lib/setup.c:2133
+msgid "Data area overlaps with hash area."
+msgstr ""
+
+#: lib/setup.c:2158
+msgid "Hash area overlaps with FEC area."
+msgstr ""
+
+#: lib/setup.c:2165
+msgid "Data area overlaps with FEC area."
+msgstr ""
+
+#: lib/setup.c:2301
+#, c-format
+msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
+msgstr ""
+
+#: lib/setup.c:2380
+#, c-format
+msgid "Unknown crypt device type %s requested."
+msgstr ""
+
+#: lib/setup.c:2687 lib/setup.c:2766 lib/setup.c:2779
+#, c-format
+msgid "Unsupported parameters on device %s."
+msgstr ""
+
+#: lib/setup.c:2693 lib/setup.c:2786 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
+#, c-format
+msgid "Mismatching parameters on device %s."
+msgstr ""
+
+#: lib/setup.c:2810
+msgid "Crypt devices mismatch."
+msgstr ""
+
+#: lib/setup.c:2847 lib/setup.c:2852 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
+#, c-format
+msgid "Failed to reload device %s."
+msgstr ""
+
+#: lib/setup.c:2858 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
+#, c-format
+msgid "Failed to suspend device %s."
+msgstr ""
+
+#: lib/setup.c:2870 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
+#, c-format
+msgid "Failed to resume device %s."
+msgstr ""
+
+#: lib/setup.c:2885
+#, c-format
+msgid "Fatal error while reloading device %s (on top of device %s)."
+msgstr ""
+
+#: lib/setup.c:2888 lib/setup.c:2890
+#, c-format
+msgid "Failed to switch device %s to dm-error."
+msgstr ""
+
+#: lib/setup.c:2972
+msgid "Cannot resize loop device."
+msgstr "Loop მოწყობილობის ზომის შეცვლა შეუძლებელია."
+
+#: lib/setup.c:3015
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr ""
+
+#: lib/setup.c:3076
+msgid "Resize failed, the kernel doesn't support it."
+msgstr ""
+
+#: lib/setup.c:3108
+msgid "Do you really want to change UUID of device?"
+msgstr ""
+
+#: lib/setup.c:3200
+msgid "Header backup file does not contain compatible LUKS header."
+msgstr ""
+
+#: lib/setup.c:3316
+#, c-format
+msgid "Volume %s is not active."
+msgstr "ტომი %s აქტიური არაა."
+
+#: lib/setup.c:3327
+#, c-format
+msgid "Volume %s is already suspended."
+msgstr ""
+
+#: lib/setup.c:3340
+#, c-format
+msgid "Suspend is not supported for device %s."
+msgstr ""
+
+#: lib/setup.c:3342
+#, c-format
+msgid "Error during suspending device %s."
+msgstr ""
+
+#: lib/setup.c:3377
+#, c-format
+msgid "Resume is not supported for device %s."
+msgstr ""
+
+#: lib/setup.c:3379
+#, c-format
+msgid "Error during resuming device %s."
+msgstr ""
+
+#: lib/setup.c:3413 lib/setup.c:3461 lib/setup.c:3532 lib/setup.c:3577
+#: src/cryptsetup.c:2479
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr ""
+
+#: lib/setup.c:3547 lib/setup.c:4528 lib/setup.c:4541 lib/setup.c:4549
+#: lib/setup.c:4562 lib/setup.c:6145 lib/setup.c:6167 lib/setup.c:6216
+#: src/cryptsetup.c:2011
+msgid "Volume key does not match the volume."
+msgstr "ტომის გასაღები ტომს არ ემთხვევა."
+
+#: lib/setup.c:3725
+msgid "Failed to swap new key slot."
+msgstr ""
+
+#: lib/setup.c:3823
+#, c-format
+msgid "Key slot %d is invalid."
+msgstr "გასაღების სლოტი %d არასწორია."
+
+#: lib/setup.c:3829 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
+#, c-format
+msgid "Keyslot %d is not active."
+msgstr "გასაღების სლოტი %d აქტიური არაა."
+
+#: lib/setup.c:3848
+msgid "Device header overlaps with data area."
+msgstr ""
+
+#: lib/setup.c:4153
+msgid "Reencryption in-progress. Cannot activate device."
+msgstr ""
+
+#: lib/setup.c:4155 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
+msgid "Failed to get reencryption lock."
+msgstr ""
+
+#: lib/setup.c:4168 lib/luks2/luks2_reencrypt.c:3609
+msgid "LUKS2 reencryption recovery failed."
+msgstr ""
+
+#: lib/setup.c:4340 lib/setup.c:4606
+msgid "Device type is not properly initialized."
+msgstr ""
+
+#: lib/setup.c:4388
+#, c-format
+msgid "Device %s already exists."
+msgstr "მოწყობლობა %s უკვე არსებობს."
+
+#: lib/setup.c:4395
+#, c-format
+msgid "Cannot use device %s, name is invalid or still in use."
+msgstr ""
+
+#: lib/setup.c:4515
+msgid "Incorrect volume key specified for plain device."
+msgstr ""
+
+#: lib/setup.c:4632
+msgid "Incorrect root hash specified for verity device."
+msgstr ""
+
+#: lib/setup.c:4642
+msgid "Root hash signature required."
+msgstr ""
+
+#: lib/setup.c:4651
+msgid "Kernel keyring missing: required for passing signature to kernel."
+msgstr ""
+
+#: lib/setup.c:4668 lib/setup.c:6411
+msgid "Failed to load key in kernel keyring."
+msgstr ""
+
+#: lib/setup.c:4724
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr ""
+
+#: lib/setup.c:4731 lib/setup.c:4747 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
+#, c-format
+msgid "Device %s is still in use."
+msgstr "მოწყობილობა %s ჯერ კიდევ გამოიყენება."
+
+#: lib/setup.c:4756
+#, c-format
+msgid "Invalid device %s."
+msgstr "არასწორი მოწყობილობა '%s'."
+
+#: lib/setup.c:4896
+msgid "Volume key buffer too small."
+msgstr "ტომის გასაღების ბუფერი ძალიან პატარაა."
+
+#: lib/setup.c:4913
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr ""
+
+#: lib/setup.c:4922
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr ""
+
+#: lib/setup.c:4932
+msgid "Cannot retrieve volume key for plain device."
+msgstr "უბრალო მოწყობილობისთვის ტომის გასაღების მიღების შეცდომა."
+
+#: lib/setup.c:4940
+msgid "Cannot retrieve root hash for verity device."
+msgstr ""
+
+#: lib/setup.c:4947
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr ""
+
+#: lib/setup.c:4952
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr ""
+
+#: lib/setup.c:4954
+#, c-format
+msgid "This operation is not supported for %s crypt device."
+msgstr ""
+
+#: lib/setup.c:5135 lib/setup.c:5146
+msgid "Dump operation is not supported for this device type."
+msgstr ""
+
+#: lib/setup.c:5488
+#, c-format
+msgid "Data offset is not multiple of %u bytes."
+msgstr ""
+
+#: lib/setup.c:5776
+#, c-format
+msgid "Cannot convert device %s which is still in use."
+msgstr ""
+
+#: lib/setup.c:6086 lib/setup.c:6225
+#, c-format
+msgid "Failed to assign keyslot %u as the new volume key."
+msgstr ""
+
+#: lib/setup.c:6110
+msgid "Failed to initialize default LUKS2 keyslot parameters."
+msgstr ""
+
+#: lib/setup.c:6116
+#, c-format
+msgid "Failed to assign keyslot %d to digest."
+msgstr ""
+
+#: lib/setup.c:6341
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr ""
+
+#: lib/setup.c:6478
+msgid "Kernel keyring is not supported by the kernel."
+msgstr ""
+
+#: lib/setup.c:6488 lib/luks2/luks2_reencrypt.c:3807
+#, c-format
+msgid "Failed to read passphrase from keyring (error %d)."
+msgstr ""
+
+#: lib/setup.c:6512
+msgid "Failed to acquire global memory-hard access serialization lock."
+msgstr ""
+
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
+msgid "Failed to open key file."
+msgstr "გასაღების ფაილის გახსნის შეცდომა."
+
+#: lib/utils.c:163
+msgid "Cannot read keyfile from a terminal."
+msgstr ""
+
+#: lib/utils.c:179
+msgid "Failed to stat key file."
+msgstr "გასაღების ფაილის აღმოჩენის შეცდომა."
+
+#: lib/utils.c:187 lib/utils.c:208
+msgid "Cannot seek to requested keyfile offset."
+msgstr ""
+
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:227
+#: src/utils_password.c:239
+msgid "Out of memory while reading passphrase."
+msgstr "არასაკმარისი მეხსიერება საკვანძო ფრაზის წაკითხვისას."
+
+#: lib/utils.c:237
+msgid "Error reading passphrase."
+msgstr "საკვანძო ფრაზის წაკითხვის შეცდომა."
+
+#: lib/utils.c:254
+msgid "Nothing to read on input."
+msgstr ""
+
+#: lib/utils.c:261
+msgid "Maximum keyfile size exceeded."
+msgstr ""
+
+#: lib/utils.c:266
+msgid "Cannot read requested amount of data."
+msgstr ""
+
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408
+#, c-format
+msgid "Device %s does not exist or access denied."
+msgstr ""
+
+#: lib/utils_device.c:217
+#, c-format
+msgid "Device %s is not compatible."
+msgstr ""
+
+#: lib/utils_device.c:561
+#, c-format
+msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
+msgstr ""
+
+#: lib/utils_device.c:722
+#, c-format
+msgid "Device %s is too small. Need at least %<PRIu64> bytes."
+msgstr ""
+
+#: lib/utils_device.c:803
+#, c-format
+msgid "Cannot use device %s which is in use (already mapped or mounted)."
+msgstr ""
+
+#: lib/utils_device.c:807
+#, c-format
+msgid "Cannot use device %s, permission denied."
+msgstr ""
+
+#: lib/utils_device.c:810
+#, c-format
+msgid "Cannot get info about device %s."
+msgstr ""
+
+#: lib/utils_device.c:833
+msgid "Cannot use a loopback device, running as non-root user."
+msgstr ""
+
+#: lib/utils_device.c:844
+msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
+msgstr ""
+
+#: lib/utils_device.c:892
+#, c-format
+msgid "Requested offset is beyond real size of device %s."
+msgstr ""
+
+#: lib/utils_device.c:900
+#, c-format
+msgid "Device %s has zero size."
+msgstr ""
+
+#: lib/utils_pbkdf.c:100
+msgid "Requested PBKDF target time cannot be zero."
+msgstr ""
+
+#: lib/utils_pbkdf.c:106
+#, c-format
+msgid "Unknown PBKDF type %s."
+msgstr ""
+
+#: lib/utils_pbkdf.c:111
+#, c-format
+msgid "Requested hash %s is not supported."
+msgstr ""
+
+#: lib/utils_pbkdf.c:122
+msgid "Requested PBKDF type is not supported for LUKS1."
+msgstr ""
+
+#: lib/utils_pbkdf.c:128
+msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
+msgstr ""
+
+#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
+#, c-format
+msgid "Forced iteration count is too low for %s (minimum is %u)."
+msgstr ""
+
+#: lib/utils_pbkdf.c:148
+#, c-format
+msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
+msgstr ""
+
+#: lib/utils_pbkdf.c:155
+#, c-format
+msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
+msgstr ""
+
+#: lib/utils_pbkdf.c:160
+msgid "Requested maximum PBKDF memory cannot be zero."
+msgstr ""
+
+#: lib/utils_pbkdf.c:164
+msgid "Requested PBKDF parallel threads cannot be zero."
+msgstr ""
+
+#: lib/utils_pbkdf.c:184
+msgid "Only PBKDF2 is supported in FIPS mode."
+msgstr ""
+
+#: lib/utils_benchmark.c:174
+msgid "PBKDF benchmark disabled but iterations not set."
+msgstr ""
+
+#: lib/utils_benchmark.c:193
+#, c-format
+msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
+msgstr ""
+
+#: lib/utils_benchmark.c:213
+msgid "Not compatible PBKDF options."
+msgstr ""
+
+#: lib/utils_device_locking.c:101
+#, c-format
+msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
+msgstr ""
+
+#: lib/utils_device_locking.c:118
+#, c-format
+msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
+msgstr ""
+
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
+msgid "Cannot seek to device offset."
+msgstr ""
+
+#: lib/utils_wipe.c:247
+#, c-format
+msgid "Device wipe error, offset %<PRIu64>."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:39
+#, c-format
+msgid ""
+"Failed to setup dm-crypt key mapping for device %s.\n"
+"Check that kernel supports %s cipher (check syslog for more info)."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:44
+msgid "Key size in XTS mode must be 256 or 512 bits."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:46
+msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364
+#: lib/luks1/keymanage.c:675 lib/luks1/keymanage.c:1126
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
+#, c-format
+msgid "Cannot write to device %s, permission denied."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:120
+msgid "Failed to open temporary keystore device."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:127
+msgid "Failed to access temporary keystore device."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:61
+#: lib/luks2/luks2_keyslot_luks2.c:79 lib/luks2/luks2_keyslot_reenc.c:192
+msgid "IO error while encrypting keyslot."
+msgstr ""
+
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367
+#: lib/luks1/keymanage.c:628 lib/luks1/keymanage.c:678 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
+#, c-format
+msgid "Cannot open device %s."
+msgstr "მოწყობილობის გახსნის შეცდომა: '%s'."
+
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:138
+msgid "IO error while decrypting keyslot."
+msgstr ""
+
+#: lib/luks1/keymanage.c:129
+#, c-format
+msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
+msgstr ""
+
+#: lib/luks1/keymanage.c:150 lib/luks1/keymanage.c:158
+#: lib/luks1/keymanage.c:170 lib/luks1/keymanage.c:181
+#: lib/luks1/keymanage.c:193
+#, c-format
+msgid "LUKS keyslot %u is invalid."
+msgstr ""
+
+#: lib/luks1/keymanage.c:265 lib/luks2/luks2_json_metadata.c:1353
+#, c-format
+msgid "Requested header backup file %s already exists."
+msgstr ""
+
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1355
+#, c-format
+msgid "Cannot create header backup file %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:274 lib/luks2/luks2_json_metadata.c:1362
+#, c-format
+msgid "Cannot write header backup file %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1399
+msgid "Backup file does not contain valid LUKS header."
+msgstr ""
+
+#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:591
+#: lib/luks2/luks2_json_metadata.c:1420
+#, c-format
+msgid "Cannot open header backup file %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1428
+#, c-format
+msgid "Cannot read header backup file %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:337
+msgid "Data offset or key size differs on device and backup, restore failed."
+msgstr ""
+
+#: lib/luks1/keymanage.c:345
+#, c-format
+msgid "Device %s %s%s"
+msgstr "მოწყობილობა %s %s%s"
+
+#: lib/luks1/keymanage.c:346
+msgid "does not contain LUKS header. Replacing header can destroy data on that device."
+msgstr ""
+
+#: lib/luks1/keymanage.c:347
+msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
+msgstr ""
+
+#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1462
+msgid ""
+"\n"
+"WARNING: real device header has different UUID than backup!"
+msgstr ""
+
+#: lib/luks1/keymanage.c:396
+msgid "Non standard key size, manual repair required."
+msgstr ""
+
+#: lib/luks1/keymanage.c:406
+msgid "Non standard keyslots alignment, manual repair required."
+msgstr ""
+
+#: lib/luks1/keymanage.c:415
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:426
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:534
+#: lib/luks1/keymanage.c:790
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr ""
+
+#: lib/luks1/keymanage.c:442
+msgid "Repairing keyslots."
+msgstr ""
+
+#: lib/luks1/keymanage.c:461
+#, c-format
+msgid "Keyslot %i: offset repaired (%u -> %u)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:469
+#, c-format
+msgid "Keyslot %i: stripes repaired (%u -> %u)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:478
+#, c-format
+msgid "Keyslot %i: bogus partition signature."
+msgstr ""
+
+#: lib/luks1/keymanage.c:483
+#, c-format
+msgid "Keyslot %i: salt wiped."
+msgstr ""
+
+#: lib/luks1/keymanage.c:500
+msgid "Writing LUKS header to disk."
+msgstr ""
+
+#: lib/luks1/keymanage.c:505
+msgid "Repair failed."
+msgstr "შეკეთების შეცდომა."
+
+#: lib/luks1/keymanage.c:560
+#, c-format
+msgid "LUKS cipher mode %s is invalid."
+msgstr ""
+
+#: lib/luks1/keymanage.c:565
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr ""
+
+#: lib/luks1/keymanage.c:572 src/cryptsetup.c:1281
+msgid "No known problems detected for LUKS header."
+msgstr ""
+
+#: lib/luks1/keymanage.c:700
+#, c-format
+msgid "Error during update of LUKS header on device %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:708
+#, c-format
+msgid "Error re-reading LUKS header after update on device %s."
+msgstr ""
+
+#: lib/luks1/keymanage.c:784
+msgid "Data offset for LUKS header must be either 0 or higher than header size."
+msgstr ""
+
+#: lib/luks1/keymanage.c:795 lib/luks1/keymanage.c:864
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:514
+msgid "Wrong LUKS UUID format provided."
+msgstr ""
+
+#: lib/luks1/keymanage.c:817
+msgid "Cannot create LUKS header: reading random salt failed."
+msgstr ""
+
+#: lib/luks1/keymanage.c:843
+#, c-format
+msgid "Cannot create LUKS header: header digest failed (using hash %s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:887
+#, c-format
+msgid "Key slot %d active, purge first."
+msgstr ""
+
+#: lib/luks1/keymanage.c:893
+#, c-format
+msgid "Key slot %d material includes too few stripes. Header manipulation?"
+msgstr ""
+
+#: lib/luks1/keymanage.c:1034
+#, c-format
+msgid "Cannot open keyslot (using hash %s)."
+msgstr ""
+
+#: lib/luks1/keymanage.c:1112
+#, c-format
+msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
+msgstr ""
+
+#: lib/luks1/keymanage.c:1130 lib/luks2/luks2_keyslot.c:718
+#, c-format
+msgid "Cannot wipe device %s."
+msgstr ""
+
+#: lib/loopaes/loopaes.c:146
+msgid "Detected not yet supported GPG encrypted keyfile."
+msgstr ""
+
+#: lib/loopaes/loopaes.c:147
+msgid "Please use gpg --decrypt <KEYFILE> | cryptsetup --keyfile=- ...\n"
+msgstr ""
+
+#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188
+msgid "Incompatible loop-AES keyfile detected."
+msgstr ""
+
+#: lib/loopaes/loopaes.c:245
+msgid "Kernel does not support loop-AES compatible mapping."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:508
+#, c-format
+msgid "Error reading keyfile %s."
+msgstr "გასაღების ფაილის %s წაკითხვის შეცდომა."
+
+#: lib/tcrypt/tcrypt.c:558
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:600
+#, c-format
+msgid "PBKDF2 hash algorithm %s not available, skipping."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
+msgid "Required kernel crypto interface not available."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
+msgid "Ensure you have algif_skcipher kernel module loaded."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:762
+#, c-format
+msgid "Activation is not supported for %d sector size."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:768
+msgid "Kernel does not support activation for this TCRYPT legacy mode."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:799
+#, c-format
+msgid "Activating TCRYPT system encryption for partition %s."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:882
+msgid "Kernel does not support TCRYPT compatible mapping."
+msgstr ""
+
+#: lib/tcrypt/tcrypt.c:1095
+msgid "This function is not supported without TCRYPT header load."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:275
+#, c-format
+msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:328
+msgid "Invalid string found when parsing Volume Master Key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:332
+#, c-format
+msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:349
+#, c-format
+msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:451
+msgid "BITLK version 1 is currently not supported."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:457
+msgid "Invalid or unknown boot signature for BITLK device."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:469
+#, c-format
+msgid "Unsupported sector size %<PRIu16>."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:477
+#, c-format
+msgid "Failed to read BITLK header from %s."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:502
+#, c-format
+msgid "Failed to read BITLK FVE metadata from %s."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:554
+msgid "Unknown or unsupported encryption type."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:587
+#, c-format
+msgid "Failed to read BITLK metadata entries from %s."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:681
+msgid "Failed to convert BITLK volume description"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:841
+#, c-format
+msgid "Unexpected metadata entry type '%u' found when parsing external key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:860
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:864
+#, c-format
+msgid "Unexpected metadata entry value '%u' found when parsing external key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:903
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:908
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:933
+msgid "Unexpected metadata entry found when parsing startup key."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1029
+msgid "This operation is not supported."
+msgstr "ეს ოპერაცია მხარდაუჭერელია."
+
+#: lib/bitlk/bitlk.c:1037
+msgid "Unexpected key data size."
+msgstr "გასაღების მონაცემების მოულოდნელი ზომა."
+
+#: lib/bitlk/bitlk.c:1163
+msgid "This BITLK device is in an unsupported state and cannot be activated."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1168
+#, c-format
+msgid "BITLK devices with type '%s' cannot be activated."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1175
+msgid "Activation of partially decrypted BITLK device is not supported."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1216
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1343
+msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1347
+msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1351
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr ""
+
+#: lib/bitlk/bitlk.c:1355
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr ""
+
+#: lib/fvault2/fvault2.c:542
+#, c-format
+msgid "Could not read %u bytes of volume header."
+msgstr ""
+
+#: lib/fvault2/fvault2.c:554
+#, c-format
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr ""
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr ""
+
+#: lib/verity/verity.c:96
+#, c-format
+msgid "Unsupported VERITY version %d."
+msgstr ""
+
+#: lib/verity/verity.c:131
+msgid "VERITY header corrupted."
+msgstr "VERITY თავსართი დაზიანებულია."
+
+#: lib/verity/verity.c:176
+#, c-format
+msgid "Wrong VERITY UUID format provided on device %s."
+msgstr ""
+
+#: lib/verity/verity.c:220
+#, c-format
+msgid "Error during update of verity header on device %s."
+msgstr ""
+
+#: lib/verity/verity.c:278
+msgid "Root hash signature verification is not supported."
+msgstr ""
+
+#: lib/verity/verity.c:290
+msgid "Errors cannot be repaired with FEC device."
+msgstr ""
+
+#: lib/verity/verity.c:292
+#, c-format
+msgid "Found %u repairable errors with FEC device."
+msgstr ""
+
+#: lib/verity/verity.c:335
+msgid "Kernel does not support dm-verity mapping."
+msgstr ""
+
+#: lib/verity/verity.c:339
+msgid "Kernel does not support dm-verity signature option."
+msgstr ""
+
+#: lib/verity/verity.c:350
+msgid "Verity device detected corruption after activation."
+msgstr ""
+
+#: lib/verity/verity_hash.c:66
+#, c-format
+msgid "Spare area is not zeroed at position %<PRIu64>."
+msgstr ""
+
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
+msgid "Device offset overflow."
+msgstr "მოწყობილობის წანაცვლების გადავსება."
+
+#: lib/verity/verity_hash.c:218
+#, c-format
+msgid "Verification failed at position %<PRIu64>."
+msgstr "გადამოწმების შეცდომა მდებარეობაზე %<PRIu64>."
+
+#: lib/verity/verity_hash.c:307
+msgid "Hash area overflow."
+msgstr "ჰეშის ფართის გადავსება."
+
+#: lib/verity/verity_hash.c:380
+msgid "Verification of data area failed."
+msgstr "მონაცემების რეგიონის გადამოწმების შეცდომა."
+
+#: lib/verity/verity_hash.c:385
+msgid "Verification of root hash failed."
+msgstr ""
+
+#: lib/verity/verity_hash.c:391
+msgid "Input/output error while creating hash area."
+msgstr ""
+
+#: lib/verity/verity_hash.c:393
+msgid "Creation of hash area failed."
+msgstr ""
+
+#: lib/verity/verity_hash.c:428
+#, c-format
+msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
+msgstr ""
+
+#: lib/verity/verity_fec.c:131
+msgid "Failed to allocate RS context."
+msgstr ""
+
+#: lib/verity/verity_fec.c:149
+msgid "Failed to allocate buffer."
+msgstr "ბუფერის გამოყოფის შეცდომა."
+
+#: lib/verity/verity_fec.c:159
+#, c-format
+msgid "Failed to read RS block %<PRIu64> byte %d."
+msgstr ""
+
+#: lib/verity/verity_fec.c:172
+#, c-format
+msgid "Failed to read parity for RS block %<PRIu64>."
+msgstr ""
+
+#: lib/verity/verity_fec.c:180
+#, c-format
+msgid "Failed to repair parity for block %<PRIu64>."
+msgstr ""
+
+#: lib/verity/verity_fec.c:192
+#, c-format
+msgid "Failed to write parity for RS block %<PRIu64>."
+msgstr ""
+
+#: lib/verity/verity_fec.c:208
+msgid "Block sizes must match for FEC."
+msgstr ""
+
+#: lib/verity/verity_fec.c:214
+msgid "Invalid number of parity bytes."
+msgstr ""
+
+#: lib/verity/verity_fec.c:248
+msgid "Invalid FEC segment length."
+msgstr ""
+
+#: lib/verity/verity_fec.c:316
+#, c-format
+msgid "Failed to determine size for device %s."
+msgstr ""
+
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr ""
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
+msgid "Kernel does not support dm-integrity mapping."
+msgstr ""
+
+#: lib/integrity/integrity.c:283
+msgid "Kernel does not support dm-integrity fixed metadata alignment."
+msgstr ""
+
+#: lib/integrity/integrity.c:292
+msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
+msgstr ""
+
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
+#, c-format
+msgid "Failed to acquire write lock on device %s."
+msgstr ""
+
+#: lib/luks2/luks2_disk_metadata.c:400
+msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
+msgstr ""
+
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
+msgid ""
+"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
+"Please run \"cryptsetup repair\" for recovery."
+msgstr ""
+
+#: lib/luks2/luks2_json_format.c:229
+msgid "Requested data offset is too small."
+msgstr ""
+
+#: lib/luks2/luks2_json_format.c:274
+#, c-format
+msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:93
+#: lib/luks2/luks2_keyslot_luks2.c:115
+#, c-format
+msgid "Failed to acquire read lock on device %s."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1405
+#, c-format
+msgid "Forbidden LUKS2 requirements detected in backup %s."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1446
+msgid "Data offset differ on device and backup, restore failed."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1452
+msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1459
+#, c-format
+msgid "Device %s %s%s%s%s"
+msgstr "მოწყობილობა %s %s%s%s%s"
+
+#: lib/luks2/luks2_json_metadata.c:1460
+msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1461
+msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1463
+msgid ""
+"\n"
+"WARNING: unknown LUKS2 requirements detected in real device header!\n"
+"Replacing header with backup may corrupt the data on that device!"
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1465
+msgid ""
+"\n"
+"WARNING: Unfinished offline reencryption detected on the device!\n"
+"Replacing header with backup may corrupt data."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:1562
+#, c-format
+msgid "Ignored unknown flag %s."
+msgstr "უცნობი ალამი იგნორირებულია %s."
+
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
+#, c-format
+msgid "Missing key for dm-crypt segment %u"
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
+msgid "Failed to set dm-crypt segment."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
+msgid "Failed to set dm-linear segment."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2615
+msgid "Unsupported device integrity configuration."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2701
+msgid "Reencryption in-progress. Cannot deactivate device."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
+#, c-format
+msgid "Failed to replace suspended device %s with dm-error target."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2792
+msgid "Failed to read LUKS2 requirements."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2799
+msgid "Unmet LUKS2 requirements detected."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2807
+msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
+msgstr ""
+
+#: lib/luks2/luks2_json_metadata.c:2809
+msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
+msgid "Not enough available memory to open a keyslot."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
+msgid "Keyslot open failed."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_luks2.c:54 lib/luks2/luks2_keyslot_luks2.c:109
+#, c-format
+msgid "Cannot use %s-%s cipher for keyslot encryption."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_luks2.c:281 lib/luks2/luks2_keyslot_luks2.c:390
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_luks2.c:506
+msgid "No space for new keyslot."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr ""
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:512
+#, c-format
+msgid "Cannot check status of device with uuid: %s."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:538
+msgid "Unable to convert header with LUKSMETA additional metadata."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:584
+msgid "Unable to move keyslot area. Not enough space."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:636
+msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
+msgid "Unable to move keyslot area."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:732
+msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:740
+msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:752
+#, c-format
+msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:765
+#, c-format
+msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:779
+#, c-format
+msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:784
+#, c-format
+msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
+msgstr ""
+
+#: lib/luks2/luks2_luks1_convert.c:789
+#, c-format
+msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1152
+#, c-format
+msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1157
+#, c-format
+msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
+msgid "Failed to initialize old segment storage wrapper."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
+msgid "Failed to initialize new segment storage wrapper."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1578
+msgid "Failed to read checksums for current hotzone."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
+#, c-format
+msgid "Failed to read hotzone area starting at %<PRIu64>."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1604
+#, c-format
+msgid "Failed to decrypt sector %zu."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:1610
+#, c-format
+msgid "Failed to recover sector %zu."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2174
+#, c-format
+msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2272
+#, c-format
+msgid "Failed to activate hotzone device %s."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2289
+#, c-format
+msgid "Failed to activate overlay device %s with actual origin table."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2296
+#, c-format
+msgid "Failed to load new mapping for device %s."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2367
+msgid "Failed to refresh reencryption devices stack."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2550
+msgid "Failed to set new keyslots area size."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2824
+#, c-format
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "ცხრილის გასუფთავება შეუძლებელია."
+
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3004
+#, c-format
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3038
+#, c-format
+msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
+#, c-format
+msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3234
+msgid "Device not marked for LUKS2 reencryption."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
+msgid "Failed to load LUKS2 reencryption context."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3331
+msgid "Failed to get reencryption state."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
+msgid "Device is not in reencryption."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
+msgid "Reencryption process is already running."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
+msgid "Failed to acquire reencryption lock."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3362
+msgid "Cannot proceed with reencryption. Run reencryption recovery first."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3497
+msgid "Active device size and requested reencryption size don't match."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3511
+msgid "Illegal device size requested in reencryption parameters."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3588
+msgid "Reencryption in-progress. Cannot perform recovery."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3757
+msgid "LUKS2 reencryption already initialized in metadata."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3764
+msgid "Failed to initialize LUKS2 reencryption in metadata."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3859
+msgid "Failed to set device segments for next reencryption hotzone."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3911
+msgid "Failed to write reencryption resilience metadata."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3918
+msgid "Decryption failed."
+msgstr "გაშიფვრის შეცდომა."
+
+#: lib/luks2/luks2_reencrypt.c:3923
+#, c-format
+msgid "Failed to write hotzone area starting at %<PRIu64>."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:3928
+msgid "Failed to sync data."
+msgstr "მონაცემების სინქრონიზაციის შეცდომა."
+
+#: lib/luks2/luks2_reencrypt.c:3936
+msgid "Failed to update metadata after current reencryption hotzone completed."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4025
+msgid "Failed to write LUKS2 metadata."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
+msgid "Failed to remove unused (unbound) keyslot %d."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4064
+msgid "Failed to remove reencryption keyslot."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4074
+#, c-format
+msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4083
+msgid "Do not resume the device unless replaced with error target manually."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4137
+msgid "Cannot proceed with reencryption. Unexpected reencryption status."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4143
+msgid "Missing or invalid reencrypt context."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4150
+msgid "Failed to initialize reencryption device stack."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
+msgid "Failed to update reencryption context."
+msgstr ""
+
+#: lib/luks2/luks2_reencrypt_digest.c:405
+msgid "Reencryption metadata is invalid."
+msgstr ""
+
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr ""
+
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
+#, c-format
+msgid "Enter token PIN: "
+msgstr "შეიყვანეთ კოდის PIN კოდი: "
+
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr ""
+
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
+msgid "No known cipher specification pattern detected."
+msgstr ""
+
+#: src/cryptsetup.c:167
+msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
+msgstr ""
+
+#: src/cryptsetup.c:175
+msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
+msgstr ""
+
+#: src/cryptsetup.c:215
+#, c-format
+msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
+msgstr ""
+
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724
+msgid "Operation aborted.\n"
+msgstr "ოპერაცია გაუქმდა.\n"
+
+#: src/cryptsetup.c:294
+msgid "Option --key-file is required."
+msgstr ""
+
+#: src/cryptsetup.c:345
+msgid "Enter VeraCrypt PIM: "
+msgstr ""
+
+#: src/cryptsetup.c:354
+msgid "Invalid PIM value: parse error."
+msgstr ""
+
+#: src/cryptsetup.c:357
+msgid "Invalid PIM value: 0."
+msgstr ""
+
+#: src/cryptsetup.c:360
+msgid "Invalid PIM value: outside of range."
+msgstr ""
+
+#: src/cryptsetup.c:383
+msgid "No device header detected with this passphrase."
+msgstr ""
+
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
+#, c-format
+msgid "Device %s is not a valid BITLK device."
+msgstr ""
+
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr ""
+
+#: src/cryptsetup.c:506
+msgid ""
+"Header dump with volume key is sensitive information\n"
+"which allows access to encrypted partition without passphrase.\n"
+"This dump should be always stored encrypted on safe place."
+msgstr ""
+
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr ""
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr ""
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
+#, c-format
+msgid "Device %s is still active and scheduled for deferred removal.\n"
+msgstr ""
+
+#: src/cryptsetup.c:835
+msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
+msgstr ""
+
+#: src/cryptsetup.c:982
+msgid "Benchmark interrupted."
+msgstr ""
+
+#: src/cryptsetup.c:1003
+#, c-format
+msgid "PBKDF2-%-9s N/A\n"
+msgstr "PBKDF2-%-9s N/A\n"
+
+#: src/cryptsetup.c:1005
+#, c-format
+msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
+msgstr ""
+
+#: src/cryptsetup.c:1019
+#, c-format
+msgid "%-10s N/A\n"
+msgstr "%-10s N/A\n"
+
+#: src/cryptsetup.c:1021
+#, c-format
+msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
+msgstr ""
+
+#: src/cryptsetup.c:1045
+msgid "Result of benchmark is not reliable."
+msgstr ""
+
+#: src/cryptsetup.c:1095
+msgid "# Tests are approximate using memory only (no storage IO).\n"
+msgstr ""
+
+#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
+#: src/cryptsetup.c:1115
+#, c-format
+msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
+msgstr "#%*s ალგორითმი | გასაღები | დაშიფვრა | გაშიფვრა\n"
+
+#: src/cryptsetup.c:1119
+#, c-format
+msgid "Cipher %s (with %i bits key) is not available."
+msgstr ""
+
+#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
+#: src/cryptsetup.c:1138
+msgid "# Algorithm | Key | Encryption | Decryption\n"
+msgstr "# ალგორითმი | გასაღები | დაშიფვრა | გაშიფვრა\n"
+
+#: src/cryptsetup.c:1149
+msgid "N/A"
+msgstr "N/A"
+
+#: src/cryptsetup.c:1174
+msgid ""
+"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
+"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
+msgstr ""
+
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr ""
+
+#: src/cryptsetup.c:1224
+msgid "Really proceed with LUKS2 reencryption recovery?"
+msgstr ""
+
+#: src/cryptsetup.c:1233
+msgid "Enter passphrase to verify reencryption metadata digest: "
+msgstr ""
+
+#: src/cryptsetup.c:1235
+msgid "Enter passphrase for reencryption recovery: "
+msgstr ""
+
+#: src/cryptsetup.c:1290
+msgid "Really try to repair LUKS device header?"
+msgstr ""
+
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
+msgid ""
+"Wiping device to initialize integrity checksum.\n"
+"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
+msgstr ""
+
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
+#, c-format
+msgid "Cannot deactivate temporary device %s."
+msgstr ""
+
+#: src/cryptsetup.c:1392
+msgid "Integrity option can be used only for LUKS2 format."
+msgstr ""
+
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
+msgid "Unsupported LUKS2 metadata size options."
+msgstr ""
+
+#: src/cryptsetup.c:1406
+msgid "Header file does not exist, do you want to create it?"
+msgstr ""
+
+#: src/cryptsetup.c:1414
+#, c-format
+msgid "Cannot create header file %s."
+msgstr "თავსართის ფაილის (%s) შექმნის შეცდომა."
+
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
+msgid "No known integrity specification pattern detected."
+msgstr ""
+
+#: src/cryptsetup.c:1450
+#, c-format
+msgid "Cannot use %s as on-disk header."
+msgstr ""
+
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
+#, c-format
+msgid "This will overwrite data on %s irrevocably."
+msgstr ""
+
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
+msgid "Failed to set pbkdf parameters."
+msgstr ""
+
+#: src/cryptsetup.c:1593
+msgid "Reduced data offset is allowed only for detached LUKS header."
+msgstr ""
+
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr ""
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
+msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
+msgstr ""
+
+#: src/cryptsetup.c:1658
+msgid "Device activated but cannot make flags persistent."
+msgstr ""
+
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
+#, c-format
+msgid "Keyslot %d is selected for deletion."
+msgstr ""
+
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
+msgid "This is the last keyslot. Device will become unusable after purging this key."
+msgstr ""
+
+#: src/cryptsetup.c:1750
+msgid "Enter any remaining passphrase: "
+msgstr ""
+
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
+msgid "Operation aborted, the keyslot was NOT wiped.\n"
+msgstr ""
+
+#: src/cryptsetup.c:1787
+msgid "Enter passphrase to be deleted: "
+msgstr ""
+
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr ""
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
+msgid "Enter new passphrase for key slot: "
+msgstr ""
+
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
+#, c-format
+msgid "Enter any existing passphrase: "
+msgstr ""
+
+#: src/cryptsetup.c:2152
+msgid "Enter passphrase to be changed: "
+msgstr ""
+
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
+msgid "Enter new passphrase: "
+msgstr "შეიყვანეთ ახალი საკვანძო ფრაზა: "
+
+#: src/cryptsetup.c:2218
+msgid "Enter passphrase for keyslot to be converted: "
+msgstr ""
+
+#: src/cryptsetup.c:2242
+msgid "Only one device argument for isLuks operation is supported."
+msgstr ""
+
+#: src/cryptsetup.c:2350
+#, c-format
+msgid "Keyslot %d does not contain unbound key."
+msgstr ""
+
+#: src/cryptsetup.c:2355
+msgid ""
+"The header dump with unbound key is sensitive information.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
+#, c-format
+msgid "%s is not active %s device name."
+msgstr ""
+
+#: src/cryptsetup.c:2465
+#, c-format
+msgid "%s is not active LUKS device name or header is missing."
+msgstr ""
+
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
+msgid "Option --header-backup-file is required."
+msgstr ""
+
+#: src/cryptsetup.c:2577
+#, c-format
+msgid "%s is not cryptsetup managed device."
+msgstr ""
+
+#: src/cryptsetup.c:2588
+#, c-format
+msgid "Refresh is not supported for device type %s"
+msgstr ""
+
+#: src/cryptsetup.c:2638
+#, c-format
+msgid "Unrecognized metadata device type %s."
+msgstr ""
+
+#: src/cryptsetup.c:2640
+msgid "Command requires device and mapped name as arguments."
+msgstr ""
+
+#: src/cryptsetup.c:2661
+#, c-format
+msgid ""
+"This operation will erase all keyslots on device %s.\n"
+"Device will become unusable after this operation."
+msgstr ""
+
+#: src/cryptsetup.c:2668
+msgid "Operation aborted, keyslots were NOT wiped.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2707
+msgid "Invalid LUKS type, only luks1 and luks2 are supported."
+msgstr ""
+
+#: src/cryptsetup.c:2723
+#, c-format
+msgid "Device is already %s type."
+msgstr ""
+
+#: src/cryptsetup.c:2730
+#, c-format
+msgid "This operation will convert %s to %s format.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2733
+msgid "Operation aborted, device was NOT converted.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2773
+msgid "Option --priority, --label or --subsystem is missing."
+msgstr ""
+
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
+#, c-format
+msgid "Token %d is invalid."
+msgstr "კოდი %d არასწორია."
+
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
+#, c-format
+msgid "Token %d in use."
+msgstr "კოდი %d გამოიყენება."
+
+#: src/cryptsetup.c:2822
+#, c-format
+msgid "Failed to add luks2-keyring token %d."
+msgstr ""
+
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
+#, c-format
+msgid "Failed to assign token %d to keyslot %d."
+msgstr ""
+
+#: src/cryptsetup.c:2850
+#, c-format
+msgid "Token %d is not in use."
+msgstr "კოდი %d არ გამოიყენება."
+
+#: src/cryptsetup.c:2887
+msgid "Failed to import token from file."
+msgstr ""
+
+#: src/cryptsetup.c:2912
+#, c-format
+msgid "Failed to get token %d for export."
+msgstr ""
+
+#: src/cryptsetup.c:2925
+#, c-format
+msgid "Token %d is not assigned to keyslot %d."
+msgstr ""
+
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
+#, c-format
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr ""
+
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr ""
+
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr ""
+
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr ""
+
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr ""
+
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr ""
+
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr ""
+
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr ""
+
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr ""
+
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr ""
+
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr ""
+
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr ""
+
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr ""
+
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr ""
+
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr ""
+
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr ""
+
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr ""
+
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr ""
+
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr ""
+
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr ""
+
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr ""
+
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr ""
+
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr ""
+
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "არასწორი კოდის ქმედება."
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr ""
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr ""
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr ""
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr ""
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr ""
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<მოწყობილობა> [--type <ტიპი>] [<სახელი>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr ""
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<name>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
+msgid "close device (remove mapping)"
+msgstr ""
+
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
+msgid "resize active device"
+msgstr "აქტიური მოწყობილობის ზომის შეცვლა"
+
+#: src/cryptsetup.c:3159
+msgid "show device status"
+msgstr "მოწყობილობის მდგომარეობის ჩვენება"
+
+#: src/cryptsetup.c:3160
+msgid "[--cipher <cipher>]"
+msgstr "[--cipher <შიფრი>]"
+
+#: src/cryptsetup.c:3160
+msgid "benchmark cipher"
+msgstr ""
+
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
+msgid "<device>"
+msgstr "<მოწყობილობა>"
+
+#: src/cryptsetup.c:3161
+msgid "try to repair on-disk metadata"
+msgstr ""
+
+#: src/cryptsetup.c:3162
+msgid "reencrypt LUKS2 device"
+msgstr ""
+
+#: src/cryptsetup.c:3163
+msgid "erase all keyslots (remove encryption key)"
+msgstr ""
+
+#: src/cryptsetup.c:3164
+msgid "convert LUKS from/to LUKS2 format"
+msgstr ""
+
+#: src/cryptsetup.c:3165
+msgid "set permanent configuration options for LUKS2"
+msgstr ""
+
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
+msgid "<device> [<new key file>]"
+msgstr ""
+
+#: src/cryptsetup.c:3166
+msgid "formats a LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3167
+msgid "add key to LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
+msgid "<device> [<key file>]"
+msgstr "<მოწყობილობა> [<გასაღების ფაილი>]"
+
+#: src/cryptsetup.c:3168
+msgid "removes supplied key or key file from LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3169
+msgid "changes supplied key or key file of LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3170
+msgid "converts a key to new pbkdf parameters"
+msgstr ""
+
+#: src/cryptsetup.c:3171
+msgid "<device> <key slot>"
+msgstr ""
+
+#: src/cryptsetup.c:3171
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3172
+msgid "print UUID of LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3173
+msgid "tests <device> for LUKS partition header"
+msgstr ""
+
+#: src/cryptsetup.c:3174
+msgid "dump LUKS partition information"
+msgstr ""
+
+#: src/cryptsetup.c:3175
+msgid "dump TCRYPT device information"
+msgstr ""
+
+#: src/cryptsetup.c:3176
+msgid "dump BITLK device information"
+msgstr ""
+
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr ""
+
+#: src/cryptsetup.c:3178
+msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
+msgstr ""
+
+#: src/cryptsetup.c:3179
+msgid "Resume suspended LUKS device"
+msgstr ""
+
+#: src/cryptsetup.c:3180
+msgid "Backup LUKS device header and keyslots"
+msgstr ""
+
+#: src/cryptsetup.c:3181
+msgid "Restore LUKS device header and keyslots"
+msgstr ""
+
+#: src/cryptsetup.c:3182
+msgid "<add|remove|import|export> <device>"
+msgstr ""
+
+#: src/cryptsetup.c:3182
+msgid "Manipulate LUKS2 tokens"
+msgstr ""
+
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
+msgid ""
+"\n"
+"<action> is one of:\n"
+msgstr ""
+"\n"
+"<ქმედება> შეიძლება იყოს:\n"
+
+#: src/cryptsetup.c:3207
+msgid ""
+"\n"
+"You can also use old <action> syntax aliases:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
+msgstr ""
+
+#: src/cryptsetup.c:3211
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
+msgstr ""
+
+#: src/cryptsetup.c:3218
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in metadata format is %s (for luksFormat action).\n"
+msgstr ""
+
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr ""
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "გამორთულია"
+
+#: src/cryptsetup.c:3230
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in key and passphrase parameters:\n"
+"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
+"Default PBKDF for LUKS2: %s\n"
+"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
+msgstr ""
+
+#: src/cryptsetup.c:3241
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in device cipher parameters:\n"
+"\tloop-AES: %s, Key %d bits\n"
+"\tplain: %s, Key: %d bits, Password hashing: %s\n"
+"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
+msgstr ""
+
+#: src/cryptsetup.c:3250
+msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr ""
+
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "გასაღების სლოტი არასწორია."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr ""
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr ""
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr ""
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr ""
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr ""
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr ""
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
+msgid "Show this help message"
+msgstr "დახმარების ამ შეტყობინების ჩვენება"
+
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
+msgid "Display brief usage"
+msgstr "გამოყენების მოკლე შეტყობინება"
+
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
+msgid "Print package version"
+msgstr "პაკეტის ვერსიის გამოტანა"
+
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
+msgid "Help options:"
+msgstr "დახმარების პარამეტრები:"
+
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
+msgid "[OPTION...] <action> <action-specific>"
+msgstr ""
+
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
+msgid "Argument <action> missing."
+msgstr ""
+
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
+msgid "Unknown action."
+msgstr "უცნობი ქმედება."
+
+#: src/cryptsetup.c:3546
+msgid "Option --key-file takes precedence over specified key file argument."
+msgstr ""
+
+#: src/cryptsetup.c:3552
+msgid "Only one --key-file argument is allowed."
+msgstr ""
+
+#: src/cryptsetup.c:3557
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+msgstr ""
+
+#: src/cryptsetup.c:3562
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
+msgstr ""
+
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr ""
+
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3594
+msgid "Cannot disable metadata locking."
+msgstr ""
+
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
+msgstr "მარილის მითითებული სტრიქონი არასწორია."
+
+#: src/veritysetup.c:87
+#, c-format
+msgid "Cannot create hash image %s for writing."
+msgstr ""
+
+#: src/veritysetup.c:97
+#, c-format
+msgid "Cannot create FEC image %s for writing."
+msgstr ""
+
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr ""
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr ""
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr ""
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr ""
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr ""
+
+#: src/veritysetup.c:241
+msgid "Invalid root hash string specified."
+msgstr ""
+
+#: src/veritysetup.c:249
+#, c-format
+msgid "Invalid signature file %s."
+msgstr ""
+
+#: src/veritysetup.c:256
+#, c-format
+msgid "Cannot read signature file %s."
+msgstr ""
+
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr ""
+
+#: src/veritysetup.c:489
+msgid "<data_device> <hash_device>"
+msgstr ""
+
+#: src/veritysetup.c:489 src/integritysetup.c:534
+msgid "format device"
+msgstr "მოწყობილობის ფორმატირება"
+
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr ""
+
+#: src/veritysetup.c:490
+msgid "verify device"
+msgstr "მოწყობილობის გადამოწმება"
+
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr ""
+
+#: src/veritysetup.c:493 src/integritysetup.c:537
+msgid "show active device status"
+msgstr "აქტიურ მოწყობილობის სტატუსის ჩვენება"
+
+#: src/veritysetup.c:494
+msgid "<hash_device>"
+msgstr "<ჰეშის მოწყობილობა>"
+
+#: src/veritysetup.c:494 src/integritysetup.c:538
+msgid "show on-disk information"
+msgstr ""
+
+#: src/veritysetup.c:513
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
+msgstr ""
+
+#: src/veritysetup.c:520
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
+msgstr ""
+
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr ""
+
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr ""
+
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr ""
+
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr ""
+
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr ""
+
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr ""
+
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr ""
+
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr ""
+
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr ""
+
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr ""
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr ""
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr ""
+
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr ""
+
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr ""
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr ""
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr ""
+
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"გაფრთხილება!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "ტერმინალიდან მიღებული პასუხის წაკითხვის შეცდომა."
+
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "ბრძანება წარმატებულია."
+
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "ნაკლული ან არასწორი პარამეტრები"
+
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "აკრძალული წვდომა ან არასწორი საკვანძო ფრაზა"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "მეხსიერებას გარეთ"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "მითითებული მოწყობილობა ან ფაილი არასწორია"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "მოწყობილობა უკვე არსებობს ან დაკავებულია"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "უცნობი შეცდომა"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr ""
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr ""
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr ""
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr ""
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr ""
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr ""
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr ""
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr ""
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr ""
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr ""
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr ""
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr ""
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr ""
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr ""
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr ""
+
+#: src/utils_tools.c:393
+#, c-format
+msgid "Cannot read keyfile %s."
+msgstr ""
+
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr ""
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr ""
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr ""
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>სთ%02<PRIu64>წთ%02<PRIu64>წმ"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> დღე"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s ჩაწერილია"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "სიჩქარე %5.1f %s/წმ"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "მიმდინარეობა: %5.1f%%, დარჩენილია %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "დასრულდა. დრო: %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:74
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr ""
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+
+#: src/utils_password.c:81
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr ""
+
+#: src/utils_password.c:232 src/utils_password.c:246
+msgid "Error reading passphrase from terminal."
+msgstr ""
+
+#: src/utils_password.c:244
+msgid "Verify passphrase: "
+msgstr "გადაამოწმეთ საკვანძო ფრაზა: "
+
+#: src/utils_password.c:251
+msgid "Passphrases do not match."
+msgstr "საკვანძო ფრაზები არ ემთხვევა."
+
+#: src/utils_password.c:289
+msgid "Cannot use offset with terminal input."
+msgstr ""
+
+#: src/utils_password.c:293
+#, c-format
+msgid "Enter passphrase: "
+msgstr "შეიყვანეთ საკვანძო ფრაზა: "
+
+#: src/utils_password.c:296
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "შეიყვანეთ საკვანძო ფრაზა \"%s\"-სთვის: "
+
+#: src/utils_password.c:330
+msgid "No key available with this passphrase."
+msgstr ""
+
+#: src/utils_password.c:332
+msgid "No usable keyslot is available."
+msgstr ""
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr ""
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr ""
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr ""
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "JSON ფაილის წაკითხვის შეცდომა."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"წაკითხვა შეწყდა."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr ""
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"ჩაწერა შეწყდა."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "JSON ფაილი ჩაწერის შეცდომა."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr ""
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr ""
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr ""
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr ""
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr ""
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr ""
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr ""
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr ""
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr ""
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+
+#: src/utils_reencrypt.c:494
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr ""
+
+#: src/utils_reencrypt.c:500
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr ""
+
+#: src/utils_reencrypt.c:510
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:540
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr ""
+
+#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr ""
+
+#: src/utils_reencrypt.c:574
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr ""
+
+#: src/utils_reencrypt.c:611
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr ""
+
+#: src/utils_reencrypt.c:621
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:657
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr ""
+
+#: src/utils_reencrypt.c:685
+msgid "Restoring original LUKS2 header."
+msgstr ""
+
+#: src/utils_reencrypt.c:693
+msgid "Original LUKS2 header restore failed."
+msgstr ""
+
+#: src/utils_reencrypt.c:719
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr ""
+
+#: src/utils_reencrypt.c:767
+msgid "Failed to add read/write permissions to exported header file."
+msgstr ""
+
+#: src/utils_reencrypt.c:820
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr ""
+
+#: src/utils_reencrypt.c:848
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr ""
+
+#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992
+msgid "Not enough free keyslots for reencryption."
+msgstr ""
+
+#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr ""
+
+#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr ""
+
+#: src/utils_reencrypt.c:1034
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr ""
+
+#: src/utils_reencrypt.c:1086
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:1140
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr ""
+
+#: src/utils_reencrypt.c:1242
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+
+#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"თავიდან დაშიფვრა შეწყვეტილია."
+
+#: src/utils_reencrypt.c:1287
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr ""
+
+#: src/utils_reencrypt.c:1304
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr ""
+
+#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr ""
+
+#: src/utils_reencrypt.c:1348
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr ""
+
+#: src/utils_reencrypt.c:1421
+msgid "LUKS2 decryption requires --header option."
+msgstr ""
+
+#: src/utils_reencrypt.c:1469
+msgid "Command requires device as argument."
+msgstr ""
+
+#: src/utils_reencrypt.c:1482
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr ""
+
+#: src/utils_reencrypt.c:1488
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr ""
+
+#: src/utils_reencrypt.c:1494
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr ""
+
+#: src/utils_reencrypt.c:1500
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr ""
+
+#: src/utils_reencrypt.c:1506
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr ""
+
+#: src/utils_reencrypt.c:1513
+msgid "Device reencryption not in progress."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "ჟურნალის არასწორი ფორმატი."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "მოწყობილობის ზომის მიღების შეცდომა."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "მითითებული UUID არასწორია."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr ""
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "ტომის გასაღები"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "ჰეშის დაყენება "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ""
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr ""
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr ""
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr ""
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr ""
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr ""
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr ""
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr ""
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr ""
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr ""
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr ""
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<ქმედება> <მოწყობილობა>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr ""
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "%s@%s-ის პაროლი: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "არგუმენტების დამუშავების შეცდომა.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr ""
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr ""
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "SFTP სესიის შექმნის შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "SFTP სესიის ინიციალიზაციის შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "SFTP სესიის გახსნის შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "SFTP ფაილის აღმოჩენის შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "არასაკმარისი მეხსიერება.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "დაშორებული გასაღების წაკითხვის შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "მიერთების შეცდომა: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "სერვერი უცნობია: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr ""
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr ""
msgstr ""
"Project-Id-Version: cryptsetup-2.3.0-rc0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2020-01-12 12:33+0100\n"
"PO-Revision-Date: 2020-01-13 20:42+0100\n"
"Last-Translator: Benno Schulenberg <vertaling@coevern.nl>\n"
"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:397
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Kan apparaatstoewijzer niet initialiseren, uitvoering als non-root gebruiker."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:400
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Kan apparaatstoewijzer niet initialiseren. Is kernelmodule dm_mod geladen?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1120
#, fuzzy
msgid "Requested deferred flag is not supported."
msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund.\n"
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1187
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID voor apparaat %s werd afgekapt."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1509
msgid "Unknown dm target type."
msgstr ""
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1612 lib/libdevmapper.c:1664
msgid "Requested dm-crypt performance options are not supported."
msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1619
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1623
#, fuzzy
msgid "Requested dm-verity FEC options are not supported."
msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n"
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1627
#, fuzzy
msgid "Requested data integrity options are not supported."
msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n"
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1629
#, fuzzy
msgid "Requested sector_size option is not supported."
msgstr "Aangevraagde prestatie-opties voor dm-crypt worden niet ondersteund.\n"
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1634
#, fuzzy
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund.\n"
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-#, fuzzy
-msgid "Discard/TRIM is not supported."
-msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n"
-
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1638
#, fuzzy
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Aangevraagde opties voor behandeling van datacorruptie van dm-verity worden niet ondersteund.\n"
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:1667
+#, fuzzy
+msgid "Discard/TRIM is not supported."
+msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n"
+
+#: lib/libdevmapper.c:2585
#, c-format
msgid "Failed to query dm-%s segment."
msgstr ""
-#: lib/random.c:75
+#: lib/random.c:80
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Systeem heeft niet genoeg willekeurige gegevens om de sleutel tot het opslagmedium verder te genereren.\n"
"Beweeg de muis of typ wat tekst in een nieuw venster om enkele willekeurige evenementen te verzamelen.\n"
-#: lib/random.c:79
+#: lib/random.c:84
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Sleutel wordt gegenereerd (%d%% afgewerkt).\n"
-#: lib/random.c:165
+#: lib/random.c:170
msgid "Running in FIPS mode."
msgstr "Uitvoering in FIPS-modus."
-#: lib/random.c:171
+#: lib/random.c:176
msgid "Fatal error during RNG initialisation."
msgstr "Fatale fout bij initialisatie van RNG."
-#: lib/random.c:208
+#: lib/random.c:213
msgid "Unknown RNG quality requested."
msgstr "Onbekende RNG-kwaliteit aangevraagd."
-#: lib/random.c:213
+#: lib/random.c:218
msgid "Error reading from RNG."
msgstr "Fout bij lezen uit RNG."
-#: lib/setup.c:229
+#: lib/setup.c:230
msgid "Cannot initialize crypto RNG backend."
msgstr "Kan RNG versleutelings-backend niet initialiseren."
-#: lib/setup.c:235
+#: lib/setup.c:236
msgid "Cannot initialize crypto backend."
msgstr "Kan versleutelings-backend niet initialiseren."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:267 lib/setup.c:2044 lib/verity/verity.c:120
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:270 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Sleutelbehandelingsfout (met hash %s in gebruik)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:336 lib/setup.c:363
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Apparaatstype kan niet bepaald worden. Incompatibele apparaatsactivering?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:342 lib/setup.c:3048
msgid "This operation is supported only for LUKS device."
msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten."
-#: lib/setup.c:368
+#: lib/setup.c:369
msgid "This operation is supported only for LUKS2 device."
msgstr "Deze operatie wordt enkel ondersteund voor LUKS2-apparaten."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:424 lib/luks2/luks2_reencrypt.c:2345
msgid "All key slots full."
msgstr "Alle sleutelplaatsen zijn vol."
-#: lib/setup.c:434
+#: lib/setup.c:435
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Sleutelplaats %d is ongeldig, selecteer een plaats tussen 0 en %d."
-#: lib/setup.c:440
+#: lib/setup.c:441
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Sleutelplaats %d is vol, selecteer een andere."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:526 lib/setup.c:2822
#, fuzzy
msgid "Device size is not aligned to device logical block size."
msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
-#: lib/setup.c:624
+#: lib/setup.c:622
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Koptekst gevonden maar apparaat %s is te klein."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:659
msgid "This operation is not supported for this device type."
msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype."
-#: lib/setup.c:666
+#: lib/setup.c:664
msgid "Illegal operation with reencryption in-progress."
msgstr ""
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:830 lib/luks1/keymanage.c:476
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Niet-ondersteunde LUKS-versie %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:847 lib/setup.c:1537 lib/setup.c:1957
+#, fuzzy
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n"
+
+#: lib/setup.c:1425 lib/setup.c:2542 lib/setup.c:2614 lib/setup.c:2626
+#: lib/setup.c:2775 lib/setup.c:4510
#, c-format
msgid "Device %s is not active."
msgstr "Apparaat %s is niet actief."
-#: lib/setup.c:1444
+#: lib/setup.c:1442
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Onderliggend apparaat van versleutelingsapparaat %s is verdwenen."
-#: lib/setup.c:1524
+#: lib/setup.c:1522
msgid "Invalid plain crypt parameters."
msgstr "Ongeldige normale versleutelingsparameters."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1527 lib/setup.c:1947 src/integritysetup.c:73
msgid "Invalid key size."
msgstr "Ongeldige sleutelgrootte."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1532 lib/setup.c:1952 lib/setup.c:2155
msgid "UUID is not supported for this crypt type."
msgstr "UUID wordt niet ondersteund voor dit encryptietype."
-#: lib/setup.c:1539 lib/setup.c:1959
-#, fuzzy
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n"
-
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1547 lib/setup.c:1737 lib/luks2/luks2_reencrypt.c:2308
+#: src/cryptsetup.c:1232
#, fuzzy
msgid "Unsupported encryption sector size."
msgstr "Kan herencryptie-logbestand niet lezen.\n"
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1555 lib/setup.c:1862 lib/setup.c:2816
#, fuzzy
msgid "Device size is not aligned to requested sector size."
msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1606 lib/setup.c:1725
msgid "Can't format LUKS without device."
msgstr "Kan LUKS niet formatteren zonder apparaat."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1612 lib/setup.c:1731
msgid "Requested data alignment is not compatible with data offset."
msgstr ""
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1680 lib/setup.c:1849
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr ""
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1690 lib/setup.c:1877 lib/setup.c:1898 lib/setup.c:2167
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Kan koptekst op apparaat %s niet wissen."
-#: lib/setup.c:1744
+#: lib/setup.c:1742
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr ""
-#: lib/setup.c:1766
+#: lib/setup.c:1764
msgid "Volume key is too small for encryption with integrity extensions."
msgstr ""
-#: lib/setup.c:1821
+#: lib/setup.c:1819
#, fuzzy, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Versleutelalgoritme %s is niet beschikbaar.\n"
-#: lib/setup.c:1854
+#: lib/setup.c:1852
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr ""
-#: lib/setup.c:1858
+#: lib/setup.c:1856
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr ""
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1880 lib/utils_device.c:829 lib/luks1/keyencryption.c:256
+#: lib/luks2/luks2_reencrypt.c:2356 lib/luks2/luks2_reencrypt.c:3367
#, c-format
msgid "Device %s is too small."
msgstr "Apparaat %s is te klein."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1891 lib/setup.c:1917
#, fuzzy, c-format
msgid "Cannot format device %s in use."
msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n"
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1894 lib/setup.c:1920
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Kan apparaat %s niet formatteren: toestemming geweigerd."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1906 lib/setup.c:2227
#, fuzzy, c-format
msgid "Cannot format integrity for device %s."
msgstr "Kan apparaat %s niet beschrijven.\n"
-#: lib/setup.c:1926
+#: lib/setup.c:1924
#, c-format
msgid "Cannot format device %s."
msgstr "Kan apparaat %s niet formatteren."
-#: lib/setup.c:1944
+#: lib/setup.c:1942
msgid "Can't format LOOPAES without device."
msgstr "Kan LOOPAES niet formatteren zonder apparaat."
-#: lib/setup.c:1989
+#: lib/setup.c:1987
msgid "Can't format VERITY without device."
msgstr "Kan VERITY niet formatteren zonder apparaat."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:1998 lib/verity/verity.c:103
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Niet-ondersteund VERITY-hashtype %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2004 lib/verity/verity.c:111
msgid "Unsupported VERITY block size."
msgstr "Niet-ondersteunde VERITY-blokgrootte."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2009 lib/verity/verity.c:75
msgid "Unsupported VERITY hash offset."
msgstr "Niet-ondersteunde VERITY-hashgegevenspositie."
-#: lib/setup.c:2016
+#: lib/setup.c:2014
msgid "Unsupported VERITY FEC offset."
msgstr "Niet-ondersteunde VERITY-FEC-gegevenspositie."
-#: lib/setup.c:2040
+#: lib/setup.c:2038
msgid "Data area overlaps with hash area."
msgstr "Overlapping tussen datagedeelte en hashgedeelte."
-#: lib/setup.c:2065
+#: lib/setup.c:2063
msgid "Hash area overlaps with FEC area."
msgstr "Overlapping tussen hashgedeelte en FEC-gedeelte."
-#: lib/setup.c:2072
+#: lib/setup.c:2070
msgid "Data area overlaps with FEC area."
msgstr "Overlapping tussen datagedeelte en FEC-gedeelte."
-#: lib/setup.c:2208
+#: lib/setup.c:2206
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr ""
-#: lib/setup.c:2286
+#: lib/setup.c:2284
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Onbekend versleutelingsapparaattype %s aangevraagd."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2548 lib/setup.c:2620 lib/setup.c:2633
#, fuzzy, c-format
msgid "Unsupported parameters on device %s."
msgstr "Kan koptekst op apparaat %s niet wissen.\n"
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2554 lib/setup.c:2639 lib/luks2/luks2_reencrypt.c:2408
+#: lib/luks2/luks2_reencrypt.c:2737
#, fuzzy, c-format
msgid "Mismatching parameters on device %s."
msgstr "Kan koptekst op apparaat %s niet wissen.\n"
-#: lib/setup.c:2664
+#: lib/setup.c:2659
msgid "Crypt devices mismatch."
msgstr ""
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2696 lib/setup.c:2701 lib/luks2/luks2_reencrypt.c:2054
+#: lib/luks2/luks2_reencrypt.c:3145
#, fuzzy, c-format
msgid "Failed to reload device %s."
msgstr "Kan apparaat niet lezen: %s.\n"
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2706 lib/setup.c:2711 lib/luks2/luks2_reencrypt.c:2025
+#: lib/luks2/luks2_reencrypt.c:2032
#, fuzzy, c-format
msgid "Failed to suspend device %s."
msgstr "Openen van sleutelbestand is mislukt.\n"
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2039
+#: lib/luks2/luks2_reencrypt.c:3080 lib/luks2/luks2_reencrypt.c:3149
#, fuzzy, c-format
msgid "Failed to resume device %s."
msgstr "Kan apparaat niet lezen: %s.\n"
-#: lib/setup.c:2735
+#: lib/setup.c:2730
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr ""
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2733 lib/setup.c:2735
#, fuzzy, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen."
-#: lib/setup.c:2817
+#: lib/setup.c:2807
msgid "Cannot resize loop device."
msgstr "Kan grootte van loopback-apparaat niet aanpassen."
-#: lib/setup.c:2890
+#: lib/setup.c:2880
msgid "Do you really want to change UUID of device?"
msgstr "Bent u zeker dat u het UUID van het apparaat wilt wijzigen?"
-#: lib/setup.c:2966
+#: lib/setup.c:2956
#, fuzzy
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst.\n"
-#: lib/setup.c:3066
+#: lib/setup.c:3056
#, c-format
msgid "Volume %s is not active."
msgstr "Opslagmedium %s is niet actief."
-#: lib/setup.c:3077
+#: lib/setup.c:3067
#, c-format
msgid "Volume %s is already suspended."
msgstr "Opslagmedium %s is reeds geschorst."
-#: lib/setup.c:3090
+#: lib/setup.c:3080
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Opschorten wordt niet ondersteund voor apparaat %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3082
#, c-format
msgid "Error during suspending device %s."
msgstr "Fout bij het opschorten van apparaat %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3115 lib/setup.c:3182 lib/setup.c:3265
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "Opslagmedium %s is niet geschorst."
+
+#: lib/setup.c:3144
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Hervatting wordt niet ondersteund voor apparaat %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3146 lib/setup.c:3214 lib/setup.c:3295
#, c-format
msgid "Error during resuming device %s."
msgstr "Fout bij het hervatten van apparaat %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, c-format
-msgid "Volume %s is not suspended."
-msgstr "Opslagmedium %s is niet geschorst."
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3280 lib/setup.c:3646 lib/setup.c:4307 lib/setup.c:4320
+#: lib/setup.c:4328 lib/setup.c:4341 lib/setup.c:4691 lib/setup.c:5834
msgid "Volume key does not match the volume."
msgstr "Sleutel tot opslagmedium komt niet overeen met het opslagmedium."
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3341 lib/setup.c:3529
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Kan geen sleutelplaats toevoegen, alle plaatsen zijn uitgeschakeld en er is geen sleutel tot het opslagmedium voorzien."
-#: lib/setup.c:3487
+#: lib/setup.c:3481
msgid "Failed to swap new key slot."
msgstr "Kan nieuwe sleutelplaats niet verwisselen."
-#: lib/setup.c:3673
+#: lib/setup.c:3667
#, c-format
msgid "Key slot %d is invalid."
msgstr "Sleutelplaats %d is ongeldig."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3673 src/cryptsetup.c:1577 src/cryptsetup.c:1922
#, c-format
msgid "Keyslot %d is not active."
msgstr "Sleutelplaats %d is niet in gebruik."
-#: lib/setup.c:3698
+#: lib/setup.c:3692
msgid "Device header overlaps with data area."
msgstr "Overlapping tussen apparaatskoptekst en hashgedeelte."
-#: lib/setup.c:3992
+#: lib/setup.c:3979
msgid "Reencryption in-progress. Cannot activate device."
msgstr ""
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:3981 lib/luks2/luks2_json_metadata.c:2239
+#: lib/luks2/luks2_reencrypt.c:2836
#, fuzzy
msgid "Failed to get reencryption lock."
msgstr "Kan herencryptie-logbestand niet lezen.\n"
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:3994 lib/luks2/luks2_reencrypt.c:2855
#, fuzzy
msgid "LUKS2 reencryption recovery failed."
msgstr "Kan herencryptie-logbestand niet openen.\n"
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4125 lib/setup.c:4377
msgid "Device type is not properly initialized."
msgstr "Apparaatstype is niet behoorlijk geïnitialiseerd."
-#: lib/setup.c:4223
-#, c-format
-msgid "Device %s already exists."
-msgstr "Apparaat %s bestaat reeds."
-
-#: lib/setup.c:4230
+#: lib/setup.c:4169
#, fuzzy, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n"
-#: lib/setup.c:4350
+#: lib/setup.c:4172
+#, c-format
+msgid "Device %s already exists."
+msgstr "Apparaat %s bestaat reeds."
+
+#: lib/setup.c:4294
msgid "Incorrect volume key specified for plain device."
msgstr "Incorrecte sleutel tot het opslagmedium voor normaal apparaat verschaft."
-#: lib/setup.c:4463
+#: lib/setup.c:4403
msgid "Incorrect root hash specified for verity device."
msgstr "Incorrecte root-hash voor het VERITY-apparaat opgegeven."
-#: lib/setup.c:4470
+#: lib/setup.c:4410
msgid "Root hash signature required."
msgstr ""
-#: lib/setup.c:4479
+#: lib/setup.c:4419
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr ""
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4436 lib/setup.c:5910
#, fuzzy
msgid "Failed to load key in kernel keyring."
msgstr "Openen van sleutelbestand is mislukt.\n"
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4489 lib/setup.c:4505 lib/luks2/luks2_json_metadata.c:2292
+#: src/cryptsetup.c:2597
#, c-format
msgid "Device %s is still in use."
msgstr "Apparaat %s is nog in gebruik."
-#: lib/setup.c:4574
+#: lib/setup.c:4514
#, c-format
msgid "Invalid device %s."
msgstr "Ongeldig apparaat %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4630
msgid "Volume key buffer too small."
msgstr "Sleutelbuffer van het opslagmedium is te klein."
-#: lib/setup.c:4698
+#: lib/setup.c:4638
msgid "Cannot retrieve volume key for plain device."
msgstr "Kan sleutel tot het opslagmedium voor normaal apparaat niet ophalen."
-#: lib/setup.c:4715
+#: lib/setup.c:4655
#, fuzzy
msgid "Cannot retrieve root hash for verity device."
msgstr "Incorrecte root-hash voor het VERITY-apparaat opgegeven.\n"
-#: lib/setup.c:4717
+#: lib/setup.c:4657
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s."
-#: lib/setup.c:4923
+#: lib/setup.c:4863
msgid "Dump operation is not supported for this device type."
msgstr "Dump-operatie wordt niet ondersteund voor dit apparaatstype."
-#: lib/setup.c:5251
+#: lib/setup.c:5188
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr ""
-#: lib/setup.c:5536
+#: lib/setup.c:5470
#, fuzzy, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Kan apparaat %s niet formatteren; het is nog steeds actief.\n"
-#: lib/setup.c:5833
+#: lib/setup.c:5767
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr ""
-#: lib/setup.c:5906
+#: lib/setup.c:5840
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr ""
-#: lib/setup.c:5912
+#: lib/setup.c:5846
#, fuzzy, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n"
-#: lib/setup.c:6043
+#: lib/setup.c:5977
#, fuzzy
msgid "Kernel keyring is not supported by the kernel."
msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype.\n"
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:5987 lib/luks2/luks2_reencrypt.c:2952
#, fuzzy, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: lib/setup.c:6077
+#: lib/setup.c:6011
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr ""
-#: lib/utils.c:80
+#: lib/utils.c:81
msgid "Cannot get process priority."
msgstr "Kan geen procesprioriteit verkrijgen."
-#: lib/utils.c:94
+#: lib/utils.c:95
msgid "Cannot unlock memory."
msgstr "Kan geheugen niet ontgrendelen."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:169 lib/tcrypt/tcrypt.c:498
msgid "Failed to open key file."
msgstr "Openen van sleutelbestand is mislukt."
-#: lib/utils.c:173
+#: lib/utils.c:174
#, fuzzy
msgid "Cannot read keyfile from a terminal."
msgstr "Kan sleutelbestand %s niet lezen.\n"
-#: lib/utils.c:190
+#: lib/utils.c:191
msgid "Failed to stat key file."
msgstr "Kan status van sleutelbestand niet opvragen."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:199 lib/utils.c:220
msgid "Cannot seek to requested keyfile offset."
msgstr "Kan niet zoeken tot aan het aangevraagde sleutelbestand."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:214 lib/utils.c:229 src/utils_password.c:188
+#: src/utils_password.c:201
msgid "Out of memory while reading passphrase."
msgstr "Geen geheugen meer beschikbaar bij lezen van wachtwoord."
-#: lib/utils.c:248
+#: lib/utils.c:249
msgid "Error reading passphrase."
msgstr "Fout bij lezen van wachtwoord."
-#: lib/utils.c:265
+#: lib/utils.c:266
msgid "Nothing to read on input."
msgstr ""
-#: lib/utils.c:272
+#: lib/utils.c:273
msgid "Maximum keyfile size exceeded."
msgstr "Maximum sleutelbestandsgrootte overschreden."
-#: lib/utils.c:277
+#: lib/utils.c:278
msgid "Cannot read requested amount of data."
msgstr "Kan aangevraagde hoeveelheid data niet lezen."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:188 lib/utils_storage_wrappers.c:111
+#: lib/luks1/keyencryption.c:92
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Apparaat %s bestaat niet of toegang is geweigerd."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:198
#, c-format
msgid "Device %s is not compatible."
msgstr "Apparaat %s is niet compatibel."
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
+#: lib/utils_device.c:643
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Apparaat %s is te klein. Minstens %<PRIu64> bytes zijn vereist."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:724
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Kan apparaat %s niet gebruiken; het is nog actief (reeds toegewezen of aangekoppeld)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:728
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Kan apparaat %s niet gebruiken: toestemming geweigerd."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:731
#, c-format
msgid "Cannot get info about device %s."
msgstr "Kan geen informatie verkrijgen over apparaat %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:754
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Kan geen loopback-apparaat gebruiken, uitvoering als non-root gebruiker."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:764
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Vastmaken loopback-apparaat gefaald (loop-apparaat met autoclear-vlag is vereist)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:810
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "De aangevraagde gegevenspositie valt buiten de werkelijke grootte van apparaat %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:818
#, c-format
msgid "Device %s has zero size."
msgstr "Apparaat %s heeft grootte nul."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr ""
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:166
msgid "PBKDF benchmark disabled but iterations not set."
msgstr ""
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:185
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:205
#, fuzzy
msgid "Not compatible PBKDF options."
msgstr "Niet-compatibele PBKDF2-opties (met hash-algoritme %s in gebruik).\n"
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:103
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr ""
-#: lib/utils_device_locking.c:109
+#: lib/utils_device_locking.c:110
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+msgid "WARNING: Locking directory %s/%s is missing!\n"
msgstr ""
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:120
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr ""
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:185 src/cryptsetup_reencrypt.c:934
+#: src/cryptsetup_reencrypt.c:1018
msgid "Cannot seek to device offset."
msgstr "Onmogelijk te zoeken tot startplaats van apparaat."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:209
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr ""
-#: lib/luks1/keyencryption.c:39
+#: lib/luks1/keyencryption.c:40
#, fuzzy, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Kan dm-crypt sleuteltoewijzing niet instellen voor apparaat %s.\n"
"Kijk na of de kernel versleutelalgoritme %s ondersteunt (bekijk syslog voor meer informatie).\n"
-#: lib/luks1/keyencryption.c:44
+#: lib/luks1/keyencryption.c:45
msgid "Key size in XTS mode must be 256 or 512 bits."
msgstr "In XTS-modus moet de sleutelgrootte 256 of 512 bits zijn."
-#: lib/luks1/keyencryption.c:46
+#: lib/luks1/keyencryption.c:47
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr ""
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:98 lib/luks1/keymanage.c:345
+#: lib/luks1/keymanage.c:636 lib/luks1/keymanage.c:1079
+#: lib/luks2/luks2_json_metadata.c:1253 lib/luks2/luks2_keyslot.c:734
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Kan apparaat %s niet beschrijven: toestemming geweigerd."
-#: lib/luks1/keyencryption.c:120
+#: lib/luks1/keyencryption.c:121
msgid "Failed to open temporary keystore device."
msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt."
-#: lib/luks1/keyencryption.c:127
+#: lib/luks1/keyencryption.c:128
msgid "Failed to access temporary keystore device."
msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
+#: lib/luks1/keyencryption.c:201 lib/luks2/luks2_keyslot_luks2.c:60
#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
msgid "IO error while encrypting keyslot."
msgstr "Invoer/uitvoerfout tijdens het versleutelen van de sleutelplaats."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:247 lib/luks1/keymanage.c:348
+#: lib/luks1/keymanage.c:589 lib/luks1/keymanage.c:639 lib/tcrypt/tcrypt.c:661
+#: lib/verity/verity.c:81 lib/verity/verity.c:179 lib/verity/verity_hash.c:311
+#: lib/verity/verity_hash.c:322 lib/verity/verity_hash.c:342
+#: lib/verity/verity_fec.c:242 lib/verity/verity_fec.c:254
+#: lib/verity/verity_fec.c:259 lib/luks2/luks2_json_metadata.c:1256
+#: src/cryptsetup_reencrypt.c:205
#, c-format
msgid "Cannot open device %s."
msgstr "Kan apparaat %s niet openen."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:258 lib/luks2/luks2_keyslot_luks2.c:137
msgid "IO error while decrypting keyslot."
msgstr "Invoer/uitvoerfout tijdens het ontsleutelen van de sleutelplaats."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:111
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Apparaat %s is te klein. (LUKS1 vereist minstens %<PRIu64> bytes.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:132 lib/luks1/keymanage.c:140
+#: lib/luks1/keymanage.c:152 lib/luks1/keymanage.c:163
+#: lib/luks1/keymanage.c:175
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS-sleutelplaats %u is ongeldig."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:229 lib/luks1/keymanage.c:473
+#: lib/luks2/luks2_json_metadata.c:1084 src/cryptsetup.c:1438
+#: src/cryptsetup.c:1564 src/cryptsetup.c:1621 src/cryptsetup.c:1677
+#: src/cryptsetup.c:1744 src/cryptsetup.c:1847 src/cryptsetup.c:1911
+#: src/cryptsetup.c:2071 src/cryptsetup.c:2264 src/cryptsetup.c:2324
+#: src/cryptsetup.c:2390 src/cryptsetup.c:2554 src/cryptsetup.c:3204
+#: src/cryptsetup.c:3213 src/cryptsetup_reencrypt.c:1381
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "Apparaat %s is geen geldig LUKS-apparaat."
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:247 lib/luks2/luks2_json_metadata.c:1101
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Aangevraagd reservekopiebestand %s van koptekst bestaat reeds."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:249 lib/luks2/luks2_json_metadata.c:1103
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:256 lib/luks2/luks2_json_metadata.c:1110
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet schrijven."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:287 lib/luks2/luks2_json_metadata.c:1162
msgid "Backup file does not contain valid LUKS header."
msgstr "Reservekopiebestand bevat geen geldige LUKS-koptekst."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:300 lib/luks1/keymanage.c:550
+#: lib/luks2/luks2_json_metadata.c:1183
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet openen."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1191
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet lezen."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:318
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:326
#, c-format
msgid "Device %s %s%s"
msgstr "Apparaat %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:327
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "bevat geen LUKS-koptekst. Het vervangen van de koptekst kan gegevens op het apparaat vernietigen."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:328
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande sleutelplaatsen vernietigen."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1225
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"WAARSCHUWING: originele apparaatkoptekst heeft een ander UUID dan de reservekopie!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:376
msgid "Non standard key size, manual repair required."
msgstr "Niet-standaard sleutelgrootte, handmatige herstelling is vereist."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:381
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Niet-standaard sleutelplaatsuitlijning, handmatige herstelling is vereist."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:391
msgid "Repairing keyslots."
msgstr "Sleutelplaatsen worden hersteld."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:410
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Sleutelplaats %i: gegevenspositie hersteld (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:418
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Sleutelplaats %i: fragmenten hersteld (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:427
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Sleutelplaats %i: valse partitiehandtekening."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:432
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Sleutelplaats %i: salt uitgewist."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:449
msgid "Writing LUKS header to disk."
msgstr "LUKS-koptekst wordt naar schijf geschreven."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:454
msgid "Repair failed."
msgstr "Herstelling is mislukt."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:482 lib/luks1/keymanage.c:751
#, c-format
msgid "Requested LUKS hash %s is not supported."
msgstr "Aangevraagde LUKS-hash %s wordt niet ondersteund."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:510 src/cryptsetup.c:1144
msgid "No known problems detected for LUKS header."
msgstr "Geen gekende problemen gevonden bij LUKS-koptekst."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:661
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Fout bij het bijwerken van LUKS-koptekst op apparaat %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:669
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Fout bij het herlezen van LUKS-koptekst na bijwerken van apparaat %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:745
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "De datagegevenspositie voor een aparte LUKS-koptekst moet of 0 zijn, of groter zijn dan de koptekstgrootte."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:756 lib/luks1/keymanage.c:826
+#: lib/luks2/luks2_json_format.c:283 lib/luks2/luks2_json_metadata.c:1002
+#: src/cryptsetup.c:2717
msgid "Wrong LUKS UUID format provided."
msgstr "Verkeerd LUKS UUID-formaat verschaft."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:779
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Kan LUKS-koptekst niet aanmaken: lezen van random salt is mislukt."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:805
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Kan LUKS-koptekst niet aanmaken: koptekst-extract is mislukt (met %s-hash)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:849
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Sleutelplaats %d is actief; ruim eerst op."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:855
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Inhoud van sleutelplaats %d bevat te weinig fragmenten. Koptekstmanipulatie?"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Sleutelbehandelingsfout (met hash %s in gebruik)."
-
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1065
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Sleutelplaats %d is ongeldig, selecteer een sleutelplaats tussen 0 en %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1083 lib/luks2/luks2_keyslot.c:738
#, c-format
msgid "Cannot wipe device %s."
msgstr "Kan apparaat %s niet wissen."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Toewijzingen compatibel met loop-AES worden niet ondersteund door de kernel."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:505
#, c-format
msgid "Error reading keyfile %s."
msgstr "Fout bij het lezen van sleutelbestand %s."
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:545
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded."
msgstr "Maximum TCRYPT-wachtwoorlengte (%d) overschreden."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:586
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "PBKDF2 hash-algoritme %s is niet beschikbaar, wordt overgeslaan."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:602 src/cryptsetup.c:1021
msgid "Required kernel crypto interface not available."
msgstr "Benodigde kernel cryptografie-interface is niet beschikbaar."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:604 src/cryptsetup.c:1023
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Kijk na of kernelmodule algif_skcipher geladen is."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:744
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Activatie wordt niet ondersteund voor %d sectorgrootte."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:750
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Activatie voor deze TCRYPT-legacymodus wordt niet ondersteund door de kernel."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:784
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "TCRYPT-systeemversleuteling voor partitie %s wordt geactiveerd."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:862
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Toewijzingen compatibel met TCRYPT worden niet ondersteund door de kernel."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1084
msgid "This function is not supported without TCRYPT header load."
msgstr "Deze functie wordt niet ondersteund zonder TCRYPT-koptekst."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:305
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:352
msgid "Invalid string found when parsing Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:357
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:371
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr ""
-#: lib/bitlk/bitlk.c:502
+#: lib/bitlk/bitlk.c:451
#, fuzzy, c-format
msgid "Failed to read BITLK signature from %s."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:457
msgid "BITLK version 1 is currently not supported."
msgstr ""
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:463
msgid "Invalid or unknown boot signature for BITLK device."
msgstr ""
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Kan herencryptie-logbestand niet lezen.\n"
+#: lib/bitlk/bitlk.c:475
+msgid "Invalid or unknown signature for BITLK device."
+msgstr ""
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:483
#, fuzzy, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:499
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr ""
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:543
#, fuzzy
msgid "Unknown or unsupported encryption type."
msgstr "UUID wordt niet ondersteund voor dit encryptietype.\n"
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:576
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr ""
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:863
#, fuzzy
msgid "This operation is not supported."
msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n"
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
+#: lib/bitlk/bitlk.c:871
+#, fuzzy
+msgid "Wrong key size."
+msgstr "Ongeldige sleutelgrootte.\n"
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:999
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr ""
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1132
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr ""
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1136
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr ""
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/verity/verity.c:69 lib/verity/verity.c:172
#, fuzzy, c-format
msgid "Verity device %s does not use on-disk header."
msgstr "VERITY-apparaat %s gebruikt geen on-disk koptekst.\n"
msgid "VERITY header corrupted."
msgstr "VERITY-koptekst beschadigd."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:166
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Verkeerd VERITY UUID-formaat verschaft op apparaat %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:199
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Fout bij het bijwerken van VERITY-koptekst op apparaat %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:257
#, fuzzy
msgid "Root hash signature verification is not supported."
msgstr "Aangevraagd hash-algoritme %s wordt niet ondersteund.\n"
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:268
msgid "Errors cannot be repaired with FEC device."
msgstr ""
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:270
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr ""
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:309
#, fuzzy
msgid "Kernel does not support dm-verity mapping."
msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n"
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:313
#, fuzzy
msgid "Kernel does not support dm-verity signature option."
msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n"
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:324
msgid "Verity device detected corruption after activation."
msgstr "VERITY-apparaat ontdekte beschadiging na activatie."
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Reservegebied is niet ingesteld op positie %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:163 lib/verity/verity_hash.c:290
+#: lib/verity/verity_hash.c:303
msgid "Device offset overflow."
msgstr "Overloop van apparaatsgegevenspositie."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:203
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Controle gefaald op positie %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:276
+msgid "Invalid size parameters for verity device."
+msgstr "Ongeldige grootteparameters voor VERITY-apparaat."
+
+#: lib/verity/verity_hash.c:296
msgid "Hash area overflow."
msgstr ""
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:373
msgid "Verification of data area failed."
msgstr "Controle van gegevensgebied gefaald."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:378
msgid "Verification of root hash failed."
msgstr "Controle van root-hash gefaald."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:384
msgid "Input/output error while creating hash area."
msgstr "Invoer/uitvoerfout bij het aanmaken van hash-gebied."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:386
msgid "Creation of hash area failed."
msgstr "Creatie hash-gebied gefaald."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:433
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "WAARSCHUWING: Kernel kan apparaat niet activeren als de gegevensblokgrootte groter is dan de paginagrootte (%u)."
-#: lib/verity/verity_fec.c:131
+#: lib/verity/verity_fec.c:132
msgid "Failed to allocate RS context."
msgstr ""
-#: lib/verity/verity_fec.c:149
+#: lib/verity/verity_fec.c:147
#, fuzzy
msgid "Failed to allocate buffer."
msgstr "Kan status van sleutelbestand niet opvragen.\n"
-#: lib/verity/verity_fec.c:159
+#: lib/verity/verity_fec.c:157
#, c-format
msgid "Failed to read RS block %<PRIu64> byte %d."
msgstr ""
-#: lib/verity/verity_fec.c:172
+#: lib/verity/verity_fec.c:170
#, c-format
msgid "Failed to read parity for RS block %<PRIu64>."
msgstr ""
-#: lib/verity/verity_fec.c:180
+#: lib/verity/verity_fec.c:178
#, c-format
msgid "Failed to repair parity for block %<PRIu64>."
msgstr ""
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:189
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr ""
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:224
msgid "Block sizes must match for FEC."
msgstr ""
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:230
msgid "Invalid number of parity bytes."
msgstr ""
-#: lib/verity/verity_fec.c:238
-#, fuzzy
-msgid "Invalid FEC segment length."
-msgstr "Ongeldig apparaat %s.\n"
-
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:266
#, fuzzy, c-format
msgid "Failed to determine size for device %s."
msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n"
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:268 lib/integrity/integrity.c:339
#, fuzzy
msgid "Kernel does not support dm-integrity mapping."
msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n"
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:274
#, fuzzy
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "dm-verity toewijzingen niet ondersteund door kernel.\n"
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:959
+#: lib/luks2/luks2_json_metadata.c:1245
#, fuzzy, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n"
msgid "Requested data offset is too small."
msgstr "Apparaat %s is te klein.\n"
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:271
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
+#: lib/luks2/luks2_json_metadata.c:946 lib/luks2/luks2_json_metadata.c:1075
+#: lib/luks2/luks2_json_metadata.c:1151 lib/luks2/luks2_keyslot_luks2.c:92
#: lib/luks2/luks2_keyslot_luks2.c:114
#, fuzzy, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n"
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1168
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1209
#, fuzzy
msgid "Data offset differ on device and backup, restore failed."
msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt.\n"
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1215
#, fuzzy
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Verschillende gegevenspositie of sleutelgrootte in apparaat en reservekopie; herstelling is mislukt.\n"
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1222
#, fuzzy, c-format
msgid "Device %s %s%s%s%s"
msgstr "Apparaat %s %s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1223
#, fuzzy
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "bevat geen LUKS-koptekst. Het vervangen van de koptekst kan gegevens op het apparaat vernietigen."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1224
#, fuzzy
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "bevat reeds een LUKS-koptekst. Het vervangen van de koptekst zal bestaande sleutelplaatsen vernietigen."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1226
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"Replacing header with backup may corrupt the data on that device!"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1228
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Replacing header with backup may corrupt data."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1324
#, c-format
msgid "Ignored unknown flag %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2011 lib/luks2/luks2_reencrypt.c:1746
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2023 lib/luks2/luks2_reencrypt.c:1764
#, fuzzy
msgid "Failed to set dm-crypt segment."
msgstr "Kan status van sleutelbestand niet opvragen.\n"
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2029 lib/luks2/luks2_reencrypt.c:1770
msgid "Failed to set dm-linear segment."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2156
msgid "Unsupported device integrity configuration."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2237
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2248 lib/luks2/luks2_reencrypt.c:3190
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2328
msgid "Failed to read LUKS2 requirements."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2335
msgid "Unmet LUKS2 requirements detected."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2343
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2345
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr ""
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:547 lib/luks2/luks2_keyslot.c:584
msgid "Not enough available memory to open a keyslot."
msgstr ""
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:549 lib/luks2/luks2_keyslot.c:586
#, fuzzy
msgid "Keyslot open failed."
msgstr "Sleutelplaats %d is geverifieerd.\n"
msgid "No space for new keyslot."
msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n"
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_luks1_convert.c:481
#, fuzzy, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Kan wachtwoordkwaliteit niet nakijken: %s\n"
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:507
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:547
msgid "Unable to move keyslot area. Not enough space."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:599
-#, fuzzy
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr "Openen van sleutelbestand is mislukt.\n"
-
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:590 lib/luks2/luks2_luks1_convert.c:872
#, fuzzy
msgid "Unable to move keyslot area."
msgstr "Openen van sleutelbestand is mislukt.\n"
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:682
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:690
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:702
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:710
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:724
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:729
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:734
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:892
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:897
#, fuzzy, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector."
-#: lib/luks2/luks2_reencrypt.c:1051
+#: lib/luks2/luks2_reencrypt.c:941
#, fuzzy, c-format
msgid "Unsupported resilience mode %s"
msgstr "Niet-ondersteunde LUKS-versie %d.\n"
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1158 lib/luks2/luks2_reencrypt.c:1313
+#: lib/luks2/luks2_reencrypt.c:1396 lib/luks2/luks2_reencrypt.c:1430
+#: lib/luks2/luks2_reencrypt.c:3030
#, fuzzy
msgid "Failed to initialize old segment storage wrapper."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1172 lib/luks2/luks2_reencrypt.c:1291
#, fuzzy
msgid "Failed to initialize new segment storage wrapper."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1340
#, fuzzy
msgid "Failed to read checksums for current hotzone."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1347 lib/luks2/luks2_reencrypt.c:3038
#, fuzzy, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Reservegebied is niet ingesteld op positie %<PRIu64>.\n"
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1366
#, fuzzy, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1372
#, fuzzy, c-format
msgid "Failed to recover sector %zu."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:1867
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:1965
#, fuzzy, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Kan geen toegang verkrijgen tot tijdelijk sleutelopslagapparaat.\n"
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:1982
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:1989
#, fuzzy, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Openen van het tijdelijke sleutelopslagapparaat is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2060
msgid "Failed to refresh reencryption devices stack."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2216
#, fuzzy
msgid "Failed to set new keyslots area size."
msgstr "Kan nieuwe sleutelplaats niet verwisselen.\n"
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2318
#, c-format
msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2339
#, c-format
msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:2360
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:2366 lib/luks2/luks2_reencrypt.c:2779
+#: lib/luks2/luks2_reencrypt.c:2800
#, fuzzy, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Kan apparaat %s niet gebruiken; het is nog actief (reeds toegewezen of aangekoppeld).\n"
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:2534
#, fuzzy
msgid "Device not marked for LUKS2 reencryption."
msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:2540 lib/luks2/luks2_reencrypt.c:3295
msgid "Failed to load LUKS2 reencryption context."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:2619
#, fuzzy
msgid "Failed to get reencryption state."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:2623
#, fuzzy
msgid "Device is not in reencryption."
msgstr "Apparaat %s is niet actief.\n"
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:2630
msgid "Reencryption process is already running."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:2632
#, fuzzy
msgid "Failed to acquire reencryption lock."
msgstr "Kan herencryptie-logbestand niet lezen.\n"
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:2650
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:2750
msgid "Active device size and requested reencryption size don't match."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:2764
msgid "Illegal device size requested in reencryption parameters."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:2834
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:2906
msgid "LUKS2 reencryption already initialized in metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:2913
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3004
msgid "Failed to set device segments for next reencryption hotzone."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3046
#, fuzzy
msgid "Failed to write reencryption resilience metadata."
msgstr "Kan herencryptie-logbestand niet schrijven.\n"
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3053
#, fuzzy
msgid "Decryption failed."
msgstr "Herstelling is mislukt."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3058
#, fuzzy, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3063
#, fuzzy
msgid "Failed to sync data."
msgstr "Kan status van sleutelbestand niet opvragen.\n"
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3071
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:3138
#, fuzzy
msgid "Failed to write LUKS2 metadata."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: lib/luks2/luks2_reencrypt.c:3382
+#: lib/luks2/luks2_reencrypt.c:3161
msgid "Failed to wipe backup segment data."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "Kan herencryptie-logbestand niet lezen.\n"
+#: lib/luks2/luks2_reencrypt.c:3174
+msgid "Failed to disable reencryption requirement flag."
+msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:3182
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:3191
msgid "Do not resume the device unless replaced with error target manually."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:3240
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:3246
msgid "Missing or invalid reencrypt context."
msgstr ""
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:3253
#, fuzzy
msgid "Failed to initialize reencryption device stack."
msgstr "Kan versleutelings-backend niet initialiseren.\n"
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:3272 lib/luks2/luks2_reencrypt.c:3308
#, fuzzy
msgid "Failed to update reencryption context."
msgstr "Kan herencryptie-logbestand niet openen.\n"
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "Sleutelplaats %d is ongeldig."
-
-#: lib/luks2/luks2_token.c:263
+#: lib/luks2/luks2_token.c:262
msgid "No free token slot."
msgstr ""
-#: lib/luks2/luks2_token.c:270
+#: lib/luks2/luks2_token.c:269
#, fuzzy, c-format
msgid "Failed to create builtin token %s."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:163
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "Kan geen wachtwoordverificatie uitvoeren op invoer van buiten de terminal."
-#: src/cryptsetup.c:261
+#: src/cryptsetup.c:216
#, fuzzy
msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n"
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:246 src/cryptsetup.c:955 src/cryptsetup.c:1275
+#: src/cryptsetup.c:3078 src/cryptsetup_reencrypt.c:716
+#: src/cryptsetup_reencrypt.c:786
msgid "No known cipher specification pattern detected."
msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:254
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "WAARSCHUWING: In normale modus met opgegeven sleutelbestand wordt de --hash-parameter genegeerd.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:262
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "WAARSCHUWING: De optie --keyfile-size wordt genegeerd, de leesgrootte is gelijk aan de encryptiesleutelgrootte.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:302
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr ""
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:308 src/cryptsetup.c:1101 src/cryptsetup.c:1153
+#: src/cryptsetup.c:1252 src/cryptsetup.c:1325 src/cryptsetup.c:1979
+#: src/cryptsetup.c:2615 src/cryptsetup.c:2738 src/integritysetup.c:232
msgid "Operation aborted.\n"
msgstr ""
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:376
msgid "Option --key-file is required."
msgstr "Optie --key-file is vereist."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:429
msgid "Enter VeraCrypt PIM: "
msgstr ""
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:438
msgid "Invalid PIM value: parse error."
msgstr ""
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:441
#, fuzzy
msgid "Invalid PIM value: 0."
msgstr "Ongeldig apparaat %s.\n"
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:444
msgid "Invalid PIM value: outside of range."
msgstr ""
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:467
msgid "No device header detected with this passphrase."
msgstr "Geen apparaatkoptekst beschikbaar met dit wachtwoord."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:536
#, fuzzy, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:571 src/cryptsetup.c:2006
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n"
"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:668
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr ""
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:696
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr ""
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:833
#, fuzzy
msgid "Benchmark interrupted."
msgstr "versleutelalgoritme benchmarken"
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:854
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr ""
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:856
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr ""
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:870
#, c-format
msgid "%-10s N/A\n"
msgstr ""
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:872
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr ""
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:896
msgid "Result of benchmark is not reliable."
msgstr "Benchmarkresultaat is niet betrouwbaar."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:947
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Tests zijn bij benadering met enkel geheugen in gebruik (geen opslag-IO).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:981
#, fuzzy, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritme | Sleutel | Versleuteling | Ontsleuteling\n"
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "Versleutelalgoritme %s is niet beschikbaar.\n"
+#: src/cryptsetup.c:985
+#, c-format
+msgid "Cipher %s is not available."
+msgstr "Versleutelalgoritme %s is niet beschikbaar."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1005
#, fuzzy
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritme | Sleutel | Versleuteling | Ontsleuteling\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1014
msgid "N/A"
msgstr "N/A"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1094
msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
+"Seems device does not require reencryption recovery.\n"
+"Do you want to proceed anyway?"
msgstr ""
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1100
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr ""
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1109
#, fuzzy
msgid "Enter passphrase for reencryption recovery: "
msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1152
msgid "Really try to repair LUKS device header?"
msgstr "Bent u zeker de LUKS-apparaatkoptekst te willen herstellen?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1171 src/integritysetup.c:145
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
msgstr ""
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1193 src/integritysetup.c:167
#, fuzzy, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Kan tijdelijk LUKS-apparaat niet openen.\n"
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1237
msgid "Integrity option can be used only for LUKS2 format."
msgstr ""
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1242 src/cryptsetup.c:1302
#, fuzzy
msgid "Unsupported LUKS2 metadata size options."
msgstr "Niet-ondersteunde LUKS-versie %d.\n"
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1259
#, fuzzy, c-format
msgid "Cannot create header file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken.\n"
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1282 src/integritysetup.c:194 src/integritysetup.c:203
+#: src/integritysetup.c:212 src/integritysetup.c:283 src/integritysetup.c:292
+#: src/integritysetup.c:302
#, fuzzy
msgid "No known integrity specification pattern detected."
msgstr "Geen bekend specificatiepatroon voor het sleutelalgoritme gevonden.\n"
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1295
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Kan %s niet als on-diskkoptekst gebruiken."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1319 src/integritysetup.c:226
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Dit zal data op %s onherroepelijk overschrijven."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1360 src/cryptsetup.c:1693 src/cryptsetup.c:1760
+#: src/cryptsetup.c:1862 src/cryptsetup.c:1928 src/cryptsetup_reencrypt.c:546
#, fuzzy
msgid "Failed to set pbkdf parameters."
msgstr "Kan status van sleutelbestand niet opvragen.\n"
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1444
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Een verlaagde datagegevenspositie wordt enkel toegestaan voor een vrijstaande LUKS-koptekst."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1455 src/cryptsetup.c:1766
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr ""
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1493
msgid "Device activated but cannot make flags persistent."
msgstr ""
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1574 src/cryptsetup.c:1644
#, fuzzy, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Sleutelplaats %d geselecteerd voor verwijdering.\n"
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1586 src/cryptsetup.c:1647
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Dit is de laatste sleutelplaats. Apparaat zal onbruikbaar worden na het verwijderen van deze sleutel."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1587
msgid "Enter any remaining passphrase: "
msgstr "Voer enig overblijvend wachtwoord in: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1588 src/cryptsetup.c:1649
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr ""
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1626
msgid "Enter passphrase to be deleted: "
msgstr "Voer het te verwijderen wachtwoord in: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1707 src/cryptsetup.c:1781 src/cryptsetup.c:1815
msgid "Enter new passphrase for key slot: "
msgstr "Voer een nieuw wachtwoord in voor de sleutelplaats: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1798 src/cryptsetup_reencrypt.c:1336
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Voer een bestaand wachtwoord in: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1866
msgid "Enter passphrase to be changed: "
msgstr "Voer het te wijzigen wachtwoord in: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1882 src/cryptsetup_reencrypt.c:1322
msgid "Enter new passphrase: "
msgstr "Voer nieuw wachtwoord in: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1932
#, fuzzy
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1956
msgid "Only one device argument for isLuks operation is supported."
msgstr "Voor de isLuks-operatie wordt slechts één apparaatsargument ondersteund."
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige informatie\n"
-"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n"
-"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Sleutelplaats %d is niet in gebruik."
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Dump van koptekst met sleutel tot het opslagmedium bevat gevoelige informatie\n"
-"die zonder wachtwoord toegang verschaft tot versleutelde partities.\n"
-"De dump zou steeds versleuteld en op een veilige plaats bewaard moeten worden."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s is geen LUKS-apparaat.\n"
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2140 src/cryptsetup.c:2161
msgid "Option --header-backup-file is required."
msgstr "Optie --header-backup-file is vereist."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2191
#, fuzzy, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s is geen LUKS-apparaat."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2202
#, fuzzy, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Hervatting wordt niet ondersteund voor apparaat %s.\n"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2244
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Niet-herkende metadata bij apparaatstype %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2247
msgid "Command requires device and mapped name as arguments."
msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2269
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Deze operatie zal alle sleutelplaatsen op apparaat %s wissen.\n"
"Na deze operatie wordt het apparaat onbruikbaar."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2276
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr ""
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2313
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr ""
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2331
#, fuzzy, c-format
msgid "Device is already %s type."
msgstr "Apparaat %s bestaat reeds.\n"
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2336
#, fuzzy, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Deze operatie wordt niet ondersteund voor versleutelapparaat %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2342
msgid "Operation aborted, device was NOT converted.\n"
msgstr ""
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2382
msgid "Option --priority, --label or --subsystem is missing."
msgstr ""
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2416 src/cryptsetup.c:2449 src/cryptsetup.c:2472
#, fuzzy, c-format
msgid "Token %d is invalid."
msgstr "Sleutelplaats %d is ongeldig.\n"
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2419 src/cryptsetup.c:2475
#, c-format
msgid "Token %d in use."
msgstr ""
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2426
#, fuzzy, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Lezen uit sleutelopslag is mislukt.\n"
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2435 src/cryptsetup.c:2497
#, fuzzy, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2452
#, fuzzy, c-format
msgid "Token %d is not in use."
msgstr "Sleutelplaats %d is niet in gebruik.\n"
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2487
#, fuzzy
msgid "Failed to import token from file."
msgstr "Openen van sleutelbestand is mislukt.\n"
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2512
#, fuzzy, c-format
msgid "Failed to get token %d for export."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: src/cryptsetup.c:2724
+#: src/cryptsetup.c:2527
msgid "--key-description parameter is mandatory for token add action."
msgstr ""
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
+#: src/cryptsetup.c:2533 src/cryptsetup.c:2541
msgid "Action requires specific token. Use --token-id parameter."
msgstr ""
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2546
#, fuzzy, c-format
msgid "Invalid token operation %s."
msgstr "Ongeldige sleutelgrootte %d.\n"
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2601
#, c-format
msgid "Auto-detected active dm device '%s' for data device %s.\n"
msgstr ""
-#: src/cryptsetup.c:2802
+#: src/cryptsetup.c:2605
#, fuzzy, c-format
msgid "Device %s is not a block device.\n"
msgstr "Apparaat %s is geen geldig LUKS-apparaat.\n"
-#: src/cryptsetup.c:2804
+#: src/cryptsetup.c:2607
#, fuzzy, c-format
msgid "Failed to auto-detect device %s holders."
msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen."
-#: src/cryptsetup.c:2806
+#: src/cryptsetup.c:2609
#, c-format
msgid ""
"Unable to decide if device %s is activated or not.\n"
"To run reencryption in online mode, use --active-name parameter instead.\n"
msgstr ""
-#: src/cryptsetup.c:2886
+#: src/cryptsetup.c:2689
#, fuzzy
msgid "Invalid LUKS device type."
msgstr "Ongeldig apparaat %s.\n"
-#: src/cryptsetup.c:2891
+#: src/cryptsetup.c:2694
msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
msgstr ""
-#: src/cryptsetup.c:2896
+#: src/cryptsetup.c:2699
msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
msgstr ""
-#: src/cryptsetup.c:2905
+#: src/cryptsetup.c:2708
#, c-format
msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
msgstr ""
-#: src/cryptsetup.c:2909
+#: src/cryptsetup.c:2712
#, fuzzy
msgid "Encryption is supported only for LUKS2 format."
msgstr "Deze operatie wordt enkel ondersteund voor LUKS-apparaten.\n"
-#: src/cryptsetup.c:2932
+#: src/cryptsetup.c:2734
#, c-format
msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
msgstr ""
-#: src/cryptsetup.c:2950
+#: src/cryptsetup.c:2749
#, fuzzy, c-format
msgid "Temporary header file %s already exists. Aborting."
msgstr "Aangevraagd reservekopiebestand %s van koptekst bestaat reeds.\n"
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
+#: src/cryptsetup.c:2751 src/cryptsetup.c:2758
#, fuzzy, c-format
msgid "Cannot create temporary header file %s."
msgstr "Kan reservekopiebestand %s van koptekst niet aanmaken.\n"
-#: src/cryptsetup.c:3026
+#: src/cryptsetup.c:2822
#, c-format
msgid "%s/%s is now active and ready for online encryption.\n"
msgstr ""
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
+#: src/cryptsetup.c:2986 src/cryptsetup.c:2992
#, fuzzy
msgid "Not enough free keyslots for reencryption."
msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
+#: src/cryptsetup.c:3012 src/cryptsetup_reencrypt.c:1287
msgid "Key file can be used only with --key-slot or with exactly one key slot active."
msgstr "Sleutelbestand kan enkel gebruikt worden met optie --key-slot of met enkel één actieve sleutelplaats."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
+#: src/cryptsetup.c:3021 src/cryptsetup_reencrypt.c:1334
+#: src/cryptsetup_reencrypt.c:1345
#, fuzzy, c-format
msgid "Enter passphrase for key slot %d: "
msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-#: src/cryptsetup.c:3240
+#: src/cryptsetup.c:3029
#, c-format
msgid "Enter passphrase for key slot %u: "
msgstr "Voer wachtwoord voor sleutelplaats %u in: "
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
+#: src/cryptsetup.c:3196
#, fuzzy
msgid "Command requires device as argument."
msgstr "Opdracht vereist apparaat en toewijzingsnaam als argumenten.\n"
-#: src/cryptsetup.c:3441
+#: src/cryptsetup.c:3218
msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
msgstr ""
-#: src/cryptsetup.c:3453
+#: src/cryptsetup.c:3230
msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
msgstr ""
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
+#: src/cryptsetup.c:3240 src/cryptsetup_reencrypt.c:178
msgid "Reencryption of device with integrity profile is not supported."
msgstr ""
-#: src/cryptsetup.c:3471
+#: src/cryptsetup.c:3248
msgid "LUKS2 reencryption already initialized. Aborting operation."
msgstr ""
-#: src/cryptsetup.c:3475
+#: src/cryptsetup.c:3252
#, fuzzy
msgid "LUKS2 device is not in reencryption."
msgstr "Logbestand %s bestaat reeds, herencryptie wordt herstart.\n"
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:3279
msgid "<device> [--type <type>] [<name>]"
msgstr "<apparaat> [--type <type>] [<naam>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:3279 src/veritysetup.c:394 src/integritysetup.c:474
#, fuzzy
msgid "open device as <name>"
msgstr "apparaat als toewijzing <naam> openen"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3280 src/cryptsetup.c:3281 src/cryptsetup.c:3282
+#: src/veritysetup.c:395 src/veritysetup.c:396 src/integritysetup.c:475
+#: src/integritysetup.c:476
msgid "<name>"
msgstr "<naam>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3280 src/veritysetup.c:395 src/integritysetup.c:475
msgid "close device (remove mapping)"
msgstr "apparaat sluiten (toewijzingen verwijderen)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3281
msgid "resize active device"
msgstr "actief apparaat vergroten of verkleinen"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3282
msgid "show device status"
msgstr "apparaatstatus tonen"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3283
msgid "[--cipher <cipher>]"
msgstr "[--cipher <versleutelalgoritme>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3283
msgid "benchmark cipher"
msgstr "versleutelalgoritme benchmarken"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3284 src/cryptsetup.c:3285 src/cryptsetup.c:3286
+#: src/cryptsetup.c:3287 src/cryptsetup.c:3288 src/cryptsetup.c:3295
+#: src/cryptsetup.c:3296 src/cryptsetup.c:3297 src/cryptsetup.c:3298
+#: src/cryptsetup.c:3299 src/cryptsetup.c:3300 src/cryptsetup.c:3301
+#: src/cryptsetup.c:3302 src/cryptsetup.c:3303
msgid "<device>"
msgstr "<apparaat>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3284
msgid "try to repair on-disk metadata"
msgstr "on-disk metadata proberen te herstellen"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3285
#, fuzzy
msgid "reencrypt LUKS2 device"
msgstr "sleutel aan LUKS-apparaat toevoegen"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3286
msgid "erase all keyslots (remove encryption key)"
msgstr "alle sleutelplaatsen wissen (encryptiesleutel verwijderen)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3287
msgid "convert LUKS from/to LUKS2 format"
msgstr ""
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3288
msgid "set permanent configuration options for LUKS2"
msgstr ""
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3289 src/cryptsetup.c:3290
msgid "<device> [<new key file>]"
msgstr "<apparaat> [<nieuw sleutelbestand>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3289
msgid "formats a LUKS device"
msgstr "een LUKS-apparaat formatteren"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3290
msgid "add key to LUKS device"
msgstr "sleutel aan LUKS-apparaat toevoegen"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3291 src/cryptsetup.c:3292 src/cryptsetup.c:3293
msgid "<device> [<key file>]"
msgstr "<apparaat> [<sleutelbestand>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3291
msgid "removes supplied key or key file from LUKS device"
msgstr "verschafte sleutel of sleutelbestand van LUKS-apparaat verwijderen"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3292
msgid "changes supplied key or key file of LUKS device"
msgstr "wijzigt verschafte sleutel of sleutelbestand van LUKS-apparaat"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3293
msgid "converts a key to new pbkdf parameters"
msgstr ""
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3294
msgid "<device> <key slot>"
msgstr "<apparaat> <sleutelplaats>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3294
msgid "wipes key with number <key slot> from LUKS device"
msgstr "sleutel met nummer <sleutelplaats> van LUKS-apparaat verwijderen"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3295
msgid "print UUID of LUKS device"
msgstr "UUID van LUKS-apparaat tonen"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3296
msgid "tests <device> for LUKS partition header"
msgstr "<apparaat> op een LUKS-partitiekoptekst testen"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3297
msgid "dump LUKS partition information"
msgstr "LUKS-partitie-informatie dumpen"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3298
msgid "dump TCRYPT device information"
msgstr "TCRYPT-apparaatsinformatie dumpen"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3299
#, fuzzy
msgid "dump BITLK device information"
msgstr "TCRYPT-apparaatsinformatie dumpen"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3300
#, fuzzy
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "LUKS-apparaat schorsen en sleutel wissen (alle in-/uitvoer wordt bevroren)."
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3301
#, fuzzy
msgid "Resume suspended LUKS device"
msgstr "Geschorst LUKS-apparaat hervatten."
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3302
msgid "Backup LUKS device header and keyslots"
msgstr "Reservekopie van LUKS-apparaatkoptekst en -sleutelplaatsen maken"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3303
msgid "Restore LUKS device header and keyslots"
msgstr "LUKS-apparaatkoptekst en -sleutelplaatsen herstellen"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3304
msgid "<add|remove|import|export> <device>"
msgstr ""
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3304
msgid "Manipulate LUKS2 tokens"
msgstr ""
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3322 src/veritysetup.c:412 src/integritysetup.c:492
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<actie> is één van:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3328
#, fuzzy
msgid ""
"\n"
"\topen: (plainOpen), luksOpen, loopaesOpen, tcryptOpen aanmaken\n"
"\tclose: (plainClose), luksClose, loopaesClose, tryptClose verwijderen\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3332
#, c-format
msgid ""
"\n"
"<sleutelplaats> is het nummer van de te wijzigen LUKS-sleutelplaats\n"
"<sleutelbestand> optioneel sleutelbestand voor de nieuwe sleutel voor de luksAddKey-actie\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3339
#, c-format
msgid ""
"\n"
"Default compiled-in metadata format is %s (for luksFormat action).\n"
msgstr ""
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3344
#, fuzzy, c-format
msgid ""
"\n"
"\tMaximum sleutelplaatsgrootte: %dkB, maximum lengte interactief wachtwoord %d (karakters)\n"
"Standaard PBKDF2-herhalingstijd voor LUKS: %d (ms)\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3355
#, fuzzy, c-format
msgid ""
"\n"
"\tplain: %s, Sleutel: %d bits, Wachtwoordhashing: %s\n"
"\tLUKS1: %s, Sleutel: %d bits, LUKS-kopteksthashing: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3364
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr ""
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3380 src/veritysetup.c:569 src/integritysetup.c:634
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: vereist %s als argumenten"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3418 src/veritysetup.c:457 src/integritysetup.c:530
+#: src/cryptsetup_reencrypt.c:1600
msgid "Show this help message"
msgstr "Deze hulptekst tonen"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3419 src/veritysetup.c:458 src/integritysetup.c:531
+#: src/cryptsetup_reencrypt.c:1601
msgid "Display brief usage"
msgstr "Korte gebruikssamenvatting tonen"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3420 src/veritysetup.c:459 src/integritysetup.c:532
+#: src/cryptsetup_reencrypt.c:1602
msgid "Print package version"
msgstr "Pakketversie tonen"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3424 src/veritysetup.c:463 src/integritysetup.c:536
+#: src/cryptsetup_reencrypt.c:1606
msgid "Help options:"
msgstr "Hulpopties:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
+#: src/cryptsetup.c:3425 src/veritysetup.c:464 src/integritysetup.c:537
+#: src/cryptsetup_reencrypt.c:1607
msgid "Shows more detailed error messages"
msgstr "Gedetailleerdere foutboodschappen tonen"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup.c:3426 src/veritysetup.c:465 src/integritysetup.c:538
+#: src/cryptsetup_reencrypt.c:1608
msgid "Show debug messages"
msgstr "Debug-boodschappen tonen"
-#: src/cryptsetup.c:3646
+#: src/cryptsetup.c:3427
#, fuzzy
msgid "Show debug messages including JSON metadata"
msgstr "Debug-boodschappen tonen"
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
+#: src/cryptsetup.c:3428 src/cryptsetup_reencrypt.c:1610
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "Het gebruikte versleutelalgoritme om de schijf te versleutelen (zie /proc/crypto)"
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
+#: src/cryptsetup.c:3429 src/cryptsetup_reencrypt.c:1612
msgid "The hash used to create the encryption key from the passphrase"
msgstr "De gebruikte hash om de encryptiesleutel uit het wachtwoord aan te maken"
-#: src/cryptsetup.c:3649
+#: src/cryptsetup.c:3430
msgid "Verifies the passphrase by asking for it twice"
msgstr "Het wachtwoord controleren door het twee keer te vragen"
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
+#: src/cryptsetup.c:3431 src/cryptsetup_reencrypt.c:1614
#, fuzzy
msgid "Read the key from a file"
msgstr "De sleutel uit een bestand lezen."
-#: src/cryptsetup.c:3651
+#: src/cryptsetup.c:3432
msgid "Read the volume (master) key from file."
msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen."
-#: src/cryptsetup.c:3652
+#: src/cryptsetup.c:3433
#, fuzzy
msgid "Dump volume (master) key instead of keyslots info"
msgstr "Dump (hoofd)sleutel tot het opslagmedium in plaats van de sleutelplaatsinformatie."
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:3434 src/cryptsetup_reencrypt.c:1611
msgid "The size of the encryption key"
msgstr "De grootte van de encryptiesleutel"
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:3434 src/cryptsetup.c:3494 src/integritysetup.c:556
+#: src/integritysetup.c:560 src/integritysetup.c:564
+#: src/cryptsetup_reencrypt.c:1611
msgid "BITS"
msgstr "BITS"
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
+#: src/cryptsetup.c:3435 src/cryptsetup_reencrypt.c:1627
msgid "Limits the read from keyfile"
msgstr "Beperkt de lezing uit sleutelbestand"
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:3435 src/cryptsetup.c:3436 src/cryptsetup.c:3437
+#: src/cryptsetup.c:3438 src/cryptsetup.c:3441 src/cryptsetup.c:3491
+#: src/cryptsetup.c:3492 src/cryptsetup.c:3500 src/cryptsetup.c:3501
+#: src/veritysetup.c:468 src/veritysetup.c:469 src/veritysetup.c:470
+#: src/veritysetup.c:473 src/veritysetup.c:474 src/integritysetup.c:545
+#: src/integritysetup.c:551 src/integritysetup.c:552
+#: src/cryptsetup_reencrypt.c:1626 src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup_reencrypt.c:1628 src/cryptsetup_reencrypt.c:1629
msgid "bytes"
msgstr "bytes"
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
+#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1626
msgid "Number of bytes to skip in keyfile"
msgstr "Aantal bytes over te slaan in sleutelbestand"
-#: src/cryptsetup.c:3656
+#: src/cryptsetup.c:3437
msgid "Limits the read from newly added keyfile"
msgstr "Beperkt de lezing uit een nieuw toegevoegd sleutelbestand"
-#: src/cryptsetup.c:3657
+#: src/cryptsetup.c:3438
msgid "Number of bytes to skip in newly added keyfile"
msgstr "Aantal bytes over te slaan in nieuwste toegevoegde sleutelbestand"
-#: src/cryptsetup.c:3658
+#: src/cryptsetup.c:3439
msgid "Slot number for new key (default is first free)"
msgstr "Plaatsnummer voor nieuwe sleutel (standaard is de eerste open plaats)"
-#: src/cryptsetup.c:3659
+#: src/cryptsetup.c:3440
msgid "The size of the device"
msgstr "De grootte van het apparaat"
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
+#: src/cryptsetup.c:3440 src/cryptsetup.c:3442 src/cryptsetup.c:3443
+#: src/cryptsetup.c:3449 src/integritysetup.c:546 src/integritysetup.c:553
msgid "SECTORS"
msgstr "SECTOREN"
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:3441 src/cryptsetup_reencrypt.c:1629
msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
msgstr "Enkel ingegeven apparaatsgrootte gebruiken (rest van apparaat wordt genegeerd). GEVAARLIJK!"
-#: src/cryptsetup.c:3661
+#: src/cryptsetup.c:3442
msgid "The start offset in the backend device"
msgstr "De startplaats in het backend-apparaat"
-#: src/cryptsetup.c:3662
+#: src/cryptsetup.c:3443
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Hoeveel sectoren van de versleutelde gegevens aan het begin over te slaan"
-#: src/cryptsetup.c:3663
+#: src/cryptsetup.c:3444
msgid "Create a readonly mapping"
msgstr "Een alleen-lezen toewijzing aanmaken"
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
+#: src/cryptsetup.c:3445 src/integritysetup.c:539
+#: src/cryptsetup_reencrypt.c:1617
msgid "Do not ask for confirmation"
msgstr "Niet om bevestiging vragen"
-#: src/cryptsetup.c:3665
+#: src/cryptsetup.c:3446
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Timeout voor interactieve wachtwoordprompt (in seconden)"
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:3446 src/cryptsetup.c:3447 src/integritysetup.c:540
+#: src/cryptsetup_reencrypt.c:1618
msgid "secs"
msgstr "seconden"
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:3447 src/integritysetup.c:540
+#: src/cryptsetup_reencrypt.c:1618
msgid "Progress line update (in seconds)"
msgstr ""
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
+#: src/cryptsetup.c:3448 src/cryptsetup_reencrypt.c:1619
msgid "How often the input of the passphrase can be retried"
msgstr "Hoe vaak de invoering van het wachtwoord opnieuw geprobeerd kan worden"
-#: src/cryptsetup.c:3668
+#: src/cryptsetup.c:3449
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Payload uitlijnen op meervouden van <n> sectoren – voor luksFormat"
-#: src/cryptsetup.c:3669
+#: src/cryptsetup.c:3450
#, fuzzy
msgid "File with LUKS header and keyslots backup"
msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen."
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
+#: src/cryptsetup.c:3451 src/cryptsetup_reencrypt.c:1620
#, fuzzy
msgid "Use /dev/random for generating volume key"
msgstr "Gebruik /dev/random om de sleutel tot het opslagmedium te genereren."
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
+#: src/cryptsetup.c:3452 src/cryptsetup_reencrypt.c:1621
#, fuzzy
msgid "Use /dev/urandom for generating volume key"
msgstr "Gebruik /dev/urandom om de sleutel tot het opslagmedium te genereren."
-#: src/cryptsetup.c:3672
+#: src/cryptsetup.c:3453
#, fuzzy
msgid "Share device with another non-overlapping crypt segment"
msgstr "Apparaat met een ander, niet-overlappend cryptsegment delen."
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
+#: src/cryptsetup.c:3454 src/veritysetup.c:477
#, fuzzy
msgid "UUID for device to use"
msgstr "UUID van het te gebruiken apparaat."
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
+#: src/cryptsetup.c:3455
#, fuzzy
msgid "Allow discards (aka TRIM) requests for device"
msgstr "Discardaanvragen (alias TRIM) op dit apparaat toelaten."
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
+#: src/cryptsetup.c:3456 src/cryptsetup_reencrypt.c:1638
#, fuzzy
msgid "Device or file with separated LUKS header"
msgstr "Apparaat of bestand met verschillende LUKS-koptekst."
-#: src/cryptsetup.c:3676
+#: src/cryptsetup.c:3457
#, fuzzy
msgid "Do not activate device, just check passphrase"
msgstr "Apparaat niet activeren, enkel wachtwoord controleren."
-#: src/cryptsetup.c:3677
+#: src/cryptsetup.c:3458
#, fuzzy
msgid "Use hidden header (hidden TCRYPT device)"
msgstr "Verborgen koptekst gebruiken (verborgen TCRYPT-apparaat)."
-#: src/cryptsetup.c:3678
+#: src/cryptsetup.c:3459
#, fuzzy
msgid "Device is system TCRYPT drive (with bootloader)"
msgstr "Apparaat is TCRYPT-systeemschijf (met bootloader)."
-#: src/cryptsetup.c:3679
+#: src/cryptsetup.c:3460
#, fuzzy
msgid "Use backup (secondary) TCRYPT header"
msgstr "Reserve (secundaire) TCRYPT-koptekst gebruiken."
-#: src/cryptsetup.c:3680
+#: src/cryptsetup.c:3461
#, fuzzy
msgid "Scan also for VeraCrypt compatible device"
msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen."
-#: src/cryptsetup.c:3681
+#: src/cryptsetup.c:3462
#, fuzzy
msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen."
-#: src/cryptsetup.c:3682
+#: src/cryptsetup.c:3463
#, fuzzy
msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Eveneens naar VeraCrypt-compatibel apparaat scannen."
-#: src/cryptsetup.c:3683
+#: src/cryptsetup.c:3464
#, fuzzy
msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt."
-#: src/cryptsetup.c:3684
+#: src/cryptsetup.c:3465
#, fuzzy
msgid "Disable password quality check (if enabled)"
msgstr "Wachtwoordkwaliteitscontrole uitschakelen (indien ingeschakeld)."
-#: src/cryptsetup.c:3685
+#: src/cryptsetup.c:3466
#, fuzzy
msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
msgstr "dm-crypt same_cpu_crypt prestatie-compatibiliteitsoptie gebruiken."
-#: src/cryptsetup.c:3686
+#: src/cryptsetup.c:3467
#, fuzzy
msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
msgstr "dm-crypt submit_from_crypt_cpus prestatie-compatibiliteitsoptie gebruiken."
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
+#: src/cryptsetup.c:3468
msgid "Device removal is deferred until the last user closes it"
msgstr ""
-#: src/cryptsetup.c:3690
+#: src/cryptsetup.c:3469
msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
msgstr ""
-#: src/cryptsetup.c:3691
+#: src/cryptsetup.c:3470
#, fuzzy
msgid "PBKDF iteration time for LUKS (in ms)"
msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)"
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup.c:3470 src/cryptsetup_reencrypt.c:1616
msgid "msecs"
msgstr "milliseconden"
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
+#: src/cryptsetup.c:3471 src/cryptsetup_reencrypt.c:1634
msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
msgstr ""
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:3472 src/cryptsetup_reencrypt.c:1635
msgid "PBKDF memory cost limit"
msgstr ""
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:3472 src/cryptsetup_reencrypt.c:1635
#, fuzzy
msgid "kilobytes"
msgstr "bytes"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:3473 src/cryptsetup_reencrypt.c:1636
msgid "PBKDF parallel cost"
msgstr ""
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:3473 src/cryptsetup_reencrypt.c:1636
msgid "threads"
msgstr ""
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
+#: src/cryptsetup.c:3474 src/cryptsetup_reencrypt.c:1637
msgid "PBKDF iterations cost (forced, disables benchmark)"
msgstr ""
-#: src/cryptsetup.c:3696
+#: src/cryptsetup.c:3475
msgid "Keyslot priority: ignore, normal, prefer"
msgstr ""
-#: src/cryptsetup.c:3697
+#: src/cryptsetup.c:3476
#, fuzzy
msgid "Disable locking of on-disk metadata"
msgstr "on-disk metadata proberen te herstellen"
-#: src/cryptsetup.c:3698
+#: src/cryptsetup.c:3477
msgid "Disable loading volume keys via kernel keyring"
msgstr ""
-#: src/cryptsetup.c:3699
+#: src/cryptsetup.c:3478
msgid "Data integrity algorithm (LUKS2 only)"
msgstr ""
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
+#: src/cryptsetup.c:3479 src/integritysetup.c:567
msgid "Disable journal for integrity device"
msgstr ""
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
+#: src/cryptsetup.c:3480 src/integritysetup.c:541
msgid "Do not wipe device after format"
msgstr ""
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
+#: src/cryptsetup.c:3481 src/integritysetup.c:571
msgid "Use inefficient legacy padding (old kernels)"
msgstr ""
-#: src/cryptsetup.c:3703
+#: src/cryptsetup.c:3482
msgid "Do not ask for passphrase if activation by token fails"
msgstr ""
-#: src/cryptsetup.c:3704
+#: src/cryptsetup.c:3483
msgid "Token number (default: any)"
msgstr ""
-#: src/cryptsetup.c:3705
+#: src/cryptsetup.c:3484
msgid "Key description"
msgstr ""
-#: src/cryptsetup.c:3706
+#: src/cryptsetup.c:3485
msgid "Encryption sector size (default: 512 bytes)"
msgstr ""
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3708
+#: src/cryptsetup.c:3486
msgid "Set activation flags persistent for device"
msgstr ""
-#: src/cryptsetup.c:3709
+#: src/cryptsetup.c:3487
#, fuzzy
msgid "Set label for the LUKS2 device"
msgstr "een LUKS-apparaat formatteren"
-#: src/cryptsetup.c:3710
+#: src/cryptsetup.c:3488
msgid "Set subsystem label for the LUKS2 device"
msgstr ""
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#: src/cryptsetup.c:3489
+msgid "Create unbound (no assigned data segment) LUKS2 keyslot"
msgstr ""
-#: src/cryptsetup.c:3712
+#: src/cryptsetup.c:3490
#, fuzzy
msgid "Read or write the json from or to a file"
msgstr "De sleutel uit een bestand lezen."
-#: src/cryptsetup.c:3713
+#: src/cryptsetup.c:3491
msgid "LUKS2 header metadata area size"
msgstr ""
-#: src/cryptsetup.c:3714
+#: src/cryptsetup.c:3492
#, fuzzy
msgid "LUKS2 header keyslots area size"
msgstr "Bestand met reservekopie van LUKS-koptekst en -sleutelplaatsen."
-#: src/cryptsetup.c:3715
+#: src/cryptsetup.c:3493
msgid "Refresh (reactivate) device with new parameters"
msgstr ""
-#: src/cryptsetup.c:3716
+#: src/cryptsetup.c:3494
#, fuzzy
msgid "LUKS2 keyslot: The size of the encryption key"
msgstr "De grootte van de encryptiesleutel"
-#: src/cryptsetup.c:3717
+#: src/cryptsetup.c:3495
msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
msgstr ""
-#: src/cryptsetup.c:3718
+#: src/cryptsetup.c:3496
#, fuzzy
msgid "Encrypt LUKS2 device (in-place encryption)."
msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)."
-#: src/cryptsetup.c:3719
+#: src/cryptsetup.c:3497
#, fuzzy
msgid "Decrypt LUKS2 device (remove encryption)."
msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)."
-#: src/cryptsetup.c:3720
+#: src/cryptsetup.c:3498
msgid "Initialize LUKS2 reencryption in metadata only."
msgstr ""
-#: src/cryptsetup.c:3721
+#: src/cryptsetup.c:3499
msgid "Resume initialized LUKS2 reencryption only."
msgstr ""
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
+#: src/cryptsetup.c:3500 src/cryptsetup_reencrypt.c:1628
msgid "Reduce data device size (move data offset). DANGEROUS!"
msgstr "Grootte van gegevensapparaat wijzigen (gegevenspositie wijzigen). GEVAARLIJK!"
-#: src/cryptsetup.c:3723
+#: src/cryptsetup.c:3501
#, fuzzy
msgid "Maximal reencryption hotzone size."
msgstr "Blokgrootte herencryptie"
-#: src/cryptsetup.c:3724
+#: src/cryptsetup.c:3502
msgid "Reencryption hotzone resilience type (checksum,journal,none)"
msgstr ""
-#: src/cryptsetup.c:3725
+#: src/cryptsetup.c:3503
#, fuzzy
msgid "Reencryption hotzone checksums hash"
msgstr "Blokgrootte herencryptie"
-#: src/cryptsetup.c:3726
+#: src/cryptsetup.c:3504
msgid "Override device autodetection of dm device to be reencrypted"
msgstr ""
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3520 src/veritysetup.c:499 src/integritysetup.c:587
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPTIE…] <actie> <actie-specifiek>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3571 src/veritysetup.c:533 src/integritysetup.c:598
msgid "Argument <action> missing."
msgstr "Argument <actie> ontbreekt."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3640 src/veritysetup.c:564 src/integritysetup.c:629
msgid "Unknown action."
msgstr "Onbekende actie."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
+#: src/cryptsetup.c:3650
+msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
msgstr ""
-#: src/cryptsetup.c:3882
+#: src/cryptsetup.c:3655
+msgid "Options --refresh and --test-passphrase are mutually exclusive.\n"
+msgstr ""
+
+#: src/cryptsetup.c:3660
#, fuzzy
-msgid "Option --deferred is allowed only for close command."
+msgid "Option --deferred is allowed only for close command.\n"
msgstr "Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n"
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
+#: src/cryptsetup.c:3665
+msgid "Option --shared is allowed only for open of plain device.\n"
msgstr "Optie --shared wordt enkel toegestaan voor open-opdracht op plain-apparaat.\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
+#: src/cryptsetup.c:3670
+msgid "Option --allow-discards is allowed only for open operation.\n"
msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
-#: src/cryptsetup.c:3897
+#: src/cryptsetup.c:3675
#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
+msgid "Option --persistent is allowed only for open operation.\n"
msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
-#: src/cryptsetup.c:3902
+#: src/cryptsetup.c:3680
#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation.\n"
msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
-#: src/cryptsetup.c:3907
-#, fuzzy
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
+#: src/cryptsetup.c:3685
+msgid "Option --persistent is not allowed with --test-passphrase.\n"
+msgstr ""
-#: src/cryptsetup.c:3917
+#: src/cryptsetup.c:3695
#, fuzzy
msgid ""
"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
"Optie --key-size is enkel toegestaan bij luksFormat, open en benchmark.\n"
"Om de lezing uit een sleutelbestand te beperken, gebruik --keyfile-size=(bytes)."
-#: src/cryptsetup.c:3923
+#: src/cryptsetup.c:3701
#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n"
msgstr "Optie --align-payload is enkel toegestaan voor luksFormat."
-#: src/cryptsetup.c:3928
-#, fuzzy
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
+#: src/cryptsetup.c:3706
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n"
+msgstr ""
-#: src/cryptsetup.c:3934
+#: src/cryptsetup.c:3712
#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"
msgstr "Optie --allow-discards wordt enkel ondersteund voor de luksOpen-, loopaesOpen- en create-opdrachten.\n"
-#: src/cryptsetup.c:3940
+#: src/cryptsetup.c:3718
#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices.\n"
msgstr "Optie --test-passphrase is enkel toegestaan bij open van LUKS- en TCRYPT-apparaten.\n"
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:3723 src/cryptsetup_reencrypt.c:1701
msgid "Key size must be a multiple of 8 bits"
msgstr "Sleutelgrootte moet een meervoud zijn van 8 bits"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:3729 src/cryptsetup_reencrypt.c:1387
+#: src/cryptsetup_reencrypt.c:1706
msgid "Key slot is invalid."
msgstr "Sleutelplaats is ongeldig."
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3736
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Optie --key-file krijgt voorrang over het gespecificeerde sleutelbestandsargument."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:3743 src/veritysetup.c:576 src/integritysetup.c:650
+#: src/cryptsetup_reencrypt.c:1680
msgid "Negative number for option not permitted."
msgstr "Een negatief getal wordt niet toegestaan voor deze optie."
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3747
msgid "Only one --key-file argument is allowed."
msgstr "Slechts een enkel gebruik van het --key-file argument is toegestaan."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:3751 src/cryptsetup_reencrypt.c:1672
+#: src/cryptsetup_reencrypt.c:1710
msgid "Only one of --use-[u]random options is allowed."
msgstr "Slechts een enkel gebruik van de opties --use-[u]random is toegestaan."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:3755
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "OPtie --use-[u]random is enkel toegestaan bij luksFormat."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:3759
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "Optie --uuid is enkel toegestaan bij luksFormat en luksUUID."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:3763
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "Optie --align-payload is enkel toegestaan voor luksFormat."
-#: src/cryptsetup.c:3989
+#: src/cryptsetup.c:3767
msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
msgstr ""
-#: src/cryptsetup.c:3994
+#: src/cryptsetup.c:3772
#, fuzzy
msgid "Invalid LUKS2 metadata size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/cryptsetup.c:3998
+#: src/cryptsetup.c:3776
#, fuzzy
msgid "Invalid LUKS2 keyslots size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/cryptsetup.c:4002
+#: src/cryptsetup.c:3780
#, fuzzy
msgid "Options --align-payload and --offset cannot be combined."
msgstr "Optie --align-payload is enkel toegestaan voor luksFormat."
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:3786
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "Optie --skip wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n"
-#: src/cryptsetup.c:4015
+#: src/cryptsetup.c:3793
#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption.\n"
msgstr "Optie --offset wordt enkel ondersteund voor open-opdracht op plain- en loopaes-apparaten.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:3799
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "Optie --tcrypt-hidden, --tcrypt-system of --tcrypt-backup wordt enkel ondersteund voor TCRYPT-apparaten.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:3804
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "Optie --tcrypt-hidden kan niet met --allow-discards gecombineerd worden.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
+#: src/cryptsetup.c:3809
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n"
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#: src/cryptsetup.c:3815
+msgid "Invalid argument for parameter --veracrypt-pim supplied.\n"
msgstr ""
-#: src/cryptsetup.c:4041
+#: src/cryptsetup.c:3819
#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n"
-#: src/cryptsetup.c:4049
+#: src/cryptsetup.c:3827
#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Optie --veracrypt wordt enkel ondersteund voor TCRYPT-apparaatstype.\n"
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+#: src/cryptsetup.c:3831
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"
msgstr ""
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
+#: src/cryptsetup.c:3838
+msgid "Option --priority can be only ignore/normal/prefer.\n"
msgstr ""
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
+#: src/cryptsetup.c:3843
+msgid "Keyslot specification is required.\n"
msgstr ""
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+#: src/cryptsetup.c:3848 src/cryptsetup_reencrypt.c:1686
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"
msgstr ""
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
+#: src/cryptsetup.c:3853 src/cryptsetup_reencrypt.c:1691
+msgid "PBKDF forced iterations cannot be combined with iteration time option.\n"
msgstr ""
-#: src/cryptsetup.c:4081
+#: src/cryptsetup.c:3859
#, fuzzy
-msgid "Sector size option is not supported for this command."
+msgid "Sector size option is not supported for this command.\n"
msgstr "Deze operatie wordt niet ondersteund voor dit apparaatstype.\n"
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:3865
+#, fuzzy
+msgid "Unsupported encryption sector size.\n"
+msgstr "Kan herencryptie-logbestand niet lezen.\n"
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
+#: src/cryptsetup.c:3870
+msgid "Key size is required with --unbound option.\n"
msgstr ""
-#: src/cryptsetup.c:4108
+#: src/cryptsetup.c:3875
#, fuzzy
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+msgid "Option --unbound may be used only with luksAddKey action.\n"
msgstr "Optie --new kan niet samen met --decrypt gebruikt worden."
-#: src/cryptsetup.c:4113
+#: src/cryptsetup.c:3880
#, fuzzy
-msgid "Option --refresh may be used only with open action."
+msgid "Option --refresh may be used only with open action.\n"
msgstr "Optie -- keep-key kan enkel samen met --hash of --iter-time gebruikt worden."
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
+#: src/cryptsetup.c:3891
+msgid "Cannot disable metadata locking.\n"
msgstr ""
-#: src/cryptsetup.c:4135
+#: src/cryptsetup.c:3901
#, fuzzy
msgid "Invalid max reencryption hotzone size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
+#: src/cryptsetup.c:3909 src/cryptsetup_reencrypt.c:1715
+#: src/cryptsetup_reencrypt.c:1720
msgid "Invalid device size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/cryptsetup.c:4146
+#: src/cryptsetup.c:3912
#, fuzzy
msgid "Maximum device reduce size is 1 GiB."
msgstr "Maximum apparaatsverkleiningsgrootte is 64 MB."
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
+#: src/cryptsetup.c:3915 src/cryptsetup_reencrypt.c:1726
msgid "Reduce size must be multiple of 512 bytes sector."
msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector."
-#: src/cryptsetup.c:4154
+#: src/cryptsetup.c:3920
#, fuzzy
msgid "Invalid data size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/cryptsetup.c:4159
+#: src/cryptsetup.c:3925
#, fuzzy
msgid "Reduce size overflow."
msgstr "Overloop van apparaatsgegevenspositie.\n"
-#: src/cryptsetup.c:4163
+#: src/cryptsetup.c:3929
msgid "LUKS2 decryption requires option --header."
msgstr ""
-#: src/cryptsetup.c:4167
+#: src/cryptsetup.c:3933
#, fuzzy
msgid "Device size must be multiple of 512 bytes sector."
msgstr "Verkleiningsgrootte moet een meervoud zijn van de 512 bytes-grote sector."
-#: src/cryptsetup.c:4171
+#: src/cryptsetup.c:3937
msgid "Options --reduce-device-size and --data-size cannot be combined."
msgstr ""
-#: src/cryptsetup.c:4175
+#: src/cryptsetup.c:3941
msgid "Options --device-size and --size cannot be combined."
msgstr ""
-#: src/cryptsetup.c:4179
-#, fuzzy
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Opties --ignore-corruption en --restart-on-corruption kunnen niet samen gebruikt worden.\n"
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:66
msgid "Invalid salt string specified."
msgstr "Ongeldige salt-tekenreeks opgegeven."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Kan hashafbeeling %s niet aanmaken voor beschrijving."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:107
#, fuzzy, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Kan hashafbeeling %s niet aanmaken voor beschrijving.\n"
-#: src/veritysetup.c:191
+#: src/veritysetup.c:179
msgid "Invalid root hash string specified."
msgstr "Ongeldige root-hash tekenreeks opgegeven."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:187
#, fuzzy, c-format
msgid "Invalid signature file %s."
msgstr "Ongeldig apparaat %s.\n"
-#: src/veritysetup.c:206
+#: src/veritysetup.c:194
#, fuzzy, c-format
msgid "Cannot read signature file %s."
msgstr "Kan sleutelbestand %s niet lezen.\n"
-#: src/veritysetup.c:406
+#: src/veritysetup.c:392
msgid "<data_device> <hash_device>"
msgstr "<gegevensapparaat> <hash-apparaat>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:392 src/integritysetup.c:473
msgid "format device"
msgstr "apparaat formateren"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:393
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<gegevensapparaat> <hash-apparaat> <root-hash>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:393
msgid "verify device"
msgstr "apparaat controleren"
-#: src/veritysetup.c:408
+#: src/veritysetup.c:394
#, fuzzy
msgid "<data_device> <name> <hash_device> <root_hash>"
msgstr "<gegevensapparaat> <hash-apparaat> <root-hash>"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:396 src/integritysetup.c:476
msgid "show active device status"
msgstr "status van actief apparaat tonen"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:397
msgid "<hash_device>"
msgstr "<hash-apparaat>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:397 src/integritysetup.c:477
msgid "show on-disk information"
msgstr "on-disk informatie tonen"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:416
#, c-format
msgid ""
"\n"
"<hash-apparaat> is de naam van het apparaat dat de verificatiegegevens bevat\n"
"<root-hash> is de hash van de rootnode op <hash-apparaat>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:423
#, c-format
msgid ""
"\n"
"Standaard meegecompileerde dm-verity parameters:\n"
"\tHash: %s, Datablok (bytes): %u, Hashblock (bytes): %u, Saltgrootte: %u, Hashformaat: %u\n"
-#: src/veritysetup.c:481
+#: src/veritysetup.c:466
msgid "Do not use verity superblock"
msgstr "VERITY-superblok niet gebruiken"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:467
msgid "Format type (1 - normal, 0 - original Chrome OS)"
msgstr "Formaatstype (1 - normaal, 0 - origineel Chrome OS)"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:467
msgid "number"
msgstr "nummer"
-#: src/veritysetup.c:483
+#: src/veritysetup.c:468
msgid "Block size on the data device"
msgstr "Blokgrootte op het gegevensapparaat"
-#: src/veritysetup.c:484
+#: src/veritysetup.c:469
msgid "Block size on the hash device"
msgstr "Blokgrootte op het hash-apparaat"
-#: src/veritysetup.c:485
+#: src/veritysetup.c:470
msgid "FEC parity bytes"
msgstr ""
-#: src/veritysetup.c:486
+#: src/veritysetup.c:471
msgid "The number of blocks in the data file"
msgstr "Aantal blokken in het gegevensbestand"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:471
msgid "blocks"
msgstr "blokken"
-#: src/veritysetup.c:487
+#: src/veritysetup.c:472
msgid "Path to device with error correction data"
msgstr ""
-#: src/veritysetup.c:487 src/integritysetup.c:566
+#: src/veritysetup.c:472 src/integritysetup.c:543
msgid "path"
msgstr ""
-#: src/veritysetup.c:488
+#: src/veritysetup.c:473
msgid "Starting offset on the hash device"
msgstr "De startplaats op het hash-apparaat"
-#: src/veritysetup.c:489
+#: src/veritysetup.c:474
#, fuzzy
msgid "Starting offset on the FEC device"
msgstr "De startplaats op het hash-apparaat"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:475
msgid "Hash algorithm"
msgstr "Hash-algoritme"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:475
msgid "string"
msgstr "tekenreeks"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:476
msgid "Salt"
msgstr "Salt"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:476
msgid "hex string"
msgstr "hex-tekenreeks"
-#: src/veritysetup.c:493
+#: src/veritysetup.c:478
#, fuzzy
msgid "Path to root hash signature file"
msgstr "Creatie hash-gebied gefaald.\n"
-#: src/veritysetup.c:494
+#: src/veritysetup.c:479
msgid "Restart kernel if corruption is detected"
msgstr "Kernel herstarten bij ontdekking van corruptie"
-#: src/veritysetup.c:495
-#, fuzzy
-msgid "Panic kernel if corruption is detected"
-msgstr "Kernel herstarten bij ontdekking van corruptie"
-
-#: src/veritysetup.c:496
+#: src/veritysetup.c:480
msgid "Ignore corruption, log it only"
msgstr "Datacorruptie negeren, enkel loggen"
-#: src/veritysetup.c:497
+#: src/veritysetup.c:481
msgid "Do not verify zeroed blocks"
msgstr "Op nul ingestelde blokken niet controleren"
-#: src/veritysetup.c:498
+#: src/veritysetup.c:482
msgid "Verify data block only the first time it is read"
msgstr ""
-#: src/veritysetup.c:600
+#: src/veritysetup.c:582
#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"
msgstr "Opties --ignore-corruption, --restart-on-corruption of --ignore-zero-blocks kunnen enkel bij een create-operatie gebruikt worden.\n"
-#: src/veritysetup.c:605
+#: src/veritysetup.c:587
#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
+msgid "Option --root-hash-signature can be used only for open operation.\n"
msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
-#: src/veritysetup.c:610
-#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Opties --ignore-corruption en --restart-on-corruption kunnen niet samen gebruikt worden.\n"
-
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+#: src/veritysetup.c:592
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
msgstr "Opties --ignore-corruption en --restart-on-corruption kunnen niet samen gebruikt worden.\n"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Ongeldige sleutelgrootte."
-
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:83 src/utils_password.c:305
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Kan sleutelbestand %s niet lezen."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/integritysetup.c:87 src/utils_password.c:310
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Kan %d bytes uit sleutelbestand %s niet lezen."
-#: src/integritysetup.c:266
+#: src/integritysetup.c:253
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr ""
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:473 src/integritysetup.c:477
#, fuzzy
msgid "<integrity_device>"
msgstr "apparaat controleren"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:474
msgid "<integrity_device> <name>"
msgstr ""
-#: src/integritysetup.c:515
+#: src/integritysetup.c:496
#, fuzzy, c-format
msgid ""
"\n"
"<hash-apparaat> is de naam van het apparaat dat de verificatiegegevens bevat\n"
"<root-hash> is de hash van de rootnode op <hash-apparaat>\n"
-#: src/integritysetup.c:520
+#: src/integritysetup.c:501
#, c-format
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
msgstr ""
-#: src/integritysetup.c:566
+#: src/integritysetup.c:543
msgid "Path to data device (if separated)"
msgstr ""
-#: src/integritysetup.c:568
+#: src/integritysetup.c:545
msgid "Journal size"
msgstr ""
-#: src/integritysetup.c:569
+#: src/integritysetup.c:546
msgid "Interleave sectors"
msgstr ""
-#: src/integritysetup.c:570
+#: src/integritysetup.c:547
msgid "Journal watermark"
msgstr ""
-#: src/integritysetup.c:570
+#: src/integritysetup.c:547
msgid "percent"
msgstr ""
-#: src/integritysetup.c:571
+#: src/integritysetup.c:548
msgid "Journal commit time"
msgstr ""
-#: src/integritysetup.c:571 src/integritysetup.c:573
+#: src/integritysetup.c:548 src/integritysetup.c:550
msgid "ms"
msgstr ""
-#: src/integritysetup.c:572
+#: src/integritysetup.c:549
msgid "Number of 512-byte sectors per bit (bitmap mode)."
msgstr ""
-#: src/integritysetup.c:573
+#: src/integritysetup.c:550
msgid "Bitmap mode flush time"
msgstr ""
-#: src/integritysetup.c:574
+#: src/integritysetup.c:551
msgid "Tag size (per-sector)"
msgstr ""
-#: src/integritysetup.c:575
+#: src/integritysetup.c:552
msgid "Sector size"
msgstr ""
-#: src/integritysetup.c:576
+#: src/integritysetup.c:553
msgid "Buffers size"
msgstr ""
-#: src/integritysetup.c:578
+#: src/integritysetup.c:555
msgid "Data integrity algorithm"
msgstr ""
-#: src/integritysetup.c:579
+#: src/integritysetup.c:556
#, fuzzy
msgid "The size of the data integrity key"
msgstr "De grootte van de encryptiesleutel"
-#: src/integritysetup.c:580
+#: src/integritysetup.c:557
#, fuzzy
msgid "Read the integrity key from a file"
msgstr "De sleutel uit een bestand lezen."
-#: src/integritysetup.c:582
+#: src/integritysetup.c:559
msgid "Journal integrity algorithm"
msgstr ""
-#: src/integritysetup.c:583
+#: src/integritysetup.c:560
#, fuzzy
msgid "The size of the journal integrity key"
msgstr "De grootte van de encryptiesleutel"
-#: src/integritysetup.c:584
+#: src/integritysetup.c:561
#, fuzzy
msgid "Read the journal integrity key from a file"
msgstr "De sleutel uit een bestand lezen."
-#: src/integritysetup.c:586
+#: src/integritysetup.c:563
msgid "Journal encryption algorithm"
msgstr ""
-#: src/integritysetup.c:587
+#: src/integritysetup.c:564
#, fuzzy
msgid "The size of the journal encryption key"
msgstr "De grootte van de encryptiesleutel"
-#: src/integritysetup.c:588
+#: src/integritysetup.c:565
#, fuzzy
msgid "Read the journal encryption key from a file"
msgstr "De sleutel uit een bestand lezen."
-#: src/integritysetup.c:591
+#: src/integritysetup.c:568
msgid "Recovery mode (no journal, no tag checking)"
msgstr ""
-#: src/integritysetup.c:592
+#: src/integritysetup.c:569
msgid "Use bitmap to track changes and disable journal for integrity device"
msgstr ""
-#: src/integritysetup.c:593
+#: src/integritysetup.c:570
msgid "Recalculate initial tags automatically."
msgstr ""
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
+#: src/integritysetup.c:641
#, fuzzy
msgid "Option --integrity-recalculate can be used only for open action."
msgstr "Optie --allow-discards wordt enkel toegestaan voor de open-operatie.\n"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#: src/integritysetup.c:656
+msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n"
msgstr ""
-#: src/integritysetup.c:698
+#: src/integritysetup.c:662
#, fuzzy
msgid "Invalid journal size specification."
msgstr "Ongeldig apparaatsgrootte ingegeven."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:667
msgid "Both key file and key size options must be specified."
msgstr ""
-#: src/integritysetup.c:708
+#: src/integritysetup.c:670
+msgid "Integrity algorithm must be specified if integrity key is used."
+msgstr ""
+
+#: src/integritysetup.c:675
msgid "Both journal integrity key file and key size options must be specified."
msgstr ""
-#: src/integritysetup.c:711
+#: src/integritysetup.c:678
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr ""
-#: src/integritysetup.c:716
+#: src/integritysetup.c:683
msgid "Both journal encryption key file and key size options must be specified."
msgstr ""
-#: src/integritysetup.c:719
+#: src/integritysetup.c:686
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr ""
-#: src/integritysetup.c:723
+#: src/integritysetup.c:690
msgid "Recovery and bitmap mode options are mutually exclusive."
msgstr ""
-#: src/integritysetup.c:727
+#: src/integritysetup.c:694
msgid "Journal options cannot be used in bitmap mode."
msgstr ""
-#: src/integritysetup.c:731
+#: src/integritysetup.c:698
msgid "Bitmap options can be used only in bitmap mode."
msgstr ""
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:172
msgid "Reencryption already in-progress."
msgstr "Herencryptie is al bezig"
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:201
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "Kan %s niet exclusief openen, apparaat wordt gebruikt."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:215 src/cryptsetup_reencrypt.c:1128
msgid "Allocation of aligned memory failed."
msgstr "Reservering van uitgelijnd geheugen gefaald."
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:222
#, c-format
msgid "Cannot read device %s."
msgstr "Kan apparaat niet lezen: %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:233
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "LUKS1-apparaat %s wordt als onbruikbaar gemarkeerd."
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:237
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:254
#, c-format
msgid "Cannot write device %s."
msgstr "Kan apparaat %s niet beschrijven."
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:302
msgid "Cannot write reencryption log file."
msgstr "Kan herencryptie-logbestand niet schrijven."
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:358
msgid "Cannot read reencryption log file."
msgstr "Kan herencryptie-logbestand niet lezen."
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:396
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Logbestand %s bestaat reeds, herencryptie wordt herstart.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:445
msgid "Activating temporary device using old LUKS header."
msgstr "Activatie van tijdelijke apparaat met oude LUKS-koptekst."
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:455
msgid "Activating temporary device using new LUKS header."
msgstr "Activatie van tijdelijke apparaat met nieuwe LUKS-koptekst."
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:465
msgid "Activation of temporary devices failed."
msgstr "Activatie van tijdelijke apparaten gefaald."
-#: src/cryptsetup_reencrypt.c:577
+#: src/cryptsetup_reencrypt.c:552
msgid "Failed to set data offset."
msgstr ""
-#: src/cryptsetup_reencrypt.c:583
+#: src/cryptsetup_reencrypt.c:558
msgid "Failed to set metadata size."
msgstr ""
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:566
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Nieuwe LUKS-koptekst voor apparaat %s aangemaakt."
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:626
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr ""
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:648
msgid "Failed to read activation flags from backup header."
msgstr ""
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:652
#, fuzzy
msgid "Failed to write activation flags to new header."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:656 src/cryptsetup_reencrypt.c:660
#, fuzzy
msgid "Failed to read requirements from backup header."
msgstr "Lezen uit sleutelopslag is mislukt."
-#: src/cryptsetup_reencrypt.c:723
+#: src/cryptsetup_reencrypt.c:698
#, c-format
msgid "%s header backup of device %s created."
msgstr "Reservekopie van %s-koptekst op apparaat %s is aangemaakt."
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:761
msgid "Creation of LUKS backup headers failed."
msgstr "Creatie van LUKS-reservekopteksten gefaald."
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:894
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "Kan %s-koptekst op apparaat %s niet herstellen."
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:896
#, c-format
msgid "%s header on device %s restored."
msgstr "%s-koptekst op apparaat %s is hersteld."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:1100 src/cryptsetup_reencrypt.c:1106
msgid "Cannot open temporary LUKS device."
msgstr "Kan tijdelijk LUKS-apparaat niet openen."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1111 src/cryptsetup_reencrypt.c:1116
msgid "Cannot get device size."
msgstr "Kan apparaatgrootte niet lezen."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1151
msgid "IO error during reencryption."
msgstr "Invoer/uitvoerfout tijdens herencryptie."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1182
msgid "Provided UUID is invalid."
msgstr "Opgegeven UUID is ongeldig."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1416
msgid "Cannot open reencryption log file."
msgstr "Kan herencryptie-logbestand niet openen."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1422
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "Er is geen ontsleutelingsproces aan de gang. Het opgegeven UUID kan enkel gebruikt worden om een geschorst ontsleutelingsproces opnieuw te starten."
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1497
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr ""
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1609
msgid "Reencryption block size"
msgstr "Blokgrootte voor herencryptie"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1609
msgid "MiB"
msgstr "MiB"
-#: src/cryptsetup_reencrypt.c:1640
+#: src/cryptsetup_reencrypt.c:1613
msgid "Do not change key, no data area reencryption"
msgstr "Sleutel niet wijzigen; gegevensgebied wordt niet opnieuw versleuteld"
-#: src/cryptsetup_reencrypt.c:1642
+#: src/cryptsetup_reencrypt.c:1615
msgid "Read new volume (master) key from file"
msgstr "De (hoofd)sleutel tot het opslagmedium uit een bestand lezen"
-#: src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup_reencrypt.c:1616
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "PBKDF2 herhalingstijd voor LUKS (in ms)"
-#: src/cryptsetup_reencrypt.c:1649
+#: src/cryptsetup_reencrypt.c:1622
msgid "Use direct-io when accessing devices"
msgstr "'direct-io' gebruiken bij het lezen van apparaten"
-#: src/cryptsetup_reencrypt.c:1650
+#: src/cryptsetup_reencrypt.c:1623
msgid "Use fsync after each block"
msgstr "Na elk blok 'fsync' gebruiken"
-#: src/cryptsetup_reencrypt.c:1651
+#: src/cryptsetup_reencrypt.c:1624
msgid "Update log file after every block"
msgstr "Na elk blok het logbestand bijwerken"
-#: src/cryptsetup_reencrypt.c:1652
+#: src/cryptsetup_reencrypt.c:1625
msgid "Use only this slot (others will be disabled)"
msgstr "Enkel deze plaats gebruiken (anderen worden uitgeschakeld)"
-#: src/cryptsetup_reencrypt.c:1657
+#: src/cryptsetup_reencrypt.c:1630
msgid "Create new header on not encrypted device"
msgstr "Nieuwe koptekst op niet-versleuteld apparaat invoeren"
-#: src/cryptsetup_reencrypt.c:1658
+#: src/cryptsetup_reencrypt.c:1631
msgid "Permanently decrypt device (remove encryption)"
msgstr "Apparaat permanent ontsleutelen (encryptie verwijderen)"
-#: src/cryptsetup_reencrypt.c:1659
+#: src/cryptsetup_reencrypt.c:1632
msgid "The UUID used to resume decryption"
msgstr "Het UUID om de ontsleuteling te hervatten"
-#: src/cryptsetup_reencrypt.c:1660
+#: src/cryptsetup_reencrypt.c:1633
msgid "Type of LUKS metadata: luks1, luks2"
msgstr "Soorten apparaat-metadata: luks, plain, loopaes, tcrypt"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1652
msgid "[OPTION...] <device>"
msgstr "[OPTIE...] <apparaat>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1660
#, fuzzy, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "Herencryptie zal sleutel tot het opslagmedium %s%s%s%s wijzigen.\n"
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1661
msgid "volume key"
msgstr ""
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1663
#, fuzzy
msgid "set hash to "
msgstr ", stel hash in op "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1664
msgid ", set cipher to "
msgstr ", stel sleutelalgoritme in op "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1668
msgid "Argument required."
msgstr "Argument is vereist."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1696
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Enkel waarden tussen 1 MB en 64 MB zijn toegestaan als herencryptieblokgrootte."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1723
msgid "Maximum device reduce size is 64 MiB."
msgstr "Maximum apparaatsverkleiningsgrootte is 64 MB."
-#: src/cryptsetup_reencrypt.c:1757
+#: src/cryptsetup_reencrypt.c:1730
#, fuzzy
msgid "Option --new must be used together with --reduce-device-size or --header."
msgstr "Optie --new moet samen met --reduce-device-size gebruikt worden."
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1734
#, fuzzy
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "Optie -- keep-key kan enkel samen met --hash of --iter-time gebruikt worden."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1738
msgid "Option --new cannot be used together with --decrypt."
msgstr "Optie --new kan niet samen met --decrypt gebruikt worden."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1742
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "Optie --decrypt is niet verenigbaar met de verschafte parameters."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1746
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "Optie --uuid kan enkel samen met --decrypt gebruikt worden."
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1750
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr ""
msgid "Command failed with code %i (%s).\n"
msgstr "Opdracht is mislukt met code %i"
-#: src/utils_tools.c:284
+#: src/utils_tools.c:283
#, fuzzy, c-format
msgid "Key slot %i created."
msgstr "Sleutelplaats %d werd gewijzigd.\n"
-#: src/utils_tools.c:286
+#: src/utils_tools.c:285
#, fuzzy, c-format
msgid "Key slot %i unlocked."
msgstr "Sleutelplaats %d is ontgrendeld.\n"
-#: src/utils_tools.c:288
+#: src/utils_tools.c:287
#, fuzzy, c-format
msgid "Key slot %i removed."
msgstr "Sleutelplaats %d is ontgrendeld.\n"
-#: src/utils_tools.c:297
+#: src/utils_tools.c:296
#, c-format
msgid "Token %i created."
msgstr ""
-#: src/utils_tools.c:299
+#: src/utils_tools.c:298
#, c-format
msgid "Token %i removed."
msgstr ""
-#: src/utils_tools.c:465
+#: src/utils_tools.c:464
msgid ""
"\n"
"Wipe interrupted."
msgstr ""
-#: src/utils_tools.c:476
+#: src/utils_tools.c:475
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr ""
-#: src/utils_tools.c:484
+#: src/utils_tools.c:483
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr ""
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_tools.c:504 src/utils_tools.c:568
#, fuzzy
msgid "Failed to initialize device signature probes."
msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen."
-#: src/utils_tools.c:549
+#: src/utils_tools.c:548
#, fuzzy, c-format
msgid "Failed to stat device %s."
msgstr "Kan status van sleutelbestand niet opvragen.\n"
-#: src/utils_tools.c:562
+#: src/utils_tools.c:561
#, c-format
msgid "Device %s is in use. Can not proceed with format operation."
msgstr ""
-#: src/utils_tools.c:564
+#: src/utils_tools.c:563
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr ""
-#: src/utils_tools.c:578
+#: src/utils_tools.c:577
#, c-format
msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
msgstr ""
-#: src/utils_tools.c:581
+#: src/utils_tools.c:580
#, c-format
msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
msgstr ""
-#: src/utils_tools.c:584
+#: src/utils_tools.c:583
#, fuzzy
msgid "Failed to wipe device signature."
msgstr "Schrijven naar sleutelopslag is mislukt.\n"
-#: src/utils_tools.c:591
+#: src/utils_tools.c:590
#, fuzzy, c-format
msgid "Failed to probe device %s for a signature."
msgstr "Kan geen map voor de apparaatstoewijzer verkrijgen."
-#: src/utils_tools.c:622
+#: src/utils_tools.c:629
#, fuzzy
msgid ""
"\n"
"Reencryption interrupted."
msgstr "Blokgrootte herencryptie"
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:43 src/utils_password.c:75
#, fuzzy, c-format
msgid "Cannot check password quality: %s"
msgstr "Kan wachtwoordkwaliteit niet nakijken: %s\n"
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Wachtwoordkwaliteitscontrole gefaald: wachtwoord is van slechte kwaliteit (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:193 src/utils_password.c:208
msgid "Error reading passphrase from terminal."
msgstr "Fout bij het lezen van het wachtwoord uit de terminal."
-#: src/utils_password.c:240
+#: src/utils_password.c:206
msgid "Verify passphrase: "
msgstr "Voer wachtwoord nogmaals in: "
-#: src/utils_password.c:247
+#: src/utils_password.c:213
msgid "Passphrases do not match."
msgstr "Wachtwoorden komen niet overeen."
-#: src/utils_password.c:284
+#: src/utils_password.c:250
msgid "Cannot use offset with terminal input."
msgstr "Kan de gegevenspositie niet via terminalinvoer gebruiken."
-#: src/utils_password.c:287
+#: src/utils_password.c:253
#, c-format
msgid "Enter passphrase: "
msgstr "Voer wachtwoord in: "
-#: src/utils_password.c:290
+#: src/utils_password.c:256
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Voer wachtwoord in voor %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:287
msgid "No key available with this passphrase."
msgstr "Geen sleutel beschikbaar met dit wachtwoord."
-#: src/utils_password.c:323
+#: src/utils_password.c:289
msgid "No usable keyslot is available."
msgstr ""
-#: src/utils_password.c:365
+#: src/utils_password.c:328
#, fuzzy, c-format
msgid "Cannot open keyfile %s for write."
msgstr "Kan bestand %s niet openen.\n"
-#: src/utils_password.c:372
+#: src/utils_password.c:335
#, fuzzy, c-format
msgid "Cannot write to keyfile %s."
msgstr "Kan sleutelbestand %s niet lezen.\n"
msgid "Failed to write JSON file."
msgstr "Openen van sleutelbestand is mislukt.\n"
-#, fuzzy
-#~ msgid "Wrong key size."
-#~ msgstr "Ongeldige sleutelgrootte.\n"
-
-#~ msgid "Invalid size parameters for verity device."
-#~ msgstr "Ongeldige grootteparameters voor VERITY-apparaat."
-
-#, c-format
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Versleutelalgoritme %s is niet beschikbaar."
-
-#, fuzzy
-#~ msgid "Unsupported encryption sector size.\n"
-#~ msgstr "Kan herencryptie-logbestand niet lezen.\n"
-
#~ msgid "Replaced with key slot %d.\n"
#~ msgstr "Vervangen door sleutelplaats %d.\n"
#~ msgid "(Obsoleted, see man page.)"
#~ msgstr "(Verouderd, zie man-pagina.)"
+
+#~ msgid "%s is not LUKS device.\n"
+#~ msgstr "%s is geen LUKS-apparaat.\n"
# Polish translation for cryptsetup.
# Copyright (C) 2010 Free Software Foundation, Inc.
# This file is put in the public domain.
-# Jakub Bogusz <qboosh@pld-linux.org>, 2010-2021.
+# Jakub Bogusz <qboosh@pld-linux.org>, 2010-2022.
#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-22 19:00+0200\n"
+"Project-Id-Version: cryptsetup 2.6.0-rc1\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2022-11-20 12:38+0100\n"
+"PO-Revision-Date: 2022-11-20 20:45+0100\n"
"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
"Language: pl\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Nie można zainicjować device-mappera w czasie działania jako nie-root."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Nie można zainicjować device-mappera. Czy moduł jądra dm_mod jest wczytany?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "Żądana flaga odroczona nie jest obsługiwana."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID dla urządzenia %s został skrócony."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Nieznany typ celu dm."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Żądane opcje dm-crypta dotyczące wydajności nie są obsługiwane."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Żądane opcje dm-verity dotyczące obsługi uszkodzenia danych nie są obsługiwane."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Żądana opcja taskletów dm-verity nie jest obsługiwana."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Żądane opcje FEC dm-verity nie są obsługiwane."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Żądane opcje integralności danych nie są obsługiwane."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "Żądana opcja sector_size nie jest obsługiwana."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Żądane automatyczne przeliczenie znaczników integralności nie jest obsługiwane."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Porzucenie/TRIM nie jest obsługiwane."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Żądany tryb bitmapy dm-integrity nie jest obsługiwany."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Nie udało się odpytać segmentu dm-%s."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Entropia w systemie wyczerpała się w trakcie generowania klucza wolumenu.\n"
"Proszę poruszać myszą albo wpisać trochę tekstu w innym oknie w celu zebrania zdarzeń losowych.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Generowanie klucza (gotowe %d%%).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Działanie w trybie FIPS."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "Błąd krytyczny w trakcie inicjalizacji RNG."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Nieznane żądanie jakości RNG."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Błąd odczytu z RNG."
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Nie można zainicjować backendu kryptograficznego RNG."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Nie można zainicjować backendu kryptograficznego."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2139 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Algorytm skrótu %s nie jest obsługiwany."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Błąd przetwarzania klucza (użyto algorytmu skrótu %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Nie można określić rodzaju urządzenia. Niezgodny sposób uaktywniania urządzenia?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3308
msgid "This operation is supported only for LUKS device."
msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Ta operacja jest obsługiwana tylko dla urządzeń LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:430 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Wszyskie miejsca na klucze są pełne."
-#: lib/setup.c:434
+#: lib/setup.c:441
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Numer klucza %d jest błędny, proszę wybrać wartość między 0 a %d."
-#: lib/setup.c:440
+#: lib/setup.c:447
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Miejsce na klucz %d jest pełne, proszę wybrać inne."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:532 lib/setup.c:3030
msgid "Device size is not aligned to device logical block size."
msgstr "Rozmiar urządzenia nie jest wyrównany do rozmiaru bloku logicznego urządzenia."
-#: lib/setup.c:624
+#: lib/setup.c:630
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Wykryto nagłówek, ale urządzenie %s jest zbyt małe."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:671 lib/setup.c:2930 lib/setup.c:4275
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Ta operacja nie jest obsługiwana dla tego rodzaju urządzenia."
-#: lib/setup.c:666
+#: lib/setup.c:676
msgid "Illegal operation with reencryption in-progress."
msgstr "Niedozwolona operacja w trakcie ponownego szyfrowania."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:762
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Nie udało się wycofać zmian w metadanych LUKS2 w pamięci."
+
+#: lib/setup.c:849 lib/luks1/keymanage.c:247 lib/luks1/keymanage.c:525
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1433
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS."
+
+#: lib/setup.c:852 lib/luks1/keymanage.c:528
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Nieobsługiwana wersja LUKS %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1479 lib/setup.c:2679 lib/setup.c:2761 lib/setup.c:2773
+#: lib/setup.c:2940 lib/setup.c:4752
#, c-format
msgid "Device %s is not active."
msgstr "Urządzenie %s nie jest aktywne."
-#: lib/setup.c:1444
+#: lib/setup.c:1496
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Urządzenie stojące za urządzeniem szyfrowanym %s zniknęło."
-#: lib/setup.c:1524
+#: lib/setup.c:1578
msgid "Invalid plain crypt parameters."
msgstr "Błędne parametry szyfru plain."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1583 lib/setup.c:2042
msgid "Invalid key size."
msgstr "Błędny rozmiar klucza."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1588 lib/setup.c:2047 lib/setup.c:2250
msgid "UUID is not supported for this crypt type."
msgstr "UUID nie jest obsługiwany dla tego rodzaju szyfrowania."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1593 lib/setup.c:2052
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Osobne urządzenie metadanych nie jest obsługiwane dla tego rodzaju szyfrowania."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1603 lib/setup.c:1819 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Nieobsługiwany rozmiar sektora szyfrowania."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1611 lib/setup.c:1947 lib/setup.c:3024
msgid "Device size is not aligned to requested sector size."
msgstr "Rozmiar urządzenia nie jest wyrównany do żądanego rozmiaru sektura."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1663 lib/setup.c:1787
msgid "Can't format LUKS without device."
msgstr "Nie można sformatować LUKS-a bez urządzenia."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1669 lib/setup.c:1793
msgid "Requested data alignment is not compatible with data offset."
msgstr "Żądane wyrównanie metadanych nie jest zgodne z offsetem danych."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "UWAGA: offset danych leży poza obecnie dostępnym urządzeniem danych.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1744 lib/setup.c:1964 lib/setup.c:1985 lib/setup.c:2262
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Nie można wymazać nagłówka na urządzeniu %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1757 lib/setup.c:2024
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Urządzenie %s jest zbyt małe do uaktywnienia, nie ma miejsca pozostałego na dane.\n"
+
+#: lib/setup.c:1828
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "UWAGA: uaktywnienie urządzenia się nie powiedzie, dm-crypt nie ma obsługi żądanego rozmiaru sektora szyfrowania.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1851
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Klucz wolumenu jest zbyt mały do szyfrowania z rozszerzeniami integralności."
-#: lib/setup.c:1821
+#: lib/setup.c:1911
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Szyfr %s-%s (rozmiar klucza w bitach: %zd) nie jest dostępny."
-#: lib/setup.c:1854
+#: lib/setup.c:1937
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "UWAGA: rozmiar metadanych LUKS2 zmienił się na %<PRIu64> (w bajtach).\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1941
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "UWAGA: rozmiar obszaru kluczy LUKS2 zmienił się na %<PRIu64> (w bajtach).\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1967 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Urządzenie %s jest zbyt małe."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1978 lib/setup.c:2004
#, c-format
msgid "Cannot format device %s in use."
msgstr "Nie można sformatować urządzenia %s, które jest w użyciu."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1981 lib/setup.c:2007
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Nie można sformatować urządzenia %s, brak uprawnień."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1993 lib/setup.c:2322
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Nie można sformatować integralności dla urządzenia %s."
-#: lib/setup.c:1926
+#: lib/setup.c:2011
#, c-format
msgid "Cannot format device %s."
msgstr "Nie można sformatować urządzenia %s."
-#: lib/setup.c:1944
+#: lib/setup.c:2037
msgid "Can't format LOOPAES without device."
msgstr "Nie można sformatować urządzenia LUKSAES bez urządzenia."
-#: lib/setup.c:1989
+#: lib/setup.c:2082
msgid "Can't format VERITY without device."
msgstr "Nie można sformatować VERITY bez urządzenia."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2093 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Nieobsługiwany typ hasza VERITY %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2099 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Nieobsługiwany rozmiar bloku VERITY."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2104 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Nieobsługiwany offset hasza VERITY."
-#: lib/setup.c:2016
+#: lib/setup.c:2109
msgid "Unsupported VERITY FEC offset."
msgstr "Nieobsługiwany offset FEC VERITY."
-#: lib/setup.c:2040
+#: lib/setup.c:2133
msgid "Data area overlaps with hash area."
msgstr "Obszar danych zachodzi na obszar skrótów."
-#: lib/setup.c:2065
+#: lib/setup.c:2158
msgid "Hash area overlaps with FEC area."
msgstr "Obszar skrótu zachodzi na obszar FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:2165
msgid "Data area overlaps with FEC area."
msgstr "Obszar danych zachodzi na obszar FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2301
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "UWAGA: żądany rozmiar znacznika %d B różni się od rozmiaru wyjścia %s (%d B).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2380
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Nieznany typ żądanego urządzenia szyfrującego %s."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2687 lib/setup.c:2766 lib/setup.c:2779
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Nieobsługiwane parametry urządzenia %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2693 lib/setup.c:2786 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Niezgodne parametry dla urządzenia %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2810
msgid "Crypt devices mismatch."
msgstr "Urządzenia szyfrowane nie zgadzają się."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2847 lib/setup.c:2852 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Nie udało się przeładować urządzenia %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2858 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Nie udało się wstrzymać urządzenia %s."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2870 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Nie udało wznowić urządzenia %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2885
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Błąd krytyczny przy przeładowywaniu urządzenia %s (w oparciu o urządzenie %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2888 lib/setup.c:2890
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Nie udało się przełączyć urządzenia %s na dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2972
msgid "Cannot resize loop device."
msgstr "Nie można zmienić rozmiaru urządzenia loopback."
-#: lib/setup.c:2890
+#: lib/setup.c:3015
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "UWAGA: maksymalny rozmiar jest już ustawiony lub jądro nie obsługuje zmiany rozmiaru.\n"
+
+#: lib/setup.c:3076
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Zmiana rozmiaru nie powiodła się, jądro tego nie obsługuje."
+
+#: lib/setup.c:3108
msgid "Do you really want to change UUID of device?"
msgstr "Czy na pewno zmienić UUID urządzenia?"
-#: lib/setup.c:2966
+#: lib/setup.c:3200
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Plik nagłówka kopii zapasowej nie zawiera zgodnego nagłówka LUKS."
-#: lib/setup.c:3066
+#: lib/setup.c:3316
#, c-format
msgid "Volume %s is not active."
msgstr "Wolumen %s nie jest aktywny."
-#: lib/setup.c:3077
+#: lib/setup.c:3327
#, c-format
msgid "Volume %s is already suspended."
msgstr "Wolumen %s już został wstrzymany."
-#: lib/setup.c:3090
+#: lib/setup.c:3340
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Wstrzymywanie nie jest obsługiwane dla urządzenia %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3342
#, c-format
msgid "Error during suspending device %s."
msgstr "Błąd podczas wstrzymywania urządzenia %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3377
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Wznawianie nie jest obsługiwane dla urządzenia %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3379
#, c-format
msgid "Error during resuming device %s."
msgstr "Błąd podczas wznawiania urządzenia %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3413 lib/setup.c:3461 lib/setup.c:3532 lib/setup.c:3577
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Wolumen %s nie jest wstrzymany."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3547 lib/setup.c:4528 lib/setup.c:4541 lib/setup.c:4549
+#: lib/setup.c:4562 lib/setup.c:6145 lib/setup.c:6167 lib/setup.c:6216
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Klucz wolumenu nie pasuje do wolumenu."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano klucza wolumenu."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3725
msgid "Failed to swap new key slot."
msgstr "Nie udało się podstawić nowego klucza."
-#: lib/setup.c:3673
+#: lib/setup.c:3823
#, c-format
msgid "Key slot %d is invalid."
msgstr "Numer klucza %d jest nieprawidłowy."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3829 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "Klucz %d nie jest aktywny."
-#: lib/setup.c:3698
+#: lib/setup.c:3848
msgid "Device header overlaps with data area."
msgstr "Nagłówek urządzenia zachodzi na obszar danych."
-#: lib/setup.c:3992
+#: lib/setup.c:4153
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Ponowne szyfrowanie trwa. Nie można uaktywnić urządzenia."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4155 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Nie udało się uzyskać blokady ponownego szyfrowania."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4168 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "Odtwarzanie ponownego szyfrowania LUKS2 nie powiodło się."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4340 lib/setup.c:4606
msgid "Device type is not properly initialized."
msgstr "Typ urządzenia nie został właściwie zainicjalizowany."
-#: lib/setup.c:4223
+#: lib/setup.c:4388
#, c-format
msgid "Device %s already exists."
msgstr "Urządzenie %s już istnieje."
-#: lib/setup.c:4230
+#: lib/setup.c:4395
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Nie można użyć urządzenia %s, nazwa jest nieprawidłowa lub nadal w użyciu."
-#: lib/setup.c:4350
+#: lib/setup.c:4515
msgid "Incorrect volume key specified for plain device."
msgstr "Podano niewłaściwy klucz wolumenu dla zwykłego urządzenia."
-#: lib/setup.c:4463
+#: lib/setup.c:4632
msgid "Incorrect root hash specified for verity device."
msgstr "Podano niewłaściwy hasz główny dla urządzenia VERITY."
-#: lib/setup.c:4470
+#: lib/setup.c:4642
msgid "Root hash signature required."
msgstr "Wymagany podpis hasza głównego."
-#: lib/setup.c:4479
+#: lib/setup.c:4651
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Brak pęku kluczy w jądrze: wymagany do przekazania podpisu do jądra."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4668 lib/setup.c:6411
msgid "Failed to load key in kernel keyring."
msgstr "Nie udało się załadować klucza do pęku kluczy w jądrze."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4724
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Nie udało się anulować opóźnionego usuwania z urządzenia %s."
+
+#: lib/setup.c:4731 lib/setup.c:4747 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Urządzenie %s jest nadal w użyciu."
-#: lib/setup.c:4574
+#: lib/setup.c:4756
#, c-format
msgid "Invalid device %s."
msgstr "Błędne urządzenie %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4896
msgid "Volume key buffer too small."
msgstr "Bufor klucza wolumenu zbyt mały."
-#: lib/setup.c:4698
+#: lib/setup.c:4913
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia LUKS2."
+
+#: lib/setup.c:4922
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia LUKS1."
+
+#: lib/setup.c:4932
msgid "Cannot retrieve volume key for plain device."
msgstr "Nie można odtworzyć klucza wolumenu dla zwykłego urządzenia."
-#: lib/setup.c:4715
+#: lib/setup.c:4940
msgid "Cannot retrieve root hash for verity device."
msgstr "Nie można odtworzyć hasza głównego dla urządzenia VERITY."
-#: lib/setup.c:4717
+#: lib/setup.c:4947
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia BITLK."
+
+#: lib/setup.c:4952
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Nie można odtworzyć klucza wolumenu dla urządzenia FVAULT2."
+
+#: lib/setup.c:4954
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Ta operacja nie jest obsługiwana dla urządzenia szyfrującego %s."
-#: lib/setup.c:4923
+#: lib/setup.c:5135 lib/setup.c:5146
msgid "Dump operation is not supported for this device type."
msgstr "Operacja zrzutu nie jest obsługiwana dla tego rodzaju urządzenia."
-#: lib/setup.c:5251
+#: lib/setup.c:5488
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Offset danych nie jest wielokrotnością liczby bajtów %u."
-#: lib/setup.c:5536
+#: lib/setup.c:5776
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Nie można przekonwertować urządzenia %s, które jest nadal w użyciu."
-#: lib/setup.c:5833
+#: lib/setup.c:6086 lib/setup.c:6225
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Nie udało się przypisać klucza %u jako nowego klucza wolumenu."
-#: lib/setup.c:5906
+#: lib/setup.c:6110
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Nie udało się zainicjować domyślnych parametrów klucza LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:6116
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Nie udało się przypisać klucza %d do skrótu."
-#: lib/setup.c:6043
+#: lib/setup.c:6341
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Nie można dodać klucza, wszystkie miejsca na klucze wyłączone i nie podano klucza wolumenu."
+
+#: lib/setup.c:6478
msgid "Kernel keyring is not supported by the kernel."
msgstr "Pęk kluczy w jądrze nie jest obsługiwany przez jądro."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6488 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Nie udało się odczytać hasła z pęku kluczy (błąd %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6512
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Nie udało się uzyskać globalnej blokady serializacji dostępu ciężkiego pamięciowo."
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Nie można odczytać priorytetu procesu."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Nie można odblokować pamięci."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Nie udało się otworzyć pliku klucza."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Nie można odczytać pliku klucza z terminala."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "Nie udało się wykonać stat na pliku klucza."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Nie można przemieścić się do żądanego położenia pliku klucza."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:227
+#: src/utils_password.c:239
msgid "Out of memory while reading passphrase."
msgstr "Brak pamięci podczas odczytu hasła."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Błąd podczas odczytu hasła."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Na wejściu nie ma nic do odczytu."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Przekroczono maksymalny rozmiar pliku klucza."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "Nie można odczytać żądanej ilości danych."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1408
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Urządzenie %s nie istnieje lub dostęp jest zabroniony."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Urządzenie %s nie jest zgodne."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Zignorowano niewłaściwy rozmiar optimal-io dla urządzenia danych (%u bajtów)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Urządzenie %s jest zbyt małe. Wymagane przynajmniej %<PRIu64> bajtów."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Nie można użyć urządzenia %s, które jest w użyciu (już podmapowane lub zamontowane)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Nie można użyć urządzenia %s, brak uprawnień."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "Nie można uzyskać informacji o urządzeniu %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Nie można użyć urządzenia loopback w czasie działania jako nie-root."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Nie udało się podłączyć urządzenia loopback (wymagane urządzenie loop z flagą autoclear)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Żądany offset jest poza rzeczywistym rozmiarem urządzenia %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Urządzenie %s ma zerowy rozmiar."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "W trybie FIPS obsługiwana jest tylko PBKDF2."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:174
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Test wydajności PBKDF jest wyłączony, ale nie ustawiono liczby iteracji."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:193
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Niekompatybilne opcje PBKDF2 (przy użyciu algorytmu skrótu %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:213
msgid "Not compatible PBKDF options."
msgstr "Niekompatybilne opcje PBKDF."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Blokowanie nie powiodło się. Ścieżka blokady %s/%s jest nieużywalna (brak lub nie jest katalogiem)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Katalog blokujący %s/%s zostanie utworzony z domyślnymi wkompilowanymi uprawnieniami."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Blokowanie przerwane. Ścieżka blokady %s/%s jest nieużywalna (%s nie jest katalogiem)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Nie można przemieścić się we właściwe położenie urządzenia."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Błąd wymazywania urządzenia, offset %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Określenie szyfru powinno być w formacie [szyfr]-[tryb]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364
+#: lib/luks1/keymanage.c:675 lib/luks1/keymanage.c:1126
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Nie można zapisać na urządzenie %s, brak uprawnień."
msgid "Failed to access temporary keystore device."
msgstr "Nie udało się uzyskać dostępu do urządzenia do tymczasowego przechowywania kluczy."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:61
+#: lib/luks2/luks2_keyslot_luks2.c:79 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Błąd we/wy podczas szyfrowania klucza."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367
+#: lib/luks1/keymanage.c:628 lib/luks1/keymanage.c:678 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Nie można otworzyć urządzenia %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:138
msgid "IO error while decrypting keyslot."
msgstr "Błąd we/wy podczas odszyfrowywania klucza."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:129
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Urządzenie %s jest zbyt małe (LUKS1 wymaga przynajmniej %<PRIu64> bajtów)."
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:150 lib/luks1/keymanage.c:158
+#: lib/luks1/keymanage.c:170 lib/luks1/keymanage.c:181
+#: lib/luks1/keymanage.c:193
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "Numer klucza LUKS %u jest nieprawidłowy."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:265 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Żądany plik kopii zapasowej nagłówka %s już istnieje."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Nie można utworzyć pliku kopii zapasowej nagłówka %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:274 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Nie można zapisać pliku kopii zapasowej nagłówka %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Plik kopii zapasowej nie zawiera prawidłowego nagłówka LUKS."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:591
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Nie można otworzyć pliku kopii zapasowej nagłówka %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Nie można odczytać pliku kopii zapasowej nagłówka %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:337
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Offset danych lub rozmiar klucza różnią się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:345
#, c-format
msgid "Device %s %s%s"
msgstr "Urządzenie %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:346
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "nie zawiera nagłówka LUKS. Nadpisanie nagłówka może zniszczyć dane na tym urządzeniu."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:347
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "już zawiera nagłówek LUKS. Nadpisanie nagłówka zniszczy istniejące klucze."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"UWAGA: nagłówek prawdziwego urządzenia ma inny UUID niż kopia zapasowa!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:396
msgid "Non standard key size, manual repair required."
msgstr "Niestandardowy rozmiar klucza, wymagana ręczna naprawa."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:406
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Niestandardowe wyrównanie kluczy, wymagana ręczna naprawa."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:415
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Tryb szyfru poprawiony (%s -> %s)."
+
+#: lib/luks1/keymanage.c:426
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Skrót szyfru poprawiony na małe litery (%s)."
+
+#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:534
+#: lib/luks1/keymanage.c:790
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Żądany skrót LUKS %s nie jest obsługiwany."
+
+#: lib/luks1/keymanage.c:442
msgid "Repairing keyslots."
msgstr "Naprawianie kluczy."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:461
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Klucz %i: naprawiono offset (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:469
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Klucz %i: naprawiono pasy (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:478
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Klucz %i: błędna sygnatura partycji."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:483
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Klucz %i: zarodek wymazany."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:500
msgid "Writing LUKS header to disk."
msgstr "Zapis nagłówka LUKS na dysk."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:505
msgid "Repair failed."
msgstr "Naprawa nie powiodła się."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:560
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Żądany skrót LUKS %s nie jest obsługiwany."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Tryb szyfru LUKS %s jest nieprawidłowy."
+
+#: lib/luks1/keymanage.c:565
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "Skrót LUKS %s jest nieprawidłowy."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:572 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "W nagłówku LUKS nie wykryto żadnych znanych problemów."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:700
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Błąd podczas uaktualniania nagłówka LUKS na urządzeniu %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:708
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Błęd podczas ponownego odczytu nagłówka LUKS po uaktualnieniu na urządzeniu %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:784
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Offset danych dla nagłówka LUKS musi wynosić 0 lub więcej niż rozmiar nagłówka."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:795 lib/luks1/keymanage.c:864
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:514
msgid "Wrong LUKS UUID format provided."
msgstr "Podano zły format LUKS UUID."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:817
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Nie można utworzyć nagłówka LUKS: odczyt losowego zarodka nie powiódł się."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:843
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Nie można utworzyć nagłówka LUKS: uzyskanie skrótu nagłówka nie powiodło się (przy użyciu algorytmu %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:887
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Klucz numer %d jest aktywny, należy go najpierw wyczyścić."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:893
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Klucz %d zawiera zbyt mało pasów. Zmieniony nagłówek?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:1034
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Nie można otworzyć klucza (przy użyciu skrótu %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1112
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Numer klucza %d jest błędny, proszę wybrać numer od 0 do %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1130 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Nie można wymazać urządzenia %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Jądro nie obsługuje odwzorowań zgodnych z loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Błąd odczytu pliku klucza %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Przekroczono maksymalną długość hasła TCRYPT (%zu)."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Algorytm skrótu PBKDF2 %s nie jest dostępny, pominięto."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "Wymagany interfejs kryptograficzny jądra nie jest dostępny."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Proszę upewnić się, że moduł jądra algif_skcipher został załadowany."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Uaktywnianie nie jest obsługiwane dla rozmiaru sektora %d."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Jądro nie obsługuje uaktywniania dla tego starego trybu TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Włączanie szyfrowania systemu TCRYPT dla partycji %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Jądro nie obsługuje odwzorowań zgodnych z TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Ta funkcja nie jest obsługiwana bez załadowanego nagłówka TCRYPT."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:275
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany wpis metadanych typu '%u'."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:328
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Przy analizie Głównego Klucza Wolumenu napotkano błędny ciąg znaków."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:332
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwany ciąg znaków ('%s')."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:349
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Przy analizie obsługiwanego Głównego Klucza Wolumenu napotkano nieoczekiwaną wartość wpisu metadanych '%u'."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Nie udało się odczytać sygnatury BITLK z %s."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Błędna lub nieznana sygnatura urządzenia BITLK."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:451
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK w wersji 1 nie jest obecnie obsługiwany."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:457
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Błędna lub nieznana sygnatura rozruchowa urządzenia BITLK."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:469
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Nieobsługiwany rozmiar sektora %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:477
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Nie udało się odczytać nagłówka BITLK z %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:502
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Nie udało się odczytać metadanych BITLK FVE z %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:554
msgid "Unknown or unsupported encryption type."
msgstr "Nieznany lub nieobsługiwany rodzaj szyfrowania."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:587
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Nie udało się odczytać wpisów metadanych BITLK z %s."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:681
+msgid "Failed to convert BITLK volume description"
+msgstr "Nie udało się przekonwertować opisu wolumenu BITLK"
+
+#: lib/bitlk/bitlk.c:841
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Przy analizie zewnętrznego klucza napotkano nieoczekiwany wpis metadanych typu '%u'."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:860
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "GUI pliku BEK '%s' nie pasuje do GUID-a wolumenu."
+
+#: lib/bitlk/bitlk.c:864
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Przy analizie zewnętrznego klucza napotkano nieoczekiwaną wartość wpisu metadanych '%u'."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:903
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Nieobsługiwana wersja metadanych BEK %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:908
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Nieoczekiwany rozmiar metadanych BEK %<PRIu32> nie zgadza się z długością pliku BEK"
+
+#: lib/bitlk/bitlk.c:933
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Przy analizie klucza początkowego napotkano nieoczekiwany wpis metadanych."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1029
msgid "This operation is not supported."
msgstr "Ta operacja nie jest obsługiwana."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1037
msgid "Unexpected key data size."
msgstr "Nieoczekiwany rozmiar danych klucza."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1163
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "To urządzenie BITLK jest w nieobsługiwanym stanie i może być uaktywnione."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1168
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Urządzenia BITLK o typie '%s' nie mogą być uaktywnione."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1175
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Uaktywnianie częściowo odszyfrowanych urządzeń BITLK nie jest obsługiwane."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1216
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "UWAGA: rozmiar wolumenu BitLockera %<PRIu64> nie zgadza się z rozmiarem urządzenia %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1343
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Nie można uaktywnić urządzenia, brak obsługi BITLK IV w module dm-crypt jądra."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1347
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Nie można uaktywnić urządzenia, brak obsługi dyfuzora BITLK Elephant w module dm-crypt jądra."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1351
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Nie można uaktywnić urządzenia, brak obsługi dużego rozmiaru sektora w module dm-crypt jądra."
+
+#: lib/bitlk/bitlk.c:1355
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Nie można uaktywnić urządzenia, brak modułu jądra dm-zero."
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Urządzenie Verity %s nie używa nagłówka na dysku."
+msgid "Could not read %u bytes of volume header."
+msgstr "Nie można odczytać %u bajtów nagłówka wolumenu."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Urządzenie %s nie jest prawidłowym urządzeniem VERITY."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Nieobsługiwana wersja FVAULT2 %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Urządzenie Verity %s nie używa nagłówka na dysku."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Nieobsługiwana wersja VERITY %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "Uszkodzony nagłówek VERITY."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Podano zły format UUID-a VERITY na urządzeniu %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Błąd podczas uaktualniania nagłówka VERITY na urządzeniu %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Weryfikacja podpisu hasza głównego nie jest obsługiwana."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Błędów nie można naprawić z urządzeniem FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Znaleziono %u błędów możliwych do naprawienia z urządzeniem FEC."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Jądro nie obsługuje odwzorowań dm-verity."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Jądro nie obsługuje opcji podpisu dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Urządzenie VERITY wykryło uszkodzenie po uaktywnieniu."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Nie wyzerowane miejsce zapasowe na pozycji %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Przepełnienie offsetu urządzenia."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Weryfikacja nie powiodła się na pozycji %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Przepełnienie obszaru skrótu."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Weryfikacja obszaru danych nie powiodła się."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Weryfikacja głównego hasza nie powiodła się."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Błąd wejścia/wyjścia podczas tworzenia obszaru haszy."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Tworzenie obszaru haszy nie powiodło się."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "UWAGA: Jądro nie może uaktywnić urządzenia, jeśli rozmiar bloku danych przekracza rozmiar strony (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Nie udało się naprawić parzystości dla bloku %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Nie udało się zapisać parzystości dla bloku RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Dla FEC rozmiary bloków muszą się zgadzać."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Błędna liczba bajtów parzystości."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Błędna długość segmentu FEC."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Nie udało się określić rozmiaru urządzenia %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Wykryto niezgodne metadane dm-integrity jądra (wersja %u) na %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Jądro nie obsługuje odwzorowań dm-integrity."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Jądro nie obsługuje stałego wyrównania metadanych dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Jądro odmawia uaktywnienia niebezpiecznej opcji przeliczenia (p. stare opcje aktywacji, aby wymusić)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Nie udało się uzyskać blokady dla zapisu na urządzeniu %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Wykryto próbę jednoczesnego uaktualnienia metadanych LUKS2. Przerywanie operacji."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Urządzenie zawiera niejednoznaczne sygnatury, nie można automatycznie odtworzyć LUKS2.\n"
"W celu odtworzenia należy uruchomić \"cryptsetup repair\"."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Żądany offset danych jest zbyt mały."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "UWAGA: obszar kluczy (%<PRIu64> bajtów) bardzo mały, dostępna liczba kluczy LUKS2 jest bardzo ograniczona.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:93
+#: lib/luks2/luks2_keyslot_luks2.c:115
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Nie udało się uzyskać blokady do odczytu na urządzeniu %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Wykryto zabronione wymagania LUKS2 w kopii zapasowej %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Offset danych różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Nagłówek binarny z rozmiarem obszarów kluczy różni się między urządzeniem a kopią zapasową; przywrócenie nie powiodło się."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Urządzenie %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "nie zawiera nagłówka LUKS2. Nadpisanie nagłówka może zniszczyć dane na tym urządzeniu."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "już zawiera nagłówek LUKS2. Nadpisanie nagłówka zniszczy istniejące klucze."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"UWAGA: wykryto nieznane wymagania LUKS2 w nagłówku prawdziwego urządzenia!\n"
"Nadpisanie nagłówka kopią zapasową może uszkodzić dane na tym urządzeniu!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"UWAGA: wykryto nie zakończone ponowne szyfrowanie offline na urządzeniu!\n"
"Nadpisanie nagłówka kopią zapasową może uszkodzić dane."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Zignorowano nieznaną flagę %s."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Brak klucza dla segmentu dm-crypt %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Nie udało się ustawić segmentu dm-crypt."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Nie udało się ustawić segmentu dm-linear."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Nieobsługiwana konfiguracja integralności urządzenia."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Podobne szyfrowanie trwa. Nie można dezaktywować urządzenia."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Nie udało się zastąpić wstrzymanego urządzenia %s celem dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Nie udało się odczytać wymagań LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Wykryto nie spełnione wymagania LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania starym szyfrem. Przerwano."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Operacja niezgodna z urządzeniem oznaczonym do ponownego szyfrowania LUKS2. Przerwano."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Za mało dostępnej pamięci, aby otworzyć klucz."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Nie udało się otworzyć klucza."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:54 lib/luks2/luks2_keyslot_luks2.c:109
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Nie można użyć szyfru %s-%s do szyfrowania kluczy."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:281 lib/luks2/luks2_keyslot_luks2.c:390
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Algorytm skrótu %s nie jest dostępny."
+
+#: lib/luks2/luks2_keyslot_luks2.c:506
msgid "No space for new keyslot."
msgstr "Brak miejsca na nowy klucz."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Błędne żądanie zmiany trybu odporności przy ponownym szyfrowaniu."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Nie można uaktualnić rodzaju odporności. Nowy typ zapewnia %<PRIu64> B, wymagane miejsce to %<PRIu64> B."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Nie udało się odświeżyć skrótu weryfikacji ponownego szyfrowania."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Nie można sprawdzić stanu urządzenia mającego UUID: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Nie można przekonwertować nagłówka z dodatkowymi metadanymi LUKSMETA."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Nie można użyć określenia szyfru %s-%s dla LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Nie można przenieść obszaru kluczy. Brak miejsca."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Nie można przekonwertować do formatu LUKS1 - błędne metadane."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Nie można przenieść obszaru kluczy. Obszar kluczy LUKS2 zbyt mały."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Nie można przenieść obszaru kluczy."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Nie można przekonwertować do formatu LUKS1 - domyślny rozmiar sektora szyfrowania segmentu nie wynosi 512 bajtów."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Nie można przekonwertować formatu LUKS1 - skróty kluczy nie są zgodne z LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Nie można przekonwertować formatu LUKS1 - urządzenie używa szyfru %s z obudowanym kluczem."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Nie można przekonwertować formatu LUKS1 - urządzenie używa większej liczby segmentów."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Nie można przekonwertować do formatu LUKS1 - nagłówek LUKS2 zawiera %u token(ów)."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u jest w błędnym stanie."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u (powyzej maksimum) jest nadal aktywny."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Nie można przekonwertować do formatu LUKS1 - klucz %u nie jest zgodny z LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Rozmiar strefy hotzone musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Rozmiar urządzenia musi być wielokrotnością wyliczonego wyrównania strefy (bajtów: %zu)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Nieobsługiwany tryb odporności %s"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Nie udało się zainicjować obudowania przestrzeni starego segmentu."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Nie udało się zainicjować obudowania przestrzeni nowego segmentu."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Nie udało się zainicjować ochrony strefy hotzone."
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Nie udało się odczytać sum kontrolnych dla aktualnej strefy hotzone."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Nie udało się odczytać obszaru hotzone zaczynającego się od %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Nie udało się odszyfrować sektora %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Nie udało się odtworzyć sektora %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Rozmiary urządzenia źródłowego i docelowego różnią się. Źródłowe %<PRIu64>, docelowe: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Nie udało się uaktywnić urządzenia hotzone %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Nie udało się uaktywnić urządzenia nakładkowego %s z aktualną tablicą źródła."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Nie udało się załadować nowego odwzorowania dla urządzenia %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Nie udało się odświeżyć stosu urządzenia ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Nie udało się ustawić nowego rozmiaru obszaru kluczy."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Wartość przesunięcia danych nie jest wyrównana do rozmiaru sektora szyfrowania (%<PRIu32> B)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Nieobsługiwany tryb odporności %s"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Rozmiar przenoszonego segmentu nie może być większy niż wartość przesunięcia danych."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Błędne parametry odporności przy ponownym szyfrowaniu."
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Przesunięcie danych nie jest wyrównane do żądanego rozmiaru sektora szyfrowania (bajtów: %<PRIu32>)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Przenoszony segment zbyt duży. Żądany rozmiar %<PRIu64>, dostępne miejsce: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Nie udało się wyczyścić tablicy."
+
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Zmniejszony rozmiar danych jest większy niż rzeczywisty rozmiar urządzenia."
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Urzędzenie danych nie jest wyrównane do żądanego rozmiaru sektora szyfrowania (bajtów: %<PRIu32>)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Urzędzenie danych nie jest wyrównane do rozmiaru sektora szyfrowania (%<PRIu32> B)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Przesunięcie danych (sektorów: %<PRIu64>) jest mniejsze niż przyszły offset danych (sektorów: %<PRIu64>)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Nie udało się otworzyć %s w trybie wyłączności (już odwzorowano lub zamontowano)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Urządzenie nie jest oznaczone do ponownego szyfrowania LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Nie udało się załadować kontekstu ponownego szyfrowania LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Nie udało się pobrać stanu ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Urządzenie nie jest w trakcie ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Proces ponownego szyfrowania już trwa."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Nie udało się uzyskać blokady dla ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Nie można kontynuować ponownego szyfrowania. Należy najpierw uruchomić odtworzenie ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "Rozmiar urządzenia aktywnego oraz żądany rozmiar ponownego szyfrowania różnią się."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "W parametrach ponownego szyfrowania zażądano niedozwolonego rozmiaru urządzenia."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Ponowne szyfrowanie trwa. Nie można wykonać odzyskiwania."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane w metadanych."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Nie udało się zainicjować ponownego szyfrowania LUKS2 w metadanych."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Nie udało się ustawić segmentów urządzeń dla następnej strefy hotzone ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Nie udało się zapisać metadanych odporności ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Odszyfrowanie nie powiodło się."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Nie udało się zapisać obszaru hotzone zaczynającego się od %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Nie udało się zsynchronizować danych."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Nie udało się uaktualnić metadanych po zakończeniu aktualnej strefy hotzone ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Nie udało się zapisać metadanych LUKS2."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Nie udało wymazać danych segmentu zapasowego."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Nie udało się wymazać nie używanego obszaru urządzenia danych."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Nie udało się przypisać tokenu %d do klucza %d."
+msgstr "Nie udało się usunąć nie używanego (nie przypisanego) obszaru klucza %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Nie udało się uzyskać blokady ponownego szyfrowania."
+msgstr "Nie udało się usunąć obszaru klucza ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Błąd krytyczny podczas ponownego szyfrowania fragmentu zaczynającego się od %<PRIu64> o długości w sektorach %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Ponowne szyfrowanie online nie powiodło się."
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Proszę nie wznawiać urządzenia dopóki nie zostanie zastąpione celem błędnym ręcznie."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Nie można kontynuować ponownego szyfrowania. Nieoczekiwany stan ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Brak lub błędny kontekst ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Nie udało się zainicjować stosu urządzenia ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Nie udało się uaktualnić kontekstu ponownego szyfrowania."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "Numer klucza %d jest nieprawidłowy."
+msgstr "Metadane ponownego szyfrowania są błędne."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Brak wolnego miejsca na token."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Parametry szyfrowania kluczy mogą być ustawione tylko dla urządzeń LUKS2."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Nie udało się utworzyć wbudowanego tokenu %s."
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Nie można wykonać weryfikacji hasła, jeśli wejściem nie jest terminal."
+msgid "Enter token PIN: "
+msgstr "Proszę wprowadzić PIN: "
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Parametry szyfrowania kluczy mogą być ustawione tylko dla urządzeń LUKS2."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Proszę wprowadzić PIN tokenu %d: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1097 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Nie wykryto znanego wzorca określającego szyfr."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "UWAGA: Parametr --hash jest ignorowany w trybie zwykłym z podanym plikiem klucza.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "UWAGA: Opcja --keyfile-size jest ignorowana, rozmiar odczytu jest taki sam, jak rozmiar klucza szyfrującego.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Wykryto sygnatury urządzeń na %s. Dalsze operacje mogą uszkodzić istniejące dane."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:724
msgid "Operation aborted.\n"
msgstr "Operacja przerwana.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Wymagana jest opcja --key-file."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Proszę wprowadzić PIM VeraCrypt: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Błędna wartość PIM: błąd składni."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Błędna wartość PIM: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Błędna wartość PIM: poza zakresem."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Nie wykryto nagłówka urządzenia z tym hasłem."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Urządzenie %s nie jest prawidłowym urządzeniem BITLK."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Nie można określić rozmiaru klucza wolumenu dla BITLK, proszę użyć opcji --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n"
"w bezpiecznym miejscu."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Zrzut nagłówka z kluczem wolumenu jest informacją wrażliwą,\n"
+"pozwalającą na dostęp do zaszyfrowanej partycji bez hasła.\n"
+"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n"
+"w bezpiecznym miejscu."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Urządzenie %s nie jest prawidłowym urządzeniem FVAULT2."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Nie można określić rozmiaru klucza wolumenu dla FVAULT2, proszę użyć opcji --key-size."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Urządzenie %s jest nadal aktywne i zaplanowane do odroczonego usunięcia.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Zmiana rozmiaru aktywnego urządzenia wymaga klucza wolumenu w pęku, ale ustawiono opcję --disable-keyring."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Test szybkości przerwany."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/D\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iteracji/sekundę dla klucza %zu-bitowego\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/D\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iteracji, pamięć: %5u, równoległe wątki (CPU): %1u dla klucza %zu-bitowego (żądany czas %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Wynik testu wydajności nie jest wiarygodny."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Testy są przybliżone tylko z użyciem pamięci (bez we/wy na dysk).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Szyfr %s (rozmiar klucza w bitach: %i) nie jest dostępny."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algorytm | Klucz | Szyfrowanie | Odszyfrowywanie\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "N/D"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Wybryto nie zabezpieczone metadane ponownego szyfrowania LUKS2. Proszę sprawdzić, czy operacja ponownego szyfrowania jest pożądana (p. wyjście luksDump)\n"
+"i kontynuować (uaktualnić metadane) tylko jeśli ta operacja ma być faktycznie wykonana."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Hasło do odtwarzania ponownego szyfrowania: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Hasło do zabezpieczenia i uaktualnienia metadanych ponownego szyfrowania: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Naprawdę kontynuować odtwarzanie ponownego szyfrowania LUKS2?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Hasło do odtwarzania ponownego szyfrowania: "
+msgstr "Hasło do weryfikacji skrótu metadanych ponownego szyfrowania: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "Hasło do odtwarzania ponownego szyfrowania: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Naprawdę próbować naprawić nagłówek urządzenia LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Wymazywanie przerwane."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Czyszczenie urządzenia w celu zainicjowania sumy kontrolnej integralności.\n"
"Można przerwać ten proces wciskając Ctrl+C (reszta nie wymazanego urządzenia będzie zawierać błędną sumę kontrolną).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Nie można dezaktywować urządzenia tymczasowego %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Opcja integralności może być używana tylko dla formatu LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Nieobsługiwane opcje rozmiaru metadanych LUKS2."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Plik nagłówka nie istnieje, czy utworzyć go?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Nie można utworzyć pliku nagłówka %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Nie wykryto znanego wzorca określającego integralność."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Nie można użyć %s jako nagłówka na dysku."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "To nieodwołalnie nadpisze dane na %s."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Nie udało się ustawić parametrów PBKDF."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Offset zmniejszonych danych jest dozwolony tylko dla odłączonego nagłówka LUKS."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Kontener plikowy LUKS %s jest zbyt mały do uaktywnienia, nie ma miejsca pozostałego na dane."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Nie można określić rozmiaru klucza wolumenu dla LUKS bez kluczy, proszę użyć opcji --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Urządzenie uaktywnione, ale nie można uczynić flag trwałymi."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Klucz %d jest wybrany do usunięcia."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "To jest ostatni klucz. Urządzenie stanie się bezużyteczne po usunięciu tego klucza."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Dowolne pozostałe hasło: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operacja przerwana, klucz NIE został wymazany.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Hasło do usunięcia: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Urządzenie %s nie jest prawidłowym urządzeniem LUKS2."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Nowe hasło dla klucza: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "UWAGA: Parametr --key-slot jest używany do numeru nowego klucza.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Dowolne istniejące hasło: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Hasło, które ma być zmienione: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Nowe hasło: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Hasło dla klucza do konwersji: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "Dla operacji isLuks obsługiwany jest tylko jeden argument będący urządzeniem."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Zrzut nagłówka z kluczem wolumenu jest informacją wrażliwą,\n"
-"pozwalającą na dostęp do zaszyfrowanej partycji bez hasła.\n"
-"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n"
-"w bezpiecznym miejscu."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Miejsce %d nie zawiera niepowiązanego klucza."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Zrzut ten powinien być zawsze zapisywany w postaci zaszyfrowanej\n"
"w bezpiecznym miejscu."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s nie jest nazwą aktywnego urządzenia %s."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s nie jest nazwą aktywnego urządzenia LUKS lub brak nagłówka."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "Wymagana jest opcja --header-backup-file."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s nie jest urządzeniem zarządzanym przez cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Odświeżanie nie jest obsługiwane dla typu urządzenia %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Nie rozpoznany typ urządzenia metadanych %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "Polecenie wymaga urządzenia i nazwy odwzorowywanej jako argumentów."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Ta operacja usunię wszystkie klucze na urządzeniu %s.\n"
"Urządzenie po tej operacji stanie się bezużyteczne."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operacja przerwana, klucze NIE zostały wymazane.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Błędny typ LUKS, obsługiwane są tylko luks1 i luks2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Urządzenie już ma typ %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Ta operacja przekonwertuje %s do formatu %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operacja przerwana, urządzenie NIE zostało skonwertowane.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Brak opcji --priority, --label lub --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "Token %d jest błędny."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "Token %d jest w użyciu."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Nie udało się dodać tokenu %d do pęku kluczy luks2."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Nie udało się przypisać tokenu %d do klucza %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "Token %d nie jest w użyciu."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "Nie udało się zaimportować tokenu z pliku."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "Nie udało się pobrać tokenu %d do eksportu."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Parametr --key-description jest wymagany do akcji dodania tokenu."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Akcja wymaga określonego tokenu. Należy użyć parametru --token-id."
-
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "Błędna operacja na tokenie %s."
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Token %d nie jest przypisany do klucza %d."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Wykryto aktywne urządzenie dm '%s' dla urządzenia danych %s.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Nie udało się usunąć przypisania tokenu %d do klucza %d."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Urządzenie %s nie jest urządzeniem blokowym.\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup są obsługiwane tylko dla urządzeń TCRYPT."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Nie udało się wykryć właścicieli urządzenia %s."
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Opcje --veracrypt i --disable-veracrypt są obsługiwane tylko dla typu urządzeń TCRYPT."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Nie udało się zdecydować, czy urządzenie %s jest uaktywnione, czy nie.\n"
-"Czy na pewno kontynuować ponowne szyfrowanie w trybie offline?\n"
-"Może to prowadzić do uszkodzenia danych, jeśli urządzenie jest aktywne.\n"
-"Aby uruchomić ponowne szyfrowanie w trybie online, należy użyć parametru\n"
-"--active-name.\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Opcja --veracrypt-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Błędny typ urządzenia LUKS."
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Opcja --veracrypt-query-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "Szyfrowanie bez odłączonego nagłówka (--header) jest niemożliwe bez ograniczenia rozmiaru urządzenia danych (--reduce-device-size)."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Opcje --veracrypt-pim i --veracrypt-query-pim wykluczają się wzajemnie."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Żądany offset danych musi być mniejszy lub równy połowie parametru --reduce-device-size."
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Opcja --persistent nie jest dozwolona z --test-passphrase."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Modyfikowanie wartości --reduce-device-size do dwukrotności parametru --offset %<PRIu64> (w sektorach).\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Opcje --refresh i --test-passphrase wykluczają się wzajemnie."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Szyfrowanie jest obsługiwane tylko w formacie LUKS2."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykłego urządzenia."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Wykrytu urządzenie LUKS na %s. Czy zaszyfrować to urządzenie LUKS jeszcze raz?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Opcja --skip jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Plik nagłówka %s już istnieje. Przerwano."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Opcja --offset z akcją open jest obsługiwana tylko dla urządzeń plain i loopaes."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Nie można utworzyć pliku tymczasowego nagłówka %s."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Opcji --tcrypt-hidden nie można łączyć z --allow-discards."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s jest teraz aktywne i gotowe do szyfrowania w locie.\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Opcja rozmiaru sektora z akcją open jest obsługiwana tylko dla urządzeń plain."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "Odszyfrowanie LUKS2 jest obsługiwane tylko z urządzeniem z odłączonym nagłówkiem."
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Opcja dużych rozmiarów sektorów IV jest obsługiwana tylko przy otwieraniu urządzeń typu plain z sektorem większym niż 512 bajtów."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Za mało wolnych kluczy do ponownego szyfrowania."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS, TRCYPT, BITLK i FVAULT2."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Rozmiaru klucza można użyć tylko z --key-slot albo przy dokładnie jednym aktywnym kluczu."
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Opcji --device-size i --size nie można łączyć."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Hasło dla klucza %d: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Opcja --unbound jest dozwolona tylko dla operacji otwarcia urządzenia LUKS."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Hasło dla klucza %u: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Opcja --unbound nie może być użyta bez --test-passphrase."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Zmiana szyfru do szyfrowania danych na %s.\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Opcje --cancel-deferred i --deferred nie mogą być użyte naraz."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Polecenie wymaga urządzenia jako argumentu."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Opcji --reduce-device-size i --data-size nie można łączyć."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Obecnie obsługiwany jest tylko format LUKS2. Dla LUKS1 proszę użyć narzędzia cryptsetup-reencrypt."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Opcja --active-name może być ustawiona tylko dla urządzenia LUKS2."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Tradycyjne ponowne szyfrowanie offline juz trwa. Proszę użyć narzędzia cryptsetup-reencrypt."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Opcji --active-name i --force-offline-reencrypt nie można łączyć."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Ponowne szyfrowanie urządzenia z profilem integralności nie jest obsługiwane."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "Wymagane jest określenie klucza."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane. Przerywanie operacji."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Opcji --align-payload i --offset nie można łączyć."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "Urządzenie LUKS2 nie jest w trakcie ponownego szyfrowania."
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Opcja --integrity-no-wipe może być użyta tylko do akcji formatowania z rozszerzeniem integralności."
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<uządzenie> [--type <typ>] [<nazwa>]"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Dozwolona jest tylko jedna z opcji --use-[u]random."
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "otwarcie urządzenia jako <nazwa>"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "Przy opcji --unbound wymagany jest rozmiar klucza."
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Błędna akcja token."
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Parametr --key-description jest wymagany do akcji dodania tokenu."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Akcja wymaga określonego tokenu. Należy użyć parametru --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Opcja --unbound jest dozwolona tylko dla operacji dodania tokenu."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Opcji --key-slot i --unbound nie można łączyć."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Akcja wymaga określonego klucza. Należy użyć parametru --key-slot."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<uządzenie> [--type <typ>] [<nazwa>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "otwarcie urządzenia jako <nazwa>"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
msgstr "<nazwa>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "zamknięcie urządzenia (usunięcie odwzorowania)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr "zmiana rozmiaru aktywnego urządzenia"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "pokazanie stanu urządzenia"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <szyfr>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "test szybkości szyfru"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<urządzenie>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "próba naprawy metadanych na dysku"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "ponowne szyfrowanie urządzenia LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "usunięcie wszystkich kluczy (usunięcie klucza szyfrującego)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "przekonwertowanie formatu LUKS z/do LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "ustawienie opcji trwałej konfiguracji dla LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<urządzenie> [<nowy plik klucza>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "sformatowanie urządzenia LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "dodanie klucza do urządzenia LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<urządzenie> [<plik klucza>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "usunięcie podanego klucza lub pliku klucza z urządzenia LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "zmiana podanego klucza lub pliku klucza urządzenia LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "konwersja klucza na nowe parametry pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<urządzenie> <numer klucza>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "wymazanie klucza o numerze <numer klucza> z urządzenia LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "wypisanie UUID-a urządzenia LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "sprawdzenie <urządzenia> pod kątem nagłówka partycji LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "zrzut informacji o partycji LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "zrzut informacji o urządzeniu TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "zrzut informacji o urządzeniu BITLK"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "zrzut informacji o urządzeniu FVAULT2"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Wstrzymanie urządzenia LUKS i wymazanie klucza (zamraża wszystkie operacje we/wy)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "Wznowienie zatrzymanego urządzenia LUKS"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Kopia zapasowa nagłówka i kluczy urządzenia LUKS"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Odtworzenie nagłówka i kluczy urządzenia LUKS z kopii zapasowej"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <urządzenie>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "Operacja na tokenach LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<akcja> to jedno z:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Można także używać starych aliasów składni <akcja>:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<numer klucza> to numer klucza LUKS do zmiany\n"
"<plik klucza> to opcjonalny plik nowego klucza dla akcji luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Domyślny wkompilowany format metadanych to %s (dla akcji luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Obsługa zewnętrznych wtyczek tokenów LUKS2 jest %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "wkompilowana"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Ścieżka zewnętrznych wtyczek tokenów LUKS2: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "wyłączona"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"Domyślny PBKDF dla LUKS2: %s\n"
"\tCzas iteracji: %d, wymagana pamięć: %dkB, liczba wątków: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, bitów klucza: %d, skrót hasła: %s\n"
"\tLUKS: %s, bitów klucza: %d, skrót nagłówka LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: Domyślny rozmiar klucza z trybem XTS (dwa klucze wewnętrzne) będzie podwojony.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: wymaga %s jako argumentów"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Numer klucza jest nieprawidłowy."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Rozmiar urządzenia musi być wielokrotnością 512-bajtowego sektora."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Błędne określenie maksymalnego rozmiaru strefy hotzone ponownego szyfrowania."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Rozmiar klucza musi być wielokrotnością 8 bitów"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 1GiB."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Rozmiar ograniczenia musi być wielokrotnością 512-bajtowego sektora."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Opcja --priority może mieć wartości tylko ignore/normal/prefer."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Wyświetlenie tego opisu"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Wyświetlenie krótkiej informacji o składni"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Wypisanie wersji pakietu"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Opcje pomocnicze:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Wyświetlanie bardziej szczegółowych komunikatów błędów"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Wyświetlanie informacji diagnostycznych"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Wyświetlanie informacji diagnostycznych wraz z metadanymi JSON"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Szyfr używany do zaszyfrowania dysku (p. /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Skrót używany do utworzenia klucza szyfrującego z hasła"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Sprawdzenie poprawności hasła poprzez dwukrotne pytanie"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Odczyt klucza z pliku"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Odczyt klucza wolumenu (klucza głównego) z pliku."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Zrzut (głównego) klucza wolumenu zamiast informacji o kluczach"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Rozmiar klucza szyfrującego"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITÓW"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Ograniczenie odczytu z pliku klucza"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "bajty"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Liczba bajtów do pominięcia w pliku klucza"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Ograniczenie odczytu z nowo dodanego pliku klucza"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Liczba bajtów do pominięcia w nowo dodanym kluczu"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Numer dla nowego klucza (domyślny: pierwszy wolny)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Rozmiar urządzenia"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTORÓW"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Użycie tylko określonego rozmiaru urządzenia (zignorowanie pozostałej części). NIEBEZPIECZNE!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Offset początku na urządzeniu przechowującym"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Liczba sektorów zaszyfrowanych danych do pominięcia"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Utworzenie odwzorowania tylko do odczytu"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Bez pytań o potwierdzenie"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Limit czasu przy interaktywnym pytaniu o hasło (w sekundach)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "s"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Uaktualnianie wiersza postępu (w sekundach)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Jak często można powtarzać próby wprowadzenia hasła"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Wyrównanie danych do granicy <n> sektorów - dla luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Plik z kopią zapasową nagłówka LUKS i kluczy"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Użycie /dev/random do wygenerowania klucza wolumenu"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Użycie /dev/urandom do wygenerowania klucza wolumenu"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Współdzielenie urządzenia z innym, nie zachodzącym segmentem szyfrowanym"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID dla urządzenia, które ma być użyte"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Zezwolenie na żądania porzucenia (TRIM) dla urządzenia"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Urządzenie lub plik z osobnym nagłówkiem LUKS"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Sprawdzenie hasła bez uaktywniania urządzenia"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Użycie nagłówka ukrytego (ukrytego urządzenia TCRYPT)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Urządzenie jest napędem systemowym TCRYPT (z bootloaderem)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Użycie zapasowego (drugiego) nagłówka TCRYPT"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Wyszukiwanie także urządzeń zgodnych z VeraCryptem"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "PIM (osobisty mnożnik iteracji) dla urządzenia zgodnego z VeraCryptem"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Odpytanie PIM (osobistego mnożnika iteracji) pod kątem urządzenia zgodnego z VeraCryptem"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Typ metadanych urządzenia: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Wyłączenie sprawdzania jakości hasła (jeśli włączone)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Użycie opcji zgodności wydajności dm-crypta same_cpu_crypt"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Użycie opcji zgodności wydajności dm-crypta submit_from_crypt_cpus"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Pominięcie kolejki zadań dm-crypt i przetwarzanie żądań odczytu synchronicznie"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Pominięcie kolejki zadań dm-crypt i przetwarzanie żądań zapisu synchronicznie"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Usunięcie urządzenia jest odroczone do czasu zamknięcia przez ostatniego użytkownika"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Użycie globalnej blokady do serializacji ciężkich pamięciowo PBKDF (obejście OOM)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Czas iteracji PBKDF dla LUKS (w milisekundach)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ms"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Algorytm PBKDF (dla LUKS2): argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Limit kosztu pamięciowego PBKDF"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "kilobajty"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Koszt zrównoleglenia PBKDF"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "wątki"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Koszt iteracji PBKDF (wymuszony, wyłącza test wydajności)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Priorytet klucza: ignore, normal, prefer"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Wyłączenie blokowania metadanych na dysku"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Wyłączenie ładowania kluczy wolumenu przez pęk kluczy w jądrze"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Algorytm integralności danych (tylko LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Wyłączenie kroniki dla urządzenia integralności"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Bez wymazania urządzenia po formatowaniu"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Użycie niewydajnego starego wyrównania (stare jądra)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Bez pytania o hasło, jeśli uaktywnienie przy użyciu tokenu się nie powiedzie"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Numer tokenu (domyślnie: dowolny)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Opis klucza"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Rozmiar sektora szyfrowania (domyślnie: 512 bajtów)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Użycie IV liczonego w rozmiarze sektora (nie w 512 bajtach)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Trwałe ustawienie flag uaktywniania dla urządzenia"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Ustawienie etykiety dla urządzenia LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Ustawienie etykiety podsystemu dla urządzenia LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Utworzenie niepowiązanego (bez przypisanego segmentu danych) klucza LUKS2"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Odczyt lub zapis danych JSON z/do pliku"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Rozmiar obszaru metadanych nagłówka LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Rozmiar obszaru kluczy nagłówka LUKS2"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Odświeżenie (ponowne uaktywnienie) urządzenia z nowymi parametrami"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Klucz LUKS2: rozmiar klucza szyfrującego"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Klucz LUKS2: szyfr używany do szyfrowania kluczy"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Szyfrowanie urządzenia LUKS2 (w miejscu)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Odszyfrowanie urządzenia LUKS2 (usunięcie szyfrowania)."
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Zainicjowanie ponownego szyfrowania LUKS2 wyłącznie w metadanych."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Wyłącznie wznowienie zainicjowanego ponownego szyfrowania LUKS2."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Ograniczenie rozmiaru urządzenia danych (przesunięcie położenia danych). NIEBEZPIECZNE!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Maksymalny rozmiar strefy hotzone ponownego szyfrowania."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Typ odporności strefy hotzone ponownego szyfrowania (checksum, journal, none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Skrót sum kontrolknych strefy hotzone ponownego szyfrowania"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Nadpisanie wykrytego urządzenia dla urządzenia dm do ponownego szyfrowania"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPCJA...] <akcja> <parametry-akcji>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Brak argumentu <akcja>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Nieznana akcja."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Opcje --refresh i --test-passphrase wykluczają się wzajemnie."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Opcja --deferred jest dozwolona tylko dla operacji zamknięcia."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Opcja --shared jest dozwolona tylko dla operacji otwarcia zwykłego urządzenia."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Opcja --allow-discards jest dozwolona tylko dla operacji otwarcia."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Opcja --persistent jest dozwolona tylko dla operacji otwarcia."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Opcja --serialize-memory-hard-pbkdf jest dozwolona tylko dla operacji otwarcia."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Opcja --persistent nie jest dozwolona z --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Opcja --key-size jest dozwolona tylko dla operacji luksFormat, luksAddKey,\n"
-"open i benchmark. Aby ograniczyć odczyt z pliku klucza, należy użyć\n"
-"--keyfile-size=(bajty)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Opcja --integrity jest dozwolona tylko dla operacji luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Opcja --integrity-no-wipe może być użyta tylko do akcji formatowania z rozszerzeniem integralności."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Opcje --label i --subsystem są dozwolone tylko dla operacji LUKS2 luksFormat i config."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Opcja --test-passphrase jest dozwolona tylko przy otwieraniu urządzeń LUKS, TRCYPT i BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Rozmiar klucza musi być wielokrotnością 8 bitów"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Numer klucza jest nieprawidłowy."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Opcja --key-file ma priorytet nad podanym argumentem pliku klucza."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Liczba ujemna nie jest dozwolona dla tej opcji."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Dozwolony jest tylko jeden argument --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Dozwolona jest tylko jedna z opcji --use-[u]random."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Opcja --use-[u]random jest dozwolona tylko dla operacji luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Opcja --uuid jest dozwolona tylko dla operacji luksFormat i luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Opcja --align-payload jest dozwolona tylko dla operacji luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Opcje --luks2-metadata-size i --opt-luks2-keyslots-size są dozwolone tylko dla operacji luksFormat z LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Błędne określenie rozmiaru metadanych LUKS2."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Błędne określenie rozmiaru kluczy LUKS2."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Opcji --align-payload i --offset nie można łączyć."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Opcja --skip jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Opcja --offset jest obsługiwana tylko przy otwieraniu urządzeń plain i loopaes oraz dla operacji luksFormat i ponownego szyfrowania."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Opcje --tcrypt-hidden, --tcrypt-system i --tcrypt-backup są obsługiwane tylko dla urządzeń TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Opcji --tcrypt-hidden nie można łączyć z --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Opcja --veracrypt jest obsługiwana tylko dla typu urządzeń TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Podano błędny argument dla parametru --veracrypt-pim."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Opcja --veracrypt-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Opcja --veracrypt-query-pim jest obsługiwana tylko dla urządzeń zgodnych z VeraCryptem."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Opcje --veracrypt-pim i --veracrypt-query-pim wykluczają się wzajemnie."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Opcja --priority może mieć wartości tylko ignore/normal/prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Wymagane jest określenie klucza."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "Funkcja pochodna klucza oparta na haśle (PBKDF) może być tylko pbkdf2 lub argon2i/argon2id."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Wymuszonych iteracji PBKDF nie można łączyć z opcją czasu iteracji."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Opcja rozmiaru sektora nie jest obsługiwana dla tego polecenia."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Opcja dużych rozmiarów sektorów IV jest obsługiwana tylko przy otwieraniu urządzeń typu plain z sektorem większym niż 512 bajtów."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Przy opcji --unbound wymagany jest rozmiar klucza."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Opcja --unbound może być użyta tylko z akcjami luksAddKey i luksDump."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Opcje --keyslot-cipher i --keyslot-key-size muszą być użyte łącznie."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Opcja --refresh może być użyta tylko dla akcji otwierania."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Nie wykonano akcji. Wywołano z opcją --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Nie można wyłączyć blokowania metadanych."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Błędne określenie maksymalnego rozmiaru strefy hotzone ponownego szyfrowania."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Błędne określenie rozmiaru urządzenia."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 1GiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Rozmiar ograniczenia musi być wielokrotnością 512-bajtowego sektora."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Błędne określenie rozmiaru danych."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Zmniejszenie przepełnienia rozmiaru."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "Odszyfrowanie LUKS2 wymaga opcji --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Rozmiar urządzenia musi być wielokrotnością 512-bajtowego sektora."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Opcji --reduce-device-size i --data-size nie można łączyć."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Opcji --device-size i --size nie można łączyć."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Opcje --keyslot-cipher i --keyslot-key-size muszą być użyte łącznie."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Podano błędny łańcuch zarodka."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Nie można utworzyć obrazu hasza %s do zapisu."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Nie można utworzyć obrazu FEC %s do zapisu."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Nie można utworzyć pliku głównego hasza %s do zapisu."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Nie można zapisać pliku głównego hasza %s."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Urządzenie %s nie jest prawidłowym urządzeniem VERITY."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Nie można odczytać pliku głównego hasza %s."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Błędny plik głównego hasza %s."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Podano błędny łańcuch głównego hasza."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Błędny plik podpisu %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Nie można odczytać pliku klucza %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Polecenie wymaga <głównego_hasza> lub opcji --root-hash-file jako argumentu."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<urządzenie_danych> <urządzenie_haszy>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "sformatowanie urządzenia"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<urządzenie_danych> <urządzenie_haszy> <główny_hasz>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<urządzenie_danych> <urządzenie_haszy> [<główny_hasz>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "weryfikacja urządzenia"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<urządzenie_danych> <nazwa> <urządzenie_haszy> <główny_hasz>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<urządzenie_danych> <nazwa> <urządzenie_haszy> [<główny_hasz>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "pokazanie stanu aktywnego urządzenia"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<urządzenie_haszy>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "wyświetlenie informacji z dysku"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<urządzenie_haszy> to urządzenie zawierające dane weryfikacyjne\n"
"<główny_hasz> to hasz głównego węzła na <urządzeniu_haszy>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Domyślnie wkompilowane parametry dm-verity:\n"
"\tHasz: %s, blok danych (bajtów): %u, blok haszy (bajtów): %u, rozmiar zarodka: %u, format haszy: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Nieużywanie superbloku VERITY"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz."
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Typ formatu (1 - normalny, 0 - oryginalny Chrome OS)"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Opcji --panic-on-corruption oraz --restart-on-corruption nie można użyć naraz."
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "liczba"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Ta operacja nieodwracalnie nadpisze dane na %s i %s.\n"
+"Aby zachować urządzenie danych, można użyć opcji --no-wipe (a następnie uaktywnić z --integrity-recalculate)."
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Rozmiar bloku na urządzeniu z danymi"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Sformatowano z rozmiarem znacznika %u, wewnętrzna integralność %s.\n"
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Rozmiar bloku na urządzeniu z haszami"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Ustawianie flagi recalculate nie jest obsługiwane, zamiast tego można rozważyć użycie --wipe."
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "bajty parzystości FEC"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Urządzenie %s nie jest prawidłowym urządzeniem INTEGRITY."
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Liczba bloków w pliku danych"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<urządzenie_integralności>"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "bloki"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<urządzenie_integralności> <nazwa>"
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Ścieżka do urządzenia z danymi korekcji błędów"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<nazwa> to urządzenie do utworzenia pod %s\n"
+"<urządzenie_integralności> to urządzenie zawierające dane ze znacznikami integralności\n"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "ścieżka"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Domyślnie wkompilowane parametry dm-integrity:\n"
+"\tAlgorytm sumy kontrolnej: %s\n"
+"\tMaksymalny rozmiar pliku klucza: %dkB\n"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Offset początku na urządzeniu z haszami"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Błędny rozmiar --%s. Maksimum w bajtach to %u."
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Offset początku na urządzeniu FEC"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Muszą być podane obie opcje: pliku klucza i rozmiaru klucza."
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Algorytm skrótu"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Muszą być podane obie opcje: pliku klucza integralności i rozmiaru klucza."
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "łańcuch"
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Algorytm integralności kroniki musi być podany, jeśli używany jest klucz integralności kroniki."
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Zarodek"
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Muszą być podane obie opcje: pliku szyfrowania kroniki i rozmiaru klucza."
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "Łańcuch szesnastkowy"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Algorytm szyfrowania kroniki musi być podany, jeśli używany jest klucz szyfrowania kroniki."
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Ścieżka pliku podpisu hasza głównego"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Opcje trybu odtwarzania i bitmapy wykluczają się wzajemnie."
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Restart jądra po wykryciu uszkodzenia"
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Opcji kroniki nie można używać w trybie bitmapy."
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Opcje bitmapy mogą być używane tylko w trybie bitmapy."
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Panika jądra po wykryciu uszkodzenia"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"UWAGA!\n"
+"======\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Na pewno? (należy wpisać 'yes' wielkimi literami): "
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Zignotowanie uszkodzenia, jedynie logowanie"
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Błąd podczas odczytu odpowiedzi z terminala."
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Bez weryfikacji wyzerowanych bloków"
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Polecenie się powiodło."
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Sprawdzenie bloku danych tylko przy pierwszym odczycie"
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "niewłaściwe lub brakujące parametry"
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Opcje --ignore-corruption, --restart-on-corruption oraz --ignore-zero-blocks są dozwolone tylko przy operacji otwierania."
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "brak uprawnień lub błędne hasło"
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Opcja --root-hash-signature może być użyta tylko dla akcji otwierania."
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "brak pamięci"
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Opcji --ignore-corruption oraz --restart-on-corruption nie można użyć naraz."
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "podano niewłaściwe urządzenie lub plik"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Opcji --panic-on-corruption oraz --restart-on-corruption nie można użyć naraz."
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "urządzenie już istnieje lub jest zajęte"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "nieznany błąd"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Polecenie nie powiodło się z kodem %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Klucz numer %i utworzony."
-#: src/integritysetup.c:85
+#: src/utils_tools.c:258
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Błędny rozmiar klucza. Maksimum to %u bajtów."
+msgid "Key slot %i unlocked."
+msgstr "Klucz numer %i odblokowany."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Klucz numer %i usunięty."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Token %i utworzony."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Token %i usunięty."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Przy użyciu tego PIN-u nie udało się odblokować żadnego tokenu."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Token %i wymaga PIN-u."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Token (typu %s) wymaga PIN-u."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token %i nie może odblokować przypisanych obszarów kluczy (błędne hasło klucza)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token (typu %s) nie może odblokować przypisanych obszarów kluczy (błędne hasło klucza)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Token %i wymaga dodatkowego, brakującego zasobu."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Token (typu %s) wymaga dodatkowego, brakującego zasobu."
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "Brak dostępnego użytecznego tokenu (typu %s)."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Brak dostępnego użytecznego tokenu."
+
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Nie można odczytać pliku klucza %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/utils_tools.c:398
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Nie można odczytać %d bajtów z pliku klucza %s."
-#: src/integritysetup.c:266
+#: src/utils_tools.c:423
#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Sformatowano z rozmiarem znacznika %u, wewnętrzna integralność %s.\n"
+msgid "Cannot open keyfile %s for write."
+msgstr "Nie można otworzyć pliku klucza %s do zapisu."
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<urządzenie_integralności>"
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Nie można zapisać pliku klucza %s."
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<urządzenie_integralności> <nazwa>"
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
-#: src/integritysetup.c:515
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> d"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "zapisano %4<PRIu64> %s"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "szybkość %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Postęp: %5.1f%%, przewidywany czas zakończenia %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Zakończono, czas %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:74
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Nie można sprawdzić jakości hasła: %s"
+
+#: src/utils_password.c:49
#, c-format
msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Sprawdzenie jakości hasła nie powiodło się:\n"
+" %s"
+
+#: src/utils_password.c:81
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Sprawdzenie jakości hasła nie powiodło się: błędne hasło (%s)"
+
+#: src/utils_password.c:232 src/utils_password.c:246
+msgid "Error reading passphrase from terminal."
+msgstr "Błąd podczas odczytu hasła z terminala."
+
+#: src/utils_password.c:244
+msgid "Verify passphrase: "
+msgstr "Weryfikacja hasła: "
+
+#: src/utils_password.c:251
+msgid "Passphrases do not match."
+msgstr "Hasła nie zgadzają się."
+
+#: src/utils_password.c:289
+msgid "Cannot use offset with terminal input."
+msgstr "Nie można użyć offsetu, jeśli wejściem jest terminal."
+
+#: src/utils_password.c:293
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Hasło: "
+
+#: src/utils_password.c:296
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Hasło dla %s: "
+
+#: src/utils_password.c:330
+msgid "No key available with this passphrase."
+msgstr "Dla tego hasła nie ma dostępnego klucza."
+
+#: src/utils_password.c:332
+msgid "No usable keyslot is available."
+msgstr "Brak dostępnego miejsca na klucz."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Nie można wykonać weryfikacji hasła, jeśli wejściem nie jest terminal."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Nie udało się otworzyć pliku %s tylko do odczytu."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Poprawny token JSON dla LUKS2:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Nie udało się odczytać pliku JSON."
+
+#: src/utils_luks.c:207
+msgid ""
"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
+"Read interrupted."
msgstr ""
"\n"
-"<nazwa> to urządzenie do utworzenia pod %s\n"
-"<urządzenie_integralności> to urządzenie zawierające dane ze znacznikami integralności\n"
+"Odczyt przerwany."
-#: src/integritysetup.c:520
+#: src/utils_luks.c:248
#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Nie udało się otworzyć pliku %s do zapisu."
+
+#: src/utils_luks.c:257
msgid ""
"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
+"Write interrupted."
msgstr ""
"\n"
-"Domyślnie wkompilowane parametry dm-integrity:\n"
-"\tAlgorytm sumy kontrolnej: %s\n"
-"\tMaksymalny rozmiar pliku klucza: %dkB\n"
+"Zapis przerwany."
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Ścieżka do urządzenia danych (jeśli osobne)"
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Nie udało się zapisać pliku JSON."
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Rozmiar kroniki"
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Wykryto aktywne urządzenie dm '%s' dla urządzenia danych %s.\n"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Sektory przeplotu"
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Nie udało się wykryć właścicieli urządzenia %s."
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Znak wodny kroniki"
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Urządzenie %s nie jest urządzeniem blokowym.\n"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "procent"
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Nie udało się zdecydować, czy urządzenie %s jest uaktywnione, czy nie.\n"
+"Czy na pewno kontynuować ponowne szyfrowanie w trybie offline?\n"
+"Może to prowadzić do uszkodzenia danych, jeśli urządzenie jest aktywne.\n"
+"Aby uruchomić ponowne szyfrowanie w trybie online, należy użyć parametru\n"
+"--active-name.\n"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Czas zatwierdzania kroniki"
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Urządzenie %s nie jest urządzeniem blokowym. Nie można wykryć, czy jest aktywne.\n"
+"Można użyć --force-offline-reencrypt aby obejść to sprawdzenie i uruchomić w trybie offline (niebezpieczne!)."
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Nie można użyć żądanej opcji --resilience do obecnej operacji ponownego szyfrowania."
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Liczba 512-bajtowych sektorów na bit (tryb bitmapy)."
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Urządzenie nie jest w trybie szyfrowania LUKS2. Konflikt opcji --encrypt."
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Czas zrzutu trybu bitmapy"
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Urządzenie nie jest w trybie odszyfrowywania LUKS2. Konflikt opcji --decrypt."
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Rozmiar znacznika (na sektor)"
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Urządzenie jest w trybie ponownego szyfrowania z użyciem odporności przesunięcia danych. Nie można użyć żądanej opcji --resilience."
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Rozmiar sektora"
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Urządzenie wymaga odtwarzania ponownego szyfrowania. Najpierw należy uruchomić naprawę."
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Rozmiar buforów"
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Urządzenie %s jest już w trybie ponownego szyfrowania LUKS2. Czy wznowić uprzednio zainicjowaną operację?"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Algorytm integralności danych"
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Stara wersja ponownego szyfrowania LUKS2 nie jest już obsługiwana."
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Rozmiar klucza integralności danych"
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Ponowne szyfrowanie urządzenia z profilem integralności nie jest obsługiwane."
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Odczyt klucza integralności z pliku"
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Żądany --sector-size %<PRIu32> jest niezgodny z superblokiem %s\n"
+"(rozmiar bloku: %<PRIu32> B), wykrytym na urządzeniu %s."
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Algorytm integralności kroniki"
+#: src/utils_reencrypt.c:494
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Szyfrowanie bez odłączonego nagłówka (--header) jest niemożliwe bez ograniczenia rozmiaru urządzenia danych (--reduce-device-size)."
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Rozmiar klucza integralności kroniki"
+#: src/utils_reencrypt.c:500
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Żądany offset danych musi być mniejszy lub równy połowie parametru --reduce-device-size."
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Odczyt klucza integralności z pliku"
+#: src/utils_reencrypt.c:510
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Modyfikowanie wartości --reduce-device-size do dwukrotności parametru --offset %<PRIu64> (w sektorach).\n"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Algorytm szyfrowania kroniki"
+#: src/utils_reencrypt.c:540
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Plik nagłówka %s już istnieje. Przerwano."
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Rozmiar klucza szyfrowania kroniki"
+#: src/utils_reencrypt.c:542 src/utils_reencrypt.c:549
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Nie można utworzyć pliku tymczasowego nagłówka %s."
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Odczyt klucza szyfrującego kroniki z pliku"
+#: src/utils_reencrypt.c:574
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Rozmiar metadanych LUKS2 jest większy niż wartość przesunięcia danych."
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Tryb odtwarzania (bez kroniki, bez sprawdzania znaczników)"
+#: src/utils_reencrypt.c:611
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Nie udało się umieścić nowego nagłówka na początku urządzenia %s."
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Użycie bitmapy do śledzenia zmian i wyłączenie kroniki dla urządzenia integralności"
+#: src/utils_reencrypt.c:621
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s jest teraz aktywne i gotowe do szyfrowania w locie.\n"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Automatyczne przeliczenie znaczników początkowych."
+#: src/utils_reencrypt.c:657
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Aktywne urządzenie %s nie jest urządzeniem LUKS2."
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Bez zabezpieczania superbloku przy użyciu HMAC (stare jądra)"
+#: src/utils_reencrypt.c:685
+msgid "Restoring original LUKS2 header."
+msgstr "Odtwarzanie oryginalnego nagłówka LUKS2."
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Zezwolenie na przeliczanie wolumenów z kluczami HMAC (stare jądra)"
+#: src/utils_reencrypt.c:693
+msgid "Original LUKS2 header restore failed."
+msgstr "Odtwarzanie oryginalnego nagłówka LUKS2 nie powiodło się."
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Opcja --integrity-recalculate może być użyta tylko dla akcji otwierania."
+#: src/utils_reencrypt.c:719
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Plik nagłówka %s nie istnieje. Czy zainicjować odszyfrowywanie LUKS2 urządzenia %s i eksport nagłówka LUKS2 do pliku %s?"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Opcje --journal-size, --interleave-sectors, --sector-size, --tag-size oraz --no-wipe mogą być użyte tylko dla akcji formatowania."
+#: src/utils_reencrypt.c:767
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Nie udało się dodać uprawnień odczytu/zapisu do pliku wyeksportowanego nagłówka."
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Błędne określenie rozmiaru kroniki."
+#: src/utils_reencrypt.c:820
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Inicjowanie ponownego szyfrowania nie powiodło się. Kopia zapasowa nagłówka jest dostępna w %s."
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Muszą być podane obie opcje: pliku klucza i rozmiaru klucza."
+#: src/utils_reencrypt.c:848
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Odszyfrowanie LUKS2 jest obsługiwane tylko z urządzeniem z odłączonym nagłówkiem (z offsetem danych ustawionym na 0)."
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Muszą być podane obie opcje: pliku klucza integralności i rozmiaru klucza."
+#: src/utils_reencrypt.c:983 src/utils_reencrypt.c:992
+msgid "Not enough free keyslots for reencryption."
+msgstr "Za mało wolnych kluczy do ponownego szyfrowania."
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Algorytm integralności kroniki musi być podany, jeśli używany jest klucz integralności kroniki."
+#: src/utils_reencrypt.c:1013 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Rozmiaru klucza można użyć tylko z --key-slot albo przy dokładnie jednym aktywnym kluczu."
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Muszą być podane obie opcje: pliku szyfrowania kroniki i rozmiaru klucza."
+#: src/utils_reencrypt.c:1022 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Hasło dla klucza %d: "
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Algorytm szyfrowania kroniki musi być podany, jeśli używany jest klucz szyfrowania kroniki."
+#: src/utils_reencrypt.c:1034
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Hasło dla klucza %u: "
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Opcje trybu odtwarzania i bitmapy wykluczają się wzajemnie."
+#: src/utils_reencrypt.c:1086
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Zmiana szyfru do szyfrowania danych na %s.\n"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Opcji kroniki nie można używać w trybie bitmapy."
+#: src/utils_reencrypt.c:1140
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Nie zmieniono parametrów segmentu danych. Ponowne szyfrowanie przerwane."
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Opcje bitmapy mogą być używane tylko w trybie bitmapy."
+#: src/utils_reencrypt.c:1242
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Zwiększanie rozmiaru sektora szyfrowania na urządzeniu offline nie jest obsługiwane.\n"
+"Należy najpierw uaktywnić urządzenie lub użyć opcji --force-offline-reencrypt (niebezpieczna!)."
+
+#: src/utils_reencrypt.c:1282 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Ponowne szyfrowanie przerwane."
+
+#: src/utils_reencrypt.c:1287
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Wznawianie ponownego szyfrowania LUKS w wymuszonym trybie offline.\n"
+
+#: src/utils_reencrypt.c:1304
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Urządzenie %s zawiera uszkodzone metadane LUKS. Przerwano operację."
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Ponowne szyfrowanie już trwa."
+#: src/utils_reencrypt.c:1320 src/utils_reencrypt.c:1342
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Urządzenie %s jest już urządzeniem LUKS. Przerwano operację."
-#: src/cryptsetup_reencrypt.c:226
+#: src/utils_reencrypt.c:1348
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Urządzenie %s jest już w trybie ponownego szyfrowania LUKS. Przerwano operację."
+
+#: src/utils_reencrypt.c:1421
+msgid "LUKS2 decryption requires --header option."
+msgstr "Odszyfrowanie LUKS2 wymaga opcji --header."
+
+#: src/utils_reencrypt.c:1469
+msgid "Command requires device as argument."
+msgstr "Polecenie wymaga urządzenia jako argumentu."
+
+#: src/utils_reencrypt.c:1482
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Konflikt wersji. Urządzenie %s jest urządzeniem LUKS1."
+
+#: src/utils_reencrypt.c:1488
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Konflikt wersji. Urządzenie %s jest w trybie ponownego szyfrowania LUKS1."
+
+#: src/utils_reencrypt.c:1494
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Konflikt wersji. Urządzenie %s jest urządzeniem LUKS2."
+
+#: src/utils_reencrypt.c:1500
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Konflikt wersji. Urządzenie %s jest w trybie ponownego szyfrowania LUKS2."
+
+#: src/utils_reencrypt.c:1506
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Ponowne szyfrowanie LUKS2 jest już zainicjowane. Przerywanie operacji."
+
+#: src/utils_reencrypt.c:1513
+msgid "Device reencryption not in progress."
+msgstr "Ponowne szyfrowanie urządzenia nie jest w toku."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "Nie można otworzyć %s w trybie wyłącznym, urządzenie jest w użyciu."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
msgid "Allocation of aligned memory failed."
msgstr "Przydzielenie wyrównanego obszaru pamięci nie powiodło się."
-#: src/cryptsetup_reencrypt.c:247
+#: src/utils_reencrypt_luks1.c:150
#, c-format
msgid "Cannot read device %s."
msgstr "Nie można odczytać urządzenia %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/utils_reencrypt_luks1.c:161
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "Oznaczanie urządzenia LUKS1 %s jako bezużytecznego."
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Ustawianie flagi ponownego szyfrowania offline LUKS2 na urządzeniu %s."
-
-#: src/cryptsetup_reencrypt.c:279
+#: src/utils_reencrypt_luks1.c:177
#, c-format
msgid "Cannot write device %s."
msgstr "Nie można zapisać na urządzenie %s."
-#: src/cryptsetup_reencrypt.c:327
+#: src/utils_reencrypt_luks1.c:226
msgid "Cannot write reencryption log file."
msgstr "Nie można zapisać pliku logu ponownego szyfrowania."
-#: src/cryptsetup_reencrypt.c:383
+#: src/utils_reencrypt_luks1.c:282
msgid "Cannot read reencryption log file."
msgstr "Nie można odczytać pliku logu ponownego szyfrowania."
-#: src/cryptsetup_reencrypt.c:421
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Niewłaściwy format logu."
+
+#: src/utils_reencrypt_luks1.c:320
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Plik logu %s istnieje, wznowienie ponownego szyfrowania.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/utils_reencrypt_luks1.c:369
msgid "Activating temporary device using old LUKS header."
msgstr "Uaktywnianie urządzenia tymczasowego przy użyciu starego nagłówka LUKS."
-#: src/cryptsetup_reencrypt.c:480
+#: src/utils_reencrypt_luks1.c:379
msgid "Activating temporary device using new LUKS header."
msgstr "Uaktywnianie urządzenia tymczasowego przy użyciu nowego nagłówka LUKS."
-#: src/cryptsetup_reencrypt.c:490
+#: src/utils_reencrypt_luks1.c:389
msgid "Activation of temporary devices failed."
msgstr "Uaktywnianie urządzeń tymczasowych nie powiodła się."
-#: src/cryptsetup_reencrypt.c:577
+#: src/utils_reencrypt_luks1.c:449
msgid "Failed to set data offset."
msgstr "Nie udało się ustawić offsetu danych."
-#: src/cryptsetup_reencrypt.c:583
+#: src/utils_reencrypt_luks1.c:455
msgid "Failed to set metadata size."
msgstr "Nie udało się ustawić rozmiaru metadanych."
-#: src/cryptsetup_reencrypt.c:591
+#: src/utils_reencrypt_luks1.c:463
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Utworzono nowy nagłówek LUKS dla urządzenia %s."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Ta wersja cryptsetup-reencrypt nie obsługuje nowego typu tokenu wewnętrznego %s."
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Nie udało się odczytać flag uaktywniania z nagłówka zapasowego."
-
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Nie udało się zapisać flag uaktywniania w nowym nagłówku."
-
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Nie udało się odczytać wymagań z nagłówka zapasowego."
-
-#: src/cryptsetup_reencrypt.c:723
+#: src/utils_reencrypt_luks1.c:500
#, c-format
msgid "%s header backup of device %s created."
msgstr "Utworzono kopię zapasową nagłówka %s urządzenia %s."
-#: src/cryptsetup_reencrypt.c:786
+#: src/utils_reencrypt_luks1.c:556
msgid "Creation of LUKS backup headers failed."
msgstr "Tworzenie kopii zapasowych nagłówków LUKS nie powiodło się."
-#: src/cryptsetup_reencrypt.c:919
+#: src/utils_reencrypt_luks1.c:685
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "Nie można odtworzyć nagłówka %s na urządzeniu %s."
-#: src/cryptsetup_reencrypt.c:921
+#: src/utils_reencrypt_luks1.c:687
#, c-format
msgid "%s header on device %s restored."
msgstr "Odtworzono nagłówek %s na urządzeniu %s."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
msgid "Cannot open temporary LUKS device."
msgstr "Nie można otworzyć tymczasowego urządzenia LUKS."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
msgid "Cannot get device size."
msgstr "Nie można pobrać rozmiaru urządzenia."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/utils_reencrypt_luks1.c:968
msgid "IO error during reencryption."
msgstr "Błąd we/wy podczas ponownego szyfrowania."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/utils_reencrypt_luks1.c:998
msgid "Provided UUID is invalid."
msgstr "Dostarczony UUID jest nieprawidłowy."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/utils_reencrypt_luks1.c:1224
msgid "Cannot open reencryption log file."
msgstr "Nie można otworzyć pliku logu ponownego szyfrowania."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/utils_reencrypt_luks1.c:1230
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "Nie w trakcie odszyfrowywania; dostarczony UUID może być użyty tylko do wznowienia wstrzymanego procesu odszyfrowywania."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Zmieniono parametry PBKDF dla klucza %i."
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Rozmiar bloku ponownego szyfrowania"
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
-
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Bez zmiany klucza i ponownego szyfrowania obszaru danych"
-
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Odczyt nowego klucza wolumenu (klucza głównego) z pliku"
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Czas iteracji PBKDF2 dla LUKS (w milisekundach)"
-
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Użycie bezpośredniego we/wy przy dostępie do urządzeń"
-
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Użycie fsync po każdym bloku"
-
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Uaktualnianie pliku logu po każdym bloku"
-
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Użycie tylko tego slotu (wyłączenie pozostałych)"
-
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Utworzenie nowego nagłówka na nieszyfrowanym urządzeniu"
-
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Trwałe odszyfrowanie urządzenia (usunięcie szyfrowania)"
-
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "UUID używany do wznowienia odszyfrowywania"
-
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Typ metadanych LUKS: luks1, luks2"
-
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[OPCJA...] <urządzenie>"
-
-#: src/cryptsetup_reencrypt.c:1687
+#: src/utils_reencrypt_luks1.c:1286
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "Ponowne szyfrowanie zmieni: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/utils_reencrypt_luks1.c:1287
msgid "volume key"
msgstr "klucz wolumenu"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/utils_reencrypt_luks1.c:1289
msgid "set hash to "
msgstr "hasz na "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/utils_reencrypt_luks1.c:1290
msgid ", set cipher to "
msgstr ", szyfr na"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Wymagany argument."
-
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Jako rozmiar bloku ponownego szyfrowania dozwolone są jedynie wartości od 1 MiB do 64 MiB."
-
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Maksymalna wartość ograniczenia rozmiaru urządzenia to 64MiB."
-
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Opcja --new musi być użyta wraz z --reduce_device_size lub --header."
-
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Opcja --keep-key może być użyta tylko z --hash, --iter-time lub --pbkdf-force-iterations.."
-
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Opcja --new nie może być użyta wraz z --decrypt."
-
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Opcja --decrypt jest niezgodna z podanymi parametrami."
-
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Opcja --uuid jest dozwolona tylko wraz z --decrypt."
-
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Błędny typ LUKS - musi być jednym z 'luks', 'luks1' lub 'luks2'."
-
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Błąd podczas odczytu odpowiedzi z terminala."
-
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Polecenie się powiodło.\n"
-
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "niewłaściwe lub brakujące parametry"
-
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "brak uprawnień lub błędne hasło"
-
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "brak pamięci"
-
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "podano niewłaściwe urządzenie lub plik"
-
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "urządzenie już istnieje lub jest zajęte"
-
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "nieznany błąd"
-
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Polecenie nie powiodło się z kodem %i (%s).\n"
-
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Klucz numer %i utworzony."
-
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Klucz numer %i odblokowany."
-
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Klucz numer %i usunięty."
-
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Token %i utworzony."
-
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Token %i usunięty."
-
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Wymazywanie przerwane."
-
-#: src/utils_tools.c:476
+#: src/utils_blockdev.c:189
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr "UWAGA: urządzenie %s już zawiera sygnaturę partycji '%s'.\n"
-#: src/utils_tools.c:484
+#: src/utils_blockdev.c:197
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr "UWAGA: urządzenie %s już zawiera sygnaturę superbloku '%s'.\n"
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
msgid "Failed to initialize device signature probes."
msgstr "Nie udało się zainicjować sond sygnatur urządzeń."
-#: src/utils_tools.c:549
+#: src/utils_blockdev.c:274
#, c-format
msgid "Failed to stat device %s."
msgstr "Nie udało się wykonać stat na urządzeniu %s."
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Urządzenie %s jest w użyciu. Nie można kontynuować operacji formatowania."
-
-#: src/utils_tools.c:564
+#: src/utils_blockdev.c:289
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr "Nie udało się otworzyć pliku %s do odczytu i zapisu."
-#: src/utils_tools.c:578
+#: src/utils_blockdev.c:307
#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Istniejąca sygnatura partycji '%s' (offset w bajtach: %<PRIi64>) na urządzeniu %s zostanie wymazana."
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Istniejąca sygnatura partycji '%s' na urządzeniu %s zostanie wymazana."
-#: src/utils_tools.c:581
+#: src/utils_blockdev.c:310
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Istniejąca sygnatura superbloku '%s' (offset w bajtach: %<PRIi64>) na urządzeniu %s zostanie wymazana."
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Istniejąca sygnatura superbloku '%s' na urządzeniu %s zostanie wymazana."
-#: src/utils_tools.c:584
+#: src/utils_blockdev.c:313
msgid "Failed to wipe device signature."
msgstr "Nie udało się wymazać sygnatury urządzenia."
-#: src/utils_tools.c:591
+#: src/utils_blockdev.c:320
#, c-format
msgid "Failed to probe device %s for a signature."
msgstr "Nie udało się sprawdzić sygnatury urządzenia %s."
-#: src/utils_tools.c:622
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Błędne określenie rozmiaru w parametrze --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Opcja --%s nie jest dozwolona z akcją %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Nie udało się zapisać danych JSON tokenu SSH."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
"\n"
-"Reencryption interrupted."
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
msgstr ""
+"Eksperymentalna wtyczka cryptsetup do odblokowywania urządzeń LUKS2 przy użyciu tokenu połączonego do serwera SSH\vTa wtyczka aktualnie pozwala tylko dodawać token do istniejącego obszaru klucza.\n"
"\n"
-"Ponowne szyfrowanie przerwane."
+"Podany serwer SSH musi zawierać plik klucza pod podaną ścieżką z hasłem do istniejącego obszaru klucza na urządzeniu.\n"
+"Przekazane dane uwierzytelniające będą użyte przez cryptsetup do uzyskania hasła przy otwieraniu urządzenia przy użyciu tokenu.\n"
+"\n"
+"Uwaga: informacje dostarczone przy dodawaniu tokenu (adres serwera SSH, użytkownik i ścieżki) zostaną zapisane w nagłówku LUKS2 czystym tekstem."
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Nie można sprawdzić jakości hasła: %s"
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<akcja> <urządzenie>"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Sprawdzenie jakości hasła nie powiodło się:\n"
-" %s"
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Opcje dla akcji 'add':"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Sprawdzenie jakości hasła nie powiodło się: błędne hasło (%s)"
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "Adres IP/URL zdalnego serwera dla tego tokenu"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Błąd podczas odczytu hasła z terminala."
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Nazwa użytkownika do użycia ze zdalnym serwerem"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Weryfikacja hasła: "
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Ścieżka do pliku klucza na zdalnym serwerze"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Hasła nie zgadzają się."
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Ścieżka do klucza SSH do połączenia ze zdalnym serwerem"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Nie można użyć offsetu, jeśli wejściem jest terminal."
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Obszar klucza do przypisania tokenu. Domyślnie token zostanie przypisany do pierwszego obszaru pasującego do podanego hasła."
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Hasło: "
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Opcje ogólne:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Wyświetlanie bardziej szczegółowych komunikatów błędów"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Wyświetlanie komunikatów diagnostycznych"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Wyświetlanie komunikatów diagnostycznych wraz z metadanymi JSON"
-#: src/utils_password.c:290
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Nie udało się otworzyć i zaimportować klucza prywatnego:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Nie udało się zaimportować klucza prywatnego (zabezpieczony hasłem?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Hasło dla %s: "
+msgid "%s@%s's password: "
+msgstr "Hasło %s@%s: "
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Dla tego hasła nie ma dostępnego klucza."
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Nie udało się przeanalizować argumentów.\n"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Brak dostępnego miejsca na klucz."
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Musi być podana akcja\n"
-#: src/utils_password.c:365
+#: tokens/ssh/cryptsetup-ssh.c:374
#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Nie można otworzyć pliku klucza %s do zapisu."
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Dla akcji '%s' musi być podane urządzenie.\n"
-#: src/utils_password.c:372
+#: tokens/ssh/cryptsetup-ssh.c:379
#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Nie można zapisać pliku klucza %s."
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Dla akcji '%s' musi być podany serwer SSH.\n"
-#: src/utils_luks2.c:47
+#: tokens/ssh/cryptsetup-ssh.c:384
#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Nie udało się otworzyć pliku %s tylko do odczytu."
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Dla akcji '%s' musi być podany użytkownik SSH.\n"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Poprawny token JSON dla LUKS2:\n"
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Dla akcji '%s' musi być podana ścieżka SSH.\n"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Nie udało się odczytać pliku JSON."
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Dla akcji '%s' musi być podana ścieżka klucza SSH.\n"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Odczyt przerwany."
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Nie udało się otworzyć %s przy użyciu podanych danych uwierzytelniających.\n"
-#: src/utils_luks2.c:113
+#: tokens/ssh/cryptsetup-ssh.c:417
#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Nie udało się otworzyć pliku %s do zapisu."
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Ta wtyczka obecnie obsługuje wyłącznie akcję 'add'.\n"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Zapis przerwany."
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Nie można utworzyć sesji sftp: "
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Nie udało się zapisać pliku JSON."
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Nie można zainicjować sesji sftp: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Nie można otworzyć sesji sftp: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Nie można wykonać stat pliku sftp: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Za mało pamięci.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Nie można odczytać klucza zdalnego: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Połączenie nie powiodło się: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Nieznany serwer: "
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Nie udało się wyłączyć flagi wymagania ponownego szyfrowania."
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Metoda autoryzacji klucza publicznego nie jest dozwolona przez serwer.\n"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Wygląda na to, że urządzenie nie wymaga odtwarzania ponownego szyfrowania.\n"
-#~ "Czy mimo to kontynuować?"
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Błąd uwierzytelniania kluczem publicznym: "
msgstr ""
"Project-Id-Version: cryptsetup 2.1.0\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2019-01-26 19:02+0100\n"
"PO-Revision-Date: 2019-01-28 07:58-0200\n"
"Last-Translator: Rafael Fontenelle <rafaelff@gnome.org>\n"
"Language-Team: Brazilian Portuguese <ldpbr-translation@lists.sourceforge.net>\n"
"X-Generator: Virtaal 1.0.0-beta1\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:336
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Não foi possível inicializar o mapeador de dispositivo, executando como usuário não-root."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:339
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Não foi possível inicializar o mapeador de dispositivo. O módulo de kernel dm_mod está carregado?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1010
msgid "Requested deferred flag is not supported."
msgstr "Não há suporte ao sinalizador atrasado requisitado."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1077
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID para o dispositivo \"%s\" estava truncada."
-#: lib/libdevmapper.c:1580
-#, fuzzy
-msgid "Unknown dm target type."
-msgstr "Tipo %s de PBKDF desconhecido."
-
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1486
msgid "Requested dm-crypt performance options are not supported."
msgstr "Não há suporte às opções de desempenho de dm-crypt requisitadas."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1493
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Não há suporte à tratamento de corrompimento de dados de dm-verify requisitada."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1497
msgid "Requested dm-verity FEC options are not supported."
msgstr "Não há suporte às opções FEC dm-verity requisitadas."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1501
msgid "Requested data integrity options are not supported."
msgstr "Não há suporte às opções de integridade de dados requisitadas."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1503
msgid "Requested sector_size option is not supported."
msgstr "Não há suporte à opção sector_size requisitada."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1508
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Não há suporte à recalculação automática de tags de integridade requisitada."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1534
+msgid "Requested dmcrypt performance options are not supported."
+msgstr "Não há suporte às opções de desempenho de dmcrypt requisitadas."
+
+#: lib/libdevmapper.c:1537
msgid "Discard/TRIM is not supported."
msgstr "Não há suporte a descarte/TRIM."
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
-msgstr "Não há suporte às opções de integridade de dados requisitadas."
-
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2413
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Falha ao consultar o segmento dm-%s."
-#: lib/random.c:75
+#: lib/random.c:80
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"O sistema sem entropia suficiente enquanto gera chave de volume.\n"
"Por favor mova o mouse ou digite algum texto em outra janela para obter alguns eventos aleatórios.\n"
-#: lib/random.c:79
+#: lib/random.c:84
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Gerando chave (%d%% concluído).\n"
-#: lib/random.c:165
+#: lib/random.c:170
msgid "Running in FIPS mode."
msgstr "Executando no modo FIPS."
-#: lib/random.c:171
+#: lib/random.c:176
msgid "Fatal error during RNG initialisation."
msgstr "Erro fatal durante inicialização de RNG."
-#: lib/random.c:208
+#: lib/random.c:213
msgid "Unknown RNG quality requested."
msgstr "Qualidade RNG requisitada desconhecida."
-#: lib/random.c:213
+#: lib/random.c:218
msgid "Error reading from RNG."
msgstr "Erro na leitura de RNG."
-#: lib/setup.c:229
+#: lib/setup.c:214
msgid "Cannot initialize crypto RNG backend."
msgstr "Não foi possível inicializar o backend RNG de criptografia."
-#: lib/setup.c:235
+#: lib/setup.c:220
msgid "Cannot initialize crypto backend."
msgstr "Não foi possível inicializar o backend de criptografia."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:251 lib/setup.c:1899 lib/verity/verity.c:123
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Não há suporte ao algoritmo hash %s."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:254 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Erro de processamento de chave (usando hash %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:315 lib/setup.c:342
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Não foi possível determinar o tipo do dispositivo. Ativação de dispositivo incompatível?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:321 lib/setup.c:2892
msgid "This operation is supported only for LUKS device."
msgstr "Há suporte a esta operação apenas para dispositivo LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:348
msgid "This operation is supported only for LUKS2 device."
msgstr "Há suporte a esta operação apenas para dispositivo LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:396
msgid "All key slots full."
msgstr "Todos os slots de chave estão cheios."
-#: lib/setup.c:434
+#: lib/setup.c:407
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Slot de chave %d é inválido, por favor selecione entre 0 e %d."
-#: lib/setup.c:440
+#: lib/setup.c:413
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Slot de chave %d está cheio, por favor selecione outro."
-#: lib/setup.c:525 lib/setup.c:2832
-#, fuzzy
-msgid "Device size is not aligned to device logical block size."
-msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado."
-
-#: lib/setup.c:624
+#: lib/setup.c:589
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Cabeçalho detectado, mas o dispositivo %s é muito pequeno."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:626
msgid "This operation is not supported for this device type."
msgstr "Não há suporte a esta operação para este tipo de dispositivo."
-#: lib/setup.c:666
-#, fuzzy
-msgid "Illegal operation with reencryption in-progress."
-msgstr "Recriptografia offline em progresso. Abortando."
-
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:791 lib/luks1/keymanage.c:481
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Não há suporte ao LUKS versão %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:808 lib/setup.c:1403 lib/setup.c:1812
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr "Não há suporte ao dispositivo de metadados desanexado para este tipo de criptografia."
+
+#: lib/setup.c:1288 lib/setup.c:2392 lib/setup.c:2464 lib/setup.c:2476
+#: lib/setup.c:2625 lib/setup.c:4021
#, c-format
msgid "Device %s is not active."
msgstr "O dispositivo \"%s\" não está ativado."
-#: lib/setup.c:1444
+#: lib/setup.c:1310
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "O dispositivo subjacente para o dispositivo de criptografia %s desapareceu."
-#: lib/setup.c:1524
+#: lib/setup.c:1388
msgid "Invalid plain crypt parameters."
msgstr "Parâmetros de criptografia clara inválidos."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1393 lib/setup.c:1802 src/integritysetup.c:72
msgid "Invalid key size."
msgstr "Tamanho de chave inválida."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1398 lib/setup.c:1807 lib/setup.c:2009
msgid "UUID is not supported for this crypt type."
msgstr "Não há suporte ao UUID para este tipo de criptografia."
-#: lib/setup.c:1539 lib/setup.c:1959
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "Não há suporte ao dispositivo de metadados desanexado para este tipo de criptografia."
-
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1413 lib/setup.c:1603 src/cryptsetup.c:1045
msgid "Unsupported encryption sector size."
msgstr "Não há suporte ao tamanho de setor de criptografia."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1421 lib/setup.c:1720
msgid "Device size is not aligned to requested sector size."
msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1472 lib/setup.c:1591
msgid "Can't format LUKS without device."
msgstr "Não é possível formatar LUKS sem dispositivo."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1478 lib/setup.c:1597
msgid "Requested data alignment is not compatible with data offset."
msgstr "Alinhamento de dados requisitado não é compatível com a posição dos dados."
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1546 lib/setup.c:1715
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr "AVISO: A posição dos dados está fora do dispositivo de dados atualmente disponível.\n"
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1556 lib/setup.c:1735 lib/setup.c:1754 lib/setup.c:2021
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Não foi possível apagar o cabeçalho no dispositivo %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1608
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "AVISO: A ativação do dispositivo vai falhar, dm-crypt carece de suporte para o tamanho de setor de criptografia requisitado.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1630
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "A chave de volume é pequena demais para criptografia com extensões de integridade."
-#: lib/setup.c:1821
+#: lib/setup.c:1685
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "A cifra %s-%s (tamanho de chave %zd bits) não está disponível."
-#: lib/setup.c:1854
-#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1858
+#: lib/setup.c:1747
#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
-#, c-format
-msgid "Device %s is too small."
-msgstr "O dispositivo %s é muito pequeno."
-
-#: lib/setup.c:1893 lib/setup.c:1919
-#, c-format
-msgid "Cannot format device %s in use."
-msgstr "Não é possível formatar dispositivo %s em uso."
+msgid "Cannot format device %s which is still in use."
+msgstr "Não foi possível formatar o dispositivo %s, o qual ainda está em uso."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1750 lib/setup.c:1775
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Não é possível formatar o dispositivo %s, permissão negada."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1762 lib/setup.c:2073
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Não foi possível formatar integridade para o dispositivo %s."
-#: lib/setup.c:1926
+#: lib/setup.c:1772
+#, c-format
+msgid "Cannot format device %s in use."
+msgstr "Não é possível formatar dispositivo %s em uso."
+
+#: lib/setup.c:1779
#, c-format
msgid "Cannot format device %s."
msgstr "Não foi possível formatar o dispositivo %s."
-#: lib/setup.c:1944
+#: lib/setup.c:1797
msgid "Can't format LOOPAES without device."
msgstr "Não foi possível formatar LOOPAES sem dispositivo."
-#: lib/setup.c:1989
+#: lib/setup.c:1842
msgid "Can't format VERITY without device."
msgstr "Não foi possível formatar VERITY sem dispositivo."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:1853 lib/verity/verity.c:106
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Não há suporte ao tipo de hash VERITY %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:1859 lib/verity/verity.c:114
msgid "Unsupported VERITY block size."
msgstr "Não há suporte ao tamanho de bloco VERITY."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:1864 lib/verity/verity.c:75
msgid "Unsupported VERITY hash offset."
msgstr "Não há suporte à posição de hash VERITY."
-#: lib/setup.c:2016
+#: lib/setup.c:1869
msgid "Unsupported VERITY FEC offset."
msgstr "Não há suporte à posição de FEC VERITY."
-#: lib/setup.c:2040
+#: lib/setup.c:1893
msgid "Data area overlaps with hash area."
msgstr "A área de dados se sobrepõe à área hash."
-#: lib/setup.c:2065
+#: lib/setup.c:1918
msgid "Hash area overlaps with FEC area."
msgstr "Área de hash sobreposta com área de FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:1925
msgid "Data area overlaps with FEC area."
msgstr "Área de dados sobreposta com área de FEC."
-#: lib/setup.c:2208
-#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
-
-#: lib/setup.c:2286
+#: lib/setup.c:2130
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Tipo de dispositivo de criptografia requisitado %s desconhecido."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2398 lib/setup.c:2470 lib/setup.c:2483
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Não há suporte aos parâmetros no dispositivo %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2404 lib/setup.c:2489
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Parâmetros incompatíveis no dispositivo %s."
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
-
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/setup.c:2735
-#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
-
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/setup.c:2817
+#: lib/setup.c:2657
msgid "Cannot resize loop device."
msgstr "Não foi possível redimensionar o dispositivo de loop."
-#: lib/setup.c:2890
+#: lib/setup.c:2666
+#, c-format
+msgid "Device %s size is not aligned to requested sector size (%u bytes)."
+msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)."
+
+#: lib/setup.c:2725
msgid "Do you really want to change UUID of device?"
msgstr "Você realmente deseja alterar o UUID do dispositivo?"
-#: lib/setup.c:2966
+#: lib/setup.c:2801
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Arquivo de cópia de segurança de cabeçalho não contém um cabeçalho LUKS compatível."
-#: lib/setup.c:3066
+#: lib/setup.c:2900
#, c-format
msgid "Volume %s is not active."
msgstr "O volume %s não está ativado."
-#: lib/setup.c:3077
+#: lib/setup.c:2911
#, c-format
msgid "Volume %s is already suspended."
msgstr "O volume %s já está suspenso."
-#: lib/setup.c:3090
+#: lib/setup.c:2925
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "A suspensão não oferece suporte ao dispositivo %s."
-#: lib/setup.c:3092
+#: lib/setup.c:2927
#, c-format
msgid "Error during suspending device %s."
msgstr "Ocorreu um erro ao suspender o dispositivo %s."
-#: lib/setup.c:3128
+#: lib/setup.c:2960 lib/setup.c:3027
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "O volume %s não estava suspenso."
+
+#: lib/setup.c:2989
#, c-format
msgid "Resume is not supported for device %s."
msgstr "O resumo não oferece suporte a este dispositivo %s."
-#: lib/setup.c:3130
+#: lib/setup.c:2991 lib/setup.c:3059
#, c-format
msgid "Error during resuming device %s."
msgstr "Ocorreu um erro ao resumir o dispositivo %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, c-format
-msgid "Volume %s is not suspended."
-msgstr "O volume %s não estava suspenso."
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-msgid "Volume key does not match the volume."
-msgstr "A chave de volume não corresponde ao volume."
-
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3127 lib/setup.c:3315
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Não foi possível adicionar slot de chave, todos slots desabilitados ou nenhuma chave de volume fornecida."
-#: lib/setup.c:3487
+#: lib/setup.c:3267
msgid "Failed to swap new key slot."
msgstr "Falha ao trocar novo slot de chave."
-#: lib/setup.c:3673
+#: lib/setup.c:3432 lib/setup.c:3865 lib/setup.c:3878 lib/setup.c:3886
+#: lib/setup.c:3899 lib/setup.c:4198 lib/setup.c:5274
+msgid "Volume key does not match the volume."
+msgstr "A chave de volume não corresponde ao volume."
+
+#: lib/setup.c:3453
#, c-format
msgid "Key slot %d is invalid."
msgstr "O slot de chave %d é inválido."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3459
#, c-format
-msgid "Keyslot %d is not active."
-msgstr "O slot de chave %d não está ativo."
+msgid "Key slot %d is not used."
+msgstr "O slot de chave %d não está sendo usado."
-#: lib/setup.c:3698
+#: lib/setup.c:3478
msgid "Device header overlaps with data area."
msgstr "O cabeçalho do dispositivo se sobrepõe à área de dados."
-#: lib/setup.c:3992
-#, fuzzy
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr "Recriptografia já está em progresso."
-
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "Falha ao obter trava de dispositivo de escrita."
-
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-#, fuzzy
-msgid "LUKS2 reencryption recovery failed."
-msgstr "Não há suporte ao tamanho de setor de criptografia."
-
-#: lib/setup.c:4175 lib/setup.c:4437
-#, fuzzy
-msgid "Device type is not properly initialized."
+#: lib/setup.c:3684 lib/setup.c:3952
+msgid "Device type is not properly initialised."
msgstr "O tipo de dispositivo não foi inicializado corretamente."
-#: lib/setup.c:4223
-#, c-format
-msgid "Device %s already exists."
-msgstr "O dispositivo %s já existe."
-
-#: lib/setup.c:4230
+#: lib/setup.c:3726
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Não foi possível usar o dispositivo %s, o nome é inválido ou ainda está em uso."
-#: lib/setup.c:4350
+#: lib/setup.c:3729
+#, c-format
+msgid "Device %s already exists."
+msgstr "O dispositivo %s já existe."
+
+#: lib/setup.c:3852
msgid "Incorrect volume key specified for plain device."
msgstr "Chave de volume incorreta especificada para dispositivo claro."
-#: lib/setup.c:4463
+#: lib/setup.c:3918
msgid "Incorrect root hash specified for verity device."
msgstr "Hash raiz incorreta especificada para o dispositivo verity."
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-#, fuzzy
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr "Não há suporte a chaveiro de kernel neste kernel."
-
-#: lib/setup.c:4496 lib/setup.c:5976
-msgid "Failed to load key in kernel keyring."
-msgstr "Falha ao carregar chave no chaveiro de kernel."
-
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:3995 lib/setup.c:4010
#, c-format
msgid "Device %s is still in use."
msgstr "O dispositivo %s ainda está em uso."
-#: lib/setup.c:4574
+#: lib/setup.c:4025
#, c-format
msgid "Invalid device %s."
msgstr "Dispositivo inválido %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4134
+msgid "Function not available in FIPS mode."
+msgstr "Função não disponível no modo FIPS."
+
+#: lib/setup.c:4148
msgid "Volume key buffer too small."
msgstr "Buffer de chave de volume muito pequena."
-#: lib/setup.c:4698
+#: lib/setup.c:4156
msgid "Cannot retrieve volume key for plain device."
msgstr "Não foi possível obter chave de volume para dispositivo claro."
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "Hash raiz incorreta especificada para o dispositivo verity."
-
-#: lib/setup.c:4717
+#: lib/setup.c:4167
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Não há suporte a esta operação para o dispositivo de criptografia %s."
-#: lib/setup.c:4923
+#: lib/setup.c:4354
msgid "Dump operation is not supported for this device type."
msgstr "Não há suporte à operação de despejo para este tipo de dispositivo."
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
+#: lib/setup.c:4930
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Não foi possível converter o dispositivo %s, o qual ainda está em uso."
-#: lib/setup.c:5833
+#: lib/setup.c:5213
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Falha ao atribuir o slot de chave %u como a nova chave de volume."
-#: lib/setup.c:5906
-#, fuzzy
-msgid "Failed to initialize default LUKS2 keyslot parameters."
+#: lib/setup.c:5280
+msgid "Failed to initialise default LUKS2 keyslot parameters."
msgstr "Falha ao inicializar os parâmetros padrão de slot de chave LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:5286
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Falha ao atribuir o slot de chave %d ao resumo."
-#: lib/setup.c:6043
+#: lib/setup.c:5370
+msgid "Failed to load key in kernel keyring."
+msgstr "Falha ao carregar chave no chaveiro de kernel."
+
+#: lib/setup.c:5425
msgid "Kernel keyring is not supported by the kernel."
msgstr "Não há suporte a chaveiro de kernel neste kernel."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:5435
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Falha ao ler senha do chaveiro (erro %d)."
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
-
-#: lib/utils.c:80
+#: lib/utils.c:81
msgid "Cannot get process priority."
msgstr "Não foi possível obter prioridade de processo."
-#: lib/utils.c:94
+#: lib/utils.c:95
msgid "Cannot unlock memory."
msgstr "Não foi possível desbloquear memória."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:169 lib/tcrypt/tcrypt.c:498
msgid "Failed to open key file."
msgstr "Falha ao abrir arquivo de chave."
-#: lib/utils.c:173
+#: lib/utils.c:174
msgid "Cannot read keyfile from a terminal."
msgstr "Não foi possível ler o arquivo de chave de um terminal."
-#: lib/utils.c:190
+#: lib/utils.c:191
msgid "Failed to stat key file."
msgstr "Falha ao obter estado do arquivo."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:199 lib/utils.c:220
msgid "Cannot seek to requested keyfile offset."
msgstr "Não foi possível buscar a posição do arquivo de chave requisitado."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:214 lib/utils.c:229 src/utils_password.c:188
+#: src/utils_password.c:201
msgid "Out of memory while reading passphrase."
msgstr "Memória insuficiente para leitura da senha."
-#: lib/utils.c:248
+#: lib/utils.c:249
msgid "Error reading passphrase."
msgstr "Erro ao ler a senha."
-#: lib/utils.c:265
+#: lib/utils.c:266
msgid "Nothing to read on input."
msgstr "Nada para ler na entrada."
-#: lib/utils.c:272
+#: lib/utils.c:273
msgid "Maximum keyfile size exceeded."
msgstr "Tamanho máximo de arquivo de chave excedido."
-#: lib/utils.c:277
+#: lib/utils.c:278
msgid "Cannot read requested amount of data."
msgstr "Não foi possível ler a quantidade requisitada de dados."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
+#: lib/utils_device.c:184 lib/luks1/keyencryption.c:92
+#, c-format
+msgid "Device %s doesn't exist or access denied."
msgstr "O dispositivo %s não existe ou acesso negado."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:194
#, c-format
msgid "Device %s is not compatible."
msgstr "O dispositivo %s não é compatível."
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
+#: lib/utils_device.c:560
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Dispositivo %s é muito pequeno. Necessita de pelo menos %<PRIu64> bytes."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:641
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Não foi possível usar o dispositivo %s, o qual está em uso (já mapeado ou montado)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:645
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Não foi possível usar o dispositivo %s, permissão negada."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:648
#, c-format
msgid "Cannot get info about device %s."
msgstr "Não foi possível obter informação sobre o dispositivo %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:671
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Não foi possível usar um dispositivo de loopback, executando como usuário não-root."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:681
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Anexação de dispositivo loopback falhou (dispositivo de loop com sinalizador autoclear é necessário)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:727
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "A posição requisitada está além do tamanho real do dispositivo %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:735
#, c-format
msgid "Device %s has zero size."
msgstr "O dispositivo %s possui tamanho zero."
+#: lib/utils_device.c:746 lib/luks1/keyencryption.c:252
+#, c-format
+msgid "Device %s is too small."
+msgstr "O dispositivo %s é muito pequeno."
+
#: lib/utils_pbkdf.c:100
msgid "Requested PBKDF target time cannot be zero."
msgstr "Tempo alvo PBKDF requisitado não pode ser zero."
msgid "Requested PBKDF parallel threads cannot be zero."
msgstr "Fluxos paralelos PBKDF requisitados não podem ser zero."
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
-
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:317
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Teste de PBKDF desabilitado, mas iterações não definidas."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:336
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Opções PBKDF2 não compatíveis (sando algoritmo hash %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:356
msgid "Not compatible PBKDF options."
msgstr "Opções PBKDF2 não compatíveis."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:80
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Trava abortada. O caminho de trava %s/%s não é usável (faltando ou não é um diretório)."
-#: lib/utils_device_locking.c:109
+#: lib/utils_device_locking.c:87
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "WARNING: Locking directory %s/%s is missing!\n"
+msgstr "AVISO: Diretório de trava %s/%s está faltando!\n"
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:97
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Trava abortada. O caminho de trava %s/%s não é usável (%s não é um diretório)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-msgid "Cannot seek to device offset."
-msgstr "Não foi possível ir à posição do dispositivo."
-
-#: lib/utils_wipe.c:208
-#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:39
+#: lib/luks1/keyencryption.c:40
#, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
"Falha ao configurar mapeamento de chave dm-crypt para o dispositivo %s.\n"
"Certifique-se de que o kernel oferece suporte cifra de %s (verifique o syslog para mais informação)."
-#: lib/luks1/keyencryption.c:44
+#: lib/luks1/keyencryption.c:45
msgid "Key size in XTS mode must be 256 or 512 bits."
msgstr "Tamanho de chave no modo XTS deve ser 256 ou 512 bits."
-#: lib/luks1/keyencryption.c:46
+#: lib/luks1/keyencryption.c:47
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "A especificação de cifra deve estar no formato [cifra]-[modo]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:98 lib/luks1/keymanage.c:345
+#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1079
+#: lib/luks2/luks2_json_metadata.c:1157 lib/luks2/luks2_keyslot.c:448
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Não foi possível escrever para o dispositivo %s, permissão negada."
msgid "Failed to access temporary keystore device."
msgstr "Falha ao acessar o dispositivo temporário de armazenamento de chave."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:91
msgid "IO error while encrypting keyslot."
msgstr "Erro de E/S ao criptografar slot de chave."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:243 lib/luks1/keymanage.c:348
+#: lib/luks1/keymanage.c:594 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:663
+#: lib/verity/verity.c:81 lib/verity/verity.c:182 lib/verity/verity_hash.c:308
+#: lib/verity/verity_hash.c:319 lib/verity/verity_hash.c:339
+#: lib/verity/verity_fec.c:242 lib/verity/verity_fec.c:254
+#: lib/verity/verity_fec.c:259 lib/luks2/luks2_json_metadata.c:1160
+#: src/cryptsetup_reencrypt.c:208
#, c-format
msgid "Cannot open device %s."
msgstr "Não foi possível abrir o dispositivo %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:254 lib/luks2/luks2_keyslot_luks2.c:152
msgid "IO error while decrypting keyslot."
msgstr "Erro de E/S ao descriptografar slot de chave."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:111
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Dispositivo %s é muito pequeno. (LUKS1 precisa de pelo menos %<PRIu64> bytes.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:132 lib/luks1/keymanage.c:140
+#: lib/luks1/keymanage.c:152 lib/luks1/keymanage.c:163
+#: lib/luks1/keymanage.c:175
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "O slot de chave LUKS %u é inválido."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:478
+#: lib/luks2/luks2_json_metadata.c:991 src/cryptsetup.c:1236
+#: src/cryptsetup.c:1355 src/cryptsetup.c:1412 src/cryptsetup.c:1468
+#: src/cryptsetup.c:1535 src/cryptsetup.c:1631 src/cryptsetup.c:1695
+#: src/cryptsetup.c:1855 src/cryptsetup.c:2044 src/cryptsetup.c:2104
+#: src/cryptsetup.c:2170 src/cryptsetup.c:2334 src/cryptsetup_reencrypt.c:1397
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "O dispositivo %s não é um dispositivo LUKS válido."
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:247 lib/luks2/luks2_json_metadata.c:1010
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "O arquivo de cópia de segurança de cabeçalho requisitado %s já existe."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:249 lib/luks2/luks2_json_metadata.c:1012
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Não foi possível criar o arquivo de cópia de segurança de cabeçalho %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:254 lib/luks2/luks2_json_metadata.c:1017
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Não foi possível escrever o arquivo de cópia de segurança de cabeçalho %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
+#: lib/luks1/keymanage.c:287 lib/luks2/luks2_json_metadata.c:1066
+msgid "Backup file doesn't contain valid LUKS header."
msgstr "Arquivo de cópia de segurança não contém cabeçalho LUKS válido."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:300 lib/luks1/keymanage.c:555
+#: lib/luks2/luks2_json_metadata.c:1087
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Não foi possível abrir o arquivo de cópia de segurança de cabeçalho %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1093
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Não foi possível ler o arquivo de cópia de segurança de cabeçalho %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:318
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Posição de dados ou tamanho de chave divergem entre dispositivo e cópia de segurança, restauração falhou."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:326
#, c-format
msgid "Device %s %s%s"
msgstr "Dispositivo %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:327
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "não contém cabeçalho LUKS. A substituição do cabeçalho pode destruir dados naquele dispositivo."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:328
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "já contém cabeçalho LUKS. A substituição do cabeçalho vai destruir slots de chave existentes."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1129
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"AVISO: o cabeçalho do dispositivo real possui um UUID diferente da cópia de segurança!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:381
msgid "Non standard key size, manual repair required."
msgstr "Tamanho de chave fora do padrão, correção manual necessária."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:386
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Alinhamento de slots de chave fora do padrão, correção manual necessária."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:396
msgid "Repairing keyslots."
msgstr "Corrigindo slots de chave."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:415
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Slot de chave %i: posição corrigida (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:423
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Slot de chave %i: barras corrigidas (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:432
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Slot de chave %i: assinatura de partição é falsa."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:437
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Slot de chave %i: sal apagado."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:454
msgid "Writing LUKS header to disk."
msgstr "Escrevendo cabeçalho LUKS para disco."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:459
msgid "Repair failed."
msgstr "Correção falhou."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:487 lib/luks1/keymanage.c:758
#, c-format
msgid "Requested LUKS hash %s is not supported."
msgstr "Não há suporte ao hash LUKS requisitado %s."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:515 src/cryptsetup.c:960
msgid "No known problems detected for LUKS header."
msgstr "Nenhum problema conhecido foi detectado no cabeçalho LUKS."
msgid "Error during update of LUKS header on device %s."
msgstr "Erro durante atualização de cabeçalho LUKS no dispositivo %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:676
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Erro ao reler cabeçalho LUKS após atualização no dispositivo %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:752
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "A posição de dados para cabeçalho LUKS deve ser 0 ou maior do que o tamanho do cabeçalho."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:763 lib/luks1/keymanage.c:828
+#: lib/luks2/luks2_json_format.c:207 lib/luks2/luks2_json_metadata.c:909
msgid "Wrong LUKS UUID format provided."
msgstr "Formato de UUID LUKS incorreto foi fornecido."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:786
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Não foi possível criar cabeçalho LUKS: leitura de sal aleatório falhou."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:807
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Não foi possível criar cabeçalho LUKS: resumo de cabeçalho falhou (usando hash %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:851
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Slot de chave %d ativado, apagar primeiro."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:857
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "O material do slot de chave %d inclui muito poucas barras. Manipulação do cabeçalho?"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Erro de processamento de chave (usando hash %s)."
-
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1065
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Slot de chave %d é inválido, por favor selecione um slot de chave entre 0 e %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1083 lib/luks2/luks2_keyslot.c:452
#, c-format
msgid "Cannot wipe device %s."
msgstr "Não foi possível apagar o dispositivo %s."
msgstr "Arquivo de chave loop-AES incompatível detectado."
#: lib/loopaes/loopaes.c:245
-#, fuzzy
-msgid "Kernel does not support loop-AES compatible mapping."
+msgid "Kernel doesn't support loop-AES compatible mapping."
msgstr "O kernel não oferece suporte a mapeamento compatível com loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:505
#, c-format
msgid "Error reading keyfile %s."
msgstr "Erro ao ler arquivo de chave %s."
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:545
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded."
msgstr "Tamanho máximo de senha TCRYPT (%d) excedido."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:586
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Algoritmo hash PBKDF2 %s não disponível, ignorando."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:604 src/cryptsetup.c:915
msgid "Required kernel crypto interface not available."
msgstr "Interface necessário de criptografia do kernel não disponível."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:606 src/cryptsetup.c:917
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Certifique-se de que você tenha o módulo de kernel algif_skcipher carregado."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:746
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Não há suporte a ativação para o tamanho de setor %d."
-#: lib/tcrypt/tcrypt.c:759
-#, fuzzy
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
+#: lib/tcrypt/tcrypt.c:752
+msgid "Kernel doesn't support activation for this TCRYPT legacy mode."
msgstr "O kernel não oferece suporte a ativação para este modo legado TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:786
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Ativando criptografia de sistema TCRYPT para partição %s."
-#: lib/tcrypt/tcrypt.c:868
-#, fuzzy
-msgid "Kernel does not support TCRYPT compatible mapping."
+#: lib/tcrypt/tcrypt.c:864
+msgid "Kernel doesn't support TCRYPT compatible mapping."
msgstr "O kernel não oferece suporte a mapeamento compatível com TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1085
msgid "This function is not supported without TCRYPT header load."
msgstr "Não há suporte a esta função sem carga de cabeçalho TCRYPT."
-#: lib/bitlk/bitlk.c:350
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:402
-#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:419
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:502
-#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Falha ao ler requisitos LUKS2."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Não há suporte ao tamanho de setor de criptografia."
-
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "Falha ao ler requisitos LUKS2."
-
-#: lib/bitlk/bitlk.c:571
-#, fuzzy, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr "Falha ao ler requisitos LUKS2."
-
-#: lib/bitlk/bitlk.c:622
-#, fuzzy
-msgid "Unknown or unsupported encryption type."
-msgstr "Não há suporte ao tamanho de setor de criptografia."
-
-#: lib/bitlk/bitlk.c:655
-#, fuzzy, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr "Falha ao ler requisitos LUKS2."
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "Não há suporte a esta operação para o dispositivo de criptografia %s."
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
+#: lib/verity/verity.c:69 lib/verity/verity.c:175
#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-#, fuzzy
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr "A ativação de dispositivos temporários falhou."
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, fuzzy, c-format
-msgid "Verity device %s does not use on-disk header."
+msgid "Verity device %s doesn't use on-disk header."
msgstr "Dispositivo verity %s não usa cabeçalho em disco."
-#: lib/verity/verity.c:91
+#: lib/verity/verity.c:94
#, c-format
msgid "Device %s is not a valid VERITY device."
msgstr "O dispositivo %s não é um dispositivo VERITY válido."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Não há suporte ao VERITY versão %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:132
msgid "VERITY header corrupted."
msgstr "Cabeçalho VERITY corrompido."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:169
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Formato de UUID VERITY inválido fornecido no dispositivo %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:202
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Erro durante a atualização do cabeçalho verity no dispositivo %s."
-#: lib/verity/verity.c:276
-#, fuzzy
-msgid "Root hash signature verification is not supported."
-msgstr "Não há suporte ao hash requisitado %s."
-
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:266
msgid "Errors cannot be repaired with FEC device."
msgstr "Os erros não puderam ser consertados com dispositivo FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:268
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Localizados %u erros corrigíveis com dispositivo FEC."
-#: lib/verity/verity.c:333
-#, fuzzy
-msgid "Kernel does not support dm-verity mapping."
-msgstr "O kernel não oferece suporte a mapeamento dm-verity."
-
-#: lib/verity/verity.c:337
-#, fuzzy
-msgid "Kernel does not support dm-verity signature option."
+#: lib/verity/verity.c:306
+msgid "Kernel doesn't support dm-verity mapping."
msgstr "O kernel não oferece suporte a mapeamento dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:317
msgid "Verity device detected corruption after activation."
msgstr "O dispositivo verity detectou corrompimento após ativação."
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Área disponível não está zerada na posição %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:160 lib/verity/verity_hash.c:287
+#: lib/verity/verity_hash.c:300
msgid "Device offset overflow."
msgstr "Excesso na posição do dispositivo."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:200
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Verificação falhou na posição %<PRIu64>."
#: lib/verity/verity_hash.c:273
+msgid "Invalid size parameters for verity device."
+msgstr "Parâmetros de tamanho inválido para dispositivo verity."
+
+#: lib/verity/verity_hash.c:293
msgid "Hash area overflow."
msgstr "Estouro de área de hash."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:370
msgid "Verification of data area failed."
msgstr "Verificação da área de dados falhou."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:375
msgid "Verification of root hash failed."
msgstr "Verificação do hash raiz falhou."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:381
msgid "Input/output error while creating hash area."
msgstr "Erro de entrada/saída enquanto criava área de hash."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:383
msgid "Creation of hash area failed."
msgstr "Criação da área de hash falhou."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:430
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "AVISO: O kernel não pode ativar um dispositivo se o tamanho do bloco de dados exceder o tamanho da página (%u)."
-#: lib/verity/verity_fec.c:131
+#: lib/verity/verity_fec.c:132
msgid "Failed to allocate RS context."
msgstr "Falha ao alocar contexto de RS."
-#: lib/verity/verity_fec.c:149
+#: lib/verity/verity_fec.c:147
msgid "Failed to allocate buffer."
msgstr "Falha ao alocar buffer."
-#: lib/verity/verity_fec.c:159
+#: lib/verity/verity_fec.c:157
#, c-format
msgid "Failed to read RS block %<PRIu64> byte %d."
msgstr "Falha ao ler byte %2$d de bloco RS %1$<PRIu64>."
-#: lib/verity/verity_fec.c:172
+#: lib/verity/verity_fec.c:170
#, c-format
msgid "Failed to read parity for RS block %<PRIu64>."
msgstr "Falha ao ler paridade para o bloco RS %<PRIu64>."
-#: lib/verity/verity_fec.c:180
+#: lib/verity/verity_fec.c:178
#, c-format
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Falha ao corrigir paridade para o bloco %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:189
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Falha ao escrever paridade para o bloco RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:224
msgid "Block sizes must match for FEC."
msgstr "Tamanhos de bolcos devem corresponder para FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:230
msgid "Invalid number of parity bytes."
msgstr "Número inválido de paridade de bytes."
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
-msgstr ""
-
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:266
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Falha ao determinar o tamanho para dispositivo %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-#, fuzzy
-msgid "Kernel does not support dm-integrity mapping."
-msgstr "O kernel não oferece suporte a mapeamento dm-integrity."
-
-#: lib/integrity/integrity.c:278
-#, fuzzy
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
+#: lib/integrity/integrity.c:239 lib/integrity/integrity.c:304
+msgid "Kernel doesn't support dm-integrity mapping."
msgstr "O kernel não oferece suporte a mapeamento dm-integrity."
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
-#, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "Falha ao obter trava de escrita no dispositivo %s."
-
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
+#: lib/luks2/luks2_disk_metadata.c:413
+msgid "Failed to acquire write device lock."
+msgstr "Falha ao obter trava de dispositivo de escrita."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:654 lib/luks2/luks2_disk_metadata.c:675
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"O dispositivo contém assinaturas ambíguas, falha ao autorrecuperar LUKS2.\n"
"Por favor, execute \"cryptsetup repair\" para recuperação."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:99
+msgid "No space for new keyslot."
+msgstr "Sem espaço para um novo slot de chave."
+
+#: lib/luks2/luks2_json_format.c:158
msgid "Requested data offset is too small."
msgstr "A posição dos dados requisitados é muito pequena."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:195
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "AVISO: área de slot de chaves (%<PRIu64> bytes) é muito pequena, a contagem de slot de chaves LUKS2 disponível é muito limitada.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:866 lib/luks2/luks2_json_metadata.c:982
+#: lib/luks2/luks2_json_metadata.c:1055 lib/luks2/luks2_keyslot_luks2.c:105
+#: lib/luks2/luks2_keyslot_luks2.c:128
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Falha ao obter trava de leitura no dispositivo %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:878 lib/luks2/luks2_json_metadata.c:1149
+#: lib/luks2/luks2_keyslot.c:431 lib/luks2/luks2_keyslot_luks2.c:40
+#: lib/luks2/luks2_keyslot_luks2.c:69
+#, c-format
+msgid "Failed to acquire write lock on device %s."
+msgstr "Falha ao obter trava de escrita no dispositivo %s."
+
+#: lib/luks2/luks2_json_metadata.c:1072
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Requisitos LUKS2 proibidos detectados na cópia de segurança %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1113
msgid "Data offset differ on device and backup, restore failed."
msgstr "Posição de dados diverge entre dispositivo e cópia de segurança, restauração falhou."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1119
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Cabeçalho binário com áreas de slot de chave diverge entre dispositivo e cópia de segurança, restauração falhou."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1126
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Dispositivo %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1127
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "não contém cabeçalho LUKS2. A substituição do cabeçalho pode destruir dados naquele dispositivo."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1128
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "já contém cabeçalho LUKS2. A substituição do cabeçalho vai destruir slots de chave existentes."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1130
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"dispositivo real! Substituir cabeçalho com cópia de segurança pode\n"
"corromper os dados naquele dispositivo!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1132
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"AVISO: recriptografia offline não finalizada detectada no dispositivo!\n"
"Substituir cabeçalho com cópia de segurança pode corromper os dados."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1234
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Sinalizador desconhecido %s ignorado."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
-#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "Falha ao consultar o segmento dm-%s."
-
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-#, fuzzy
-msgid "Failed to set dm-linear segment."
-msgstr "Falha ao consultar o segmento dm-%s."
-
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
-#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:1869
msgid "Failed to read LUKS2 requirements."
msgstr "Falha ao ler requisitos LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:1876
msgid "Unmet LUKS2 requirements detected."
msgstr "Requisitos LUKS2 não atendidos detectados."
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "Slot de chave %i: sal apagado."
-
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, fuzzy, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr "Slot de chave LUKS2: A cifra usada para criptografia de slot de chave"
-
-#: lib/luks2/luks2_keyslot_luks2.c:480
-msgid "No space for new keyslot."
-msgstr "Sem espaço para um novo slot de chave."
+#: lib/luks2/luks2_json_metadata.c:1884
+msgid "Offline reencryption in progress. Aborting."
+msgstr "Recriptografia offline em progresso. Abortando."
-#: lib/luks2/luks2_luks1_convert.c:482
-#, fuzzy, c-format
-msgid "Cannot check status of device with uuid: %s."
+#: lib/luks2/luks2_luks1_convert.c:474
+#, c-format
+msgid "Can not check status of device with uuid: %s."
msgstr "Não foi possível verificar status do dispositivo com uuid: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:500
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Não foi possível converter cabeçalho com metadados adicionais LUKSMETA."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:537
msgid "Unable to move keyslot area. Not enough space."
msgstr "Não foi possível mover área de slot de chave. Espaço insuficiente."
-#: lib/luks2/luks2_luks1_convert.c:599
-#, fuzzy
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr "Não foi possível mover área de slot de chave. Espaço insuficiente."
-
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:577 lib/luks2/luks2_luks1_convert.c:854
msgid "Unable to move keyslot area."
msgstr "Não foi possível mover área de slot de chave."
-#: lib/luks2/luks2_luks1_convert.c:697
-#, fuzzy
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr "Não foi possível converter ao formato LUKS1 - o slot de chave %u não é compatível com LUKS1."
-
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:672
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Não foi possível converter ao formato LUKS1 - resumos de slot de chave não são compatíveis com LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:684
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Não foi possível converter para o formato LUKS1 - o dispositivo usa cifra de chave envolta %s."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:692
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Não foi possível converter para o formato LUKS1 - o cabeçalho LUKS2 contém %u token(s)."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:706
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Não foi possível converter para o formato LUKS1 - o slot de chave %u está em um estado inválido."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:711
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Não foi possível converter para o formato LUKS1 - o slot %u (acima do máximo de slots) ainda está ativo."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:716
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Não foi possível converter ao formato LUKS1 - o slot de chave %u não é compatível com LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1007
-#, fuzzy, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)."
-
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Não há suporte aos parâmetros no dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "Falha ao inicializar as sondas de assinatura de dispositivo."
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "Falha ao inicializar as sondas de assinatura de dispositivo."
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "Falha ao ler requisitos do cabeçalho de cópia de segurança."
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, fuzzy, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr "Falha ao ler paridade para o bloco RS %<PRIu64>."
-
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "Falha ao remover o token %d.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:2092
-#, fuzzy, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
-msgstr "Falha ao sondar o dispositivo %s por uma assinatura."
-
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "Falha ao determinar o tamanho para dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:2170
-#, fuzzy
-msgid "Failed to refresh reencryption devices stack."
-msgstr "Falha ao obter trava de leitura no dispositivo %s."
-
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "Falha ao trocar novo slot de chave."
-
-#: lib/luks2/luks2_reencrypt.c:2430
-#, fuzzy, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)."
-
-#: lib/luks2/luks2_reencrypt.c:2451
-#, fuzzy, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Tamanho do dispositivo %s não está alinhado com o tamanho de setor requisitado (%u bytes)."
-
-#: lib/luks2/luks2_reencrypt.c:2472
-#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, fuzzy, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr "Não foi possível usar o dispositivo %s, o qual está em uso (já mapeado ou montado)."
-
-#: lib/luks2/luks2_reencrypt.c:2647
-msgid "Device not marked for LUKS2 reencryption."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-#, fuzzy
-msgid "Failed to load LUKS2 reencryption context."
-msgstr "Falha ao alocar contexto de RS."
-
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "Falha ao obter o token %d para exportação."
-
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "O dispositivo \"%s\" não está ativado."
-
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-#, fuzzy
-msgid "Reencryption process is already running."
-msgstr "Recriptografia já está em progresso."
-
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-#, fuzzy
-msgid "Failed to acquire reencryption lock."
-msgstr "Falha ao obter trava de dispositivo de escrita."
-
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2889
-#, fuzzy
-msgid "Active device size and requested reencryption size don't match."
-msgstr "Tamanho do dispositivo não está alinhado com o tamanho de setor requisitado."
-
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2973
-#, fuzzy
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr "Recriptografia já está em progresso."
-
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3136
-#, fuzzy
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr "Falha ao inicializar os parâmetros padrão de slot de chave LUKS2."
-
-#: lib/luks2/luks2_reencrypt.c:3225
-#, fuzzy
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr "Falha ao sondar o dispositivo %s por uma assinatura."
-
-#: lib/luks2/luks2_reencrypt.c:3267
-#, fuzzy
-msgid "Failed to write reencryption resilience metadata."
-msgstr "Falha ao escrever sinalizadores de ativação para novo cabeçalho."
-
-#: lib/luks2/luks2_reencrypt.c:3274
-#, fuzzy
-msgid "Decryption failed."
-msgstr "Correção falhou."
-
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "Falha ao escrever paridade para o bloco RS %<PRIu64>."
-
-#: lib/luks2/luks2_reencrypt.c:3284
-#, fuzzy
-msgid "Failed to sync data."
-msgstr "Falha ao definir a posição de dados."
-
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "Falha ao ler requisitos LUKS2."
-
-#: lib/luks2/luks2_reencrypt.c:3382
-#, fuzzy
-msgid "Failed to wipe backup segment data."
-msgstr "Falha ao apagar assinatura do dispositivo."
-
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Falha ao remover o token %d.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "Falha ao remover o token %d.\n"
-
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "Falha ao inicializar as sondas de assinatura de dispositivo."
-
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-#, fuzzy
-msgid "Failed to update reencryption context."
-msgstr "Falha ao alocar contexto de RS."
-
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "O slot de chave %d é inválido."
-
-#: lib/luks2/luks2_token.c:263
+#: lib/luks2/luks2_token.c:262
msgid "No free token slot."
msgstr "Nenhum slot de token livre."
-#: lib/luks2/luks2_token.c:270
+#: lib/luks2/luks2_token.c:269
#, c-format
msgid "Failed to create builtin token %s."
msgstr "Falha ao criar um token incorporado %s."
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:141
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "Não é possível fazer verificação de senha em entradas diferente de tty."
-#: src/cryptsetup.c:261
+#: src/cryptsetup.c:182
msgid "Keyslot encryption parameters can be set only for LUKS2 device."
msgstr "Parâmetros de criptografia de slot de chaves só pode ser definido para dispositivo LUKS2."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:212 src/cryptsetup.c:849 src/cryptsetup.c:1088
+#: src/cryptsetup_reencrypt.c:749 src/cryptsetup_reencrypt.c:814
msgid "No known cipher specification pattern detected."
msgstr "Nenhum padrão de especificação de cifra conhecida foi detectada."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:220
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "AVISO: O parâmetro de --hash está sendo ignorado claro com o arquivo de chave especificado.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:228
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "AVISO: A opção --keyfile-size está sendo ignorada, o tamanho lido é o mesmo que o tamanho da chave de criptografia.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:268
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Detectada assinatura(s) de dispositivo em %s. Prosseguir pode danificar dados existentes."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:274 src/cryptsetup.c:969 src/cryptsetup.c:1065
+#: src/cryptsetup.c:1138 src/cryptsetup.c:1763 src/integritysetup.c:230
msgid "Operation aborted.\n"
msgstr "Operação abortada.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:342
msgid "Option --key-file is required."
msgstr "A opção --key-file é necessária."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:395
msgid "Enter VeraCrypt PIM: "
msgstr "Insira o PIM VeraCrypt: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:404
msgid "Invalid PIM value: parse error."
msgstr "Valor de PIM inválido: erro de análise."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:407
msgid "Invalid PIM value: 0."
msgstr "Valor de PIM inválido: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:410
msgid "Invalid PIM value: outside of range."
msgstr "Valor de PIM inválido: fora do intervalo."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:433
msgid "No device header detected with this passphrase."
msgstr "Nenhum cabeçalho de dispositivo detectado com esta senha."
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "O dispositivo %s não é um dispositivo LUKS válido."
-
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:495 src/cryptsetup.c:1790
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"que permite acesso a uma partição criptografada sem senha.\n"
"Este despejo deve sempre ser armazenado criptografado em um local seguro."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:574
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "O dispositivo %s ainda está ativo e agendado para a remoção atrasada.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:602
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Redimensionamento de dispositivo ativo requer chave de volume no chaveiro, mas a opção --disable-keyring está definida."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:727
msgid "Benchmark interrupted."
msgstr "Teste interrompido."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:748
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/A\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:750
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iterações por segundo para chave de %zu bits\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:764
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/D\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:766
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iterações, %5u memória, %1u threads paralelas (CPUs) para chave de %zu bits (requisitado tempo de %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:790
msgid "Result of benchmark is not reliable."
msgstr "O resultado do teste não é confiável."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:841
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Testes são aproximados usando apenas memória (sem E/S de armazenamento).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:875
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algoritmo | Chave | Criptografia | Descriptografia\n"
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "A cifra %s-%s (tamanho de chave %zd bits) não está disponível."
+#: src/cryptsetup.c:879
+#, c-format
+msgid "Cipher %s is not available."
+msgstr "A cifra %s não está disponível."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:899
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritmo | Chave | Criptografia | Descriptografia\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:908
msgid "N/A"
msgstr "N/D"
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Digite a senha para ser excluída: "
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Digite a senha para ser excluída: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "Digite uma senha para slot de chave a ser convertido: "
-
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:968
msgid "Really try to repair LUKS device header?"
msgstr "Realmente tentar corrigir o cabeçalho do dispositivo LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:984 src/integritysetup.c:144
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Apando dispositivo para inicializar a verificação de soma de integridade.\n"
"Você pode interromper isso pressionando CTRL+C (o resto dos dispositivo não apagado conterão verificação de soma inválida).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1006 src/integritysetup.c:166
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Não foi possível desativar o dispositivo temporário %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1050
msgid "Integrity option can be used only for LUKS2 format."
msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1055 src/cryptsetup.c:1115
msgid "Unsupported LUKS2 metadata size options."
msgstr "Não há suporte às opções de tamanho de metadados LUKS."
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1072
#, c-format
msgid "Cannot create header file %s."
msgstr "Não foi possível criar o arquivo de cabeçalho %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1095 src/integritysetup.c:192 src/integritysetup.c:201
+#: src/integritysetup.c:210 src/integritysetup.c:276 src/integritysetup.c:285
+#: src/integritysetup.c:295
msgid "No known integrity specification pattern detected."
msgstr "Nenhum padrão de especificação de integridade conhecida foi detectado."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1108
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Não foi possível usar %s como um cabeçalho em disco."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1132 src/integritysetup.c:224
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Isto vai sobrescrever dados em %s permanentemente."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1173 src/cryptsetup.c:1484 src/cryptsetup.c:1551
+#: src/cryptsetup.c:1646 src/cryptsetup.c:1712
msgid "Failed to set pbkdf parameters."
msgstr "Falha ao definir os parâmetros de pbkdf."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1242
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Posição de dados reduzida é permitido apenas cabeçalho LUKS desanexado."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1284
msgid "Device activated but cannot make flags persistent."
msgstr "Dispositivo ativado, mas não foi possível tornar os sinalizadores persistentes."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1365
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Slot de chave %d selecionado para exclusão."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1368 src/cryptsetup.c:1706
+#, c-format
+msgid "Keyslot %d is not active."
+msgstr "O slot de chave %d não está ativo."
+
+#: src/cryptsetup.c:1377 src/cryptsetup.c:1438
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Este é o último slot de chave. O dispositivo se tornará não usável após apagar esta chave."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1378
msgid "Enter any remaining passphrase: "
msgstr "Digite qualquer senha remanescente: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1379 src/cryptsetup.c:1440
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Operação abortada, o slot de chave NÃO foi apagado.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1417
msgid "Enter passphrase to be deleted: "
msgstr "Digite a senha para ser excluída: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1435
+#, c-format
+msgid "Key slot %d selected for deletion."
+msgstr "Slot de chave %d selecionado para exclusão."
+
+#: src/cryptsetup.c:1498 src/cryptsetup.c:1565 src/cryptsetup.c:1599
msgid "Enter new passphrase for key slot: "
msgstr "Digite uma senha para o slot de chave: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1582 src/cryptsetup_reencrypt.c:1352
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Digite qualquer senha existente: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1650
msgid "Enter passphrase to be changed: "
msgstr "Digite a senha para ser alterada: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1666 src/cryptsetup_reencrypt.c:1338
msgid "Enter new passphrase: "
msgstr "Digite uma nova senha: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1716
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Digite uma senha para slot de chave a ser convertido: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1740
msgid "Only one device argument for isLuks operation is supported."
msgstr "Há suporte apenas a um argumento de dispositivo para a operação isLuks."
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"O despejo de cabeçalho com chave de volume é uma informação sensível\n"
-"que permite acesso a uma partição criptografada sem senha.\n"
-"Este despejo deve sempre ser armazenado criptografado em um local seguro."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "O slot de chave %d não está ativo."
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"O despejo de cabeçalho com chave de volume é uma informação sensível\n"
-"que permite acesso a uma partição criptografada sem senha.\n"
-"Este despejo deve sempre ser armazenado criptografado em um local seguro."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "%s não é um dispositivo cryptsetup gerenciado."
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:1924 src/cryptsetup.c:1945
msgid "Option --header-backup-file is required."
msgstr "A opção --header-backup-file é necessária."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:1975
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s não é um dispositivo cryptsetup gerenciado."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:1986
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "A renovação não oferece suporte a este tipo de dispositivo %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2024
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Tipo de dispositivo de metadados %s não reconhecido."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2027
msgid "Command requires device and mapped name as arguments."
msgstr "O comando requer um dispositivo e nome mapeado como argumentos."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2049
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Esta operação vai apagar todos os slots de chave no dispositivo %s.\n"
"O dispositivo se tornará não usável após esta operação."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2056
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Operação abortada, os slots de chave NÃO foram apagados.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2093
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Tipo de LUKS inválido, há suporte apenas a luks1 e luks2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2111
#, c-format
msgid "Device is already %s type."
msgstr "O dispositivo já é do tipo %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2116
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Essa operação vai converter %s para o formato %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2122
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Operação abortada, o dispositivo NÃO foi convertido.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2162
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Está faltando a opção --priority, --label ou --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2196 src/cryptsetup.c:2229 src/cryptsetup.c:2252
#, c-format
msgid "Token %d is invalid."
msgstr "O token %d é inválido."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2199 src/cryptsetup.c:2255
#, c-format
msgid "Token %d in use."
msgstr "O token %d em uso."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2206
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Falha ao adicionar o token de chaveiro luks2 %d."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2215 src/cryptsetup.c:2277
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Falha ao atribuir o token %d ao slot de chave %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2232
#, c-format
msgid "Token %d is not in use."
msgstr "O token %d não está em uso."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2267
msgid "Failed to import token from file."
msgstr "Falha ao abrir arquivo de chave."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2292
#, c-format
msgid "Failed to get token %d for export."
msgstr "Falha ao obter o token %d para exportação."
-#: src/cryptsetup.c:2724
+#: src/cryptsetup.c:2307
msgid "--key-description parameter is mandatory for token add action."
msgstr "O parâmetro --key-description é obrigatório para ação de adicionar token."
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
+#: src/cryptsetup.c:2313 src/cryptsetup.c:2321
msgid "Action requires specific token. Use --token-id parameter."
msgstr "A ação requer um token específico. Use o parâmetro --token-id."
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2326
#, c-format
msgid "Invalid token operation %s."
msgstr "Operação de token inválida %s."
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "O dispositivo %s não é um dispositivo LUKS válido."
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Falha ao obter estado do dispositivo %s."
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "Dispositivo inválido %s."
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2."
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "O arquivo de cópia de segurança de cabeçalho requisitado %s já existe."
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Não foi possível criar o arquivo de cabeçalho %s."
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-#, fuzzy
-msgid "Not enough free keyslots for reencryption."
-msgstr "Não altera chave, nenhuma área de dados de recriptografia"
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "O arquivo de chave pode ser usado apenas com --key-slot ou com exatamente um slot de chave ativado."
-
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Digite uma senha para o slot de chave %u: "
-
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Digite uma senha para o slot de chave %u: "
-
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "O comando requer um dispositivo e nome mapeado como argumentos."
-
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
-
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
-
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Não há suporte a recriptografia de dispositivo com perfil de integridade."
-
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
-
-#: src/cryptsetup.c:3475
-#, fuzzy
-msgid "LUKS2 device is not in reencryption."
-msgstr "Arquivo log %s existe, resumindo recriptografia.\n"
-
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:2366
msgid "<device> [--type <type>] [<name>]"
msgstr "<dispositivo> [--type <tipo>] [<nome>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "abre dispositivo como <nome>"
+#: src/cryptsetup.c:2366
+msgid "open device as mapping <name>"
+msgstr "abre dispositivo como mapeamento <nome>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:2367 src/cryptsetup.c:2368 src/cryptsetup.c:2369
+#: src/veritysetup.c:363 src/veritysetup.c:364 src/integritysetup.c:464
+#: src/integritysetup.c:465
msgid "<name>"
msgstr "<nome>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:2367
msgid "close device (remove mapping)"
msgstr "fecha dispositivo (remove mapeamento)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:2368
msgid "resize active device"
msgstr "redimensiona dispositivo ativado"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:2369
msgid "show device status"
msgstr "mostra o estado do dispositivo"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2370
msgid "[--cipher <cipher>]"
msgstr "[--cipher <cifra>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2370
msgid "benchmark cipher"
msgstr "testa a cifra"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:2371 src/cryptsetup.c:2372 src/cryptsetup.c:2373
+#: src/cryptsetup.c:2374 src/cryptsetup.c:2381 src/cryptsetup.c:2382
+#: src/cryptsetup.c:2383 src/cryptsetup.c:2384 src/cryptsetup.c:2385
+#: src/cryptsetup.c:2386 src/cryptsetup.c:2387 src/cryptsetup.c:2388
msgid "<device>"
msgstr "<dispositivo>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:2371
msgid "try to repair on-disk metadata"
msgstr "tente corrigir os metadados em disco"
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "adiciona uma chave ao dispositivo LUKS"
-
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:2372
msgid "erase all keyslots (remove encryption key)"
msgstr "apaga todos os slots de chave (remove a chave de criptografia)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:2373
msgid "convert LUKS from/to LUKS2 format"
msgstr "converte formato LUKS de/para LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:2374
msgid "set permanent configuration options for LUKS2"
msgstr "define opções de configuração permanentes para LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:2375 src/cryptsetup.c:2376
msgid "<device> [<new key file>]"
msgstr "<dispositivo> [<novo arquivo de chave>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:2375
msgid "formats a LUKS device"
msgstr "formata um dispositivo LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:2376
msgid "add key to LUKS device"
msgstr "adiciona uma chave ao dispositivo LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:2377 src/cryptsetup.c:2378 src/cryptsetup.c:2379
msgid "<device> [<key file>]"
msgstr "<dispositivo> [<arquivo de chave >]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:2377
msgid "removes supplied key or key file from LUKS device"
msgstr "remove a chave ou arquivo chave fornecidos do dispositivo LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:2378
msgid "changes supplied key or key file of LUKS device"
msgstr "altera a chave ou arquivo chave fornecidos do dispositivo LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:2379
msgid "converts a key to new pbkdf parameters"
msgstr "converte uma chave aos novos parâmetros de pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2380
msgid "<device> <key slot>"
msgstr "<dispositivo> <slot de chave>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2380
msgid "wipes key with number <key slot> from LUKS device"
msgstr "apaga chave com número <slot de chave> do dispositivo LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:2381
msgid "print UUID of LUKS device"
msgstr "emite UUID do dispositivo LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:2382
msgid "tests <device> for LUKS partition header"
msgstr "testa <dispositivo> por cabeçalho de partição LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:2383
msgid "dump LUKS partition information"
msgstr "despeja informação da partição LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:2384
msgid "dump TCRYPT device information"
msgstr "despeja informação do dispositivo TCRYPT"
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "despeja informação do dispositivo TCRYPT"
-
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:2385
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Suspende dispositivo LUKS e apaga chave (todas E/S ficam congeladas)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:2386
msgid "Resume suspended LUKS device"
msgstr "Resume dispositivo LUKS suspenso"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:2387
msgid "Backup LUKS device header and keyslots"
msgstr "Faz uma cópia de segurança de slots de chave e cabeçalho de dispositivo LUKS"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:2388
msgid "Restore LUKS device header and keyslots"
msgstr "Restaura slots de chave e cabeçalho de dispositivo LUKS"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2389
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <dispositivo>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2389
msgid "Manipulate LUKS2 tokens"
msgstr "Manipula tokens LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:2407 src/veritysetup.c:380 src/integritysetup.c:481
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<ação> é um entre:\n"
-#: src/cryptsetup.c:3551
-#, fuzzy
+#: src/cryptsetup.c:2413
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
msgstr ""
"\n"
"Você também pode usar apelidos de sintaxe <ação> antigos:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:2417
#, c-format
msgid ""
"\n"
"<slot de chave> é o número do slot de chave LUKS a ser modificado\n"
"<arquivo de chave> arquivo de chave opcional para a nova chave para a ação luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:2424
#, c-format
msgid ""
"\n"
"\n"
"O formato padrão de metadados compilados é %s (para a ação luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:2429
#, c-format
msgid ""
"\n"
"PBKDF padrão para LUKS2: %s\n"
"\tTempo de iteração: %d: memória exigida: %dkB, Threads paralelas: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:2440
#, c-format
msgid ""
"\n"
"\tplain: %s, Chave: %d bits, Hash de senha: %s\n"
"\tLUKS: %s, Chave: %d bits, Hash de cabeçalho LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:2449
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: keysize padrão com modo XTS (duas chaves internas) será duplicado.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:2460 src/veritysetup.c:537 src/integritysetup.c:621
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: necessita %s como argumentos"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:2498 src/veritysetup.c:420 src/integritysetup.c:515
+#: src/cryptsetup_reencrypt.c:1611
msgid "Show this help message"
msgstr "Mostra essa mensagem de ajuda"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:2499 src/veritysetup.c:421 src/integritysetup.c:516
+#: src/cryptsetup_reencrypt.c:1612
msgid "Display brief usage"
msgstr "Exibe instrução de uso"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Emite a versão do pacote"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:2503 src/veritysetup.c:425 src/integritysetup.c:520
+#: src/cryptsetup_reencrypt.c:1616
msgid "Help options:"
msgstr "Opções de ajuda:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
+#: src/cryptsetup.c:2504 src/veritysetup.c:426 src/integritysetup.c:521
+#: src/cryptsetup_reencrypt.c:1617
+msgid "Print package version"
+msgstr "Emite a versão do pacote"
+
+#: src/cryptsetup.c:2505 src/veritysetup.c:427 src/integritysetup.c:522
+#: src/cryptsetup_reencrypt.c:1618
msgid "Shows more detailed error messages"
msgstr "Mostra mensagens de erro mais detalhadas"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup.c:2506 src/veritysetup.c:428 src/integritysetup.c:523
+#: src/cryptsetup_reencrypt.c:1619
msgid "Show debug messages"
msgstr "Mostra mensagens de depuração"
-#: src/cryptsetup.c:3646
+#: src/cryptsetup.c:2507
msgid "Show debug messages including JSON metadata"
msgstr "Mostra mensagens de depuração incluindo metadados JSON"
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
+#: src/cryptsetup.c:2508 src/cryptsetup_reencrypt.c:1621
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "A cifra usada para criptografar o disco (veja /proc/crypto)"
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
+#: src/cryptsetup.c:2509 src/cryptsetup_reencrypt.c:1623
msgid "The hash used to create the encryption key from the passphrase"
msgstr "A hash usada para criar a chave de criptografia a partir da senha"
-#: src/cryptsetup.c:3649
+#: src/cryptsetup.c:2510
msgid "Verifies the passphrase by asking for it twice"
msgstr "Verifica a senha perguntando-a duas vezes"
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
+#: src/cryptsetup.c:2511 src/cryptsetup_reencrypt.c:1625
msgid "Read the key from a file"
msgstr "Lê a chave de um arquivo"
-#: src/cryptsetup.c:3651
+#: src/cryptsetup.c:2512
msgid "Read the volume (master) key from file."
msgstr "Lê a chave do volume (mestre) a partir do arquivo."
-#: src/cryptsetup.c:3652
+#: src/cryptsetup.c:2513
msgid "Dump volume (master) key instead of keyslots info"
msgstr "Despeja a chave de volume (mestre) ao invés da informação de slots de chave"
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2514 src/cryptsetup_reencrypt.c:1622
msgid "The size of the encryption key"
msgstr "O tamanho da chave de criptografia"
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2514 src/cryptsetup.c:2571 src/integritysetup.c:539
+#: src/integritysetup.c:543 src/integritysetup.c:547
+#: src/cryptsetup_reencrypt.c:1622
msgid "BITS"
msgstr "BITS"
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
+#: src/cryptsetup.c:2515 src/cryptsetup_reencrypt.c:1638
msgid "Limits the read from keyfile"
msgstr "Limita a leitura do arquivo de chave"
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:2515 src/cryptsetup.c:2516 src/cryptsetup.c:2517
+#: src/cryptsetup.c:2518 src/cryptsetup.c:2568 src/cryptsetup.c:2569
+#: src/veritysetup.c:431 src/veritysetup.c:432 src/veritysetup.c:433
+#: src/veritysetup.c:436 src/veritysetup.c:437 src/integritysetup.c:530
+#: src/integritysetup.c:534 src/integritysetup.c:535
+#: src/cryptsetup_reencrypt.c:1637 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup_reencrypt.c:1639 src/cryptsetup_reencrypt.c:1640
msgid "bytes"
msgstr "bytes"
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
+#: src/cryptsetup.c:2516 src/cryptsetup_reencrypt.c:1637
msgid "Number of bytes to skip in keyfile"
msgstr "Número de bytes a ignorar no arquivo de chave"
-#: src/cryptsetup.c:3656
+#: src/cryptsetup.c:2517
msgid "Limits the read from newly added keyfile"
msgstr "Limita a leitura do arquivo de chave recém-adicionado"
-#: src/cryptsetup.c:3657
+#: src/cryptsetup.c:2518
msgid "Number of bytes to skip in newly added keyfile"
msgstr "Número de bytes a ignorar em arquivo de chave recém-adicionado"
-#: src/cryptsetup.c:3658
+#: src/cryptsetup.c:2519
msgid "Slot number for new key (default is first free)"
msgstr "Número de slot para a nova chave (padrão é a primeira livre)"
-#: src/cryptsetup.c:3659
+#: src/cryptsetup.c:2520
msgid "The size of the device"
msgstr "O tamanho do dispositivo"
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
+#: src/cryptsetup.c:2520 src/cryptsetup.c:2521 src/cryptsetup.c:2522
+#: src/cryptsetup.c:2528 src/integritysetup.c:531 src/integritysetup.c:536
msgid "SECTORS"
msgstr "SETORES"
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Usa apenas o tamanho de dispositivo especificado (ignora o resto do dispositivo). PERIGOSO!"
-
-#: src/cryptsetup.c:3661
+#: src/cryptsetup.c:2521
msgid "The start offset in the backend device"
msgstr "A posição inicial do dispositivo de backend"
-#: src/cryptsetup.c:3662
+#: src/cryptsetup.c:2522
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "Quantos setores dos dados criptografados ignorar no começo"
-#: src/cryptsetup.c:3663
+#: src/cryptsetup.c:2523
msgid "Create a readonly mapping"
msgstr "Cria um mapeamento somente leitura"
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
+#: src/cryptsetup.c:2524 src/integritysetup.c:524
+#: src/cryptsetup_reencrypt.c:1628
msgid "Do not ask for confirmation"
msgstr "Não solicitar confirmação"
-#: src/cryptsetup.c:3665
+#: src/cryptsetup.c:2525
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "Tempo limite para a solicitação interativa de senha (em segundos)"
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2525 src/cryptsetup.c:2526 src/integritysetup.c:525
+#: src/cryptsetup_reencrypt.c:1629
msgid "secs"
msgstr "s"
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2526 src/integritysetup.c:525
+#: src/cryptsetup_reencrypt.c:1629
msgid "Progress line update (in seconds)"
msgstr "Atualização de linha de progresso (em segundos)"
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
+#: src/cryptsetup.c:2527 src/cryptsetup_reencrypt.c:1630
msgid "How often the input of the passphrase can be retried"
msgstr "Com qual frequência a entrada da senha pode ser tentada novamente"
-#: src/cryptsetup.c:3668
+#: src/cryptsetup.c:2528
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "Alinha a carga em <n> limites de setores - para luksFormat"
-#: src/cryptsetup.c:3669
+#: src/cryptsetup.c:2529
msgid "File with LUKS header and keyslots backup"
msgstr "Arquivo cópia de segurança de slots de chave e cabeçalho LUKS"
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
+#: src/cryptsetup.c:2530 src/cryptsetup_reencrypt.c:1631
msgid "Use /dev/random for generating volume key"
msgstr "Usa /dev/random para gerar chave de volume"
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
+#: src/cryptsetup.c:2531 src/cryptsetup_reencrypt.c:1632
msgid "Use /dev/urandom for generating volume key"
msgstr "Usa /dev/urandom para gerar chave de volume"
-#: src/cryptsetup.c:3672
+#: src/cryptsetup.c:2532
msgid "Share device with another non-overlapping crypt segment"
msgstr "Compartilha o dispositivo com um outro segmento de criptografia sem sobreposição"
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
+#: src/cryptsetup.c:2533 src/veritysetup.c:440
msgid "UUID for device to use"
msgstr "UUID para dispositivo a ser usado"
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
+#: src/cryptsetup.c:2534
msgid "Allow discards (aka TRIM) requests for device"
msgstr "Permite requisições de descartes (i.e. TRIM) para dispositivo"
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
+#: src/cryptsetup.c:2535 src/cryptsetup_reencrypt.c:1649
msgid "Device or file with separated LUKS header"
msgstr "Dispositivo ou arquivo com cabeçalho LUKS separado"
-#: src/cryptsetup.c:3676
+#: src/cryptsetup.c:2536
msgid "Do not activate device, just check passphrase"
msgstr "Não ativa o dispositivo, apenas verifica a senha"
-#: src/cryptsetup.c:3677
+#: src/cryptsetup.c:2537
msgid "Use hidden header (hidden TCRYPT device)"
msgstr "Usa cabeçalho oculto (dispositivo TCRYPT oculto)"
-#: src/cryptsetup.c:3678
+#: src/cryptsetup.c:2538
msgid "Device is system TCRYPT drive (with bootloader)"
msgstr "O dispositivo é uma unidade TCRYPT de sistema (com carregador de inicialização)"
-#: src/cryptsetup.c:3679
+#: src/cryptsetup.c:2539
msgid "Use backup (secondary) TCRYPT header"
msgstr "Usa o cabeçalho TRCYPT secundário (cópia de segurança)"
-#: src/cryptsetup.c:3680
+#: src/cryptsetup.c:2540
msgid "Scan also for VeraCrypt compatible device"
msgstr "Verifica também por dispositivo compatível com VeraCrypt"
-#: src/cryptsetup.c:3681
+#: src/cryptsetup.c:2541
msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Multiplicador de Iteração Pessoal (PIM) por dispositivo compatível com VeraCrypt"
-#: src/cryptsetup.c:3682
+#: src/cryptsetup.c:2542
msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "Consulta Multiplicador de Iteração Pessoal (PIM) por dispositivo compatível com VeraCrypt"
-#: src/cryptsetup.c:3683
-#, fuzzy
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#: src/cryptsetup.c:2543
+msgid "Type of device metadata: luks, plain, loopaes, tcrypt"
msgstr "Tipo de metadados de dispositivo: luks, plain, loopaes, tcrypt"
-#: src/cryptsetup.c:3684
+#: src/cryptsetup.c:2544
msgid "Disable password quality check (if enabled)"
msgstr "Desabilita a verificação de qualidade da senha (se habilitada)"
-#: src/cryptsetup.c:3685
+#: src/cryptsetup.c:2545
msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
msgstr "Usa a opção de compatibilidade de desempenho same_cpu_crypt do dm-crypt"
-#: src/cryptsetup.c:3686
+#: src/cryptsetup.c:2546
msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
msgstr "Usa a opção de compatibilidade de desempenho submit_from_crypt_cpus do dm-crypt"
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
+#: src/cryptsetup.c:2547
msgid "Device removal is deferred until the last user closes it"
msgstr "A remoção de dispositivo está adiada até o último usuário fechá-lo"
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
+#: src/cryptsetup.c:2548
msgid "PBKDF iteration time for LUKS (in ms)"
msgstr "Tempo de iteração PBKDF para LUKS (em ms)"
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup.c:2548 src/cryptsetup_reencrypt.c:1627
msgid "msecs"
msgstr "ms"
# argon2i, argon2id, pbkdf2 são opções, não traduzir.
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
+#: src/cryptsetup.c:2549 src/cryptsetup_reencrypt.c:1645
msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
msgstr "Algoritmo PBKDF (para LUKS2): argon2i, argon2id, pbkdf2"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2550 src/cryptsetup_reencrypt.c:1646
msgid "PBKDF memory cost limit"
msgstr "limite de custo de memória de PBKDF"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2550 src/cryptsetup_reencrypt.c:1646
msgid "kilobytes"
msgstr "kilobytes"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2551 src/cryptsetup_reencrypt.c:1647
msgid "PBKDF parallel cost"
msgstr "Custo paralelo de PBKDF"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2551 src/cryptsetup_reencrypt.c:1647
msgid "threads"
msgstr "threads"
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
+#: src/cryptsetup.c:2552 src/cryptsetup_reencrypt.c:1648
msgid "PBKDF iterations cost (forced, disables benchmark)"
msgstr "Custo de iterações de PBKDF (forçado, desabilita teste)"
# ignore, normal e prefer são opções, não traduzir.
-#: src/cryptsetup.c:3696
+#: src/cryptsetup.c:2553
msgid "Keyslot priority: ignore, normal, prefer"
msgstr "Prioridade de slot de chave: ignore, normal, prefer"
-#: src/cryptsetup.c:3697
+#: src/cryptsetup.c:2554
msgid "Disable locking of on-disk metadata"
msgstr "Desabilita travamento de metadados em disco"
-#: src/cryptsetup.c:3698
+#: src/cryptsetup.c:2555
msgid "Disable loading volume keys via kernel keyring"
msgstr "Desabilita carregamento de chaves de volume via chaveiro do kernel"
-#: src/cryptsetup.c:3699
+#: src/cryptsetup.c:2556
msgid "Data integrity algorithm (LUKS2 only)"
msgstr "Algoritmo de integridade de dados (LUKS2 apenas)"
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
+#: src/cryptsetup.c:2557 src/integritysetup.c:550
msgid "Disable journal for integrity device"
msgstr "Desabilita jornal para dispositivo de integridade"
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
+#: src/cryptsetup.c:2558 src/integritysetup.c:526
msgid "Do not wipe device after format"
msgstr "Não apaga o dispositivo após formatar"
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
+#: src/cryptsetup.c:2559
msgid "Do not ask for passphrase if activation by token fails"
msgstr "Não pede por senha se ativação por token falhar"
-#: src/cryptsetup.c:3704
+#: src/cryptsetup.c:2560
msgid "Token number (default: any)"
msgstr "Número de token (padrão: qualquer)"
-#: src/cryptsetup.c:3705
+#: src/cryptsetup.c:2561
msgid "Key description"
msgstr "Descrição da chave"
-#: src/cryptsetup.c:3706
+#: src/cryptsetup.c:2562
msgid "Encryption sector size (default: 512 bytes)"
msgstr "Tamanho do setor de criptografia (padrão: 512 bytes)"
-#: src/cryptsetup.c:3707
-#, fuzzy
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Tamanho do setor de criptografia (padrão: 512 bytes)"
-
-#: src/cryptsetup.c:3708
+#: src/cryptsetup.c:2563
msgid "Set activation flags persistent for device"
msgstr "Define sinalizadores de ativação persistentes para o dispositivo"
-#: src/cryptsetup.c:3709
+#: src/cryptsetup.c:2564
msgid "Set label for the LUKS2 device"
msgstr "Define o rótulo para o dispositivo LUKS2"
-#: src/cryptsetup.c:3710
+#: src/cryptsetup.c:2565
msgid "Set subsystem label for the LUKS2 device"
msgstr "Define o rótulo de subsistema para o dispositivo LUKS2"
-#: src/cryptsetup.c:3711
-#, fuzzy
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#: src/cryptsetup.c:2566
+msgid "Create unbound (no assigned data segment) LUKS2 keyslot"
msgstr "Cria slot de chave LUKS2 não associado (nenhum segmento de dados atribuído)"
-#: src/cryptsetup.c:3712
+#: src/cryptsetup.c:2567
msgid "Read or write the json from or to a file"
msgstr "Lê ou escreve o json de ou para um arquivo"
-#: src/cryptsetup.c:3713
+#: src/cryptsetup.c:2568
msgid "LUKS2 header metadata area size"
msgstr "Tamanho de área de metadados de cabeçalho LUKS2"
-#: src/cryptsetup.c:3714
+#: src/cryptsetup.c:2569
msgid "LUKS2 header keyslots area size"
msgstr "Tamanho de área de slots de chave de cabeçalho LUKS2"
-#: src/cryptsetup.c:3715
+#: src/cryptsetup.c:2570
msgid "Refresh (reactivate) device with new parameters"
msgstr "Renova (reativa) dispositivo com novos parâmetros"
-#: src/cryptsetup.c:3716
+#: src/cryptsetup.c:2571
msgid "LUKS2 keyslot: The size of the encryption key"
msgstr "Slot de chave LUKS2: O tamanho da chave de criptografia"
-#: src/cryptsetup.c:3717
+#: src/cryptsetup.c:2572
msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
msgstr "Slot de chave LUKS2: A cifra usada para criptografia de slot de chave"
-#: src/cryptsetup.c:3718
-#, fuzzy
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)"
-
-#: src/cryptsetup.c:3719
-#, fuzzy
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Reduz tamanho do dispositivo de dados (move opção dos dados). PERIGOSO!"
-
-#: src/cryptsetup.c:3723
-#, fuzzy
-msgid "Maximal reencryption hotzone size."
-msgstr "Tamanho do bloco de recriptografia"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-#, fuzzy
-msgid "Reencryption hotzone checksums hash"
-msgstr "Tamanho do bloco de recriptografia"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr ""
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:2588 src/veritysetup.c:461 src/integritysetup.c:568
msgid "[OPTION...] <action> <action-specific>"
msgstr "[OPÇÃO...] <ação> <ação-específica>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:2645 src/veritysetup.c:501 src/integritysetup.c:585
msgid "Argument <action> missing."
msgstr "Faltando o argumento de <ação>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:2708 src/veritysetup.c:532 src/integritysetup.c:616
msgid "Unknown action."
msgstr "Ação desconhecida."
-#: src/cryptsetup.c:3877
-#, fuzzy
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
+#: src/cryptsetup.c:2718
+msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
+msgstr "O parâmetro --refresh é apenas permitida com comandos de abrir ou renovar.\n"
+
+#: src/cryptsetup.c:2723
+msgid "Options --refresh and --test-passphrase are mutually exclusive.\n"
msgstr "As opções --refresh e --test-passphrase são mutuamente exclusivas.\n"
-#: src/cryptsetup.c:3882
-#, fuzzy
-msgid "Option --deferred is allowed only for close command."
+#: src/cryptsetup.c:2728
+msgid "Option --deferred is allowed only for close command.\n"
msgstr "A opção --deferred é apenas permitida para o comando de fechamento.\n"
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
+#: src/cryptsetup.c:2733
+msgid "Option --shared is allowed only for open of plain device.\n"
msgstr "A opção --shared é permitida apenas para abertura de dispositivo claro.\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
+#: src/cryptsetup.c:2738
+msgid "Option --allow-discards is allowed only for open operation.\n"
msgstr "A opção --allow-discards é permitida apenas para a operação de abertura.\n"
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
+#: src/cryptsetup.c:2743
+msgid "Option --persistent is allowed only for open operation.\n"
msgstr "A opção --persistent é permitida apenas para a operação de abertura.\n"
-#: src/cryptsetup.c:3902
-#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "A opção --allow-discards é permitida apenas para a operação de abertura.\n"
-
-#: src/cryptsetup.c:3907
-#, fuzzy
-msgid "Option --persistent is not allowed with --test-passphrase."
+#: src/cryptsetup.c:2748
+msgid "Option --persistent is not allowed with --test-passphrase.\n"
msgstr "A opção --persistent não é permitida com --test-passphrase.\n"
-#: src/cryptsetup.c:3917
-#, fuzzy
+#: src/cryptsetup.c:2757
msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+"Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n"
"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
msgstr ""
"A opção --key-size só é permitida para luksFormat, luksAddKey (com --unbound),\n"
"ações de abertura e teste. Para limitar a leitura do arquivo de chave,\n"
"use --keyfile-size=(bytes)."
-#: src/cryptsetup.c:3923
-#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#: src/cryptsetup.c:2763
+msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n"
msgstr "A opção --integrity é permitida apenas para luksFormat (LUKS2).\n"
-#: src/cryptsetup.c:3928
-#, fuzzy
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+#: src/cryptsetup.c:2768
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n"
msgstr "A opção --integrity-no-wipe só pode ser usada para ação de formato com extensão de integridade.\n"
-#: src/cryptsetup.c:3934
-#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#: src/cryptsetup.c:2774
+msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"
msgstr "As opções --label e --subsystem são permitidas apenas para luksFormat e operações de configuração de LUKS2.\n"
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+#: src/cryptsetup.c:2780
+msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
msgstr "A opção --test-passphrase é permitida apenas para abertura de dispositivos LUKS e TCRYPT.\n"
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:2785 src/cryptsetup_reencrypt.c:1718
msgid "Key size must be a multiple of 8 bits"
msgstr "Tamanho de chave deve ser um múltiplo de 8 bits"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:2791 src/cryptsetup_reencrypt.c:1403
+#: src/cryptsetup_reencrypt.c:1723
msgid "Key slot is invalid."
msgstr "O slot de chave é inválido."
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:2798
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "A opção --key-file tem precedência sobre um argumento de arquivo de chave especificado."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:2805 src/veritysetup.c:544 src/integritysetup.c:640
+#: src/cryptsetup_reencrypt.c:1697
msgid "Negative number for option not permitted."
msgstr "Número negativo para opção não permitido."
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:2809
msgid "Only one --key-file argument is allowed."
msgstr "Apenas um argumento de --key-file é permitido."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:2813 src/cryptsetup_reencrypt.c:1689
+#: src/cryptsetup_reencrypt.c:1727
msgid "Only one of --use-[u]random options is allowed."
msgstr "Apenas uma das opções --use-[u]random são permitidas."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:2817
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "A opção --use-[u]random é permitida apenas para luksFormat."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:2821
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "A opção --uuid é permitida apenas para luksFormat e luksUUID."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:2825
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "A opção --align-payload é permitida apenas para luksFormat."
-#: src/cryptsetup.c:3989
+#: src/cryptsetup.c:2829
msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
msgstr "As opçãos --luks2-metadata-size e --opt-luks2-keyslots-size são permitidas apenas para luksFormat com LUKS2."
-#: src/cryptsetup.c:3994
+#: src/cryptsetup.c:2834
msgid "Invalid LUKS2 metadata size specification."
msgstr "Especificação inválida de tamanho de metadados LUKS2."
-#: src/cryptsetup.c:3998
+#: src/cryptsetup.c:2838
msgid "Invalid LUKS2 keyslots size specification."
msgstr "Especificação inválida de tamanho de slots de chave LUKS2."
-#: src/cryptsetup.c:4002
-#, fuzzy
-msgid "Options --align-payload and --offset cannot be combined."
+#: src/cryptsetup.c:2842
+msgid "Option --align-payload and --offset cannot be combined."
msgstr "As opções --align-payload e --offset não podem ser combinadas."
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:2848
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "Há suporte a --skip apenas para abertura de dispositivos claro e loopaes.\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:2855
+msgid "Option --offset is supported only for open of plain and loopaes devices and for luksFormat.\n"
msgstr "Há suporte a --offset apenas para abertura de dispositivos claro e loopaes. e para luksFormat.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:2861
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "Há suporte à opção --tcrypt-hidden, --tcrypt-system ou --tcrypt-backup apenas para dispositivo TCRYPT.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:2866
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "A opção --tcrypt-hidden não pode ser combinada com --allow-discards.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
+#: src/cryptsetup.c:2871
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "Há suporte à opção --veracrypt apenas para o tipo de dispositivo TCRYPT.\n"
-#: src/cryptsetup.c:4037
-#, fuzzy
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#: src/cryptsetup.c:2877
+msgid "Invalid argument for parameter --veracrypt-pim supplied.\n"
msgstr "Argumento inválido para o parâmetro --veracrypt-pim fornecido.\n"
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:2881
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Há suporte à opção --veracrypt-pim apenas para dispositivos compatíveis com VeraCrypt.\n"
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:2889
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"
msgstr "Há suporte à opção --veracrypt-query-pim apenas para dispositivos compatíveis com VeraCrypt.\n"
-#: src/cryptsetup.c:4053
-#, fuzzy
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+#: src/cryptsetup.c:2893
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"
msgstr "As opções --veracrypt-pim e --veracrypt-query-pim são mutuamente exclusivas.\n"
# ignore, normal, prefer são opções, não traduzir.
-#: src/cryptsetup.c:4060
-#, fuzzy
-msgid "Option --priority can be only ignore/normal/prefer."
+#: src/cryptsetup.c:2900
+msgid "Option --priority can be only ignore/normal/prefer.\n"
msgstr "A opção --priority só pode ser ignore/normal/prefer.\n"
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-#, fuzzy
-msgid "Keyslot specification is required."
+#: src/cryptsetup.c:2905
+msgid "Keyslot specification is required.\n"
msgstr "A especificação de slot de chave é exigido.\n"
# argon2i, argon2id, pbkdf2 são opções, não traduzir.
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-#, fuzzy
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+#: src/cryptsetup.c:2910 src/cryptsetup_reencrypt.c:1703
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"
msgstr "A função de derivação de chave baseada em senha (PBKDF) só pode ser pbkdf2 ou argon2i/argon2id.\n"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-#, fuzzy
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
+#: src/cryptsetup.c:2915 src/cryptsetup_reencrypt.c:1708
+msgid "PBKDF forced iterations cannot be combined with iteration time option.\n"
msgstr "Iterações forçadas de PBKDF não podem ser compiladas com opção de tempo de iteração.\n"
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
+#: src/cryptsetup.c:2921
+msgid "Sector size option is not supported for this command.\n"
msgstr "Não há suporte a opção de tamanho de setor para este comando.\n"
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:2927
+msgid "Unsupported encryption sector size.\n"
+msgstr "Não há suporte ao tamanho de setor de criptografia.\n"
-#: src/cryptsetup.c:4098
-#, fuzzy
-msgid "Key size is required with --unbound option."
+#: src/cryptsetup.c:2932
+msgid "Key size is required with --unbound option.\n"
msgstr "Tamanho de chave é necessário com a opção --unbound.\n"
-#: src/cryptsetup.c:4108
-#, fuzzy
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#: src/cryptsetup.c:2937
+msgid "Option --unbound may be used only with luksAddKey action.\n"
msgstr "A opção --unbound só pode ser usada com a ação luksAddKey.\n"
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
+#: src/cryptsetup.c:2942
+msgid "Option --refresh may be used only with open action.\n"
msgstr "A opção --refresh só pode ser usada com a ação de abrir.\n"
-#: src/cryptsetup.c:4124
-#, fuzzy
-msgid "Cannot disable metadata locking."
+#: src/cryptsetup.c:2953
+msgid "Cannot disable metadata locking.\n"
msgstr "Não foi possível desabilitar trava de metadados.\n"
-#: src/cryptsetup.c:4135
-#, fuzzy
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Especificação inválida de tamanho de dispositivo."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Especificação inválida de tamanho de dispositivo."
-
-#: src/cryptsetup.c:4146
-#, fuzzy
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Tamanho máximo de redução do dispositivo é 64 MB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Tamanho da redução deve ser múltiplo de 512 bytes (setores)."
-
-#: src/cryptsetup.c:4154
-#, fuzzy
-msgid "Invalid data size specification."
-msgstr "Especificação inválida de tamanho de dispositivo."
-
-#: src/cryptsetup.c:4159
-#, fuzzy
-msgid "Reduce size overflow."
-msgstr "Excesso na posição do dispositivo."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Tamanho da redução deve ser múltiplo de 512 bytes (setores)."
-
-#: src/cryptsetup.c:4171
-#, fuzzy
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "As opções --align-payload e --offset não podem ser combinadas."
-
-#: src/cryptsetup.c:4175
-#, fuzzy
-msgid "Options --device-size and --size cannot be combined."
-msgstr "As opções --align-payload e --offset não podem ser combinadas."
-
-#: src/cryptsetup.c:4179
-#, fuzzy
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "As opções --ignore-corruption e --restart-on-corruption não podem ser usadas em conjunto.\n"
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:67
msgid "Invalid salt string specified."
msgstr "Uma string salgada inválida foi especificada."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:98
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Não foi possível criar imagem hash %s para escrita."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:108
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Não foi possível criar imagem FEC %s para escrita."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:178
msgid "Invalid root hash string specified."
msgstr "Uma string hash raiz inválida foi especificada."
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "Dispositivo inválido %s."
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr "Não foi possível ler o arquivo de chave %s."
-
-#: src/veritysetup.c:406
+#: src/veritysetup.c:360
msgid "<data_device> <hash_device>"
msgstr "<dispositivo-dados> <dispositivo-hash>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:360 src/integritysetup.c:462
msgid "format device"
msgstr "formata o dispositivo"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:361
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<dispositivo-dados> <dispositivo-hash> <hash-raiz>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:361
msgid "verify device"
msgstr "verifica o dispositivo"
-#: src/veritysetup.c:408
+#: src/veritysetup.c:362
msgid "<data_device> <name> <hash_device> <root_hash>"
msgstr "<dispositivo-dados> <nome> <dispositivo-hash> <hash-raiz>"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:362 src/integritysetup.c:463
+msgid "open device as <name>"
+msgstr "abre dispositivo como <nome>"
+
+#: src/veritysetup.c:363 src/integritysetup.c:464
+msgid "close device (deactivate and remove mapping)"
+msgstr "fecha dispositivo (desativa e remove mapeamento)"
+
+#: src/veritysetup.c:364 src/integritysetup.c:465
msgid "show active device status"
msgstr "mostra o estado do dispositivo ativado"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:365
msgid "<hash_device>"
msgstr "<dispositivo-hash>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:365 src/integritysetup.c:466
msgid "show on-disk information"
msgstr "mostra informação em disco"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:384
#, c-format
msgid ""
"\n"
"<dispositivo-hash> é o dispositivo contendo dados de verificação\n"
"<hash-raiz> hash do nó raiz no <dispositivo-hash>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:391
#, c-format
msgid ""
"\n"
"Parâmetros dm-verity pré-compilados por padrão:\n"
"\tHash: %s, Bloco de dados (bytes): %u, Bloco de hash (bytes): %u, Tamanho salgado: %u, Formato hash: %u\n"
-#: src/veritysetup.c:481
+#: src/veritysetup.c:429
msgid "Do not use verity superblock"
msgstr "Não usa superbloco verity"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:430
msgid "Format type (1 - normal, 0 - original Chrome OS)"
msgstr "Tipo de formato (1 - normal, 0 - Chrome OS original)"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:430
msgid "number"
msgstr "número"
-#: src/veritysetup.c:483
+#: src/veritysetup.c:431
msgid "Block size on the data device"
msgstr "Tamanho de bloco no dispositivo de dados"
-#: src/veritysetup.c:484
+#: src/veritysetup.c:432
msgid "Block size on the hash device"
msgstr "Tamanho de bloco no dispositivo de hash"
-#: src/veritysetup.c:485
+#: src/veritysetup.c:433
msgid "FEC parity bytes"
msgstr "Bytes de paridade FEC"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:434
msgid "The number of blocks in the data file"
msgstr "O número de blocos no arquivo de dados"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:434
msgid "blocks"
msgstr "blocos"
-#: src/veritysetup.c:487
+#: src/veritysetup.c:435
msgid "Path to device with error correction data"
msgstr "Caminho para dispositivo com dados de correção de erro"
-#: src/veritysetup.c:487 src/integritysetup.c:566
+#: src/veritysetup.c:435 src/integritysetup.c:528
msgid "path"
msgstr "caminho"
-#: src/veritysetup.c:488
+#: src/veritysetup.c:436
msgid "Starting offset on the hash device"
msgstr "Posição inicial no dispositivo de hash"
-#: src/veritysetup.c:489
+#: src/veritysetup.c:437
msgid "Starting offset on the FEC device"
msgstr "Posição inicial no dispositivo FEC"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:438
msgid "Hash algorithm"
msgstr "Algoritmo hash"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:438
msgid "string"
msgstr "string"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:439
msgid "Salt"
msgstr "Sal"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:439
msgid "hex string"
msgstr "string hexa"
-#: src/veritysetup.c:493
-#, fuzzy
-msgid "Path to root hash signature file"
-msgstr "Criação da área de hash falhou."
-
-#: src/veritysetup.c:494
+#: src/veritysetup.c:441
msgid "Restart kernel if corruption is detected"
msgstr "Reinicia o kernel, se um corrompimento for detectado"
-#: src/veritysetup.c:495
-#, fuzzy
-msgid "Panic kernel if corruption is detected"
-msgstr "Reinicia o kernel, se um corrompimento for detectado"
-
-#: src/veritysetup.c:496
+#: src/veritysetup.c:442
msgid "Ignore corruption, log it only"
msgstr "Ignora corrompimento, apenas registra no log"
-#: src/veritysetup.c:497
+#: src/veritysetup.c:443
msgid "Do not verify zeroed blocks"
msgstr "Não verifica por blocos zerados"
-#: src/veritysetup.c:498
+#: src/veritysetup.c:444
msgid "Verify data block only the first time it is read"
msgstr "Verifica bloco de dados apenas na primeira vez que é lido"
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#: src/veritysetup.c:550
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"
msgstr "O uso da opção --ignore-corruption, --restart-on-corruption ou --ignore-zero-blocks é permitido apenas para operação de abertura.\n"
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "A opção --integrity-recalculate só pode ser usada para ação de abrir."
-
-#: src/veritysetup.c:610
-#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "As opções --ignore-corruption e --restart-on-corruption não podem ser usadas em conjunto.\n"
-
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+#: src/veritysetup.c:555
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
msgstr "As opções --ignore-corruption e --restart-on-corruption não podem ser usadas em conjunto.\n"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Tamanho de chave inválida."
-
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:82 src/utils_password.c:298
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Não foi possível ler o arquivo de chave %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/integritysetup.c:86 src/utils_password.c:302
#, c-format
msgid "Cannot read %d bytes from keyfile %s."
msgstr "Não foi possível ler %d bytes do arquivo de chave %s."
-#: src/integritysetup.c:266
+#: src/integritysetup.c:248
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr "Formatado com tamanho de tag %u, integridade interna %s.\n"
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:462 src/integritysetup.c:466
msgid "<integrity_device>"
msgstr "<dispositivo_integridade>"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:463
msgid "<integrity_device> <name>"
msgstr "<dispositivo_integridade> <nome>"
-#: src/integritysetup.c:515
+#: src/integritysetup.c:485
#, c-format
msgid ""
"\n"
"<nome> é o dispositivo a ser criado sob %s\n"
"<dispositivo_integridade> é o dispositivo com dados com tags de integridade\n"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
+#: src/integritysetup.c:490
+#, c-format
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
+"\tTag size: %u bytes, Checksum algorithm: %s\n"
msgstr ""
"\n"
"Parâmetros dm-integrity compilados por padrão:\n"
"\tTamanho Tag: %u bytes, Algoritmo de soma de verificação: %s\n"
-#: src/integritysetup.c:566
+#: src/integritysetup.c:528
msgid "Path to data device (if separated)"
msgstr "Caminho para dispositivo de dados (se separado)"
-#: src/integritysetup.c:568
+#: src/integritysetup.c:530
msgid "Journal size"
msgstr "Tamanho do journal"
-#: src/integritysetup.c:569
+#: src/integritysetup.c:531
msgid "Interleave sectors"
msgstr "Intercalar setores"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:532
msgid "Journal watermark"
msgstr "Marca d'água do jornal"
-#: src/integritysetup.c:570
+#: src/integritysetup.c:532
msgid "percent"
msgstr "porcentagem"
-#: src/integritysetup.c:571
+#: src/integritysetup.c:533
msgid "Journal commit time"
msgstr "Tempo de commit do journal"
-#: src/integritysetup.c:571 src/integritysetup.c:573
+#: src/integritysetup.c:533
msgid "ms"
msgstr "ms"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
+#: src/integritysetup.c:534
msgid "Tag size (per-sector)"
msgstr "Tamanho de tag (por setor)"
-#: src/integritysetup.c:575
+#: src/integritysetup.c:535
msgid "Sector size"
msgstr "Tamanho do setor"
-#: src/integritysetup.c:576
+#: src/integritysetup.c:536
msgid "Buffers size"
msgstr "Tamanho de buffers"
-#: src/integritysetup.c:578
+#: src/integritysetup.c:538
msgid "Data integrity algorithm"
msgstr "Algoritmo de integridade de dados"
-#: src/integritysetup.c:579
+#: src/integritysetup.c:539
msgid "The size of the data integrity key"
msgstr "O tamanho da chave de integridade de dados"
-#: src/integritysetup.c:580
+#: src/integritysetup.c:540
msgid "Read the integrity key from a file"
msgstr "Lê a chave de integridade de um arquivo"
-#: src/integritysetup.c:582
+#: src/integritysetup.c:542
msgid "Journal integrity algorithm"
msgstr "Algoritmo de integridade de journal"
-#: src/integritysetup.c:583
+#: src/integritysetup.c:543
msgid "The size of the journal integrity key"
msgstr "O tamanho da chave de integridade de journal"
-#: src/integritysetup.c:584
+#: src/integritysetup.c:544
msgid "Read the journal integrity key from a file"
msgstr "Lê a chave de integridade de journal de um arquivo"
-#: src/integritysetup.c:586
+#: src/integritysetup.c:546
msgid "Journal encryption algorithm"
msgstr "Algoritmo de criptografia de journal"
-#: src/integritysetup.c:587
+#: src/integritysetup.c:547
msgid "The size of the journal encryption key"
msgstr "O tamanho da chave de criptografia de journal"
-#: src/integritysetup.c:588
+#: src/integritysetup.c:548
msgid "Read the journal encryption key from a file"
msgstr "Lê a chave de criptografia de journal de um arquivo"
-#: src/integritysetup.c:591
+#: src/integritysetup.c:551
msgid "Recovery mode (no journal, no tag checking)"
msgstr "Modo de recuperação (sem journal, sem verificação de tag)"
-#: src/integritysetup.c:592
-#, fuzzy
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Desabilita jornal para dispositivo de integridade"
-
-#: src/integritysetup.c:593
+#: src/integritysetup.c:552
msgid "Recalculate initial tags automatically."
msgstr "Recalcula tags iniciais automaticamente."
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
+#: src/integritysetup.c:631
msgid "Option --integrity-recalculate can be used only for open action."
msgstr "A opção --integrity-recalculate só pode ser usada para ação de abrir."
-#: src/integritysetup.c:692
-#, fuzzy
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#: src/integritysetup.c:646
+msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n"
msgstr "As opções --journal-size, --interleave-sectors, --sector-size, --tag-size e --no-wipe só podem ser usadas para ação de formatação.\n"
-#: src/integritysetup.c:698
+#: src/integritysetup.c:652
msgid "Invalid journal size specification."
msgstr "Especificação inválida de tamanho de journal."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:657
msgid "Both key file and key size options must be specified."
msgstr "As opções de arquivo de chave e tamanho de chave devem ser especificadas."
-#: src/integritysetup.c:708
+#: src/integritysetup.c:660
+msgid "Integrity algorithm must be specified if integrity key is used."
+msgstr "Um algoritmo de integridade deve ser especificado se uma chave de integridade é usada."
+
+#: src/integritysetup.c:665
msgid "Both journal integrity key file and key size options must be specified."
msgstr "As opções de arquivo de chave de integridade de journal e tamanho de chave devem ser especificadas."
-#: src/integritysetup.c:711
+#: src/integritysetup.c:668
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "Um algoritmo de integridade de journal deve ser especificado se uma chave de integridade de journal é usada."
-#: src/integritysetup.c:716
+#: src/integritysetup.c:673
msgid "Both journal encryption key file and key size options must be specified."
msgstr "As opções de arquivo de chave de criptografia de journal e tamanho de chave devem ser especificadas."
-#: src/integritysetup.c:719
+#: src/integritysetup.c:676
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "Um algoritmo de criptografia de journal deve ser especificado se uma chave de criptografia de journal é usada."
-#: src/integritysetup.c:723
-#, fuzzy
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "As opções --refresh e --test-passphrase são mutuamente exclusivas.\n"
-
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
-
-#: src/integritysetup.c:731
-#, fuzzy
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "A opção de integridade pode ser usada apenas para o formato LUKS2."
-
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:175
msgid "Reencryption already in-progress."
msgstr "Recriptografia já está em progresso."
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:181
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Não há suporte a recriptografia de dispositivo com perfil de integridade."
+
+#: src/cryptsetup_reencrypt.c:204
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "Não foi possível abrir exclusivamente %s, dispositivo em uso."
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:1148
msgid "Allocation of aligned memory failed."
msgstr "A alocação de memória alinhada falhou."
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:225
#, c-format
msgid "Cannot read device %s."
msgstr "Não foi possível ler o dispositivo %s."
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:236
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "Marcando o dispositivo LUKS1 %s como não usável."
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:240
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr "Definindo o sinalizador de recriptografia offline do LUKS2 no dispositivo %s."
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:257
#, c-format
msgid "Cannot write device %s."
msgstr "Não foi possível escrever o dispositivo %s."
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:345
msgid "Cannot write reencryption log file."
msgstr "Não foi possível escrever o arquivo log de recriptografia."
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:401
msgid "Cannot read reencryption log file."
msgstr "Não foi possível abrir o arquivo log de recriptografia."
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:439
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Arquivo log %s existe, resumindo recriptografia.\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:488
msgid "Activating temporary device using old LUKS header."
msgstr "Ativando dispositivo temporário usando antigo cabeçalho LUKS."
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:498
msgid "Activating temporary device using new LUKS header."
msgstr "Ativando dispositivo temporário usando novo cabeçalho LUKS."
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:508
msgid "Activation of temporary devices failed."
msgstr "A ativação de dispositivos temporários falhou."
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Falha ao definir a posição de dados."
+#: src/cryptsetup_reencrypt.c:586
+msgid "Failed to set PBKDF parameters."
+msgstr "Falha ao definir os parâmetros de sessão PBKDF."
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
+#: src/cryptsetup_reencrypt.c:592
+msgid "Failed to set data offset."
msgstr "Falha ao definir a posição de dados."
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:600
#, c-format
msgid "New LUKS header for device %s created."
msgstr "Novo cabeçalho LUKS para dispositivo %s criado."
# "cryptsetup-reencrypt" é o nome do programa, não traduzir.
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:660
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr "Essa versão de cryptsetup-reencrypt não sabe lidar com o novo tipo de token interno %s."
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:682
msgid "Failed to read activation flags from backup header."
msgstr "Falha ao ler sinalizadores de ativação do cabeçalho de cópia de segurança."
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:686
msgid "Failed to write activation flags to new header."
msgstr "Falha ao escrever sinalizadores de ativação para novo cabeçalho."
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:690 src/cryptsetup_reencrypt.c:694
msgid "Failed to read requirements from backup header."
msgstr "Falha ao ler requisitos do cabeçalho de cópia de segurança."
-#: src/cryptsetup_reencrypt.c:723
+#: src/cryptsetup_reencrypt.c:731
#, c-format
msgid "%s header backup of device %s created."
msgstr "Cópia de segurança de cabeçalho %s para dispositivo %s criado."
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:789
msgid "Creation of LUKS backup headers failed."
msgstr "A criação de cópia de segurança de cabeçalhos LUKS falhou."
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:918
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "Não foi possível restaurar o cabeçalho %s no dispositivo %s."
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:920
#, c-format
msgid "%s header on device %s restored."
msgstr "Cabeçalho %s no dispositivo %s restaurado."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:958 src/cryptsetup_reencrypt.c:1038
+msgid "Cannot seek to device offset."
+msgstr "Não foi possível ir à posição do dispositivo."
+
+#: src/cryptsetup_reencrypt.c:1081
+msgid "Cannot seek to device offset.\n"
+msgstr "Não foi possível ir à posição do dispositivo.\n"
+
+#: src/cryptsetup_reencrypt.c:1120 src/cryptsetup_reencrypt.c:1126
msgid "Cannot open temporary LUKS device."
msgstr "Não foi possível abrir o dispositivo LUKS temporário."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1131 src/cryptsetup_reencrypt.c:1136
msgid "Cannot get device size."
msgstr "Não foi possível obter o tamanho do dispositivo."
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1173
+msgid "Interrupted by a signal."
+msgstr "Interrompido por um sinal."
+
+#: src/cryptsetup_reencrypt.c:1175
msgid "IO error during reencryption."
msgstr "Erro de E/S durante a recriptografia."
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1206
msgid "Provided UUID is invalid."
msgstr "O UUID fornecido é inválido."
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1309
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "O arquivo de chave pode ser usado apenas com --key-slot ou com exatamente um slot de chave ativado."
+
+#: src/cryptsetup_reencrypt.c:1350 src/cryptsetup_reencrypt.c:1361
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Digite uma senha para o slot de chave %u: "
+
+#: src/cryptsetup_reencrypt.c:1432
msgid "Cannot open reencryption log file."
msgstr "Não foi possível abrir o arquivo log de recriptografia."
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1438
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "Nenhuma descriptografia em progresso, UUID fornecido pode ser usado apenas para resumir um processo de descriptografia suspendido."
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1513
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr "Alterados os parâmetros de pbkdf no slot de chave %i."
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1620
msgid "Reencryption block size"
msgstr "Tamanho do bloco de recriptografia"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1620
msgid "MiB"
msgstr "MB"
-#: src/cryptsetup_reencrypt.c:1640
+#: src/cryptsetup_reencrypt.c:1624
msgid "Do not change key, no data area reencryption"
msgstr "Não altera chave, nenhuma área de dados de recriptografia"
-#: src/cryptsetup_reencrypt.c:1642
+#: src/cryptsetup_reencrypt.c:1626
msgid "Read new volume (master) key from file"
msgstr "Lê nova chave do volume (mestre) a partir do arquivo"
-#: src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup_reencrypt.c:1627
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "Tempo de iteração PBKDF2 para LUKS (em ms)"
-#: src/cryptsetup_reencrypt.c:1649
+#: src/cryptsetup_reencrypt.c:1633
msgid "Use direct-io when accessing devices"
msgstr "Usa direct-io ao acessar dispositivos"
-#: src/cryptsetup_reencrypt.c:1650
+#: src/cryptsetup_reencrypt.c:1634
msgid "Use fsync after each block"
msgstr "Usa fsync após cada bloco"
-#: src/cryptsetup_reencrypt.c:1651
+#: src/cryptsetup_reencrypt.c:1635
msgid "Update log file after every block"
msgstr "Atualiza o arquivo log após todo bloco"
-#: src/cryptsetup_reencrypt.c:1652
+#: src/cryptsetup_reencrypt.c:1636
msgid "Use only this slot (others will be disabled)"
msgstr "Usa apenas este slot (outros serão desabilitados)"
-#: src/cryptsetup_reencrypt.c:1657
+#: src/cryptsetup_reencrypt.c:1639
+msgid "Reduce data device size (move data offset). DANGEROUS!"
+msgstr "Reduz tamanho do dispositivo de dados (move opção dos dados). PERIGOSO!"
+
+#: src/cryptsetup_reencrypt.c:1640
+msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+msgstr "Usa apenas o tamanho de dispositivo especificado (ignora o resto do dispositivo). PERIGOSO!"
+
+#: src/cryptsetup_reencrypt.c:1641
msgid "Create new header on not encrypted device"
msgstr "Cria um novo cabeçalho em dispositivo não criptografado"
-#: src/cryptsetup_reencrypt.c:1658
+#: src/cryptsetup_reencrypt.c:1642
msgid "Permanently decrypt device (remove encryption)"
msgstr "Descriptografa permanentemente o dispositivo (remove criptografia)"
-#: src/cryptsetup_reencrypt.c:1659
+#: src/cryptsetup_reencrypt.c:1643
msgid "The UUID used to resume decryption"
msgstr "A UUID usada para resumir a descriptografia"
-#: src/cryptsetup_reencrypt.c:1660
+#: src/cryptsetup_reencrypt.c:1644
msgid "Type of LUKS metadata: luks1, luks2"
msgstr "Tipo de metadados LUKS: luks1, luks2"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1663
msgid "[OPTION...] <device>"
msgstr "[OPÇÃO...] <dispositivo>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1677
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "Recriptografia vai alterar: %s%s%s%s%s%s."
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1678
msgid "volume key"
msgstr "chave de volume"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1680
msgid "set hash to "
msgstr "definir hash para "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1681
msgid ", set cipher to "
msgstr ", definir cifra para "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1685
msgid "Argument required."
msgstr "Argumento necessário."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1713
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Apenas valores entre 1 MB e 64 MB são permitidos para tamanho de bloco de recriptografia."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1732 src/cryptsetup_reencrypt.c:1737
+msgid "Invalid device size specification."
+msgstr "Especificação inválida de tamanho de dispositivo."
+
+#: src/cryptsetup_reencrypt.c:1740
msgid "Maximum device reduce size is 64 MiB."
msgstr "Tamanho máximo de redução do dispositivo é 64 MB."
-#: src/cryptsetup_reencrypt.c:1757
+#: src/cryptsetup_reencrypt.c:1743
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Tamanho da redução deve ser múltiplo de 512 bytes (setores)."
+
+#: src/cryptsetup_reencrypt.c:1747
msgid "Option --new must be used together with --reduce-device-size or --header."
msgstr "A opção --new deve ser usada junto de --reduce-device-size ou --header."
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1751
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "A opção --keep-key pode ser usada apenas com --hash, --iter-time ou --pbkdf-force-iterations."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1755
msgid "Option --new cannot be used together with --decrypt."
msgstr "A opção --new não pode ser usada junto de --decrypt."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1759
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "A opção --decrypt é incompatível com os parâmetros especificados."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1763
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "A opção --uuid é permitida apenas junto de --decrypt."
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1767
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr "Tipo de luks inválido. Use um desses: \"luks\", \"luks1\" ou \"luks2\"."
-#: src/utils_tools.c:151
+#: src/utils_tools.c:150
msgid "Error reading response from terminal."
msgstr "Erro ao ler resposta do terminal."
-#: src/utils_tools.c:186
+#: src/utils_tools.c:175
msgid "Command successful.\n"
msgstr "Comando executado com sucesso.\n"
-#: src/utils_tools.c:194
+#: src/utils_tools.c:183
msgid "wrong or missing parameters"
msgstr "parâmetros errados ou faltando"
-#: src/utils_tools.c:196
+#: src/utils_tools.c:185
msgid "no permission or bad passphrase"
msgstr "sem permissão ou senha incorreta"
-#: src/utils_tools.c:198
+#: src/utils_tools.c:187
msgid "out of memory"
msgstr "memória insuficiente"
-#: src/utils_tools.c:200
+#: src/utils_tools.c:189
msgid "wrong device or file specified"
msgstr "dispositivo ou arquivo errado especificado"
-#: src/utils_tools.c:202
+#: src/utils_tools.c:191
msgid "device already exists or device is busy"
msgstr "o dispositivo já existe ou está ocupado"
-#: src/utils_tools.c:204
+#: src/utils_tools.c:193
msgid "unknown error"
msgstr "erro desconhecido"
-#: src/utils_tools.c:206
+#: src/utils_tools.c:195
#, c-format
msgid "Command failed with code %i (%s).\n"
msgstr "O comando falhou com código %i (%s).\n"
-#: src/utils_tools.c:284
+#: src/utils_tools.c:272
#, c-format
msgid "Key slot %i created."
msgstr "Slot de chave %i criado."
-#: src/utils_tools.c:286
+#: src/utils_tools.c:274
#, c-format
msgid "Key slot %i unlocked."
msgstr "Slot de chave %i desbloqueado."
-#: src/utils_tools.c:288
+#: src/utils_tools.c:276
#, c-format
msgid "Key slot %i removed."
msgstr "Slot de chave %i removido."
-#: src/utils_tools.c:297
+#: src/utils_tools.c:285
#, c-format
msgid "Token %i created."
msgstr "Token %i criado."
-#: src/utils_tools.c:299
+#: src/utils_tools.c:287
#, c-format
msgid "Token %i removed."
msgstr "Token %i removido."
-#: src/utils_tools.c:465
-#, fuzzy
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Escrita interrompida."
-
-#: src/utils_tools.c:476
+#: src/utils_tools.c:453
#, c-format
msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
msgstr "AVISO: O dispositivo %s já contém uma assinatura de partição \"%s\".\n"
-#: src/utils_tools.c:484
+#: src/utils_tools.c:461
#, c-format
msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
msgstr "AVISO: O dispositivo %s já contém uma assinatura de superbloco \"%s\".\n"
-#: src/utils_tools.c:505 src/utils_tools.c:569
+#: src/utils_tools.c:482 src/utils_tools.c:546
msgid "Failed to initialize device signature probes."
msgstr "Falha ao inicializar as sondas de assinatura de dispositivo."
-#: src/utils_tools.c:549
+#: src/utils_tools.c:526
#, c-format
msgid "Failed to stat device %s."
msgstr "Falha ao obter estado do dispositivo %s."
-#: src/utils_tools.c:562
+#: src/utils_tools.c:539
#, c-format
msgid "Device %s is in use. Can not proceed with format operation."
msgstr "O dispositivo %s está em uso. Não é possível proceder com a operação de formatação."
-#: src/utils_tools.c:564
+#: src/utils_tools.c:541
#, c-format
msgid "Failed to open file %s in read/write mode."
msgstr "Falha ao abrir o arquivo %s no modo leitura/escrita."
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
+#: src/utils_tools.c:561
msgid "Failed to wipe device signature."
msgstr "Falha ao apagar assinatura do dispositivo."
-#: src/utils_tools.c:591
+#: src/utils_tools.c:568
#, c-format
msgid "Failed to probe device %s for a signature."
msgstr "Falha ao sondar o dispositivo %s por uma assinatura."
-#: src/utils_tools.c:622
-#, fuzzy
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Leitura interrompida."
-
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:43 src/utils_password.c:75
#, c-format
msgid "Cannot check password quality: %s"
msgstr "Não foi possível verificar qualidade da senha: %s"
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Verificação de qualidade da senha falhou: Senha incorreta (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:193 src/utils_password.c:208
msgid "Error reading passphrase from terminal."
msgstr "Erro ao ler senha do terminal."
-#: src/utils_password.c:240
+#: src/utils_password.c:206
msgid "Verify passphrase: "
msgstr "Verificar senha: "
-#: src/utils_password.c:247
+#: src/utils_password.c:213
msgid "Passphrases do not match."
msgstr "As senhas não conferem."
-#: src/utils_password.c:284
+#: src/utils_password.c:250
msgid "Cannot use offset with terminal input."
msgstr "Não foi possível usar posição com a entrada do terminal."
-#: src/utils_password.c:287
+#: src/utils_password.c:253
#, c-format
msgid "Enter passphrase: "
msgstr "Digite a senha: "
-#: src/utils_password.c:290
+#: src/utils_password.c:255
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Digite a senha para %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:285
msgid "No key available with this passphrase."
msgstr "Nenhuma chave disponível com esta senha."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
-
-#: src/utils_password.c:365
+#: src/utils_password.c:320
#, c-format
msgid "Cannot open keyfile %s for write."
msgstr "Não foi possível abrir o arquivo de chave %s para escrita."
-#: src/utils_password.c:372
+#: src/utils_password.c:327
#, c-format
msgid "Cannot write to keyfile %s."
msgstr "Não foi possível escrever no arquivo de chave %s."
msgid "Failed to write JSON file."
msgstr "Falha ao escrever arquivo JSON."
-#~ msgid "Requested dmcrypt performance options are not supported."
-#~ msgstr "Não há suporte às opções de desempenho de dmcrypt requisitadas."
-
-#, c-format
-#~ msgid "Cannot format device %s which is still in use."
-#~ msgstr "Não foi possível formatar o dispositivo %s, o qual ainda está em uso."
-
-#, c-format
-#~ msgid "Key slot %d is not used."
-#~ msgstr "O slot de chave %d não está sendo usado."
-
-#~ msgid "Function not available in FIPS mode."
-#~ msgstr "Função não disponível no modo FIPS."
-
-#, c-format
-#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
-#~ msgstr "AVISO: Diretório de trava %s/%s está faltando!\n"
-
-#~ msgid "Invalid size parameters for verity device."
-#~ msgstr "Parâmetros de tamanho inválido para dispositivo verity."
-
-#, c-format
-#~ msgid "Cipher %s is not available."
-#~ msgstr "A cifra %s não está disponível."
-
-#, c-format
-#~ msgid "Key slot %d selected for deletion."
-#~ msgstr "Slot de chave %d selecionado para exclusão."
-
-#~ msgid "open device as mapping <name>"
-#~ msgstr "abre dispositivo como mapeamento <nome>"
-
-#~ msgid "Parameter --refresh is only allowed with open or refresh commands.\n"
-#~ msgstr "O parâmetro --refresh é apenas permitida com comandos de abrir ou renovar.\n"
-
-#~ msgid "Unsupported encryption sector size.\n"
-#~ msgstr "Não há suporte ao tamanho de setor de criptografia.\n"
-
-#~ msgid "close device (deactivate and remove mapping)"
-#~ msgstr "fecha dispositivo (desativa e remove mapeamento)"
-
-#~ msgid "Integrity algorithm must be specified if integrity key is used."
-#~ msgstr "Um algoritmo de integridade deve ser especificado se uma chave de integridade é usada."
-
-#~ msgid "Failed to set PBKDF parameters."
-#~ msgstr "Falha ao definir os parâmetros de sessão PBKDF."
-
-#~ msgid "Cannot seek to device offset.\n"
-#~ msgstr "Não foi possível ir à posição do dispositivo.\n"
-
-#~ msgid "Interrupted by a signal."
-#~ msgstr "Interrompido por um sinal."
-
#~ msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)"
#~ msgstr "Dispositivo %s é muito pequeno. (LUKS2 precisa de pelo menos %<PRIu64> bytes.)"
#~ msgid "Missing --token option specifying token for removal."
#~ msgstr "Faltando a opção --token especificando token para remoção.\n"
+#, fuzzy
+#~| msgid "Failed to remove token %d.\n"
+#~ msgid "Failed to remove token %d."
+#~ msgstr "Falha ao remover o token %d.\n"
+
#~ msgid "Add or remove keyring token"
#~ msgstr "Adiciona ou remove o token de chaveiro"
+++ /dev/null
-s/"\([^"]*\)"/“\1”/g
-s/`\([^`']*\)'/‘\1’/g
-s/ '\([^`']*\)' / ‘\1’ /g
-s/ '\([^`']*\)'$/ ‘\1’/g
-s/^'\([^`']*\)' /‘\1’ /g
-s/“”/""/g
+++ /dev/null
-# Sed script that remove the POT-Creation-Date line in the header entry
-# from a POT file.
-#
-# The distinction between the first and the following occurrences of the
-# pattern is achieved by looking at the hold space.
-/^"POT-Creation-Date: .*"$/{
-x
-# Test if the hold space is empty.
-s/P/P/
-ta
-# Yes it was empty. First occurrence. Remove the line.
-g
-d
-bb
-:a
-# The hold space was nonempty. Following occurrences. Do nothing.
-x
-:b
-}
--- /dev/null
+# Mesajele în limba română pentru pachetul cryptsetup.
+# Copyright © 2023 Free Software Foundation, Inc.
+# This file is put in the public domain.
+# This file is distributed under the same license as the cryptsetup package.
+#
+# Remus-Gabriel Chelu <remusgabriel.chelu@disroot.org>, 2023.
+#
+# Cronologia traducerii fișierului „cryptsetup”:
+# Traducerea inițială, făcută de R-GC, pentru versiunea cryptsetup 2.6.0-rc1.
+# Actualizare a traducerii pentru versiunea 2.6.1-rc0, făcută de R-GC, ian-2023.
+# Actualizare a traducerii pentru versiunea Y, făcută de X, Y(luna-anul).
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 10:02+0100\n"
+"Last-Translator: Remus-Gabriel Chelu <remusgabriel.chelu@disroot.org>\n"
+"Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
+"Language: ro\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : (n==0 || ((n%100) > 0 && (n%100) < 20)) ? 1 : 2);\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
+"X-Generator: Poedit 3.2.2\n"
+
+#: lib/libdevmapper.c:419
+msgid "Cannot initialize device-mapper, running as non-root user."
+msgstr "Nu se poate inițializa device-mapper, rulând ca utilizator non-root."
+
+#: lib/libdevmapper.c:422
+msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
+msgstr "Nu se poate inițializa device-mapper. Este încărcat modulul nucleului, «dm_mod»?"
+
+#: lib/libdevmapper.c:1102
+msgid "Requested deferred flag is not supported."
+msgstr "Fanionul de întârziere solicitat nu este acceptat."
+
+#: lib/libdevmapper.c:1171
+#, c-format
+msgid "DM-UUID for device %s was truncated."
+msgstr "DM-UUID pentru dispozitivul %s a fost trunchiat."
+
+#: lib/libdevmapper.c:1501
+msgid "Unknown dm target type."
+msgstr "Tip de țintă dm necunoscut."
+
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
+msgid "Requested dm-crypt performance options are not supported."
+msgstr "Opțiunile de performanță dm-crypt solicitate nu sunt acceptate."
+
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
+msgid "Requested dm-verity data corruption handling options are not supported."
+msgstr "Opțiunile de gestionare a corupției datelor dm-verity solicitate nu sunt acceptate."
+
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Opțiunea de tasklets dm-verity solicitată nu este acceptată."
+
+#: lib/libdevmapper.c:1653
+msgid "Requested dm-verity FEC options are not supported."
+msgstr "Opțiunile FEC dm-verity solicitate nu sunt acceptate."
+
+#: lib/libdevmapper.c:1659
+msgid "Requested data integrity options are not supported."
+msgstr "Opțiunile de integritate a datelor solicitate nu sunt acceptate."
+
+#: lib/libdevmapper.c:1663
+msgid "Requested sector_size option is not supported."
+msgstr "Opțiunea sector_size solicitată nu este acceptată."
+
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
+msgid "Requested automatic recalculation of integrity tags is not supported."
+msgstr "Recalcularea automată a etichetelor de integritate solicitată nu este acceptată."
+
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
+msgid "Discard/TRIM is not supported."
+msgstr "Înlăturarea/Decuparea(TRIM) nu este acceptată."
+
+#: lib/libdevmapper.c:1688
+msgid "Requested dm-integrity bitmap mode is not supported."
+msgstr "Modul de hartă de biți dm-integrity solicitat nu este acceptat."
+
+#: lib/libdevmapper.c:2724
+#, c-format
+msgid "Failed to query dm-%s segment."
+msgstr "Nu s-a putut interoga segmentul dm-%s."
+
+#: lib/random.c:73
+msgid ""
+"System is out of entropy while generating volume key.\n"
+"Please move mouse or type some text in another window to gather some random events.\n"
+msgstr ""
+"Sistemul este în afara entropiei în timp ce generează cheia de volum.\n"
+"Mișcați mouse-ul sau tastați ceva text într-o altă fereastră pentru a genera și colecta câteva evenimente aleatorii.\n"
+
+#: lib/random.c:77
+#, c-format
+msgid "Generating key (%d%% done).\n"
+msgstr "Se generează cheia (%d%% finalizată).\n"
+
+#: lib/random.c:163
+msgid "Running in FIPS mode."
+msgstr "Rulează în modul FIPS."
+
+#: lib/random.c:169
+msgid "Fatal error during RNG initialisation."
+msgstr "Eroare fatală în timpul inițializării generatorului de numere aleatorii(RNG)."
+
+#: lib/random.c:207
+msgid "Unknown RNG quality requested."
+msgstr "Calitatea solicitată pentru generatorul de numere aleatoare(RNG) este necunoscută."
+
+#: lib/random.c:212
+msgid "Error reading from RNG."
+msgstr "Eroare la citirea din generatorul de numere aleatorii(RNG)."
+
+#: lib/setup.c:231
+msgid "Cannot initialize crypto RNG backend."
+msgstr "Nu s-a putut inițializa utilitarul de criptare al generatorului de numere aleatorii(RNG)."
+
+#: lib/setup.c:237
+msgid "Cannot initialize crypto backend."
+msgstr "Nu s-a putut inițializa utilitarul de criptare ."
+
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
+#, c-format
+msgid "Hash algorithm %s not supported."
+msgstr "Algoritmul sumei de control %s nu este acceptat."
+
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
+#, c-format
+msgid "Key processing error (using hash %s)."
+msgstr "Eroare de procesare a cheii (folosind suma de control %s)."
+
+#: lib/setup.c:342 lib/setup.c:369
+msgid "Cannot determine device type. Incompatible activation of device?"
+msgstr "Nu se poate determina tipul de dispozitiv. Activare a dispozitivului incompatibilă?"
+
+#: lib/setup.c:348 lib/setup.c:3320
+msgid "This operation is supported only for LUKS device."
+msgstr "Această operație este acceptată doar pentru dispozitive LUKS."
+
+#: lib/setup.c:375
+msgid "This operation is supported only for LUKS2 device."
+msgstr "Această operație este acceptată doar pentru dispozitive LUKS2."
+
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
+msgid "All key slots full."
+msgstr "Toate sloturile pentru chei sunt ocupate."
+
+#: lib/setup.c:438
+#, c-format
+msgid "Key slot %d is invalid, please select between 0 and %d."
+msgstr "Slotul de cheie %d este nu este valid, selectați între 0 și %d."
+
+#: lib/setup.c:444
+#, c-format
+msgid "Key slot %d is full, please select another one."
+msgstr "Slotul pentru chei %d este ocupat, selectați altul."
+
+#: lib/setup.c:529 lib/setup.c:3042
+msgid "Device size is not aligned to device logical block size."
+msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea blocului logic al dispozitivului."
+
+#: lib/setup.c:627
+#, c-format
+msgid "Header detected but device %s is too small."
+msgstr "Antet detectat, dar dispozitivul %s este prea mic."
+
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
+msgid "This operation is not supported for this device type."
+msgstr "Această operație nu este suportată pentru acest tip de dispozitiv."
+
+#: lib/setup.c:673
+msgid "Illegal operation with reencryption in-progress."
+msgstr "Operație ilegală cu recriptare în curs."
+
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Nu s-au putut reîncărca metadatele LUKS2 în memorie."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Dispozitivul %s nu este un dispozitiv LUKS valid."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
+#, c-format
+msgid "Unsupported LUKS version %d."
+msgstr "Versiunea %d de LUKS nu este acceptată."
+
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
+#, c-format
+msgid "Device %s is not active."
+msgstr "Dispozitivul %s nu este activ."
+
+#: lib/setup.c:1508
+#, c-format
+msgid "Underlying device for crypt device %s disappeared."
+msgstr "Dispozitivul subiacent pentru dispozitivul criptat %s a dispărut."
+
+#: lib/setup.c:1590
+msgid "Invalid plain crypt parameters."
+msgstr "Parametrii de criptare simplă sunt incorecți."
+
+#: lib/setup.c:1595 lib/setup.c:2054
+msgid "Invalid key size."
+msgstr "Dimensiunea cheii este nevalidă."
+
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
+msgid "UUID is not supported for this crypt type."
+msgstr "UUID-ul nu este acceptat pentru acest tip de criptare."
+
+#: lib/setup.c:1605 lib/setup.c:2064
+msgid "Detached metadata device is not supported for this crypt type."
+msgstr "Dispozitivul cu metadate detașate nu este acceptat pentru acest tip de criptare."
+
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
+msgid "Unsupported encryption sector size."
+msgstr "Dimensiunea sectorului de criptare nu este acceptată."
+
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
+msgid "Device size is not aligned to requested sector size."
+msgstr "Dimensiunea dispozitivului nu este aliniată la dimensiunea sectorului solicitată."
+
+#: lib/setup.c:1675 lib/setup.c:1799
+msgid "Can't format LUKS without device."
+msgstr "Formatarea LUKS fără dispozitiv nu este posibilă."
+
+#: lib/setup.c:1681 lib/setup.c:1805
+msgid "Requested data alignment is not compatible with data offset."
+msgstr "Alinierea datelor solicitată nu este compatibilă cu poziția datelor."
+
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
+#, c-format
+msgid "Cannot wipe header on device %s."
+msgstr "Nu se poate șterge antetul pe dispozitivul %s."
+
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Dispozitivul %s este prea mic pentru activare, nu a mai rămas spațiu pentru date.\n"
+
+#: lib/setup.c:1840
+msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
+msgstr "AVERTISMENT: Activarea dispozitivului va eșua, dm-crypt nu are suport pentru dimensiunea sectorului de criptare solicitată.\n"
+
+#: lib/setup.c:1863
+msgid "Volume key is too small for encryption with integrity extensions."
+msgstr "Cheia de volum este prea mică pentru criptare cu extensii de integritate."
+
+#: lib/setup.c:1923
+#, c-format
+msgid "Cipher %s-%s (key size %zd bits) is not available."
+msgstr "Cifrul %s-%s (dimensiunea cheii %zd biți) nu este disponibil."
+
+#: lib/setup.c:1949
+#, c-format
+msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
+msgstr "AVERTISMENT: dimensiunea metadatelor LUKS2 s-a schimbat la %<PRIu64> octeți.\n"
+
+#: lib/setup.c:1953
+#, c-format
+msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
+msgstr "AVERTISMENT: dimensiunea zonei sloturilor de chei LUKS2 s-a schimbat la %<PRIu64> octeți.\n"
+
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
+#, c-format
+msgid "Device %s is too small."
+msgstr "Dispozitivul %s este prea mic."
+
+#: lib/setup.c:1990 lib/setup.c:2016
+#, c-format
+msgid "Cannot format device %s in use."
+msgstr "Nu se poate formata dispozitivul %s, este în uz."
+
+#: lib/setup.c:1993 lib/setup.c:2019
+#, c-format
+msgid "Cannot format device %s, permission denied."
+msgstr "Nu se poate formata dispozitivul %s; permisiune refuzată."
+
+#: lib/setup.c:2005 lib/setup.c:2334
+#, c-format
+msgid "Cannot format integrity for device %s."
+msgstr "Nu se poate formata integritatea pentru dispozitivul %s."
+
+#: lib/setup.c:2023
+#, c-format
+msgid "Cannot format device %s."
+msgstr "Nu se poate formata dispozitivul %s."
+
+#: lib/setup.c:2049
+msgid "Can't format LOOPAES without device."
+msgstr "Nu se poate formata LOOPAES fără dispozitiv."
+
+#: lib/setup.c:2094
+msgid "Can't format VERITY without device."
+msgstr "Nu se poate formata VERITY fără dispozitiv."
+
+#: lib/setup.c:2105 lib/verity/verity.c:101
+#, c-format
+msgid "Unsupported VERITY hash type %d."
+msgstr "Tip de sumă de control VERITY neacceptat %d."
+
+#: lib/setup.c:2111 lib/verity/verity.c:109
+msgid "Unsupported VERITY block size."
+msgstr "Dimensiunea blocului VERITY nu este acceptată."
+
+#: lib/setup.c:2116 lib/verity/verity.c:74
+msgid "Unsupported VERITY hash offset."
+msgstr "Decalajul sumei de control VERITY nu este acceptat."
+
+#: lib/setup.c:2121
+msgid "Unsupported VERITY FEC offset."
+msgstr "Decalajul FEC VERITY nu este acceptat."
+
+#: lib/setup.c:2145
+msgid "Data area overlaps with hash area."
+msgstr "Zona de date se suprapune cu zona de sume de control."
+
+#: lib/setup.c:2170
+msgid "Hash area overlaps with FEC area."
+msgstr "Zona sumelor de control se suprapune cu zona FEC."
+
+#: lib/setup.c:2177
+msgid "Data area overlaps with FEC area."
+msgstr "Zona de date se suprapune cu zona FEC."
+
+#: lib/setup.c:2313
+#, c-format
+msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
+msgstr "AVERTISMENT: Dimensiunea solicitată a etichetei %d octeți diferă de dimensiunea %s de ieșire (%d octeți).\n"
+
+#: lib/setup.c:2392
+#, c-format
+msgid "Unknown crypt device type %s requested."
+msgstr "A fost solicitat un tip de dispozitiv de criptare necunoscut %s."
+
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
+#, c-format
+msgid "Unsupported parameters on device %s."
+msgstr "Parametri neacceptați pentru dispozitivul %s."
+
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
+#, c-format
+msgid "Mismatching parameters on device %s."
+msgstr "Parametrii nepotriviți în dispozitivul %s."
+
+#: lib/setup.c:2822
+msgid "Crypt devices mismatch."
+msgstr "Dispozitivele de criptare nu se potrivesc."
+
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
+#, c-format
+msgid "Failed to reload device %s."
+msgstr "Nu s-a putut reîncărca dispozitivul %s."
+
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
+#, c-format
+msgid "Failed to suspend device %s."
+msgstr "Nu s-a putut suspenda dispozitivul %s."
+
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
+#, c-format
+msgid "Failed to resume device %s."
+msgstr "Nu s-a putut reîncărca dispozitivul %s."
+
+#: lib/setup.c:2897
+#, c-format
+msgid "Fatal error while reloading device %s (on top of device %s)."
+msgstr "Eroare fatală la reîncărcarea dispozitivului %s (în partea superioară a dispozitivului %s)."
+
+#: lib/setup.c:2900 lib/setup.c:2902
+#, c-format
+msgid "Failed to switch device %s to dm-error."
+msgstr "Nu s-a putut comuta dispozitivul %s la dm-error."
+
+#: lib/setup.c:2984
+msgid "Cannot resize loop device."
+msgstr "Nu se poate redimensiona dispozitivul de buclă."
+
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "AVERTISMENT: Dimensiunea maximă a fost deja stabilită sau nucleul nu acceptă redimensionarea.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Redimensionarea nu a reușit, nucleul nu acceptă redimensionarea."
+
+#: lib/setup.c:3120
+msgid "Do you really want to change UUID of device?"
+msgstr "Chiar doriți să schimbați UUID-ul dispozitivului?"
+
+#: lib/setup.c:3212
+msgid "Header backup file does not contain compatible LUKS header."
+msgstr "Fișierul de copie de rezervă pentru antet nu conține un antet LUKS compatibil."
+
+#: lib/setup.c:3328
+#, c-format
+msgid "Volume %s is not active."
+msgstr "Volumul %s nu este activ."
+
+#: lib/setup.c:3339
+#, c-format
+msgid "Volume %s is already suspended."
+msgstr "Volumul %s este deja suspendat."
+
+#: lib/setup.c:3352
+#, c-format
+msgid "Suspend is not supported for device %s."
+msgstr "Suspendarea nu este acceptată pentru dispozitivul %s."
+
+#: lib/setup.c:3354
+#, c-format
+msgid "Error during suspending device %s."
+msgstr "Eroare la suspendarea dispozitivului %s."
+
+#: lib/setup.c:3389
+#, c-format
+msgid "Resume is not supported for device %s."
+msgstr "Reluarea activității nu este acceptată pentru dispozitivul %s."
+
+#: lib/setup.c:3391
+#, c-format
+msgid "Error during resuming device %s."
+msgstr "Eroare la reluarea activității dispozitivului %s."
+
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "Volumul %s nu este suspendat."
+
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
+msgid "Volume key does not match the volume."
+msgstr "Cheia de volum nu se potrivește cu volumul."
+
+#: lib/setup.c:3737
+msgid "Failed to swap new key slot."
+msgstr "Nu s-a putut efectua interschimbarea cu noul slot pentru cheie."
+
+#: lib/setup.c:3835
+#, c-format
+msgid "Key slot %d is invalid."
+msgstr "Slotul de cheie %d nu este valid."
+
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
+#, c-format
+msgid "Keyslot %d is not active."
+msgstr "Slotul de cheie %d nu este activ."
+
+#: lib/setup.c:3860
+msgid "Device header overlaps with data area."
+msgstr "Antetul dispozitivului se suprapune cu zona de date."
+
+#: lib/setup.c:4165
+msgid "Reencryption in-progress. Cannot activate device."
+msgstr "Recriptare în curs. Nu se poate activa dispozitivul."
+
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
+msgid "Failed to get reencryption lock."
+msgstr "Nu s-a putut obține blocarea pentru recriptare."
+
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
+msgid "LUKS2 reencryption recovery failed."
+msgstr "Recuperarea recriptării LUKS2 a eșuat."
+
+#: lib/setup.c:4352 lib/setup.c:4618
+msgid "Device type is not properly initialized."
+msgstr "Tipul de dispozitiv nu este inițializat corect."
+
+#: lib/setup.c:4400
+#, c-format
+msgid "Device %s already exists."
+msgstr "Dispozitivul %s există deja."
+
+#: lib/setup.c:4407
+#, c-format
+msgid "Cannot use device %s, name is invalid or still in use."
+msgstr "Nu se poate folosi dispozitivul %s, numele este nevalid sau este încă în uz."
+
+#: lib/setup.c:4527
+msgid "Incorrect volume key specified for plain device."
+msgstr "Este specificată o cheie de volum incorectă pentru un dispozitiv cu criptare normală."
+
+#: lib/setup.c:4644
+msgid "Incorrect root hash specified for verity device."
+msgstr "Sumă de control rădăcină incorectă specificată pentru dispozitivul verity."
+
+#: lib/setup.c:4654
+msgid "Root hash signature required."
+msgstr "Este necesară semnătura de sumă de control rădăcină."
+
+#: lib/setup.c:4663
+msgid "Kernel keyring missing: required for passing signature to kernel."
+msgstr "Lipsește inelul de chei pentru nucleu: este necesar pentru transmiterea semnăturii către nucleu."
+
+#: lib/setup.c:4680 lib/setup.c:6423
+msgid "Failed to load key in kernel keyring."
+msgstr "Nu s-a putut încărca cheia în inelul de chei al nucleului."
+
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Nu s-a putut anula eliminarea întârziată din dispozitivul %s."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
+#, c-format
+msgid "Device %s is still in use."
+msgstr "Dispozitivul %s este încă în uz."
+
+#: lib/setup.c:4768
+#, c-format
+msgid "Invalid device %s."
+msgstr "Dispozitiv nevalid %s."
+
+#: lib/setup.c:4908
+msgid "Volume key buffer too small."
+msgstr "Memoria tampon a cheii de volum este prea mică."
+
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS2."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Nu se poate recupera cheia de volum pentru dispozitivul LUKS1."
+
+#: lib/setup.c:4944
+msgid "Cannot retrieve volume key for plain device."
+msgstr "Nu se poate recupera tasta de volum pentru dispozitivul normal."
+
+#: lib/setup.c:4952
+msgid "Cannot retrieve root hash for verity device."
+msgstr "Nu se poate recupera suma de control rădăcină pentru dispozitivul verity."
+
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Nu se poate recupera cheia de volum pentru dispozitivul BITLK."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Nu se poate recupera cheia de volum pentru dispozitivul FVAULT2."
+
+#: lib/setup.c:4966
+#, c-format
+msgid "This operation is not supported for %s crypt device."
+msgstr "Această operație nu este acceptată pentru dispozitivul criptat %s."
+
+#: lib/setup.c:5147 lib/setup.c:5158
+msgid "Dump operation is not supported for this device type."
+msgstr "Operația de descărcare nu este acceptată pentru acest tip de dispozitiv."
+
+#: lib/setup.c:5500
+#, c-format
+msgid "Data offset is not multiple of %u bytes."
+msgstr "Decalajul datelor nu este multiplu de %u octeți."
+
+#: lib/setup.c:5788
+#, c-format
+msgid "Cannot convert device %s which is still in use."
+msgstr "Nu se poate converti dispozitivul %s care este încă în uz."
+
+#: lib/setup.c:6098 lib/setup.c:6237
+#, c-format
+msgid "Failed to assign keyslot %u as the new volume key."
+msgstr "Nu s-a putut atribui slotul %u ca nouă cheie de volum."
+
+#: lib/setup.c:6122
+msgid "Failed to initialize default LUKS2 keyslot parameters."
+msgstr "Nu s-au putut inițializa parametrii impliciți pentru slotul de cheie LUKS2."
+
+#: lib/setup.c:6128
+#, c-format
+msgid "Failed to assign keyslot %d to digest."
+msgstr "Nu s-a putut aloca slotul de cheie %d pentru a digera."
+
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Nu se poate adăuga slotul pentru cheie, toate sloturile sunt dezactivate și nu este furnizată nicio cheie pentru volum."
+
+#: lib/setup.c:6490
+msgid "Kernel keyring is not supported by the kernel."
+msgstr "Inelul de chei pentru nucleu nu este acceptat de nucleu actual."
+
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
+#, c-format
+msgid "Failed to read passphrase from keyring (error %d)."
+msgstr "Nu s-a putut citi expresia de acces din inelul de chei (eroarea %d)."
+
+#: lib/setup.c:6523
+msgid "Failed to acquire global memory-hard access serialization lock."
+msgstr "Nu s-a putut obține blocarea de serializare a accesului la memoria-hardwarw globală."
+
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
+msgid "Failed to open key file."
+msgstr "Nu s-a putut deschide fișierul cheii."
+
+#: lib/utils.c:163
+msgid "Cannot read keyfile from a terminal."
+msgstr "Nu se poate citi fișierul de cheie de la un terminal."
+
+#: lib/utils.c:179
+msgid "Failed to stat key file."
+msgstr "Nu s-a putut obține starea fișierului de cheie."
+
+#: lib/utils.c:187 lib/utils.c:208
+msgid "Cannot seek to requested keyfile offset."
+msgstr "Nu se poate căuta poziția fișierului de cheie solicitat."
+
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
+msgid "Out of memory while reading passphrase."
+msgstr "Memoria epuizată în timpul citirii frazei de acces."
+
+#: lib/utils.c:237
+msgid "Error reading passphrase."
+msgstr "Eroare la citirea frazei de acces."
+
+#: lib/utils.c:254
+msgid "Nothing to read on input."
+msgstr "Nimic de citit la intrare."
+
+#: lib/utils.c:261
+msgid "Maximum keyfile size exceeded."
+msgstr "Dimensiunea maximă a fișierului de cheie a fost depășită."
+
+#: lib/utils.c:266
+msgid "Cannot read requested amount of data."
+msgstr "Nu se poate citi cantitatea de date solicitată."
+
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
+#, c-format
+msgid "Device %s does not exist or access denied."
+msgstr "Dispozitivul %s nu există sau accesul a fost refuzat."
+
+#: lib/utils_device.c:217
+#, c-format
+msgid "Device %s is not compatible."
+msgstr "Dispozitivul %s nu este compatibil."
+
+#: lib/utils_device.c:561
+#, c-format
+msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
+msgstr "Se ignoră dimensiunea optimă de transfer de date falsă pentru dispozitivul de date (%u octeți)."
+
+#: lib/utils_device.c:722
+#, c-format
+msgid "Device %s is too small. Need at least %<PRIu64> bytes."
+msgstr "Dispozitivul %s este prea mic. Aveți nevoie de cel puțin %<PRIu64> octeți."
+
+#: lib/utils_device.c:803
+#, c-format
+msgid "Cannot use device %s which is in use (already mapped or mounted)."
+msgstr "Nu se poate utiliza dispozitivul %s care este în uz (deja cartografiat sau montat)."
+
+#: lib/utils_device.c:807
+#, c-format
+msgid "Cannot use device %s, permission denied."
+msgstr "Nu se poate utiliza dispozitivul %s, permisiune refuzată."
+
+#: lib/utils_device.c:810
+#, c-format
+msgid "Cannot get info about device %s."
+msgstr "Nu se pot obține informații despre dispozitivul %s."
+
+#: lib/utils_device.c:833
+msgid "Cannot use a loopback device, running as non-root user."
+msgstr "Nu se poate utiliza un dispozitiv loopback, deoarece programul nu rulează cu privilegii de root."
+
+#: lib/utils_device.c:844
+msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
+msgstr "Atașarea dispozitivului de loopback a eșuat (este necesar un dispozitiv de buclă cu fanion de ștergere automată)."
+
+#: lib/utils_device.c:892
+#, c-format
+msgid "Requested offset is beyond real size of device %s."
+msgstr "Decalajul solicitat depășește dimensiunea reală a dispozitivului %s."
+
+#: lib/utils_device.c:900
+#, c-format
+msgid "Device %s has zero size."
+msgstr "Dispozitivul %s are dimensiune zero."
+
+#: lib/utils_pbkdf.c:100
+msgid "Requested PBKDF target time cannot be zero."
+msgstr "Ora specificată pentru PBKDF nu poate fi zero."
+
+#: lib/utils_pbkdf.c:106
+#, c-format
+msgid "Unknown PBKDF type %s."
+msgstr "Tip PBKDF necunoscut %s."
+
+#: lib/utils_pbkdf.c:111
+#, c-format
+msgid "Requested hash %s is not supported."
+msgstr "Suma de control solicitată %s nu este acceptată."
+
+#: lib/utils_pbkdf.c:122
+msgid "Requested PBKDF type is not supported for LUKS1."
+msgstr "Tipul PBKDF solicitat nu este acceptat pentru LUKS1."
+
+#: lib/utils_pbkdf.c:128
+msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
+msgstr "Memoria maximă PBKDF sau firele de execuție paralele nu trebuie definite cu pbkdf2."
+
+#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
+#, c-format
+msgid "Forced iteration count is too low for %s (minimum is %u)."
+msgstr "Numărul de iterații forțate este prea mic pentru %s (minimul este %u)."
+
+#: lib/utils_pbkdf.c:148
+#, c-format
+msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
+msgstr "Costul memoriei forțate este prea mic pentru %s (minimul este de %u kiloocteți)."
+
+#: lib/utils_pbkdf.c:155
+#, c-format
+msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
+msgstr "Costul maxim de memorie PBKDF solicitat este prea mare (maximul este de %d kiloocteți)."
+
+#: lib/utils_pbkdf.c:160
+msgid "Requested maximum PBKDF memory cannot be zero."
+msgstr "Memoria PBKDF maximă solicitată nu poate fi zero."
+
+#: lib/utils_pbkdf.c:164
+msgid "Requested PBKDF parallel threads cannot be zero."
+msgstr "Firele paralele de execuție PBKDF solicitate nu pot fi zero."
+
+#: lib/utils_pbkdf.c:184
+msgid "Only PBKDF2 is supported in FIPS mode."
+msgstr "Doar PBKDF2 este acceptat în modul FIPS."
+
+#: lib/utils_benchmark.c:175
+msgid "PBKDF benchmark disabled but iterations not set."
+msgstr "Testarea PBKDF este dezactivată, dar numărul de iterații nu este definit."
+
+#: lib/utils_benchmark.c:194
+#, c-format
+msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
+msgstr "Opțiuni PBKDF2 incompatibile (folosind algoritmul de sumă de control %s)."
+
+#: lib/utils_benchmark.c:214
+msgid "Not compatible PBKDF options."
+msgstr "Opțiuni PBKDF2 incompatibile."
+
+#: lib/utils_device_locking.c:101
+#, c-format
+msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
+msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (nu este un director sau lipsește)."
+
+#: lib/utils_device_locking.c:118
+#, c-format
+msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
+msgstr "Blocarea a fost anulată. Calea de blocare %s/%s este inutilizabilă (%s nu este un director)."
+
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
+msgid "Cannot seek to device offset."
+msgstr "Nu se poate căuta la poziția dispozitivului."
+
+#: lib/utils_wipe.c:247
+#, c-format
+msgid "Device wipe error, offset %<PRIu64>."
+msgstr "Eroare de ștergere a dispozitivului, decalaj %<PRIu64>."
+
+#: lib/luks1/keyencryption.c:39
+#, c-format
+msgid ""
+"Failed to setup dm-crypt key mapping for device %s.\n"
+"Check that kernel supports %s cipher (check syslog for more info)."
+msgstr ""
+"Nu s-a putut configura asocierea cheii dm-crypt la dispozitivul %s.\n"
+"Verificați dacă nucleul acceptă cifrul %s (verificați syslog pentru mai multe informații)."
+
+#: lib/luks1/keyencryption.c:44
+msgid "Key size in XTS mode must be 256 or 512 bits."
+msgstr "Dimensiunea cheii în modul XTS trebuie să fie de 256 sau 512 biți."
+
+#: lib/luks1/keyencryption.c:46
+msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
+msgstr "Specificațiile de cifrare ar trebui să fie în formatul [cifrarea]-[mod]-[iv]."
+
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
+#, c-format
+msgid "Cannot write to device %s, permission denied."
+msgstr "Nu se poate scrie în dispozitivul %s, permisiune refuzată."
+
+#: lib/luks1/keyencryption.c:120
+msgid "Failed to open temporary keystore device."
+msgstr "Nu s-a putut deschide dispozitivul pentru stocarea temporară a cheilor."
+
+#: lib/luks1/keyencryption.c:127
+msgid "Failed to access temporary keystore device."
+msgstr "Nu s-a putut accesa dispozitivul pentru stocarea temporară a cheilor."
+
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
+msgid "IO error while encrypting keyslot."
+msgstr "Eroare de In/Ieș în timpul criptării slotului de cheie."
+
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
+#, c-format
+msgid "Cannot open device %s."
+msgstr "Nu s-a putut deschide dispozitivul %s."
+
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
+msgid "IO error while decrypting keyslot."
+msgstr "Eroare de In/Ieș la decriptarea slotului de cheie."
+
+#: lib/luks1/keymanage.c:130
+#, c-format
+msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
+msgstr "Dispozitivul %s este prea mic. (LUKS1 necesită cel puțin %<PRIu64> octeți.)"
+
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
+#, c-format
+msgid "LUKS keyslot %u is invalid."
+msgstr "Slotul de cheie LUKS %u nu este valid."
+
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
+#, c-format
+msgid "Requested header backup file %s already exists."
+msgstr "Fișierul de copie de rezervă pentru antetul solicitat %s există deja."
+
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
+#, c-format
+msgid "Cannot create header backup file %s."
+msgstr "Nu se poate crea fișierul de copie de rezervă al antetului %s."
+
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
+#, c-format
+msgid "Cannot write header backup file %s."
+msgstr "Nu se poate scrie fișierul de copie de rezervă al antetului %s."
+
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
+msgid "Backup file does not contain valid LUKS header."
+msgstr "Fișierul de copie de rezervă nu conține antet LUKS valid."
+
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
+#, c-format
+msgid "Cannot open header backup file %s."
+msgstr "Nu se poate deschide fișierul de copie de rezervă al antetului %s."
+
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
+#, c-format
+msgid "Cannot read header backup file %s."
+msgstr "Nu se poate citi fișierul de copie de rezervă al antetului %s."
+
+#: lib/luks1/keymanage.c:339
+msgid "Data offset or key size differs on device and backup, restore failed."
+msgstr "Poziția datelor sau dimensiunea cheii diferă între dispozitiv și copia de rezervă, restaurarea a eșuat."
+
+#: lib/luks1/keymanage.c:347
+#, c-format
+msgid "Device %s %s%s"
+msgstr "Dispozitiv %s %s%s"
+
+#: lib/luks1/keymanage.c:348
+msgid "does not contain LUKS header. Replacing header can destroy data on that device."
+msgstr "nu conține antetul LUKS. Înlocuirea antetului poate distruge datele de pe acest dispozitiv."
+
+#: lib/luks1/keymanage.c:349
+msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
+msgstr "conține deja antetul LUKS. Înlocuirea antetului va distruge sloturile de chei existente."
+
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
+msgid ""
+"\n"
+"WARNING: real device header has different UUID than backup!"
+msgstr ""
+"\n"
+"AVERTISMENT: antetul dispozitivului real are un UUID diferit de cel al copiei de rezervă!"
+
+#: lib/luks1/keymanage.c:398
+msgid "Non standard key size, manual repair required."
+msgstr "Dimensiunea cheii nu este standard, este necesară repararea manuală."
+
+#: lib/luks1/keymanage.c:408
+msgid "Non standard keyslots alignment, manual repair required."
+msgstr "Alinierea sloturilor pentru chei nu este standard , este necesară repararea manuală."
+
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Modul de cifrare reparat (%s -> %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Cifrul sumei de control(hash) reparat la minuscule (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Suma de control(hash) LUKS solicitată %s nu este acceptată."
+
+#: lib/luks1/keymanage.c:444
+msgid "Repairing keyslots."
+msgstr "Se repară sloturile pentru chei."
+
+#: lib/luks1/keymanage.c:463
+#, c-format
+msgid "Keyslot %i: offset repaired (%u -> %u)."
+msgstr "Slotul de cheie %i: poziție reparată (%u -> %u)."
+
+#: lib/luks1/keymanage.c:471
+#, c-format
+msgid "Keyslot %i: stripes repaired (%u -> %u)."
+msgstr "Slotul de cheie %i: benzi reparate (%u -> %u)."
+
+#: lib/luks1/keymanage.c:480
+#, c-format
+msgid "Keyslot %i: bogus partition signature."
+msgstr "Slotul de cheie %i: semnătură falsă a partiției."
+
+#: lib/luks1/keymanage.c:485
+#, c-format
+msgid "Keyslot %i: salt wiped."
+msgstr "Slotul de cheie %i: «salt» șters."
+
+#: lib/luks1/keymanage.c:502
+msgid "Writing LUKS header to disk."
+msgstr "Se scrie antetul LUKS pe disc."
+
+#: lib/luks1/keymanage.c:507
+msgid "Repair failed."
+msgstr "Repararea a eșuat."
+
+#: lib/luks1/keymanage.c:562
+#, c-format
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Modul de cifrare LUKS %s este nevalid."
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "Suma de control(hash) LUKS %s nu este validă."
+
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
+msgid "No known problems detected for LUKS header."
+msgstr "Nu s-a detectat nicio problemă cunoscută pentru antetul LUKS."
+
+#: lib/luks1/keymanage.c:702
+#, c-format
+msgid "Error during update of LUKS header on device %s."
+msgstr "Eroare în timpul actualizării antetului LUKS pe dispozitivul %s."
+
+#: lib/luks1/keymanage.c:710
+#, c-format
+msgid "Error re-reading LUKS header after update on device %s."
+msgstr "Eroare la recitirea antetului LUKS după actualizare pe dispozitivul %s."
+
+#: lib/luks1/keymanage.c:786
+msgid "Data offset for LUKS header must be either 0 or higher than header size."
+msgstr "Decalajul datelor pentru antetul LUKS trebuie să fie 0 sau mai mare decât dimensiunea antetului."
+
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
+msgid "Wrong LUKS UUID format provided."
+msgstr "Formatul UUID LUKS furnizat este greșit."
+
+#: lib/luks1/keymanage.c:819
+msgid "Cannot create LUKS header: reading random salt failed."
+msgstr "Nu se poate crea antetul LUKS: citirea datelor «salt» aleatoare a eșuat."
+
+#: lib/luks1/keymanage.c:845
+#, c-format
+msgid "Cannot create LUKS header: header digest failed (using hash %s)."
+msgstr "Nu se poate crea antetul LUKS: calcularea sumei de control a antetului a eșuat (folosind suma de control(hash) %s)."
+
+#: lib/luks1/keymanage.c:889
+#, c-format
+msgid "Key slot %d active, purge first."
+msgstr "Slot de cheie %d activ, curățați mai întâi."
+
+#: lib/luks1/keymanage.c:895
+#, c-format
+msgid "Key slot %d material includes too few stripes. Header manipulation?"
+msgstr "Materialul de la slotul de cheie %d nu are suficiente benzi. Antetul a fost manipulat?"
+
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Depășire a valorii de iterație a PBKDF2."
+
+#: lib/luks1/keymanage.c:1040
+#, c-format
+msgid "Cannot open keyslot (using hash %s)."
+msgstr "Nu se poate deschide slotul de cheie (folosind suma de control(hash) %s)."
+
+#: lib/luks1/keymanage.c:1118
+#, c-format
+msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
+msgstr "Slotul de cheie %d nu este valid, selectați slotul de cheie între 0 și %d."
+
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
+#, c-format
+msgid "Cannot wipe device %s."
+msgstr "Nu se poate șterge dispozitivul %s."
+
+#: lib/loopaes/loopaes.c:146
+msgid "Detected not yet supported GPG encrypted keyfile."
+msgstr "Fișierul cheie criptat GPG, detectat, nu este încă acceptat."
+
+#: lib/loopaes/loopaes.c:147
+msgid "Please use gpg --decrypt <KEYFILE> | cryptsetup --keyfile=- ...\n"
+msgstr "Utilizați «gpg --decrypt <fișier_cheie>» | «cryptsetup --keyfile=-...»\n"
+
+#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188
+msgid "Incompatible loop-AES keyfile detected."
+msgstr "S-a detectat un fișier de cheie loop-AES incompatibil."
+
+#: lib/loopaes/loopaes.c:245
+msgid "Kernel does not support loop-AES compatible mapping."
+msgstr "Nucleul nu acceptă asocierea compatibilă cu bucla loop-AES."
+
+#: lib/tcrypt/tcrypt.c:508
+#, c-format
+msgid "Error reading keyfile %s."
+msgstr "Eroare la citirea fișierului de cheie %s."
+
+#: lib/tcrypt/tcrypt.c:558
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+msgstr "Lungimea maximă a frazei de acces TCRYPT (%zu) a fost depășită."
+
+#: lib/tcrypt/tcrypt.c:600
+#, c-format
+msgid "PBKDF2 hash algorithm %s not available, skipping."
+msgstr "Algoritmul sumei de control(hash) PBKDF2 %s nu este disponibil, se omite."
+
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
+msgid "Required kernel crypto interface not available."
+msgstr "Interfața necesară de criptare a nucleului nu este disponibilă."
+
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
+msgid "Ensure you have algif_skcipher kernel module loaded."
+msgstr "Asigurați-vă că aveți modulul nucleului «algif_skcipher», încărcat."
+
+#: lib/tcrypt/tcrypt.c:762
+#, c-format
+msgid "Activation is not supported for %d sector size."
+msgstr "Activarea nu este acceptată pentru dimensiunea sectorului de %d."
+
+#: lib/tcrypt/tcrypt.c:768
+msgid "Kernel does not support activation for this TCRYPT legacy mode."
+msgstr "Nucleul nu acceptă activarea pentru acest mod vechi TCRYPT."
+
+#: lib/tcrypt/tcrypt.c:799
+#, c-format
+msgid "Activating TCRYPT system encryption for partition %s."
+msgstr "Se activează criptarea sistemului TCRYPT pentru partiția %s."
+
+#: lib/tcrypt/tcrypt.c:882
+msgid "Kernel does not support TCRYPT compatible mapping."
+msgstr "Nucleul nu acceptă asocierea compatibilă cu TCRYPT."
+
+#: lib/tcrypt/tcrypt.c:1095
+msgid "This function is not supported without TCRYPT header load."
+msgstr "Această funcție nu este acceptată fără încărcarea antetului TCRYPT."
+
+#: lib/bitlk/bitlk.c:278
+#, c-format
+msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
+msgstr "Tip neașteptat de intrare de metadate „%u” găsit la analizarea cheii master de volum acceptate."
+
+#: lib/bitlk/bitlk.c:337
+msgid "Invalid string found when parsing Volume Master Key."
+msgstr "S-a găsit șir nevalid la analizarea cheii master de volum."
+
+#: lib/bitlk/bitlk.c:341
+#, c-format
+msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
+msgstr "Șir neașteptat („%s”) găsit la analizarea cheii master de volum acceptate."
+
+#: lib/bitlk/bitlk.c:358
+#, c-format
+msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
+msgstr "Valoare neașteptată a intrării de metadate „%u” a fost găsită la analizarea cheii master de volum acceptate."
+
+#: lib/bitlk/bitlk.c:460
+msgid "BITLK version 1 is currently not supported."
+msgstr "Versiunea 1 BITLK nu este acceptată în prezent."
+
+#: lib/bitlk/bitlk.c:466
+msgid "Invalid or unknown boot signature for BITLK device."
+msgstr "Semnătură de pornire nevalidă sau necunoscută pentru dispozitivul BITLK."
+
+#: lib/bitlk/bitlk.c:478
+#, c-format
+msgid "Unsupported sector size %<PRIu16>."
+msgstr "Dimensiunea sectorului neacceptată, %<PRIu16>."
+
+#: lib/bitlk/bitlk.c:486
+#, c-format
+msgid "Failed to read BITLK header from %s."
+msgstr "Nu s-a putut citi antetul BITLK de la %s."
+
+#: lib/bitlk/bitlk.c:511
+#, c-format
+msgid "Failed to read BITLK FVE metadata from %s."
+msgstr "Nu s-au putut citi metadatele BITLK FVE de la %s."
+
+#: lib/bitlk/bitlk.c:562
+msgid "Unknown or unsupported encryption type."
+msgstr "Tip de criptare necunoscut sau neacceptat."
+
+#: lib/bitlk/bitlk.c:602
+#, c-format
+msgid "Failed to read BITLK metadata entries from %s."
+msgstr "Nu s-au putut citi intrările de metadate BITLK de la %s."
+
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Nu s-a putut converti descrierea volumului BITLK"
+
+#: lib/bitlk/bitlk.c:882
+#, c-format
+msgid "Unexpected metadata entry type '%u' found when parsing external key."
+msgstr "Tip neașteptat de intrare de metadate „%u” găsit la analizarea cheii externe."
+
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "GUID-ul fișierului BEK „%s”, nu se potrivește cu GUID-ul volumului."
+
+#: lib/bitlk/bitlk.c:909
+#, c-format
+msgid "Unexpected metadata entry value '%u' found when parsing external key."
+msgstr "Valoare neașteptată a intrării metadatelor „%u”, a fost găsită la analizarea cheii externe."
+
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Versiune neacceptată de metadate BEK %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Dimensiune neașteptată a metadatelor BEK %<PRIu32>, nu se potrivește cu lungimea fișierului BEK"
+
+#: lib/bitlk/bitlk.c:979
+msgid "Unexpected metadata entry found when parsing startup key."
+msgstr "Intrare neașteptată de metadate găsită la analizarea cheii de pornire."
+
+#: lib/bitlk/bitlk.c:1075
+msgid "This operation is not supported."
+msgstr "Această operație nu este acceptată."
+
+#: lib/bitlk/bitlk.c:1083
+msgid "Unexpected key data size."
+msgstr "Dimensiune neașteptată a datelor cheii."
+
+#: lib/bitlk/bitlk.c:1209
+msgid "This BITLK device is in an unsupported state and cannot be activated."
+msgstr "Acest dispozitiv BITLK este într-o stare neacceptată și nu poate fi activat."
+
+#: lib/bitlk/bitlk.c:1214
+#, c-format
+msgid "BITLK devices with type '%s' cannot be activated."
+msgstr "Dispozitivele BITLK de tip „%s” nu pot fi activate."
+
+#: lib/bitlk/bitlk.c:1221
+msgid "Activation of partially decrypted BITLK device is not supported."
+msgstr "Activarea dispozitivului BITLK parțial decriptat nu este acceptată."
+
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "AVERTISMENT: dimensiunea volumului BitLocker %<PRIu64> nu se potrivește cu dimensiunea dispozitivului subiacent %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1389
+msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
+msgstr "Nu se poate activa dispozitivul, modulul nucleului «dm-crypt» nu are suport pentru BITLK IV."
+
+#: lib/bitlk/bitlk.c:1393
+msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
+msgstr "Dispozitivul nu poate fi activat, modulul nucleului «dm-crypt» nu are suport pentru difuzorul BITLK Elephant."
+
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Dispozitivul nu poate fi activat, kernel-ul dm-crypt nu are suport pentru dimensiune mare a sectorului."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Dispozitivul nu se poate activa, modulul nucleului, «dm-zero», lipsește."
+
+#: lib/fvault2/fvault2.c:542
+#, c-format
+msgid "Could not read %u bytes of volume header."
+msgstr "Nu s-au putut citi %u octeți din antetul volumului."
+
+#: lib/fvault2/fvault2.c:554
+#, c-format
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Versiune FVAULT2 neacceptată %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Dispozitivul verity %s nu utilizează antetul de pe disc."
+
+#: lib/verity/verity.c:96
+#, c-format
+msgid "Unsupported VERITY version %d."
+msgstr "Versiunea VERITY %d nu este acceptată."
+
+#: lib/verity/verity.c:131
+msgid "VERITY header corrupted."
+msgstr "Antetul VERITY este corupt."
+
+#: lib/verity/verity.c:176
+#, c-format
+msgid "Wrong VERITY UUID format provided on device %s."
+msgstr "Formatul UUID VERITY furnizat pe dispozitivul %s este greșit."
+
+#: lib/verity/verity.c:220
+#, c-format
+msgid "Error during update of verity header on device %s."
+msgstr "Eroare la actualizarea antetului Verity pe dispozitivul %s."
+
+#: lib/verity/verity.c:278
+msgid "Root hash signature verification is not supported."
+msgstr "Verificarea semnăturii sumei de verificare(hash) rădăcină nu este acceptată."
+
+#: lib/verity/verity.c:290
+msgid "Errors cannot be repaired with FEC device."
+msgstr "Erorile nu pot fi reparate cu dispozitivul FEC."
+
+#: lib/verity/verity.c:292
+#, c-format
+msgid "Found %u repairable errors with FEC device."
+msgstr "S-au găsit %u erori reparabile cu dispozitivul FEC."
+
+#: lib/verity/verity.c:335
+msgid "Kernel does not support dm-verity mapping."
+msgstr "Nucleul nu acceptă asocierea dm-verity."
+
+#: lib/verity/verity.c:339
+msgid "Kernel does not support dm-verity signature option."
+msgstr "Nucleul nu acceptă opțiunea de semnătură dm-verity."
+
+#: lib/verity/verity.c:350
+msgid "Verity device detected corruption after activation."
+msgstr "Dispozitivul verity a detectat corupție după activare."
+
+#: lib/verity/verity_hash.c:66
+#, c-format
+msgid "Spare area is not zeroed at position %<PRIu64>."
+msgstr "Zona de rezervă nu este pusă la zero la poziția %<PRIu64>."
+
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
+msgid "Device offset overflow."
+msgstr "Depășire a poziției de pe dispozitiv."
+
+#: lib/verity/verity_hash.c:218
+#, c-format
+msgid "Verification failed at position %<PRIu64>."
+msgstr "Verificarea a eșuat la poziția %<PRIu64>."
+
+#: lib/verity/verity_hash.c:307
+msgid "Hash area overflow."
+msgstr "Debordare a zonei sumei de control(hash)."
+
+#: lib/verity/verity_hash.c:380
+msgid "Verification of data area failed."
+msgstr "Verificarea zonei de date a eșuat."
+
+#: lib/verity/verity_hash.c:385
+msgid "Verification of root hash failed."
+msgstr "Verificarea sumei de control(hash) rădăcină a eșuat."
+
+#: lib/verity/verity_hash.c:391
+msgid "Input/output error while creating hash area."
+msgstr "Eroare de intrare/ieșire la crearea zonei de sumă de control(hash)."
+
+#: lib/verity/verity_hash.c:393
+msgid "Creation of hash area failed."
+msgstr "Crearea zonei de sumă de control(hash) a eșuat."
+
+#: lib/verity/verity_hash.c:428
+#, c-format
+msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
+msgstr "AVERTISMENT: Nucleul nu poate activa dispozitivul dacă dimensiunea blocului de date depășește dimensiunea paginii (%u)."
+
+#: lib/verity/verity_fec.c:131
+msgid "Failed to allocate RS context."
+msgstr "Nu s-a putut aloca contextul RS."
+
+#: lib/verity/verity_fec.c:149
+msgid "Failed to allocate buffer."
+msgstr "Nu s-a putut aloca memoria tampon."
+
+#: lib/verity/verity_fec.c:159
+#, c-format
+msgid "Failed to read RS block %<PRIu64> byte %d."
+msgstr "Nu s-a putut citi blocul RS %<PRIu64> octetul %d."
+
+#: lib/verity/verity_fec.c:172
+#, c-format
+msgid "Failed to read parity for RS block %<PRIu64>."
+msgstr "Nu s-a putut citi paritatea pentru blocul RS %<PRIu64>."
+
+#: lib/verity/verity_fec.c:180
+#, c-format
+msgid "Failed to repair parity for block %<PRIu64>."
+msgstr "Nu s-a putut repara paritatea pentru blocul %<PRIu64>."
+
+#: lib/verity/verity_fec.c:192
+#, c-format
+msgid "Failed to write parity for RS block %<PRIu64>."
+msgstr "Nu s-a putut scrie paritatea pentru blocul RS %<PRIu64>."
+
+#: lib/verity/verity_fec.c:208
+msgid "Block sizes must match for FEC."
+msgstr "Dimensiunile blocurilor trebuie să se potrivească pentru FEC."
+
+#: lib/verity/verity_fec.c:214
+msgid "Invalid number of parity bytes."
+msgstr "Număr nevalid de octeți de paritate."
+
+#: lib/verity/verity_fec.c:248
+msgid "Invalid FEC segment length."
+msgstr "Lungimea segmentului FEC nu este validă."
+
+#: lib/verity/verity_fec.c:316
+#, c-format
+msgid "Failed to determine size for device %s."
+msgstr "Nu s-a putut determina dimensiunea pentru dispozitivul %s."
+
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Metadate incompatibile cu modulul nucleului «dm-integrity» (versiunea %u) detectate pe %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
+msgid "Kernel does not support dm-integrity mapping."
+msgstr "Nucleul nu acceptă asocierea dm-integrity."
+
+#: lib/integrity/integrity.c:283
+msgid "Kernel does not support dm-integrity fixed metadata alignment."
+msgstr "Nucleul nu acceptă alinierea metadatelor fixe dm-integrity."
+
+#: lib/integrity/integrity.c:292
+msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
+msgstr "Nucleul refuză să activeze opțiunea de recalculare nesigură (consultați opțiunile de activare vechi pentru a le înlocui)."
+
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
+#, c-format
+msgid "Failed to acquire write lock on device %s."
+msgstr "Nu s-a putut obține blocarea la scriere pe dispozitivul %s."
+
+#: lib/luks2/luks2_disk_metadata.c:400
+msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
+msgstr "S-a detectat o încercare de actualizare concomitentă a metadatelor LUKS2. Se abandonează operația."
+
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
+msgid ""
+"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
+"Please run \"cryptsetup repair\" for recovery."
+msgstr ""
+"Dispozitivul conține semnături ambigue, nu se poate recupera automat LUKS2.\n"
+"Rulați «cryptsetup repair» pentru recuperare."
+
+#: lib/luks2/luks2_json_format.c:229
+msgid "Requested data offset is too small."
+msgstr "Decalajul de date solicitat este prea mic."
+
+#: lib/luks2/luks2_json_format.c:274
+#, c-format
+msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
+msgstr "AVERTISMENT: zona sloturilor de chei (%<PRIu64> octeți) este foarte mică, numărul de sloturi de chei LUKS2 disponibil este foarte limitat.\n"
+
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
+#, c-format
+msgid "Failed to acquire read lock on device %s."
+msgstr "Nu s-a putut obține blocarea pentru citire pe dispozitivul %s."
+
+#: lib/luks2/luks2_json_metadata.c:1405
+#, c-format
+msgid "Forbidden LUKS2 requirements detected in backup %s."
+msgstr "Cerințe LUKS2 interzise detectate în copia de rezervă %s."
+
+#: lib/luks2/luks2_json_metadata.c:1446
+msgid "Data offset differ on device and backup, restore failed."
+msgstr "Decalajul datelor diferă între dispozitiv și copia de rezervă, restaurare eșuată."
+
+#: lib/luks2/luks2_json_metadata.c:1452
+msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
+msgstr "Antetul binar cu dimensiunea zonelor sloturilor pentru chei diferă între dispozitiv și copia de rezervă, restaurare eșuată."
+
+#: lib/luks2/luks2_json_metadata.c:1459
+#, c-format
+msgid "Device %s %s%s%s%s"
+msgstr "Dispozitiv %s %s%s%s%s"
+
+#: lib/luks2/luks2_json_metadata.c:1460
+msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
+msgstr "nu conține antetul LUKS2. Înlocuirea antetului poate distruge datele de pe acest dispozitiv."
+
+#: lib/luks2/luks2_json_metadata.c:1461
+msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
+msgstr "conține deja antetul LUKS2. Înlocuirea antetului va distruge sloturile de chei existente."
+
+#: lib/luks2/luks2_json_metadata.c:1463
+msgid ""
+"\n"
+"WARNING: unknown LUKS2 requirements detected in real device header!\n"
+"Replacing header with backup may corrupt the data on that device!"
+msgstr ""
+"\n"
+"AVERTISMENT: cerințe necunoscute LUKS2 detectate în antetul dispozitivului real!\n"
+"Înlocuirea antetului cu copia de rezervă poate deteriora datele de pe acest dispozitiv!"
+
+#: lib/luks2/luks2_json_metadata.c:1465
+msgid ""
+"\n"
+"WARNING: Unfinished offline reencryption detected on the device!\n"
+"Replacing header with backup may corrupt data."
+msgstr ""
+"\n"
+"AVERTISMENT: Recriptare „offline” nefinalizată detectată pe dispozitiv!\n"
+"Înlocuirea antetului cu copia de rezervă poate deteriora datele."
+
+#: lib/luks2/luks2_json_metadata.c:1562
+#, c-format
+msgid "Ignored unknown flag %s."
+msgstr "S-a ignorat fanionul necunoscut %s."
+
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
+#, c-format
+msgid "Missing key for dm-crypt segment %u"
+msgstr "Lipsește cheia pentru segmentul dm-crypt %u"
+
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
+msgid "Failed to set dm-crypt segment."
+msgstr "Nu s-a putut definii segmentul dm-crypt."
+
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
+msgid "Failed to set dm-linear segment."
+msgstr "Nu s-a putut definii segmentul dm-linear."
+
+#: lib/luks2/luks2_json_metadata.c:2615
+msgid "Unsupported device integrity configuration."
+msgstr "Configurație de integritate a dispozitivului neacceptată."
+
+#: lib/luks2/luks2_json_metadata.c:2701
+msgid "Reencryption in-progress. Cannot deactivate device."
+msgstr "Recriptare în curs. Nu se poate dezactiva dispozitivul."
+
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
+#, c-format
+msgid "Failed to replace suspended device %s with dm-error target."
+msgstr "Nu s-a putut înlocui dispozitivul suspendat %s cu ținta dm-error."
+
+#: lib/luks2/luks2_json_metadata.c:2792
+msgid "Failed to read LUKS2 requirements."
+msgstr "Nu s-au putut citi cerințele LUKS2."
+
+#: lib/luks2/luks2_json_metadata.c:2799
+msgid "Unmet LUKS2 requirements detected."
+msgstr "Au fost detectate cerințe LUKS2 neîndeplinite."
+
+#: lib/luks2/luks2_json_metadata.c:2807
+msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
+msgstr "Operație incompatibilă cu dispozitivul marcat pentru recriptare învechită. Se abandonează."
+
+#: lib/luks2/luks2_json_metadata.c:2809
+msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
+msgstr "Operație incompatibilă cu dispozitivul marcat pentru recriptare LUKS2. Se abandonează."
+
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
+msgid "Not enough available memory to open a keyslot."
+msgstr "Nu există suficientă memorie disponibilă pentru a deschide un slot de cheie."
+
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
+msgid "Keyslot open failed."
+msgstr "Deschiderea slotului de cheie a eșuat."
+
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
+#, c-format
+msgid "Cannot use %s-%s cipher for keyslot encryption."
+msgstr "Nu se poate utiliza cifrul %s-%s pentru criptarea slotului de cheie."
+
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Algoritmul sumei de control(hash) %s nu este disponibil."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
+msgid "No space for new keyslot."
+msgstr "Nu există spațiu pentru noul slot de cheie."
+
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "A fost solicitată o schimbare incorectă a modului de adaptabilitate pentru recriptare."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Nu se poate actualiza tipul de adaptabilitate. Tipul nou oferă numai %<PRIu64> octeți, spațiul necesar este: %<PRIu64> octeți."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Nu s-a putut reîmprospăta calcularea sumei de control de verificare a recriptării."
+
+#: lib/luks2/luks2_luks1_convert.c:512
+#, c-format
+msgid "Cannot check status of device with uuid: %s."
+msgstr "Nu se poate verifica starea dispozitivului cu uuid: %s."
+
+#: lib/luks2/luks2_luks1_convert.c:538
+msgid "Unable to convert header with LUKSMETA additional metadata."
+msgstr "Nu s-a putut converti antetul cu metadate suplimentare LUKSMETA."
+
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Nu se poate utiliza specificația de cifrare %s-%s pentru LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
+msgid "Unable to move keyslot area. Not enough space."
+msgstr "Nu se poate muta zona slotului pentru chei. Spațiu insuficient."
+
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Nu se poate converti în format LUKS2 - metadate nevalide."
+
+#: lib/luks2/luks2_luks1_convert.c:636
+msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
+msgstr "Nu se poate muta zona slotului pentru chei. Zona sloturilor pentru chei LUKS2 este prea mică."
+
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
+msgid "Unable to move keyslot area."
+msgstr "Nu se poate muta zona slotului pentru chei."
+
+#: lib/luks2/luks2_luks1_convert.c:732
+msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
+msgstr "Nu se poate converti în format LUKS1 - dimensiunea implicită a sectorului de criptare al segmentului nu este de 512 octeți."
+
+#: lib/luks2/luks2_luks1_convert.c:740
+msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
+msgstr "Nu se poate converti în formatul LUKS1 - calcularea sumelor de control ale slotului de cheie nu este compatibilă cu LUKS1."
+
+#: lib/luks2/luks2_luks1_convert.c:752
+#, c-format
+msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
+msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul folosește cifrul de cheie încapsulat %s."
+
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Nu se poate converti în formatul LUKS1 - dispozitivul utilizează mai multe segmente."
+
+#: lib/luks2/luks2_luks1_convert.c:765
+#, c-format
+msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
+msgstr "Nu se poate converti în formatul LUKS1 - antetul LUKS2 conține %u jetoane(tokens)."
+
+#: lib/luks2/luks2_luks1_convert.c:779
+#, c-format
+msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
+msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u este într-o stare nevalidă."
+
+#: lib/luks2/luks2_luks1_convert.c:784
+#, c-format
+msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
+msgstr "Nu se poate converti în formatul LUKS1 - slotul %u (peste sloturile maxime) este încă activ."
+
+#: lib/luks2/luks2_luks1_convert.c:789
+#, c-format
+msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
+msgstr "Nu se poate converti în formatul LUKS1 - slotul de cheie %u nu este compatibil cu LUKS1."
+
+#: lib/luks2/luks2_reencrypt.c:1152
+#, c-format
+msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
+msgstr "Dimensiunea zonei „fierbinți” (active) trebuie să fie multiplu al alinierii zonei calculate (%zu octeți)."
+
+#: lib/luks2/luks2_reencrypt.c:1157
+#, c-format
+msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
+msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al alinierii zonei calculate (%zu octeți)."
+
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
+msgid "Failed to initialize old segment storage wrapper."
+msgstr "Nu s-a putut inițializa vechea încapsulare de stocare a segmentului."
+
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
+msgid "Failed to initialize new segment storage wrapper."
+msgstr "Nu s-a putut inițializa noua încapsulare de stocare a segmentului."
+
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Nu s-a putut inițializa protecția zonei „fierbinți” (active)."
+
+#: lib/luks2/luks2_reencrypt.c:1578
+msgid "Failed to read checksums for current hotzone."
+msgstr "Nu s-au putut citii sumele de control pentru zona „fierbinte” (activă) actuală."
+
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
+#, c-format
+msgid "Failed to read hotzone area starting at %<PRIu64>."
+msgstr "Nu s-a putut citi zona „fierbinte” (activă) începând cu %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:1604
+#, c-format
+msgid "Failed to decrypt sector %zu."
+msgstr "Nu s-a putut decripta sectorul %zu."
+
+#: lib/luks2/luks2_reencrypt.c:1610
+#, c-format
+msgid "Failed to recover sector %zu."
+msgstr "Nu s-a putut recupera sectorul %zu."
+
+#: lib/luks2/luks2_reencrypt.c:2174
+#, c-format
+msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
+msgstr "Dimensiunile dispozitivelor sursă și țintă nu se potrivesc. Sursa %<PRIu64>, ținta: %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2272
+#, c-format
+msgid "Failed to activate hotzone device %s."
+msgstr "Nu s-a putut activa zona „fierbinte” (activă) a dispozitivului %s."
+
+#: lib/luks2/luks2_reencrypt.c:2289
+#, c-format
+msgid "Failed to activate overlay device %s with actual origin table."
+msgstr "Nu s-a putut activa dispozitivul de suprapunere %s cu tabelul de origine actual."
+
+#: lib/luks2/luks2_reencrypt.c:2296
+#, c-format
+msgid "Failed to load new mapping for device %s."
+msgstr "Nu s-a putut încărca noua asociere pentru dispozitivul %s."
+
+#: lib/luks2/luks2_reencrypt.c:2367
+msgid "Failed to refresh reencryption devices stack."
+msgstr "Nu s-a putut reîmprospăta stiva de dispozitive de recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:2550
+msgid "Failed to set new keyslots area size."
+msgstr "Nu s-a putut definii dimensiunea zonei noilor sloturi pentru chei."
+
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Valoarea deplasării datelor nu este aliniată la dimensiunea sectorului de criptare (%<PRIu32> octeți)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Modul de adaptabilitate neacceptat %s"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Dimensiunea segmentului mutat nu poate fi mai mare decât valoarea deplasării de date."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Parametri de adaptabilitate de recriptare nevalizi."
+
+#: lib/luks2/luks2_reencrypt.c:2824
+#, c-format
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Segmentul mutat este prea mare. Dimensiunea solicitată este de %<PRIu64>, iar spațiul disponibil pentru aceasta este de: %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Nu s-a putut șterge tabelul."
+
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Dimensiunea redusă a datelor este mai mare decât dimensiunea dispozitivului real."
+
+#: lib/luks2/luks2_reencrypt.c:3004
+#, c-format
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Dispozitivul de date nu este aliniat la dimensiunea sectorului de criptare (%<PRIu32> octeți)."
+
+#: lib/luks2/luks2_reencrypt.c:3038
+#, c-format
+msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
+msgstr "Deplasarea datelor (%<PRIu64> sectoare) este mai mică decât decalajul viitor al datelor (%<PRIu64> sectoare)."
+
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
+#, c-format
+msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
+msgstr "Nu s-a putut deschide %s în modul exclusiv (deja cartografiat sau montat)."
+
+#: lib/luks2/luks2_reencrypt.c:3234
+msgid "Device not marked for LUKS2 reencryption."
+msgstr "Dispozitivul nu este marcat pentru recriptarea LUKS2."
+
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
+msgid "Failed to load LUKS2 reencryption context."
+msgstr "Nu s-a putut încărca contextul de recriptare LUKS2."
+
+#: lib/luks2/luks2_reencrypt.c:3331
+msgid "Failed to get reencryption state."
+msgstr "Nu s-a putut obține stadiul recriptării."
+
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
+msgid "Device is not in reencryption."
+msgstr "Dispozitivul nu se află în recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
+msgid "Reencryption process is already running."
+msgstr "Procesul de recriptare rulează deja."
+
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
+msgid "Failed to acquire reencryption lock."
+msgstr "Nu s-a putut obține blocarea pentru recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:3362
+msgid "Cannot proceed with reencryption. Run reencryption recovery first."
+msgstr "Nu se poate continua cu recriptarea. Rulați mai întâi recuperarea recriptării."
+
+#: lib/luks2/luks2_reencrypt.c:3497
+msgid "Active device size and requested reencryption size don't match."
+msgstr "Dimensiunea dispozitivului activ și dimensiunea de recriptare solicitată nu se potrivesc."
+
+#: lib/luks2/luks2_reencrypt.c:3511
+msgid "Illegal device size requested in reencryption parameters."
+msgstr "Dimensiunea dispozitivului solicitată în parametrii de recriptare este incorectă."
+
+#: lib/luks2/luks2_reencrypt.c:3588
+msgid "Reencryption in-progress. Cannot perform recovery."
+msgstr "Recriptare în curs. Nu se poate efectua recuperarea."
+
+#: lib/luks2/luks2_reencrypt.c:3757
+msgid "LUKS2 reencryption already initialized in metadata."
+msgstr "Recriptare LUKS2 deja inițializată în metadate."
+
+#: lib/luks2/luks2_reencrypt.c:3764
+msgid "Failed to initialize LUKS2 reencryption in metadata."
+msgstr "Nu s-a putut inițializa recriptarea LUKS2 în metadate."
+
+#: lib/luks2/luks2_reencrypt.c:3859
+msgid "Failed to set device segments for next reencryption hotzone."
+msgstr "Nu s-au putut definii segmentele dispozitivului pentru următoarea zonă „fierbinte” (activă) de recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:3911
+msgid "Failed to write reencryption resilience metadata."
+msgstr "Nu s-au putut scrie metadatele adaptabilității recriptării."
+
+#: lib/luks2/luks2_reencrypt.c:3918
+msgid "Decryption failed."
+msgstr "Decriptarea a eșuat."
+
+#: lib/luks2/luks2_reencrypt.c:3923
+#, c-format
+msgid "Failed to write hotzone area starting at %<PRIu64>."
+msgstr "Nu s-a putut scrie zona „fierbinte” (activă) începând de la %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:3928
+msgid "Failed to sync data."
+msgstr "Nu s-au putut sincroniza datele."
+
+#: lib/luks2/luks2_reencrypt.c:3936
+msgid "Failed to update metadata after current reencryption hotzone completed."
+msgstr "Nu s-au putut actualiza metadatele după finalizarea zonei „fierbinți” (active) de recriptare actuală."
+
+#: lib/luks2/luks2_reencrypt.c:4025
+msgid "Failed to write LUKS2 metadata."
+msgstr "Nu s-au putut scrie metadatele LUKS2."
+
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Nu s-a putut șterge zona nefolosită a dispozitivului de date."
+
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
+msgid "Failed to remove unused (unbound) keyslot %d."
+msgstr "Nu s-a putut elimina slotul de cheie neutilizat (neasociat) %d."
+
+#: lib/luks2/luks2_reencrypt.c:4064
+msgid "Failed to remove reencryption keyslot."
+msgstr "Nu s-a putut elimina slotul de cheie de recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:4074
+#, c-format
+msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
+msgstr "Eroare fatală la recriptarea porțiunii începând de la %<PRIu64>, %<PRIu64> sectoare lungi."
+
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Recriptarea «online» a eșuat."
+
+#: lib/luks2/luks2_reencrypt.c:4083
+msgid "Do not resume the device unless replaced with error target manually."
+msgstr "Nu reluați dispozitivul decât dacă este înlocuit manual cu ținta erorii."
+
+#: lib/luks2/luks2_reencrypt.c:4137
+msgid "Cannot proceed with reencryption. Unexpected reencryption status."
+msgstr "Nu se poate continua cu recriptarea. Stare neașteptată a recriptării."
+
+#: lib/luks2/luks2_reencrypt.c:4143
+msgid "Missing or invalid reencrypt context."
+msgstr "Context de recriptare lipsă sau nevalid."
+
+#: lib/luks2/luks2_reencrypt.c:4150
+msgid "Failed to initialize reencryption device stack."
+msgstr "Nu s-a putut inițializa stiva dispozitivului de recriptare."
+
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
+msgid "Failed to update reencryption context."
+msgstr "Nu s-a putut actualiza contextul de recriptare."
+
+#: lib/luks2/luks2_reencrypt_digest.c:405
+msgid "Reencryption metadata is invalid."
+msgstr "Metadatele de recriptare sunt nevalide."
+
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Parametrii de criptare a slotului de cheie pot fi stabiliți numai pentru dispozitivul LUKS2."
+
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
+#, c-format
+msgid "Enter token PIN: "
+msgstr "Introduceți codul PIN al jetonului: "
+
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Introduceți codul PIN al jetonului(token) %d: "
+
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
+msgid "No known cipher specification pattern detected."
+msgstr "Nu s-a detectat niciun model de specificație de cifrare cunoscut."
+
+#: src/cryptsetup.c:167
+msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
+msgstr "AVERTISMENT: Parametrul „--hash” este ignorat în modul simplu, cu fișierul de cheie specificat.\n"
+
+#: src/cryptsetup.c:175
+msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
+msgstr "AVERTISMENT: Opțiunea „--keyfile-size” este ignorată, dimensiunea de citire este aceeași cu dimensiunea cheii de criptare.\n"
+
+#: src/cryptsetup.c:215
+#, c-format
+msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
+msgstr "S-au detectat semnături de dispozitiv pe %s. Continuarea operației, riscă să deterioreze datele existente."
+
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
+msgid "Operation aborted.\n"
+msgstr "Operația se întrerupe.\n"
+
+#: src/cryptsetup.c:294
+msgid "Option --key-file is required."
+msgstr "Opțiunea „--key-file” este necesară."
+
+#: src/cryptsetup.c:345
+msgid "Enter VeraCrypt PIM: "
+msgstr "Introduceți PIM-ul VeraCrypt: "
+
+#: src/cryptsetup.c:354
+msgid "Invalid PIM value: parse error."
+msgstr "Valoare PIM nevalidă: eroare de analizare."
+
+#: src/cryptsetup.c:357
+msgid "Invalid PIM value: 0."
+msgstr "Valoare PIM nevalidă: 0."
+
+#: src/cryptsetup.c:360
+msgid "Invalid PIM value: outside of range."
+msgstr "Valoare PIM nevalidă: în afara intervalului."
+
+#: src/cryptsetup.c:383
+msgid "No device header detected with this passphrase."
+msgstr "Nu a fost detectat niciun antet de dispozitiv cu această frază de acces."
+
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
+#, c-format
+msgid "Device %s is not a valid BITLK device."
+msgstr "Dispozitivul %s nu este un dispozitiv BITLK valid."
+
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Nu se poate determina dimensiunea cheii de volum pentru BITLK; utilizați opțiunea „--key-size” pentru a o furniza."
+
+#: src/cryptsetup.c:506
+msgid ""
+"Header dump with volume key is sensitive information\n"
+"which allows access to encrypted partition without passphrase.\n"
+"This dump should be always stored encrypted on safe place."
+msgstr ""
+"Conținutul antetului cu cheia de volum este o informație sensibilă\n"
+"care permite accesul la partiția criptată fără fraza de acces.\n"
+"Acest conținut ar trebui să fie întotdeauna stocat criptat într-un loc sigur."
+
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Conținutul antetului cu cheia de volum este o informație sensibilă\n"
+"care permite accesul la partiția criptată fără fraza de acces.\n"
+"Acest conținut ar trebui să fie întotdeauna stocat criptat într-un loc sigur."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Dispozitivul %s nu este un dispozitiv FVAULT2 valid."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Nu se poate determina dimensiunea cheii de volum pentru FVAULT2; utilizați opțiunea „--key-size” pentru a o furniza."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
+#, c-format
+msgid "Device %s is still active and scheduled for deferred removal.\n"
+msgstr "Dispozitivul %s este încă activ și programat pentru eliminare temporizată.\n"
+
+#: src/cryptsetup.c:835
+msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
+msgstr "Redimensionarea dispozitivului activ necesită cheia de volum în inelul de chei, dar opțiunea „--disable-keyring” este furnizată."
+
+#: src/cryptsetup.c:982
+msgid "Benchmark interrupted."
+msgstr "Testarea pentru evaluarea performanței a fost întreruptă."
+
+#: src/cryptsetup.c:1003
+#, c-format
+msgid "PBKDF2-%-9s N/A\n"
+msgstr "PBKDF2-%-9s (neaplicabil)\n"
+
+#: src/cryptsetup.c:1005
+#, c-format
+msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
+msgstr "PBKDF2-%-9s %7u iterații pe secundă pentru cheia %zu-bit\n"
+
+#: src/cryptsetup.c:1019
+#, c-format
+msgid "%-10s N/A\n"
+msgstr "%-10s (neaplicabil)\n"
+
+#: src/cryptsetup.c:1021
+#, c-format
+msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
+msgstr "%-10s %4u iterații, %5u memorie, %1u fire paralele (CPU-uri) pentru cheia %zu-bit (timpul necesitat %u ms)\n"
+
+#: src/cryptsetup.c:1045
+msgid "Result of benchmark is not reliable."
+msgstr "Rezultatul testului de evaluare a performanței nu este fiabil."
+
+#: src/cryptsetup.c:1095
+msgid "# Tests are approximate using memory only (no storage IO).\n"
+msgstr "# Testele sunt aproximative folosind doar memoria (fără In/Ieș de stocare).\n"
+
+#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
+#: src/cryptsetup.c:1115
+#, c-format
+msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
+msgstr "#%*s Algoritm | Cheie | Criptare | Decriptare\n"
+
+#: src/cryptsetup.c:1119
+#, c-format
+msgid "Cipher %s (with %i bits key) is not available."
+msgstr "Cifrarea %s (cu cheie de %i biți) nu este disponibilă."
+
+#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
+#: src/cryptsetup.c:1138
+msgid "# Algorithm | Key | Encryption | Decryption\n"
+msgstr "# Algoritm | Cheie | Criptare | Decriptare\n"
+
+#: src/cryptsetup.c:1149
+msgid "N/A"
+msgstr "nedisponibil"
+
+#: src/cryptsetup.c:1174
+msgid ""
+"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
+"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
+msgstr "Au fost detectate metadate neprotejate de recriptare LUKS2. Verificați că operațiunea de recriptare este de dorit (consultați ieșirea luksDump) și continuați (să actualizați metadatele) numai dacă recunoașteți operația ca fiind autentică."
+
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Introduceți fraza de acces pentru a proteja și actualiza metadatele de recriptare: "
+
+#: src/cryptsetup.c:1224
+msgid "Really proceed with LUKS2 reencryption recovery?"
+msgstr "Continuați cu adevărat cu recuperarea recriptării LUKS2?"
+
+#: src/cryptsetup.c:1233
+msgid "Enter passphrase to verify reencryption metadata digest: "
+msgstr "Introduceți fraza de acces pentru a verifica calcularea sumele de control a metadatelor de recriptare: "
+
+#: src/cryptsetup.c:1235
+msgid "Enter passphrase for reencryption recovery: "
+msgstr "Introduceți fraza de acces pentru recuperarea recriptării: "
+
+#: src/cryptsetup.c:1290
+msgid "Really try to repair LUKS device header?"
+msgstr "Încercați cu adevărat să reparați antetul dispozitivului LUKS?"
+
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Ștergere întreruptă."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
+msgid ""
+"Wiping device to initialize integrity checksum.\n"
+"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
+msgstr ""
+"Se șterge dispozitivul pentru a inițializa calcularea sumei de control a integrității.\n"
+"Puteți întrerupe acest lucru apăsând CTRL+c (restul dispozitivului care nu este șters va conține o sumă de control nevalidă).\n"
+
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
+#, c-format
+msgid "Cannot deactivate temporary device %s."
+msgstr "Nu se poate dezactiva dispozitivul temporar %s."
+
+#: src/cryptsetup.c:1392
+msgid "Integrity option can be used only for LUKS2 format."
+msgstr "Opțiunea de integritate poate fi utilizată numai pentru formatul LUKS2."
+
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
+msgid "Unsupported LUKS2 metadata size options."
+msgstr "Opțiuni de dimensiune a metadatelor LUKS2 neacceptate."
+
+#: src/cryptsetup.c:1406
+msgid "Header file does not exist, do you want to create it?"
+msgstr "Fișierul antet nu există, doriți să îl creați?"
+
+#: src/cryptsetup.c:1414
+#, c-format
+msgid "Cannot create header file %s."
+msgstr "Nu se poate crea fișierul antet %s."
+
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
+msgid "No known integrity specification pattern detected."
+msgstr "Nu a fost detectat niciun model de specificație de integritate cunoscut."
+
+#: src/cryptsetup.c:1450
+#, c-format
+msgid "Cannot use %s as on-disk header."
+msgstr "Nu se poate folosi %s ca antet pe disc."
+
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
+#, c-format
+msgid "This will overwrite data on %s irrevocably."
+msgstr "Acest lucru va suprascrie datele de pe %s în mod irevocabil."
+
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
+msgid "Failed to set pbkdf parameters."
+msgstr "Nu s-au putut definii parametrii pbkdf."
+
+#: src/cryptsetup.c:1593
+msgid "Reduced data offset is allowed only for detached LUKS header."
+msgstr "Decalajul redus de date este permis numai pentru antetul LUKS detașat."
+
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Containerul de fișiere LUKS %s este prea mic pentru activare, nu mai rămâne spațiu pentru date."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
+msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
+msgstr "Nu se poate determina dimensiunea cheii de volum pentru LUKS fără sloturi de chei; folosiți opțiunea „--key-size” pentru a furniza aceste date."
+
+#: src/cryptsetup.c:1658
+msgid "Device activated but cannot make flags persistent."
+msgstr "Dispozitivul a fost activat, dar nu se poate face ca fanioanele să fie persistente."
+
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
+#, c-format
+msgid "Keyslot %d is selected for deletion."
+msgstr "Slotul de cheie %d este selectat pentru ștergere."
+
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
+msgid "This is the last keyslot. Device will become unusable after purging this key."
+msgstr "Acesta este ultimul slot de cheie. Dispozitivul va deveni inutilizabil după eliminarea acestei chei."
+
+#: src/cryptsetup.c:1750
+msgid "Enter any remaining passphrase: "
+msgstr "Introduceți orice frază de acces rămasă: "
+
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
+msgid "Operation aborted, the keyslot was NOT wiped.\n"
+msgstr "Operația a fost întreruptă, slotul de cheie NU a fost șters.\n"
+
+#: src/cryptsetup.c:1787
+msgid "Enter passphrase to be deleted: "
+msgstr "Introduceți fraza de acces pentru a fi ștearsă: "
+
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Dispozitivul %s nu este un dispozitiv LUKS2 valid."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
+msgid "Enter new passphrase for key slot: "
+msgstr "Introduceți noua frază de acces pentru slotul de cheie: "
+
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "AVERTISMENT: Parametrul „--key-slot” este utilizat pentru noul număr de slot de cheie.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
+#, c-format
+msgid "Enter any existing passphrase: "
+msgstr "Introduceți orice frază de acces existentă: "
+
+#: src/cryptsetup.c:2152
+msgid "Enter passphrase to be changed: "
+msgstr "Introduceți fraza de acces pentru a fi schimbată: "
+
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
+msgid "Enter new passphrase: "
+msgstr "Introduceți nouă frază de acces: "
+
+#: src/cryptsetup.c:2218
+msgid "Enter passphrase for keyslot to be converted: "
+msgstr "Introduceți fraza de acces pentru slotul de cheie care urmează să fie convertit: "
+
+#: src/cryptsetup.c:2242
+msgid "Only one device argument for isLuks operation is supported."
+msgstr "Doar un singur dispozitiv este admis ca argument pentru operația isLuks."
+
+#: src/cryptsetup.c:2350
+#, c-format
+msgid "Keyslot %d does not contain unbound key."
+msgstr "Slotul de cheie %d nu conține o cheie neasociată."
+
+#: src/cryptsetup.c:2355
+msgid ""
+"The header dump with unbound key is sensitive information.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Conținutul antetului cu cheia neasociată este o informație sensibilă.\n"
+"Acest conținut ar trebui să fie stocat criptat într-un loc sigur."
+
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
+#, c-format
+msgid "%s is not active %s device name."
+msgstr "%s nu este numele dispozitivului activ %s."
+
+#: src/cryptsetup.c:2465
+#, c-format
+msgid "%s is not active LUKS device name or header is missing."
+msgstr "%s nu este numele unui dispozitiv LUKS activ sau antetul lipsește."
+
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
+msgid "Option --header-backup-file is required."
+msgstr "Este necesară opțiunea „--header-backup-file”."
+
+#: src/cryptsetup.c:2577
+#, c-format
+msgid "%s is not cryptsetup managed device."
+msgstr "%s nu este un dispozitiv gestionat de «cryptsetup»."
+
+#: src/cryptsetup.c:2588
+#, c-format
+msgid "Refresh is not supported for device type %s"
+msgstr "Reîmprospătarea nu este disponibilă pentru tipul de dispozitiv %s"
+
+#: src/cryptsetup.c:2638
+#, c-format
+msgid "Unrecognized metadata device type %s."
+msgstr "Tip de dispozitiv de metadate nerecunoscut %s."
+
+#: src/cryptsetup.c:2640
+msgid "Command requires device and mapped name as arguments."
+msgstr "Comanda necesită un dispozitiv și numele asociat acestuia ca argumente."
+
+#: src/cryptsetup.c:2661
+#, c-format
+msgid ""
+"This operation will erase all keyslots on device %s.\n"
+"Device will become unusable after this operation."
+msgstr ""
+"Această operație va șterge toate sloturile de chei de pe dispozitivul %s.\n"
+"Dispozitivul va deveni inutilizabil după această operație."
+
+#: src/cryptsetup.c:2668
+msgid "Operation aborted, keyslots were NOT wiped.\n"
+msgstr "Operația a fost întreruptă, sloturile de chei NU au fost șterse.\n"
+
+#: src/cryptsetup.c:2707
+msgid "Invalid LUKS type, only luks1 and luks2 are supported."
+msgstr "Tip LUKS nevalid, numai luks1 și luks2 sunt acceptate."
+
+#: src/cryptsetup.c:2723
+#, c-format
+msgid "Device is already %s type."
+msgstr "Dispozitivul este deja de tip %s."
+
+#: src/cryptsetup.c:2730
+#, c-format
+msgid "This operation will convert %s to %s format.\n"
+msgstr "Această operație va converti %s în formatul %s.\n"
+
+#: src/cryptsetup.c:2733
+msgid "Operation aborted, device was NOT converted.\n"
+msgstr "Operația a fost întreruptă, dispozitivul NU a fost convertit.\n"
+
+#: src/cryptsetup.c:2773
+msgid "Option --priority, --label or --subsystem is missing."
+msgstr "Opțiunea „--priority”, „--label” sau „--subsystem” lipsește."
+
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
+#, c-format
+msgid "Token %d is invalid."
+msgstr "Jetonul(token) %d nu este valid."
+
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
+#, c-format
+msgid "Token %d in use."
+msgstr "Jetonul(token) %d este în uz."
+
+#: src/cryptsetup.c:2822
+#, c-format
+msgid "Failed to add luks2-keyring token %d."
+msgstr "Nu s-a putut adăuga jetonul(token) %d la inelul de chei luks2."
+
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
+#, c-format
+msgid "Failed to assign token %d to keyslot %d."
+msgstr "Nu s-a putut atribui jetonul(token) %d slotului pentru cheie %d."
+
+#: src/cryptsetup.c:2850
+#, c-format
+msgid "Token %d is not in use."
+msgstr "Jetonul %d nu este în uz."
+
+#: src/cryptsetup.c:2887
+msgid "Failed to import token from file."
+msgstr "Nu s-a putut importa jetonul din fișier."
+
+#: src/cryptsetup.c:2912
+#, c-format
+msgid "Failed to get token %d for export."
+msgstr "Nu s-a putut obține jetonul %d pentru export."
+
+#: src/cryptsetup.c:2925
+#, c-format
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Jetonul %d nu este alocat slotului de cheie %d."
+
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
+#, c-format
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Nu s-a putut anula atribuirea jetonului %d din slotul de cheie %d."
+
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Opțiunea „--tcrypt-hidden”, „--tcrypt-system” sau „--tcrypt-backup” este acceptată doar pentru dispozitivele TCRYPT."
+
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Opțiunea „--veracrypt” sau „--disable-veracrypt” este acceptată numai pentru tipul de dispozitiv TCRYPT."
+
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Opțiunea „--veracrypt-pim” este acceptată numai pentru dispozitivele compatibile cu VeraCrypt."
+
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Opțiunea „--veracrypt-query-pim” este acceptată numai pentru dispozitivele compatibile cu VeraCrypt."
+
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Opțiunile „--veracrypt-pim” și „--veracrypt-query-pim” se exclud reciproc."
+
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Opțiunea „--persistent” nu este permisă cu opțiunea „--test-passphrase”."
+
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Opțiunile „--refresh” și „--test-passphrase” se exclud reciproc."
+
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Opțiunea „--shared” este permisă numai pentru deschiderea unui dispozitiv simplu."
+
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Opțiunea „--skip” este acceptată numai pentru deschiderea dispozitivelor simple și a dispozitivelor loopaes."
+
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Opțiunea „--offset” cu acțiune de deschidere este acceptată numai pentru dispozitivele simple și dispozitivele loopaes."
+
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Opțiunea „--tcrypt-hidden” nu poate fi combinată cu opțiunea „--allow-discards”."
+
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Opțiunea de dimensiune a sectorului cu acțiune de deschidere este acceptată numai pentru dispozitivele simple."
+
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Opțiunea sectoare IV (vector de inițializare) mari este acceptată numai pentru deschiderea dispozitivelor de tip simplu, cu dimensiunea sectorului mai mare de 512 de octeți."
+
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Opțiunea „--test-passphrase” este permisă numai pentru deschiderea dispozitivelor LUKS, TCRYPT, BITLK și FVAULT2."
+
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Opțiunile „--device-size” și „--size” nu pot fi combinate."
+
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Opțiunea „--unbound” este permisă numai pentru deschiderea dispozitivelor luks."
+
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Opțiunea „--unbound” nu poate fi utilizată fără opțiunea „--test-passphrase”."
+
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Opțiunile „--cancel-deferred” și „--deferred” nu pot fi utilizate în același timp."
+
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Opțiunile „--reduce-device-size” și „--data-size” nu pot fi combinate."
+
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Opțiunea „--active-name” poate fi utilizată numai pentru dispozitivele LUKS2."
+
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Opțiunile „--active-name” și „--force-offline-reencrypt” nu pot fi combinate."
+
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "Este necesară specificarea slotului de cheie."
+
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Opțiunile „--align-payload” și „--offset” nu pot fi combinate."
+
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Opțiunea „--integrity-no-wipe” poate fi utilizată numai pentru acțiuni de formatare cu extensie de integritate."
+
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Numai una dintre opțiunile „--use-[u]random” este permisă."
+
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "Dimensiunea cheii este necesară cu opțiunea „--unbound”."
+
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Operație cu jeton(token) nevalidă."
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Parametrul „--key-description” este obligatoriu pentru acțiunea de adăugare a jetonului."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Acțiunea necesită un jeton(token)l specific. Utilizați parametrul „--token-id”."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Opțiunea „--unbound” este validă numai cu acțiunea de adăugare a jetonului."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Opțiunile „--key-slot” și „--unbound” nu pot fi combinate."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Acțiunea necesită un slot de cheie specific. Utilizați parametrul „--key-slot”."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<dispozitiv> [--type <tip>] [<nume>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "deschide dispozitivul ca <nume>"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<nume>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
+msgid "close device (remove mapping)"
+msgstr "închide dispozitivul (elimină asocierea)"
+
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
+msgid "resize active device"
+msgstr "redimensionează dispozitivul activ"
+
+#: src/cryptsetup.c:3159
+msgid "show device status"
+msgstr "afișează starea dispozitivului"
+
+#: src/cryptsetup.c:3160
+msgid "[--cipher <cipher>]"
+msgstr "[--cipher <cifrarea>]"
+
+#: src/cryptsetup.c:3160
+msgid "benchmark cipher"
+msgstr "evaluează performanța cifrului"
+
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
+msgid "<device>"
+msgstr "<dispozitiv>"
+
+#: src/cryptsetup.c:3161
+msgid "try to repair on-disk metadata"
+msgstr "încearcă să repare metadatele de pe disc"
+
+#: src/cryptsetup.c:3162
+msgid "reencrypt LUKS2 device"
+msgstr "recriptează dispozitivul LUKS2"
+
+#: src/cryptsetup.c:3163
+msgid "erase all keyslots (remove encryption key)"
+msgstr "șterge toate sloturile de chei (elimină cheia de criptare)"
+
+#: src/cryptsetup.c:3164
+msgid "convert LUKS from/to LUKS2 format"
+msgstr "convertește LUKS din/în formatul LUKS2"
+
+#: src/cryptsetup.c:3165
+msgid "set permanent configuration options for LUKS2"
+msgstr "definește opțiunile permanente de configurare pentru LUKS2"
+
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
+msgid "<device> [<new key file>]"
+msgstr "<dispozitiv> [<fișier cheie nou>]"
+
+#: src/cryptsetup.c:3166
+msgid "formats a LUKS device"
+msgstr "formatează un dispozitiv LUKS"
+
+#: src/cryptsetup.c:3167
+msgid "add key to LUKS device"
+msgstr "adaugă o cheie la dispozitivul LUKS"
+
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
+msgid "<device> [<key file>]"
+msgstr "<dispozitiv> [<fișier cheie>]"
+
+#: src/cryptsetup.c:3168
+msgid "removes supplied key or key file from LUKS device"
+msgstr "elimină cheia sau fișierul cheie furnizat de pe dispozitivul LUKS"
+
+#: src/cryptsetup.c:3169
+msgid "changes supplied key or key file of LUKS device"
+msgstr "modifică cheia furnizată sau fișierul cheie al dispozitivului LUKS"
+
+#: src/cryptsetup.c:3170
+msgid "converts a key to new pbkdf parameters"
+msgstr "convertește o cheie în noii parametri pbkdf"
+
+#: src/cryptsetup.c:3171
+msgid "<device> <key slot>"
+msgstr "<dispozitiv> <slot cheie>"
+
+#: src/cryptsetup.c:3171
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr "șterge cheia cu numărul <slot cheie> de pe dispozitivul LUKS"
+
+#: src/cryptsetup.c:3172
+msgid "print UUID of LUKS device"
+msgstr "afișează UUID-ul dispozitivului LUKS"
+
+#: src/cryptsetup.c:3173
+msgid "tests <device> for LUKS partition header"
+msgstr "testează <dispozitivul> pentru antetul partiției LUKS"
+
+#: src/cryptsetup.c:3174
+msgid "dump LUKS partition information"
+msgstr "afișează informațiile despre partiția LUKS"
+
+#: src/cryptsetup.c:3175
+msgid "dump TCRYPT device information"
+msgstr "afișează informațiile despre dispozitivul TCRYPT"
+
+#: src/cryptsetup.c:3176
+msgid "dump BITLK device information"
+msgstr "afișează informațiile despre dispozitivul BITLK"
+
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "afișează informațiile despre dispozitivul FVAULT2"
+
+#: src/cryptsetup.c:3178
+msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
+msgstr "Suspendă dispozitivul LUKS și șterge cheia (toate In/Ieșirile sunt înghețate)"
+
+#: src/cryptsetup.c:3179
+msgid "Resume suspended LUKS device"
+msgstr "Repune în funcțiune dispozitivul LUKS suspendat"
+
+#: src/cryptsetup.c:3180
+msgid "Backup LUKS device header and keyslots"
+msgstr "Face copie de rezervă pentru antetul dispozitivului LUKS și pentru sloturile de chei"
+
+#: src/cryptsetup.c:3181
+msgid "Restore LUKS device header and keyslots"
+msgstr "Restaurează antetul dispozitivului LUKS și sloturile de chei"
+
+#: src/cryptsetup.c:3182
+msgid "<add|remove|import|export> <device>"
+msgstr "<add|remove|import|export> <dispozitiv>"
+
+#: src/cryptsetup.c:3182
+msgid "Manipulate LUKS2 tokens"
+msgstr "Manipulează jetoanele LUKS2"
+
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
+msgid ""
+"\n"
+"<action> is one of:\n"
+msgstr ""
+"\n"
+"<acțiune> este una dintre:\n"
+
+# R-GC, scrie:
+# «open» și «close», sunt noile nume
+# pentru <acțiune>, iar:
+# «create» și «remove», sunt vechile
+# nume, sau alias pentru primele.
+# A se vedea ieșirea comenzii:
+# «cryptsetup -?|--help»
+#: src/cryptsetup.c:3207
+msgid ""
+"\n"
+"You can also use old <action> syntax aliases:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
+msgstr ""
+"\n"
+"Puteți utiliza, de asemenea, vechile alias de sintaxă <acțiune>:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
+
+#: src/cryptsetup.c:3211
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
+msgstr ""
+"\n"
+"<nume> este dispozitivul de creat sub %s\n"
+"<dispozitiv> este dispozitivul criptat\n"
+"<slot cheie> este numărul slotului de cheie LUKS de modificat\n"
+"<fișier cheie> fișier cheie opțional pentru noua cheie pentru acțiunea luksAddKey\n"
+
+#: src/cryptsetup.c:3218
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in metadata format is %s (for luksFormat action).\n"
+msgstr ""
+"\n"
+"Formatul implicit de metadate compilate este %s (pentru acțiunea luksFormat).\n"
+
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Suportul pentru modulul de jeton(token) extern LUKS2 este %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "integrat în compilare"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Calea modulului pentru jetonul(token) extern LUKS2: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "dezactivat"
+
+#: src/cryptsetup.c:3230
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in key and passphrase parameters:\n"
+"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
+"Default PBKDF for LUKS2: %s\n"
+"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
+msgstr ""
+"\n"
+"Parametrii impliciti pentru cheia și fraza de acces compilați:\n"
+"\tDimensiunea maximă a fișierului cheie: %dko, Lungimea maximă a frazei de acces interactivă %d (caractere)\n"
+"PBKDF implicit pentru LUKS1: %s, timp de iterație: %d (ms)\n"
+"PBKDF implicit pentru LUKS2: %s\n"
+"\tTimp de iterare: %d, Memorie necesară: %dko, Fire de execuție paralele: %d\n"
+
+#: src/cryptsetup.c:3241
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in device cipher parameters:\n"
+"\tloop-AES: %s, Key %d bits\n"
+"\tplain: %s, Key: %d bits, Password hashing: %s\n"
+"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
+msgstr ""
+"\n"
+"Parametrii de cifrare ai dispozitivului compilați implicit:\n"
+"\tloop-AES: %s, cheie %d biți\n"
+"\tsimplu: %s, Cheie: %d biți, Suma de control a parolei: %s\n"
+"\tLUKS: %s, Cheie: %d biți, Suma de control a antetului LUKS: %s, RNG: %s\n"
+
+#: src/cryptsetup.c:3250
+msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
+msgstr "\tLUKS: Dimensiunea implicită a cheii cu modul XTS (două chei interne) va fi dublată.\n"
+
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr "%s: necesită %s ca argumente"
+
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Slotul de cheie nu este valid."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Dimensiunea dispozitivului trebuie să fie multiplu al sectorului de 512 octeți."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Specificația pentru dimensiunea zonei fierbinți(active) pentru recriptare maximă nu este validă."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Dimensiunea cheii trebuie să fie multiplu de 8 biți"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Dimensiunea maximă de reducere a dispozitivului este de 1 GiB."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Dimensiunea redusă trebuie să fie multiplu al sectorului de 512 octeți."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Argumentul opțiuni „--priority” poate fi doar «ignore/normal/prefer»."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
+msgid "Show this help message"
+msgstr "Afișează acest mesaj de ajutor"
+
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
+msgid "Display brief usage"
+msgstr "Afișează modul de utilizare pe scurt"
+
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
+msgid "Print package version"
+msgstr "Afișează versiunea pachetului"
+
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
+msgid "Help options:"
+msgstr "Opțiuni de ajutor:"
+
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[OPȚIUNE...] <acțiune> <parametri_acțiune>"
+
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
+msgid "Argument <action> missing."
+msgstr "Argumentul <acțiune> lipsește."
+
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
+msgid "Unknown action."
+msgstr "Acțiune necunoscută."
+
+#: src/cryptsetup.c:3546
+msgid "Option --key-file takes precedence over specified key file argument."
+msgstr "Opțiunea „--key-file” are prioritate față de argumentul specificat pentru fișierul cheie."
+
+#: src/cryptsetup.c:3552
+msgid "Only one --key-file argument is allowed."
+msgstr "Numai un argument „--key-file” este permis."
+
+#: src/cryptsetup.c:3557
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+msgstr "Funcția de derivare a unei chei bazată pe parolă (PBKDF=Password-Based Key Derivation Function) poate fi doar pbkdf2 sau argon2i/argon2id."
+
+#: src/cryptsetup.c:3562
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
+msgstr "Iterațiile forțate PBKDF nu pot fi combinate cu opțiunea de timp de iterație."
+
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Opțiunile „--keyslot-cipher” și „--keyslot-key-size” trebuie să fie folosite împreună."
+
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Nu s-a executat nicio acțiune. Programul a fost invocat cu opțiunea „--test-args”.\n"
+
+#: src/cryptsetup.c:3594
+msgid "Cannot disable metadata locking."
+msgstr "Nu se poate dezactiva blocarea metadatelor."
+
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
+msgstr "S-a specificat un șir de date «salt» nevalid."
+
+#: src/veritysetup.c:87
+#, c-format
+msgid "Cannot create hash image %s for writing."
+msgstr "Nu s-a putut crea imaginea sumei de control(hash) %s pentru scriere."
+
+#: src/veritysetup.c:97
+#, c-format
+msgid "Cannot create FEC image %s for writing."
+msgstr "Nu s-a putut crea imaginea FEC %s pentru scriere."
+
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Nu s-a putut crea fișierul sumei de control(hash) rădăcină %s pentru scriere."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Nu se poate scrie în fișierul sumei de control (hash) rădăcină %s."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Dispozitivul %s nu este un dispozitiv VERITY valid."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Nu se poate citii din fișierul sumei de control (hash) rădăcină %s."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Fișierul sumei de control (hash) rădăcină %s nu este valid."
+
+#: src/veritysetup.c:241
+msgid "Invalid root hash string specified."
+msgstr "S-a specificat un șir de sumă de control (hash) rădăcină nevalid."
+
+#: src/veritysetup.c:249
+#, c-format
+msgid "Invalid signature file %s."
+msgstr "Fișierul de semnătură %s nu este valid."
+
+#: src/veritysetup.c:256
+#, c-format
+msgid "Cannot read signature file %s."
+msgstr "Nu se poate citi fișierul de semnătură %s."
+
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Comanda necesită ca argument opțiunea <suma-de-control(hash)_rădăcină> sau „--root-hash-file”."
+
+#: src/veritysetup.c:489
+msgid "<data_device> <hash_device>"
+msgstr "<dispozitiv_date> <dispozitiv_sumă-de-control(hash)>"
+
+#: src/veritysetup.c:489 src/integritysetup.c:534
+msgid "format device"
+msgstr "formatează dispozitivul"
+
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<dispozitiv_date> <dispozitiv_sumă-de-control(hash)> [<sumă-de-control(hash)_rădăcină>]"
+
+#: src/veritysetup.c:490
+msgid "verify device"
+msgstr "verifică dispozitivul"
+
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<dispozitiv_date> <nume> <dispozitiv_sumă-de-control(hash)> [<sumă-de-control(hash)_rădăcină>]"
+
+#: src/veritysetup.c:493 src/integritysetup.c:537
+msgid "show active device status"
+msgstr "afișează starea dispozitivului activ"
+
+#: src/veritysetup.c:494
+msgid "<hash_device>"
+msgstr "<dispozitiv_sumă-de-control(hash)>"
+
+#: src/veritysetup.c:494 src/integritysetup.c:538
+msgid "show on-disk information"
+msgstr "afișează informațiile de pe disc"
+
+#: src/veritysetup.c:513
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
+msgstr ""
+"\n"
+"<nume> este dispozitivul de creat sub %s\n"
+"<dispozitiv_date> este dispozitivul de date\n"
+"<dispozitiv_sumă-de-control(hash)> este dispozitivul care conține datele de verificare\n"
+"<sumă-de-control(hash)_rădăcină> suma-de-control(hash) a nodului rădăcină de pe <dispozitiv_sumă-de-control(hash)>\n"
+
+#: src/veritysetup.c:520
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
+msgstr ""
+"\n"
+"Parametrii dm-verity compilați implicit:\n"
+"\tAlgoritmul sumei de control(hash): %s, Bloc de date (octeți): %u, Bloc sumă de control(hash) (octeți): %u,\n"
+"\tDimensiune date «salt»: %u, Formatul sumei de control(hash): %u\n"
+
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Opțiunile „--ignore-corruption” și „--restart-on-corruption” nu pot fi utilizate împreună."
+
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Opțiunile „--panic-on-corruption” și „--restart-on-corruption” nu pot fi utilizate împreună."
+
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Acest lucru va suprascrie datele de pe %s și %s în mod irevocabil.\n"
+"Pentru a păstra datele dispozitivului de date, utilizați opțiunea „--no-wipe” (și apoi activați-l cu „--integrity-recalculate”)."
+
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Formatat cu dimensiunea etichetei %u, integritate internă %s.\n"
+
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Utilizarea fanionului pentru recalculare(...-recalculate) nu este acceptată, luați în considerare utilizarea opțiunii „--wipe” în schimb."
+
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Dispozitivul %s nu este un dispozitiv INTEGRITY valid."
+
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<dispozitiv_integritate>"
+
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<dispozitiv_integritate> <nume>"
+
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<nume> este dispozitivul de creat sub %s\n"
+"<dispozitiv_integritate> este dispozitivul care conține date cu etichete de integritate\n"
+
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Parametrii dm-integrity compilați implicit:\n"
+"\tAlgoritmul sumei de control: %s\n"
+"\tDimensiunea maximă a fișierului cheie: %dko\n"
+
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Dimensiune nevalidă --%s. Maximul este de %u octeți."
+
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Trebuie specificată atât opțiunea pentru fișierul cheie, cât și opțiunea pentru dimensiunea cheii."
+
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Trebuie specificată atât opțiunea pentru fișierul cheii de integritate a jurnalului, cât și opțiunea pentru dimensiunea cheii."
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Algoritmul de integritate a jurnalului trebuie să fie specificat dacă este utilizată cheia de integritate a jurnalului."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Trebuie specificată atât opțiunea pentru fișierul cheii de criptare a jurnalului, cât și opțiunea pentru dimensiunea cheii."
+
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Algoritmul de criptare a jurnalului trebuie să fie specificat dacă este utilizată cheia de criptare a jurnalului."
+
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Opțiunile de recuperare și modul de hartă de biți(bitmap) se exclud reciproc."
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Opțiunile jurnalului nu pot fi utilizate în modul de hartă de biți(bitmap)."
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Opțiunile de hartă de biți(bitmap) pot fi utilizate numai în modul de hartă de biți(bitmap)."
+
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"AVERTISMENT!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Sunteți sigur? (Tastați „yes” cu litere mari): "
+
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Eroare la citirea răspunsului de la terminal."
+
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Comandă reușită."
+
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "parametri greșiți sau lipsă"
+
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "fără permisiune sau expresie de acces incorectă"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "memorie insuficientă"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "dispozitiv sau fișier specificat greșit"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "dispozitivul există deja sau dispozitivul este ocupat"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "eroare necunoscută"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Comanda a eșuat cu codul %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Slotul de cheie %i a fost creat."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Slotul de cheie %i a fost deblocat."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Slotul de cheie %i a fost eliminat."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Jetonul %i a fost creat."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Jetonul %i a fost eliminat."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Niciun jeton(token) nu a putut fi deblocat cu acest cod PIN."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Jetonul %i necesită un cod PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Jetonul (tip %s) necesită un cod PIN."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Jetonul %i nu poate debloca slotul de cheie alocat (frază de acces greșită pentru slotul de cheie)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Jetonul (tip %s) nu poate debloca slotul de cheie alocat (frază de acces greșită pentru slotul de cheie)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Jetonul %i necesită o resursă suplimentară lipsă."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Jetonul (tip %s) necesită o resursă suplimentară lipsă."
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "Nu este disponibil niciun jeton utilizabil (tip %s)."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Nu este disponibil niciun jeton utilizabil."
+
+#: src/utils_tools.c:393
+#, c-format
+msgid "Cannot read keyfile %s."
+msgstr "Nu se poate citi fișierul de chei %s."
+
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Nu se pot citi %d octeți din fișierul de chei %s."
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Nu se poate deschide fișierul de chei %s pentru scriere."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Nu se poate scrie în fișierul de chei %s."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> zile"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s scris"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "viteza %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Progres: %5.1f%%, AMR %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Terminat în: %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Nu se poate verifica calitatea parolei: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Verificarea calității parolei a eșuat:\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Verificarea calității parolei a eșuat: frază de acces greșită (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "Eroare la citirea frazei de acces de la terminal."
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "Verifică fraza de acces: "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "Frazele de acces nu se potrivesc."
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "Nu se poate utiliza decalajul cu intrarea terminalului."
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Introduceți fraza de acces: "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Introduceți fraza de acces pentru %s: "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "Nu este disponibilă nicio cheie cu această frază de acces."
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "Nu este disponibil niciun slot de cheie utilizabil."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Nu se poate face verificarea frazei de acces pe intrări non-tty."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Nu s-a putut deschide fișierul %s în modul numai-pentru-citire."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Furnizați un jeton(token) JSON LUKS2 valid:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Nu s-a putut citi fișierul JSON."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Citire întreruptă."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Nu s-a putut deschide fișierul %s în modul de scriere."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Scriere întreruptă."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Nu s-a putut scrie fișierul JSON."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Dispozitiv dm activ „%s” detectat automat pentru dispozitivul de date %s.\n"
+
+# R-GC, scrie:
+# ceva mă face să cred că:
+# „holders”, ar trebui tradus de fapt,
+# ca „locatarii” (ghilimelele inclusiv).
+# Cred că de fapt autorii se referă
+# la ocupanții dispozitivului:
+# date normale, fișiere de antete de...,
+# fișiere de chei, fișiere de sume
+# de control, fișiere de draci și laci....
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Nu s-au putut detecta automat deținătorii dispozitivului %s."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Dispozitivul %s nu este un dispozitiv de blocuri.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Nu se poate decide dacă dispozitivul %s este activat sau nu.\n"
+"Sunteți sigur că doriți să continuați cu recriptarea în modul offline?\n"
+"Poate duce la coruperea datelor dacă dispozitivul este activat în acest moment.\n"
+"Pentru a rula recriptarea în modul online, utilizați în schimb parametrul „--active-name”.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Dispozitivul %s nu este un dispozitiv de blocuri. Nu se poate detecta automat dacă este activ sau nu.\n"
+"Utilizați „--force-offline-reencrypt” pentru a ocoli verificarea și rulați în modul offline (periculos!)."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Opțiunea „--resilience” solicitată nu poate fi aplicată operațiunii curente de recriptare."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Dispozitivul nu este în criptare LUKS2. Opțiune în conflict „--encrypt”."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Dispozitivul nu este în decriptare LUKS2. Opțiune în conflict „--decrypt”."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Dispozitivul este în recriptare folosind adaptabilitatea la transferul de date. Opțiunea „--resilience” solicitată nu poate fi aplicată."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Dispozitivul necesită recuperarea recriptării. Rulați mai întâi operația de reparare."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Dispozitivul %s este deja în recriptare LUKS2. Doriți să reluați operația inițializată anterior?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Recriptarea veche LUKS2 nu mai este acceptată."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Recriptarea dispozitivului cu profil de integritate nu este acceptată."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Solicitarea făcută cu opțiunea „--sector-size %<PRIu32>” este incompatibilă cu superblocul %s\n"
+"(dimensiunea blocului: %<PRIu32> octeți) detectat pe dispozitivul %s."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Criptarea fără antet detașat (--header) nu este posibilă fără reducerea dimensiunii dispozitivului de date (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Decalajul de date solicitat trebuie să fie mai mic sau egal cu jumătate din parametrul opțiunii „--reduce-device-size”."
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Ajustarea valorii „--reduce-device-size” la de două ori față de „--offset %<PRIu64> (sectoare)”.\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Fișierul antet temporar %s există deja. Se abandonează."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Nu se poate crea fișierul antet temporar %s."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Dimensiunea metadatelor LUKS2 este mai mare decât valoarea decalajului de date."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Nu s-a putut plasa antetul nou la începutul dispozitivului %s."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s este acum activ și pregătit pentru criptarea online.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Dispozitivul activ %s nu este LUKS2."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Se restabilește antetul LUKS2 original."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Restaurarea antetului LUKS2 original a eșuat."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Fișierul antet %s nu există. Doriți să inițializați decriptarea LUKS2 a dispozitivului %s și să exportați antetul LUKS2 în fișierul %s?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Nu s-au putut adăuga permisiuni de citire/scriere la fișierul antet exportat."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Inițializarea recriptării a eșuat. Copia de rezervă a antetului este disponibilă în %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Decriptarea LUKS2 este acceptată numai cu dispozitivul antet detașat (cu decalajul de date fixat la 0)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Nu sunt suficiente sloturi de chei liberee pentru recriptare."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Fișierul de cheie poate fi utilizat numai cu opțiunea „--key-slot” sau cu exact un slot de cheie activ."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Introduceți fraza de acces pentru slotul de cheie %d: "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Introduceți fraza de acces pentru slotul de cheie %u: "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Se comută cifrul de criptare a datelor la %s.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Nu s-au modificat parametrii de segment de date. Recriptarea a fost abandonată."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Creșterea dimensiunii sectorului de criptare pe dispozitivul offline nu este acceptată.\n"
+"Activați mai întâi dispozitivul sau utilizați opțiunea „--force-offline-reencrypt” (periculos!)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Recriptarea a fost întreruptă."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Reluarea recriptării LUKS în modul offline forțat.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Dispozitivul %s conține metadate LUKS deteriorate. Se abandonează operația."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Dispozitivul %s este deja un dispozitiv LUKS. Se abandonează operația."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Dispozitivul %s este deja în recriptare LUKS. Se abandonează operația."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "Decriptarea LUKS2 necesită opțiunea „--header”."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "Comanda necesită un dispozitiv ca argument."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Versiuni în conflict. Dispozitivul %s este LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS1."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Versiuni în conflict. Dispozitivul %s este LUKS2."
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Versiuni în conflict. Dispozitivul %s este în recriptare LUKS2."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Recriptarea LUKS2 a fost deja inițializată. Se abandonează operația."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Recriptarea dispozitivului nu este în curs de desfășurare."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Nu se poate deschide exclusiv %s, dispozitiv în uz."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Alocarea memoriei aliniate a eșuat."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Nu se poate citi dispozitivul %s."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Se marchează dispozitivul LUKS1 %s ca neutilizabil."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Nu se poate scrie dispozitivul %s."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Nu se poate scrie fișierul jurnalului de recriptare."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Nu se poate citii fișierul jurnalului de recriptare."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Format de jurnal greșit."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Fișierul jurnal %s există, reluând recriptarea.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Se activează dispozitivul temporar folosind antetul LUKS vechi."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Se activează dispozitivul temporar folosind antetul LUKS nou."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Activarea dispozitivelor temporare a eșuat."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Nu s-a putut definii decalajul de date."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Nu s-a putut definii dimensiunea metadatelor."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "A fost creat un nou antet LUKS pentru dispozitivul %s."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "A fost creată o copie de rezervă a antetului %s pentru dispozitivul %s."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Crearea antetelor de rezervă LUKS a eșuat."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Nu se poate restabili antetul %s pe dispozitivul %s."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Antetul %s de pe dispozitivul %s a fost restaurat."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Nu se poate deschide dispozitivul LUKS temporar."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Nu se poate obține dimensiunea dispozitivului."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "Eroare de In/Ieș în timpul recriptării."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "UUID-ul furnizat nu este valid."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Nu se poate deschide fișierul jurnalului de recriptare."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Nicio decriptare nu este în curs de desfășurare, UUID-ul furnizat poată să fie utilizat doar pentru a relua procesul de decriptare suspendat."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Recriptarea se va modifica: %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "cheia de volum"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "stabilește suma de control(hash) la "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", stabilește cifrarea la "
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "AVERTISMENT: Dispozitivul %s conține deja o semnătură de partiție „%s”.\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "AVERTISMENT: Dispozitivul %s conține deja o semnătură superbloc „%s”.\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Nu s-au inițializat probele de semnătură a dispozitivului."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Nu s-a putut obține starea dispozitivului %s."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Nu s-a putut deschide fișierul %s în modul citire/scriere."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Semnătura partiției „%s” existentă pe dispozitivul %s va fi ștearsă."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Semnătura superblocului „%s” existentă pe dispozitivul %s va fi ștearsă."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Nu s-a putut șterge semnătura dispozitivului."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Nu s-a putut verifica dispozitivul %s pentru o semnătură."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Specificație de dimensiune nevalidă în parametrul „--%s”."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Opțiunea „--%s” nu este permisă cu acțiunea %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Nu s-a putut scrie jetonul ssh în format JSON."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Modul de criptare experimentală pentru deblocarea dispozitivelor LUKS2 cu jeton(token) conectat la un server SSH\v Acest modul permite în prezent doar adăugarea unui jeton(token) la un slot de cheie existent.\n"
+"\n"
+"Serverul SSH specificat trebuie să conțină un fișier cheie în calea specificată, cu o frază de acces pentru un slot de cheie existent pe dispozitiv.\n"
+"Acreditările furnizate vor fi folosite de «cryptsetup» pentru a obține parola atunci când deschideți dispozitivul folosind jetonul(token).\n"
+"\n"
+"Notă: Informațiile furnizate la adăugarea jetonului(token) (adresa serverului SSH, utilizatorul și căile) vor fi stocate în antetul LUKS2 în text clar."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<acțiune> <dispozitiv>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Opțiuni pentru acțiunea „add”:"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "Adresa IP/URL a serverului de la distanță pentru acest jeton(token)"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Nume de utilizator folosit pentru serverul de la distanță"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Calea către fișierul de cheie din serverul de la distanță"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Calea către cheia SSH pentru conectarea la serverul de la distanță"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Slotul de cheie căruia să îi atribuiți jetonul. Dacă nu este specificat, jetonul va fi atribuit primei fraze de acces furnizate care se potrivește cu slotul de cheie."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Opțiuni generice:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Afișează mesaje de eroare mult mai detaliate"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Afișează mesajele de depanare"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Afișează mesajele de depanare, inclusiv metadate JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Nu s-a putut deschide și importa cheia privată:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Nu s-a putut importa cheia privată (protejată prin parolă?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Parola pentru %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Argumentele nu au putut fi analizate.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Trebuie specificată o acțiune\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Trebuie specificat dispozitivul pentru acțiunea „%s”.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Serverul SSH trebuie să fie specificat pentru acțiunea „%s”.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Trebuie specificat utilizatorul SSH pentru acțiunea „%s”.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Trebuie specificată calea SSH pentru acțiunea „%s”.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Trebuie specificată calea cheii SSH pentru acțiunea „%s”.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Nu s-a putut deschide %s folosind acreditările furnizate.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Doar acțiunea „addi” este suportată în prezent de acest modul.\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Nu se poate crea sesiunea sftp: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Nu se poate iniția sesiunea sftp: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Nu se poate deschide sesiunea sftp: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Nu se poate stabili starea fișierului sftp: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Nu este suficientă memorie.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Nu se poate citi cheia de la distanță: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Conexiunea a eșuat: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Server necunoscut: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Metoda de autentificare cu cheie publică nu este permisă pe gazdă.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Eroare la autentificarea cu cheia publică: "
#
# Rosetta Contributors and Canonical Ltd <EMAIL@ADDRESS>, 2007.
# Eugene Roskin <Unknown>, 2016.
-# Yuri Kozlov <yuray@komyakino.ru>, 2018, 2019, 2020, 2021.
+# Yuri Kozlov <yuray@komyakino.ru>, 2018, 2019, 2020, 2021, 2022, 2023.
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-23 22:35+0300\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-04 15:38+0300\n"
"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
"Language-Team: Russian <gnu@d07.ru>\n"
"Language: ru\n"
"X-Generator: Lokalize 20.12.0\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Не удалось инициализировать device-mapper, выполняется без прав суперпользователя."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Не удалось инициализировать device-mapper. Загружен ли модуль ядра dm_mod?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "Запрошенный флаг отсрочки не поддерживается."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "У устройства %s был обрезан DM-UUID."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Неизвестный тип цели dm."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Запрошенные параметры производительности dm-crypt не поддерживаются."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Запрошенные параметры обработки повреждённых данных dm-verify не поддерживаются."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Запрошенный параметр tasklets dm-verify не поддерживается."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Запрошенные параметры FEC dm-verify не поддерживаются."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Запрошенные параметры целостности данных не поддерживаются."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "Запрошенный параметр sector_size не поддерживается."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Запрошенный автоматический пересчёт тегов целостности не поддерживается."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Discard/TRIM не поддерживается."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Запрошенный режим битовой карты dm-integrity не поддерживается."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Ошибка при запросе сегмента dm-%s."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"При генерации ключа тома в системе закончились данные энтропии.\n"
"Подвигайте мышь или наберите любой текст в другом окне, чтобы возникли случайные события.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Генерация ключа (выполнена на %d%%).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Выполнение в режиме FIPS."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "При инициализации RNG возникла критическая ошибка."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Запрошено неизвестное качество RNG."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Ошибка чтения из RNG."
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Невозможно инициализировать внутренний интерфейс crypto RNG."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Невозможно инициализировать внутренний интерфейс crypto."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Алгоритм хэширования %s не поддерживается."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Ошибка обработки ключа (используется хэш %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Невозможно определить тип устройства. Несовместимая активация устройства?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "Эта операция поддерживается только для устройства LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Эта операция поддерживается только для устройства LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Заполнены все слоты ключей."
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Некорректный слот ключа %d, укажите значение между 0 и %d."
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Слот ключа %d заполнен, выберите другой."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "Размер устройства не выровнен к размеру логического блока устройства."
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Обнаружен заголовок, но устройство %s слишком маленькое."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Эта операция не поддерживается для этого типа устройств."
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "Недопустимая операция во время работы перешифрования."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Не удалось откатиться на метаданные LUKS2 в памяти."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Устройство %s не является корректным устройством LUKS."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Неподдерживаемая версия LUKS %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "Устройство %s не активно."
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Исчезло нижележащее устройство у устройства crypt %s."
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "Неверные параметры plain crypt."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "Неверный размер ключа."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "Для данного типа crypt UUID не поддерживается."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Устройство с отсоединёнными метаданными не поддерживается для этого типа crypt."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Неподдерживаемый размер сектора шифрования."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "Размер устройства не выровнен к запрошенному размеру сектора."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "Невозможно отформатировать LUKS без устройства."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "Запрошенный тип выравнивания данных не совместим со смещением данных."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "ПРЕДУПРЕЖДЕНИЕ: смещение данных находится за пределами доступного в данный момент устройства данных.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "невозможно затереть заголовок на устройстве %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Устройство %s слишком маленькое для активации, не хватает места для данных.\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: Активация устройства завершится ошибкой, так как отсутствует поддержка dm-crypt для запрошенного размера сектора шифрования.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Ключ тома слишком мал для шифрования с целостными расширениями."
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Шифр %s-%s (размер ключа %zd бит) недоступен."
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: размер метаданных LUKS2 изменился и стал %<PRIu64> байт.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: размер слотов ключа LUKS2 изменился и стал %<PRIu64> байт.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Устройство %s слишком маленькое."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "Невозможно отформатировать устройство %s, которое используется."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Невозможно отформатировать устройство %s, недостаточно прав."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Невозможно отформатировать целостность для устройства %s."
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "Невозможно отформатировать устройство %s."
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "Невозможно отформатировать LOOPAES без устройства."
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "Невозможно отформатировать VERITY без устройства."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Неподдерживаемый тип хэша %d для VERITY."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Неподдерживаемый размер блока для VERITY."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Неподдерживаемое смещение хэша для VERITY."
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "Неподдерживаемое смещение FEC для VERITY."
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "Область данных перекрывает области хэша."
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "Область хэша перекрывает область FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "Область данных перекрывает область FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: запрошенный размер тега в %d байт отличается от выходного размера %s (%d байт).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Запрошен неизвестный тип устройства crypt %s."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Неподдерживаемые параметры для устройства %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Несовпадение параметров для устройства %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Несоответствие устройств crypt."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Ошибка при перезагрузке устройства %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Ошибка при приостановке устройства %s."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Ошибка при возобновлении работы устройства %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Критическая ошибка при перезагрузке устройства %s (поверх устройства %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Ошибка при переключении устройства %s на dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "Невозможно изменить размер закольцованного (loop) устройства."
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "ПРЕДУПРЕЖДЕНИЕ: максимальный размер уже задан или ядро не поддерживает изменение размера.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Изменение размера невозможно, не поддерживается ядром."
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "Вы действительно хотите изменить UUID устройства?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Файл резервного заголовка не содержит заголовка совместимого с LUKS."
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "Том %s не активен."
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "Том %s уже приостановлен."
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Приостановка не поддерживается устройством %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "Ошибка во время приостановки устройства %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Возобновление не поддерживается устройством %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "Ошибка во время возобновления устройства %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Том %s не приостановлен."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Ключ тома не подходит к тому."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Невозможно добавить слот ключа, все слоты отключены и не предоставлен ключ тома."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "Ошибка при переключении на новый слот ключа."
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "Некорректный слот ключа %d."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "Слот ключа %d не активен."
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "Заголовок устройства перекрывает область данных."
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Выполняется перешифрование. Невозможно активировать устройство."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Ошибка при получении блокировки перешифрования."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "Ошибка восстановления перешифрования LUKS2."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "Тип устройства инициализирован неправильно."
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "Устройство %s уже существует."
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Невозможно использовать устройство %s, некорректное имя или оно всё ещё используется."
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "Для устройства plain указан некорректный ключ тома."
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "Некорректный корневой хэш для указанного устройства verity."
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "Требуется подпись корневого хэша."
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Отсутствует связка ключей ядра: требуется для передачи подписи в ядро."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "Ошибка при загрузке ключа в связку ключей ядра."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Не удалось отменить отложенное удаление с устройства %s."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Устройство %s всё ещё используется."
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "Неверное устройство %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "Буфер ключа тома слишком мал."
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Невозможно получить ключ тома для устройства LUKS2."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Невозможно получить ключ тома для устройства LUKS1."
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "Невозможно получить ключ тома для устройства plain."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Невозможно получить корневой хэш для устройства verity."
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Невозможно получить ключ тома для устройства BITLK."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Невозможно получить ключ тома для устройства FVAULT2."
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Эта операция не поддерживается для устройства crypt %s."
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "Операция дампа не поддерживается для устройства этого типа."
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Смещение данных не кратно %u байтам."
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Невозможно преобразовать устройство %s, которое всё ещё используется."
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Ошибка при назначении слота ключа %u в качестве нового ключа тома."
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Ошибка при инициализации параметров слота ключа по умолчанию LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Ошибка при назначении слота ключа %d дайджесту."
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Невозможно добавить слот ключа, все слоты отключены и не предоставлен ключ тома."
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "Связка ключей ядра не поддерживается ядром."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Не удалось прочитать парольную фразу из связки ключей (ошибка %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Не удалось захватить глобальную блокировку сериализации доступа на скорости памяти (memory-hard)."
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Невозможно получить приоритет процесса."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Невозможно разблокировать память."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Не удалось открыть файл ключа."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Невозможно прочитать файл ключа с терминала."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "Не удалось выполнить stat для файла ключа."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Невозможно переместиться по запрошенному смещению в файле ключа."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "Не хватило памяти при чтении парольной фразы."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Ошибка чтения парольной фразы."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Нет ничего для чтения со стандартного ввода."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Превышен максимальный размер файла ключа."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "невозможно прочитать запрошенное количество данных."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Устройство %s не существует или отказано в доступе."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Устройство %s несовместимо."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Игнорируется фиктивный размер optimal-io для устройства данных (%u байт)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Устройство %s слишком маленькое. Требуется не менее %<PRIu64> байт."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Невозможно использовать устройство %s, которое используется (отображено или примонтировано)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Невозможно использовать устройство %s, недостаточно прав."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "Невозможно получить информацию об устройстве %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Невозможно использовать закольцованное устройство, выполняется без прав суперпользователя."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Ошибка при присоединении закольцованного устройства (требуется закольцованное устройство с флагом autoclear)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Запрошенный размер вне реального размера устройства %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Устройство %s имеет нулевой размер."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "В режиме FIPS поддерживается только PBKDF2."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Оценка производительности PBKDF выключена, но не задано количество итераций."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Несовместимые параметры PBKDF2 (используется алгоритм хэширования %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "Несовместимые параметры PBKDF."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (не является каталогом или отсутствует)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Будет создан блокирующий каталог %s/%s с правами по умолчанию, заданными при сборке программы."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Блокировка прервана. Путь блокировки %s/%s использовать невозможно (%s не является каталогом)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Невозможно перемещаться по устройству."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Ошибка затирания устройства, смещение %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Шифр должен указываться в формате [шифр]-[режим]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Невозможно записать на устройство %s, недостаточно прав."
msgid "Failed to access temporary keystore device."
msgstr "Не удалось получить доступ к временному устройству keystore."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Ошибка ввода-вывода при шифровании слота ключа."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Невозможно открыть устройство %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "Ошибка ввода-вывода при расшифровке слота ключа."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Устройство %s слишком маленькое (для LUKS1 требуется не менее %<PRIu64> байт)."
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "Некорректный слот ключа LUKS %u."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Устройство %s не является корректным устройством LUKS."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Запрошенный файл резервного заголовка %s уже существует."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Невозможно создать файл резервного заголовка %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Невозможно записать файл резервного заголовка %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Резервный файл не содержит корректный заголовок LUKS."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Невозможно открыть файл резервного заголовка %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Невозможно прочитать файл резервного заголовка %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Смещение данных или размер ключа различаются на устройстве и в резервной копии, восстановление невозможно."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "Устройство %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "не содержит заголовка LUKS. Замена заголовка может уничтожить данные на этом устройстве."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "уже содержит заголовок LUKS. Замена заголовка уничтожит существующие слоты ключей."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"ПРЕДУПРЕЖДЕНИЕ: заголовок устройства и резервная копия содержат разные UUID!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "Нестандартный размер ключа, требуется исправление вручную."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Нестандартное выравнивание слотов ключей, требуется исправление вручную."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Исправлен режим шифра (%s -> %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Хэш шифра приведён к нижнему регистру (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Запрошенный хэш LUKS %s не поддерживается."
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "Исправление слотов ключей."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Слот ключа %i: исправлено смещение (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Слот ключа %i: исправлены полосы (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Слот ключа %i: фиктивная подпись раздела."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Слот ключа %i: соль затёрта."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "Запись заголовка LUKS на диск."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "Ошибка при исправлении."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Запрошенный хэш LUKS %s не поддерживается."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Некорректный режим шифра LUKS %s."
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "Некорректный хэш LUKS %s."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "Известных неполадок в заголовке LUKS не обнаружено."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Ошибка при обновлении заголовка LUKS на устройстве %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Ошибка при повторном считывании заголовка LUKS после обновления на устройстве %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Смещение данных заголовка LUKS должно быть равно 0 или быть больше размера заголовка."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "Указан неправильный формат LUKS UUID."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Невозможно создать заголовок LUKS: ошибка при чтении случайной соли."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Невозможно создать заголовок LUKS: ошибка подсчёта дайджеста заголовка (используйте хэш %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Активен слот ключа %d, сначала нужна вычистка."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Данный слота ключа %d содержат несколько полос. Подделка заголовка?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Переполнение значения итерации PBKDF2."
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Невозможно открыть слот ключа (используется хэш %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Некорректный слот ключа %d, значение слота ключа должно быть между 0 и %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Невозможно затереть устройство %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Ядро не поддерживает совместимое отображение loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Ошибка при чтении файла ключа %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Превышена максимальная длина парольной фразы TCRYPT (%zu)."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Алгоритм хэширования PBKDF2 %s недоступен, пропускается."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "Требуемый интерфейс ядра crypto недоступен."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Убедитесь, что загружен ядерный модуль algif_skcipher."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Активация не поддерживается при размере сектора %d."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Ядро не поддерживает активацию для данного устаревшего режима TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Активируется система шифрования TCRYPT для раздела %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Ядро не поддерживает совместимое отображение TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "эта функция не поддерживается без загрузки заголовка TCRYPT."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "При анализе поддерживаемого главного ключа тома обнаружен неожиданный тип элемента метаданных «%u»."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "При анализе поддерживаемого главного ключа тома обнаружена некорректная строка."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "При анализе поддерживаемого главного ключа тома обнаружена неожиданная строка («%s»)."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "При анализе поддерживаемого главного ключа тома обнаружено неожиданное значение элемента метаданных «%u»."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Ошибка чтения подписи BITLK из %s."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Некорректная или неизвестная подпись устройства BITLK."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK версии 1 пока не поддерживается."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Некорректная или неизвестная подпись загрузчика устройства BITLK."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Неподдерживаемый размер сектора %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Ошибка чтения заголовка BITLK из %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Ошибка чтения метаданных BITLK FVE из %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "Неизвестный или неподдерживаемый тип шифрования."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Ошибка чтения элементов метаданных BITLK из %s."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Ошибка преобразования описания тома BITLK"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "При анализе внешнего ключа обнаружен неожиданный тип элемента метаданных «%u»."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "GUID «%s» BEK-файла не совпадает с GUID тома."
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "При анализе внешнего ключа обнаружено неожиданное значение элемента метаданных «%u»."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Неподдерживаемая версия %<PRIu32> метаданных BEK"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Неожиданный размер %<PRIu32> метаданных BEK не совпадает с длиной файла BEK"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "При анализе ключа запуска обнаружен неожиданный элемент метаданных."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "Эта операция не поддерживается."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "Неожиданный размер ключа данных."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Данное устройство BITLK находится в неподдерживаемом состоянии и не может быть включено."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Устройства BITLK с типом «%s» не могут быть включены."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Активация частично расширенного устройства BITLK не поддерживается."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "ПРЕДУПРЕЖДЕНИЕ: размер тома BitLocker %<PRIu64> не совпадает с размером нижележащего устройства %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка BITLK Elephant diffuser."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Невозможно активировать устройство, в ядерном dm-crypt отсутствует поддержка секторов большого размера."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Невозможно активировать устройство, отсутствует модуль ядра dm-zero."
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "УÑ\81Ñ\82Ñ\80ойÑ\81Ñ\82во verity %s не иÑ\81полÑ\8cзÑ\83еÑ\82 заголовок на диÑ\81ке."
+msgid "Could not read %u bytes of volume header."
+msgstr "Ð\9dевозможно пÑ\80оÑ\87иÑ\82аÑ\82Ñ\8c %u байÑ\82 из заголовка Ñ\82ома."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Устройство %s не является корректным устройством VERITY."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Неподдерживаемая версия FVAULT2 %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "Устройство verity %s не использует заголовок на диске."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Неподдерживаемая версия VERITY %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "Повреждён заголовок VERITY."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Указан неправильный формат VERITY UUID на устройстве %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Ошибка при обновлении заголовка verity на устройстве %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Проверка подписи корневого хэша не поддерживается."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Невозможно исправить ошибки с устройством FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Найдено %u исправимых ошибок с устройством FEC."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Ядро не поддерживает отображение dm-verity."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Ядро не поддерживает параметр подписи dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "После активации обнаружено повреждение устройства verity."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Резервная область не заполнена нулями по адресу %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Переполнение смещения устройства."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Ошибка при проверке по адресу %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Переполнение области хэша."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Ошибка при сверке области данных."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Ошибка при сверке корневого хэша."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Ошибка ввода-вывода при создании области хэша."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Ошибка при создании области хэша."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "ПРЕДУПРЕЖДЕНИЕ: ядро не сможет активировать устройство, если размер блока данных превышает размер страницы (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Не удалось исправить чётность для блока %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Не удалось записать чётность для блока RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Для FEC размеры блока должны совпадать."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Неверное количество байт чётности."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Неправильная длина сегмента FEC."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Не удалось определить размер устройства %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "На %2$s обнаружены несовместимые с ядерным dm-integrity метаданные (версия %1$u)."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Ядро не поддерживает отображение dm-integrity."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Ядро не поддерживает выравнивание фиксированных метаданных dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Ядро не позволяет задействовать небезопасный параметр пересчёта (для отключения ищите параметры включения старого режима)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Не удалось захватить блокировку на запись на устройстве %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Обнаружена попытка одновременного обновления метаданных LUKS2. Отмена операции."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Устройство содержит двусмысленные подписи, невозможно провести автоматическое\n"
"восстановление LUKS2. Для восстановления запустите «cryptsetup repair»."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Запрошенное смещение данных слишком мало."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: очень маленькая область слотов ключа (%<PRIu64> байт), количество доступных слотов ключа LUKS2 очень ограничено.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Не удалось захватить блокировку устройства %s на чтение."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "В резервной копии %s обнаружены запрещённые требования LUKS2."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Смещение данных различается на устройстве и в резервной копии, восстановление невозможно."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Двоичный заголовок с областями слота ключа различается на устройстве и в резервной копии, восстановление невозможно."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Устройство %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "не содержит заголовка LUKS2. Замена заголовка может уничтожить данные на этом устройстве."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "уже содержит заголовок LUKS2. Замена заголовка уничтожит существующие слоты ключей."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"действующего устройства! Замена заголовка из резервной копии может повредить\n"
"данные на этом устройстве!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Replacing header with backup may corrupt data."
msgstr ""
"\n"
-"Ð\9fÐ Ð\95Ð\94УÐ\9fÐ Ð\95Ð\96Ð\94Ð\95Ð\9dÐ\98Ð\95: на Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ве обнаÑ\80Ñ\83жено незаконÑ\87енное внеÑ\81иÑ\81Ñ\82емное (offline)\n"
+"Ð\9fÐ Ð\95Ð\94УÐ\9fÐ Ð\95Ð\96Ð\94Ð\95Ð\9dÐ\98Ð\95: на Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ве обнаÑ\80Ñ\83жено незаконÑ\87енное оÑ\82ложенное (offline)\n"
"перешифрование! Замена заголовка из резервной копии может повредить данные."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Неизвестный флаг %s игнорируется."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Отсутствует ключ для сегмента dm-crypt %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Ошибка при задании сегмента dm-crypt."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Ошибка при задании сегмента dm-linear."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Неподдерживаемые настройки целостности устройства."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Выполняется перешифрование. Невозможно деактивировать устройство."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Не удалось заменить приостановленное устройство %s на цель dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Ошибка при чтении требований LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Обнаружены неудовлетворяемые требования LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Операция не совместима с устройством, отмеченным для устаревшего перешифрования. Прерываемся."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Операция не совместима с устройством, отмеченным для перешифрования LUKS2. Прерываемся."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Недостаточно памяти для открытия слота ключа."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Ошибка открытия слота ключа."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Невозможно использовать шифр %s-%s для шифрования слота ключа."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Алгоритм хэширования %s недоступен."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "Нет места для нового слота ключа."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Запрошена некорректная смена режима устойчивости перешифрования."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Невозможно обновить тип устойчивости. Новый тип предоставляет только %<PRIu64> байт, требуемое место: %<PRIu64> байт."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Ошибка при обновлении сверки дайджеста перешифрования."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Невозможно определить состояние устройства с uuid: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Невозможно преобразовать заголовок с дополнительными метаданными LUKSMETA."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Невозможно использовать шаблон шифра %s-%s для LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Невозможно переместить область слота ключа. Недостаточно места."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Невозможно преобразовать в формат LUKS2 — некорректные метаданные."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Невозможно переместить область слота ключа. Слишком маленькие слоты ключа LUKS2."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Невозможно переместить область слота ключа."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Невозможно преобразовать в формат LUKS1 — размер сектора шифрования сегмента по умолчанию не равно 512 байтам."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Невозможно преобразовать в формат LUKS1 — дайджесты слота ключа несовместимы с LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Невозможно преобразовать в формат LUKS1 — устройство использует шифр %s с обёрточным ключом."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Невозможно преобразовать в формат LUKS1 — устройство использует несколько сегментов."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Невозможно преобразовать в формат LUKS1 — заголовок LUKS2 содержит %u токенов."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Невозможно преобразовать в формат LUKS1 — слот ключа %u находится в некорректном состоянии."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Невозможно преобразовать в формат LUKS1 — слот %u (больше максимального количества слотов) всё ещё активен."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Невозможно преобразовать в формат LUKS1 — слот ключа %u несовместим с LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Размер hotzone должен быть кратен вычисленному выравниванию зоны (%zu байт)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Размер устройства должен быть кратен вычисленному выравниванию зоны (%zu байт)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Неподдерживаемый режим устойчивости %s."
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Ошибка при инициализации старой сегментной обёртки хранилища."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Ошибка при инициализации новой сегментной обёртки хранилища."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Ошибка при инициализации защиты hotzone."
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Ошибка чтения контрольных сумм текущей hotzone."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Не удалось прочитать область hotzone начиная с %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Не удалось расшифровать сектор %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Не удалось восстановить сектор %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Размеры устройств источника и назначения не совпадают. Источник %<PRIu64>, назначение: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Ошибка при активации устройства hotzone %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Ошибка при активации оверлейного устройства %s с действительной исходной таблицей."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Ошибка при загрузке нового отображения устройства %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Ошибка при обновлении стека устройств перешифрования."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Ошибка при задании нового размера области слотов ключей."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Значение сдвига данных не выровнено к размеру сектора шифрования (%<PRIu32> байт)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Неподдерживаемый режим устойчивости %s."
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Размер перемещаемого сегмента не может быть больше значения сдвига данных."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Некорректные параметры устойчивости перешифрования."
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Сдвиг данные не выровнен к запрошенному размеру сектора шифрования (%<PRIu32> байт)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Слишком большой перемещаемый сегмент. Запрошенный размер %<PRIu64>, доступно место: %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Ошибка очистки таблицы."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Размер сокращённых данных больше размера устройства."
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Устройство данных не выровнено к
запрошенному размеру сектора шифрования (%<PRIu32> байт)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Устройство данных не выровнено к размеру сектора шифрования (%<PRIu32> байт)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Сдвиг данных (%<PRIu64> секторов) меньше чем будущее смещение данных (%<PRIu64> секторов)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Ошибка при открытии %s в монопольном режиме (уже отображено или примонтировано)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Устройство не отмечено для перешифрования LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Ошибка при загрузке контекста перешифрования LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Ошибка при получении состояния перешифрования."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Устройство не перешифровывается."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Процесс перешифрования уже запущен."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Ошибка при захвате блокировки перешифрования."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Невозможно продолжить с перешифрованием. Сначала запустите восстановление перешифрования."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "Активный размер устройства и запрошенный размер перешифрования не совпадают."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "В параметрах перешифрования запрошен некорректный размер устройства."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Выполняется перешифрование. Восстановление выполнить невозможно."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "Перешифрование LUKS2 уже инициализировано в метаданных."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Не удалось инициализировать перешифрование LUKS2 в метаданных."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Ошибка при назначении сегментов устройства для следующей hotzone перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Ошибка при записи метаданных устойчивости перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Не удалось расшифровать."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Не удалось записать область hotzone начиная с %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Ошибка синхронизации данных."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Ошибка при обновлении метаданных после завершения текущей hotzone перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Ошибка при записи метаданных LUKS2."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Ошибка при затирании резервной копии сегмента данных."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Ошибка при затирании неиспользуемой области данных устройства."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Ошибка при назначении токена %d слоту ключа %d."
+msgstr "Ошибка при удалении неиспользуемого (непривязанного) слота ключа %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Ошибка при получении блокировки перешифрования."
+msgstr "Ошибка при удалении слота ключа перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Критическая ошибка при перешифровании куска начиная с %<PRIu64>, длиной в %<PRIu64> секторов."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Оперативное перешифрование завершилось ошибкой."
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Устройство не возобновит работу пока не будет заменено вручную с целью error."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Невозможно продолжить с перешифрованием. Неожиданное состояние перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Контекст перешифрования отсутствует или неверен."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Ошибка при инициализации стека устройства перешифрования."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Ошибка при обновлении контекста перешифрования."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "Ð\9dекоÑ\80Ñ\80екÑ\82нÑ\8bй Ñ\81лоÑ\82 клÑ\8eÑ\87а %d."
+msgstr "Ð\9dекоÑ\80Ñ\80екÑ\82нÑ\8bе меÑ\82аданнÑ\8bе пеÑ\80еÑ\88иÑ\84Ñ\80ованиÑ\8f."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Ð\9dеÑ\82 Ñ\81вободного Ñ\81лоÑ\82а под Ñ\82окен."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b Ñ\88иÑ\84Ñ\80ованиÑ\8f Ñ\81лоÑ\82а клÑ\8eÑ\87а могÑ\83Ñ\82 задаваÑ\82Ñ\8cÑ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва LUKS2."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Ð\9eÑ\88ибка пÑ\80и Ñ\81оздании вÑ\81Ñ\82Ñ\80оенного Ñ\82окена %s."
+msgid "Enter token PIN: "
+msgstr "Ð\92ведиÑ\82е PIN Ñ\82окена: "
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Невозможно проверить парольную фразу не с входных tty."
-
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Параметры шифрования слота ключа могут задаваться только для устройства LUKS2."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Введите %d PIN токена: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Обнаружено указание неизвестного шаблона шифра."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: параметр --hash игнорируется в режиме plain с указанным файлом ключа.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "ПРЕДУПРЕЖДЕНИЕ: параметр --keyfile-size игнорируется, размер для чтения приравнивается размеру ключа шифрования.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Обнаружены подпись(и) устройства на %s. Продолжение работы может повредить существующие данные."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "Операция прервана.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Параметр --key-file является обязательным."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Введите VeraCrypt PIM: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Недопустимое значение PIM: ошибка при разборе."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Недопустимое значение PIM: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Недопустимое значение PIM: вышло за границы диапазона."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "С этой парольной фразой заголовка устройства не обнаружено."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Устройство %s не является корректным устройством BITLK."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Невозможно определить размер ключа тома BITLK, укажите параметр --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n"
"Этот дамп следует всегда хранить зашифрованным в надёжном месте."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Дамп заголовка с ключом тома является секретной информацией,\n"
+"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n"
+"Этот дамп нужно хранить зашифрованным в надёжном месте."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Устройство %s не является корректным устройством FVAULT2."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Невозможно определить размер ключа тома FVAULT2, укажите параметр --key-size."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Устройство %s всё ещё активно и запланировано к отложенному удалению.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Для изменения размера активного устройства требуется ключ тома в связке ключей, но указан параметр --disable-keyring."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Оценка производительности прервана."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s Н/Д\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u итераций в секунду для %zu-битного ключа\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s Н/Д\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u итераций, %5u памяти, %1u параллельных нитей (ЦП) для %zu-битного ключа (запрашивался %u мс)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Результат оценки производительности ненадёжен."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Тесты, использующие практически только память (без ввода-вывода на хранилище).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Алгоритм | Ключ | Шифрование | Расшифровка\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Шифр %s (%i-битный ключ) недоступен."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr ""
"# Algorithm | Key | Encryption | Decryption\n"
"# Алгоритм | Ключ | Шифрование | Расшифровка\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "Н/Д"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Обнаружены незащищённые метаданные перешифрования LUKS2. Убедитесь,\n"
+"что операция перешифрования желательна (смотрите вывод luksDump) и продолжайте\n"
+"(обновление метаданных) только, если это действительно ваше решение."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Введите пароль для восстановления перешифрования: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Введите пароль защиты и обновления метаданных перешифрования: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Действительно продолжить восстановление перешифрования LUKS2?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Ð\92ведиÑ\82е паÑ\80олÑ\8c длÑ\8f воÑ\81Ñ\81Ñ\82ановлениÑ\8f пеÑ\80еÑ\88иÑ\84Ñ\80ованиÑ\8f: "
+msgstr "Ð\92ведиÑ\82е паÑ\80олÑ\8c пÑ\80овеÑ\80ки дайджеÑ\81Ñ\82а пеÑ\80еÑ\88иÑ\84Ñ\80ованиÑ\8f меÑ\82аданнÑ\8bÑ\85: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
-msgstr "Ð\92ведиÑ\82е паÑ\80олÑ\8c длÑ\8f воÑ\81Ñ\81Ñ\82ановлениÑ\8f пеÑ\80еÑ\88иÑ\84Ñ\80ованиÑ\8f: "
+msgstr "Введите пароль восстановления перешифрования: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Действительно попробовать восстановить заголовок устройства LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Затирание прервано."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Затирается устройство для инициализации целостности контрольной суммы.\n"
"Вы можете прервать процесс нажав CTRL+c (остаток незатёртого устройства будет содержать некорректную контрольную сумму).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Невозможно деактивировать временное устройство %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Параметр целостности можно использовать только в формате LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Неподдерживаемый размер параметров метаданных LUKS2."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Файл заголовка не существует, создать?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Невозможно создать файл заголовка %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Обнаружено указание неизвестного шаблона целостности."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Невозможно использовать %s в качестве заголовка для диска."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Данные на %s будут перезаписаны без возможности восстановления."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Ошибка при задании параметров pbkdf."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Сокращение смещения данных допускается только для отсоединённого заголовка LUKS."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Файл контейнера LUKS %s слишком мал для активации, не хватает места для данных."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Невозможно определить размер ключа тома LUKS без слотов ключа, укажите параметр --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Устройство активировано, но нельзя сделать флаги постоянными."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Для удаления выбран слот ключа %d."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Это последний слот ключа. Устройство станет неработоспособным после вычистки этого ключа."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Введите любую оставшуюся парольную фразу: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Операция прервана, слот ключа НЕ затёрт.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Введите удаляемую парольную фразу: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Устройство %s не является корректным устройством LUKS2."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Введите новую парольную фразу для слота ключа: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "ПРЕДУПРЕЖДЕНИЕ: для нового номера слота ключа используется параметр --key-slot.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Введите любую существующую парольную фразу: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Введите изменяемую парольную фразу: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Введите новую парольную фразу: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Введите парольную фразу для преобразуемого слота ключа: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "Только одно устройство можно указать для операции isLuks."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Дамп заголовка с ключом тома является секретной информацией,\n"
-"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n"
-"Этот дамп нужно хранить зашифрованным в надёжном месте."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Слот ключа %d не содержит непривязанного ключа."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"обеспечивающей доступ к зашифрованному разделу без парольной фразы.\n"
"Этот дамп нужно хранить зашифрованным в надёжном месте."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s не является именем активного устройства %s."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s не является именем активного устройства LUKS или отсутствует заголовок."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "Параметр --header-backup-file является обязательным."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s не является управляемым устройством cryptsetup."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Обновление не поддерживается для устройств типа %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Нераспознанный тип метаданных устройства %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "Для команды требуется задать устройство и имя отображения."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Эта операция сотрёт все слоты ключей на устройстве %s.\n"
"Устройство станет неработоспособным после этой операции."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Операция прервана, слоты ключа НЕ затёрты.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Некорректный тип LUKS, поддерживаются только luks1 и luks2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Устройство уже имеет тип %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Данная операция преобразует формат %s в %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Операция прервана, устройство НЕ преобразовано.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Отсутствует параметр --priority, --label или --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
msgstr "Некорректный токен %d."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
msgstr "Используется токен %d."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Ошибка при добавлении токена luks2-keyring %d."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Ошибка при назначении токена %d слоту ключа %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
msgstr "Токен %d не используется."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
msgstr "Ошибка при импорте токена из файла."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
msgstr "Ошибка при получении токена %d для экспорта."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Для добавления токена требуется параметр --key-description."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Для действия требуется указать токен. Используйте параметр --token-id."
-
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "Ð\9dекоÑ\80Ñ\80екÑ\82наÑ\8f опеÑ\80аÑ\86иÑ\8f Ñ\81 Ñ\82океном %s."
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Токен %d не назнаÑ\87ен Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87а %d."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Ð\90вÑ\82омаÑ\82иÑ\87еÑ\81ки обнаÑ\80Ñ\83женное акÑ\82ивное Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82во dm «%s» длÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва даннÑ\8bÑ\85 %s.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Ð\9eÑ\88ибка пÑ\80и оÑ\82мене назнаÑ\87ениÑ\8f Ñ\82окена %d Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87а %d."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Устройство %s не является блочным.\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Параметр --tcrypt-hidden, --tcrypt-system или --tcrypt-backup поддерживается только для устройства TCRYPT."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Не удалось автоматически обнаружить держателей устройства %s."
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Параметр --veracrypt или --disable-veracrypt поддерживается только для устройств с типом TCRYPT."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Невозможно понять, активно устройство %s или нет.\n"
-"Вы действительно хотите продолжить перешифрование в отложенном режиме?\n"
-"Это может привести к потере данных, если устройство всё же активно.\n"
-"Для запуска перешифрования в оперативном режиме укажите параметр --active-name.\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Параметр --veracrypt-pim поддерживается только для устройств, совместимых с VeraCrypt."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Ð\9dевеÑ\80нÑ\8bй Ñ\82ип Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва LUKS."
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --veracrypt-query-pim поддеÑ\80живаеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82в, Ñ\81овмеÑ\81Ñ\82имÑ\8bÑ\85 Ñ\81 VeraCrypt."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "ШиÑ\84Ñ\80ование без оÑ\82Ñ\81оединÑ\91нного заголовка (--header) невозможно без Ñ\81окÑ\80аÑ\89ениÑ\8f Ñ\80азмеÑ\80а Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва даннÑ\8bÑ\85 (--reduce-device-size)."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b --veracrypt-pim и --veracrypt-query-pim взаимно иÑ\81клÑ\8eÑ\87аÑ\8eÑ\82 дÑ\80Ñ\83г дÑ\80Ñ\83га."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Ð\97апÑ\80оÑ\88енное Ñ\81меÑ\89ение даннÑ\8bÑ\85 должно бÑ\8bÑ\82Ñ\8c менÑ\8cÑ\88е или Ñ\80авно половине знаÑ\87ениÑ\8f паÑ\80амеÑ\82Ñ\80а --reduce-device-size."
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --persistent не допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f одновÑ\80еменно Ñ\83казÑ\8bваÑ\82Ñ\8c Ñ\81 --test-passphrase."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Подгоняется значение --reduce-device-size под двукратный размер --offset %<PRIu64> (секторов).\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Параметры --refresh и --test-passphrase взаимно исключают друг друга."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "ШиÑ\84Ñ\80ование поддеÑ\80живаеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f Ñ\84оÑ\80маÑ\82а LUKS2."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --shared допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f оÑ\82кÑ\80Ñ\8bÑ\82иÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва plain."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "На %s обнаружено устройство LUKS. Хотите снова зашифровать это устройство LUKS?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Параметр --skip поддерживается только для открытия устройств plain и loopaes."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Временный файл заголовка %s уже существует. Прекращение работы."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Параметр --offset с действием open поддерживается только для устройств plain и loopaes."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Невозможно создать временный файл заголовка %s."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Параметр --tcrypt-hidden нельзя указывать вместе с --allow-discards."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s теперь активен и готов для оперативного шифрования.\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Параметр размера сектора с действием open поддерживается только для устройств plain."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "РаÑ\81Ñ\88иÑ\84Ñ\80овка LUKS2 поддеÑ\80живаеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва Ñ\81 оÑ\82Ñ\81оединÑ\91ннÑ\8bм заголовком."
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 болÑ\8cÑ\88иÑ\85 Ñ\81екÑ\82оÑ\80ов IV поддеÑ\80живаеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f оÑ\82кÑ\80Ñ\8bÑ\82иÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82в Ñ\82ипа plain Ñ\81 Ñ\80азмеÑ\80ом Ñ\81екÑ\82оÑ\80а более 512 байÑ\82."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Ð\94лÑ\8f Ñ\88иÑ\84Ñ\80ованиÑ\8f недоÑ\81Ñ\82аÑ\82оÑ\87но Ñ\81вободнÑ\8bÑ\85 Ñ\81лоÑ\82ов клÑ\8eÑ\87ей."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --test-passphrase допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f оÑ\82кÑ\80Ñ\8bÑ\82иÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82в LUKS, TCRYPT, BITLK и FVAULT2."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Файл клÑ\8eÑ\87а можно иÑ\81полÑ\8cзоваÑ\82Ñ\8c Ñ\82олÑ\8cко Ñ\81 --key-slot или Ñ\82олÑ\8cко пÑ\80и одном акÑ\82ивном Ñ\81лоте."
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b --device-size и --size не допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\83казÑ\8bваÑ\82Ñ\8c вмеÑ\81те."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Введите парольную фразу для слота ключа %d: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Параметр --unbound допускается только для открытия устройства luks."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Введите парольную фразу для слота ключа %u: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Параметр --unbound не допускается одновременно указывать с --test-passphrase."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Переходим на алгоритм шифрования данных %s.\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Параметры --cancel-deferred и --deferred не могут быть использованы одновременно."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Ð\94лÑ\8f командÑ\8b Ñ\82Ñ\80ебÑ\83еÑ\82Ñ\81Ñ\8f в аÑ\80гÑ\83менÑ\82е Ñ\83казаÑ\82Ñ\8c Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82во."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b ---reduce-device-size и --data-size не допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\83казÑ\8bваÑ\82Ñ\8c вмеÑ\81Ñ\82е."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Ð\92 наÑ\81Ñ\82оÑ\8fÑ\89ий моменÑ\82 поддеÑ\80живаеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко Ñ\84оÑ\80маÑ\82 LUKS2. Ð\94лÑ\8f LUKS1 иÑ\81полÑ\8cзÑ\83йÑ\82е пÑ\80огÑ\80аммÑ\83 cryptsetup-reencrypt."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --active-name можеÑ\82 задаваÑ\82Ñ\8cÑ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва LUKS2."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Уже вÑ\8bполнÑ\8fеÑ\82Ñ\81Ñ\8f Ñ\83Ñ\81Ñ\82аÑ\80евÑ\88ее внеÑ\81иÑ\81Ñ\82емное (offline) пеÑ\80еÑ\88иÑ\84Ñ\80ование. Ð\98Ñ\81полÑ\8cзÑ\83йÑ\82е пÑ\80огÑ\80аммÑ\83 cryptsetup-reencrypt."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b --active-name и --force-offline-reencrypt не допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\83казÑ\8bваÑ\82Ñ\8c вмеÑ\81Ñ\82е."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Ð\9fеÑ\80еÑ\88иÑ\84Ñ\80ование Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва Ñ\81 пÑ\80оÑ\84илем Ñ\86елоÑ\81Ñ\82ноÑ\81Ñ\82и не поддеÑ\80живаеÑ\82Ñ\81Ñ\8f."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "ТÑ\80ебÑ\83еÑ\82Ñ\81Ñ\8f Ñ\83казаÑ\82Ñ\8c Ñ\81лоÑ\82 клÑ\8eÑ\87а."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Ð\9fеÑ\80еÑ\88иÑ\84Ñ\80ование LUKS2 Ñ\83же иниÑ\86иализиÑ\80овано. Ð\9fÑ\80екÑ\80аÑ\89ение Ñ\80абоÑ\82Ñ\8b."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b --align-payload и --offset не допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\83казÑ\8bваÑ\82Ñ\8c вмеÑ\81Ñ\82е."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "УÑ\81Ñ\82Ñ\80ойÑ\81Ñ\82во LUKS2 не пеÑ\80еÑ\88иÑ\84Ñ\80овÑ\8bваеÑ\82Ñ\81Ñ\8f."
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --integrity-no-wipe можно иÑ\81полÑ\8cзоваÑ\82Ñ\8c Ñ\82олÑ\8cко длÑ\8f дейÑ\81Ñ\82виÑ\8f format Ñ\81 Ñ\80аÑ\81Ñ\88иÑ\80ением Ñ\86елоÑ\81Ñ\82ноÑ\81Ñ\82и."
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<устройство> [--type <тип>] [<имя>]"
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Разрешено использовать только один параметр --use-[u]random."
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "оÑ\82кÑ\80Ñ\8bÑ\82Ñ\8c Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82во как <имÑ\8f>"
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "С паÑ\80амеÑ\82Ñ\80ом --unbound Ñ\82Ñ\80ебÑ\83еÑ\82Ñ\81Ñ\8f задаÑ\82Ñ\8c Ñ\80азмеÑ\80 клÑ\8eÑ\87а."
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<имя>"
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Некорректный токен действия."
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr "закÑ\80Ñ\8bÑ\82Ñ\8c Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82во (Ñ\83далиÑ\82Ñ\8c оÑ\82обÑ\80ажение)"
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Ð\94лÑ\8f добавлениÑ\8f Ñ\82окена Ñ\82Ñ\80ебÑ\83еÑ\82Ñ\81Ñ\8f паÑ\80амеÑ\82Ñ\80 --key-description."
-#: src/cryptsetup.c:3504
-msgid "resize active device"
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Для действия требуется указать токен. Используйте параметр --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Параметр --unbound можно использовать только при добавлении."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Параметры --key-slot и --unbound не допускается указывать вместе."
+
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Для действия требуется указать слот ключа. Используйте параметр --key-slot."
+
+#: src/cryptsetup.c:3156
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<устройство> [--type <тип>] [<имя>]"
+
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
+msgid "open device as <name>"
+msgstr "открыть устройство как <имя>"
+
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
+msgid "<name>"
+msgstr "<имя>"
+
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
+msgid "close device (remove mapping)"
+msgstr "закрыть устройство (удалить отображение)"
+
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
+msgid "resize active device"
msgstr "изменить размер активного устройства"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "показать состояние устройства"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <шифр>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "оценка производительности шифра"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<устройство>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "попытаться исправить метаданные на диске"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "перешифровать устройство LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "стереть все слоты ключей (удалить ключ шифрования)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "преобразовать LUKS из/в формат LUKS2"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "задать постоянные параметры настройки LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<устройство> [<новый файл ключа>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "форматировать устройство LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "добавить ключ к устройству LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<устройство> [<файл ключа>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "удалить заданный ключ или файл ключа с устройства LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "изменить заданный ключ или файл ключа устройства LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "преобразовать ключ в новые параметры pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<устройство> <слот ключа>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "затереть ключ с номером <слот ключа> с устройства LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "напечатать UUID устройства LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "проверить <устройство> на наличие заголовка раздела LUKS"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "выгрузить в дамп информацию о разделе LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "выгрузить в дамп информацию об устройстве TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "выгрузить в дамп информацию об устройстве BITLK"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "выгрузить в дамп информацию об устройстве FVAULT2"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Приостановить устройство LUKS и затереть ключ (заморозка операций ввода-вывода)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "Возобновить работу приостановленного устройства LUKS"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Сделать резервную копию заголовка и слотов ключей устройства LUKS"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Восстановить заголовок и слоты ключей устройства LUKS"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <устройство>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
msgstr "Управление токенами LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<действие> может быть:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Также можно использовать псевдонимы старого синтаксиса <действия>:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<слот ключа> - номер слота ключа LUKS для изменения\n"
"<файл ключа> - необязательный файл ключа для нового ключа для действия luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Встроенным форматом по умолчанию для метаданных является %s (для действия luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Модуль поддержки внешнего токена LUKS2 %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "скомпилирован"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Путь к модулю поддержки внешнего токена LUKS2: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "выключен"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"PBKDF по умолчанию для LUKS2: %s\n"
"\tВремя итерации: %d, Требуемая память: %dКБ, Кол-во параллельных нитей: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tplain: %s, Ключ: %d бит, хэширование пароля: %s\n"
"\tLUKS: %s, Ключ: %d бит, хэширование заголовка LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: Размер ключа по умолчанию в режиме XTS (два внутренних ключа) будет удвоен.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: требуется %s в качестве аргументов"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Некорректный слот ключа."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Размер устройства должен быть кратен 512 байтовому сектору."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Неправильный максимальный размер перешифрования hotzone."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Размер ключа должен быть кратен 8-ми битам"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Максимальный размер сокращения устройства равен 1 ГиБ."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Размер сокращения должен быть кратен 512 байтовому сектору."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Значением параметра --priority может быть только ignore/normal/prefer."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Показать это сообщение"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Показать краткие инструкции"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Показать версию пакета"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Параметры справки:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Показывать подробные сообщения об ошибках"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Показывать отладочные сообщения"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Показывать отладочные сообщения включая метаданные JSON"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Шифр, используемый для шифрования диска (смотрите /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Хэш, используемый для создания ключа шифрования из парольной фразы"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Проверить правильность парольной фразы, запрашивая её дважды"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Прочитать ключ из файла"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Прочитать (главный) ключ тома из файла."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Создать дамп (главного) ключа, а не информации слотов ключей"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Размер ключа шифрования"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "БИТ"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Ограничить чтение из файла ключа"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "байт"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Количество пропускаемых байтов в файле ключа"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Ограничить чтение из только что добавленного файла ключа"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Количество пропускаемых байтов в только что добавленном файле ключа"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Номер слота для нового ключа (по умолчанию первый свободный)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Размер устройства"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "СЕКТОРОВ"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Использовать только заданный размер устройства (игнорировать остаток устройства). ОПАСНО!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Начальное смещение в нижележащем (backend) устройстве"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Сколько секторов зашифрованных данных пропускать от начала"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Создать отображение в режиме только для чтения"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Не запрашивать подтверждение"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Время ожидания при ручном вводе парольной фразы (в секундах)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "сек"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Обновление строки хода выполнения (в секундах)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Как часто можно повторять попытку ввода парольной фразы"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Выравнивать полезные данные по границам <n> секторов — для luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Файл резервной копии заголовка и слотов ключей LUKS"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Использовать /dev/random для генерации ключа тома"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Использовать /dev/urandom для генерации ключа тома"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Совместно использовать устройство с другим неперекрывающимся шифрованным сегментом"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "Используемый для устройства UUID"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Разрешить отбрасывать запросы (так называемые TRIM) к устройству"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Устройство или файл с отдельным заголовком LUKS"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Не активировать устройство, только проверить парольную фразу"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Использовать скрытый заголовок (спрятанное устройство TCRYPT)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Устройство является системным диском TCRYPT (с загрузчиком)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Использовать резервный (вторичный) заголовок TCRYPT"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Также искать устройство совместимое с VeraCrypt"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Персональный умножитель итерации для устройства, совместимого с VeraCrypt"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Запрос персонального умножителя итерации для устройства, совместимого с VeraCrypt"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Тип метаданных устройства: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Выключить проверку качество пароля (если включена)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Использовать параметр производительности same_cpu_crypt для dm-crypt"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Использовать параметр производительности submit_from_crypt_cpus для dm-crypt"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Пропускать dm-crypt workqueue и обрабатывать запросы чтения одновременно"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Пропускать dm-crypt workqueue и обрабатывать запросы записи одновременно"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Удаление устройства отложено, пока его не закроет последний пользователь"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Использовать глобальную блокировку для сериализации доступа на скорости памяти (memory-hard) PBKDF (для обхода OOM)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Время итерации PBKDF для LUKS (в мс)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "мс"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Алгоритм PBKDF (для LUKS2): argon2i, argon2id, pbkdf2"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Ограничение стоимости памяти PBKDF"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "килобайт"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Стоимость параллельности PBKDF"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "нити"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Стоимость итераций PBKDF (принудительная, оценка производительности отключена)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Приоритет слота ключа: ignore, normal, prefer"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Выключить блокировку метаданных на диске"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Выключить загрузку ключей томов через связку ключей ядра"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Алгоритм целостности данных (только для LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Выключить журналирование для устройства целостности"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Не затирать устройство после форматирования"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Использовать неэффективное устаревшее дополнение (старые ядра)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Не запрашивать парольную фразу, если активация токеном завершилась ошибкой"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Номер токена (по умолчанию: любой)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Описание ключа"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Размер сектора шифрования (по умолчанию: 512 байт)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Использовать вычисленное IV как размер сектора (не 512 байт)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Задать набор постоянных флагов активации устройства"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Задать метку устройства LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Задать метку подсистемы устройства LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Создать или сделать дапм непривязанного (без назначенного сегмента данных) слота ключа LUKS2"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Прочитать или записать json в файл"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Размер области метаданных заголовка LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Размер области слотов ключей заголовка LUKS2"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Обновить (реактивировать) устройство с новыми параметрами"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Слот ключа LUKS2: Размер ключа шифрования"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Слот ключа LUKS2: Шифр, используемый для шифрования слота ключа"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Зашифровать устройство LUKS2 (шифрование по месту (in-place))"
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Расшифровать устройство LUKS2 (удалить шифрование)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Инициализировать перешифрование LUKS2 только метаданных."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Возобновить только инициализированное перешифрование LUKS2."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Сократить размер данных устройства (переместить смещение данных). ОПАСНО!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Максимальный размер hotzone перешифрования."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Тип устойчивости перешифрования hotzone (checksum,journal,none)"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Контрольные хэш-суммы hotzone перешифрования"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Заменить автоопределение устройства dm для перешифруемого устройства"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[ПАРАМЕТР…] <действие> <данные для действия>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Не задан параметр <действие>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Неизвестное действие."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Параметры --refresh и --test-passphrase взаимно исключают друг друга."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Параметр --deferred допускается только для команды close."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Параметр --shared допускается только для открытия устройства plain."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Параметр --allow-discards допускается только для операции open."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Параметр --persistent допускается только для операции open."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Параметр --serialize-memory-hard-pbkdf допускается только для операции open."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Параметр --persistent не допускается одновременно указывать с --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Параметр --key-size допускается только для luksFormat, luksAddKey,\n"
-"действий open и benchmark. Для ограничения чтения из файла ключа используйте --keyfile-size=(байт)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Параметр --integrity допускается только для luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Параметр --integrity-no-wipe можно использовать только для действия format с расширением целостности."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Параметры --label и --subsystem допускаются только для операций LUKS2 luksFormat и config."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Параметр --test-passphrase допускается только для открытия устройств LUKS, TCRYPT и BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Размер ключа должен быть кратен 8-ми битам"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Некорректный слот ключа."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Параметр --key-file имеет приоритет над указанным значением файла ключа."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "В параметре нельзя использовать отрицательные числа."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Разрешено указывать только один параметр --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Разрешено использовать только один параметр --use-[u]random."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Параметр --use-[u]random допускается только для luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Параметр --uuid допускается только для luksFormat и luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Параметр --align-payload допускается только для luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Параметры --luks2-metadata-size и --opt-luks2-keyslots-size допускаются только для операции luksFormat с LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Неправильно указан размер метаданных LUKS2."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Неправильно указан размер слота ключа LUKS2."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Параметры --align-payload и --offset не допускается указывать вместе."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Параметр --skip поддерживается только для открытия устройств plain и loopaes."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Параметр --offset поддерживается только для открытия устройств plain и loopaes, luksFormat и перешифрования устройства."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Параметр --tcrypt-hidden, --tcrypt-system или --tcrypt-backup поддерживается только для устройства TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Параметр --tcrypt-hidden нельзя указывать вместе с --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Параметр --veracrypt поддерживается только для устройств TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Указано некорректное значение параметра --veracrypt-pim."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Параметр --veracrypt-pim поддерживается только для устройств, совместимых с VeraCrypt."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Параметр --veracrypt-query-pim поддерживается только для устройств, совместимых с VeraCrypt."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Параметры --veracrypt-pim и --veracrypt-query-pim взаимно исключают друг друга."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Значением параметра --priority может быть только ignore/normal/prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Требуется указать слот ключа."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "Производной функцией на основе пароля для ключа (PBKDF) может быть только pbkdf2 или argon2i/argon2id."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Принудительные итерации PBKDF нельзя объединять вместе с параметром времени итерации."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Параметр размера сектора не поддерживается этой командой."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Параметр больших секторов IV поддерживается только для открытия устройств типа plain с размером сектора более 512 байт."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "С параметром --unbound требуется задать размер ключа."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Параметр --unbound можно использовать только в действиях luksAddKey и luksDump."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Параметры --keyslot-cipher и --keyslot-key-size нельзя использовать вместе."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --refresh можно иÑ\81полÑ\8cзоваÑ\82Ñ\8c Ñ\82олÑ\8cко пÑ\80и дейÑ\81Ñ\82вии open."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Ð\91ез вÑ\8bполнениÑ\8f. Ð\92Ñ\8bзвано Ñ\81 паÑ\80амеÑ\82Ñ\80ом --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Невозможно выключить блокировку метаданных."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Неправильный максимальный размер перешифрования hotzone."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Неправильно указан размер устройства."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Максимальный размер сокращения устройства равен 1 ГиБ."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Размер сокращения должен быть кратен 512 байтовому сектору."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Неправильный размер устройства данных."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Переполнение размера сокращения."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "Для расшифровки LUKS2 требуется параметр --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Размер устройства должен быть кратен 512 байтовому сектору."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Параметры ---reduce-device-size и --data-size не допускается указывать вместе."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Параметры --device-size и --size не допускается указывать вместе."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Параметры --keyslot-cipher и --keyslot-key-size нельзя использовать вместе."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Указана недопустимая строка соли."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Невозможно создать образ хэша %s для записи."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Невозможно создать образ FEC %s для записи."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Невозможно создать файл корневого хэша %s для записи."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Невозможно записать файл корневого хэша %s."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Устройство %s не является корректным устройством VERITY."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Невозможно прочитать файл корневого хэша %s."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Некорректный файл корневого хэша %s."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Указана недопустимая строка корневого хэша."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Неверный файл подписи %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Невозможно прочитать файл подписи %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Для параметра <корневой_хэш> или --root-hash-file требуется указать команду."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<устройство_данных> <устройство_хэша>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "отформатировать устройство"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<устройство_данных> <устройство_хэша> <корневой_хэш>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<устройство_данных> <устройство_хэша> [<корневой_хэш>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "проверить устройство"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<устройство_данных> <имя> <устройство_хэша> <корневой_хэш>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<устройство_данных> <имя> <устройство_хэша> [<корневой_хэш>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "показать состояние активного устройства"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<устройство_хэша>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "показать информацию на диске"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<устройство_хэша> — устройство, содержащее проверочные данные\n"
"<корневой_хэш> — хэш корневого узла на <устройстве_хэша>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Встроенные параметры dm-verity по умолчанию:\n"
"\tХэш: %s, Блок данных (байт): %u, Блок хэша (байт): %u, Размер соли: %u, Формат хэша: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Не использовать проверочный суперблок"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Тип форматирования (1 - обычное, 0 - как в Chrome OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "число"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Размер блока устройства данных"
+#: src/veritysetup.c:658
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Параметры --ignore-corruption и --restart-on-corruption нельзя использовать вместе."
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "РазмеÑ\80 блока Ñ\83Ñ\81Ñ\82Ñ\80ойÑ\81Ñ\82ва Ñ\85Ñ\8dÑ\88а"
+#: src/veritysetup.c:663
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b ---panic-on-corruption и --restart-on-corruption нелÑ\8cзÑ\8f иÑ\81полÑ\8cзоваÑ\82Ñ\8c вмеÑ\81Ñ\82е."
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "байты чётности FEC"
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Будут перезаписаны данные на %s и %s необратимо.\n"
+"Чтобы сохранить данные на устройстве укажите параметр --no-wipe\n"
+"(и он включит --integrity-recalculate)."
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Количество блоков в файле данных"
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Отформатирован с размером тега %u, внутренняя целостность %s.\n"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "блоков"
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Ð\97адание Ñ\84лага пеÑ\80еÑ\81Ñ\87Ñ\91Ñ\82а не поддеÑ\80живаеÑ\82Ñ\81Ñ\8f, вмеÑ\81Ñ\82о Ñ\8dÑ\82ого иÑ\81полÑ\8cзÑ\83йÑ\82е паÑ\80амеÑ\82Ñ\80 --wipe."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Путь к устройству с данными коррекции ошибок"
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Устройство %s не является корректным устройством INTEGRITY."
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "путь"
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<устройство_целостности>"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Начальное смещение на устройстве хэша"
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<устройство_целостности> <имя>"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Начальное смещение на устройстве FEC"
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<имя> — устройство, создаваемое на %s\n"
+"<устройство_целостности> — устройство, содержащее данные с тегами целостности\n"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Алгоритм хэширования"
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Встроенные параметры dm-integrity:\n"
+"\tАлгоритм контрольной суммы: %s\n"
+"\tМаксимальный размер файла ключа: %dКБ\n"
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "строка"
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Неверный размер --%s. Максимальное значение (в байтах) равно %u."
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "СолÑ\8c"
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Ð\94олжнÑ\8b бÑ\8bÑ\82Ñ\8c Ñ\83казанÑ\8b паÑ\80амеÑ\82Ñ\80Ñ\8b Ñ\84айла клÑ\8eÑ\87а и Ñ\80азмеÑ\80 клÑ\8eÑ\87а одновÑ\80еменно."
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "шестн. строка"
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Должны быть указаны параметры файла ключа целостности и размер ключа одновременно."
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Если используется ключ целостности журнала, то должен быть указан алгоритм целостности журнала."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Должны быть указаны параметры файла ключа шифрования и размер ключа одновременно."
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Ð\9fÑ\83Ñ\82Ñ\8c к Ñ\84айлÑ\83 Ñ\81 подпиÑ\81Ñ\8cÑ\8e коÑ\80невого Ñ\85Ñ\8dÑ\88а"
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Ð\95Ñ\81ли иÑ\81полÑ\8cзÑ\83еÑ\82Ñ\81Ñ\8f клÑ\8eÑ\87 Ñ\88иÑ\84Ñ\80ованиÑ\8f жÑ\83Ñ\80нала, Ñ\82о должен бÑ\8bÑ\82Ñ\8c Ñ\83казан алгоÑ\80иÑ\82м Ñ\88иÑ\84Ñ\80ованиÑ\8f жÑ\83Ñ\80нала."
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Ð\9fеÑ\80езапÑ\83Ñ\81Ñ\82иÑ\82Ñ\8c Ñ\8fдÑ\80о, еÑ\81ли обнаÑ\80Ñ\83жиÑ\82Ñ\81Ñ\8f повÑ\80еждение"
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b воÑ\81Ñ\81Ñ\82ановлениÑ\8f и Ñ\80ежима биÑ\82овой каÑ\80Ñ\82Ñ\8b взаимно иÑ\81клÑ\8eÑ\87аÑ\8eÑ\82 дÑ\80Ñ\83г дÑ\80Ñ\83га."
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Ð\92клÑ\8eÑ\87иÑ\82Ñ\8c паникÑ\83 в Ñ\8fдÑ\80е, еÑ\81ли обнаÑ\80Ñ\83жиÑ\82Ñ\81Ñ\8f повÑ\80еждение"
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b жÑ\83Ñ\80нала нелÑ\8cзÑ\8f иÑ\81полÑ\8cзоваÑ\82Ñ\8c в Ñ\80ежиме биÑ\82овой каÑ\80Ñ\82Ñ\8b."
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ð\98гноÑ\80иÑ\80оваÑ\82Ñ\8c повÑ\80еждение, Ñ\82олÑ\8cко запÑ\80оÑ\82околиÑ\80оваÑ\82Ñ\8c"
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 биÑ\82овой каÑ\80Ñ\82Ñ\8b можно иÑ\81полÑ\8cзоваÑ\82Ñ\8c Ñ\82олÑ\8cко в Ñ\80ежиме биÑ\82овой каÑ\80Ñ\82Ñ\8b."
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Не проверять обнулённые блоки"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"ПРЕДУПРЕЖДЕНИЕ!\n"
+"========\n"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Проверять блок данных только при первом чтении"
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Вы уверены? (введите «yes» заглавными буквами): "
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --ignore-corruption, --restart-on-corruption или --ignore-zero-blocks допÑ\83Ñ\81каеÑ\82Ñ\81Ñ\8f Ñ\82олÑ\8cко длÑ\8f опеÑ\80аÑ\86ии open."
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Ð\9eÑ\88ибка Ñ\87Ñ\82ениÑ\8f оÑ\82веÑ\82а Ñ\81 Ñ\82еÑ\80минала."
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --root-hash-signature можно иÑ\81полÑ\8cзоваÑ\82Ñ\8c Ñ\82олÑ\8cко длÑ\8f дейÑ\81Ñ\82виÑ\8f open."
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Ð\9aоманда вÑ\8bполнена Ñ\83Ñ\81пеÑ\88но."
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80Ñ\8b --ignore-corruption и --restart-on-corruption нелÑ\8cзÑ\8f иÑ\81полÑ\8cзоваÑ\82Ñ\8c вмеÑ\81Ñ\82е."
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "некоÑ\80Ñ\80екÑ\82нÑ\8bе или оÑ\82Ñ\81Ñ\83Ñ\82Ñ\81Ñ\82вÑ\83Ñ\8eÑ\89ие паÑ\80амеÑ\82Ñ\80Ñ\8b"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Параметры ---panic-on-corruption и --restart-on-corruption нельзя использовать вместе."
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "нет прав или некорректная парольная фраза"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "недостаточно памяти"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "указано некорректное устройство или файл"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "устройство уже существует или занято"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "неизвестная ошибка"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Сбой команды, код %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Создан слот ключа %i."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Слот ключа %i разблокирован."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Слот ключа %i удалён."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Создан токен %i."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Токен %i удалён."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "С этим PIN невозможно разблокировать токен."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Для токена %i требуется PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Для токена (тип %s) требуется PIN."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Токен %i невозможно разблокировать назначенным слотом ключа (некорректная парольная фраза для слота ключа)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Токен (тип %s) невозможно разблокировать назначенным слотом ключа (некорректная парольная фраза для слота ключа)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Для токена %i дополнительно требуется отсутствующий ресурс."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Для токена (тип %s) дополнительно требуется отсутствующий ресурс."
-#: src/integritysetup.c:85
+#: src/utils_tools.c:298
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Неверный размер ключа. Максимальное значение (в байтах) равно %u."
+msgid "No usable token (type %s) is available."
+msgstr "Не найдено подходящего токена (тип %s)."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Не найдено подходящего токена."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/utils_tools.c:393
#, c-format
msgid "Cannot read keyfile %s."
msgstr "Невозможно прочитать файл ключа %s."
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Невозможно прочитать %d байт из файл ключа %s."
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Невозможно прочитать %d байт из файл ключа %s."
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Невозможно открыть файл ключа %s для записи."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Невозможно записать в файл ключа %s."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>м%02<PRIu64>с"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>ч%02<PRIu64>м%02<PRIu64>с"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> дней"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> %s записано"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "скорость %5.1f %s/с"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Ход выполнения: %5.1f%%, ОВЗ %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Выполнено, время %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:72
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Невозможно проверить стойкость пароля: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Ошибка при проверке стойкости пароля:\n"
+" %s"
+
+#: src/utils_password.c:79
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Ошибка при проверке стойкости пароля: некорректная парольная фраза (%s)"
+
+#: src/utils_password.c:230 src/utils_password.c:244
+msgid "Error reading passphrase from terminal."
+msgstr "Ошибка чтения парольной фразы с терминала."
+
+#: src/utils_password.c:242
+msgid "Verify passphrase: "
+msgstr "Парольная фраза повторно: "
+
+#: src/utils_password.c:249
+msgid "Passphrases do not match."
+msgstr "Парольные фразы не совпадают."
+
+#: src/utils_password.c:287
+msgid "Cannot use offset with terminal input."
+msgstr "Невозможно использовать смещение при вводе с терминала."
+
+#: src/utils_password.c:291
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Введите парольную фразу: "
+
+#: src/utils_password.c:294
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Введите парольную фразу для %s: "
+
+#: src/utils_password.c:328
+msgid "No key available with this passphrase."
+msgstr "Ключ недоступен с этой парольной фразой."
+
+#: src/utils_password.c:330
+msgid "No usable keyslot is available."
+msgstr "Не найдено подходящего слота ключа."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Невозможно проверить парольную фразу не с входных tty."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Ошибка при открытии файла %s в режиме только для чтения."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Укажите корректный токен LUKS2 в формате JSON:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Ошибка чтения файла JSON."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Чтение прервано."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Ошибка при открытии файла %s в режиме записи."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Запись прервана."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Ошибка записи в файл JSON."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Автоматически обнаруженное активное устройство dm «%s» для устройства данных %s.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Не удалось автоматически обнаружить держателей устройства %s."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Устройство %s не является блочным.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Невозможно понять, активно устройство %s или нет.\n"
+"Вы действительно хотите продолжить перешифрование в отложенном режиме?\n"
+"Это может привести к потере данных, если устройство всё же активно.\n"
+"Для запуска перешифрования в оперативном режиме укажите параметр --active-name.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Устройство %s не является блочным. Невозможно автоматически определить активно\n"
+"оно или нет. Используйте --force-offline-reencrypt чтобы пропустить проверку и\n"
+"запустить отложенный режим (опасно!)."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Запрошенный параметр --resilience не может быть применён к текущей операции перешифрования."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Устройство зашифровывается не в LUKS2. Конфликт с параметром --encrypt."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Устройство расшифровывается не в LUKS2. Конфликт с параметром --dencrypt."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Устройство перешифровывается с использованием устойчивости datashift. Запрошенный параметр --resilience не может быть применён."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Устройству требуется восстановление перешифрования. Сначала запустите ремонт."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Устройство %s уже в режиме перешифрования LUKS2. Хотите продолжить предыдущую операцию инициализации?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Устаревшее перешифрование LUKS2 больше не поддерживается."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Перешифрование устройства с профилем целостности не поддерживается."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Запрошенный --sector-size %<PRIu32> несовместим с суперблоком %s\n"
+"(размер блока: %<PRIu32> байт), который обнаружен на устройстве %s."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Шифрование без отсоединённого заголовка (--header) невозможно без сокращения размера устройства данных (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Запрошенное смещение данных должно быть меньше или равно половине значения параметра --reduce-device-size."
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Подгоняется значение --reduce-device-size под двукратный размер --offset %<PRIu64> (секторов).\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Временный файл заголовка %s уже существует. Прекращение работы."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Невозможно создать временный файл заголовка %s."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Размер метаданных LUKS2 больше значения сдвига данных."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Не удалось поместить новый заголовок в начало устройства %s."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s теперь активен и готов для оперативного шифрования.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Активное устройство %s не является LUKS2."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Восстановление первоначального заголовка LUKS2."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Не удалось восстановить первоначальный заголовок LUKS2."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Файл заголовка %s не существует. Инициализировать расшифровку LUKS2 с устройства %s и экспортировать заголовок LUKS2 в файл %s?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Не удалось добавить/записать права в экспортируемый файл заголовка."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Ошибка при инициализации перешифрования. Резервный заголовок доступен в %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Расшифровка LUKS2 поддерживается только для устройства с отсоединённым заголовком (смещение данных равно 0)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Для шифрования недостаточно свободных слотов ключей."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Файл ключа можно использовать только с --key-slot или только при одном активном слоте."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Введите парольную фразу для слота ключа %d: "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Введите парольную фразу для слота ключа %u: "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Переходим на алгоритм шифрования данных %s.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Параметры сегмента данные не изменились. Перешифрование прервано."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Увеличение размера сектора шифрования на выключенном устройстве не поддерживается.\n"
+"Сначала включите устройство или используйте параметр --force-offline-reencrypt (опасно!)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Перешифрование прервано."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Продолжение перешифрования LUKS в принудительном отложенном режиме.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Устройство %s содержит повреждённые метаданные LUKS. Прерывание операции."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Устройство %s уже является устройством LUKS. Прерывание операции."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Устройство %s уже находится в режиме перешифрования LUKS. Прерывание операции."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "Для расшифровки LUKS2 требуется параметр --header."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "Для команды требуется в аргументе указать устройство."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Конфликтующие версии. Устройство %s использует LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Конфликтующие версии. Устройство %s в режиме перешифрования LUKS1."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Конфликтующие версии. Устройство %s использует LUKS2."
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Конфликтующие версии. Устройство %s в режиме перешифрования LUKS2."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Перешифрование LUKS2 уже инициализировано. Прекращение работы."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Перешифрование устройства в данный момент не выполняется."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Невозможно монопольно открыть устройство %s, оно уже используется."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Не удалось выделить выровненную память."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Невозможно прочитать с устройства %s."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Отметка устройства LUKS1 %s бесполезна."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Невозможно записать на устройство %s."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Невозможно записать в файл протокола перешифрования."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Невозможно прочитать файл протокола перешифрования."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Неверный формат журнала."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Файл протокола %s существует, подразумевается перешифрование.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Активируется временное устройство, задействуется старый заголовок LUKS."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Активируется временное устройство, задействуется новый заголовок LUKS."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Ошибка при активации временного устройства."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Не удалось задать смещение данных."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Не удалось задать размер метаданных."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Создан новый заголовок LUKS для устройства %s."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Создана резервная копия заголовка %s для устройства %s."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Ошибка при создании резервных копий заголовка LUKS."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Невозможно восстановить заголовок %s устройства %s."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Заголовок %s устройства %s восстановлен."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Невозможно открыть временное устройство LUKS."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Невозможно получить размер устройства."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "Ошибка ввода-вывода при перешифровании."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Указан некорректный UUID."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Невозможно открыть файл протокола перешифрования."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Расшифровка не выполняется, указанный UUID можно использовать только для возобновления приостановленного процесса расшифровки."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Перешифрование изменит: %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "ключ тома"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "установить хэш равным"
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", установить шифр равным"
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись раздела «%s».\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись суперблока «%s».\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Ошибка при инициализации определения подписей устройства."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Ошибка выполнения stat для устройства %s."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Ошибка при открытии файла %s в режиме чтения-записи."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Существующая подпись раздела «%s» на устройстве %s будет затёрта."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Существующая подпись суперблока «%s» на устройстве %s будет затёрта."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Ошибка при затирании подписи устройства."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Ошибка при определении подписи устройства %s."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Неправильный формат размера в параметре --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Параметр --%s не допускается одновременно указывать с действием %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Ошибка записи ssh-токена json."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Экспериментальный модуль cryptsetup для разблокировки устройств LUKS2 токеном\n"
+"с подключённого сервера SSH. В настоящее время этот модуль\n"
+"позволяет только добавление токена в существующий слот ключа.\n"
+"\n"
+"Указываемый сервер SSH должен содержать файл ключа в задаваемом пути\n"
+"с парольной фразой для существующего слота ключа на устройстве.\n"
+"Предоставленные идентификационные данные будут использованы cryptsetup для\n"
+"получения пароля при открытии устройства с помощью токена.\n"
+"\n"
+"Замечание: при добавлении токена предоставляемая информация (адрес сервера\n"
+"SSH, пользователь и пути) будет сохранена в заголовке LUKS2 в открытом виде."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<действие> <устройство>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Параметры для действия «add»:"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "IP-адрес/URL удалённого сервера для этого токена"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Имя пользователя, используемого на удалённом сервере"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Путь к файлу ключа на удалённом сервере"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Путь к ключу SSH для подключения к удалённому серверу"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Слот ключа, назначаемого токену. Если не указан, то токен будет назначен в первый слот ключа, который соответствует парольной фразе."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Общие параметры:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Показывать подробные сообщения об ошибках"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Показывать отладочные сообщения"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Показывать отладочные сообщения включая метаданные JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Ошибка при открытии и импорте закрытого ключа:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Ошибка при импорте закрытого ключа (защищён паролем?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Пароль к %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Не удалось разобрать аргументы.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Должно быть указано действие\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Для действия «%s» должно быть указано устройство.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Для действия «%s» должен быть указан сервер SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Для действия «%s» должен быть указан пользователь сервера SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Для действия «%s» должен быть указан путь на сервере SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Для действия «%s» должен быть указан путь к ключу сервера SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Не удалось открыть %s с помощью предоставленных идентификационных данных.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "В настоящее время этот модуль поддерживает только действие «add».\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Не удалось создать сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Не удалось инициализировать сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Не удалось открыть сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Не удалось выполнить функцию stat для файла по sftp: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Недостаточно памяти.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Не удалось прочитать удалённый ключ: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Сбой подключения: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Неизвестный сервер: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Способ аутентификации по открытому ключу запрещён на узле.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Ошибка при аутентификации по открытому ключу: "
+
+#~ msgid "WARNING: Data offset is outside of currently available data device.\n"
+#~ msgstr "ПРЕДУПРЕЖДЕНИЕ: смещение данных находится за пределами доступного в данный момент устройства данных.\n"
+
+#~ msgid "Cannot get process priority."
+#~ msgstr "Невозможно получить приоритет процесса."
+
+#~ msgid "Cannot unlock memory."
+#~ msgstr "Невозможно разблокировать память."
+
+#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+#~ msgstr "Будет создан блокирующий каталог %s/%s с правами по умолчанию, заданными при сборке программы."
+
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Ошибка чтения подписи BITLK из %s."
+
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Некорректная или неизвестная подпись устройства BITLK."
+
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Ошибка при затирании резервной копии сегмента данных."
+
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Не удалось выключить флаг требования перешифрования."
+
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Шифрование поддерживается только для формата LUKS2."
+
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "На %s обнаружено устройство LUKS. Хотите снова зашифровать это устройство LUKS?"
+
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "В настоящий момент поддерживается только формат LUKS2. Для LUKS1 используйте программу cryptsetup-reencrypt."
+
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Уже выполняется устаревшее внесистемное (offline) перешифрование. Используйте программу cryptsetup-reencrypt."
+
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "Устройство LUKS2 не перешифровывается."
+
+#~ msgid "Reencryption already in-progress."
+#~ msgstr "Уже выполняется перешифрование."
+
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Установка внесистемного (offline) флага перешифрования LUKS2 на устройстве %s."
+
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Эта версия cryptsetup-reencrypt не работает с новым типом внутреннего токена %s."
+
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Ошибка чтения флагов активации из резервной копии заголовка."
+
+#~ msgid "Failed to read requirements from backup header."
+#~ msgstr "Ошибка чтения требований из резервной копии заголовка."
+
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Изменённые параметры pbkdf в слоте ключа %i."
+
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Значение размера блока перешифрования должно быть в диапазоне от 1 МиБ до 64 МиБ."
+
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Максимальный размер сокращения устройства равен 64 МиБ."
+
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[ПАРАМЕТР…] <устройство>"
+
+#~ msgid "Argument required."
+#~ msgstr "Требуется аргумент."
+
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Параметр --new должен использоваться вместе с --reduce-device-size или --header."
+
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Параметр --keep-key можно использовать только с --hash, --iter-time или --pbkdf-force-iterations."
+
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Параметр --new нельзя использовать вместе с --decrypt."
+
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Параметр --decrypt несовместим с указанными параметрами."
+
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Параметр --uuid можно использовать только вместе с --decrypt."
+
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Некорректный тип luks. Возможные значения: «luks», «luks1» или «luks2»."
+
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Устройство %s уже используется. Невозможно продолжить выполнение операции форматирования."
+
+#~ msgid "No free token slot."
+#~ msgstr "Нет свободного слота под токен."
+
+#~ msgid "Failed to create builtin token %s."
+#~ msgstr "Ошибка при создании встроенного токена %s."
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Неверный тип устройства LUKS."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Шифр, используемый для шифрования диска (смотрите /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Хэш, используемый для создания ключа шифрования из парольной фразы"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Проверить правильность парольной фразы, запрашивая её дважды"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Прочитать ключ из файла"
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Прочитать (главный) ключ тома из файла."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Создать дамп (главного) ключа, а не информации слотов ключей"
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "Размер ключа шифрования"
+
+#~ msgid "BITS"
+#~ msgstr "БИТ"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Ограничить чтение из файла ключа"
+
+#~ msgid "bytes"
+#~ msgstr "байт"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Количество пропускаемых байтов в файле ключа"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Ограничить чтение из только что добавленного файла ключа"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Количество пропускаемых байтов в только что добавленном файле ключа"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Номер слота для нового ключа (по умолчанию первый свободный)"
+
+#~ msgid "The size of the device"
+#~ msgstr "Размер устройства"
+
+#~ msgid "SECTORS"
+#~ msgstr "СЕКТОРОВ"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Использовать только заданный размер устройства (игнорировать остаток устройства). ОПАСНО!"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Начальное смещение в нижележащем (backend) устройстве"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Сколько секторов зашифрованных данных пропускать от начала"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Создать отображение в режиме только для чтения"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Не запрашивать подтверждение"
+
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Время ожидания при ручном вводе парольной фразы (в секундах)"
+
+#~ msgid "secs"
+#~ msgstr "сек"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Обновление строки хода выполнения (в секундах)"
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Отформатирован с размером тега %u, внутренняя целостность %s.\n"
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Как часто можно повторять попытку ввода парольной фразы"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<устройство_целостности>"
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Выравнивать полезные данные по границам <n> секторов — для luksFormat"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<устройство_целостности> <имя>"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Файл резервной копии заголовка и слотов ключей LUKS"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<имя> — устройство, создаваемое на %s\n"
-"<устройство_целостности> — устройство, содержащее данные с тегами целостности\n"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Использовать /dev/random для генерации ключа тома"
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Встроенные параметры dm-integrity:\n"
-"\tАлгоритм контрольной суммы: %s\n"
-"\tМаксимальный размер файла ключа: %dКБ\n"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Использовать /dev/urandom для генерации ключа тома"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Путь к устройству данных (при разделении устройств)"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Совместно использовать устройство с другим неперекрывающимся шифрованным сегментом"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Размер журнала"
+#~ msgid "UUID for device to use"
+#~ msgstr "Используемый для устройства UUID"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Чередующиеся секторы"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Разрешить отбрасывать запросы (так называемые TRIM) к устройству"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Отметка журнала"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Устройство или файл с отдельным заголовком LUKS"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "процент"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Не активировать устройство, только проверить парольную фразу"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Время фиксации журнала"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Использовать скрытый заголовок (спрятанное устройство TCRYPT)"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "мс"
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Устройство является системным диском TCRYPT (с загрузчиком)"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Количество 512-байтовых секторов на бит (режим битовой карты)."
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Использовать резервный (вторичный) заголовок TCRYPT"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Время стирания в режиме битовой карты"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Также искать устройство совместимое с VeraCrypt"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Размер тега (на сектор)"
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Персональный умножитель итерации для устройства, совместимого с VeraCrypt"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Размер сектора"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Запрос персонального умножителя итерации для устройства, совместимого с VeraCrypt"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Размер буфера"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Тип метаданных устройства: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Алгоритм целостности данных"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Выключить проверку качество пароля (если включена)"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Размер ключа целостности данных"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Использовать параметр производительности same_cpu_crypt для dm-crypt"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Прочитать ключ целостности из файла"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Использовать параметр производительности submit_from_crypt_cpus для dm-crypt"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Алгоритм целостности журнала"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Пропускать dm-crypt workqueue и обрабатывать запросы чтения одновременно"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Размер ключа целостности журнала"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Пропускать dm-crypt workqueue и обрабатывать запросы записи одновременно"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Прочитать ключ целостности журнала из файла"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Удаление устройства отложено, пока его не закроет последний пользователь"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Алгоритм шифрования журнала"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Использовать глобальную блокировку для сериализации доступа на скорости памяти (memory-hard) PBKDF (для обхода OOM)"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Размер ключа шифрования журнала"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Время итерации PBKDF для LUKS (в мс)"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Прочитать ключ шифрования журнала из файла"
+#~ msgid "msecs"
+#~ msgstr "мс"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Режим восстановления (без проверки журнала и тегов)"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "Алгоритм PBKDF (для LUKS2): argon2i, argon2id, pbkdf2"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Использовать битовую карту для отслеживания изменений и выключить журналирование для устройства целостности"
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Ограничение стоимости памяти PBKDF"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Автоматически пересчитывать начальные теги."
+#~ msgid "kilobytes"
+#~ msgstr "килобайт"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Не защищать суперблок с помощью HMAC (старые ядра)"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Стоимость параллельности PBKDF"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Разрешить пересчёт томов с помощью ключей HMAC (старые ядра)"
+#~ msgid "threads"
+#~ msgstr "нити"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Параметр --integrity-recalculate можно использовать только для действия open."
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Стоимость итераций PBKDF (принудительная, оценка производительности отключена)"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Параметры --journal-size, --interleave-sectors, --sector-size, --tag-size и --no-wipe можно использовать только для действия format."
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Приоритет слота ключа: ignore, normal, prefer"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Неправильное задание размера журнала."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Выключить блокировку метаданных на диске"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Должны быть указаны параметры файла ключа и размер ключа одновременно."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Выключить загрузку ключей томов через связку ключей ядра"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Должны быть указаны параметры файла ключа целостности и размер ключа одновременно."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Алгоритм целостности данных (только для LUKS2)"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Если используется ключ целостности журнала, то должен быть указан алгоритм целостности журнала."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Выключить журналирование для устройства целостности"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Должны быть указаны параметры файла ключа шифрования и размер ключа одновременно."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Не затирать устройство после форматирования"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Если используется ключ шифрования журнала, то должен быть указан алгоритм шифрования журнала."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Использовать неэффективное устаревшее дополнение (старые ядра)"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Параметры восстановления и режима битовой карты взаимно исключают друг друга."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Не запрашивать парольную фразу, если активация токеном завершилась ошибкой"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Параметры журнала нельзя использовать в режиме битовой карты."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Номер токена (по умолчанию: любой)"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Параметр битовой карты можно использовать только в режиме битовой карты."
+#~ msgid "Key description"
+#~ msgstr "Описание ключа"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Уже выполняется перешифрование."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Размер сектора шифрования (по умолчанию: 512 байт)"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Невозможно монопольно открыть устройство %s, оно уже используется."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Использовать вычисленное IV как размер сектора (не 512 байт)"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Не удалось выделить выровненную память."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Задать набор постоянных флагов активации устройства"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Невозможно прочитать с устройства %s."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Задать метку устройства LUKS2"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "Отметка устройства LUKS1 %s бесполезна."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Задать метку подсистемы устройства LUKS2"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Установка внесистемного (offline) флага перешифрования LUKS2 на устройстве %s."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Создать или сделать дапм непривязанного (без назначенного сегмента данных) слота ключа LUKS2"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Невозможно записать на устройство %s."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Прочитать или записать json в файл"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Невозможно записать в файл протокола перешифрования."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Размер области метаданных заголовка LUKS2"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Невозможно прочитать файл протокола перешифрования."
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Размер области слотов ключей заголовка LUKS2"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Файл протокола %s существует, подразумевается перешифрование.\n"
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Обновить (реактивировать) устройство с новыми параметрами"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Активируется временное устройство, задействуется старый заголовок LUKS."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "Слот ключа LUKS2: Размер ключа шифрования"
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Активируется временное устройство, задействуется новый заголовок LUKS."
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "Слот ключа LUKS2: Шифр, используемый для шифрования слота ключа"
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Ошибка при активации временного устройства."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Зашифровать устройство LUKS2 (шифрование по месту (in-place))"
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Не удалось задать смещение данных."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Расшифровать устройство LUKS2 (удалить шифрование)"
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Не удалось задать размер метаданных."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Инициализировать перешифрование LUKS2 только метаданных."
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Создан новый заголовок LUKS для устройства %s."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Возобновить только инициализированное перешифрование LUKS2."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Эта версия cryptsetup-reencrypt не работает с новым типом внутреннего токена %s."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Сократить размер данных устройства (переместить смещение данных). ОПАСНО!"
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Ошибка чтения флагов активации из резервной копии заголовка."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Максимальный размер hotzone перешифрования."
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Ошибка записи флагов активации в новый заголовок."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Тип устойчивости перешифрования hotzone (checksum,journal,none)"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Ошибка чтения требований из резервной копии заголовка."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Контрольные хэш-суммы hotzone перешифрования"
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Создана резервная копия заголовка %s для устройства %s."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Заменить автоопределение устройства dm для перешифруемого устройства"
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Ошибка при создании резервных копий заголовка LUKS."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Параметр --deferred допускается только для команды close."
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Невозможно восстановить заголовок %s устройства %s."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Параметр --allow-discards допускается только для операции open."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "Заголовок %s устройства %s восстановлен."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Параметр --persistent допускается только для операции open."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Невозможно открыть временное устройство LUKS."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Параметр --serialize-memory-hard-pbkdf допускается только для операции open."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Невозможно получить размер устройства."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Параметр --key-size допускается только для luksFormat, luksAddKey,\n"
+#~ "действий open и benchmark. Для ограничения чтения из файла ключа используйте --keyfile-size=(байт)."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "Ошибка ввода-вывода при перешифровании."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Параметр --integrity допускается только для luksFormat (LUKS2)."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Указан некорректный UUID."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Параметры --label и --subsystem допускаются только для операций LUKS2 luksFormat и config."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Невозможно открыть файл протокола перешифрования."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "В параметре нельзя использовать отрицательные числа."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Расшифровка не выполняется, указанный UUID можно использовать только для возобновления приостановленного процесса расшифровки."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Параметр --use-[u]random допускается только для luksFormat."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Изменённые параметры pbkdf в слоте ключа %i."
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Параметр --uuid допускается только для luksFormat и luksUUID."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Размер блока перешифрования"
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Параметр --align-payload допускается только для luksFormat."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "МиБ"
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Параметры --luks2-metadata-size и --opt-luks2-keyslots-size допускаются только для операции luksFormat с LUKS2."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Не изменять ключ, нет области перешифрования данных"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Неправильно указан размер метаданных LUKS2."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Прочитать новый (главный) ключ тома из файла"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Неправильно указан размер слота ключа LUKS2."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Время итерации PBKDF2 для LUKS (мс)"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Параметр --offset поддерживается только для открытия устройств plain и loopaes, luksFormat и перешифрования устройства."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Использовать direct-io для доступа к устройствам"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Указано некорректное значение параметра --veracrypt-pim."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Вызывать fsync после каждого блока"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "Параметр размера сектора не поддерживается этой командой."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Обновлять файл протокола после каждого блока"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Параметр --refresh можно использовать только при действии open."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Использовать только этот слот (остальные будут выключены)"
+#~ msgid "Invalid device size specification."
+#~ msgstr "Неправильно указан размер устройства."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Создать новый заголовок на не шифрованном устройстве"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Переполнение размера сокращения."
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Окончательно расшифровать устройство (удалить шифрование)"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Не использовать проверочный суперблок"
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "Используемый для возобновления шифрования UUID"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Тип форматирования (1 - обычное, 0 - как в Chrome OS)"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Тип метаданных LUKS: luks1, luks2"
+#~ msgid "number"
+#~ msgstr "число"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[ПАРАМЕТР…] <устройство>"
+#~ msgid "Block size on the data device"
+#~ msgstr "Размер блока устройства данных"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Перешифрование изменит: %s%s%s%s%s%s."
+#~ msgid "Block size on the hash device"
+#~ msgstr "Размер блока устройства хэша"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "ключ тома"
+#~ msgid "FEC parity bytes"
+#~ msgstr "байты чётности FEC"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "установить хэш равным"
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Количество блоков в файле данных"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", установить шифр равным"
+#~ msgid "blocks"
+#~ msgstr "блоков"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Требуется аргумент."
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Путь к устройству с данными коррекции ошибок"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Значение размера блока перешифрования должно быть в диапазоне от 1 МиБ до 64 МиБ."
+#~ msgid "path"
+#~ msgstr "путь"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Максимальный размер сокращения устройства равен 64 МиБ."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Начальное смещение на устройстве хэша"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Параметр --new должен использоваться вместе с --reduce-device-size или --header."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Начальное смещение на устройстве FEC"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Параметр --keep-key можно использовать только с --hash, --iter-time или --pbkdf-force-iterations."
+#~ msgid "Hash algorithm"
+#~ msgstr "Алгоритм хэширования"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Параметр --new нельзя использовать вместе с --decrypt."
+#~ msgid "string"
+#~ msgstr "строка"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Параметр --decrypt несовместим с указанными параметрами."
+#~ msgid "Salt"
+#~ msgstr "Соль"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Параметр --uuid можно использовать только вместе с --decrypt."
+#~ msgid "hex string"
+#~ msgstr "шестн. строка"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Некорректный тип luks. Возможные значения: «luks», «luks1» или «luks2»."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Путь к файлу с подписью корневого хэша"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Ошибка чтения ответа с терминала."
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Перезапустить ядро, если обнаружится повреждение"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Команда выполнена успешно.\n"
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Включить панику в ядре, если обнаружится повреждение"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "некорректные или отсутствующие параметры"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Игнорировать повреждение, только запротоколировать"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "нет прав или некорректная парольная фраза"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Не проверять обнулённые блоки"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "недостаточно памяти"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Проверять блок данных только при первом чтении"
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "указано некорректное устройство или файл"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Параметр --ignore-corruption, --restart-on-corruption или --ignore-zero-blocks допускается только для операции open."
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "устройство уже существует или занято"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Параметр --root-hash-signature можно использовать только для действия open."
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "неизвестная ошибка"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Путь к устройству данных (при разделении устройств)"
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Сбой команды, код %i (%s).\n"
+#~ msgid "Journal size"
+#~ msgstr "Размер журнала"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Создан слот ключа %i."
+#~ msgid "Interleave sectors"
+#~ msgstr "Чередующиеся секторы"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Слот ключа %i разблокирован."
+#~ msgid "Journal watermark"
+#~ msgstr "Отметка журнала"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Слот ключа %i удалён."
+#~ msgid "percent"
+#~ msgstr "процент"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Создан токен %i."
+#~ msgid "Journal commit time"
+#~ msgstr "Время фиксации журнала"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Токен %i удалён."
+#~ msgid "ms"
+#~ msgstr "мс"
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Затирание прервано."
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Количество 512-байтовых секторов на бит (режим битовой карты)."
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись раздела «%s».\n"
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Время стирания в режиме битовой карты"
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "ПРЕДУПРЕЖДЕНИЕ: Устройство %s уже содержит подпись суперблока «%s».\n"
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Размер тега (на сектор)"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Ошибка при инициализации определения подписей устройства."
+#~ msgid "Sector size"
+#~ msgstr "Размер сектора"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "Ошибка выполнения stat для устройства %s."
+#~ msgid "Buffers size"
+#~ msgstr "Размер буфера"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Устройство %s уже используется. Нельзя продолжать выполнение операции форматирования."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Алгоритм целостности данных"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Ошибка при открытии файла %s в режиме чтения-записи."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Размер ключа целостности данных"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Существующая подпись раздела «%s» (смещение: %<PRIi64> байт) на устройстве %s будет затёрта."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Прочитать ключ целостности из файла"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Существующая подпись суперблока «%s» (смещение: %<PRIi64> байт) на устройстве %s будет затёрта."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Алгоритм целостности журнала"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Ошибка при затирании подписи устройства."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Размер ключа целостности журнала"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Ошибка при определении подписи устройства %s."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Прочитать ключ целостности журнала из файла"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Перешифрование прервано."
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Алгоритм шифрования журнала"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Невозможно проверить стойкость пароля: %s"
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Размер ключа шифрования журнала"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Ошибка при проверке стойкости пароля:\n"
-" %s"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Прочитать ключ шифрования журнала из файла"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Ошибка при проверке стойкости пароля: некорректная парольная фраза (%s)"
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Режим восстановления (без проверки журнала и тегов)"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Ошибка чтения парольной фразы с терминала."
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Использовать битовую карту для отслеживания изменений и выключить журналирование для устройства целостности"
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Парольная фраза повторно: "
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Автоматически пересчитывать начальные теги."
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Парольные фразы не совпадают."
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Не защищать суперблок с помощью HMAC (старые ядра)"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Невозможно использовать смещение при вводе с терминала."
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Разрешить пересчёт томов с помощью ключей HMAC (старые ядра)"
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Введите парольную фразу: "
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Параметр --integrity-recalculate можно использовать только для действия open."
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Введите парольную фразу для %s: "
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Параметры --journal-size, --interleave-sectors, --sector-size, --tag-size и --no-wipe можно использовать только для действия format."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Ключ недоступен с этой парольной фразой."
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Неправильное задание размера журнала."
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Не найдено подходящего слота ключа."
+#~ msgid "Reencryption block size"
+#~ msgstr "Размер блока перешифрования"
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Невозможно открыть файл ключа %s для записи."
+#~ msgid "MiB"
+#~ msgstr "МиБ"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Невозможно записать в файл ключа %s."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Не изменять ключ, нет области перешифрования данных"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Ошибка при открытии файла %s в режиме только для чтения."
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Прочитать новый (главный) ключ тома из файла"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Укажите корректный токен LUKS2 в формате JSON:\n"
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Использовать direct-io для доступа к устройствам"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Ошибка чтения файла JSON."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Вызывать fsync после каждого блока"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Чтение прервано."
+#~ msgid "Update log file after every block"
+#~ msgstr "Обновлять файл протокола после каждого блока"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Ошибка при открытии файла %s в режиме записи."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Использовать только этот слот (остальные будут выключены)"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Запись прервана."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Создать новый заголовок на не шифрованном устройстве"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Ошибка записи в файл JSON."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Окончательно расшифровать устройство (удалить шифрование)"
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Ð\9dе Ñ\83далоÑ\81Ñ\8c вÑ\8bклÑ\8eÑ\87иÑ\82Ñ\8c Ñ\84лаг Ñ\82Ñ\80ебованиÑ\8f пеÑ\80еÑ\88иÑ\84Ñ\80ованиÑ\8f."
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "Ð\98Ñ\81полÑ\8cзÑ\83емÑ\8bй длÑ\8f возобновлениÑ\8f Ñ\88иÑ\84Ñ\80ованиÑ\8f UUID"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Кажется, что устройству не требуется восстановление перешифрования.\n"
-#~ "Продолжить?"
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Тип метаданных LUKS: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "ПРЕДУПРЕЖДЕНИЕ: Каталог блокировки %s/%s отсутствует!\n"
#~ msgid "Parameter --refresh is only allowed with open or refresh commands."
#~ msgstr "Параметр --refresh допускается только с командами open и refresh."
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Шифр %s недоступен."
-
#~ msgid "Unsupported encryption sector size.\n"
#~ msgstr "Неподдерживаемый размер сектора шифрования.\n"
#~ msgid "Online reencryption in progress. Aborting."
#~ msgstr "Ведётся оперативное (online) перешифрование. Прерываемся."
-#~ msgid "No LUKS2 reencryption in progress."
-#~ msgstr "Перешифрование LUKS2 в данный момент не выполняется."
-
#~ msgid "Interrupted by a signal."
#~ msgstr "Прервано сигналом."
#~ msgid "Function not available in FIPS mode."
#~ msgstr "Функция не доступна в режиме FIPS."
-#~ msgid "Failed to write hash."
-#~ msgstr "Ошибка записи хэша."
-
#~ msgid "Failed to finalize hash."
#~ msgstr "Ошибка завершения хэша."
#~ msgid "Failed to assign digest %u to segment %u."
#~ msgstr "Ошибка при назначении дайджеста %u в сегмент %u."
-#~ msgid "Failed to set segments."
-#~ msgstr "Ошибка при задании сегментов."
-
#~ msgid "Failed to assign reencrypt previous backup segment."
#~ msgstr "Ошибка при назначении предыдущей резервной копии сегмента reencrypt."
#~ msgid "Error: Calculated reencryption offset %<PRIu64> is beyond device size %<PRIu64>."
#~ msgstr "Ошибка: вычисленное смещение перешифрования %<PRIu64> находится за границей размера устройства %<PRIu64>."
-#~ msgid "Device is not in clean reencryption state."
-#~ msgstr "Устройство не в начальном (clean) состояния перешифрования."
-
#~ msgid "Failed to calculate new segments."
#~ msgstr "Ошибка при вычислении новых сегментов."
-#~ msgid "Failed to assign pre reenc segments."
-#~ msgstr "Ошибка при назначении сегментов pre reenc."
-
#~ msgid "Failed finalize hotzone resilience, retval = %d"
#~ msgstr "Ошибка завершения устойчивости hotzone, retval = %d"
# Serbian translation for cryptsetup.
# Copyright © 2014 Free Software Foundation, Inc.
# This file is distributed under the same license as the cryptsetup package.
-# Мирослав Николић <miroslavnikolic@rocketmail.com>, 2014–2021.
+# Мирослав Николић <miroslavnikolic@rocketmail.com>, 2014–2022.
+#
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup-2.3.5-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-03-28 09:55+0200\n"
+"Project-Id-Version: cryptsetup-2.5.0-rc1\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2022-07-14 14:04+0200\n"
+"PO-Revision-Date: 2022-09-08 05:02+0200\n"
"Last-Translator: Мирослав Николић <miroslavnikolic@rocketmail.com>\n"
"Language-Team: Serbian <(nothing)>\n"
"Language: sr\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:417
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Не могу да покренем мапера уређаја, радим као обичан корисник."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:420
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Не могу да покренем мапера уређаја. Да ли је учитан модул кернела „dm_mod“?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1171
msgid "Requested deferred flag is not supported."
msgstr "Затражена одложена заставица није подржана."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1240
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "ДМ-УЈИБ за уређај „%s“ је скраћен."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1570
msgid "Unknown dm target type."
msgstr "Непозната врста „dm“ мете."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763
+#: lib/libdevmapper.c:1766
msgid "Requested dm-crypt performance options are not supported."
msgstr "Затражене опције перформанси дм-шифровања нису подржане."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Затражене опције рада оштећених података дм-веритија нису подржане."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1714
msgid "Requested dm-verity FEC options are not supported."
msgstr "Затражене „dm-verity FEC“ опције нису подржане."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1718
msgid "Requested data integrity options are not supported."
msgstr "Затражене опције целовитости података нису подржане."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1720
msgid "Requested sector_size option is not supported."
msgstr "Затражене опције величине одељка нису подржане."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Затражене опције самосталног прерачунавања ознака целовитости нису подржане."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772
+#: lib/luks2/luks2_json_metadata.c:2552
msgid "Discard/TRIM is not supported."
msgstr "Одбацивање/ОДСЕЦАЊЕ није подржано."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1737
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Затражени режим битмапе дм-целовитости није подржан."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2763
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Нисам успео да пропитам „dm-%s“ подеок."
-#: lib/random.c:75
+#: lib/random.c:74
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Систем је ван ентропије приликом стварања кључа волумена.\n"
"Померите миша или откуцајте неки текст у другом прозору да прикупите неке насумичне догађаје.\n"
-#: lib/random.c:79
+#: lib/random.c:78
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Стварам кључ (%d %% је урађено).\n"
-#: lib/random.c:165
+#: lib/random.c:164
msgid "Running in FIPS mode."
msgstr "Ради у „FIPS“ режиму."
-#: lib/random.c:171
+#: lib/random.c:170
msgid "Fatal error during RNG initialisation."
msgstr "Кобна грешка за време покретања „RNG“-а."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Затражен је непознат квалитет „RNG“-а."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Грешка читања из „RNG“-а."
-#: lib/setup.c:229
+#: lib/setup.c:226
msgid "Cannot initialize crypto RNG backend."
msgstr "Не могу да покренем „RNG“ позадинца криптографије."
-#: lib/setup.c:235
+#: lib/setup.c:232
msgid "Cannot initialize crypto backend."
msgstr "Не могу да покренем позадинца криптографије."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Хеш алгоритам „%s“ није подржан."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:266 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Грешка обраде кључа (користим хеш %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:332 lib/setup.c:359
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Не могу да одредим врсту уређаја. Несагласно покретање уређаја?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:338 lib/setup.c:3221
msgid "This operation is supported only for LUKS device."
msgstr "Ова радња је подржана само за ЛУКС уређај."
-#: lib/setup.c:368
+#: lib/setup.c:365
msgid "This operation is supported only for LUKS2 device."
msgstr "Ова радња је подржана само за ЛУКС2 уређај."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985
msgid "All key slots full."
msgstr "Сви утори кључева су пуни."
-#: lib/setup.c:434
+#: lib/setup.c:431
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Утор кључа %d није исправан, изаберите између 0 и %d."
-#: lib/setup.c:440
+#: lib/setup.c:437
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Утор кључа %d је пун, изаберите неки други."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:522 lib/setup.c:2946
msgid "Device size is not aligned to device logical block size."
msgstr "Величина уређаја није поравната на величину логичког блока уређаја."
-#: lib/setup.c:624
+#: lib/setup.c:620
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Заглавље је откривено али уређај „%s“ је премали."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335
+#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159
msgid "This operation is not supported for this device type."
msgstr "Ова радња није подржана за ову врсту уређаја."
msgid "Illegal operation with reencryption in-progress."
msgstr "Неисправна радња са поновним шифровањем је у току."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524
+#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449
+#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380
+#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378
+#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Уређај „%s“ није исправан ЛУКС уређај."
+
+#: lib/setup.c:836 lib/luks1/keymanage.c:527
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Неподржано ЛУКС издање %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694
+#: lib/setup.c:2859 lib/setup.c:4807
#, c-format
msgid "Device %s is not active."
msgstr "Уређај „%s“ није радан."
-#: lib/setup.c:1444
+#: lib/setup.c:1448
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Основни уређај за криптографски уређај „%s“ је нестао."
-#: lib/setup.c:1524
+#: lib/setup.c:1528
msgid "Invalid plain crypt parameters."
msgstr "Неисправни параметри обичне криптографије."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1533 lib/setup.c:1983
msgid "Invalid key size."
msgstr "Неисправна величина кључа."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191
msgid "UUID is not supported for this crypt type."
msgstr "УЈИБ није подржан за ову врсту криптографије."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1543 lib/setup.c:1993
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Откачени уређај метаподатака није подржан за ову врсту криптографије."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941
+#: src/cryptsetup.c:1250 src/cryptsetup.c:3072
msgid "Unsupported encryption sector size."
msgstr "Неподржана величина одељка шифровања."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940
msgid "Device size is not aligned to requested sector size."
msgstr "Величина уређаја није поравната на затражену величину одељка."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1613 lib/setup.c:1733
msgid "Can't format LUKS without device."
msgstr "Не могу да обликујем ЛУКС без уређаја."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1619 lib/setup.c:1739
msgid "Requested data alignment is not compatible with data offset."
msgstr "Затражено поравнање података није сагласно са померајем података."
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1687 lib/setup.c:1883
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr "УПОЗОРЕЊЕ: Померај података је ван тренутно доступног уређаја података.\n"
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Не могу да обришем заглавље на уређају „%s“."
-#: lib/setup.c:1744
+#: lib/setup.c:1774
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "УПОЗОРЕЊЕ: Покретање уређаја неће успети, „dm-crypt“-у недостаје подршка за затражену величину одељка шифровања.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1797
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Кључ волумена је премали за шифровање са проширењима целовитости."
-#: lib/setup.c:1821
+#: lib/setup.c:1857
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Шифрер %s-%s (величина кључа %zd бита) није доступан."
-#: lib/setup.c:1854
+#: lib/setup.c:1886
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "УПОЗОРЕЊЕ: Величина ЛУКС2 метаподатака је промењена на %<PRIu64> бајта.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1890
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "УПОЗОРЕЊЕ: Величина области ЛУКС2 утора кључева је промењена на %<PRIu64> бајта.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254
#, c-format
msgid "Device %s is too small."
msgstr "Уређај „%s“ је премали."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1927 lib/setup.c:1953
#, c-format
msgid "Cannot format device %s in use."
msgstr "Не могу да обликујем уређај „%s“ у употреби."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1930 lib/setup.c:1956
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Не могу да обликујем уређај „%s“, овлашћење је одбијено."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1942 lib/setup.c:2263
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Не могу да обликујем целовитост за уређај „%s“."
-#: lib/setup.c:1926
+#: lib/setup.c:1960
#, c-format
msgid "Cannot format device %s."
msgstr "Не могу да обликујем уређај „%s“."
-#: lib/setup.c:1944
+#: lib/setup.c:1978
msgid "Can't format LOOPAES without device."
msgstr "Не могу да обликујем „LOOPAES“ без уређаја."
-#: lib/setup.c:1989
+#: lib/setup.c:2023
msgid "Can't format VERITY without device."
msgstr "Не могу да обликујем „VERITY“ без уређаја."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2034 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Неподржана врста „VERITY“ хеша %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2040 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Неподржана величина блока „VERITY“."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2045 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Неподржан померај хеша „VERITY“."
-#: lib/setup.c:2016
+#: lib/setup.c:2050
msgid "Unsupported VERITY FEC offset."
msgstr "Неподржан „VERITY FEC“ померај."
-#: lib/setup.c:2040
+#: lib/setup.c:2074
msgid "Data area overlaps with hash area."
msgstr "Област података се преклапа са облашћу хеша."
-#: lib/setup.c:2065
+#: lib/setup.c:2099
msgid "Hash area overlaps with FEC area."
msgstr "Област хеша се преклапа са „FEC“ облашћу."
-#: lib/setup.c:2072
+#: lib/setup.c:2106
msgid "Data area overlaps with FEC area."
msgstr "Област података се преклапа са „FEC“ облашћу."
-#: lib/setup.c:2208
+#: lib/setup.c:2242
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "УПОЗОРЕЊЕ: Затражена величина ознаке %d бајта се разликује од излаза величине „%s“ (%d бајта).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2321
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Затражена је непозната врста „%s“ криптографског уређаја."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Неподржани параметри на уређају „%s“."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837
+#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Неодговарајући параметри на уређају „%s“."
-#: lib/setup.c:2664
+#: lib/setup.c:2731
msgid "Crypt devices mismatch."
msgstr "Криптографски уређаји се не поклапају."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315
+#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007
#, c-format
msgid "Failed to reload device %s."
msgstr "Нисам успео поново да учитам уређај „%s“."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286
+#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867
#, c-format
msgid "Failed to suspend device %s."
msgstr "Нисам успео да обуставим уређај „%s“."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300
+#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920
+#: lib/luks2/luks2_reencrypt.c:4011
#, c-format
msgid "Failed to resume device %s."
msgstr "Нисам успео да наставим са уређајем „%s“."
-#: lib/setup.c:2735
+#: lib/setup.c:2806
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Кобна грешка приликом поновног учитавања уређаја „%s“ (на врху уређаја „%s“)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2809 lib/setup.c:2811
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Нисам успео да променим уређај „%s“ на дм-грешку."
-#: lib/setup.c:2817
+#: lib/setup.c:2891
msgid "Cannot resize loop device."
msgstr "Не могу да променим величину уређаја петље."
-#: lib/setup.c:2890
+#: lib/setup.c:2931
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr ""
+"УПОЗОРЕЊЕ: Највећа величина је већ постављена или кернел не подржава промену величине.\n"
+"\n"
+
+#: lib/setup.c:2989
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Промена величине није успела, кернел је не подржава."
+
+#: lib/setup.c:3021
msgid "Do you really want to change UUID of device?"
msgstr "Да ли стварно желите да измените УЈИБ уређаја?"
-#: lib/setup.c:2966
+#: lib/setup.c:3113
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Датотека резерве заглавља не садржи сагласно ЛУКС заглавље."
-#: lib/setup.c:3066
+#: lib/setup.c:3229
#, c-format
msgid "Volume %s is not active."
msgstr "Волумен „%s“ није радан."
-#: lib/setup.c:3077
+#: lib/setup.c:3240
#, c-format
msgid "Volume %s is already suspended."
msgstr "Волумен „%s“ је већ обустављен."
-#: lib/setup.c:3090
+#: lib/setup.c:3253
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Обустављање није подржано за уређај „%s“."
-#: lib/setup.c:3092
+#: lib/setup.c:3255
#, c-format
msgid "Error during suspending device %s."
msgstr "Грешка за време обустављања уређаја „%s“."
-#: lib/setup.c:3128
+#: lib/setup.c:3290
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Настављање није подржано за уређај „%s“."
-#: lib/setup.c:3130
+#: lib/setup.c:3292
#, c-format
msgid "Error during resuming device %s."
msgstr "Грешка за време настављања уређаја „%s“."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489
+#: src/cryptsetup.c:2207
#, c-format
msgid "Volume %s is not suspended."
msgstr "Волумен „%s“ није обустављен."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597
+#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790
msgid "Volume key does not match the volume."
msgstr "Кључ волумена не одговара волумену."
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3540 lib/setup.c:3745
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Не могу да додам утор кључа, сви утори су искључени а није обезбеђен ниједан кључ волумена."
-#: lib/setup.c:3487
+#: lib/setup.c:3697
msgid "Failed to swap new key slot."
msgstr "Нисам успео да разменим нови утор кључа."
-#: lib/setup.c:3673
+#: lib/setup.c:3883
#, c-format
msgid "Key slot %d is invalid."
msgstr "Утор кључа „%d“ није исправан."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936
+#: src/cryptsetup.c:2540 src/cryptsetup.c:2597
#, c-format
msgid "Keyslot %d is not active."
msgstr "Утор кључа „%d“ није радан."
-#: lib/setup.c:3698
+#: lib/setup.c:3908
msgid "Device header overlaps with data area."
msgstr "Заглавље уређаја се преклапа са облашћу података."
-#: lib/setup.c:3992
+#: lib/setup.c:4213
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Поновно шифровање је у току. Не могу да активирам уређај."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635
+#: lib/luks2/luks2_reencrypt.c:3565
msgid "Failed to get reencryption lock."
msgstr "Нисам успео да добавим закључавање поновног шифровања."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584
msgid "LUKS2 reencryption recovery failed."
msgstr "Опоравак ЛУКС2 поновног шифровања није успело."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4396 lib/setup.c:4661
msgid "Device type is not properly initialized."
msgstr "Врста уређаја није исправно покренута."
-#: lib/setup.c:4223
+#: lib/setup.c:4444
#, c-format
msgid "Device %s already exists."
msgstr "Већ постоји уређај „%s“."
-#: lib/setup.c:4230
+#: lib/setup.c:4451
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Не могу да користим уређај „%s“, назив није исправан или је још у употреби."
-#: lib/setup.c:4350
+#: lib/setup.c:4571
msgid "Incorrect volume key specified for plain device."
msgstr "Наведен је неисправан кључ волумена за обичан уређај."
-#: lib/setup.c:4463
+#: lib/setup.c:4687
msgid "Incorrect root hash specified for verity device."
msgstr "Наведен је неисправан хеш корена за уређај тачности."
-#: lib/setup.c:4470
+#: lib/setup.c:4697
msgid "Root hash signature required."
msgstr "Потпис хеша корена је потребан."
-#: lib/setup.c:4479
+#: lib/setup.c:4706
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Привезак кључева кернела недостаје: потребан је за прослеђивање потписа кернелу."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4723 lib/setup.c:6218
msgid "Failed to load key in kernel keyring."
msgstr "Нисам успео да учитам кључ у привеску кључева кернела."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4779
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Не могу да откажем различно уклањање из уређаја „%s“."
+
+#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Уређај „%s“ је још увеку употреби."
-#: lib/setup.c:4574
+#: lib/setup.c:4811
#, c-format
msgid "Invalid device %s."
msgstr "Неисправан уређај „%s“."
-#: lib/setup.c:4690
+#: lib/setup.c:4927
msgid "Volume key buffer too small."
msgstr "Међумеморија кључа волумена је премала."
-#: lib/setup.c:4698
+#: lib/setup.c:4935
msgid "Cannot retrieve volume key for plain device."
msgstr "Не могу да довучем кључ волумена за обичан уређај."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Не могу да довучем хеш корена за уређај тачности."
-#: lib/setup.c:4717
+#: lib/setup.c:4956
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Ова радња није подржана за криптографски уређај „%s“."
-#: lib/setup.c:4923
+#: lib/setup.c:5130 lib/setup.c:5141
msgid "Dump operation is not supported for this device type."
msgstr "Радња исписа није подржана за ову врсту уређаја."
-#: lib/setup.c:5251
+#: lib/setup.c:5471
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Померај података није умножак %u бајта."
-#: lib/setup.c:5536
+#: lib/setup.c:5756
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Не могу да преобратим уређај „%s“ који је још увек у употреби."
-#: lib/setup.c:5833
+#: lib/setup.c:6075
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Нисам успео да доделим утор кључа „%u“ као нови кључ волумена."
-#: lib/setup.c:5906
+#: lib/setup.c:6148
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Нисам успео да покренем основне параметре ЛУКС2 утора кључа."
-#: lib/setup.c:5912
+#: lib/setup.c:6154
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Нисам успео да доделим утор кључа „%d“ за преглед."
-#: lib/setup.c:6043
+#: lib/setup.c:6285
msgid "Kernel keyring is not supported by the kernel."
msgstr "Привезак кључева кернела није подржан кернелом."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Нисам успео да прочитам пропусну реч из привеска кључа (грешка %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6319
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Нисам успео да остварим опште закључавање серијализације приступа чврстој меморији."
msgid "Cannot unlock memory."
msgstr "Не могу да откључам меморију."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502
msgid "Failed to open key file."
msgstr "Нисам успео да отворим датотеку кључа."
msgid "Cannot read keyfile from a terminal."
msgstr "Не могу да прочитам датотеку кључа из терминала."
-#: lib/utils.c:190
+#: lib/utils.c:189
msgid "Failed to stat key file."
msgstr "Нисам успео да добавим податке датотеке кључа."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:197 lib/utils.c:218
msgid "Cannot seek to requested keyfile offset."
msgstr "Не могу да премотам на затражени померај датотеке кључа."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226
+#: src/utils_password.c:238
msgid "Out of memory while reading passphrase."
msgstr "Нестало је меморије приликом читања пропусне речи."
-#: lib/utils.c:248
+#: lib/utils.c:247
msgid "Error reading passphrase."
msgstr "Грешка читања пропусне речи."
-#: lib/utils.c:265
+#: lib/utils.c:264
msgid "Nothing to read on input."
msgstr "Нема ничега за читање на улазу."
-#: lib/utils.c:272
+#: lib/utils.c:271
msgid "Maximum keyfile size exceeded."
msgstr "Премашена је највећа величина датотеке кључа."
-#: lib/utils.c:277
+#: lib/utils.c:276
msgid "Cannot read requested amount of data."
msgstr "Не могу да прочитам затражену количину података."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Уређај „%s“ не постоји или је приступ одбијен."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:218
#, c-format
msgid "Device %s is not compatible."
msgstr "Уређај „%s“ није сагласан."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:562
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Занемарујем лажну оптималну-уи величину за уређај података (%u бајта)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:720
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Уређај „%s“ је премали. Захтева барем %<PRIu64> бајта."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:801
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Не могу да користим уређај „%s“ који је у употреби (већ мапиран или прикачен)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:805
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Не могу да користим уређај „%s“, овлашћење је одбијено."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:808
#, c-format
msgid "Cannot get info about device %s."
msgstr "Не могу да добавим податке о уређају „%s“."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:831
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Не могу да користим уређај повратне петље, радим као обичан корисник."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:842
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Прикачињање уређаја повратне петље није успело (потребан је уређај петље са опцијом самочишћења)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:890
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Захтевани померај је изван стварне величине уређаја „%s“."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:898
#, c-format
msgid "Device %s has zero size."
msgstr "Уређај „%s“ има нулту величину."
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Закључавање је прекинуто. Путања закључавања „%s/%s“ је неискористива („%s“ није директоријум)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Не могу да премотам на померај уређаја."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Грешка брисања уређаја, померај %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Спецификација шифрера треба бити у запису „[шифрер]-[режим]-[ив]“."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364
+#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125
+#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Не могу да пишем на уређај „%s“, овлашћење је одбијено."
msgstr "Нисам успео да приступм привременом уређају смештаја кључа."
#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Грешка УИ приликом шифровања утора кључа."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367
+#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680
+#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320
+#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349
+#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272
+#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424
+#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Не могу да отворим уређај „%s“."
msgid "IO error while decrypting keyslot."
msgstr "Грешка УИ приликом дешифровања утора кључа."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Уређај „%s“ је премали. (ЛУКС1 захтева барем %<PRIu64> бајта.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "ЛУКС утор кључа „%u“ није исправан."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Уређај „%s“ није исправан ЛУКС уређај."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Затражена датотека резерве заглавља „%s“ већ постоји."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Не могу да направим резервну датотеку заглавља „%s“."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Не могу да запишем резервну датотеку заглавља „%s“."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330
msgid "Backup file does not contain valid LUKS header."
msgstr "Датотека резерве не садржи исправно ЛУКС заглавље."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590
+#: lib/luks2/luks2_json_metadata.c:1351
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Не могу да отворим резервну датотеку заглавља „%s“."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Не могу да прочитам резервну датотеку заглавља „%s“."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:337
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Померај датума или величина кључа се разликују на уређају и резерви, враћање није успело."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:345
#, c-format
msgid "Device %s %s%s"
msgstr "Уређај %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:346
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "не садржи ЛУКС заглавље. Замена заглавља може да уништи податке на том уређају."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:347
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "већ садржи ЛУКС заглавље. Замена заглавља ће уништити постојеће уторе кључева."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"УПОЗОРЕЊЕ: право заглавље уређаја има другачији УЈИБ од резерве!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:395
msgid "Non standard key size, manual repair required."
msgstr "Неуобичајена величина кључа, потребна је ручна поправка."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:405
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Неуобичајено поравнање утора кључева, потребна је ручна поправка."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:414
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Режим шифрера је оправљен (%s → %s)."
+
+#: lib/luks1/keymanage.c:425
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Хеш шифрера је преправљен на мала слова (%s)."
+
+#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533
+#: lib/luks1/keymanage.c:789
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Затражени ЛУКС хеш „%s“ није подржан."
+
+#: lib/luks1/keymanage.c:441
msgid "Repairing keyslots."
msgstr "Поправљам уторе кључева."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:460
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Утор кључа %i: померај је оправљен (%u —> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:468
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Утор кључа %i: траке су оправљене (%u —> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:477
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Утор кључа %i: лажан потпис партиције."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:482
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Утор кључа %i: присолак је обрисан."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:499
msgid "Writing LUKS header to disk."
msgstr "Записујем ЛУКС заглавље на диск."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:504
msgid "Repair failed."
msgstr "Поправка није успела."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:559
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Затражени ЛУКС хеш „%s“ није подржан."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Режим ЛУКС шифрера „%s“ није исправан."
+
+#: lib/luks1/keymanage.c:564
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "ЛУКС хеш „%s“ није исправан."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144
msgid "No known problems detected for LUKS header."
msgstr "Нису откривени познати проблеми за ЛУКС заглавље."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:699
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Грешка приликом освежавања ЛУКС заглавља на уређају „%s“."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:707
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Грешка поновног читања ЛУКС заглавља након освежења на уређају „%s“."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:783
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Померај података за ЛУКС заглавље мора бити или 0 или већи од величине заглавља."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863
+#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175
+#: src/utils_reencrypt.c:475
msgid "Wrong LUKS UUID format provided."
msgstr "Достављен је погрешан запис ЛУКС УЈИБ-а."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:816
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Не могу да направим ЛУКС заглавље: није успело читање насумичног присолка."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:842
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Не могу да направим ЛУКС заглавље: није успео преглед заглавља (користим хеш „%s“)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:886
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Утор кључа „%d“ је радан, прво прочистите."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:892
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Материјал утора кључа „%d“ обухвата премало трака. Да управљам заглављем?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:1033
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Не могу да отворим утор кључа (користим хеш %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1111
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Утор кључа %d није исправан, изаберите га између 0 и %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Не могу да обришем уређај „%s“."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Језгро не подржава мапирање сагласно са „AES“ петљом."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:509
#, c-format
msgid "Error reading keyfile %s."
msgstr "Грешка читања датотеке кључа „%s“."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:559
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Премашена је највећа дужина „TCRYPT“ пропусне речи (%zu)."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:601
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "„PBKDF2“ алгоритам хеша „%s“ није доступан, прескачем."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019
msgid "Required kernel crypto interface not available."
msgstr "Није доступно затражено сучеље криптографије језгра."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Уверите се да је учитан модул кернела „algif_skcipher“."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:763
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Покретање није подржано за величину %d области."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:769
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Језгро не подржава покретање за овај стари „TCRYPT“ режим."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:800
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Покрећем „TCRYPT“ систем шифровања за партицију „%s“."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:883
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Кернел не подржава мапирање сагласно са „TCRYPT“-ом."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1096
msgid "This function is not supported without TCRYPT header load."
msgstr "Ова функција није подржана без учитавања „TCRYPT“ заглавља."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:275
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Нађох неочекивану врсту уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:328
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Нађох неисправну ниску приликом обраде главног кључа волумена."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:332
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Нађох неочекивану ниску („%s“) приликом обраде подржаног главног кључа волумена."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:349
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Нађох неочекивану вредност уноса метаподатака „%u“ приликом обраде подржаног главног кључа волумена."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Нисам успео да прочитам „BITLK“ потпис из „%s“."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Неисправан или непознат потпис за „BITLK“ уређај."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:451
msgid "BITLK version 1 is currently not supported."
msgstr "„BITLK“ издање 1 тренутно није подржано."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:457
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Неисправан или непознат потпис учитавања за „BITLK“ уређај."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:469
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Неподржана величина одељка „%<PRIu16>“."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:477
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Нисам успео да прочитам „BITLK“ заглавље из „%s“."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:502
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Нисам успео да прочитам „BITLK FVE“ метаподатаке из „%s“."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:554
msgid "Unknown or unsupported encryption type."
msgstr "Непозната или неподржана врста криптографије."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:587
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Нисам успео да прочитам уносе „BITLK“ метаподатака из „%s“."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:681
+msgid "Failed to convert BITLK volume description"
+msgstr "Нисам успео да претворим опис „BITLK“ волумена"
+
+#: lib/bitlk/bitlk.c:841
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Нађох неочекивану врсту уноса метаподатака „%u“ приликом обраде спољног кључа."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:860
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "ГУИД „%s“ датотеке „BEK“ не одговара ГУИД-у волумена."
+
+#: lib/bitlk/bitlk.c:864
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Нађох неочекивану вредност уноса метаподатака „%u“ приликом обраде спољног кључа."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:903
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Неподржани „BEK“ метаподаци издање %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:908
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Неочекивана величина „BEK“ метаподатака %<PRIu32> не одговара величини „BEK“ датотеке"
+
+#: lib/bitlk/bitlk.c:933
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Нађох неочекивану врсту уноса метаподатака приликом обраде кључа почретања."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1029
msgid "This operation is not supported."
msgstr "Радња није подржана."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1037
msgid "Unexpected key data size."
msgstr "Неочекивана величина података кључа."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1163
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Овај „BITLK“ уређај је у неподржаном стању и не може бити активиран."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1168
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "„BITLK“ уређај са врстом „%s“ се не може активирати."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1175
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Активирање делимично дешифрованог „BITLK“ уређаја није подржано."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1216
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "УПОЗОРЕЊЕ: Величина волумена закључавача бита %<PRIu64> не одговара величини садржаног уређаја %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1343
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK IV“."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1347
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за „BITLK Elephant“ дифузера."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1351
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Не могу да активирам уређај, „dm-crypt“-у кернела недостаје подршка за велику величину сектора."
+
+#: lib/bitlk/bitlk.c:1355
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Не могу да активирам уређај, недостаје „dm-zero“ модул кернела."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
#, c-format
msgid "Verity device %s does not use on-disk header."
msgstr "Уређај тачности %s не користи заглавље на-диску."
-#: lib/verity/verity.c:91
-#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Уређај „%s“ није исправан „VERITY“ уређај."
-
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Неподржано издање „VERITY“ %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "Заглавље „VERITY“ је оштећено."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Достављен је погрешан УЈИБ „VERITY“ запис на уређају „%s“."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Грешка приликом освежавања заглавља тачности на уређају „%s“."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Провера хеш потписа корена није подржана."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Грешке се не могу поправити са „FEC“ уређајем."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Нађох поправљиве грешке (%u) са „FEC“ уређајем."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Кернел не подржава мапирање дм-тачности."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Кернел не подржава опцију потписа дм-тачности."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Уређај тачности је открио оштећење након покретања."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Сувишна област није нулирана на положају %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Прекорачење помераја уређаја."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Провера није успела на положају %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Прекорачење области хеша."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Провера области података није успела."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Провера хеша корена није успела."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Улазно/излазна грешка приликом стварања области хеша."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Стварање области хеша није успело."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "УПОЗОРЕЊЕ: Језгро не може да покрене уређајако величина блока података премашује величину странице (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Нисам успео да поправим паритет за блок %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Нисам успео да запишем паритет „RS“ блока %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Величине блокова морају одговарати за „FEC“."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Неисправан број бајтова паритета."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Неисправна дужина „FEC“ сегмента."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Нисам успео да одредим величину за уређај „%s“."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Недоследни „dm-integrity“ метаподаци кернела (издање %u) су откривени на „%s“."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Кернел не подржава мапирање дм-целовитости."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Кернел не подржава поравнање фиксних метаподатака дм-целовитости."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Кернел одбија да покрене небезбедну опцију поновног израчунавања (видите старе опције покретања да избегнете ово)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133
+#: lib/luks2/luks2_json_metadata.c:1413
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Нисам успео да остварим закључавање писања на уређају „%s“."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:402
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Открих покушај истовременог ажурирања ЛУКС2 метаподатака. Прекидам."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Уређај садржи нејасне потписе, не могу сам да поправим ЛУКС2.\n"
"Покрените „cryptsetup repair“ за опорављање."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:230
msgid "Requested data offset is too small."
msgstr "Затражени померај података је премали."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:275
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "УПОЗОРЕЊЕ: област утора кључа (%<PRIu64> бајта) је врло мала, доступан број ЛУКС2 утора кључа врло ограничен.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
+#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258
+#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92
#: lib/luks2/luks2_keyslot_luks2.c:114
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Нисам успео да остварим закључавање читања на уређају „%s“."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1336
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Забрањени ЛУКС2 захтеви су откривени у резерви „%s“."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1377
msgid "Data offset differ on device and backup, restore failed."
msgstr "Померај података се разликује на уређају и резерви, враћање није успело."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1383
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Бинарно заглавље са областима утора кључа се разликује на уређају и резерви, враћање није успело."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1390
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Уређај %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1391
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "не садржи ЛУКС2 заглавље. Замена заглавља може да уништи податке на том уређају."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1392
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "већ садржи „LUKS2“ заглавље. Замена заглавља ће уништити постојеће уторе кључева."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1394
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"УПОЗОРЕЊЕ: непознати ЛУКС2 захтеви су откривени у стварном заглављу уређаја!\n"
"Замена заглавља резервом може оштетити податке на том уређају!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1396
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"УПОЗОРЕЊЕ: Недовршено ван мрежно поновно шифровање је откривено на уређају!\n"
"Замена заглавља резервом може оштетити податке."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1494
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Занемарена непозната заставица „%s“."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Недостаје кључ за „dm-crypt“ подеок %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029
msgid "Failed to set dm-crypt segment."
msgstr "Нисам успео да подесим „dm-crypt“ подеок."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035
msgid "Failed to set dm-linear segment."
msgstr "Нисам успео да подесим „dm-linear“ подеок."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2547
msgid "Unsupported device integrity configuration."
msgstr "Неподржано подешавање целовитости уређаја."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2633
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Поновно шифровање је у току. Не могу да деактивирам уређај."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Нисам успео да заменим обустављени уређај „%s“ са метом „dm-error“."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2724
msgid "Failed to read LUKS2 requirements."
msgstr "Нисам успео да прочитам ЛУКС2 захтеве."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2731
msgid "Unmet LUKS2 requirements detected."
msgstr "Неоствариви ЛУКС2 захтеви су откривени."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2739
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Радња је несагласна са уређајем означеним за старо поновно шифровање. Прекидам."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2741
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Радња је несагласна са уређајем означеним за ЛУКС2 поновно шифровање. Прекидам."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Нема довољно доступне меморије за отварање утора кључа."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Отварање утора кључа није успело."
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Не могу користити шифрер „%s-%s“ за шифровање утора кључа."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:496
msgid "No space for new keyslot."
msgstr "Нема простора за нови утор кључа."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Алгоритам хеша „%s“ није доступан."
+
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Затражена је неисправна промена режима гипкости поновног шифровања."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Не могу да освежим врсту гипкости. Нова врста обезбеђује само %<PRIu64> бајт(а), захтеван простор је: %<PRIu64> бајт(а)."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Нисам успео да освежим упит потврђивања поновног шифровања."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Не могу да проверим стање уређаја са ујиб-ом: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Не могу да претворим заглавље са „LUKSMETA“ додатним метаподацима."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Не могу да користим спецификацију шифрера „%s-%s“ за ЛУКС2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Не могу да преместим област утора кључа. Нема довољно простора."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Не могу да претворим у ЛУКС2 запис – неисправни метаподаци."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Не могу да преместим област утора кључа. Област ЛУКС2 утора кључа је премала."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Не могу да преместим област утора кључа."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Не могу да претворим у ЛУКС1 запис – основна величина подеока 512 bytes."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Не могу да претворим у ЛУКС1 запис – прегледи утора кључа нису ЛУКС1 сагласни."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Не могу да претворим у ЛУКС1 запис – уређај користи умотаног шифрера кључа „%s“."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Не могу да претворим у ЛУКС2 запис – уређај користи више подеока."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Не могу да претворим у ЛУКС1 запис – ЛУКС2 заглавље садржи %u скупину(е)."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u је у неисправном стању."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Не могу да претворим у ЛУКС1 запис – утор %u (преко максимума утора) је још активан."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Не могу да претворим у ЛУКС1 запис – утор кључа %u није ЛУКС1 сагласан."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1107
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Величина вруће зоне мора бити умножак прорачунатог поравнања зоне (%zu бајта)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1112
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Величина уређаја мора бити производ прорачунатог поравнања зоне (%zu бајта)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Неподржан режим гипкости „%s“"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505
+#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630
+#: lib/luks2/luks2_reencrypt.c:3852
msgid "Failed to initialize old segment storage wrapper."
msgstr "Нисам успео да покренем старог увијача смештаја подеока."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483
msgid "Failed to initialize new segment storage wrapper."
msgstr "Нисам успео да покренем новог увијача смештаја подеока."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864
+msgid "Failed to initialize hotzone protection."
+msgstr "Нисам успео да покренем заштиту вруће зоне."
+
+#: lib/luks2/luks2_reencrypt.c:1532
msgid "Failed to read checksums for current hotzone."
msgstr "Нисам успео да прочитам суму провере за текућу врућу зону."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Нисам успео да прочитам област вруће зоне са почетком на %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1558
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Нисам успео да дешифрујем област %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1564
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Нисам успео да опоравим област %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2128
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Величине изворног и циљног уређаја не одговарају. Извор %<PRIu64>, мета: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2226
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Нисам успео да активирам уређај вруће зоне „%s“."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2243
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Нисам успео да активирам уређај преклапања „%s“ са стварном табелом порекла."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2250
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Нисам успео да учитам ново мапирање за уређај „%s“."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2321
msgid "Failed to refresh reencryption devices stack."
msgstr "Нисам успео да освежим спремник уређаја поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2497
msgid "Failed to set new keyslots area size."
msgstr "Нисам успео да подесим нову величину области утора кључа."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2633
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Вредност помака података није поравната на величину одељка шифровања (%<PRIu32> бајта)."
+
+#: lib/luks2/luks2_reencrypt.c:2664
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Неподржан режим гипкости „%s“"
+
+#: lib/luks2/luks2_reencrypt.c:2741
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Величина премештеног подеока не може бити већа од вредности помака података."
+
+#: lib/luks2/luks2_reencrypt.c:2799
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Помак података није поравнат на захтевану величину одељка шифровања (%<PRIu32> бајта)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Премештени подеок је превелик. Захтевана величина је %<PRIu64>, доступан простор за: %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2886
+msgid "Failed to clear table."
+msgstr "Нисам успео да очистим табелу."
+
+#: lib/luks2/luks2_reencrypt.c:2972
+msgid "Reduced data size is larger than real device size."
+msgstr "Величина умањених података је већа од стварне величине уређаја."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2979
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "УÑ
\80еÑ
\92аÑ
\98 подаÑ
\82ака ниÑ
\98е поÑ
\80авнаÑ
\82 на Ð
·Ð°Ñ\85Ñ\82еванÑ\83 велиÑ
\87инÑ
\83 одеÑ
\99ка Ñ
\88иÑ
\84Ñ
\80оваÑ
\9aа (%<PRIu32> баÑ
\98Ñ
\82а)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Уређај података није поравнат на величину одељка шифровања (%<PRIu32> бајта)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3013
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Помак података (%<PRIu64> одељка) је мањи од будућег помераја података (%<PRIu64> одељка)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508
+#: lib/luks2/luks2_reencrypt.c:3529
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Нисам успео да отворим „%s“ у искључивом режиму (већ мапиран или прикачен)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3209
msgid "Device not marked for LUKS2 reencryption."
msgstr "Уређај није означен за ЛУКС2 поновно шифровање."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181
msgid "Failed to load LUKS2 reencryption context."
msgstr "Нисам успео да учитам контекст ЛУКС2 поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3306
msgid "Failed to get reencryption state."
msgstr "Нисам успео да добавим стање поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624
msgid "Device is not in reencryption."
msgstr "Уређај није у поновном шифровању."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631
msgid "Reencryption process is already running."
msgstr "Процес поновног шифровања је већ покренут."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633
msgid "Failed to acquire reencryption lock."
msgstr "Нисам успео да остварим закључавање поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3337
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Не могу да наставим са поновним шифровањем. Прво покрените опоравак поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3472
msgid "Active device size and requested reencryption size don't match."
msgstr "Активна величина уређаја и величина затраженог поновног шифровања не одговарају."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3486
msgid "Illegal device size requested in reencryption parameters."
msgstr "Неисправна величина уређаја је затражена у параметрима поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3563
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Поновно шифровање је у току. Не могу да обавим опоравак."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3732
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "ЛУКС2 поновно шифровање је већ покренуто у метаподацима."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3739
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Нисам успео да покренем ЛУКС2 поновно шифровање у метаподацима."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3834
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Нисам успео да поставим подеоке уређаја за следећу врућу зону поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3886
msgid "Failed to write reencryption resilience metadata."
msgstr "Нисам успео да запишем метаподатаке гипкости поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3893
msgid "Decryption failed."
msgstr "Дешифровање није успело."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3898
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Нисам успео да запишем област вруће зоне са почетком на %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3903
msgid "Failed to sync data."
msgstr "Нисам успео да усагласим податке."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Нисам успео да освежим метаподатке након тренутно завршеног поновног шифровања вруће зоне."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4000
msgid "Failed to write LUKS2 metadata."
msgstr "Нисам успео да запишем ЛУКС2 метаподатке."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Нисам успео да очистим податке подеока резерве."
+#: lib/luks2/luks2_reencrypt.c:4023
+msgid "Failed to wipe unused data device area."
+msgstr "Нисам успео да обришем област уређаја података."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4029
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Нисам успео да доделим скупину „%d“ утору кључа %d."
+msgstr "Нисам успео да уклоним некоришћени (несвезани) утор кључа %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4039
msgid "Failed to remove reencryption keyslot."
-msgstr "Нисам успео да добавим закључавање поновног шифровања."
+msgstr "Нисам успео да уклоним утор кључа поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4049
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Кобна грешка приликом поновног шифровања комада који почиње на %<PRIu64>, %<PRIu64> подеока дуг."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4053
+msgid "Online reencryption failed."
+msgstr "Поновно шифровање на мрежи није успело."
+
+#: lib/luks2/luks2_reencrypt.c:4058
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Не наставља са уређајем осим ако није ручно замењен метом грешке."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4112
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Не могу да наставим са поновним шифровањем. Неочекивано стање поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4118
msgid "Missing or invalid reencrypt context."
msgstr "Недостаје или неисправан контекст поновног шифровања."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4125
msgid "Failed to initialize reencryption device stack."
msgstr "Нисам успео да покренем поновно шифровање спремника уређаја."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194
msgid "Failed to update reencryption context."
msgstr "Нисам успео да освежим контекст поновног шифровања."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:406
msgid "Reencryption metadata is invalid."
-msgstr "УÑ\82оÑ\80 кÑ\99Ñ\83Ñ\87а â\80\9e%dâ\80\9c ниÑ\98е иÑ\81пÑ\80аван."
+msgstr "Ð\9cеÑ\82аподаÑ\86и поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа ниÑ\81Ñ\83 иÑ\81пÑ\80авни."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Ð\9dема Ñ\81лободног Ñ\83Ñ\82оÑ\80а Ñ\81кÑ\83пине."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80и Ñ\88иÑ\84Ñ\80оваÑ\9aа Ñ\83Ñ\82оÑ\80а кÑ\99Ñ\83Ñ\87а Ñ\81е могÑ\83 поÑ\81Ñ\82авиÑ\82и Ñ\81амо за Ð\9bУÐ\9aС2 Ñ\83Ñ\80еÑ\92аÑ\98."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Нисам успео да направим уграђену скупину „%s“."
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Не могу да одрадим проверу пропусне речи на не-конзолним улазима."
+msgid "Enter token PIN:"
+msgstr "Унесите ПИН скупине:"
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Параметри шифровања утора кључа се могу поставити само за ЛУКС2 уређај."
+#: src/cryptsetup.c:110
+#, c-format
+msgid "Enter token %d PIN:"
+msgstr "Унесите %d ПИН скупине:"
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293
+#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Није откривен познат образац одреднице шифрера."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "УПОЗОРЕЊЕ: Параметар „--hash“ је занемарен у обичном режиму са наведеном кључном датотеком.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "УПОЗОРЕЊЕ: Опција „--keyfile-size“ је занемарена, величина читања је иста као величина кључа шифровања.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Открих потпис(е) уређаја на „%s“. Даље настављање може оштетити постојеће податке."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088
+#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343
+#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:275
msgid "Operation aborted.\n"
msgstr "Радња је обустављена.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Захтевана је опција „--key-file“."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Унесите „VeraCrypt PIM“: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Неисправна „PIM“ вредност: грешка обраде."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Неисправна „PIM“ вредност: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Неисправна „PIM“ вредност: изван опсега."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Није откривено заглавље уређаја са овом пропусном речи."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Уређај „%s“ није исправан „BITLK“ уређај."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Не могу да одредим величину кључа за „BITLK“, користите „--key-size“ опцију."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"који омогућава приступ шифрованој партицији без лозинке.\n"
"Овај избачај треба увек бити смештен шифрован на безбедном месту."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:2019
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Избачај заглавља са кључем волумена је осетљив податак\n"
+"који омогућава приступ шифрованој партицији без лозинке.\n"
+"Овај избачај треба бити смештен шифрован на безбедном месту."
+
+#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Уређај „%s“ је још увек активан и заказан за одложено уклањање.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:698
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Сразмеравање активног уређаја захтева кључ волумена у привеску кључева али је постављена „--disable-keyring“ опција."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:845
msgid "Benchmark interrupted."
msgstr "Оцењивање је прекинуто."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:866
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "„PBKDF2-%-9s“ Н/Д\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:868
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "„PBKDF2-%-9s“ %7u понављања у секунди за %zu-битни кључ\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:882
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s Н/Д\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:884
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u понављања, %5u меморије, %1u паралелних нити (процесора) за %zu-битни кључ (захтева се %u ms време)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:908
msgid "Result of benchmark is not reliable."
msgstr "Резултат оцењивања није поуздан."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:958
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Пробе су приближне користећи само меморију (без УИ смештаја).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:978
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Алгоритам | Кључ | Шифровање | Дешифровање\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:982
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Шифрер „%s“ (са %i битним кључем) није доступан."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1001
msgid "# Algorithm | Key | Encryption | Decryption\n"
-msgstr "# Алгоритам | Кључ | Шифровање | Дешифровање\n"
+msgstr "# Алгоритам | Кључ | Шифровање | Дешифровање\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1012
msgid "N/A"
msgstr "Недоступно"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1037
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Откривени су незаштићени ЛУКС2 метаподаци поновног шифровања. Проверите да ли је радња поновног шифровања пожељна (видите „luksDump“ излаз)\n"
+"и наставите (са надоградњом метаподатака само ако знате да је радња безопасна."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Унесите пропусну реч за опоравак поновног шифровања: "
+#: src/cryptsetup.c:1043
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Унесите пропусну реч да заштитите и надоградите метаподатке поновног шифровања: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1087
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Да наставим са опоравком ЛУКС2 поновног шифровања?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1096
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "УнеÑ\81иÑ\82е пÑ\80опÑ\83Ñ\81нÑ\83 Ñ\80еÑ\87 за опоÑ\80авак поновног шифровања: "
+msgstr "УнеÑ\81иÑ\82е пÑ\80опÑ\83Ñ\81нÑ\83 Ñ\80еÑ\87 да пÑ\80овеÑ\80иÑ\82е Ñ\83пиÑ\82 меÑ\82аподаÑ\82ака поновног шифровања: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1098
msgid "Enter passphrase for reencryption recovery: "
msgstr "Унесите пропусну реч за опоравак поновног шифровања: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1153
msgid "Really try to repair LUKS device header?"
msgstr "Стварно да покушам да поправим заглавље ЛУКС уређаја?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Брисање је прекинуто."
+
+#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Бришем уређај да бих започео суму провере целовитости.\n"
"Можете прекинути ово притиском на „CTRL+c“ (остатак необрисаног уређаја садржаће неисправну суму провере).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1204 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Не могу да деактивирам привремени уређај „%s“."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1255
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Опција целовитости се може користити само за ЛУКС2 запис."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1260 src/cryptsetup.c:1320
msgid "Unsupported LUKS2 metadata size options."
msgstr "Неподржана опција величине ЛУКС2 метаподатака."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1269
msgid "Header file does not exist, do you want to create it?"
msgstr "Датотека заглавља не постоји, да ли желите да је направите?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1277
#, c-format
msgid "Cannot create header file %s."
msgstr "Не могу да направим датотеку заглавља „%s“."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Није откривен познат образац одреднице целовитости."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1313
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Не могу да користим „%s“ као заглавље на-диску."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1337 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Ово ће неповратно да препише податке на „%s“."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772
+#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Нисам успео да подесим „pbkdf“ параметре."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1455
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Смањени померај података је допуштен само за откачена ЛУКС заглавља."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1466 src/cryptsetup.c:1778
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Не могу да одредим величину кључа за ЛУКС без утора кључа, користите „--key-size“ опцију."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1512
msgid "Device activated but cannot make flags persistent."
msgstr "Уређај је активиран али не могу да учиним заставице трајним."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1591 src/cryptsetup.c:1659
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Утор кључа „%d“ је изабран за брисање."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1603 src/cryptsetup.c:1663
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Ово је последњи утор кључа. Уређај ће постати неупотребљив након чишћења овог кључа."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1604
msgid "Enter any remaining passphrase: "
msgstr "Унесите неку преосталу пропусну реч: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1605 src/cryptsetup.c:1665
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Радња је прекинута, утор кључа НИЈЕ обрисан.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1641
msgid "Enter passphrase to be deleted: "
msgstr "Унесите пропусну реч за брисање: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505
+#: src/cryptsetup.c:2649
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Уређај „%s“ није исправан ЛУКС2 уређај."
+
+#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829
msgid "Enter new passphrase for key slot: "
msgstr "Унесите нову пропусну реч за утор кључа: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Унесите неку постојећу пропусну реч: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1880
msgid "Enter passphrase to be changed: "
msgstr "Унесите пропусну реч за мењање: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Унесите нову пропусну реч: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1946
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Унесите пропусну реч за утор кључа за претварање: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1970
msgid "Only one device argument for isLuks operation is supported."
msgstr "Подржан је само један аргумент уређаја за радњу „isLuks“."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Избачај заглавља са кључем волумена је осетљив податак\n"
-"који омогућава приступ шифрованој партицији без лозинке.\n"
-"Овај избачај треба бити смештен шифрован на безбедном месту."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2078
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Утор кључа %d не садржи несвезани кључ."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2083
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Избачај заглавља са кључем волумена је осетљив податак\n"
"Овај избачај треба увек бити смештен шифрован на безбедном месту."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2169 src/cryptsetup.c:2198
#, c-format
msgid "%s is not active %s device name."
msgstr "„%s“ није назив активног „%s“ уређаја."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2193
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "„%s“ није назив активног ЛУКС уређаја или недостаје заглавље."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2255 src/cryptsetup.c:2274
msgid "Option --header-backup-file is required."
msgstr "Захтевана је опција „--header-backup-file“."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2305
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "„%s“ није уређај управљан криптоподешавањем."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2316
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Освежавање није подржано за врсту уређаја „%s“"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2362
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Непозната врста уређаја метаподатака „%s“."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2364
msgid "Command requires device and mapped name as arguments."
msgstr "Наредба захтева уређај и мапирани назив као аргумент."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2385
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Ова радња ће обрисати све уторе кључева на уређају „%s“.\n"
"Уређај ће постати неупотребљив након ове радње."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2392
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Радња је прекинута, утори кључева НИСУ обрисани.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2431
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Неисправна ЛУКС врста, само „luks1“ и „luks2“ су подржане."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2447
#, c-format
msgid "Device is already %s type."
msgstr "Уређај је већ „%s“ врсте."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2454
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Ова радња ће претворити „%s“ у „%s“ запис.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2457
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Радња је прекинута, уређај НИЈЕ претворен.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2497
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Недостаје опција „--priority“, „--label“ или „--subsystem“."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588
#, c-format
msgid "Token %d is invalid."
msgstr "Скупина „%d“ није исправна."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2534 src/cryptsetup.c:2591
#, c-format
msgid "Token %d in use."
msgstr "Скупина „%d“ је у употреби."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2546
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Нисам успео да додам „luks2-keyring“ скупину „%d“."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2554 src/cryptsetup.c:2617
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Нисам успео да доделим скупину „%d“ утору кључа %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2571
#, c-format
msgid "Token %d is not in use."
msgstr "Скупина „%d“ није у употреби."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2608
msgid "Failed to import token from file."
msgstr "Нисам успео да увезем скупину из датотеке."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2633
#, c-format
msgid "Failed to get token %d for export."
msgstr "Нисам успео да добавим скупину „%d“ за извоз."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "„--key-description“ параметар је обавезан за радњу додавања скупине."
+#: src/cryptsetup.c:2682
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана само за ТКРИПТ уређај."
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "РадÑ\9aа заÑ\85Ñ\82ева наÑ\80оÑ\87иÑ\82Ñ\83 Ñ\81кÑ\83пинÑ\83. Ð\9aоÑ\80иÑ\81Ñ\82иÑ\82е паÑ\80амеÑ\82аÑ\80 â\80\9e--token-idâ\80\9c."
+#: src/cryptsetup.c:2685
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--veracryptâ\80\9c или â\80\9e--disable-veracryptâ\80\9c Ñ\98е подÑ\80жана Ñ\81амо за ТÐ\9aÐ Ð\98Ð\9fТ вÑ\80Ñ\81Ñ\82Ñ\83 Ñ\83Ñ\80еÑ\92аÑ\98а."
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr "Неисправна радња скупине „%s“."
+#: src/cryptsetup.c:2688
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Опција „--veracrypt-pim“ је подржана само за „VeraCrypt“ сагласне уређаје."
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Самооткривени активан дм уређај „%sд за уређај података „%s“.\n"
+#: src/cryptsetup.c:2692
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Опција „--veracrypt-query-pim“ је подржана само за „VeraCrypt“ сагласне уређаје."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Уређај „%s“ није блок уређај.\n"
+#: src/cryptsetup.c:2694
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ се узајамно искључују."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Нисам успео да самооткријем држаче „%s“ уређаја."
+#: src/cryptsetup.c:2703
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Опција „--persistent“ није допуштена са опцијом „--test-passphrase“."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Не могу да одлучим да ли је уређај „%s“ активиран или није.\n"
-"Да ли сигурно желите да наставите са поновним шифровањем у режиму ван мреже?\n"
-"То може довести до оштећења података ако је уређај заправо активиран.\n"
-"Да покренете поновно шифровање у режиму на мрежи, користите параметар „--active-name“.\n"
+#: src/cryptsetup.c:2706
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Опције „--refresh“ и „--test-passphrase“ се узајамно искључују."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Ð\9dеиÑ\81пÑ\80авна вÑ\80Ñ\81Ñ\82а Ð\9bУÐ\9aС уређаја."
+#: src/cryptsetup.c:2709
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--sharedâ\80\9c Ñ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ног уређаја."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "ШиÑ\84Ñ\80оваÑ\9aе без оÑ\82каÑ\87еног заглавÑ\99а (--header) ниÑ\98е могÑ\83Ñ\9bе без Ñ\81маÑ\9aеÑ\9aа велиÑ\87ине Ñ\83Ñ\80еÑ\92аÑ\98а подаÑ\82ака (--reduce-device-size)."
+#: src/cryptsetup.c:2712
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--skipâ\80\9c Ñ\98е подÑ\80жана Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ниÑ\85 и Ñ\83пеÑ\82Ñ\99аниÑ\85 Ñ\83Ñ\80еÑ\92аÑ\98а."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Ð\97аÑ\82Ñ\80ажени помеÑ\80аÑ\98 подаÑ\82ака моÑ\80а биÑ\82и маÑ\9aи или Ñ\98еднак половини паÑ\80амеÑ\82Ñ\80а â\80\9e--reduce-device-sizeâ\80\9c."
+#: src/cryptsetup.c:2715
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--offsetâ\80\9c Ñ\81а оÑ\82воÑ\80еном Ñ\80адÑ\9aом Ñ\98е подÑ\80жана Ñ\81амо за обиÑ\87не и Ñ\83пеÑ\82Ñ\99ане Ñ\83Ñ\80еÑ\92аÑ\98е."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Подешавам „--reduce-device-size“ вредност на двоструко од „--offset“ %<PRIu64> (подеока).\n"
+#: src/cryptsetup.c:2718
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Опција „--tcrypt-hidden“ не може бити обједињена са „--allow-discards“."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "ШиÑ\84Ñ\80оваÑ\9aе Ñ\98е подÑ\80жано Ñ\81амо за Ð\9bУÐ\9aС2 запиÑ\81."
+#: src/cryptsetup.c:2722
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Ð\9eпÑ\86иÑ\98а велиÑ\87ине одеÑ\99ка Ñ\81а оÑ\82воÑ\80еном Ñ\80адÑ\9aом Ñ\98е подÑ\80жана Ñ\81амо за обиÑ\87не Ñ\83Ñ\80еÑ\92аÑ\98е."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Откривен је ЛУКС уређај на „%s“. Да ли желите опет да шифрујете тај ЛУКС уређај?"
+#: src/cryptsetup.c:2726
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Опција великих IV одељака је подржана само за отварање обичних уређаја са величином одељка већом од 512 бајта."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Привремена датотека заглавља „%s“ већ постоји. Прекидам."
+#: src/cryptsetup.c:2730
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+msgstr "Опција „--test-passphrase“ је допуштена само за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Не могу да направим привремену датотеку заглавља „%s“."
+#: src/cryptsetup.c:2733 src/cryptsetup.c:2756
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Опције „--device-size“ и „--size“ се не могу комбиновати."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "„%s/%s“ је сада активно и спремно за шифровање на мрежи.\n"
+#: src/cryptsetup.c:2736
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Опција „--unbound“ је допуштена само за отварање лукс уређаја."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
+#: src/cryptsetup.c:2739
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Опција „--unbound“ се не може користити без „--test-passphrase“."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Ð\9dема довоÑ\99но Ñ\81лободниÑ\85 Ñ\83Ñ\82оÑ\80а кÑ\99Ñ\83Ñ\87ева за поновно Ñ\88иÑ\84Ñ\80оваÑ\9aе."
+#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Ð\9eпÑ\86иÑ\98е â\80\9e--cancel-deferredâ\80\9c и â\80\9e--deferredâ\80\9c Ñ\81е не могÑ\83 коÑ\80иÑ\81Ñ\82иÑ\82и Ñ\83 иÑ\81Ñ\82о вÑ\80еме."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Ð\94аÑ\82оÑ\82ека кÑ\99Ñ\83Ñ\87а може биÑ\82и коÑ\80иÑ\88Ñ\9bена Ñ\81амо Ñ\81а â\80\9e--key-slotâ\80\9c или Ñ\81а Ñ\82аÑ\87но Ñ\98едним акÑ\82ивним Ñ\83Ñ\82оÑ\80ом кÑ\99Ñ\83Ñ\87а."
+#: src/cryptsetup.c:2764
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Ð\9eпÑ\86иÑ\98е â\80\9e--reduce-device-sizeâ\80\9c и â\80\9e--data-sizeâ\80\9c Ñ\81е не могÑ\83 комбиноваÑ\82и."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Унесите пропусну реч за утор кључа %d: "
+#: src/cryptsetup.c:2767
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Опција „--active-name“ се може поставити само за ЛУКС2 уређај."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Унесите пропусну реч за утор кључа %u: "
+#: src/cryptsetup.c:2770
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Опције „--active-name“ и „--force-offline-reencrypt“ се не могу комбиновати."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Пребацујем шифрера података на „%s“.\n"
+#: src/cryptsetup.c:2778 src/cryptsetup.c:2808
+msgid "Keyslot specification is required."
+msgstr "Одредба утора кључа је потребна."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Ð\9dаÑ\80едба заÑ\85Ñ\82ева Ñ\83Ñ\80еÑ\92аÑ\98 као аÑ\80гÑ\83менÑ\82."
+#: src/cryptsetup.c:2786
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Ð\9eпÑ\86иÑ\98е â\80\9e--align-payloadâ\80\9c и â\80\9e--offsetâ\80\9c Ñ\81е не могÑ\83 комбиноваÑ\82и."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Само Ñ\98е Ð\9bУÐ\9aС2 запиÑ\81 Ñ\82Ñ\80енÑ\83Ñ\82но подÑ\80жан. Ð\9aоÑ\80иÑ\81Ñ\82иÑ\82е алаÑ\82 â\80\9ecryptsetup-reencryptâ\80\9c за Ð\9bУÐ\9aС1."
+#: src/cryptsetup.c:2789
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--integrity-no-wipeâ\80\9c Ñ\81е може коÑ\80иÑ\81Ñ\82иÑ\82и Ñ\81амо за Ñ\80адÑ\9aÑ\83 Ñ\84оÑ\80маÑ\82иÑ\80аÑ\9aа Ñ\81а пÑ\80оÑ\88иÑ\80еÑ\9aем Ñ\86еловиÑ\82оÑ\81Ñ\82и."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "СÑ\82аÑ\80о ванмÑ\80ежно поновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\98е веÑ\9b Ñ\83 Ñ\82окÑ\83. Ð\9aоÑ\80иÑ\81Ñ\82иÑ\82е помагало â\80\9ecryptsetup-reencrypt“."
+#: src/cryptsetup.c:2792
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Ð\94озвоÑ\99ена Ñ\98е Ñ\81амо Ñ\98една опÑ\86иÑ\98а â\80\9e--use-[u]random“."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Ð\9fоновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\83Ñ\80еÑ\92аÑ\98а Ñ\81а пÑ\80оÑ\84илом Ñ\86еловиÑ\82оÑ\81Ñ\82и ниÑ\98е подÑ\80жано."
+#: src/cryptsetup.c:2800
+msgid "Key size is required with --unbound option."
+msgstr "Ð\92елиÑ\87ина кÑ\99Ñ\83Ñ\87а Ñ\98е поÑ\82Ñ\80ебна Ñ\81а опÑ\86иÑ\98ом â\80\9e--unboundâ\80\9c."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "ЛУКС2 поновно шифровање је већ покренуто. Прекидам радњу."
+#: src/cryptsetup.c:2819
+msgid "Invalid token action."
+msgstr "Неисправна радња скупине."
+
+#: src/cryptsetup.c:2822
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "„--key-description“ параметар је обавезан за радњу додавања скупине."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "Ð\9bУÐ\9aС2 Ñ\83Ñ\80еÑ\92аÑ\98 ниÑ\98е Ñ\83 поновном Ñ\88иÑ\84Ñ\80оваÑ\9aÑ\83."
+#: src/cryptsetup.c:2826
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "РадÑ\9aа заÑ\85Ñ\82ева наÑ\80оÑ\87иÑ\82Ñ\83 Ñ\81кÑ\83пинÑ\83. Ð\9aоÑ\80иÑ\81Ñ\82иÑ\82е паÑ\80амеÑ\82аÑ\80 â\80\9e--token-idâ\80\9c."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:2840
msgid "<device> [--type <type>] [<name>]"
msgstr "<уређај> [--type <врста>] [<назив>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535
msgid "open device as <name>"
msgstr "отвара уређај као <назив>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843
+#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
msgid "<name>"
msgstr "<назив>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "затвара уређај (уклања мапирање)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:2842 src/integritysetup.c:539
msgid "resize active device"
msgstr "мења величину радног уређаја"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:2843
msgid "show device status"
msgstr "показује стање уређаја"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2844
msgid "[--cipher <cipher>]"
msgstr "[--cipher <шифрер>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2844
msgid "benchmark cipher"
msgstr "шифрер оцењивања"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847
+#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856
+#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859
+#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862
+#: src/cryptsetup.c:2863 src/cryptsetup.c:2864
msgid "<device>"
msgstr "<уређај>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:2845
msgid "try to repair on-disk metadata"
msgstr "покушава да поправи метаподатке на-диску"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:2846
msgid "reencrypt LUKS2 device"
msgstr "ЛУКС2 уређај поновног шифровања"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:2847
msgid "erase all keyslots (remove encryption key)"
msgstr "брише све уторе кључева (уклања кључ шифровања)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:2848
msgid "convert LUKS from/to LUKS2 format"
msgstr "претвара ЛУКС из/у ЛУКС2 запис"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:2849
msgid "set permanent configuration options for LUKS2"
msgstr "поставља трајне опције подешавања за ЛУКС2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:2850 src/cryptsetup.c:2851
msgid "<device> [<new key file>]"
msgstr "<уређај> [<нова датотека кључа>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:2850
msgid "formats a LUKS device"
msgstr "форматира ЛУКС уређај"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:2851
msgid "add key to LUKS device"
msgstr "додаје кључ у ЛУКС уређај"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854
msgid "<device> [<key file>]"
msgstr "<уређај> [<датотека кључа>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:2852
msgid "removes supplied key or key file from LUKS device"
msgstr "уклања достављени кључ или датотеку кључа из ЛУКС уређаја"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:2853
msgid "changes supplied key or key file of LUKS device"
msgstr "мења достављени кључ или датотеку кључа ЛУКС уређаја"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:2854
msgid "converts a key to new pbkdf parameters"
msgstr "претвара кључ у нове „pbkdf“ параметре"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2855
msgid "<device> <key slot>"
msgstr "<уређај> <утор кључа>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2855
msgid "wipes key with number <key slot> from LUKS device"
msgstr "брише кључ са бројем <утор кључа> са ЛУКС уређаја"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:2856
msgid "print UUID of LUKS device"
msgstr "исписује УЈИБ ЛУКС уређаја"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:2857
msgid "tests <device> for LUKS partition header"
msgstr "испробава <уређај> за заглављем ЛУКС партиције"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:2858
msgid "dump LUKS partition information"
msgstr "исписује податке ЛУКС партиције"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:2859
msgid "dump TCRYPT device information"
msgstr "исписује податке ТКРИПТ уређаја"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:2860
msgid "dump BITLK device information"
msgstr "исписује податке „BITLK“ уређаја"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:2861
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Обуставља ЛУКС уређај и брише кључ (сви УИ су замрзнути)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:2862
msgid "Resume suspended LUKS device"
msgstr "Наставља са обустављеним ЛУКС уређајем"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:2863
msgid "Backup LUKS device header and keyslots"
msgstr "Прави резерву заглавља „LUKS“ уређаја и утора кључева"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:2864
msgid "Restore LUKS device header and keyslots"
msgstr "Враћа заглавље „LUKS“ уређаја и уторе кључева"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2865
msgid "<add|remove|import|export> <device>"
msgstr "<додај|уклони|увези|извези> <уређај>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2865
msgid "Manipulate LUKS2 tokens"
msgstr "Управља ЛУКС2 скупинама"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<радња> је једна од следећих:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:2890
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
"\tотварање: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
"\tзатвори: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:2894
#, c-format
msgid ""
"\n"
"<утор кључа> је број ЛУКС утора кључа за мењање\n"
"<датотека кључа> изборна датотека кључа за нови кључ за радњу „luksAddKey“\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:2901
#, c-format
msgid ""
"\n"
"\n"
"Основни уграђени запис метаподатака је „%s“ (за „luksFormat“ радњу).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:2906 src/cryptsetup.c:2909
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Подршка прикључка спољне скупине за „LUKS2“ је „%s“.\n"
+
+#: src/cryptsetup.c:2906
+msgid "compiled-in"
+msgstr "преведено"
+
+#: src/cryptsetup.c:2907
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Путања прикључка спољне скупине за „LUKS2“: %s.\n"
+
+#: src/cryptsetup.c:2909
+msgid "disabled"
+msgstr "искључено"
+
+#: src/cryptsetup.c:2913
#, c-format
msgid ""
"\n"
"Основни „PBKDF“ за ЛУКС2: %s\n"
"\tВреме понављања: %d, Захтевана меморија: %dkB, Паралелне нити: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:2924
#, c-format
msgid ""
"\n"
"\tобично: %s, Кључ: %d бита, Хеширање лозинке: %s\n"
"\tЛУКС: %s, Кључ: %d бита, Хеширање ЛУКС заглавља: %s, РНГ: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:2933
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tЛУКС: Основна величина кључа са „XTS“ режимом (два унутрашња кључа) биће удвостручена.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: захтева „%s“ као аргумент"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
-msgid "Show this help message"
-msgstr "Приказује ову поруку помоћи"
+#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194
+msgid "Key slot is invalid."
+msgstr "Утор кључа није исправан."
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
-msgid "Display brief usage"
-msgstr "Прикажите кратку поруку о коришћењу"
+#: src/cryptsetup.c:3024
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Величина уређаја мора бити умножак одељка од 512 бајта."
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Исписује издање пакета"
+#: src/cryptsetup.c:3029
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Неисправна одредба највеће величине вруће зоне поновног шифровања."
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
-msgid "Help options:"
-msgstr "Опције помоћи:"
+#: src/cryptsetup.c:3043 src/cryptsetup.c:3055
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Величина кључа мора бити умножак од 8 бита"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Приказује опширније поруке о грешкама"
+#: src/cryptsetup.c:3060
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Највећа величина смањења уређаја је 1 GiB."
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Приказује поруке прочишћавања"
+#: src/cryptsetup.c:3063
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Величина смањивања мора бити умножак одељка од 512 бајта."
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Приказује поруке прочишћавања укључујући „JSON“ метаподатке"
+#: src/cryptsetup.c:3080
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Опција „--priority“ може бити само „ignore/normal/prefer“."
+
+#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634
+msgid "Show this help message"
+msgstr "Приказује ову поруку помоћи"
+
+#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635
+msgid "Display brief usage"
+msgstr "Прикажите кратку поруку о коришћењу"
+
+#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636
+msgid "Print package version"
+msgstr "Исписује издање пакета"
+
+#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647
+msgid "Help options:"
+msgstr "Опције помоћи:"
+
+#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[ОПЦИЈА...] <радња> <посебност-радње>"
+
+#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675
+msgid "Argument <action> missing."
+msgstr "Недостаје аргумент <радња>."
+
+#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706
+msgid "Unknown action."
+msgstr "Непозната радња."
+
+#: src/cryptsetup.c:3229
+msgid "Option --key-file takes precedence over specified key file argument."
+msgstr "Опција „--key-file“ има првенство над наведеним аргументом датотеке кључа."
+
+#: src/cryptsetup.c:3235
+msgid "Only one --key-file argument is allowed."
+msgstr "Дозвољен је само један аргумент „--key-file“."
+
+#: src/cryptsetup.c:3240
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+msgstr "Функција произилажења кључа заснованог на пропусној речи (PBKDF) може бити само „pbkdf2“ или „argon2i/argon2id“."
+
+#: src/cryptsetup.c:3245
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
+msgstr "„PBKDF“ присиљена понављања се не могу комбиновати са опцијом времена понављања."
+
+#: src/cryptsetup.c:3256
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Опције „--keyslot-cipher“ и „--keyslot-key-size“ се морају користити заједно."
+
+#: src/cryptsetup.c:3264
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Није предузета никаква радња. Призвана опцијом „--test-args“.\n"
+
+#: src/cryptsetup.c:3277
+msgid "Cannot disable metadata locking."
+msgstr "Не могу да искључим закључавање метаподатака."
+
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
+msgstr "Наведена је неисправна ниска присолка."
+
+#: src/veritysetup.c:87
+#, c-format
+msgid "Cannot create hash image %s for writing."
+msgstr "Не могу да направим хеш слику „%s“ ради уписа."
+
+#: src/veritysetup.c:97
+#, c-format
+msgid "Cannot create FEC image %s for writing."
+msgstr "Не могу да направим „FEC“ слику „%s“ ради уписа."
+
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Не могу да направим корену хеш датотеку „%s“ ради уписа."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Не могу да пишем у корену хеш датотеку „%s“."
+
+#: src/veritysetup.c:196 src/veritysetup.c:472
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Уређај „%s“ није исправан „VERITY“ уређај."
+
+#: src/veritysetup.c:213 src/veritysetup.c:230
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Не могу да читам корену хеш датотеку „%s“."
+
+#: src/veritysetup.c:218
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Неисправна корена хеш датотека „%s“."
+
+#: src/veritysetup.c:239
+msgid "Invalid root hash string specified."
+msgstr "Наведена је неисправна ниска хеша корена."
+
+#: src/veritysetup.c:247
+#, c-format
+msgid "Invalid signature file %s."
+msgstr "Неисправна датотека потписа „%s“."
+
+#: src/veritysetup.c:254
+#, c-format
+msgid "Cannot read signature file %s."
+msgstr "Не могу да прочитам датотеку потписа „%s“."
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Шифрер коришћен за шифровање диска (видите „/proc/crypto“)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Хеш коришћен за стварање кључа шифровања из лозинке"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Проверава лозинку тражећи је два пута"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Чита кључ из датотеке"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Чита (главни) кључ вочумена из датотеке."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Даје (главни) кључ волумена уместо података утора кључева"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Величина кључа шифровања"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "БИТА"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Ограничава читање из датотеке кључа"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "бајта"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Број бајтова за прескакање у датотеци кључа"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Ограничава читање из новододате датотеке кључа"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Број бајтова за прескакање у новододатој датотеци кључа"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Број утора за нови кључ (основно је први слободан)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Величина уређаја"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "ОДЕЉЦИ"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Користи само наведену величину уређаја (занемарује остатак уређаја). ОВО ЈЕ ОПСАНО!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Почетни померај у позадинском уређају"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Број одељака шифрованих података за прескакање на почетку"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Прави мапирање само за читање"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Не тражи потврђивање"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Време за упит међудејствене лозинке (у секундама)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "секунде"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Напредак освежења реда (у секундама)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Колико често унос лозинке може бити покушан"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Поравнава утовар на границе <n> одељка — за „luksFormat“"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Датотека са резервом „LUKS“ заглавља и уторима кључева"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Користи „/dev/random“ за стварање кључа волумена"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Користи „/dev/urandom“ за стварање кључа волумена"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Дели уређај са другим не-преклапајућим подеоком шифрера"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "УЈИБ уређаја за коришћење"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Допушта одбацивања (тј. СКРАЋЕЊЕ) захтева за уређај"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Уређај или датотека са одвојеним ЛУКС заглављем"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Не покреће уређај, само проверава лозинку"
+#: src/veritysetup.c:277 src/veritysetup.c:291
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Наредба захтева „<root_hash>“ или „--root-hash-file“ опцију као аргумент."
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Користи скривено заглавље (скривени ТКРИПТ уређај)"
+#: src/veritysetup.c:485
+msgid "<data_device> <hash_device>"
+msgstr "<уређај_података> <уређај_хеша>"
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Уређај је ТКРИПТ диск система (са подизачем система)"
+#: src/veritysetup.c:485 src/integritysetup.c:534
+msgid "format device"
+msgstr "форматира уређај"
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Користи резервно (другоразредно) ТКРИПТ заглавље"
+#: src/veritysetup.c:486
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<уређај_података> <уређај_хеша> [<хеш_корена>]"
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "ТакоÑ\92е обавÑ\99а пÑ\80еглед за Ñ\83Ñ\80еÑ\92аÑ\98има Ñ\81аглаÑ\81ним Ñ\81а Ð\92еÑ\80акÑ\80ипÑ\82ом"
+#: src/veritysetup.c:486
+msgid "verify device"
+msgstr "пÑ\80овеÑ\80ава Ñ\83Ñ\80еÑ\92аÑ\98"
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Лични умножавач понављања за „VeraCrypt“ сагласан уређај"
+#: src/veritysetup.c:487
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<уређај_података> <назив> <уређај_хеша> [<хеш_корена>]"
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Ð\9fÑ\80опиÑ\82Ñ\83Ñ\98е лиÑ\87ни Ñ\83множаваÑ\87 понавÑ\99аÑ\9aа за â\80\9eVeraCryptâ\80\9c Ñ\81аглаÑ\81ан Ñ\83Ñ\80еÑ\92аÑ\98"
+#: src/veritysetup.c:489 src/integritysetup.c:537
+msgid "show active device status"
+msgstr "показÑ\83Ñ\98е Ñ\81Ñ\82аÑ\9aе Ñ\80адног Ñ\83Ñ\80еÑ\92аÑ\98а"
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Врста метаподатака уређаја: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#: src/veritysetup.c:490
+msgid "<hash_device>"
+msgstr "<уређај_хеша>"
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Ð\98Ñ\81кÑ\99Ñ\83Ñ\87Ñ\83Ñ\98е пÑ\80овеÑ\80Ñ\83 квалиÑ\82еÑ\82а лозинке (ако Ñ\98е Ñ\83кÑ\99Ñ\83Ñ\87ена)"
+#: src/veritysetup.c:490 src/integritysetup.c:538
+msgid "show on-disk information"
+msgstr "пÑ\80иказÑ\83Ñ\98е подаÑ\82ке на-диÑ\81кÑ\83"
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Користи опцију сагласности перформансе „same_cpu_crypt“ дм-крипта"
+#: src/veritysetup.c:509
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
+msgstr ""
+"\n"
+"<назив> јесте уређај за стварање под „%s“\n"
+"<уређај_података> јесте уређај података\n"
+"<уређај_хеша> јесте уређај који садржи податке проверавања\n"
+"<хеш_корена> хеш кореног чвора на <уређају_хеша>\n"
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Користи опцију сагласности перформансе „submit_from_crypt_cpus“ дм-крипта"
+#: src/veritysetup.c:516
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
+msgstr ""
+"\n"
+"Основни преведени параметри дм-тачности:\n"
+"\tХеш: %s, Блок података (бајта): %u, Блок хеша (бајта): %u, Величина присолка: %u, Запис хеша: %u\n"
+
+#: src/veritysetup.c:654
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ се не могу користити заједно."
+
+#: src/veritysetup.c:659
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Опције „--panic-on-corruption“ и „--restart-on-corruption“ се не могу користити заједно."
+
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Ово ће неповратно преписати податке на „%s“ и „%s“.\n"
+"Да задржите уређај података користите опцију „--no-wipe“ (а затим активирајте са „--integrity-recalculate“)."
+
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Форматирано ознаком величине %u, унутрашња целовитост „%s“.\n"
+
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Постављање заставице поновног рачунањ није подржано, можете узети у обзир коришћење опције „--wipe“."
+
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Уређај „%s“ није исправан „INTEGRITY“ уређај."
+
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<уређај_целовитости>"
+
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<уређај_целовитости> <назив>"
+
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<назив> јесте уређај за стварање под „%s“\n"
+"<уређај_целовитости> јесте уређај који садржи податке са ознакама целовитости\n"
+
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Основни уграђени параметри дм-целовитости:\n"
+"\tАлгоритам провере суме: %s\n"
+" Највећа величина датотеке кључа: %dkB\n"
+
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Неисправна величина „--%s“. Највећа је %u бајта."
+
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Мора бити наведена и опција датотеке кључа и опција величине кључа."
+
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Мора бити наведена и опција датотеке кључа целовитости журнала и опција величине кључа."
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Алгоритам целовитости журнала мора бити наведен ако се користи кључ целовитости журнала."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Мора бити наведена и опција датотеке кључа шифровања журнала и опција величине кључа."
+
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Алгоритам шифровања журнала мора бити наведен ако се користи кључ шифровања журнала."
+
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Опције режима опоравка и битмапе се узајамно искључују."
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Опције журнала се не могу користити у режиму битмапе."
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Опције битмапе се могу користити само у режиму битмапе."
+
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"УПОЗОРЕЊЕ!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Да ли сте сигурни? (Упишите „yes“ великим словима): "
+
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Грешка читања одговора из терминала."
+
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Наредба је успела."
+
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "погрешни или недостајући параметри"
+
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "нема овлашћења или је лоша пропусна реч"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "нема више меморије"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "наведен је погрешан уређај или датотека"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "уређај већ постоји или је заузет"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "непозната грешка"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Наредба није успела са кодом %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Утор кључа „%i“ је направљен."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Утор кључа „%i“ је откључан."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Утор кључа „%i“ је уклоњен."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Скупина „%i“ је направљена."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Скупина „%i“ је уклоњена."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Ниједна скупина неће бити откључана овим ПИН-ом."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Скупина „%i“ захтева ПИН."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Скупина (врста „%s“) захтева ПИН."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Скупина „%i“ не може да откључа додељени утор кључа (погрешна лозинка)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Скупина (врста „%s“) не може да откључа додељени утор кључа (погрешна лозинка)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Скупина „%i“ захтева додтни ресурс који недостаје."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Скупина (врста „%s“) захтева додтни ресурс који недостаје."
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "Нема доступне употребљиве скупине (врста „%s“)."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Нема доступне употребљиве скупине."
+
+#: src/utils_tools.c:393
+#, c-format
+msgid "Cannot read keyfile %s."
+msgstr "Не могу да прочитам датотеку кључа „%s“."
+
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Не могу да прочитам %d бајта из датотеке кључа „%s“."
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Не могу да отворим датотеку кључа „%s“ за упис."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Не могу да пишем у датотеку кључа „%s“."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> дана"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "%4<PRIu64> „%s“ је записано"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "брзина %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Напредовање: %5.1f%%, ETA %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Завршено, време %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:74
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Не могу да проверим квалитет лозинке: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Провера квалитета лозинке није успела:\n"
+" %s"
+
+#: src/utils_password.c:81
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Провера квалитета лозинке није успела: Лоша шифра (%s)"
+
+#: src/utils_password.c:231 src/utils_password.c:245
+msgid "Error reading passphrase from terminal."
+msgstr "Грешка читања пропусне речи из терминала."
+
+#: src/utils_password.c:243
+msgid "Verify passphrase: "
+msgstr "Провери пропусну реч: "
+
+#: src/utils_password.c:250
+msgid "Passphrases do not match."
+msgstr "Пропусне речи се не подударају."
+
+#: src/utils_password.c:288
+msgid "Cannot use offset with terminal input."
+msgstr "Не могу да користим померај са улазом терминала."
+
+#: src/utils_password.c:292
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Унесите пропусну реч: "
+
+#: src/utils_password.c:295
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Унесите пропусну реч за „%s“: "
+
+#: src/utils_password.c:329
+msgid "No key available with this passphrase."
+msgstr "Нема доступног кључа са овом пропусном речју."
+
+#: src/utils_password.c:331
+msgid "No usable keyslot is available."
+msgstr "Нема доступног употребљивог утора кључа."
+
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Не могу да одрадим проверу пропусне речи на не-конзолним улазима."
+
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Нисам успео да отворим датотеку „%s“ у режиму само за читање."
+
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Обезбеђује исправан „JSON“ ЛУКС2 скупине:\n"
+
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Нисам успео да прочитам „JSON“ датотеку."
+
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Читање је прекинуто."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Нисам успео да отворим датотеку „%s“ у режиму писања."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Писање је прекинуто."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Нисам успео да упишем „JSON“ датотеку."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Самооткривени активан дм уређај „%sд за уређај података „%s“.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Нисам успео да самооткријем држаче „%s“ уређаја."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Уређај „%s“ није блок уређај.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Не могу да одлучим да ли је уређај „%s“ активиран или није.\n"
+"Да ли сигурно желите да наставите са поновним шифровањем у режиму ван мреже?\n"
+"То може довести до оштећења података ако је уређај заправо активиран.\n"
+"Да покренете поновно шифровање у режиму на мрежи, користите параметар „--active-name“.\n"
+
+#: src/utils_reencrypt.c:175
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--encrypt“."
+
+#: src/utils_reencrypt.c:180
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Уређај није у ЛУКС2 шифровању. Сукобљавајућа опција „--decrypt“."
+
+#: src/utils_reencrypt.c:187
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Уређај је у поновном шифровању користећи гипкост помака података. Захтевана опција „--resilience“ се не може применити."
+
+#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199
+#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Захтевана опција „--resilience“ се не може применити на текућој радњи поновног шифровања."
+
+#: src/utils_reencrypt.c:258
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Уређај захтева опоравак поновног шифровања. Прво покрените поправку."
+
+#: src/utils_reencrypt.c:268
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Да ли желите да наставите са претходно започетом радњом?"
+
+#: src/utils_reencrypt.c:314
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Старо ЛУКС2 поновно шифровања више није подржано."
+
+#: src/utils_reencrypt.c:379
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Поновно шифровање уређаја са профилом целовитости није подржано."
+
+#: src/utils_reencrypt.c:410
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Захтевано „--sector-size“ %<PRIu32> је несагласно са „%s“ суперблоком\n"
+"(величина блока: %<PRIu32> бајта) је откривено на уређају „%s“."
+
+#: src/utils_reencrypt.c:455
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Шифровање без откаченог заглавља (--header) није могуће без смањења величине уређаја података (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:461
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Затражени померај података мора бити мањи или једнак половини параметра „--reduce-device-size“."
+
+#: src/utils_reencrypt.c:471
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Подешавам „--reduce-device-size“ вредност на двоструко од „--offset“ %<PRIu64> (подеока).\n"
+
+#: src/utils_reencrypt.c:501
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Привремена датотека заглавља „%s“ већ постоји. Прекидам."
+
+#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Не могу да направим привремену датотеку заглавља „%s“."
+
+#: src/utils_reencrypt.c:535
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Величина ЛУКС2 метаподатака је већа од вредности помака података."
+
+#: src/utils_reencrypt.c:572
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Нисам успео да ставим ново заглавље на главу уређаја „%s“."
+
+#: src/utils_reencrypt.c:582
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "„%s/%s“ је сада активно и спремно за шифровање на мрежи.\n"
+
+#: src/utils_reencrypt.c:618
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Радни уређај „%s“ није ЛУКС2."
+
+#: src/utils_reencrypt.c:646
+msgid "Restoring original LUKS2 header."
+msgstr "Враћам изворно ЛУКС2 заглавље."
+
+#: src/utils_reencrypt.c:654
+msgid "Original LUKS2 header restore failed."
+msgstr "Враћање изворног ЛУКС2 заглавља није успело."
+
+#: src/utils_reencrypt.c:722
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Нисам успео да додам дозволе за читање/писање у извезену датотеку заглавља."
+
+#: src/utils_reencrypt.c:775
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Покретање поновног шифровања није успело. Резерва заглавља је доступна у „%s“."
+
+#: src/utils_reencrypt.c:803
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "ЛУКС2 дешифровање је подржано само са откаченим уређајем заглавља (са померајем података постављеним на 0)."
+
+#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943
+msgid "Not enough free keyslots for reencryption."
+msgstr "Нема довољно слободних утора кључева за поновно шифровање."
+
+#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Датотека кључа може бити коришћена само са „--key-slot“ или са тачно једним активним утором кључа."
+
+#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Унесите пропусну реч за утор кључа %d: "
+
+#: src/utils_reencrypt.c:985
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Унесите пропусну реч за утор кључа %u: "
+
+#: src/utils_reencrypt.c:1037
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Пребацујем шифрера података на „%s“.\n"
+
+#: src/utils_reencrypt.c:1091
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Никакви параметри подеока података нису измењени. Поновно шифровање је прекинуто."
+
+#: src/utils_reencrypt.c:1187
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Повећање величине одељка шифровања на не прикљученом уређају није подржано.\n"
+"Прво покрените уређај или користите опцију „--force-offline-reencrypt“ (опасно, вруће!!)."
+
+#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Поновно шифровање је прекинуто."
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Ð\97аобилази Ñ\80адни Ñ\80ед â\80\9edm-cryptâ\80\9c и заÑ\85Ñ\82ев Ñ\87иÑ\82аÑ\9aа пÑ\80оÑ\86еÑ\81а иÑ\81Ñ\82овÑ\80емено"
+#: src/utils_reencrypt.c:1232
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Ð\9dаÑ\81Ñ\82авÑ\99ам Ñ\81а Ð\9bУÐ\9aС2 поновним Ñ\88иÑ\84Ñ\80оваÑ\9aем Ñ\83 наÑ\81илном ванмÑ\80ежном Ñ\80ежимÑ\83.\n"
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Заобилази радни ред „dm-crypt“ и захтев писања процеса истовремено"
+#: src/utils_reencrypt.c:1249
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Уређај „%s“ садржи оштећене ЛУКС2 метаподатке. Прекидам радњу."
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Уклањање уређаја је одложено све док га последњи корисник не затвори"
+#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Уређај „%s“ већ јесте ЛУКС уређај. Прекидам радњу."
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Користи опште закључавање за серијализацију меморије чврстог „PBKDF“ („OOM“ заобилазница)"
+#: src/utils_reencrypt.c:1293
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Уређај „%s“ је већ у ЛУКС2 поновном шифровању. Прекидам радњу."
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Ð\92Ñ\80еме â\80\9ePBKDFâ\80\9c понавÑ\99аÑ\9aа за Ð\9bУÐ\9aС (Ñ\83 милиÑ\81екÑ\83ндама)"
+#: src/utils_reencrypt.c:1366
+msgid "LUKS2 decryption requires --header option."
+msgstr "Ð\9bУÐ\9aС2 деÑ\88иÑ\84Ñ\80оваÑ\9aе заÑ\85Ñ\82ева опÑ\86иÑ\98Ñ\83 â\80\9e--headerâ\80\9c."
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "милиÑ\81екÑ\83нде"
+#: src/utils_reencrypt.c:1414
+msgid "Command requires device as argument."
+msgstr "Ð\9dаÑ\80едба заÑ\85Ñ\82ева Ñ\83Ñ\80еÑ\92аÑ\98 као аÑ\80гÑ\83менÑ\82."
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "„PBKDF“ алгоритам (за ЛУКС2): argon2i, argon2id, pbkdf2"
+#: src/utils_reencrypt.c:1427
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС1."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Ограничење трошка „PBKDF“ меморије"
+#: src/utils_reencrypt.c:1433
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС1 поновном шифровању."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "килобајта"
+#: src/utils_reencrypt.c:1439
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Сукобљавајућа издања. Уређај „%s“ је ЛУКС2."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Трошак „PBKDF“ паралеле"
+#: src/utils_reencrypt.c:1445
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Сукобљавајућа издања. Уређај „%s“ је у ЛУКС2 поновном шифровању."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "ниÑ\82и"
+#: src/utils_reencrypt.c:1451
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Ð\9bУÐ\9aС2 поновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\98е веÑ\9b покÑ\80енÑ\83Ñ\82о. Ð\9fÑ\80екидам Ñ\80адÑ\9aÑ\83."
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "ТÑ\80оÑ\88ак â\80\9ePBKDFâ\80\9c понавÑ\99аÑ\9aа (пÑ\80иÑ\81илно, иÑ\81кÑ\99Ñ\83Ñ\87Ñ\83Ñ\98е оÑ\86еÑ\9aиваÑ\9aе)"
+#: src/utils_reencrypt.c:1458
+msgid "Device reencryption not in progress."
+msgstr "Ð\9fоновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\83Ñ\80еÑ\92аÑ\98а ниÑ\98е Ñ\83 Ñ\82окÑ\83."
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Првенство утора кључа: ignore, normal, prefer"
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Не могу изричито да отворим „%s“, уређај је у употреби."
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Ð\98Ñ\81кÑ\99Ñ\83Ñ\87Ñ\83Ñ\98е закÑ\99Ñ\83Ñ\87аваÑ\9aе меÑ\82аподаÑ\82ака на-диÑ\81кÑ\83"
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Ð\94одела поÑ\80еÑ\92ане мемоÑ\80иÑ\98е ниÑ\98е Ñ\83Ñ\81пела."
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Искључује учитавање кључева волумена путем привеска кернела"
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Не могу да читам уређај „%s“."
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Алгоритам целовитости података (само ЛУКС2)"
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Означавам ЛУКС1 уређај „%s“ неупотребљивим."
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Искључује журнал за уређај целовитости"
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Не могу да пишем на уређају „%s“."
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Ð\9dе бÑ\80иÑ\88е Ñ\83Ñ\80еÑ\92аÑ\98 након Ñ\84оÑ\80маÑ\82иÑ\80аÑ\9aа"
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Ð\9dе могÑ\83 да запиÑ\88ем даÑ\82оÑ\82екÑ\83 дневника поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Ð\9aоÑ\80иÑ\81Ñ\82и неделоÑ\82воÑ\80но заÑ\81Ñ\82аÑ\80ело допÑ\83Ñ\9aаваÑ\9aе (Ñ\81Ñ\82аÑ\80и кеÑ\80нели)"
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Ð\9dе могÑ\83 да пÑ\80оÑ\87иÑ\82ам даÑ\82оÑ\82екÑ\83 дневника поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Ð\9dе Ñ\82Ñ\80ажи пÑ\80опÑ\83Ñ\81нÑ\83 Ñ\80еÑ\87 ако акÑ\82иваÑ\86иÑ\98а Ñ\81кÑ\83пином не Ñ\83Ñ\81пе"
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Ð\9fогÑ\80еÑ\88ан Ñ\84оÑ\80маÑ\82 дневника."
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Број скупине (основно: било који)"
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Датотека дневника „%s“ постоји, настављам поновно шифровање.\n"
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Ð\9eпиÑ\81 кÑ\99Ñ\83Ñ\87а"
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Ð\9fокÑ\80еÑ\9bем пÑ\80ивÑ\80емени Ñ\83Ñ\80еÑ\92аÑ\98 коÑ\80иÑ\81Ñ\82еÑ\9bи Ñ\81Ñ\82аÑ\80о Ð\9bУÐ\9aС заглавÑ\99е."
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Ð\92елиÑ\87ина одеÑ\99ка Ñ\88иÑ\84Ñ\80оваÑ\9aа (оÑ\81новно: 512 баÑ\98Ñ\82а)"
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Ð\9fокÑ\80еÑ\9bем пÑ\80ивÑ\80емени Ñ\83Ñ\80еÑ\92аÑ\98 коÑ\80иÑ\81Ñ\82еÑ\9bи ново Ð\9bУÐ\9aС заглавÑ\99е."
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "УпоÑ\82Ñ\80еба IV Ñ\98е Ñ\83бÑ\80оÑ\98ано Ñ\83 велиÑ\87инÑ\83 одеÑ\99ка (не Ñ\83 512 баÑ\98Ñ\82а)"
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Ð\9fокÑ\80еÑ\82аÑ\9aе пÑ\80ивÑ\80еменог Ñ\83Ñ\80еÑ\92аÑ\98а ниÑ\98е Ñ\83Ñ\81пело."
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Ð\9fоÑ\81Ñ\82авÑ\99а Ñ\82Ñ\80аÑ\98ним заÑ\81Ñ\82авиÑ\86е акÑ\82ивиÑ\80аÑ\9aа за Ñ\83Ñ\80еÑ\92аÑ\98"
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да поÑ\81Ñ\82авим помеÑ\80аÑ\98 подаÑ\82ака."
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Ð\9fоÑ\81Ñ\82авÑ\99а наÑ\82пиÑ\81 за Ð\9bУÐ\9aС2 Ñ\83Ñ\80еÑ\92аÑ\98"
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да поÑ\81Ñ\82авим велиÑ\87инÑ\83 меÑ\82аподаÑ\82ака."
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Поставља натпис подсистема за ЛУКС2 уређај"
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Направљено је ново ЛУКС заглавље за уређај „%s“."
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Ствара или избацује неувезане (не додељене подеоке података) ЛУКС2 уторе кључа"
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Направљена је резерва „%s“ заглавља за уређај „%s“."
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "ЧиÑ\82а или запиÑ\81Ñ\83Ñ\98е â\80\9ejsonâ\80\9c из или Ñ\83 даÑ\82оÑ\82екÑ\83"
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Ð\9dиÑ\98е Ñ\83Ñ\81пело пÑ\80авÑ\99еÑ\9aе Ñ\80езеÑ\80ве Ð\9bУÐ\9aС заглавÑ\99а."
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Величина области метаподатака ЛУКС2 заглавља"
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Не могу да повратим „%s“ заглавље на уређају „%s“."
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Величина области утора кључева ЛУКС2 заглавља"
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Повраћено је „%s“ заглавље на уређају „%s“."
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Ð\9eÑ\81вежава (поново акÑ\82ивиÑ\80а) Ñ\83Ñ\80еÑ\92аÑ\98 Ñ\81а новим паÑ\80амеÑ\82Ñ\80има"
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Ð\9dе могÑ\83 да оÑ\82воÑ\80им пÑ\80ивÑ\80емени Ð\9bУÐ\9aС Ñ\83Ñ\80еÑ\92аÑ\98."
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Ð\9bУÐ\9aС2 Ñ\83Ñ\82оÑ\80 кÑ\99Ñ\83Ñ\87а: Ð\92елиÑ\87ина кÑ\99Ñ\83Ñ\87а Ñ\88иÑ\84Ñ\80оваÑ\9aа"
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Ð\9dе могÑ\83 да добавим велиÑ\87инÑ\83 Ñ\83Ñ\80еÑ\92аÑ\98а."
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Ð\9bУÐ\9aС2 Ñ\83Ñ\82оÑ\80 кÑ\99Ñ\83Ñ\87а: ШиÑ\84Ñ\80еÑ\80 коÑ\80иÑ\88Ñ\9bен за Ñ\88иÑ\84Ñ\80оваÑ\9aе иÑ\81ека кÑ\99Ñ\83Ñ\87а"
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "УÐ\98 гÑ\80еÑ\88ка за вÑ\80еме поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "ШиÑ\84Ñ\80Ñ\83Ñ\98е Ð\9bУÐ\9aС2 Ñ\83Ñ\80еÑ\92аÑ\98 (Ñ\83 меÑ\81Ñ\82Ñ\83 Ñ\88иÑ\84Ñ\80оваÑ\9aе)."
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Ð\94оÑ\81Ñ\82авÑ\99ени УУÐ\98Ð\94 ниÑ\98е иÑ\81пÑ\80аван."
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Ð\94еÑ\88иÑ\84Ñ\80Ñ\83Ñ\98е Ð\9bУÐ\9aС2 Ñ\83Ñ\80еÑ\92аÑ\98 (Ñ\83клаÑ\9aа Ñ\88иÑ\84Ñ\80оваÑ\9aе)."
+#: src/utils_reencrypt_luks1.c:1220
+msgid "Cannot open reencryption log file."
+msgstr "Ð\9dе могÑ\83 да оÑ\82воÑ\80им даÑ\82оÑ\82екÑ\83 дневника поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Ð\9fокÑ\80еÑ\9bе Ð\9bУÐ\9aС2 поновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\81амо Ñ\83 меÑ\82аподаÑ\86има."
+#: src/utils_reencrypt_luks1.c:1226
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Ð\9dема опиÑ\81а Ñ\83 напÑ\80еÑ\82кÑ\83, доÑ\81Ñ\82авÑ\99ени УУÐ\98Ð\94 Ñ\81е може коÑ\80иÑ\81Ñ\82иÑ\82и Ñ\81амо за наÑ\81Ñ\82авÑ\99аÑ\9aе заÑ\83Ñ\81Ñ\82авÑ\99еног пÑ\80оÑ\86еÑ\81а деÑ\88иÑ\84Ñ\80оваÑ\9aа."
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Наставља само са започетим ЛУКС2 поновним шифровањем."
+#: src/utils_reencrypt_luks1.c:1280
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s."
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "СмаÑ\9aÑ\83Ñ\98е велиÑ\87инÑ\83 Ñ\83Ñ\80еÑ\92аÑ\98а подаÑ\82ака (пÑ\80емеÑ\88Ñ\82а помеÑ\80аÑ\98 подаÑ\82ака). Ð\9eÐ\92Ð\9e Ð\88Ð\95 Ð\9eÐ\9fÐ\90СÐ\9dÐ\9e!"
+#: src/utils_reencrypt_luks1.c:1281
+msgid "volume key"
+msgstr "кÑ\99Ñ\83Ñ\87 волÑ\83мена"
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Ð\9dаÑ\98веÑ\9bа велиÑ\87ина вÑ\80Ñ\83Ñ\9bе зоне поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
+#: src/utils_reencrypt_luks1.c:1283
+msgid "set hash to "
+msgstr "поÑ\81Ñ\82авÑ\99а Ñ\85еÑ\88 на "
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Врста гипкости вруће зоне поновног шифровања (checksum,journal,none)"
+#: src/utils_reencrypt_luks1.c:1284
+msgid ", set cipher to "
+msgstr ", поставља шифрера на "
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Хеш суме првере вруће зоне поновног шифровања"
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис партиције.\n"
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Заобилази самооткривање уређаја дм уређаја за поновно шифровање"
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис суперблока.\n"
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[ОПЦИЈА...] <радња> <посебност-радње>"
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Нисам успео да покренем пробе потписа уређаја."
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "Недостаје аргумент <радња>."
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Нисам успео да добавим податке уређаја „%s“."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Непозната радња."
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Нисам успео да отворим датотеку „%s“ у режиму читања/писања."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Опције „--refresh“ и „--test-passphrase“ се узајамно искључују."
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Постојећи потпис „%s“ партиције на уређају „%s“ биће обрисан."
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Опција „--deferred“ је допуштена само за наредбу затварања."
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Постојећи потпис „%s“ суперблока на уређају „%s“ биће обрисан."
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--sharedâ\80\9c Ñ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ног уређаја."
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да обÑ\80иÑ\88ем поÑ\82пиÑ\81 уређаја."
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Опција „--allow-discards“ је допуштена само за радњу отварања."
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Нисам успео да испробам уређај „%s“ за потписом."
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Опција „--persistent“ је допуштена само за радњу отварања."
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Неисправна одредба величине у параметру „--%s“."
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Опција „--serialize-memory-hard-pbkdf“ је допуштена само за радњу отварања."
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Опција „--%s“ није дозвољена са радњом „%s“."
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--persistentâ\80\9c ниÑ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81а опÑ\86иÑ\98ом â\80\9e--test-passphraseâ\80\9c."
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да запиÑ\88ем â\80\9ejsonâ\80\9c Ñ\81кÑ\83пине безбедне Ñ\88коÑ\99ке."
-#: src/cryptsetup.c:3917
+#: tokens/ssh/cryptsetup-ssh.c:128
msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
msgstr ""
-"Опција „--key-size“ је допуштена само за „luksFormat“, „luksAddKey“, отварање\n"
-"и оцењивање. Да ограничите читање из датотеке кључа користите „--keyfile-size=(бајтова)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Опција „--integrity“ је допуштена само за „luksFormat“ (ЛУКС2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Опција „--integrity-no-wipe“ се може користити само за радњу форматирања са проширењем целовитости."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Опције „--label“ и „--subsystem“ су допуштене само за „luksFormat“ и „config LUKS2“."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Опција „--test-passphrase“ је допуштена само за отварање ЛУКС, „TCRYPT“ и „BITLK“ уређаја."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Величина кључа мора бити умножак од 8 бита"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Утор кључа није исправан."
+"Експериментални прикључак „cryptsetup“ прикључка за откључавање ЛУКС\" уређаја са скупином повезаномна сервер безбедне шкољке\\vОвај прикључак тренутно омогућава само додавање скупине постојећем утору кључа.\n"
+"\n"
+"Наведени сервер безбедне шкољке мора да садржи датотеку кључа на наведеној путањи са лозинком за постојећи утор кључа на уређају.\n"
+"Достављене креденцијале ће користити „cryptsetup“ да добави лозинку приликом отварања уређаја користећи скупину.\n"
+"\n"
+"Напомена: Информација достављена приликом додавања скупине (адреса сервера безбедне шкољке, корисник и путање) биће смештена у ЛУКС2 заглављу у обичном тексту."
-#: src/cryptsetup.c:3958
-msgid "Option --key-file takes precedence over specified key file argument."
-msgstr "Опција „--key-file“ има првенство над наведеним аргументом датотеке кључа."
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<радња> <уређај>"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Негативан број за опцију није допуштен."
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Опције за радњу „add“ (додај):"
-#: src/cryptsetup.c:3969
-msgid "Only one --key-file argument is allowed."
-msgstr "Ð\94озвоÑ\99ен Ñ\98е Ñ\81амо Ñ\98едан аÑ\80гÑ\83менÑ\82 â\80\9e--key-fileâ\80\9c."
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "Ð\98Ð\9f адÑ\80еÑ\81а/УРÐ\9b Ñ\83даÑ\99еног Ñ\81еÑ\80веÑ\80а за овÑ\83 Ñ\81кÑ\83пинÑ\83"
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Дозвољена је само једна опција „--use-[u]random“."
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Корисничко име коришћено за удаљени сервер"
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--use-[u]randomâ\80\9c Ñ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81амо за â\80\9eluksFormatâ\80\9c."
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Ð\9fÑ\83Ñ\82аÑ\9aа до даÑ\82оÑ\82еке кÑ\99Ñ\83Ñ\87а на Ñ\83даÑ\99еном Ñ\81еÑ\80веÑ\80Ñ\83"
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--uuidâ\80\9c Ñ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81амо за â\80\9eluksFormatâ\80\9c и â\80\9eluksUUIDâ\80\9c."
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Ð\9fÑ\83Ñ\82аÑ\9aа до кÑ\99Ñ\83Ñ\87а безбедне Ñ\88коÑ\99ке за повезиваÑ\9aе на Ñ\83даÑ\99ени Ñ\81еÑ\80веÑ\80"
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--align-payloadâ\80\9c Ñ\98е допÑ\83Ñ\88Ñ\82ена Ñ\81амо за â\80\9eluksFormatâ\80\9c."
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "УÑ\82оÑ\80 кÑ\99Ñ\83Ñ\87а коме Ñ\81е додеÑ\99Ñ\83Ñ\98е Ñ\81кÑ\83пина. Ð\90ко ниÑ\98е наведено, Ñ\81кÑ\83пина Ñ\9bе биÑ\82и додеÑ\99ена пÑ\80вом Ñ\83Ñ\82оÑ\80Ñ\83 кÑ\99Ñ\83Ñ\87а коÑ\98и поклопи доÑ\81Ñ\82авÑ\99енÑ\83 лозинкÑ\83."
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Ð\9eпÑ\86иÑ\98е â\80\9e--luks2-metadata-sizeâ\80\9c и â\80\9e--opt-luks2-keyslots-sizeâ\80\9c Ñ\81Ñ\83 допÑ\83Ñ\88Ñ\82ене Ñ\81амо за â\80\9eluksFormatâ\80\9c Ñ\81а Ð\9bУÐ\9aС-ом2."
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Ð\9eпÑ\88Ñ\82е опÑ\86иÑ\98е:"
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Ð\9dеиÑ\81пÑ\80авна одÑ\80едба велиÑ\87ине Ð\9bУÐ\9aС2 меÑ\82аподаÑ\82ака."
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Ð\9fÑ\80иказÑ\83Ñ\98е опÑ\88иÑ\80ниÑ\98е поÑ\80Ñ\83ке о гÑ\80еÑ\88кама"
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Ð\9dеиÑ\81пÑ\80авна одÑ\80едба велиÑ\87ине Ð\9bУÐ\9aС2 Ñ\83Ñ\82оÑ\80а кÑ\99Ñ\83Ñ\87ева."
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Ð\9fÑ\80иказÑ\83Ñ\98е поÑ\80Ñ\83ке пÑ\80оÑ\87иÑ\88Ñ\9bаваÑ\9aа"
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Ð\9eпÑ\86иÑ\98е â\80\9e--align-payloadâ\80\9c и â\80\9e--offsetâ\80\9c Ñ\81е не могÑ\83 комбиноваÑ\82и."
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Ð\9fÑ\80иказÑ\83Ñ\98е поÑ\80Ñ\83ке пÑ\80оÑ\87иÑ\88Ñ\9bаваÑ\9aа Ñ\83кÑ\99Ñ\83Ñ\87Ñ\83Ñ\98Ñ\83Ñ\9bи â\80\9eJSONâ\80\9c меÑ\82аподаÑ\82ке"
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--skipâ\80\9c Ñ\98е подÑ\80жана Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ниÑ\85 и Ñ\83пеÑ\82Ñ\99аниÑ\85 Ñ\83Ñ\80еÑ\92аÑ\98а."
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да оÑ\82воÑ\80им и Ñ\83везем пÑ\80иваÑ\82ни кÑ\99Ñ\83Ñ\87:\n"
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--offsetâ\80\9c Ñ\98е подÑ\80жана Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ниÑ\85 и Ñ\83пеÑ\82Ñ\99аниÑ\85 Ñ\83Ñ\80еÑ\92аÑ\98а, â\80\9eluksFormatâ\80\9c и поновно Ñ\88иÑ\84Ñ\80оваÑ\9aе Ñ\83Ñ\80еÑ\92аÑ\98а."
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да Ñ\83везем пÑ\80иваÑ\82ни кÑ\99Ñ\83Ñ\87 (заÑ\88Ñ\82иÑ\9bен лозинком?).\n"
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Опција „--tcrypt-hidden“, „--tcrypt-system“ или „--tcrypt-backup“ је подржана само за ТКРИПТ уређај."
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "„%s@%s“ лозинка: "
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Опција „--tcrypt-hidden“ не може бити обједињена са „--allow-discards“."
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Нисам успео да обрадим аргументе.\n"
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Опција „--veracrypt“ је подржана само за ТКРИПТ уређај."
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Мора бити наведена радња\n"
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Достављен је неисправан аргумент за параметар „--veracrypt-pim“."
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Уређај мора бити наведен за радњу „%s“.\n"
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Опција „--veracrypt-pim“ је подржана само за „VeraCrypt“ сагласне уређаје."
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Сервер безбедне шкољке мора бити наведен за радњу „%s“.\n"
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Опција „--veracrypt-query-pim“ је подржана само за „VeraCrypt“ сагласне уређаје."
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Корисник безбедне шкољке мора бити наведен за радњу „%s“.\n"
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Опције „--veracrypt-pim“ и „--veracrypt-query-pim“ се узајамно искључују."
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Путања безбедне шкољке мора бити наведена за радњу „%s“.\n"
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Опција „--priority“ може бити само „ignore/normal/prefer“."
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Путања кључа безбедне шкољке мора бити наведена за радњу „%s“.\n"
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Одредба утора кључа је потребна."
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Нисам успео да отворим „%s“ користећи достављена уверења.\n"
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr "Функција произилажења кључа заснованог на пропусној речи (PBKDF) може бити само „pbkdf2“ или „argon2i/argon2id“."
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Само радња „add“ (додај) је тренутно подржана овим прикључком.\n"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr "„PBKDF“ присиљена понављања се не могу комбиновати са опцијом времена понављања."
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Не могу да направим сфтп сесију: "
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Ð\9eпÑ\86иÑ\98а велиÑ\87ине Ñ\81екÑ\82оÑ\80а ниÑ\98е подÑ\80жана за овÑ\83 наÑ\80едбÑ\83."
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Ð\9dе могÑ\83 да покÑ\80енем Ñ\81Ñ\84Ñ\82п Ñ\81еÑ\81иÑ\98Ñ\83: "
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Ð\9eпÑ\86иÑ\98а великиÑ\85 IV одеÑ\99ака Ñ\98е подÑ\80жана Ñ\81амо за оÑ\82ваÑ\80аÑ\9aе обиÑ\87ниÑ\85 Ñ\83Ñ\80еÑ\92аÑ\98а Ñ\81а велиÑ\87ином одеÑ\99ка веÑ\9bом од 512 баÑ\98Ñ\82а."
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Ð\9dе могÑ\83 да оÑ\82воÑ\80им Ñ\81Ñ\84Ñ\82п Ñ\81еÑ\81иÑ\98Ñ\83: "
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Ð\92елиÑ\87ина кÑ\99Ñ\83Ñ\87а Ñ\98е поÑ\82Ñ\80ебна Ñ\81а опÑ\86иÑ\98ом â\80\9e--unboundâ\80\9c."
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Ð\9dе могÑ\83 да добавим подаÑ\82ке Ñ\81Ñ\84Ñ\82п даÑ\82оÑ\82еке: "
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--unboundâ\80\9c Ñ\81е може коÑ\80иÑ\81Ñ\82иÑ\82и Ñ\81амо Ñ\81а Ñ\80адÑ\9aама â\80\9eluksAddKeyâ\80\9c и â\80\9eluksDumpâ\80\9c."
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Ð\9dема довоÑ\99но мемоÑ\80иÑ\98е.\n"
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Ð\9eпÑ\86иÑ\98а â\80\9e--refreshâ\80\9c Ñ\81е може коÑ\80иÑ\81Ñ\82иÑ\82и Ñ\81амо Ñ\81а Ñ\80адÑ\9aом оÑ\82ваÑ\80аÑ\9aа."
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Ð\9dе могÑ\83 да пÑ\80оÑ\87иÑ\82ам Ñ\83даÑ\99ени кÑ\99Ñ\83Ñ\87: "
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr "Ð\9dе могÑ\83 да иÑ\81кÑ\99Ñ\83Ñ\87им закÑ\99Ñ\83Ñ\87аваÑ\9aе меÑ\82аподаÑ\82ака."
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Ð\9fовезиваÑ\9aе ниÑ\98е Ñ\83Ñ\81пело: "
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Ð\9dеиÑ\81пÑ\80авна одÑ\80едба наÑ\98веÑ\9bе велиÑ\87ине вÑ\80Ñ\83Ñ\9bе зоне поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "СеÑ\80веÑ\80 ниÑ\98е познаÑ\82: "
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Неисправна одредба величине уређаја."
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Метода потврђивања идентитета јавног кључа није допуштена на домаћину.\n"
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Ð\9dаÑ\98веÑ\9bа велиÑ\87ина Ñ\81маÑ\9aеÑ\9aа Ñ\83Ñ\80еÑ\92аÑ\98а Ñ\98е 1 GiB."
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Ð\93Ñ\80еÑ\88ка поÑ\82вÑ\80Ñ\92иваÑ\9aа иденÑ\82иÑ\82еÑ\82а Ñ\98авног кÑ\99Ñ\83Ñ\87а: "
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Величина смањивања мора бити умножак одељка од 512 бајта."
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Нисам успео да прочитам „BITLK“ потпис из „%s“."
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Неисправна одредба величине података."
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Неисправан или непознат потпис за „BITLK“ уређај."
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Прекорачење величине смањења."
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Нисам успео да очистим податке подеока резерве."
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "ЛУКС2 дешифровање захтева опцију „--header“."
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Нисам успео да искључим заставицу захтева поновног шифровања."
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Величина уређаја мора бити умножак одељка од 512 бајта."
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Шифровање је подржано само за ЛУКС2 запис."
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Опције „--reduce-device-size“ и „--data-size“ се не могу комбиновати."
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "Откривен је ЛУКС уређај на „%s“. Да ли желите опет да шифрујете тај ЛУКС уређај?"
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Опције „--device-size“ и „--size“ се не могу комбиновати."
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "Само је ЛУКС2 запис тренутно подржан. Користите алат „cryptsetup-reencrypt“ за ЛУКС1."
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Опције „--keyslot-cipher“ и „--keyslot-key-size“ се морају користити заједно."
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Старо ванмрежно поновно шифровање је већ у току. Користите помагало „cryptsetup-reencrypt“."
-#: src/veritysetup.c:76
-msgid "Invalid salt string specified."
-msgstr "Наведена је неисправна ниска присолка."
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "ЛУКС2 уређај није у поновном шифровању."
-#: src/veritysetup.c:107
-#, c-format
-msgid "Cannot create hash image %s for writing."
-msgstr "Не могу да направим хеш слику „%s“ ради уписа."
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Постављам заставицу ЛУКС2 ванмрежног поновног шифровања на уређају „%s“."
-#: src/veritysetup.c:117
-#, c-format
-msgid "Cannot create FEC image %s for writing."
-msgstr "Не могу да направим „FEC“ слику „%s“ ради уписа."
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Ово издање „cryptsetup-reencrypt“ не може да ради са новом унутрашњом врстом скупине „%s“."
-#: src/veritysetup.c:191
-msgid "Invalid root hash string specified."
-msgstr "Наведена је неисправна ниска хеша корена."
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Нисам успео да прочитам заставице активирања из заглавља резерве."
-#: src/veritysetup.c:199
-#, c-format
-msgid "Invalid signature file %s."
-msgstr "Неисправна датотека потписа „%s“."
+#~ msgid "Failed to read requirements from backup header."
+#~ msgstr "Нисам успео да прочитам потрепштине из заглавља резерве."
-#: src/veritysetup.c:206
-#, c-format
-msgid "Cannot read signature file %s."
-msgstr "Не могу да прочитам датотеку потписа „%s“."
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Измењени су „pbkdf“ параметри у утору кључа %i."
-#: src/veritysetup.c:406
-msgid "<data_device> <hash_device>"
-msgstr "<уређај_података> <уређај_хеша>"
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Само вредности између 1 MiB и 64 MiB су допуштене завеличину блока поновног шифровања."
-#: src/veritysetup.c:406 src/integritysetup.c:492
-msgid "format device"
-msgstr "форматира уређај"
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Највећа величина смањења уређаја је 64 MiB."
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<уређај_података> <уређај_хеша> <хеш_корена>"
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[ОПЦИЈА...] <уређај>"
-#: src/veritysetup.c:407
-msgid "verify device"
-msgstr "проверава уређај"
+#~ msgid "Argument required."
+#~ msgstr "Потребан је аргумент."
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<уређај_података> <назив> <уређај_хеша> <хеш_корена>"
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Опција „--new“ се мора користити са „--reduce-device-size“ или „--header“."
-#: src/veritysetup.c:410 src/integritysetup.c:495
-msgid "show active device status"
-msgstr "показује стање радног уређаја"
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Опција „--keep-key“ може да се користи само са „--hash“, „--iter-time“ или „--pbkdf-force-iterations“."
-#: src/veritysetup.c:411
-msgid "<hash_device>"
-msgstr "<уређај_хеша>"
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Опција „--new“ не може да се користи са „--decrypt“."
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
-msgstr "приказује податке на-диску"
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Опција „--decrypt“ није сагласна са наведеним параметрима."
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
-msgstr ""
-"\n"
-"<назив> јесте уређај за стварање под „%s“\n"
-"<уређај_података> јесте уређај података\n"
-"<уређај_хеша> јесте уређај који садржи податке проверавања\n"
-"<хеш_корена> хеш кореног чвора на <уређају_хеша>\n"
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Опција „--uuid“ је дозвољена само заједно са „--decrypt“."
-#: src/veritysetup.c:437
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
-msgstr ""
-"\n"
-"Основни преведени параметри дм-тачности:\n"
-"\tХеш: %s, Блок података (бајта): %u, Блок хеша (бајта): %u, Величина присолка: %u, Запис хеша: %u\n"
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Неисправна лукс врста. Користите: „luks“, „luks1“ или „luks2“."
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Не користи суперблок тачности"
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Уређај „%s“ је у употреби. Не могу да наставим са радњом форматирања."
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Врста записа (1 — обично, 0 — изворни Хром ОС)"
+#~ msgid "No free token slot."
+#~ msgstr "Нема слободног утора скупине."
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "број"
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Неисправна врста ЛУКС уређаја."
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Величина блока на уређају података"
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Шифрер коришћен за шифровање диска (видите „/proc/crypto“)"
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Величина блока на уређају хеша"
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Хеш коришћен за стварање кључа шифровања из лозинке"
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "Бајтови „FEC“ парности"
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Проверава лозинку тражећи је два пута"
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Број блокова у датотеци података"
+#~ msgid "Read the key from a file"
+#~ msgstr "Чита кључ из датотеке"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "блокови"
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Чита (главни) кључ вочумена из датотеке."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Путања до уређаја са подацима исправке грешке"
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Даје (главни) кључ волумена уместо података утора кључева"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "путања"
+#~ msgid "The size of the encryption key"
+#~ msgstr "Величина кључа шифровања"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Почетни померај на уређају хеша"
+#~ msgid "BITS"
+#~ msgstr "БИТА"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Почетни померај на „FEC“ уређају"
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Ограничава читање из датотеке кључа"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Алгоритам хеша"
+#~ msgid "bytes"
+#~ msgstr "бајта"
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "ниска"
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Број бајтова за прескакање у датотеци кључа"
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Присолак"
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Ограничава читање из новододате датотеке кључа"
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "ниска хеша"
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Број бајтова за прескакање у новододатој датотеци кључа"
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Путања до датотеке потписа хеша корена"
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Број утора за нови кључ (основно је први слободан)"
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Поново покреће језгро ако је откривено оштећење"
+#~ msgid "The size of the device"
+#~ msgstr "Величина уређаја"
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Успаничи језгро ако је откривено оштећење"
+#~ msgid "SECTORS"
+#~ msgstr "ОДЕЉЦИ"
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Занемарује оштећење, само га бележи у дневник"
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Користи само наведену величину уређаја (занемарује остатак уређаја). ОВО ЈЕ ОПСАНО!"
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Не проверава нулиране блокове"
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Почетни померај у позадинском уређају"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Проверава блок података само приликом првог читања"
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Број одељака шифрованих података за прескакање на почетку"
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Опције „--ignore-corruption“, „--restart-on-corruption“ или „--ignore-zero-blocks“ су дозвољене само за радње отварања."
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Прави мапирање само за читање"
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Опција „--root-hash-signature“ се може користити само за радњу отварања."
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Не тражи потврђивање"
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Опције „--ignore-corruption“ и „--restart-on-corruption“ се не могу користити заједно."
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Време за упит међудејствене лозинке (у секундама)"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Опције „--panic-on-corruption“ и „--restart-on-corruption“ се не могу користити заједно."
+#~ msgid "secs"
+#~ msgstr "секунде"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Неисправна величина кључа."
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Напредак освежења реда (у секундама)"
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Не могу да прочитам датотеку кључа „%s“."
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Колико често унос лозинке може бити покушан"
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Не могу да прочитам %d бајта из датотеке кључа „%s“."
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Поравнава утовар на границе <n> одељка — за „luksFormat“"
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Форматирано ознаком величине %u, унутрашња целовитост „%s“.\n"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Датотека са резервом „LUKS“ заглавља и уторима кључева"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<уређај_целовитости>"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Користи „/dev/random“ за стварање кључа волумена"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<уређај_целовитости> <назив>"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Користи „/dev/urandom“ за стварање кључа волумена"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<назив> јесте уређај за стварање под „%s“\n"
-"<уређај_целовитости> јесте уређај који садржи податке са ознакама целовитости\n"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Дели уређај са другим не-преклапајућим подеоком шифрера"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Основни уграђени параметри дм-целовитости:\n"
-"\tАлгоритам провере суме: %s\n"
+#~ msgid "UUID for device to use"
+#~ msgstr "УЈИБ уређаја за коришћење"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Путања до уређаја података (ако је одвојен)"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Допушта одбацивања (тј. СКРАЋЕЊЕ) захтева за уређај"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Величина журнала"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Уређај или датотека са одвојеним ЛУКС заглављем"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Подеоци преплетања"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Не покреће уређај, само проверава лозинку"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Жиг журнала"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Користи скривено заглавље (скривени ТКРИПТ уређај)"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "проценат"
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Уређај је ТКРИПТ диск система (са подизачем система)"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Време предаје журнала"
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Користи резервно (другоразредно) ТКРИПТ заглавље"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Такође обавља преглед за уређајима сагласним са Веракриптом"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Број 512-битних подеока по биту (режим битмапе)."
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Лични умножавач понављања за „VeraCrypt“ сагласан уређај"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Време испирања режима битмапе"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Пропитује лични умножавач понављања за „VeraCrypt“ сагласан уређај"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Величина ознаке (по подеоку)"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Врста метаподатака уређаја: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Величина сектора"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Искључује проверу квалитета лозинке (ако је укључена)"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Величина међумеморија"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Користи опцију сагласности перформансе „same_cpu_crypt“ дм-крипта"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Алгоритам целовитости података"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Користи опцију сагласности перформансе „submit_from_crypt_cpus“ дм-крипта"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Величина кључа целовитости података"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Заобилази радни ред „dm-crypt“ и захтев читања процеса истовремено"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Чита кључ целовитости из датотеке"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Заобилази радни ред „dm-crypt“ и захтев писања процеса истовремено"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Алгоритам целовитости журнала"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Уклањање уређаја је одложено све док га последњи корисник не затвори"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Величина кључа целовитости журнала"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Користи опште закључавање за серијализацију меморије чврстог „PBKDF“ („OOM“ заобилазница)"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Чита кључ целовитости журнала из датотеке"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Време „PBKDF“ понављања за ЛУКС (у милисекундама)"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Алгоритам шифровања журнала"
+#~ msgid "msecs"
+#~ msgstr "милисекунде"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Величина кључа шифровања журнала"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "„PBKDF“ алгоритам (за ЛУКС2): argon2i, argon2id, pbkdf2"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Чита кључ шифровања журнала из датотеке"
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Ограничење трошка „PBKDF“ меморије"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Режим опоравка (без журнала, без провере ознаке)"
+#~ msgid "kilobytes"
+#~ msgstr "килобајта"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Користи битмапу да прати измене и да искључи журнал за уређај целовитости"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Трошак „PBKDF“ паралеле"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Аутоматски поново израчунава почетне ознаке."
+#~ msgid "threads"
+#~ msgstr "нити"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Не штити суперблок са „HMAC“-ом (стари кернели)"
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Трошак „PBKDF“ понављања (присилно, искључује оцењивање)"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Допушта поновно израчунавање волумена са „HMAC“ кључевима (стари кернели)"
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Првенство утора кључа: ignore, normal, prefer"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Опција „--integrity-recalculate“ се може користити само за радњу отварања."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Искључује закључавање метаподатака на-диску"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Опције „--journal-size“, „--interleave-sectors“, „--sector-size“, „--tag-size“ и „--no-wipe“ се могу користити само за радњу форматирања."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Искључује учитавање кључева волумена путем привеска кернела"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Неисправна одредба величине журнала."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Алгоритам целовитости података (само ЛУКС2)"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Мора бити наведена и опција датотеке кључа и опција величине кључа."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Искључује журнал за уређај целовитости"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Мора бити наведена и опција датотеке кључа целовитости журнала и опција величине кључа."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Не брише уређај након форматирања"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Алгоритам целовитости журнала мора бити наведен ако се користи кључ целовитости журнала."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Користи неделотворно застарело допуњавање (стари кернели)"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Мора бити наведена и опција датотеке кључа шифровања журнала и опција величине кључа."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Не тражи пропусну реч ако активација скупином не успе"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Алгоритам шифровања журнала мора бити наведен ако се користи кључ шифровања журнала."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Број скупине (основно: било који)"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Опције режима опоравка и битмапе се узајамно искључују."
+#~ msgid "Key description"
+#~ msgstr "Опис кључа"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Опције журнала се не могу користити у режиму битмапе."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Величина одељка шифровања (основно: 512 бајта)"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Опције битмапе се могу користити само у режиму битмапе."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Употреба IV је убројано у величину одељка (не у 512 бајта)"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Поновно шифровање је већ у току."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Поставља трајним заставице активирања за уређај"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Не могу изричито да отворим „%s“, уређај је у употреби."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Поставља натпис за ЛУКС2 уређај"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Додела поређане меморије није успела."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Поставља натпис подсистема за ЛУКС2 уређај"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Не могу да читам уређај „%s“."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Ствара или избацује неувезане (не додељене подеоке података) ЛУКС2 уторе кључа"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "Означавам ЛУКС1 уређај „%s“ неупотребљивим."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Чита или записује „json“ из или у датотеку"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Постављам заставицу ЛУКС2 ванмрежног поновног шифровања на уређају „%s“."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Величина области метаподатака ЛУКС2 заглавља"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Не могу да пишем на уређају „%s“."
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Величина области утора кључева ЛУКС2 заглавља"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Не могу да запишем датотеку дневника поновног шифровања."
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Освежава (поново активира) уређај са новим параметрима"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Не могу да прочитам датотеку дневника поновног шифровања."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "ЛУКС2 утор кључа: Величина кључа шифровања"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Датотека дневника „%s“ постоји, настављам поновно шифровање.\n"
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "ЛУКС2 утор кључа: Шифрер коришћен за шифровање исека кључа"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Покрећем привремени уређај користећи старо ЛУКС заглавље."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Шифрује ЛУКС2 уређај (у месту шифровање)."
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Покрећем привремени уређај користећи ново ЛУКС заглавље."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Дешифрује ЛУКС2 уређај (уклања шифровање)."
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Покретање привременог уређаја није успело."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Покреће ЛУКС2 поновно шифровање само у метаподацима."
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Нисам успео да поставим померај података."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Наставља само са започетим ЛУКС2 поновним шифровањем."
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Нисам успео да поставим величину метаподатака."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Смањује величину уређаја података (премешта померај података). ОВО ЈЕ ОПАСНО!"
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Направљено је ново ЛУКС заглавље за уређај „%s“."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Највећа величина вруће зоне поновног шифровања."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Ово издање „cryptsetup-reencrypt“ не може да ради са новом унутрашњом врстом скупине „%s“."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Врста гипкости вруће зоне поновног шифровања (checksum,journal,none)"
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Нисам успео да прочитам заставице активирања из заглавља резерве."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Хеш суме првере вруће зоне поновног шифровања"
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Нисам успео да упишем заставице активирања у ново заглавље."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Заобилази самооткривање уређаја дм уређаја за поновно шифровање"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Нисам успео да прочитам потрепштине из заглавља резерве."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Опција „--deferred“ је допуштена само за наредбу затварања."
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Направљена је резерва „%s“ заглавља за уређај „%s“."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Опција „--allow-discards“ је допуштена само за радњу отварања."
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Није успело прављење резерве ЛУКС заглавља."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Опција „--persistent“ је допуштена само за радњу отварања."
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Не могу да повратим „%s“ заглавље на уређају „%s“."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Опција „--serialize-memory-hard-pbkdf“ је допуштена само за радњу отварања."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "Повраћено је „%s“ заглавље на уређају „%s“."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Опција „--key-size“ је допуштена само за „luksFormat“, „luksAddKey“, отварање\n"
+#~ "и оцењивање. Да ограничите читање из датотеке кључа користите „--keyfile-size=(бајтова)."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Не могу да отворим привремени ЛУКС уређај."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Опција „--integrity“ је допуштена само за „luksFormat“ (ЛУКС2)."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Не могу да добавим величину уређаја."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Опције „--label“ и „--subsystem“ су допуштене само за „luksFormat“ и „config LUKS2“."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "УИ грешка за време поновног шифровања."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "Негативан број за опцију није допуштен."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Достављени УУИД није исправан."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Опција „--use-[u]random“ је допуштена само за „luksFormat“."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Не могу да отворим датотеку дневника поновног шифровања."
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Опција „--uuid“ је допуштена само за „luksFormat“ и „luksUUID“."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Нема описа у напретку, достављени УУИД се може користити само за настављање заустављеног процеса дешифровања."
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Опција „--align-payload“ је допуштена само за „luksFormat“."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Измењени су „pbkdf“ параметри у утору кључа %i."
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Опције „--luks2-metadata-size“ и „--opt-luks2-keyslots-size“ су допуштене само за „luksFormat“ са ЛУКС-ом2."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Величина блока поновног шифровања"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Неисправна одредба величине ЛУКС2 метаподатака."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Неисправна одредба величине ЛУКС2 утора кључева."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Не мења кључ, нема поновног шифровања области података"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Опција „--offset“ је подржана само за отварање обичних и упетљаних уређаја, „luksFormat“ и поновно шифровање уређаја."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Чита (главни) кључ волумена из датотеке"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Достављен је неисправан аргумент за параметар „--veracrypt-pim“."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Време ПБКДФ2 понављања за ЛУКС (у милисекундама)"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "Опција величине сектора није подржана за ову наредбу."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Користи непосредни-уи приликом приступа уређајима"
+#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#~ msgstr "Опција „--unbound“ се може користити само са радњама „luksAddKey“ и „luksDump“."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Користи ф-усаглашавање након сваког блока"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Опција „--refresh“ се може користити само са радњом отварања."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Освежава датотеку дневника након сваког блока"
+#~ msgid "Invalid device size specification."
+#~ msgstr "Неисправна одредба величине уређаја."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Користи само овај утор (остали ће бити искључени)"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Прекорачење величине смањења."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Прави ново заглавље на нешифрованом уређају"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Не користи суперблок тачности"
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Трајно дешифрује уређај (уклања шифровање)"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Врста записа (1 — обично, 0 — изворни Хром ОС)"
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "УЈИБ коришћен за настављање дешифровања"
+#~ msgid "number"
+#~ msgstr "број"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Врста ЛУКС метаподатака: luks1, luks2"
+#~ msgid "Block size on the data device"
+#~ msgstr "Величина блока на уређају података"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[ОПЦИЈА...] <уређај>"
+#~ msgid "Block size on the hash device"
+#~ msgstr "Величина блока на уређају хеша"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Поновно шифровање ће изменити: %s%s%s%s%s%s."
+#~ msgid "FEC parity bytes"
+#~ msgstr "Бајтови „FEC“ парности"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "кључ волумена"
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Број блокова у датотеци података"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "поставља хеш на "
+#~ msgid "blocks"
+#~ msgstr "блокови"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", поставља шифрера на "
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Путања до уређаја са подацима исправке грешке"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Потребан је аргумент."
+#~ msgid "path"
+#~ msgstr "путања"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Само вредности између 1 MiB и 64 MiB су допуштене завеличину блока поновног шифровања."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Почетни померај на уређају хеша"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Највећа величина смањења уређаја је 64 MiB."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Почетни померај на „FEC“ уређају"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Опција „--new“ се мора користити са „--reduce-device-size“ или „--header“."
+#~ msgid "Hash algorithm"
+#~ msgstr "Алгоритам хеша"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Опција „--keep-key“ може да се користи само са „--hash“, „--iter-time“ или „--pbkdf-force-iterations“."
+#~ msgid "string"
+#~ msgstr "ниска"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Опција „--new“ не може да се користи са „--decrypt“."
+#~ msgid "Salt"
+#~ msgstr "Присолак"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Опција „--decrypt“ није сагласна са наведеним параметрима."
+#~ msgid "hex string"
+#~ msgstr "ниска хеша"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Опција „--uuid“ је дозвољена само заједно са „--decrypt“."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Путања до датотеке потписа хеша корена"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Неисправна лукс врста. Користите: „luks“, „luks1“ или „luks2“."
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Поново покреће језгро ако је откривено оштећење"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Грешка читања одговора из терминала."
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Успаничи језгро ако је откривено оштећење"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Наредба је успела.\n"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Занемарује оштећење, само га бележи у дневник"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "погрешни или недостајући параметри"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Не проверава нулиране блокове"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "нема овлашћења или је лоша пропусна реч"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Проверава блок података само приликом првог читања"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "нема више меморије"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Опције „--ignore-corruption“, „--restart-on-corruption“ или „--ignore-zero-blocks“ су дозвољене само за радње отварања."
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "наведен је погрешан уређај или датотека"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Опција „--root-hash-signature“ се може користити само за радњу отварања."
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "уређај већ постоји или је заузет"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Путања до уређаја података (ако је одвојен)"
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "непозната грешка"
+#~ msgid "Journal size"
+#~ msgstr "Величина журнала"
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Наредба није успела са кодом %i (%s).\n"
+#~ msgid "Interleave sectors"
+#~ msgstr "Подеоци преплетања"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Утор кључа „%i“ је направљен."
+#~ msgid "Journal watermark"
+#~ msgstr "Жиг журнала"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Утор кључа „%i“ је откључан."
+#~ msgid "percent"
+#~ msgstr "проценат"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Утор кључа „%i“ је уклоњен."
+#~ msgid "Journal commit time"
+#~ msgstr "Време предаје журнала"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Скупина „%i“ је направљена."
+#~ msgid "ms"
+#~ msgstr "ms"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Скупина „%i“ је уклоњена."
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Број 512-битних подеока по биту (режим битмапе)."
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Брисање је прекинуто."
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Време испирања режима битмапе"
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис партиције.\n"
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Величина ознаке (по подеоку)"
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "УПОЗОРЕЊЕ: Уређај „%s“ већ садржи „%s“ потпис суперблока.\n"
+#~ msgid "Sector size"
+#~ msgstr "Величина сектора"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Нисам успео да покренем пробе потписа уређаја."
+#~ msgid "Buffers size"
+#~ msgstr "Величина међумеморија"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "Нисам успео да добавим податке уређаја „%s“."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Алгоритам целовитости података"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Уређај „%s“ је у употреби. Не могу да наставим са радњом форматирања."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Величина кључа целовитости података"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Нисам успео да отворим датотеку „%s“ у режиму читања/писања."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Чита кључ целовитости из датотеке"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Постојећи „%s“ потпис партиције (померај: %<PRIi64> бајта) на уређају „%s“ биће обрисан."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Алгоритам целовитости журнала"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Постојећи „%s“ потпис суперблока (померај: %<PRIi64> бајта) на уређају „%s“ биће обрисан."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Величина кључа целовитости журнала"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Нисам успео да обришем потпис уређаја."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Чита кључ целовитости журнала из датотеке"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Нисам успео да испробам уређај „%s“ за потписом."
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Алгоритам шифровања журнала"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Поновно шифровање је прекинуто."
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Величина кључа шифровања журнала"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Не могу да проверим квалитет лозинке: %s"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Чита кључ шифровања журнала из датотеке"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Провера квалитета лозинке није успела:\n"
-" %s"
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Режим опоравка (без журнала, без провере ознаке)"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Провера квалитета лозинке није успела: Лоша шифра (%s)"
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Користи битмапу да прати измене и да искључи журнал за уређај целовитости"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Грешка читања пропусне речи из терминала."
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Аутоматски поново израчунава почетне ознаке."
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Провери пропусну реч: "
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Не штити суперблок са „HMAC“-ом (стари кернели)"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Пропусне речи се не подударају."
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Допушта поновно израчунавање волумена са „HMAC“ кључевима (стари кернели)"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Не могу да користим померај са улазом терминала."
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Опција „--integrity-recalculate“ се може користити само за радњу отварања."
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Унесите пропусну реч: "
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Опције „--journal-size“, „--interleave-sectors“, „--sector-size“, „--tag-size“ и „--no-wipe“ се могу користити само за радњу форматирања."
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Унесите пропусну реч за „%s“: "
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Неисправна одредба величине журнала."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Нема доступног кључа са овом пропусном речју."
+#~ msgid "Reencryption block size"
+#~ msgstr "Величина блока поновног шифровања"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Нема доступног употребљивог утора кључа."
+#~ msgid "MiB"
+#~ msgstr "MiB"
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Не могу да отворим датотеку кључа „%s“ за упис."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Не мења кључ, нема поновног шифровања области података"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Не могу да пишем у датотеку кључа „%s“."
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Чита (главни) кључ волумена из датотеке"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Нисам успео да отворим датотеку „%s“ у режиму само за читање."
+#~ msgid "PBKDF2 iteration time for LUKS (in ms)"
+#~ msgstr "Време ПБКДФ2 понављања за ЛУКС (у милисекундама)"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Обезбеђује исправан „JSON“ ЛУКС2 скупине:\n"
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Користи непосредни-уи приликом приступа уређајима"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Нисам успео да прочитам „JSON“ датотеку."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Користи ф-усаглашавање након сваког блока"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Читање је прекинуто."
+#~ msgid "Update log file after every block"
+#~ msgstr "Освежава датотеку дневника након сваког блока"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Нисам успео да отворим датотеку „%s“ у режиму писања."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Користи само овај утор (остали ће бити искључени)"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Писање је прекинуто."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Прави ново заглавље на нешифрованом уређају"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Нисам успео да упишем „JSON“ датотеку."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Трајно дешифрује уређај (уклања шифровање)"
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Ð\9dиÑ\81ам Ñ\83Ñ\81пео да иÑ\81кÑ\99Ñ\83Ñ\87им заÑ\81Ñ\82авиÑ\86Ñ\83 заÑ\85Ñ\82ева поновног Ñ\88иÑ\84Ñ\80оваÑ\9aа."
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "УÐ\88Ð\98Ð\91 коÑ\80иÑ\88Ñ\9bен за наÑ\81Ñ\82авÑ\99аÑ\9aе деÑ\88иÑ\84Ñ\80оваÑ\9aа"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Изгледа да уређај не захтева опоравак поновног шифровања.\n"
-#~ "Да ли желите да наставите?"
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Врста ЛУКС метаподатака: luks1, luks2"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "УПОЗОРЕЊЕ: Директоријум закључавања „%s/%s“ недостаје!\n"
# Swedish translation for cryptsetup.
-# Copyright © 2009 - 2020 Free Software Foundation, Inc.
+# Copyright © 2022 Free Software Foundation, Inc.
# This file is distributed under the same license as the cryptsetup package.
-# Daniel Nylander <po@danielnylander.se>, 2009.
-# Josef Andersson <l10nl18nsweja@gmail.com>, 2016, 2017, 2019, 2020, 2021
#
+# Daniel Nylander <po@danielnylander.se>, 2009.
+# Josef Andersson <l10nl18nsweja@gmail.com>, 2016-2022.
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.4-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-01-04 22:51+0100\n"
+"Project-Id-Version: cryptsetup 2.5.0-rc1\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2022-07-14 14:04+0200\n"
+"PO-Revision-Date: 2022-11-11 12:23+0100\n"
"Last-Translator: Josef Andersson <l10nl18nsweja@gmail.com>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
"Language: sv\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Bugs: Report translation errors to the Language-Team address.\n"
-"X-Generator: Poedit 2.3\n"
+"X-Generator: Lokalize 22.08.3\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:417
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Det går inte att initiera device-mapper, kör som icke-root-användare."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:420
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Det går inte att initiera device-mapper. Är kärnmodulen dm_mod inläst?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1171
msgid "Requested deferred flag is not supported."
msgstr "Begärd flagga deferred stöds inte."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1240
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID för enheten %s förkortades."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1570
msgid "Unknown dm target type."
msgstr "Okänd måltyp dm."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1694 lib/libdevmapper.c:1699 lib/libdevmapper.c:1763
+#: lib/libdevmapper.c:1766
msgid "Requested dm-crypt performance options are not supported."
msgstr "Begärd flagga för dm-crypt-prestanda stöds inte."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1706 lib/libdevmapper.c:1710
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Begärd flagga för dm-verity-dataintegritet stöds inte."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1714
msgid "Requested dm-verity FEC options are not supported."
msgstr "Begärd flagga dm-verity FEC stöds inte."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1718
msgid "Requested data integrity options are not supported."
msgstr "Begärd flagga för dataintegritet stöds inte."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1720
msgid "Requested sector_size option is not supported."
msgstr "Begärd flagga sector_size stöds inte."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1725 lib/libdevmapper.c:1729
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Begärd automatisk beräkning av integritetstaggar stöds inte."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1733 lib/libdevmapper.c:1769 lib/libdevmapper.c:1772
+#: lib/luks2/luks2_json_metadata.c:2552
msgid "Discard/TRIM is not supported."
msgstr "Discard/TRIM stöds inte."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1737
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Begärt dm-integrity bitmap-läge stöds inte."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2763
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Misslyckades med att läsa dm-%s-segment."
-#: lib/random.c:75
+#: lib/random.c:74
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
msgstr ""
"Systemet fick slut på entropi under generering av volymnyckeln.\n"
-"Flytta musen eller skriv in text i ett annat fönster för att samla några slumpmässiga händelser.\n"
+"Rör på musen eller skriv in text i ett annat fönster för att samla in slumpmässiga händelser.\n"
-#: lib/random.c:79
+#: lib/random.c:78
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Genererar nyckel (%d%% done).\n"
-#: lib/random.c:165
+#: lib/random.c:164
msgid "Running in FIPS mode."
msgstr "Kör i FIPS-läge."
-#: lib/random.c:171
+#: lib/random.c:170
msgid "Fatal error during RNG initialisation."
msgstr "Ödesdigert fel under RNG-initiering."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Okänd RNG-kvalitet begärd."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Fel vid läsning från RNG."
-#: lib/setup.c:229
+#: lib/setup.c:226
msgid "Cannot initialize crypto RNG backend."
msgstr "Det går inte att initiera RNG-krypteringsbakände."
-#: lib/setup.c:235
+#: lib/setup.c:232
msgid "Cannot initialize crypto backend."
msgstr "Det går inte att initiera krypteringsbakände."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:263 lib/setup.c:2080 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Hashalgoritmen %s stöds inte."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:266 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Fel vid nyckelbearbetning (använder hash %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:332 lib/setup.c:359
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Det går inte att avgöra enhetstyp. Inkompatibel aktivering av enhet?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:338 lib/setup.c:3221
msgid "This operation is supported only for LUKS device."
msgstr "Denna åtgärd stöds endast av LUKS-enheter."
-#: lib/setup.c:368
+#: lib/setup.c:365
msgid "This operation is supported only for LUKS2 device."
msgstr "Denna åtgärd stöds endast av LUKS2-enheter."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:420 lib/luks2/luks2_reencrypt.c:2985
msgid "All key slots full."
msgstr "Alla nyckelplatser är upptagna."
-#: lib/setup.c:434
+#: lib/setup.c:431
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Nyckelplats %d är ogiltig. Välj mellan 0 och %d."
-#: lib/setup.c:440
+#: lib/setup.c:437
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Nyckelplats %d är full. Välj en annan."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:522 lib/setup.c:2946
msgid "Device size is not aligned to device logical block size."
msgstr "Storlek på enhet är inte justerad till enhetens logiska blockstorlek."
-#: lib/setup.c:624
+#: lib/setup.c:620
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Huvud identifierat men enheten %s är för liten."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:661 lib/setup.c:2851 lib/setup.c:4335
+#: lib/luks2/luks2_reencrypt.c:3757 lib/luks2/luks2_reencrypt.c:4159
msgid "This operation is not supported for this device type."
msgstr "Denna åtgärd stöds inte för denna enhetstyp."
msgid "Illegal operation with reencryption in-progress."
msgstr "Ogiltig åtgärd under pågående omkryptering."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:833 lib/luks1/keymanage.c:248 lib/luks1/keymanage.c:524
+#: lib/luks2/luks2_json_metadata.c:1267 src/cryptsetup.c:1449
+#: src/cryptsetup.c:1581 src/cryptsetup.c:1636 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1861 src/cryptsetup.c:2142 src/cryptsetup.c:2380
+#: src/cryptsetup.c:2440 src/utils_reencrypt.c:1378
+#: src/utils_reencrypt_luks1.c:1188 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Enheten %s är inte en giltig LUKS-enhet."
+
+#: lib/setup.c:836 lib/luks1/keymanage.c:527
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "LUKS-versionen %d stöds inte."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1431 lib/setup.c:2602 lib/setup.c:2682 lib/setup.c:2694
+#: lib/setup.c:2859 lib/setup.c:4807
#, c-format
msgid "Device %s is not active."
msgstr "Enheten %s är inte aktiv."
-#: lib/setup.c:1444
+#: lib/setup.c:1448
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Underliggande enhet för krypteringsenhet %s försvann."
-#: lib/setup.c:1524
+#: lib/setup.c:1528
msgid "Invalid plain crypt parameters."
-msgstr "Ogiltiga parametrar för vanlig kryptering."
+msgstr "Ogiltiga parametrar för plain-kryptering."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1533 lib/setup.c:1983
msgid "Invalid key size."
msgstr "Ogiltig nyckelstorlek."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1538 lib/setup.c:1988 lib/setup.c:2191
msgid "UUID is not supported for this crypt type."
msgstr "UUID stöds inte för denna krypteringstyp."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1543 lib/setup.c:1993
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Frånkopplad metadataenhet stöds ej av denna crypt-typ."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1553 lib/setup.c:1765 lib/luks2/luks2_reencrypt.c:2941
+#: src/cryptsetup.c:1250 src/cryptsetup.c:3072
msgid "Unsupported encryption sector size."
msgstr "Stöder inte sektorstorleken för kryptering."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1561 lib/setup.c:1896 lib/setup.c:2940
msgid "Device size is not aligned to requested sector size."
msgstr "Storlek på enhet är inte justerad till begärd sektorstorlek."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1613 lib/setup.c:1733
msgid "Can't format LUKS without device."
msgstr "Det går inte att formatera LUKS utan enhet."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1619 lib/setup.c:1739
msgid "Requested data alignment is not compatible with data offset."
msgstr "Begärd datajustering är inte kompatibel med dataoffset."
-#: lib/setup.c:1682 lib/setup.c:1851
+#: lib/setup.c:1687 lib/setup.c:1883
msgid "WARNING: Data offset is outside of currently available data device.\n"
msgstr "VARNING: Dataoffset ligger utanför aktuell dataenhet.\n"
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1697 lib/setup.c:1913 lib/setup.c:1934 lib/setup.c:2203
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Det går inte att rensa huvudet på enheten %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1774
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "VARNING: Enhetsaktiveringen kommer att misslyckas, dm-crypt saknar stöd för begärd krypteringsektorstorlek.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1797
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Volymnyckeln är för liten för kryptering med integritetstillägg."
-#: lib/setup.c:1821
+#: lib/setup.c:1857
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Chiffret %s-%s (nyckelstorlek %zd bitar) är inte tillgängligt."
-#: lib/setup.c:1854
+#: lib/setup.c:1886
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "VARNING: storlek på LUKS2-metadata ändrades till %<PRIu64> byte.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1890
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "VARNING: storlek på LUKS2-nyckelplatsområde ändrades till %<PRIu64> byte.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1916 lib/utils_device.c:909 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3009 lib/luks2/luks2_reencrypt.c:4254
#, c-format
msgid "Device %s is too small."
msgstr "Enheten %s är för liten."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1927 lib/setup.c:1953
#, c-format
msgid "Cannot format device %s in use."
msgstr "Det går inte att formatera enheten %s då den används."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1930 lib/setup.c:1956
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Det går inte att formatera enheten %s, behörighet nekad."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1942 lib/setup.c:2263
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Det går inte att formatera integritet för enheten %s."
-#: lib/setup.c:1926
+#: lib/setup.c:1960
#, c-format
msgid "Cannot format device %s."
msgstr "Det går inte att formatera enheten %s."
-#: lib/setup.c:1944
+#: lib/setup.c:1978
msgid "Can't format LOOPAES without device."
msgstr "Kan inte formatera LOOPAES utan enhet."
-#: lib/setup.c:1989
+#: lib/setup.c:2023
msgid "Can't format VERITY without device."
msgstr "Det går inte att formatera VERITY utan enhet."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2034 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "VERITY-hashtyp %d stöds inte."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2040 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "VERITY-blockstorlek som inte stöds."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2045 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "VERITY-hashoffset som inte stöds."
-#: lib/setup.c:2016
+#: lib/setup.c:2050
msgid "Unsupported VERITY FEC offset."
msgstr "VERITY-FEC-offset som inte stöds."
-#: lib/setup.c:2040
+#: lib/setup.c:2074
msgid "Data area overlaps with hash area."
msgstr "Dataområde spiller över på hashområdet."
-#: lib/setup.c:2065
+#: lib/setup.c:2099
msgid "Hash area overlaps with FEC area."
msgstr "Hashområde spiller över på FEC-mrådet."
-#: lib/setup.c:2072
+#: lib/setup.c:2106
msgid "Data area overlaps with FEC area."
msgstr "Dataområde spiller över på FEC-mrådet."
-#: lib/setup.c:2208
+#: lib/setup.c:2242
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "VARNING: Begärd taggstorlek på %d byte skiljer sig från %s utdatastorlek (%d byte).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2321
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Okänd typ av krypteringsenhet %s begärd."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2608 lib/setup.c:2687 lib/setup.c:2700
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Parametrar som inte stöds på enheten %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2614 lib/setup.c:2707 lib/luks2/luks2_reencrypt.c:2837
+#: lib/luks2/luks2_reencrypt.c:3074 lib/luks2/luks2_reencrypt.c:3459
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Kan inte rensa huvudet på enheten %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2731
msgid "Crypt devices mismatch."
msgstr "Krypteringsenheter har matchningsfel."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2768 lib/setup.c:2773 lib/luks2/luks2_reencrypt.c:2315
+#: lib/luks2/luks2_reencrypt.c:2853 lib/luks2/luks2_reencrypt.c:4007
#, c-format
msgid "Failed to reload device %s."
msgstr "Misslyckades med att läsa om enhet %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2779 lib/setup.c:2785 lib/luks2/luks2_reencrypt.c:2286
+#: lib/luks2/luks2_reencrypt.c:2293 lib/luks2/luks2_reencrypt.c:2867
#, c-format
msgid "Failed to suspend device %s."
msgstr "Misslyckades med att försätta enhet %s i vänteläge."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2791 lib/luks2/luks2_reencrypt.c:2300
+#: lib/luks2/luks2_reencrypt.c:2888 lib/luks2/luks2_reencrypt.c:3920
+#: lib/luks2/luks2_reencrypt.c:4011
#, c-format
msgid "Failed to resume device %s."
msgstr "Misslyckades med att återuppta enhet %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2806
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Ödesdigert fel vid omläsning av enhet %s (ovanpå enhet %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2809 lib/setup.c:2811
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Misslyckades med att växla enhet %s till dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2891
msgid "Cannot resize loop device."
msgstr "Det går inte att ändra storlek på loop-enhet."
-#: lib/setup.c:2890
+#: lib/setup.c:2931
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "VARNING: Maximal storlek redan satt eller så stöder inte kärnan storleksändring.\n"
+
+#: lib/setup.c:2989
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Misslyckades med storleksändring, kärnan stöder inte detta."
+
+#: lib/setup.c:3021
msgid "Do you really want to change UUID of device?"
msgstr "Vill du verkligen ändra UUID för en enhet?"
-#: lib/setup.c:2966
+#: lib/setup.c:3113
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Säkerhetskopian för huvud innehåller inte något giltigt LUKS-huvud."
-#: lib/setup.c:3066
+#: lib/setup.c:3229
#, c-format
msgid "Volume %s is not active."
msgstr "Volymen %s är inte aktiv."
-#: lib/setup.c:3077
+#: lib/setup.c:3240
#, c-format
msgid "Volume %s is already suspended."
msgstr "Volymen %s är redan i vänteläge."
-#: lib/setup.c:3090
+#: lib/setup.c:3253
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Vänteläge stöds inte för enhet %s."
-#: lib/setup.c:3092
+#: lib/setup.c:3255
#, c-format
msgid "Error during suspending device %s."
msgstr "Fel då enheten %s försattes i vänteläge."
-#: lib/setup.c:3128
+#: lib/setup.c:3290
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Att återuppta stöds inte för enhet %s."
-#: lib/setup.c:3130
+#: lib/setup.c:3292
#, c-format
msgid "Error during resuming device %s."
msgstr "Fel då enheten %s återupptogs."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3326 lib/setup.c:3374 lib/setup.c:3444 lib/setup.c:3489
+#: src/cryptsetup.c:2207
#, c-format
msgid "Volume %s is not suspended."
msgstr "Volymen %s är inte i vänteläge."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3459 lib/setup.c:3862 lib/setup.c:4584 lib/setup.c:4597
+#: lib/setup.c:4605 lib/setup.c:4618 lib/setup.c:6142 src/cryptsetup.c:1790
msgid "Volume key does not match the volume."
msgstr "Volymnyckeln stämmer inte överens med volymen."
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:3540 lib/setup.c:3745
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "Det går inte att lägga till nyckelplats. Alla platser är inaktiverade och ingen volymnyckel har angivits."
-#: lib/setup.c:3487
+#: lib/setup.c:3697
msgid "Failed to swap new key slot."
msgstr "Misslyckades med att byta ny nyckelplats."
-#: lib/setup.c:3673
+#: lib/setup.c:3883
#, c-format
msgid "Key slot %d is invalid."
msgstr "Nyckelplats %d är ogiltig."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3889 src/cryptsetup.c:1594 src/cryptsetup.c:1936
+#: src/cryptsetup.c:2540 src/cryptsetup.c:2597
#, c-format
msgid "Keyslot %d is not active."
msgstr "Nyckelplats %d är inte aktiv."
-#: lib/setup.c:3698
+#: lib/setup.c:3908
msgid "Device header overlaps with data area."
msgstr "Dataområde spiller över på hashområdet."
-#: lib/setup.c:3992
+#: lib/setup.c:4213
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Omkryptering pågår. Det går inte att aktivera enheten."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4215 lib/luks2/luks2_json_metadata.c:2635
+#: lib/luks2/luks2_reencrypt.c:3565
msgid "Failed to get reencryption lock."
msgstr "Misslyckades med att erhålla omkrypteringslås."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4228 lib/luks2/luks2_reencrypt.c:3584
msgid "LUKS2 reencryption recovery failed."
msgstr "Misslyckades med återhämtning av LUKS2-omkryptering."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4396 lib/setup.c:4661
msgid "Device type is not properly initialized."
msgstr "Enhetstypen är inte korrekt initierad."
-#: lib/setup.c:4223
+#: lib/setup.c:4444
#, c-format
msgid "Device %s already exists."
msgstr "Enheten %s finns redan."
-#: lib/setup.c:4230
+#: lib/setup.c:4451
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Det går inte att använda enheten %s som fortfarande används eller har ett ogiltigt namn."
-#: lib/setup.c:4350
+#: lib/setup.c:4571
msgid "Incorrect volume key specified for plain device."
-msgstr "Felaktig volymnyckel för vanlig enhet."
+msgstr "Felaktig volymnyckel för plain-enhet."
-#: lib/setup.c:4463
+#: lib/setup.c:4687
msgid "Incorrect root hash specified for verity device."
msgstr "Felaktig rothash angiven för verity-enhet."
-#: lib/setup.c:4470
+#: lib/setup.c:4697
msgid "Root hash signature required."
msgstr "Root-hashsignatur krävs."
-#: lib/setup.c:4479
+#: lib/setup.c:4706
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Kärnans nyckelring saknas: krävs för att skicka signatur till kärnan."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4723 lib/setup.c:6218
msgid "Failed to load key in kernel keyring."
msgstr "Misslyckades med att öppna nyckelringen för kärnan."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4779
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Misslyckades med att avbryta fördröjd borttagning från enheten %s."
+
+#: lib/setup.c:4786 lib/setup.c:4802 lib/luks2/luks2_json_metadata.c:2688
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Enheten %s används fortfarande."
-#: lib/setup.c:4574
+#: lib/setup.c:4811
#, c-format
msgid "Invalid device %s."
msgstr "Ogiltig enhet %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4927
msgid "Volume key buffer too small."
msgstr "Buffert för volymnyckelen är för liten."
-#: lib/setup.c:4698
+#: lib/setup.c:4935
msgid "Cannot retrieve volume key for plain device."
-msgstr "Kan inte hämta volymnyckel för vanlig enhet."
+msgstr "Kan inte hämta volymnyckel för plain-enhet."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Det går inte att hämta root-hash för verity-enhet."
-#: lib/setup.c:4717
+#: lib/setup.c:4956
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Denna åtgärd stöds inte för krypteringsenheter av typen %s."
-#: lib/setup.c:4923
+#: lib/setup.c:5130 lib/setup.c:5141
msgid "Dump operation is not supported for this device type."
msgstr "Utskriftsåtgärden stöds inte för denna enhetstyp."
-#: lib/setup.c:5251
+#: lib/setup.c:5471
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Dataförskjutning är inte en multipel av %u byte."
-#: lib/setup.c:5536
+#: lib/setup.c:5756
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Det går inte konvertera enheten %s som fortfarande används."
-#: lib/setup.c:5833
+#: lib/setup.c:6075
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Misslyckades med att tilldela nyckelplats %u som ny volymnyckel."
-#: lib/setup.c:5906
+#: lib/setup.c:6148
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Misslyckades med att initiera standardnyckelplats för LUKS2-parametrar."
-#: lib/setup.c:5912
+#: lib/setup.c:6154
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Misslyckades med att tilldela nyckelplats %d till kontrollsummor."
-#: lib/setup.c:6043
+#: lib/setup.c:6285
msgid "Kernel keyring is not supported by the kernel."
msgstr "Kärnans nyckelring stöds inte av kärnan."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6295 lib/luks2/luks2_reencrypt.c:3782
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Misslyckades med att läsa lösenfras från nyckelringsnyckel (fel %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6319
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Misslyckades med att inhämta globalt minneshårt serialiseringslås."
msgid "Cannot unlock memory."
msgstr "Det går inte att låsa upp minne."
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:168 lib/tcrypt/tcrypt.c:502
msgid "Failed to open key file."
msgstr "Misslyckades med att öppna nyckelfilen."
msgid "Cannot read keyfile from a terminal."
msgstr "Det går inte läsa nyckelfilen från en terminal."
-#: lib/utils.c:190
+#: lib/utils.c:189
msgid "Failed to stat key file."
msgstr "Misslyckades med att ta stat på nyckelfilen."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:197 lib/utils.c:218
msgid "Cannot seek to requested keyfile offset."
msgstr "Det går inte att söka till begärd nyckelfilsoffset."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:212 lib/utils.c:227 src/utils_password.c:226
+#: src/utils_password.c:238
msgid "Out of memory while reading passphrase."
msgstr "Slut på minne vid läsning av lösenfras."
-#: lib/utils.c:248
+#: lib/utils.c:247
msgid "Error reading passphrase."
msgstr "Fel vid läsning av lösenfras."
-#: lib/utils.c:265
+#: lib/utils.c:264
msgid "Nothing to read on input."
msgstr "Ingenting att läsa vid inmating."
-#: lib/utils.c:272
+#: lib/utils.c:271
msgid "Maximum keyfile size exceeded."
msgstr "Högsta nyckelfilsstorlek överskriden."
-#: lib/utils.c:277
+#: lib/utils.c:276
msgid "Cannot read requested amount of data."
msgstr "Det går inte läsa begärd mängd data."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:208 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1353
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Enheten %s finns inte eller åtkomst nekas."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:218
#, c-format
msgid "Device %s is not compatible."
msgstr "Enheten %s är inte aktiv."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:562
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Ignorerar falsk optimal-io-storlek för dataenheten (%u byte)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:720
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Enhet %s är för liten. Behöver minst %<PRIu64> byte."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:801
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Det går inte att använda enheten %s som redan används (redan mappad eller monterad)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:805
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Det går inte att använda enhet %s, behörighet nekad."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:808
#, c-format
msgid "Cannot get info about device %s."
msgstr "Kan inte hämta information om enheten %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:831
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Kan inte använda en loopback-enhet, kör som icke-root-användare."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:842
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Misslyckades med att fästa loopback-enhet (kräver loop-enhet med flaggan autoclear)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:890
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Begärd offset är bortom faktiska enhetsstorleken för %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:898
#, c-format
msgid "Device %s has zero size."
msgstr "Enheten %s har noll storlek."
#: lib/utils_device_locking.c:109
#, c-format
msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgstr "Rättigheterna för låskatalogen %s/%s kommer att skapas med inkompilerade standardvärden."
#: lib/utils_device_locking.c:119
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Låsningen avbruten. Låsningsökvägen %s/%s oanvändbar (%s är inte en katalog)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Det går inte att söka till enhetsoffset."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Fel vid radering av enhet, förskjutning %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Chifferspecifikation ska vara i formatet [chiffer] - [läge] - [iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:364
+#: lib/luks1/keymanage.c:674 lib/luks1/keymanage.c:1125
+#: lib/luks2/luks2_json_metadata.c:1421 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Kan inte skriva till enhet %s, behörighet nekad."
msgstr "Misslyckades med att komma åt temporär nyckellagringsenhet."
#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "In-/utfel vid kryptering av nyckelplats."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:367
+#: lib/luks1/keymanage.c:627 lib/luks1/keymanage.c:677 lib/tcrypt/tcrypt.c:680
+#: lib/verity/verity.c:80 lib/verity/verity.c:196 lib/verity/verity_hash.c:320
+#: lib/verity/verity_hash.c:329 lib/verity/verity_hash.c:349
+#: lib/verity/verity_fec.c:260 lib/verity/verity_fec.c:272
+#: lib/verity/verity_fec.c:277 lib/luks2/luks2_json_metadata.c:1424
+#: src/utils_reencrypt_luks1.c:121 src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Det går inte att öppna enheten %s."
msgid "IO error while decrypting keyslot."
msgstr "In-/utfel vid dekryptering av nyckelplats."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Enhet %s är för liten. (LUKS1 kräver minst %<PRIu64> byte.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS-nyckelplats %u är ogiltig."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Enheten %s är inte en giltig LUKS-enhet."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1284
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Begärd säkerhetskopia %s av huvud finns redan."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:268 lib/luks2/luks2_json_metadata.c:1286
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Det går inte att skapa säkerhetskopia för huvud %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:275 lib/luks2/luks2_json_metadata.c:1293
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Det går inte skriva säkerhetskopia för huvud %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:306 lib/luks2/luks2_json_metadata.c:1330
msgid "Backup file does not contain valid LUKS header."
msgstr "Säkerhetskopian innehåller inte något giltigt LUKS-huvud."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:319 lib/luks1/keymanage.c:590
+#: lib/luks2/luks2_json_metadata.c:1351
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Det går inte att öppna säkerhetskopia för huvud %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:327 lib/luks2/luks2_json_metadata.c:1359
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Det går inte att läsa säkerhetskopia för huvud %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:337
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Dataoffset eller nyckelstorlek skiljer sig åt på enhet och säkerhetskopia. Återställningen misslyckades."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:345
#, c-format
msgid "Device %s %s%s"
msgstr "Enhet %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:346
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "innehåller inget LUKS-huvud. Ersättning av huvud kan förstöra data på enheten."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:347
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "innehåller redan LUKS-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:348 lib/luks2/luks2_json_metadata.c:1393
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"VARNING: verkligt enhetshuvud har annat UUID än säkerhetskopian!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:395
msgid "Non standard key size, manual repair required."
msgstr "Ej standardstorlek på nyckel, manuell reparation krävs."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:405
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Ej standardjustering på nyckelplatser, manuell reparation krävs."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:414
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Chifferläge reparerat (%s -> %s)."
+
+#: lib/luks1/keymanage.c:425
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Chifferhash reparerad till gemener (%s)."
+
+#: lib/luks1/keymanage.c:427 lib/luks1/keymanage.c:533
+#: lib/luks1/keymanage.c:789
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Begärd LUKS-hash %s stöds inte."
+
+#: lib/luks1/keymanage.c:441
msgid "Repairing keyslots."
msgstr "Reparerar nyckelplatser."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:460
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Nyckelplats %i: reparerad offset (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:468
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Nyckelplats %i: reparerade remsor (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:477
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Nyckelplats %i: fejkpartitionssignatur."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:482
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Nyckelplats %i: salt borttaget."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:499
msgid "Writing LUKS header to disk."
msgstr "Skriver LUKS-huvud till disk."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:504
msgid "Repair failed."
msgstr "Reparation misslyckades."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:559
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Begärd LUKS-hash %s stöds inte."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "LUKS-chifferläge %s är ogiltigt."
+
+#: lib/luks1/keymanage.c:564
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "LUKS-hash %s är ogiltig."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:571 src/cryptsetup.c:1144
msgid "No known problems detected for LUKS header."
msgstr "Inga kända problem identifierade för LUKS-huvud."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:699
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Fel vid uppdatering av LUKS-huvud på enheten %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:707
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Fel vid omläsning av LUKS-huvud efter uppdatering på enheten %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:783
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Data-offset för fristående LUKS-huvud måste vara antingen 0 eller större än huvudstorleken."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:794 lib/luks1/keymanage.c:863
+#: lib/luks2/luks2_json_format.c:287 lib/luks2/luks2_json_metadata.c:1175
+#: src/utils_reencrypt.c:475
msgid "Wrong LUKS UUID format provided."
msgstr "Felaktigt LUKS-UUID-format angavs."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:816
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Kan inte skapa LUKS-huvud: läsning av slumpmässigt salt misslyckades."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:842
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Kan inte skapa LUKS-huvud: kontrollsumma för huvud misslyckades (använder hashen %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:886
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Nyckelplats %d är aktiv, rensa först."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:892
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Nyckelplats %d material inkluderar för få remsor. Har huvudet manipulerats?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:1033
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Det går inte att öppna nyckeplats (använder hash %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1111
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Nyckelplats %d är ogiltig. Välj en nyckelplats mellan 0 och %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1129 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Kan inte rensa enheten %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "Kärnan stöder inte loop-AES-kompatibel mappning."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:509
#, c-format
msgid "Error reading keyfile %s."
msgstr "Fel vid läsning av nyckelfil %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:559
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Högsta TCRYPT-lösenfraslängd (%zu) överskriden."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:601
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "PBKDF2-hashalgoritm %s ej tillgänglig, hoppar över."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:620 src/cryptsetup.c:1019
msgid "Required kernel crypto interface not available."
msgstr "Begärt kryptogränssnitt för kärnan inte tillgängligt."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:622 src/cryptsetup.c:1021
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Försäkra dig om att kärnmodulen algif_skcipher är inläst."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:763
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Aktivering stöds inte för sektorstorlek %d."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:769
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "Kärnan stöder inte aktivering för detta föråldrade TCRYPT-läge."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:800
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Aktiverar TCRYPT-systemkryptering för partition %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:883
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "Kärnan stöder inte TCRYPT-kompatibel mappning."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1096
msgid "This function is not supported without TCRYPT header load."
msgstr "Denna funktion stöds inte utan inläsning av TCRYPT-huvud."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:275
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av volymhuvudnyckel."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:328
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Ogiltig sträng funnen vid tolkning av volymhuvudnyckel."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:332
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Oväntad sträng (”%s”) funnen vid tolkning av volymhuvudnycklar som stöds."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:349
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Oväntad metadatapostvärde av typ ”%u” funnen vid tolkning av volymhuvudnycklar som stöds."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Misslyckades med att läsa BITLK-signatur från %s."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Ogiltig eller okänd signatur för BITLK-enhet."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:451
msgid "BITLK version 1 is currently not supported."
msgstr "BITLK version 1 stöds ej för närvarande."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:457
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Ogiltig eller okänd boot-signatur för BITLK-enhet."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:469
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Stöder inte sektorstorleken %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:477
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Misslyckades med att läsa BITLK-huvud från %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:502
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Misslyckades med att läsa BITLK FVE-metadata från %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:554
msgid "Unknown or unsupported encryption type."
msgstr "Krypteringstypen är okänd eller stöds ej."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:587
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Misslyckades med att läsa BITLK -metadataposter från %s."
-#: lib/bitlk/bitlk.c:897
-#, fuzzy, c-format
+#: lib/bitlk/bitlk.c:681
+msgid "Failed to convert BITLK volume description"
+msgstr "Misslyckades med att konvertera BITLK-volymbeskrivning"
+
+#: lib/bitlk/bitlk.c:841
+#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av volymhuvudnyckel."
+msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av extern nyckel."
+
+#: lib/bitlk/bitlk.c:860
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "BEK-filens GUID '%s' stämmer inte överens med GUID för volymen."
-#: lib/bitlk/bitlk.c:912
-#, fuzzy, c-format
+#: lib/bitlk/bitlk.c:864
+#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr "Oväntad metadatapostvärde av typ ”%u” funnen vid tolkning av volymhuvudnycklar som stöds."
+msgstr "Oväntad metadatapostvärde av typ ”%u” funnen vid tolkning av extern nyckel."
-#: lib/bitlk/bitlk.c:980
-#, fuzzy
+#: lib/bitlk/bitlk.c:903
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Inget stöd för BEK metadata-version %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:908
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Oväntad BEK-metadatastorlek %<PRIu32> matchar inte BEK-fillängd"
+
+#: lib/bitlk/bitlk.c:933
msgid "Unexpected metadata entry found when parsing startup key."
-msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av volymhuvudnyckel."
+msgstr "Oväntad metadatapost av typ ”%u” funnen vid tolkning av uppstartsnyckel."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1029
msgid "This operation is not supported."
msgstr "Denna åtgärd stöds ej."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1037
msgid "Unexpected key data size."
msgstr "Oväntad nyckeldatastorlek."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1163
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Denna BITLK-enhet är i tillstånd som inte stöds och kan inte aktiveras."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1168
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Det går inte att aktivera BITLK-enheter av typen ”%s”."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1175
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Aktivering av delvis avkrypterade BITLK-enheter stöds ej."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1216
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "VARNING: BitLocker-volymstorlek %<PRIu64> överensstämmer inte med underliggande enhetstorlek %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1343
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1347
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för BITLK Elephant diffuser."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1351
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Det går inte att aktivera enheten, kärnan dm-crypt saknar stöd för stor sektorstorlek."
+
+#: lib/bitlk/bitlk.c:1355
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Det går inte att aktivera enheten, kärnmodulen dm-zero saknas."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
#, c-format
msgid "Verity device %s does not use on-disk header."
msgstr "Verity-enheten %s använder inte huvud på disk."
-#: lib/verity/verity.c:91
-#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Enheten %s är inte en giltig VERITY-enhet."
-
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "VERITY-versionen %d stöds inte."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "VERITY-huvud är skadat."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "Felaktigt VERITY-UUID-format angivet på enhet %s."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Fel vid uppdatering av verity-huvud på enheten %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Begärd hashsignaturverifiering %s stöds inte."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Det går inte reparera fel med FEC-enhet."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "Fann %u reparerbara fel med FEC-enhet."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "Kärnan stöder inte dm-verity-mappning."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "Kärnan stöder inte flaggan för dm-verity-signatur."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Verity-enhet identifierades som skadad efter aktivering."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Ledigt utrymme är inte nollställt vid position %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Enhets-offset spillde över."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Verifiering misslyckades vid %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Hash-området spillde över."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Misslyckades med verifiering av dataområde."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Misslyckades med verifiering av rot-hash."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "In-/utdatafel vid skapandet av hashområde."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Misslyckades med skapandet av hashområde."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "VARNING: Kärnan kan inte aktivera enhet om datablockstorleken överskrider sidstorlek (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Misslyckades med att skriva paritet för RS block %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Misslyckades med att skriva paritet för RS block %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Blockstorlekar måste matcha för FEC."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Ogiltigt antal paritet-byte."
-#: lib/verity/verity_fec.c:238
-#, fuzzy
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
-msgstr "Ogiltig signaturfil %s."
+msgstr "Ogiltig FEC-segmentlängd."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Misslyckades med att bestämma storlek för enhet %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Inkompatibel kärnmetadata dm-integrity (version %u) identifierad på %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "Kärnan stöder inte dm-integrity-mappning."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "Kärnan stöder inte fast metadataförskjutning för dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
+msgstr "Kärnan tillåter inte att den osäkra flaggan recalculate aktiveras (se föråldrade aktiveringsflaggor för att åsidosätta)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:393 lib/luks2/luks2_json_metadata.c:1133
+#: lib/luks2/luks2_json_metadata.c:1413
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Misslyckades med att få skrivlås på enheten %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:402
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Identifierade samtidiga försök att uppdatera LUKS2-metadata. Avbryter åtgärden."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:701 lib/luks2/luks2_disk_metadata.c:722
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Enheten innehåller tvetydiga signaturer, det går inte att automatiskt återhämta LUKS2.\n"
"Kör ”cryptsetup repair” för återhämtning."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:230
msgid "Requested data offset is too small."
msgstr "Begärd dataoff för liten."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:275
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "VARNING: nyckelplatsområdet (%<PRIu64> byte) är väldigt liten, tillgängligt LUKS2-nyckelplatsantal är väldigt begränsat.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
+#: lib/luks2/luks2_json_metadata.c:1120 lib/luks2/luks2_json_metadata.c:1258
+#: lib/luks2/luks2_json_metadata.c:1319 lib/luks2/luks2_keyslot_luks2.c:92
#: lib/luks2/luks2_keyslot_luks2.c:114
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Misslyckades med att erhålla läslås på enheten %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1336
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "Förbjudna LUKS2-krav identifierade i säkerhetskopian %s."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1377
msgid "Data offset differ on device and backup, restore failed."
msgstr "Dataoffset skiljer sig på enhet och säkerhetskopia. Återställningen misslyckades."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1383
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Binärhuvud med nyckelstorlek skiljer sig på enhet och säkerhetskopia. Återställningen misslyckades."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1390
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Enhet %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1391
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "innehåller inget LUKS2-huvud. Ersättning av huvud kan förstöra data på enheten."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1392
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "innehåller redan LUKS2-huvud. Ersättningen av huvud kommer att förstöra befintliga nyckelplatser."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1394
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"VARNING:okända LUKS2-krav identifierade i huvudet för riktig enhet!\n"
"Att ersätta huvudet med en säkerhetskopia kan göra data korrupt på enheten!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1396
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"VARNING:Oavslutad frånkopplade kryptering identifierad på enheten!\n"
"Att ersätta huvudet med en säkerhetskopia kan orsaka korrupt data."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1494
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Ignorerade okänd flagga %s."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2402 lib/luks2/luks2_reencrypt.c:2015
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Saknar nyckel för dm-crypt-segmentet %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2414 lib/luks2/luks2_reencrypt.c:2029
msgid "Failed to set dm-crypt segment."
msgstr "Misslyckades med att läsa dm-crypt-segment."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2420 lib/luks2/luks2_reencrypt.c:2035
msgid "Failed to set dm-linear segment."
msgstr "Misslyckades med att läsa dm-linear-segment."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2547
msgid "Unsupported device integrity configuration."
msgstr "Integritetskonfiguration som ej stöds på enheten."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2633
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Omkryptering pågår. Det går inte att inaktivera enhet."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2644 lib/luks2/luks2_reencrypt.c:4057
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Misslyckades med att ersätta inaktiverad enhet %s med målet dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2724
msgid "Failed to read LUKS2 requirements."
msgstr "Misslyckades med att läsa LUKS2-krav."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2731
msgid "Unmet LUKS2 requirements detected."
msgstr "Ej uppfyllt LUKS2-krav identifierat."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2739
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Åtgärden inkompatibel med enhet markerad för föråldrad omkryptering. Avbryter."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2741
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Åtgärden inkompatibel med enhet markerad för LUKS2-omkryptering. Avbryter."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Inte nog med minne för att öppna en nyckelplats."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Misslyckades med att öppna nyckelplats."
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Det går inte att använda %s-%s-chiffer för nyckelplatskryptering."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:496
msgid "No space for new keyslot."
msgstr "Inget utrymme för ny nyckelplats."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2615
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Hashalgoritm %s är inte tillgänglig."
+
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Begärde ogiltigt återhämtningsläge för omkryptering."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Det går inte att uppdatera återhämtningstup. Ny typ tillhandahåller %<PRIu64> byte, begärt utrymme är: %<PRIu64> byte."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Misslyckades med att sammandrag för omkrypteringsverifikation."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Det går inte kontrollera status för enheten med uuid: %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Det går inte att konvertera huvud med ytterligare metadata för LUKSMETA."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3715
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Det går inte att använda chiffer-spefikationen %s-%s för LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Kunde inte flytta nyckelplatsområde. Inte nog med utrymme."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Det går inte att konvertera till LUKS2-format - ogiltig metadata."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Kunde inte flytta nyckelplatsområde. Området för LUKS2-nyckelplatser är för litet."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Kunde inte flytta nyckelplatsområde."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Det går inte att konvertera till LUKS1-format - standardkrypteringstorleken är inte 512 byte."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Det går inte att konvertera till LUKS1-format - kontrollsummor för nyckelplatser är inte LUKS1-kompatibla."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Det går inte att konvertera till LUKS1-format - enheterna använder inbäddat nyckelchiffer %s."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Det går inte att konvertera till LUKS1-format - enheten använder flera segment."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "Det går inte att konvertera till LUKS1-format - LUKS2-huvud innehåller %u token."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Det går inte att konvertera till LUKS1-format - nyckelplats %u är i ogiltigt tillstånd."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Det går inte att konvertera till LUKS1-format - plats %u (av maximalt antal platser) är fortfarande aktiv."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "Det går inte att konvertera till LUKS1-format - nyckelplats %u är inte LUKS1-kompatibel."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1107
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Hotzone-storleken måste vara en multipel av beräknad zonjustering (%zu-byte)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1112
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Enhetsstorleken måste vara en multipel av beräknad zonstorlek (%zu byte)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Stöder inte motståndsläge %s"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1319 lib/luks2/luks2_reencrypt.c:1505
+#: lib/luks2/luks2_reencrypt.c:1588 lib/luks2/luks2_reencrypt.c:1630
+#: lib/luks2/luks2_reencrypt.c:3852
msgid "Failed to initialize old segment storage wrapper."
msgstr "Misslyckades med att initiera gammal segmentlagringsinbäddning."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1333 lib/luks2/luks2_reencrypt.c:1483
msgid "Failed to initialize new segment storage wrapper."
msgstr "Misslyckades med att initiera ny segmentlagringsinbäddning."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1460 lib/luks2/luks2_reencrypt.c:3864
+msgid "Failed to initialize hotzone protection."
+msgstr "Misslyckades med att initiera skydd av hotzone."
+
+#: lib/luks2/luks2_reencrypt.c:1532
msgid "Failed to read checksums for current hotzone."
msgstr "Misslyckades med att läsa kontrollsummor från aktuell varm zon."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1539 lib/luks2/luks2_reencrypt.c:3878
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Misslyckades med att läsa område för varm zon med början %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1558
#, c-format
msgid "Failed to decrypt sector %zu."
-msgstr "Misslyckades med avkryptera sektor %zu."
+msgstr "Misslyckades med att dekryptera sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1564
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Misslyckades med återhämta sektor %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2128
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Käll- och målenhetstorlekar stämmer inte överens. Källa %<PRIu64>, mål: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2226
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Misslyckades med att aktivera varm zon-enhet %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2243
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Misslyckades med att aktivera överlagringsenheten %s med aktuell ursprungstabell."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2250
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Misslyckades med att läsa in ny mappning för enhet %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2321
msgid "Failed to refresh reencryption devices stack."
msgstr "Misslyckades med att uppdatera listan över omkrypteringsenheter."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2497
msgid "Failed to set new keyslots area size."
msgstr "Misslyckades med att sätta en ny storlek på nyckelplatsområdet."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2633
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Dataskiftning är inte justerad till krypteringssektorstorlek (%<PRIu32> byte)."
+
+#: lib/luks2/luks2_reencrypt.c:2664
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Stöder inte motståndsläge %s"
+
+#: lib/luks2/luks2_reencrypt.c:2741
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Flyttat segmentstorlek kan inte vara större än dataskift-värdet."
+
+#: lib/luks2/luks2_reencrypt.c:2799
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Dataskiftning är inte justerad till begärd sektorstorlek (%<PRIu32> byte)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Flyttat segment för stor. Begärd storlek %<PRIu64>, tillgänglig storlek för: %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2886
+msgid "Failed to clear table."
+msgstr "Misslyckades med att rensa tabellen."
+
+#: lib/luks2/luks2_reencrypt.c:2972
+msgid "Reduced data size is larger than real device size."
+msgstr "Minskad datastorlek är större än den riktiga enhetsstorleken."
+
+#: lib/luks2/luks2_reencrypt.c:2979
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Dataenhet är inte justerad till
begärd sektorstorlek (%<PRIu32> byte)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Dataenhet är inte justerad till
krypteringssektorstorlek (%<PRIu32> byte)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3013
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Dataskiftning (%<PRIu64> sektorer) är mindre än framtida dataförskjutning (%<PRIu64> sektorer)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3020 lib/luks2/luks2_reencrypt.c:3508
+#: lib/luks2/luks2_reencrypt.c:3529
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Misslyckades med att öppna %s i exklusivt läge (redan mappad eller monterad)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3209
msgid "Device not marked for LUKS2 reencryption."
msgstr "Enheten är inte markerad för LUKS2-omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3226 lib/luks2/luks2_reencrypt.c:4181
msgid "Failed to load LUKS2 reencryption context."
msgstr "Misslyckades med att läsa in LUKS2-omkrypteringskontext."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3306
msgid "Failed to get reencryption state."
msgstr "Misslyckades med att erhålla status för omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3310 lib/luks2/luks2_reencrypt.c:3624
msgid "Device is not in reencryption."
msgstr "Enheten är inte i omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3317 lib/luks2/luks2_reencrypt.c:3631
msgid "Reencryption process is already running."
msgstr "Omkrypteringsprocessen pågår redan."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3319 lib/luks2/luks2_reencrypt.c:3633
msgid "Failed to acquire reencryption lock."
msgstr "Misslyckades med att erhålla skrivlås för omkryptering."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3337
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Det går inte att fortsätta med omkryptering. Kör återställning av omkryptering först."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3472
msgid "Active device size and requested reencryption size don't match."
msgstr "Aktiv enhetsstorlek och begärd omkrypteringsstorlek skiljer sig åt."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3486
msgid "Illegal device size requested in reencryption parameters."
msgstr "Ogiltig enhetsstorlek begärd i omkrypteringsparametrarna."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3563
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Omkryptering pågår redan. Det går inte att utföra återhämtning."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3732
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "LUKS2-omkryptering är redan initierad i metadata."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3739
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Misslyckades med att initiera LUKS2-omkryptering i metadata."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3834
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Misslyckades med sätta enhetssegment för nästa varm zon-omkryptering."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3886
msgid "Failed to write reencryption resilience metadata."
msgstr "Misslyckades med att skriva motståndsmetadata för omkryptering."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3893
msgid "Decryption failed."
msgstr "Avkryptering misslyckades."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3898
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Misslyckades med att skriva område för varm zon med början vid %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3903
msgid "Failed to sync data."
msgstr "Misslyckades med att synkronisera data."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Misslyckades med att uppdatera metadata efter aktuell varm zon för omkrypteringär färdigställd."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4000
msgid "Failed to write LUKS2 metadata."
msgstr "Misslyckades med att skriva LUKS2-metadata."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Misslyckades med att radera säkerhetskopia av segmentdata."
+#: lib/luks2/luks2_reencrypt.c:4023
+msgid "Failed to wipe unused data device area."
+msgstr "Misslyckades med att radera oanvänt område på dataenheten."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4029
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Misslyckades med att tilldela token %d till nyckelplats %d."
+msgstr "Misslyckades med att ta bort oanvänd (obunden) nyckelplats %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4039
msgid "Failed to remove reencryption keyslot."
-msgstr "Misslyckades med att erhålla omkrypteringslås."
+msgstr "Misslyckades med att ta bort nyckelplats för omkryptering."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4049
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Ödesdigert fel vid omkrypteringschunk med start vid %<PRIu64>, %<PRIu64> sektorer lång."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4053
+msgid "Online reencryption failed."
+msgstr "Misslyckades med omkryptering."
+
+#: lib/luks2/luks2_reencrypt.c:4058
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Återuppta inte enheten om inte den ersatts med felmål manuellt."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4112
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Det går inte att fortsätta med omkryptering. Oväntat omkrypteringsläge."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4118
msgid "Missing or invalid reencrypt context."
msgstr "Saknat eller ogiltigt omkrypteringskontext."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4125
msgid "Failed to initialize reencryption device stack."
msgstr "Misslyckades med att initiera listan för omkrypteringsenheter."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4147 lib/luks2/luks2_reencrypt.c:4194
msgid "Failed to update reencryption context."
msgstr "Misslyckades med att uppdatera omkrypteringskontext."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:406
msgid "Reencryption metadata is invalid."
-msgstr "Nyckelplats %d är ogiltig."
+msgstr "Omkryperingsmetadata är ogiltigt."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Ingen fri plats för token."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Krypteringsparametrar för nyckelplatser stöds endast av LUKS2-enheter."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Misslyckades med att skapa inbyggd token %s."
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Kan inte verifiera lösenfras på icke-tty-ingångar."
+msgid "Enter token PIN:"
+msgstr "Ange token-PIN:"
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Krypteringsparametrar för nyckelplatser stöds endast av LUKS2-enheter."
+#: src/cryptsetup.c:110
+#, c-format
+msgid "Enter token %d PIN:"
+msgstr "Ange token-PIN %d :"
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:966 src/cryptsetup.c:1293
+#: src/utils_reencrypt.c:1048 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Inget känt chifferspecifikationsmönster kunde identifieras."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
-msgstr "VARNING: parametern --hash ignoreras i enkelt läge med specificerad nyckelfil.\n"
+msgstr "VARNING: parametern --hash ignoreras i plain-läge med specificerad nyckelfil.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "VARNING: flaggan --keyfile-size ignoreras, lässtorleken är densamma som storleken för krypteringsnyckeln.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "Identfierar enhetssignatur(er) på %s. Att fortsätta kan skada befintlig data."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1040 src/cryptsetup.c:1088
+#: src/cryptsetup.c:1154 src/cryptsetup.c:1270 src/cryptsetup.c:1343
+#: src/cryptsetup.c:1994 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:275
msgid "Operation aborted.\n"
msgstr "Åtgärd avbruten.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Flaggan --key-file krävs."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Ange VeraCrypt PIM: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Ogiltigt PIM-värde:tolkningsfel."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Ogiltigt PIM-värde: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Ogiltigt PIM-värde:utanför intervallet."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Inget enhetshuvud finns tillgängligt med denna lösenfras."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Enheten %s är inte en giltig BITLK-enhet."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Det går inte att avgöra volymens nyckelstorlek för BTLK, använd flaggan --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"som tillåter åtkomst till krypterad partition utan lösenfras.\n"
"Denna utskrift bör alltid lagras krypterad på ett säkert ställe."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:2019
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Utskrift av huvudet med volymnyckel är känslig information\n"
+"som tillåter åtkomst till krypterad partition utan lösenfras.\n"
+"Denna utskrift bör alltid lagras krypterad på ett säkert ställe."
+
+#: src/cryptsetup.c:664 src/veritysetup.c:321 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Enheten %s är fortfarande aktiv och schemalagd för uppskjuten borttagning.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:698
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Att ändra storlek på aktiv enhet kräver volymnyckel i nyckelringen, men -flaggan --disable-keyring är angiven."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:845
msgid "Benchmark interrupted."
msgstr "Prestandamätning avbruten."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:866
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s N/A\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:868
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u iterationer per sekund för %zu-bitnyckel\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:882
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s N/A\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:884
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u iterationer, %5u minne, %1u parallella trådar (CPU:er) för %zu-bitnyckelplats (begärde %u ms)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:908
msgid "Result of benchmark is not reliable."
msgstr "Resultat från prestandamätningen är inte pålitligt."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:958
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Tester är ungefärliga och använder endast minne (ingen lagrings-IO).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:978
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "#%*s Algoritm | Nyckel | Kryptering | Avkryptering\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:982
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Chiffret %s (med nyckel av %i bitar) är inte tillgängligt."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1001
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# Algoritm | Nyckel | Kryptering | AVkryptering\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1012
msgid "N/A"
msgstr "N/A"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1037
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Oskyddad LUKS2-omkryperingsmetadata identiferad. Vänligen verifiera att omkryperingsåtgärden behövs (se luksDump-utdata)\n"
+"och fortsätt (uppgradera metadata) endast om du anser åtgärden som behövd."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Ange lösenfras för omkrypteringsåterhämtning: "
+#: src/cryptsetup.c:1043
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Ange lösenfras för att skydda och uppgradera omkrypteringmetadata:"
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1087
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Vill du verkligen fortsätta med LUKS2-omkrypteringsåterställning?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1096
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Ange lösenfras för omkrypteringsåterhämtning: "
+msgstr "Ange lösenfras för att verifiera sammandrag för metadata-omkryptering:"
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1098
msgid "Enter passphrase for reencryption recovery: "
msgstr "Ange lösenfras för omkrypteringsåterhämtning: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1153
msgid "Really try to repair LUKS device header?"
msgstr "Vill du verkligen försöka att reparera LUKS-enhetshuvud?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1177 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Skrivning avbruten."
+
+#: src/cryptsetup.c:1182 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Rensar enheten för att initialisera kontrollsumma för integritet.\n"
"Du kan avbryta detta genom att trycka ned CTRL+c (resten av den ej rensade enheten kommer att innehålla en ogiltigt kontrollsumma).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1204 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Det går inte att inaktivera temporär enhet %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1255
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Flaggan för integritet kan endast användas för formatet LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1260 src/cryptsetup.c:1320
msgid "Unsupported LUKS2 metadata size options."
msgstr "Flaggorna för storlekar på LUKS2-metadata stöds inte."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1269
msgid "Header file does not exist, do you want to create it?"
-msgstr ""
+msgstr "Deklarationsfilen existerar inte, vill du skapa den?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1277
#, c-format
msgid "Cannot create header file %s."
msgstr "Det går inte att skapa huvudfil %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1300 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Inga kända integritetspecifikationsmönster identifierat."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1313
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Det går inte att använda %s som diskhuvud."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1337 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Detta kommer att skriva över data på %s och går inte att ångra."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1370 src/cryptsetup.c:1707 src/cryptsetup.c:1772
+#: src/cryptsetup.c:1876 src/cryptsetup.c:1942 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Misslyckades med att sätta pbkdf-parametrar."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1455
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Förminskad dataoffset endast tillåtet för fristående LUKS-huvuden."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1466 src/cryptsetup.c:1778
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Det går inte att avgöra volymens nyckelstorlek för LUKS utan nyckelplatser, använd flaggen --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1512
msgid "Device activated but cannot make flags persistent."
msgstr "Enheten aktiverad men kan inte spara undan flaggorna."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1591 src/cryptsetup.c:1659
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Nyckelplats %d markerad för borttagning."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1603 src/cryptsetup.c:1663
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Detta är sista nyckelplatsen. Enheten kommer att bli oanvändbar efter att denna nyckel tagits bort."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1604
msgid "Enter any remaining passphrase: "
msgstr "Ange eventuell återstående lösenfras: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1605 src/cryptsetup.c:1665
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Åtgärden avbröts, nyckelplatsen raderades INTE.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1641
msgid "Enter passphrase to be deleted: "
msgstr "Ange lösenfras att ta bort: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1691 src/cryptsetup.c:1925 src/cryptsetup.c:2505
+#: src/cryptsetup.c:2649
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Enheten %s är inte en giltig LUKS2-enhet."
+
+#: src/cryptsetup.c:1721 src/cryptsetup.c:1795 src/cryptsetup.c:1829
msgid "Enter new passphrase for key slot: "
msgstr "Ange ny lösenfras för nyckelplats: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1812 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Ange valfri existerande lösenfras: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1880
msgid "Enter passphrase to be changed: "
msgstr "Ange lösenfras att ändra: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1896 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Ange ny lösenfras: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1946
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Ange lösenfras för nyckelplats att konvertera: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1970
msgid "Only one device argument for isLuks operation is supported."
msgstr "Endast ett enhetsargument för operationen isLuks stöds."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Utskrift av huvudet med volymnyckel är känslig information\n"
-"som tillåter åtkomst till krypterad partition utan lösenfras.\n"
-"Denna utskrift bör alltid lagras krypterad på ett säkert ställe."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2078
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Nyckelplats %d innehåller inte obunden nyckel."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2083
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Utskrift av huvudet med obunden nyckel är känslig information.\n"
"Denna utskrift bör alltid lagras krypterad på ett säkert ställe."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
+#: src/cryptsetup.c:2169 src/cryptsetup.c:2198
+#, c-format
msgid "%s is not active %s device name."
-msgstr "%s är inte en cryptsetup-hanterad enhet."
+msgstr "%s är inte ett aktivt %s-enhetsnamn."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2193
#, c-format
msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
+msgstr "%s är inte ett aktivt LUKS-enhetsnamn eller så saknas deklaration."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2255 src/cryptsetup.c:2274
msgid "Option --header-backup-file is required."
msgstr "Flaggan --header-backup-file krävs."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2305
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s är inte en cryptsetup-hanterad enhet."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2316
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Att uppdatera stöds inte för enhetstypen %s"
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2362
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Okänd metadata för enhetstypen %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2364
msgid "Command requires device and mapped name as arguments."
msgstr "Kommandot kräver enhet och mappat namn som argument."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2385
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"Denna åtgärd kommer att ta bort alla nyckelplatser på enhet %s.\n"
"Enheten kommer att bli oanvändbar efter denna åtgärd."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2392
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Åtgärden avbryten, nyckelplatser raderades EJ.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2431
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Ogiltig LUKS-typ, endast luks1 och luks2 stöds."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2447
#, c-format
msgid "Device is already %s type."
msgstr "Enheten är redan av %s-typ."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2454
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Denna åtgärd kommer att konvertera %s till %s-format.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2457
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Åtgärden avbröts, enheten konverterades INTE.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2497
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Saknar flaggan --priority, --label eller --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2531 src/cryptsetup.c:2568 src/cryptsetup.c:2588
#, c-format
msgid "Token %d is invalid."
msgstr "Token %d är ogiltig."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2534 src/cryptsetup.c:2591
#, c-format
msgid "Token %d in use."
msgstr "Token %d används."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2546
#, c-format
msgid "Failed to add luks2-keyring token %d."
msgstr "Misslyckades med att lägga till luks2-nyckelringsstoken %d."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2554 src/cryptsetup.c:2617
#, c-format
msgid "Failed to assign token %d to keyslot %d."
msgstr "Misslyckades med att tilldela token %d till nyckelplats %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2571
#, c-format
msgid "Token %d is not in use."
msgstr "Token %d används ej."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2608
msgid "Failed to import token from file."
msgstr "Misslyckades med att importera token från fil."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2633
#, c-format
msgid "Failed to get token %d for export."
msgstr "Misslyckades med att hämta token %d för export."
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "parametern --key-description krävs för åtgärden lägg till token."
+#: src/cryptsetup.c:2682
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Flaggorna --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup stöds endast på TCRYPT-enhet."
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Åtgärden kräver specifik token. Använd parametern --token-id."
+#: src/cryptsetup.c:2685
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Flaggan --veracrypt eller --disable-veracrypt stöds endast för TCRYPT-enhetstyper."
-#: src/cryptsetup.c:2743
-#, c-format
-msgid "Invalid token operation %s."
-msgstr "Ogiltig tokenåtgärd %s."
+#: src/cryptsetup.c:2688
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Flaggan --veracrypt-pim stöds endast för VeraCrypt-kompatibla enheter."
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Auto-identifierade aktiv dm-enhet ”%s” för dataenheten %s.\n"
+#: src/cryptsetup.c:2692
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Flaggan --veracrypt-query-pim stöds endast för VeraCrypt-kompatibla enheter."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Enheten %s är inte en giltig blockenhet.\n"
+#: src/cryptsetup.c:2694
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Flaggorna --veracrypt-pim och --veracrypt-query-pim är ömsesidigt uteslutande."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Misslyckades med att identifiera kopplingarna till enhet %s."
+#: src/cryptsetup.c:2703
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Flaggan --persistent är ej tillåtet med --test-passphrase."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Det går inte att avgöra om enheten %s är aktiverade eller ej.\n"
-"Är du säker på att du vill fortsätta kryptera om i frånkopplat läge?\n"
-"Det kan leda till datakorruption om enheten är aktiverad.\n"
-"För att kryptera om i uppkopplat läge, använd istället flaggan --active-name.\n"
+#: src/cryptsetup.c:2706
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Ogiltig LUKS-enhetstyp."
+#: src/cryptsetup.c:2709
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Flaggan --shared är endast tillåten för öppning av plain-enhet."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "Kryptering utan frånkopplat huvud (--header) är inte möjligt utan att minska datastorleken på enheten (--reduce-device-size)."
+#: src/cryptsetup.c:2712
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Flaggan --skip stöds endast för öppning av plain-enheter och loopaes-enheter."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Begärd dataförskjutning måste vara mindre än, eller lika med halva av parametern --reduce-device-size."
+#: src/cryptsetup.c:2715
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Flaggan --offset med åtgärden öppna stöds endast för öppning av plain-enheter och loopaes-enheter."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Justera värdet av --reduce-device-size-värdet till dubbla --offset %<PRIu64> (sektorer).\n"
+#: src/cryptsetup.c:2718
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Flaggan --tcrypt-hidden kan inte kombineras med --allow-discards."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Kryptering stöds endast för formatet LUKS2."
+#: src/cryptsetup.c:2722
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Flaggan för sektorstorlek med åtgärden öppna stöds endast för plain-enheter."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Identifierade LUKS-enhet på %s. Vill du kryptera LUKS-enheten igen?"
+#: src/cryptsetup.c:2726
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Flaggan för stora IV-sektorer stöds endast för att öppna enheter av plain-typ med sektorstorlek större än 512 byte."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Tillfällig huvudfil %s finns redan. Avbryter."
+#: src/cryptsetup.c:2730
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+msgstr "Flaggan --test-passphrase är endast tillåten för open för LUKS-, TCRYPT-, och BITLK-enheter."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Det går inte att skapa tillfällig huvudfil %s."
+#: src/cryptsetup.c:2733 src/cryptsetup.c:2756
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Flaggan --device-size och --size kan inte kombineras."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s är nu aktiv och redo för uppkopplad kryptering.\n"
+#: src/cryptsetup.c:2736
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Flaggan --unbound är endast tillåten för öppning av luks-enhet."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
+#: src/cryptsetup.c:2739
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Flaggan --unbound kan inte användas utan --test-passphrase."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Inte nog med fria nyckelplatser för omkryptering."
+#: src/cryptsetup.c:2748 src/veritysetup.c:664 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Flaggorna --cancel-deferred och --deferred går inte att använda samtidigt."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Nyckelfil kan endast användas med --key-slot eller precis en aktiv nyckelplats."
+#: src/cryptsetup.c:2764
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Flaggan --reduce-device-size och --data-size kan inte kombineras."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Ange lösenfras för nyckelplats %d: "
+#: src/cryptsetup.c:2767
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Flaggan --active-name kan endast anges för LUKS2-enheter."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Ange lösenfras för nyckelplats %u: "
+#: src/cryptsetup.c:2770
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Flaggan --active-name och --force-offline-reencrypt kan inte kombineras."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
+#: src/cryptsetup.c:2778 src/cryptsetup.c:2808
+msgid "Keyslot specification is required."
+msgstr "Specifikation för nyckelplats krävs."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Kommandot kräver en enhet som argument."
+#: src/cryptsetup.c:2786
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Flaggan --align-payload och --offset kan inte kombineras."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "Stödjer endast LUKS2-formatet. Använd verktyget cryptsetup-reencrypt för LUKS1."
+#: src/cryptsetup.c:2789
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Flaggan --integrity-no-wipe kan endast användas för åtgärden formatera med integritetsutökningar."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Föråldrad frånkopplad omkryptering pågår redan. Använd verktyget cryptsetup-reencrypt."
+#: src/cryptsetup.c:2792
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Endast en av flaggorna --use-[u]random är tillåten."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Kryptering för enhet med integritetsprofil stöds ej."
+#: src/cryptsetup.c:2800
+msgid "Key size is required with --unbound option."
+msgstr "Nyckelstorlek krävs med flaggan --unbound."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "LUKS2-omkryptering är redan initierad. Avbryter åtgärd."
+#: src/cryptsetup.c:2819
+msgid "Invalid token action."
+msgstr "Ogiltig tokenåtgärd."
+
+#: src/cryptsetup.c:2822
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "parametern --key-description krävs för åtgärden lägg till token."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "LUKS2-enheten är inte i omkryptering."
+#: src/cryptsetup.c:2826
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Åtgärden kräver specifik token. Använd parametern --token-id."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:2840
msgid "<device> [--type <type>] [<name>]"
msgstr "<enhet> [--type <typ>] [<namn>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:2840 src/veritysetup.c:487 src/integritysetup.c:535
msgid "open device as <name>"
msgstr "öppna enhet som <namn>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:2841 src/cryptsetup.c:2842 src/cryptsetup.c:2843
+#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
msgid "<name>"
msgstr "<namn>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:2841 src/veritysetup.c:488 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "stäng enhet (ta bort mappning)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:2842 src/integritysetup.c:539
msgid "resize active device"
msgstr "ändra storlek på aktiv enhet"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:2843
msgid "show device status"
msgstr "visa enhetsstatus"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2844
msgid "[--cipher <cipher>]"
msgstr "[--cipher <chiffer>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2844
msgid "benchmark cipher"
msgstr "prestandamät chiffer"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:2845 src/cryptsetup.c:2846 src/cryptsetup.c:2847
+#: src/cryptsetup.c:2848 src/cryptsetup.c:2849 src/cryptsetup.c:2856
+#: src/cryptsetup.c:2857 src/cryptsetup.c:2858 src/cryptsetup.c:2859
+#: src/cryptsetup.c:2860 src/cryptsetup.c:2861 src/cryptsetup.c:2862
+#: src/cryptsetup.c:2863 src/cryptsetup.c:2864
msgid "<device>"
msgstr "<enhet>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:2845
msgid "try to repair on-disk metadata"
msgstr "försök att reparera metadata på disken"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:2846
msgid "reencrypt LUKS2 device"
msgstr "omkryptering av LUKS2-enhet"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:2847
msgid "erase all keyslots (remove encryption key)"
msgstr "ta bort alla nyckelplatser (ta bort krypteringsnyckeln)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:2848
msgid "convert LUKS from/to LUKS2 format"
msgstr "konvertera LUKS från/till LUKS2-format"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:2849
msgid "set permanent configuration options for LUKS2"
msgstr "ange permanenta konfigurationsflaggor för LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:2850 src/cryptsetup.c:2851
msgid "<device> [<new key file>]"
msgstr "<enhet> [<ny nyckelfil>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:2850
msgid "formats a LUKS device"
msgstr "formaterar en LUKS-enhet"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:2851
msgid "add key to LUKS device"
msgstr "lägg till nyckel till LUKS-enhet"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:2852 src/cryptsetup.c:2853 src/cryptsetup.c:2854
msgid "<device> [<key file>]"
msgstr "<enhet> [<nyckelfil>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:2852
msgid "removes supplied key or key file from LUKS device"
msgstr "tar bort angiven nyckel eller nyckelfil från LUKS-enhet"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:2853
msgid "changes supplied key or key file of LUKS device"
msgstr "ändrar angiven nyckel eller nyckelfil för LUKS-enhet"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:2854
msgid "converts a key to new pbkdf parameters"
msgstr "konverterar en nyckel till nya pbkdf-parametrar"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2855
msgid "<device> <key slot>"
msgstr "<enhet> <nyckelplats>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2855
msgid "wipes key with number <key slot> from LUKS device"
msgstr "rensar nyckeln med nummer <nyckelplats> från LUKS-enhet"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:2856
msgid "print UUID of LUKS device"
msgstr "skriv ut UUID för LUKS-enhet"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:2857
msgid "tests <device> for LUKS partition header"
msgstr "testar <enhet> för LUKS-partitionshuvud"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:2858
msgid "dump LUKS partition information"
msgstr "skriver ut information om LUKS-partition"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:2859
msgid "dump TCRYPT device information"
msgstr "skriver ut information om TCRYPT-partition"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:2860
msgid "dump BITLK device information"
msgstr "skriv ut BITLK-enhetsinformation"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:2861
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Försätt LUKS-enhet i vänteläge och rensa nyckel (alla in-/ut-åtgärder är frusna)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:2862
msgid "Resume suspended LUKS device"
msgstr "Återuppta LUKS-enhet i vänteläge"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:2863
msgid "Backup LUKS device header and keyslots"
msgstr "Säkerhetskopiera huvud och nyckelplatser från LUKS-enhet"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:2864
msgid "Restore LUKS device header and keyslots"
msgstr "Återställ huvud och nyckelplatser för LUKS-enhet"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2865
msgid "<add|remove|import|export> <device>"
msgstr "<läggtill|tabort|importera|exportera> <enhet>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:2865
msgid "Manipulate LUKS2 tokens"
msgstr "Manipulera LUKS2-token"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:2884 src/veritysetup.c:505 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<åtgärd> är en av:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:2890
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkOpen\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:2894
#, c-format
msgid ""
"\n"
"<nyckelplats> är numret för LUKS-nyckelplatsen att ändra\n"
"<nyckelfil> valfri nyckelfil för den nya nyckeln för luksAddKey-åtgärden\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:2901
#, c-format
msgid ""
"\n"
"\n"
"Inkompilerat standardmetadataformat är %s (för luksFormat-åtgärd).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:2906 src/cryptsetup.c:2909
#, c-format
msgid ""
"\n"
-"Default compiled-in key and passphrase parameters:\n"
-"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
-"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
-"Default PBKDF for LUKS2: %s\n"
-"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
+"LUKS2 external token plugin support is %s.\n"
msgstr ""
"\n"
-"Inkompilerade standardnyckel- och standardlösenfrasparametrar:\n"
-"\tStörsta nyckelfilstorlek: %dkB, Största interaktiv lösenfraslängd %d (tecken)\n"
-"Standard-PBKDF för LUKS1: %s, iterationstid: %d (ms)\n"
-"Standard-PBKDF för LUKS2: %s\n"
-"\tIterationstid: %d, Minne: %dkB, Parallella trådar: %d\n"
+"Stöd för externa LUKS2-insticksmoduler är %s.\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:2906
+msgid "compiled-in"
+msgstr "inkompilerad"
+
+#: src/cryptsetup.c:2907
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Sökväg för externa LUKS2-insticksmoduler är %s.\n"
+
+#: src/cryptsetup.c:2909
+msgid "disabled"
+msgstr "inaktiverad"
+
+#: src/cryptsetup.c:2913
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in key and passphrase parameters:\n"
+"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
+"Default PBKDF for LUKS2: %s\n"
+"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
+msgstr ""
+"\n"
+"Inkompilerade standardnyckel- och standardlösenfrasparametrar:\n"
+"\tStörsta nyckelfilstorlek: %dkB, Största interaktiv lösenfraslängd %d (tecken)\n"
+"Standard-PBKDF för LUKS1: %s, iterationstid: %d (ms)\n"
+"Standard-PBKDF för LUKS2: %s\n"
+"\tIterationstid: %d, Minne: %dkB, Parallella trådar: %d\n"
+
+#: src/cryptsetup.c:2924
#, c-format
msgid ""
"\n"
"\tplain: %s, Nyckel: %d bitar, Lösenordshashning: %s\n"
"\tLUKS1: %s, Nyckel: %d bitar, LUKS-huvudhashning %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:2933
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: Standardnyckelstorlek med XTS-läge (två interna nycklar) kommer att dubbleras.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:2951 src/veritysetup.c:644 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: kräver %s som argument"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:2997 src/utils_reencrypt_luks1.c:1194
+msgid "Key slot is invalid."
+msgstr "Nyckelplatsen är ogiltig."
+
+#: src/cryptsetup.c:3024
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Enhetsstorlek måste vara en multipel av sektor på 512-byte."
+
+#: src/cryptsetup.c:3029
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Ogiltig högsta storlekspecifikation för varm zon-omkryptering."
+
+#: src/cryptsetup.c:3043 src/cryptsetup.c:3055
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Nyckelstorlek måste vara en multipel av 8 bitar"
+
+#: src/cryptsetup.c:3060
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Högsta förminskningsstorlek för enhet är 1 GiB."
+
+#: src/cryptsetup.c:3063
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Minskningsstorlek måste vara en multipel av 512-bytesektor."
+
+#: src/cryptsetup.c:3080
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Flaggan --priority kan endast vara ignore/normal/prefer."
+
+#: src/cryptsetup.c:3099 src/veritysetup.c:568 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Visa detta hjälpmeddelande"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3100 src/veritysetup.c:569 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Visa kort information om användning"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3101 src/veritysetup.c:570 src/integritysetup.c:636
msgid "Print package version"
msgstr "Skriv ut paketversion"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3112 src/veritysetup.c:581 src/integritysetup.c:647
msgid "Help options:"
msgstr "Hjälpflaggor:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Visar mer detaljerade felmeddelanden"
+#: src/cryptsetup.c:3132 src/veritysetup.c:599 src/integritysetup.c:664
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[FLAGGA…] <åtgärd> <åtgärdsspecifik>"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Visa felsökningsmeddelanden"
+#: src/cryptsetup.c:3141 src/veritysetup.c:608 src/integritysetup.c:675
+msgid "Argument <action> missing."
+msgstr "Argumentet <åtgärd> saknas."
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Visa felsökningsmeddelanden inklusive JSON-metadata"
+#: src/cryptsetup.c:3211 src/veritysetup.c:639 src/integritysetup.c:706
+msgid "Unknown action."
+msgstr "Okänd åtgärd."
+
+#: src/cryptsetup.c:3229
+msgid "Option --key-file takes precedence over specified key file argument."
+msgstr "Flaggan --key-file åsidosätter specificerade nyckelfilsargument."
+
+#: src/cryptsetup.c:3235
+msgid "Only one --key-file argument is allowed."
+msgstr "Endast ett argument för --key-file är tillåtet."
+
+#: src/cryptsetup.c:3240
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
+msgstr "Password-based key derivation function (PBKDF) kan endast vara pbkdf2 eller argon2i/argon2id."
+
+#: src/cryptsetup.c:3245
+msgid "PBKDF forced iterations cannot be combined with iteration time option."
+msgstr "Tvingade PBKDF-iterationer går inte att kombinera med flaggan iteration time."
+
+#: src/cryptsetup.c:3256
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Flaggorna --keyslot-cipher och --keyslot-key-size måste användas tillsammans."
+
+#: src/cryptsetup.c:3264
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Ingen åtgärd utfördes. Startades med flaggan --test-args\n"
+
+#: src/cryptsetup.c:3277
+msgid "Cannot disable metadata locking."
+msgstr "Det går inte att inaktivera metadatalås."
+
+#: src/veritysetup.c:54
+msgid "Invalid salt string specified."
+msgstr "Angav ogiltig saltsträng."
+
+#: src/veritysetup.c:87
+#, c-format
+msgid "Cannot create hash image %s for writing."
+msgstr "Kan inte skapa hashavbild %s för skrivning."
+
+#: src/veritysetup.c:97
+#, c-format
+msgid "Cannot create FEC image %s for writing."
+msgstr "Det går inte att skapa FEC-avbild %s för skrivning."
+
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Kan inte skapa root-hashfil %s för skrivning."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Det går inte att skriva till root-hash-filen %s."
+
+#: src/veritysetup.c:196 src/veritysetup.c:472
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Enheten %s är inte en giltig VERITY-enhet."
+
+#: src/veritysetup.c:213 src/veritysetup.c:230
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Det går inte att läsa rot-hash-filen %s."
+
+#: src/veritysetup.c:218
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Ogiltig rothashsträng %s."
+
+#: src/veritysetup.c:239
+msgid "Invalid root hash string specified."
+msgstr "Angav ogiltig rothashsträng."
+
+#: src/veritysetup.c:247
+#, c-format
+msgid "Invalid signature file %s."
+msgstr "Ogiltig signaturfil %s."
+
+#: src/veritysetup.c:254
+#, c-format
+msgid "Cannot read signature file %s."
+msgstr "Det går inte att läsa signaturfilen %s."
+
+#: src/veritysetup.c:277 src/veritysetup.c:291
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Kommandot kräver <root-hash> eller flaggan --root-hash-file som argument."
+
+#: src/veritysetup.c:485
+msgid "<data_device> <hash_device>"
+msgstr "<dataenhet> <hashenhet>"
+
+#: src/veritysetup.c:485 src/integritysetup.c:534
+msgid "format device"
+msgstr "formatera enhet"
+
+#: src/veritysetup.c:486
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<dataenhet> <hashenhet> <root_hash>"
+
+#: src/veritysetup.c:486
+msgid "verify device"
+msgstr "verifiera enhet"
+
+#: src/veritysetup.c:487
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<dataenhet> <namn> <hashenhet> [<root_hash>]"
+
+#: src/veritysetup.c:489 src/integritysetup.c:537
+msgid "show active device status"
+msgstr "visa statistik för aktiv enhet"
+
+#: src/veritysetup.c:490
+msgid "<hash_device>"
+msgstr "<hash_enhet>"
+
+#: src/veritysetup.c:490 src/integritysetup.c:538
+msgid "show on-disk information"
+msgstr "visa information från disk"
+
+#: src/veritysetup.c:509
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
+msgstr ""
+"\n"
+"<namn> är enheten att skapa under %s\n"
+"<dataenhet> är dataenheten\n"
+"<hashenhet> är enheten som innehåller verifieringsdata\n"
+"<rothash> hash för rotnoden på <hashenhet>\n"
+
+#: src/veritysetup.c:516
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
+msgstr ""
+"\n"
+"Inkompilerade standardparametrar för dm-verity:\n"
+"\tHash: %s, Datablock (byte): %u, Hashblock (byte): %u, Saltstorlek: %u, Hashformat: %u\n"
+
+#: src/veritysetup.c:654
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+msgstr "Flaggorna --ignore-corruption och --restart-on-corruption kan inte användas tillsammans."
+
+#: src/veritysetup.c:659
+msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
+msgstr "Det går inte att använda flaggorna --panic-on-corruption och --restart-on-corruption tillsammans."
+
+#: src/integritysetup.c:177
+#, c-format
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Det här kommer oåterkalligen tatt skriva över data på %s och %s.\n"
+"För att bevara dataenheten använd flaggan --no-wipe (och aktivera sedan med --integrity-recalculate).:w "
+
+#: src/integritysetup.c:212
+#, c-format
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "Formaterad med taggstorlek %u, intern integritet %s.\n"
+
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Att sätta flaggan för att räkna om stöds ej, överväg att använda --wipe istället."
+
+#: src/integritysetup.c:364 src/integritysetup.c:521
+#, c-format
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Enheten %s är inte en giltig INTEGRITY-enhet."
+
+#: src/integritysetup.c:534 src/integritysetup.c:538
+msgid "<integrity_device>"
+msgstr "<integrity_enhet>"
+
+#: src/integritysetup.c:535
+msgid "<integrity_device> <name>"
+msgstr "<integritet_enhet> <namn>"
+
+#: src/integritysetup.c:558
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<integrity_device> is the device containing data with integrity tags\n"
+msgstr ""
+"\n"
+"<namn> är enheten att skapa under %s\n"
+"<integritetsenhet> är enheten som innehåller data med integritetstaggar\n"
+
+#: src/integritysetup.c:563
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-integrity parameters:\n"
+"\tChecksum algorithm: %s\n"
+"\tMaximum keyfile size: %dkB\n"
+msgstr ""
+"\n"
+"Inkompilerade standardparametrar för dm-integrity:\n"
+"\tKontrollsummealgoritm: %s\n"
+"\tMaximal nyckelfilstorlek: %dkB\n"
+"\n"
+
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Ogiltig --%s-storlek. Maximal storlek är %u byte."
+
+#: src/integritysetup.c:720
+msgid "Both key file and key size options must be specified."
+msgstr "Både flaggor för nyckelfil och nyckelstorlek måste specifiiceras."
+
+#: src/integritysetup.c:724
+msgid "Both journal integrity key file and key size options must be specified."
+msgstr "Både flaggor för nyckelfil för journalintegritet och nyckelstorlek måste specificeras."
+
+#: src/integritysetup.c:727
+msgid "Journal integrity algorithm must be specified if journal integrity key is used."
+msgstr "Integritetsalgoritm för journal måste anges om integritetsnyckel för journal används."
+
+#: src/integritysetup.c:731
+msgid "Both journal encryption key file and key size options must be specified."
+msgstr "Både flaggor för nyckelfil för journalkryptering och nyckelstorlek måste specificeras."
+
+#: src/integritysetup.c:734
+msgid "Journal encryption algorithm must be specified if journal encryption key is used."
+msgstr "Krypteringsalgoritm för journal måste anges om integritetsnyckel för journal används."
+
+#: src/integritysetup.c:738
+msgid "Recovery and bitmap mode options are mutually exclusive."
+msgstr "Flaggorna för återställning- och bitmap-läge är ömsesidigt uteslutande."
+
+#: src/integritysetup.c:745
+msgid "Journal options cannot be used in bitmap mode."
+msgstr "Det går inte att använda journalflaggor i bitmap-läge."
+
+#: src/integritysetup.c:750
+msgid "Bitmap options can be used only in bitmap mode."
+msgstr "Flaggan för integritet kan endast användas i bitmap-läge."
+
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"VARNING!\n"
+"========\n"
+
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
+#, c-format
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Är du säker (Ange 'yes' i versaler): "
+
+#: src/utils_tools.c:126
+msgid "Error reading response from terminal."
+msgstr "Fel vid läsning av svar från terminal."
+
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Kommandot lyckades."
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Chiffret som används för att kryptera disken (se /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Hashen som används för att skapa krypteringsnyckel från lösenfras"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Verifierar lösenfrasen genom att fråga efter den två gånger"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Läs nyckeln från en fil"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Läs volymnyckeln (master) från fil."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Skriv ut volymnyckel (master) istället för nyckelplatsinfo"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Storleken för krypteringsnyckeln"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BITAR"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Begränsa läsningen från nyckelfil"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "byte"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Antal byte att hoppa över i nyckelfil"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Begränsa läsningen från nyligen tillagd nyckelfil"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Antal byte att hoppa över i nyligen tillagd nyckelfil"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Platsnummer för ny nyckel (standard är första lediga)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Storleken för enheten"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "SEKTORER"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Använd endast specificerad enhetsstorlek (ignorera resten av enheten). FARLIGT!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Startoffset i bakändesenheten"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Hur många sektorer av krypterat data som ska hoppas över i början"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Skapa en skrivskyddad mappning"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Fråga inte efter bekräftelse"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Tidsgräns för interaktiv lösenfrasprompt (i sekunder)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "sek"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Uppdatering av förloppslinje (i sekunder)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Hur många inmatningsförsök av lösenfrasen som kan göras"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Justera nyttolast i <n> sektorgränser - för luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Fil med säkerhetskopior av LUKS-huvud och nyckelplatser"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Använd /dev/random för att generera volymnyckel"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Använd /dev/urandom för att generera volymnyckel"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Dela enhet med ett annat ej överlappande krypteringssegment"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID för enheten att använda"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Tillåt avvisningsbegäran (TRIM) för enhet"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Enhet eller fil med separerat LUKS-huvud"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Aktivera inte enhet, kontrollera endast lösenfrasen"
+#: src/utils_tools.c:166
+msgid "wrong or missing parameters"
+msgstr "fel eller saknar parametrar"
+
+#: src/utils_tools.c:168
+msgid "no permission or bad passphrase"
+msgstr "ingen behörighet eller dålig lösenfras"
+
+#: src/utils_tools.c:170
+msgid "out of memory"
+msgstr "slut på minne"
+
+#: src/utils_tools.c:172
+msgid "wrong device or file specified"
+msgstr "angav fel enhet eller fil"
+
+#: src/utils_tools.c:174
+msgid "device already exists or device is busy"
+msgstr "enheten existerar redan eller så är enheten upptagen"
+
+#: src/utils_tools.c:176
+msgid "unknown error"
+msgstr "okänt fel"
+
+#: src/utils_tools.c:178
+#, c-format
+msgid "Command failed with code %i (%s)."
+msgstr "Kommandot misslyckades med kod %i (%s)."
+
+#: src/utils_tools.c:256
+#, c-format
+msgid "Key slot %i created."
+msgstr "Nyckelplats %i är ändrad."
+
+#: src/utils_tools.c:258
+#, c-format
+msgid "Key slot %i unlocked."
+msgstr "Nyckelplats %i är upplåst."
+
+#: src/utils_tools.c:260
+#, c-format
+msgid "Key slot %i removed."
+msgstr "Nyckelplats %i är upplåst."
+
+#: src/utils_tools.c:269
+#, c-format
+msgid "Token %i created."
+msgstr "Token %i används."
+
+#: src/utils_tools.c:271
+#, c-format
+msgid "Token %i removed."
+msgstr "Token %i används."
+
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "Ingen token kunde låsas upp med denna PIN."
+
+#: src/utils_tools.c:283
+#, c-format
+msgid "Token %i requires PIN."
+msgstr "Token %i kräver PIN."
+
+#: src/utils_tools.c:285
+#, c-format
+msgid "Token (type %s) requires PIN."
+msgstr "Token (type %s) kräver PIN."
+
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token %i kan inte låsa upp tilldelade nyckelplatser (felaktigt lösenord)."
+
+#: src/utils_tools.c:290
+#, c-format
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Token (typ %s) kan inte låsa upp tilldelade nyckelplatser (felaktigt lösenord)."
+
+#: src/utils_tools.c:293
+#, c-format
+msgid "Token %i requires additional missing resource."
+msgstr "Token %i kräver en saknad resurs."
+
+#: src/utils_tools.c:295
+#, c-format
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Token (typ %s) kräver en saknad resurs."
+
+#: src/utils_tools.c:298
+#, c-format
+msgid "No usable token (type %s) is available."
+msgstr "Ingen användbar token (typ %s) tillgänglig."
+
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Ingen användbar token tillgänglig."
+
+#: src/utils_tools.c:393
+#, c-format
+msgid "Cannot read keyfile %s."
+msgstr "Det går inte att läsa nyckelfilen %s."
+
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Det går inte att läsa %d byte från nyckelfilen %s."
+
+#: src/utils_tools.c:423
+#, c-format
+msgid "Cannot open keyfile %s for write."
+msgstr "Det går inte att öppna nyckelfilen %s för skrivning."
+
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Det går inte att skriva till nyckelfilen %s."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>m%02<PRIu64>s"
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Använd dolt huvud (gömd TCRYPT-enhet)"
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>t%02<PRIu64>m%02<PRIu64>s"
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Enheten är system-TCRYPT-disk (med starthanterare)"
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> dagar"
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Använd säkerhetskopia (sekundär) för TCRYPT-huvud"
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "skrev %4<PRIu64> %s"
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Sök också efter VeraCrypt-kompatibel enhet"
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "hastighet %5.1f %s/s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Förlopp: %5.1f%%, ETA %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Avslutad, tid %s, %s, %s\n"
+
+#: src/utils_password.c:41 src/utils_password.c:74
+#, c-format
+msgid "Cannot check password quality: %s"
+msgstr "Det går inte att kontrollera lösenordskvalitet: %s"
+
+#: src/utils_password.c:49
+#, c-format
+msgid ""
+"Password quality check failed:\n"
+" %s"
+msgstr ""
+"Misslyckades med kvalitetskontroll av lösenord:\n"
+"%s"
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Personlig iteration för VeraCrypt-kompatibel enhet"
+#: src/utils_password.c:81
+#, c-format
+msgid "Password quality check failed: Bad passphrase (%s)"
+msgstr "Misslyckades med kvalitetskontroll av lösenord: Dålig lösenfras (%s)"
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Query Personal Iteration Multiplier för VeraCrypt-kompatibel enhet"
+#: src/utils_password.c:231 src/utils_password.c:245
+msgid "Error reading passphrase from terminal."
+msgstr "Fel vid läsning av lösenfras från terminal."
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Typer av enhetsmetadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#: src/utils_password.c:243
+msgid "Verify passphrase: "
+msgstr "Verifiera lösenfras: "
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Inaktivera kvalitetskontroll av lösenord (om aktiverat)"
+#: src/utils_password.c:250
+msgid "Passphrases do not match."
+msgstr "Lösenfraserna stämmer inte överens."
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Använd flaggan dm-crypt same_cpu_crypt för prestandakompatibilitet"
+#: src/utils_password.c:288
+msgid "Cannot use offset with terminal input."
+msgstr "Det går inte att använda offset med terminalinmatning."
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Använd flaggan dm-crypt submit_from_crypt_cpus för prestandakompatibilitet"
+#: src/utils_password.c:292
+#, c-format
+msgid "Enter passphrase: "
+msgstr "Ange lösenfras: "
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Förbigå dm-crypt's arbetskö och bearbeta läsbegäran synkront"
+#: src/utils_password.c:295
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Ange lösenfras för %s: "
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Förbigå dm-crypt's arbetskö och bearbeta skrivbegäran synkront"
+#: src/utils_password.c:329
+msgid "No key available with this passphrase."
+msgstr "Ingen nyckel finns tillgänglig med denna lösenfras."
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Enhetsborttagning är förskjuten tills den sista användaren stänger den"
+#: src/utils_password.c:331
+msgid "No usable keyslot is available."
+msgstr "Ingen tillgänglig användbar nyckelplats."
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Använder globalt lås för att serialisera minneshård PBKDF (OOM-lösning)"
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Kan inte verifiera lösenfras på icke-tty-ingångar."
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "PBKDF-iterationstid för LUKS (i ms)"
+#: src/utils_luks.c:182
+#, c-format
+msgid "Failed to open file %s in read-only mode."
+msgstr "Misslyckades med att öppna filen %s i skrivskyddat läge."
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "ms"
+#: src/utils_luks.c:195
+msgid "Provide valid LUKS2 token JSON:\n"
+msgstr "Tillhandahåll giltig JSON för LUKS2-token:\n"
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "PBKDF-algoritm (för LUKS2) (argon2i/argon2id/pbkdf2)"
+#: src/utils_luks.c:202
+msgid "Failed to read JSON file."
+msgstr "Misslyckades med att läsa in JSON-filen."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Minneskostnadsgräns för PBKDF"
+#: src/utils_luks.c:207
+msgid ""
+"\n"
+"Read interrupted."
+msgstr ""
+"\n"
+"Läsning avbryten."
+
+#: src/utils_luks.c:248
+#, c-format
+msgid "Failed to open file %s in write mode."
+msgstr "Misslyckades med att öppna filen %s in skrivläge."
+
+#: src/utils_luks.c:257
+msgid ""
+"\n"
+"Write interrupted."
+msgstr ""
+"\n"
+"Skrivning avbruten."
+
+#: src/utils_luks.c:261
+msgid "Failed to write JSON file."
+msgstr "Misslyckades med att skriva JSON-fil."
+
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Auto-identifierade aktiv dm-enhet ”%s” för dataenheten %s.\n"
+
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Misslyckades med att identifiera kopplingarna till enhet %s."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Enheten %s är inte en giltig blockenhet.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Det går inte att avgöra om enheten %s är aktiverade eller ej.\n"
+"Är du säker på att du vill fortsätta kryptera om i frånkopplat läge?\n"
+"Det kan leda till datakorruption om enheten är aktiverad.\n"
+"För att kryptera om i uppkopplat läge, använd istället flaggan --active-name.\n"
+
+#: src/utils_reencrypt.c:175
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Enheten är inte under LUKS2-omkryptering. Motsägelsefull flagga --encrypt."
+
+#: src/utils_reencrypt.c:180
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Enheten är inte i LUKS2-dekryptering. Motsägelsefull flagga --decrypt."
+
+#: src/utils_reencrypt.c:187
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Enheten är under omkryptering med dataskiftåterhämtning. Begärd flagga --resillence kan inte tillämpas."
+
+#: src/utils_reencrypt.c:193 src/utils_reencrypt.c:199
+#: src/utils_reencrypt.c:205 src/utils_reencrypt.c:681
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Begärd flagga --resilience kan inte tillämpas på aktuell omkrypteringsåtgärd."
+
+#: src/utils_reencrypt.c:258
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Enheten kräver omkrypteringsåterställning. Starta repair först."
+
+#: src/utils_reencrypt.c:268
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Enheten %s är redan under LUKS2-omkryptering. Vill du återuppta tidigare intierad åtgärd?"
+
+#: src/utils_reencrypt.c:314
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Stöder inte längre föråldrad LUKS2-omkryptering."
+
+#: src/utils_reencrypt.c:379
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Kryptering för enhet med integritetsprofil stöds ej."
+
+#: src/utils_reencrypt.c:410
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Begärde --sector-size %<PRIu32> är inkompatibel med superblock %s\n"
+"(blockstorlek: %<PRIu32> byte) identifierad på enheten %s."
+
+#: src/utils_reencrypt.c:455
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Kryptering utan frånkopplat huvud (--header) är inte möjligt utan att minska datastorleken på enheten (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:461
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Begärd dataförskjutning måste vara mindre än, eller lika med halva av parametern --reduce-device-size."
+
+#: src/utils_reencrypt.c:471
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Justera värdet av --reduce-device-size-värdet till dubbla --offset %<PRIu64> (sektorer).\n"
+
+#: src/utils_reencrypt.c:501
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Tillfällig huvudfil %s finns redan. Avbryter."
+
+#: src/utils_reencrypt.c:503 src/utils_reencrypt.c:510
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Det går inte att skapa tillfällig huvudfil %s."
+
+#: src/utils_reencrypt.c:535
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "LUKS2-metadatastorleken är större än dataskift-värdet."
+
+#: src/utils_reencrypt.c:572
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Misslyckades med att placera ny header i början på enheten %s."
+
+#: src/utils_reencrypt.c:582
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s är nu aktiv och redo för uppkopplad kryptering.\n"
+
+#: src/utils_reencrypt.c:618
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Aktiva enheten: %s är inte LUKS2."
+
+#: src/utils_reencrypt.c:646
+msgid "Restoring original LUKS2 header."
+msgstr "Återställer ursprungligt LUKS2-huvud."
+
+#: src/utils_reencrypt.c:654
+msgid "Original LUKS2 header restore failed."
+msgstr "Misslyckades med återställning av ursprungligt LUKS2-huvud."
+
+#: src/utils_reencrypt.c:722
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Misslyckades med att läsa/skriva behörighetsflaggor till exporterad huvudfil."
+
+#: src/utils_reencrypt.c:775
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Misslyckades med initiering av omkryptering. Säkerhetskopian av huvudet är tillgänglig i %s."
+
+#: src/utils_reencrypt.c:803
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "LUKS2-dekryptering stöds endast för enheter med fristående header (med data-offset satt till 0)."
+
+#: src/utils_reencrypt.c:934 src/utils_reencrypt.c:943
+msgid "Not enough free keyslots for reencryption."
+msgstr "Inte nog med fria nyckelplatser för omkryptering."
+
+#: src/utils_reencrypt.c:964 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Nyckelfil kan endast användas med --key-slot eller precis en aktiv nyckelplats."
+
+#: src/utils_reencrypt.c:973 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Ange lösenfras för nyckelplats %d: "
+
+#: src/utils_reencrypt.c:985
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Ange lösenfras för nyckelplats %u: "
+
+#: src/utils_reencrypt.c:1037
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Byter krypteringschiffer till %s.\n"
+
+#: src/utils_reencrypt.c:1091
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Inga parametrar för datasegment ändrades. Omkryptering avbruten."
+
+#: src/utils_reencrypt.c:1187
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Ökning av sektorstorlek för kryptering på en frånkopplad enhet stöds ej.\n"
+"Aktivera enheten för eller använd flaggan --force-offline-reencrypt (farligt!)."
+
+#: src/utils_reencrypt.c:1227 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Omkryptering avbryten."
+
+#: src/utils_reencrypt.c:1232
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Återupptar LUKS-omkryptering i tvingat frånkopplat läge.\n"
+
+#: src/utils_reencrypt.c:1249
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "Enheten %s innehåller felaktig LUKS-metadata. Avbryter åtgärden."
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "kilobyte"
+#: src/utils_reencrypt.c:1265 src/utils_reencrypt.c:1287
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Enheten %s är redan en LUKS-enhet. Avbryter åtgärd."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Parallellkostnad för PBKDF"
+#: src/utils_reencrypt.c:1293
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Enheten %s är redan i LUKS-omkryptering. Avbryter åtgärd."
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "trådar"
+#: src/utils_reencrypt.c:1366
+msgid "LUKS2 decryption requires --header option."
+msgstr "LUKS2-dekryptering kräver flaggan --header."
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Iterationskostnad för PBKDF (tvingad, inaktiverar prestandamätning)"
+#: src/utils_reencrypt.c:1414
+msgid "Command requires device as argument."
+msgstr "Kommandot kräver en enhet som argument."
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Nyckelplats-prioritet: ignore,normal,prefer"
+#: src/utils_reencrypt.c:1427
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Versionskonflikt. Enheten %s är LUKS1."
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Inaktivera låsning av metadata på disk"
+#: src/utils_reencrypt.c:1433
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Versionskonflikt. Enheten %s är under LUKS2-omkryptering."
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Inaktivera att läsa in volymnycklar via kärnans nyckelring"
+#: src/utils_reencrypt.c:1439
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Versionskonflikt. Enheten %s är LUKS2."
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Algoritm för dataintegritet (endast LUKS2)"
+#: src/utils_reencrypt.c:1445
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Versionskonflikt: Enheten %s är under LUKS2-omkryptering."
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Inaktivera journal för integritetsenhet"
+#: src/utils_reencrypt.c:1451
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "LUKS2-omkryptering är redan initierad. Avbryter åtgärd."
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Rensa inte enhet efter formatering"
+#: src/utils_reencrypt.c:1458
+msgid "Device reencryption not in progress."
+msgstr "Enhetsomkryptering pågår ej"
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Använd ineffektiv föråldrad padding (gamla kärnor)"
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Kan inte öppna %s exklusivt, enheten används."
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Fråga inte efter lösenfras om aktivering med token misslyckas"
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Misslyckades med allokering av justerat minne."
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Tokenantal (standardvärde: any)"
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Det går inte att läsa enheten %s."
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Nyckelbeskrivning"
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Markerar LUKS1-enhet %s som oanvändbar."
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Sektorstorlek för kryptering (standardvärde 512 byte)"
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Det går inte att skriva till enheten %s."
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Använd IV-räkning i sektorstorlek (ej i 512 byte)"
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Det går inte att skriva loggfil för omkryptering."
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Sätt och spara undan aktiveringsflaggorna för enheten"
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Det går inte att läsa loggfil för omkryptering."
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Ange etikett för LUKS2-enhet"
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Fel loggformat."
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Ange undersystemsetikett för LUKS2-enheten"
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Loggfilen %s existerar, återupptar kryptering.\n"
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Skapa eller skriv ut obunden (inget tilldelat datasegment) LUKS2-nyckelplats"
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Aktiverar temporär enhet användandes gammalt LUKS-huvud."
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Läs eller skriv json från eller till en fil"
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Aktiverar temporär enhet användandes nytt LUKS-huvud."
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Områdesstorlek för metadata på LUKS2-huvudet"
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Aktivering av temporära enheter misslyckades."
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Storlek på nyckelplatsområdet för LUKS2-huvud"
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Misslyckades med att sätta dataoffset."
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Uppdatera (återaktivera) enhet med nya parametrar"
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Misslyckades med att sätta metadatastorlek."
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "LUKS2-nyckelplats: Storleken för krypteringsnyckeln"
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Skapade nytt LUKS-huvud för enhet %s."
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "LUKS2-nyckelplats: Chiffret används krypering av nyckelplats"
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Skapade säkerhetskopia av %s-huvud på enhet %s."
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Kryptera LUKS2-enheten permanent (direktkryptering)."
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Misslyckades med att skapa en säkerhetskopia av LUKS-huvuden."
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Dekryptera LUKS2-enheten (ta bort kryptering)"
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Det går inte återställa %s-huvudet på enheten %s."
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Initiera LUKS2-omkryptering endast i metadata."
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Återställde %s-huvudet på enheten %s."
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Återupptog endast initierad LUKS2-omkryptering."
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Misslyckades med att öppna temporär LUKS-enhet."
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Förminska dataenhetsstorleken (flytta dataoffset). FARLIGT!"
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Det går inte att hämta enhetsstorlek."
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Maximal storlek på omkryptering av varm zon."
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "In-/utfel under återkryptering."
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Återhämtningstyp för omkrypteringszon (checksumma,journal,ingen)"
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Angivet UUID är ogiltigt."
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Hashkontrollsumma för omkryptering av varm zon"
+#: src/utils_reencrypt_luks1.c:1220
+msgid "Cannot open reencryption log file."
+msgstr "Det går inte att öppna loggfilen för omkryptering."
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Överlagra automatisk identifiering av dm-enhet för omkryptering"
+#: src/utils_reencrypt_luks1.c:1226
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Ingen dekryptering pågår, givet UUID kan endast användas för att återuppta vilande dekrypteringsprocess."
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[FLAGGA…] <åtgärd> <åtgärdsspecifik>"
+#: src/utils_reencrypt_luks1.c:1280
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Omkryptering kommer att ändra: %s%s%s%s%s%s."
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "Argumentet <åtgärd> saknas."
+#: src/utils_reencrypt_luks1.c:1281
+msgid "volume key"
+msgstr "volymnyckeln"
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Okänd åtgärd."
+#: src/utils_reencrypt_luks1.c:1283
+msgid "set hash to "
+msgstr "sätt hash till "
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Flaggorna --refresh och --test-passphrase är ömsesidigt uteslutande."
+#: src/utils_reencrypt_luks1.c:1284
+msgid ", set cipher to "
+msgstr ", sätt chiffer till "
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Flaggan --deferred är endast tillåten för kommandot close."
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "VARNING: Enheten %s innehåller redan en ”%s”-partitionssignatur.\n"
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Flaggan --shared är endast tillåten för öppning för enkel enhet."
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "VARNING: Enheten %s innehåller redan en ”%s”-superblocksignatur.\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Flaggan --allow-discards är endast tillåten för åtgärden open."
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Misslyckades med att initiera identifiering av enhetssignatur."
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Flaggan --persistent är endast tillåten för åtgärden open."
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Misslyckades med att ta status på enhet %s."
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Flaggan --allow-discards är endast tillåten för åtgärden open."
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Misslyckades med att öppna filen %s i läs-/skrivläge."
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Flaggan --persistent är ej tillåtet med --test-passphrase."
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Kommer att rensa befintlig ”%s” på enheten %s."
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Flaggan --key-size är endast tillåten för åtgärderna luksFormat, luksAddKey,\n"
-"open och benchmark. För att begränsa läsning från nyckelfil, använd --keyfile-size=(byte)."
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Kommer att rensa befintlig ”%s” på enheten %s."
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Flaggan --integrity är endast tillåten för luksFormat (LUKS2)."
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Misslyckades med att radera enhetssignatur."
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Flaggan --integrity-no-wipe kan endast användas för åtgärden formatera med integritetsutökningar."
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Misslyckades med söka av enheten %s efter en signatur."
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Flaggorna --label och --subsystem är endast tillåtna för luksFormat och konfiguration av LUKS2-åtgärder."
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Ogiltig datastorlekspecifikation i flaggan --%s."
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Flaggan --test-passphrase är endast tillåten för open för LUKS-, TCRYPT-, och BITLK-enheter."
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Flaggan --%s tillåts inte med åtgärden --%s."
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Nyckelstorlek måste vara en multipel av 8 bitar"
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Misslyckades med att skriva ssh-token i json."
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Nyckelplatsen är ogiltig."
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Experimentell cryptsetup-insticksmodul för att låsa upp LUKS2-enheter med token ansluten via SSH-server. Den tillåter för närvarande endast att lägga till en token till en existerande nyckelplats.\n"
+"\n"
+"Angiven SSH-server måste innehålla en nyckelfil på den angivna sökvägen med ett lösenord för en befintlig nyckelplats på enheten.\n"
+"Inloggningsuppgifter kommer att användas av cryptsetup för att att hämta lösenordet genom att använda token när enheten öppnas.\n"
+"\n"
+"Observera: Information som anges när token läggs till (SSH-serverns, adress, användare och sökvägar) kommer att lagras i LUKS2-headern i klartext."
-#: src/cryptsetup.c:3958
-msgid "Option --key-file takes precedence over specified key file argument."
-msgstr "Flaggan --key-file åsidosätter specificerade nyckelfilsargument."
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<åtgärd> <enhet>"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Negativt tal för flagga ej tillåtet."
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Flaggor för åtgärden ”add”:"
-#: src/cryptsetup.c:3969
-msgid "Only one --key-file argument is allowed."
-msgstr "Endast ett argument för --key-file är tillåtet."
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "Fjärrserverns IP-adress/URL för denna token"
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Endast en av flaggorna --use-[u]random är tillåten."
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Användarnamn för fjärrservern"
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Flaggan --use-[u]random är endast tillåten för luksFormat."
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Sökvägen till nyckelfilen på fjärrservern"
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Flaggan --uuid är endast tillåten för luksFormat och luksUUID."
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Sökväg till SSH-nyckeln för anslutning till fjärrservern"
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Flaggan --align-payload är endast tillåten för luksFormat."
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Nyckelplats att ange token till. Om ej angiven så kommer token att tilldelas till den första nyckelplats som matchar angivet lösenfras."
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Flaggorna --luks2-metadata-size och --opt-luks2-keyslots-size tillåts endast för luksFormat med LUKS2."
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Allmänna flaggor:"
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Ogiltig storlekspecifikation för LUKS2-metadata på enhet."
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Visar mer detaljerade felmeddelanden"
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Ogiltig storlekspecifikation för LUKS2-nyckelplats på enhet."
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Visa felsökningsmeddelanden"
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Flaggan --align-payload och --offset kan inte kombineras."
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Visa felsökningsmeddelanden inklusive JSON-metadata"
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Flaggan --skip stöds endast för öppning av vanliga enheter och loopaes-enheter."
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Misslyckades med att öppna och importera privat nyckel:\n"
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Flaggan --offset stöds endast för öppning av vanliga och loopaes-enheter, luksFormat och omkrypteringsenheter."
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Misslyckades med att importera privat nyckel (lösenordskyddad?).\n"
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Flaggorna --tcrypt-hidden, --tcrypt-system eller --tcrypt-backup stöds endast på TCRYPT-enhet."
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "%s@%s's lösenord: "
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Flaggan --tcrypt-hidden kan inte kombineras med --allow-discards."
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Misslyckades med att tolka argument.\n"
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Flaggan --veracrypt stöds endast för TCRYPT-enhetstyper."
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "En åtgärd måste anges\n"
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Angav ett ogiltigt argument för parametern --veracrypt-pim."
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "En enhet måste anges för åtgärden ”%s”.\n"
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Flaggan --veracrypt-pim stöds endast för VeraCrypt-kompatibla enheter."
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "SSH-servern måste anges för åtgärden ”%s”.\n"
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Flaggan --veracrypt-query-pim stöds endast för VeraCrypt-kompatibla enheter."
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "SSH-användare måste anges för åtgärden ”%s”.\n"
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Flaggorna --veracrypt-pim och --veracrypt-query-pim är ömsesidigt uteslutande."
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "SSH-sökväg måste anges för åtgärden ”%s”.\n"
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Flaggan --priority kan endast vara ignore/normal/prefer."
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "SSH-nyckelplats måste anges för åtgärden ”%s”.\n"
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Specifikation för nyckelplats krävs."
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Misslyckades med att öppna %s med tillhandahållna autentiseringsuppgifter.\n"
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr "Password-based key derivation function (PBKDF) kan endast vara pbkdf2 eller argon2i/argon2id."
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "Endast åtgärden ”add” stöds för närvarande av denna insticksmodul.\n"
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr "Tvingade PBKDF-iterationer går inte att kombinera med flaggan iteration time."
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Det går inte att skapa sftp-sessionen: "
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "Flaggan för sektorstorlek stöds inte för detta kommando."
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Det går inte att initiera sftp-sessionen: "
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Flaggan för stora IV-sektorer stöds endast för att öppna enheter av enkel typ med sektorstorlek större än 512 byte."
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Det går inte att öppna sftp-sessionen:"
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Nyckelstorlek krävs med flaggan --unbound."
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Det går inte att stat sftp-filen: "
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Flaggan --unbound kan endast användas tillsammans med ätgärderna luksAddKey och luksDump."
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Inte tillräckligt med minne.\n"
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Flaggan --refresh är endast tillåten för åtgärden open."
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Det går inte att läsa fjärrnyckeln: "
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr "Det går inte att inaktivera metadatalås."
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Anslutning misslyckades: "
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Ogiltig högsta storlekspecifikation för varm zon-omkryptering."
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Okänd server: "
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Ogiltig storlekspecifikation på enhet."
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "Den öppna nyckelns auth-metod tills inte på värddatorn.\n"
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Högsta förminskningsstorlek för enhet är 1 GiB."
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Autentiseringsfel för öppen nyckel: "
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Minskningsstorlek måste vara en multipel av 512-bytesektor."
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Misslyckades med att läsa BITLK-signatur från %s."
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Ogiltig datastorlekspecifikation."
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Ogiltig eller okänd signatur för BITLK-enhet."
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Minska storleksöverspill."
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Misslyckades med att radera säkerhetskopia av segmentdata."
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "LUKS2-dekryptering kräver flaggan --header."
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Misslyckades med att inaktivera flaggan för omkrypteringskrav."
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Enhetsstorlek måste vara en multipel av sektor på 512-byte."
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Kryptering stöds endast för formatet LUKS2."
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Flaggan --reduce-device-size och --data-size kan inte kombineras."
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "Identifierade LUKS-enhet på %s. Vill du kryptera LUKS-enheten igen?"
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Flaggan --device-size och --size kan inte kombineras."
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "Stödjer endast LUKS2-formatet. Använd verktyget cryptsetup-reencrypt för LUKS1."
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Flaggorna --keyslot-cipher och --keyslot-key-size måste användas tillsammans."
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Föråldrad frånkopplad omkryptering pågår redan. Använd verktyget cryptsetup-reencrypt."
-#: src/veritysetup.c:76
-msgid "Invalid salt string specified."
-msgstr "Angav ogiltig saltsträng."
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "LUKS2-enheten är inte i omkryptering."
-#: src/veritysetup.c:107
-#, c-format
-msgid "Cannot create hash image %s for writing."
-msgstr "Kan inte skapa hashavbild %s för skrivning."
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Sätter LUKS2-flaggan för att kryptera om på enheten %s."
-#: src/veritysetup.c:117
-#, c-format
-msgid "Cannot create FEC image %s for writing."
-msgstr "Det går inte att skapa FEC-avbild %s för skrivning."
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Denna version av cryptsetup-reencrypt kan inte hantera ny interna tokentypen %s."
-#: src/veritysetup.c:191
-msgid "Invalid root hash string specified."
-msgstr "Angav ogiltig rothashsträng."
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Misslyckades med att läsa aktiveringsflaggor från säkerhetskopia av huvud."
-#: src/veritysetup.c:199
-#, c-format
-msgid "Invalid signature file %s."
-msgstr "Ogiltig signaturfil %s."
+#~ msgid "Failed to read requirements from backup header."
+#~ msgstr "Misslyckades med att läsa krav från säkerhetskopiehuvud."
-#: src/veritysetup.c:206
-#, c-format
-msgid "Cannot read signature file %s."
-msgstr "Det går inte att läsa signaturfilen %s."
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Ändrade pbkdf-parametrarna i nyckelplatsen %i."
-#: src/veritysetup.c:406
-msgid "<data_device> <hash_device>"
-msgstr "<dataenhet> <hashenhet>"
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Endast värden mellan 1 MiB och 64 MiB är tillåtna som blockstorlek för omkryptering."
-#: src/veritysetup.c:406 src/integritysetup.c:492
-msgid "format device"
-msgstr "formatera enhet"
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Högsta förminskningsstorlek för enhet är 64 MiB."
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<dataenhet> <hashenhet> <rothash>"
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[FLAGGA…] <enhet>"
-#: src/veritysetup.c:407
-msgid "verify device"
-msgstr "verifiera enhet"
+#~ msgid "Argument required."
+#~ msgstr "Kräver argument."
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<dataenhet> <namn> <hashenhet> <rothash>"
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Flaggan --new måste användas tillsammans med --reduce-device-size eller --header."
-#: src/veritysetup.c:410 src/integritysetup.c:495
-msgid "show active device status"
-msgstr "visa statistik för aktiv enhet"
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Flaggan --keep-key kan endast användas med --hash, --iter-time eller --pbkdf-force-iterations."
-#: src/veritysetup.c:411
-msgid "<hash_device>"
-msgstr "<hash_enhet>"
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Flaggan --new kan inte användas tillsammans med --decrypt."
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
-msgstr "visa information från disk"
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Flaggan --decrypt är inkompatibel med specificerade parametrar."
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
-msgstr ""
-"\n"
-"<namn> är enheten att skapa under %s\n"
-"<dataenhet> är dataenheten\n"
-"<hashenhet> är enheten som innehåller verifieringsdata\n"
-"<rothash> hash för rotnoden på <hashenhet>\n"
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Flaggan --uuid är endast tillåten tillsammans med --decrypt."
-#: src/veritysetup.c:437
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
-msgstr ""
-"\n"
-"Inkompilerade standardparametrar för dm-verity:\n"
-"\tHash: %s, Datablock (byte): %u, Hashblock (byte): %u, Saltstorlek: %u, Hashformat: %u\n"
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Ogiltig luks-typ. Använd en av dessa: 'luks', 'luks1' or 'luks2'."
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Använd inte verity superblock"
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Enheten %s används. Det går inte att fortsätta med formateringsåtgärden."
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Formattyp (1 - normal, 0 - ursprungliga Chrome OS)"
+#~ msgid "No free token slot."
+#~ msgstr "Ingen fri plats för token."
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "antal"
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Ogiltig LUKS-enhetstyp."
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Blockstorlek på dataenheten"
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Chiffret som används för att kryptera disken (se /proc/crypto)"
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Blockstorlek på hashenheten"
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Hashen som används för att skapa krypteringsnyckel från lösenfras"
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "FEC paritetsbyte"
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Verifierar lösenfrasen genom att fråga efter den två gånger"
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Antalet block i datafilen"
+#~ msgid "Read the key from a file"
+#~ msgstr "Läs nyckeln från en fil"
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "block"
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Läs volymnyckeln (master) från fil."
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Sökväg till enhet med felkorrigeringsdata"
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Skriv ut volymnyckel (master) istället för nyckelplatsinfo"
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "sökväg"
+#~ msgid "The size of the encryption key"
+#~ msgstr "Storleken för krypteringsnyckeln"
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Startoffset på hashenheten"
+#~ msgid "BITS"
+#~ msgstr "BITAR"
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Startoffset på FEC-enheten"
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Begränsa läsningen från nyckelfil"
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Hashalgoritm"
+#~ msgid "bytes"
+#~ msgstr "byte"
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "sträng"
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Antal byte att hoppa över i nyckelfil"
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Salt"
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Begränsa läsningen från nyligen tillagd nyckelfil"
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "hexsträng"
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Antal byte att hoppa över i nyligen tillagd nyckelfil"
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Sökväg till root-hashsignaturfilen"
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Platsnummer för ny nyckel (standard är första lediga)"
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Starta om kärna om något skadat identifieras"
+#~ msgid "The size of the device"
+#~ msgstr "Storleken för enheten"
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Sätt kärnan i Panic-läge om korruption identifieras"
+#~ msgid "SECTORS"
+#~ msgstr "SEKTORER"
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ignorera om något är skadat, logga endast"
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Använd endast specificerad enhetsstorlek (ignorera resten av enheten). FARLIGT!"
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Verifiera inte nollställda block"
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Startoffset i bakändesenheten"
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Verifiera datablock endast första gången det läses in"
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Hur många sektorer av krypterat data som ska hoppas över i början"
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Flaggorna --ignore-corruption, --restart-on-corruption eller --ignore-zero-blocks är endast tillåtna för åtgärden open."
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Skapa en skrivskyddad mappning"
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Flaggan --root-hash-signature kan användas endast för åtgärden open."
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Fråga inte efter bekräftelse"
-#: src/veritysetup.c:610
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Flaggorna --ignore-corruption och --restart-on-corruption kan inte användas tillsammans."
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Tidsgräns för interaktiv lösenfrasprompt (i sekunder)"
-#: src/veritysetup.c:615
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Det går inte att använda flaggorna --panic-on-corruption och --restart-on-corruption tillsammans."
+#~ msgid "secs"
+#~ msgstr "sek"
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Ogiltig nyckelstorlek."
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Uppdatering av förloppslinje (i sekunder)"
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Det går inte att läsa nyckelfilen %s."
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Hur många inmatningsförsök av lösenfrasen som kan göras"
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Det går inte att läsa %d byte från nyckelfilen %s."
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Justera nyttolast i <n> sektorgränser - för luksFormat"
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "Formaterad med taggstorlek %u, intern integritet %s.\n"
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Fil med säkerhetskopior av LUKS-huvud och nyckelplatser"
-#: src/integritysetup.c:492 src/integritysetup.c:496
-msgid "<integrity_device>"
-msgstr "<integrity_enhet>"
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Använd /dev/random för att generera volymnyckel"
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr "<integritet_enhet> <namn>"
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Använd /dev/urandom för att generera volymnyckel"
-#: src/integritysetup.c:515
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<namn> är enheten att skapa under %s\n"
-"<integritetsenhet> är enheten som innehåller data med integritetstaggar\n"
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Dela enhet med ett annat ej överlappande krypteringssegment"
-#: src/integritysetup.c:520
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-"\n"
-"Inkompilerade standardparametrar för dm-integrity:\n"
-"\tKontrollsummealgoritm: %s\n"
+#~ msgid "UUID for device to use"
+#~ msgstr "UUID för enheten att använda"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Sökvägen till dataenhet (om separat)"
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Tillåt avvisningsbegäran (TRIM) för enhet"
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Journalstorlek"
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Enhet eller fil med separerat LUKS-huvud"
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Infoga sektorer"
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Aktivera inte enhet, kontrollera endast lösenfrasen"
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "Journalvattenmärke"
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Använd dolt huvud (gömd TCRYPT-enhet)"
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "procent"
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Enheten är system-TCRYPT-disk (med starthanterare)"
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Journalincheckningstid"
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Använd säkerhetskopia (sekundär) för TCRYPT-huvud"
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "ms"
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Sök också efter VeraCrypt-kompatibel enhet"
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Antal 512-byte sektorer per bit (bitmap-läge)."
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Personlig iteration för VeraCrypt-kompatibel enhet"
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Renstid för bitmap-läge"
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Query Personal Iteration Multiplier för VeraCrypt-kompatibel enhet"
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Taggstorlek (per sektor)"
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Typer av enhetsmetadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Sektorstorlek"
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Inaktivera kvalitetskontroll av lösenord (om aktiverat)"
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Bufferstorlek"
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Använd flaggan dm-crypt same_cpu_crypt för prestandakompatibilitet"
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Dataintegritetsalgoritm"
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Använd flaggan dm-crypt submit_from_crypt_cpus för prestandakompatibilitet"
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Storleken för dataintegritetsnyckeln"
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Förbigå dm-crypt's arbetskö och bearbeta läsbegäran synkront"
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Läs integritetsnyckeln från en fil"
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Förbigå dm-crypt's arbetskö och bearbeta skrivbegäran synkront"
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Integritetsalgoritm för journal"
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Enhetsborttagning är förskjuten tills den sista användaren stänger den"
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Storleken för journalens integritetssnyckel"
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Använder globalt lås för att serialisera minneshård PBKDF (OOM-lösning)"
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Läs journalens integritetsnyckel från en fil"
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "PBKDF-iterationstid för LUKS (i ms)"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Krypteringsalgoritm för journal"
+#~ msgid "msecs"
+#~ msgstr "ms"
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Storleken för journalens krypteringsnyckel"
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "PBKDF-algoritm (för LUKS2) (argon2i/argon2id/pbkdf2)"
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Läs journalens krypteringsnyckel från en fil"
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Minneskostnadsgräns för PBKDF"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Återhämtningsläge (ingen journal, ingen taggkontroll)"
+#~ msgid "kilobytes"
+#~ msgstr "kilobyte"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Använd bitmap för att spåra ändringar och inaktivera journal för integritetsenhet"
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Parallellkostnad för PBKDF"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Räkna automatiskt initiala taggar."
+#~ msgid "threads"
+#~ msgstr "trådar"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Iterationskostnad för PBKDF (tvingad, inaktiverar prestandamätning)"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Nyckelplats-prioritet: ignore,normal,prefer"
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Flaggan --integrity-recalculate kan användas endast för öppen åtgärd."
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Inaktivera låsning av metadata på disk"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Flaggorna --journal-size, --interleave-sectors, --sector-size, --tag-size och --no-wipe kan endast användas för åtgärden formatera."
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Inaktivera att läsa in volymnycklar via kärnans nyckelring"
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Ogiltig storlekspecifikation på journal."
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Algoritm för dataintegritet (endast LUKS2)"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr "Både flaggor för nyckelfil och nyckelstorlek måste specifiiceras."
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Inaktivera journal för integritetsenhet"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr "Både flaggor för nyckelfil för journalintegritet och nyckelstorlek måste specificeras."
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Rensa inte enhet efter formatering"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr "Integritetsalgoritm för journal måste anges om integritetsnyckel för journal används."
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Använd ineffektiv föråldrad padding (gamla kärnor)"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr "Både flaggor för nyckelfil för journalkryptering och nyckelstorlek måste specificeras."
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Fråga inte efter lösenfras om aktivering med token misslyckas"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr "Krypteringsalgoritm för journal måste anges om integritetsnyckel för journal används."
+#~ msgid "Token number (default: any)"
+#~ msgstr "Tokenantal (standardvärde: any)"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr "Flaggorna för återställning- och bitmap-läge är ömsesidigt uteslutande."
+#~ msgid "Key description"
+#~ msgstr "Nyckelbeskrivning"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr "Det går inte att använda journalflaggor i bitmap-läge."
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Sektorstorlek för kryptering (standardvärde 512 byte)"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr "Flaggan för integritet kan endast användas i bitmap-läge."
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Använd IV-räkning i sektorstorlek (ej i 512 byte)"
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Omkryptering pågår redan."
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Sätt och spara undan aktiveringsflaggorna för enheten"
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Kan inte öppna %s exklusivt, enheten används."
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Ange etikett för LUKS2-enhet"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Misslyckades med allokering av justerat minne."
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Ange undersystemsetikett för LUKS2-enheten"
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Det går inte att läsa enheten %s."
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Skapa eller skriv ut obunden (inget tilldelat datasegment) LUKS2-nyckelplats"
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "Markerar LUKS1-enhet %s som oanvändbar."
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Läs eller skriv json från eller till en fil"
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Sätter LUKS2-flaggan för att kryptera om på enheten %s."
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Områdesstorlek för metadata på LUKS2-huvudet"
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Det går inte att skriva till enheten %s."
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Storlek på nyckelplatsområdet för LUKS2-huvud"
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Det går inte att skriva loggfil för omkryptering."
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Uppdatera (återaktivera) enhet med nya parametrar"
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Det går inte att läsa loggfil för omkryptering."
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "LUKS2-nyckelplats: Storleken för krypteringsnyckeln"
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Loggfilen %s existerar, återupptar kryptering.\n"
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "LUKS2-nyckelplats: Chiffret används krypering av nyckelplats"
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Aktiverar temporär enhet användandes gammalt LUKS-huvud."
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Kryptera LUKS2-enheten permanent (direktkryptering)."
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Aktiverar temporär enhet användandes nytt LUKS-huvud."
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Dekryptera LUKS2-enheten (ta bort kryptering)"
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Aktivering av temporära enheter misslyckades."
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Initiera LUKS2-omkryptering endast i metadata."
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Misslyckades med att sätta dataoffset."
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Återupptog endast initierad LUKS2-omkryptering."
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Misslyckades med att sätta metadatastorlek."
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Förminska dataenhetsstorleken (flytta dataoffset). FARLIGT!"
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Skapade nytt LUKS-huvud för enhet %s."
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Maximal storlek på omkryptering av varm zon."
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Denna version av cryptsetup-reencrypt kan inte hantera ny interna tokentypen %s."
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Återhämtningstyp för omkrypteringszon (checksumma,journal,ingen)"
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Misslyckades med att läsa aktiveringsflaggor från säkerhetskopia av huvud."
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Hashkontrollsumma för omkryptering av varm zon"
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Misslyckades med att skriva aktiveringsflaggor till nytt huvud."
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Överlagra automatisk identifiering av dm-enhet för omkryptering"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Misslyckades med att läsa krav från säkerhetskopiehuvud."
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Flaggan --deferred är endast tillåten för kommandot close."
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Skapade säkerhetskopia av %s-huvud på enhet %s."
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Flaggan --allow-discards är endast tillåten för åtgärden open."
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Misslyckades med att skapa en säkerhetskopia av LUKS-huvuden."
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Flaggan --persistent är endast tillåten för åtgärden open."
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Det går inte återställa %s-huvudet på enheten %s."
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Flaggan --allow-discards är endast tillåten för åtgärden open."
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "Återställde %s-huvudet på enheten %s."
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Flaggan --key-size är endast tillåten för åtgärderna luksFormat, luksAddKey,\n"
+#~ "open och benchmark. För att begränsa läsning från nyckelfil, använd --keyfile-size=(byte)."
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Misslyckades med att öppna temporär LUKS-enhet."
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Flaggan --integrity är endast tillåten för luksFormat (LUKS2)."
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Det går inte att hämta enhetsstorlek."
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Flaggorna --label och --subsystem är endast tillåtna för luksFormat och konfiguration av LUKS2-åtgärder."
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "In-/utfel under återkryptering."
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "Negativt tal för flagga ej tillåtet."
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Angivet UUID är ogiltigt."
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Flaggan --use-[u]random är endast tillåten för luksFormat."
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Det går inte att öppna loggfilen för omkryptering."
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Flaggan --uuid är endast tillåten för luksFormat och luksUUID."
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Ingen dekryptering pågår, givet UUID kan endast användas för att återuppta vilande dekrypteringsprocess."
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Flaggan --align-payload är endast tillåten för luksFormat."
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Ändrade pbkdf-parametrarna i nyckelplatsen %i."
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Flaggorna --luks2-metadata-size och --opt-luks2-keyslots-size tillåts endast för luksFormat med LUKS2."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Blockstorlek för omkryptering"
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Ogiltig storlekspecifikation för LUKS2-metadata på enhet."
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "MiB"
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Ogiltig storlekspecifikation för LUKS2-nyckelplats på enhet."
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Ändra inte nyckel, ingen omkryptering av dataområde"
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Flaggan --offset stöds endast för öppning av vanliga och loopaes-enheter, luksFormat och omkrypteringsenheter."
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Läs volymnyckeln (master) från fil"
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Angav ett ogiltigt argument för parametern --veracrypt-pim."
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "PBKDF2-iterationstid för LUKS (i ms)"
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "Flaggan för sektorstorlek stöds inte för detta kommando."
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Använd direct-io vid enhetsåtkomst"
+#~ msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
+#~ msgstr "Flaggan --unbound kan endast användas tillsammans med ätgärderna luksAddKey och luksDump."
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Använd fsync efter varje block"
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Flaggan --refresh är endast tillåten för åtgärden open."
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Uppdatera loggfilen efter varje block"
+#~ msgid "Invalid device size specification."
+#~ msgstr "Ogiltig storlekspecifikation på enhet."
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Använd endast denna plats (andra kommer att inaktiveras)"
+#~ msgid "Reduce size overflow."
+#~ msgstr "Minska storleksöverspill."
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Skapa nytt huvud på icke-krypterad enhet"
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Använd inte verity superblock"
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Dekryptera enheten permanent (ta bort kryptering)"
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Formattyp (1 - normal, 0 - ursprungliga Chrome OS)"
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "Det UUID som används för att återuppta kryptering"
+#~ msgid "number"
+#~ msgstr "antal"
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Typ av LUKS-metadata: luks1, luks2"
+#~ msgid "Block size on the data device"
+#~ msgstr "Blockstorlek på dataenheten"
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[FLAGGA…] <enhet>"
+#~ msgid "Block size on the hash device"
+#~ msgstr "Blockstorlek på hashenheten"
-#: src/cryptsetup_reencrypt.c:1687
-#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Omkryptering kommer att ändra: %s%s%s%s%s%s."
+#~ msgid "FEC parity bytes"
+#~ msgstr "FEC paritetsbyte"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "volymnyckeln"
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Antalet block i datafilen"
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "sätt hash till "
+#~ msgid "blocks"
+#~ msgstr "block"
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", sätt chiffer till "
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Sökväg till enhet med felkorrigeringsdata"
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Kräver argument."
+#~ msgid "path"
+#~ msgstr "sökväg"
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Endast värden mellan 1 MiB och 64 MiB är tillåtna som blockstorlek för omkryptering."
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Startoffset på hashenheten"
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Högsta förminskningsstorlek för enhet är 64 MiB."
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Startoffset på FEC-enheten"
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Flaggan --new måste användas tillsammans med --reduce-device-size eller --header."
+#~ msgid "Hash algorithm"
+#~ msgstr "Hashalgoritm"
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Flaggan --keep-key kan endast användas med --hash, --iter-time eller --pbkdf-force-iterations."
+#~ msgid "string"
+#~ msgstr "sträng"
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Flaggan --new kan inte användas tillsammans med --decrypt."
+#~ msgid "Salt"
+#~ msgstr "Salt"
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Flaggan --decrypt är inkompatibel med specificerade parametrar."
+#~ msgid "hex string"
+#~ msgstr "hexsträng"
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Flaggan --uuid är endast tillåten tillsammans med --decrypt."
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Sökväg till root-hashsignaturfilen"
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Ogiltig luks-typ. Använd en av dessa: 'luks', 'luks1' or 'luks2'."
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Starta om kärna om något skadat identifieras"
-#: src/utils_tools.c:151
-msgid "Error reading response from terminal."
-msgstr "Fel vid läsning av svar från terminal."
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Sätt kärnan i Panic-läge om korruption identifieras"
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Kommandot lyckades.\n"
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Ignorera om något är skadat, logga endast"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr "fel eller saknar parametrar"
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Verifiera inte nollställda block"
-#: src/utils_tools.c:196
-msgid "no permission or bad passphrase"
-msgstr "ingen behörighet eller dålig lösenfras"
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Verifiera datablock endast första gången det läses in"
-#: src/utils_tools.c:198
-msgid "out of memory"
-msgstr "slut på minne"
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Flaggorna --ignore-corruption, --restart-on-corruption eller --ignore-zero-blocks är endast tillåtna för åtgärden open."
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr "angav fel enhet eller fil"
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Flaggan --root-hash-signature kan användas endast för åtgärden open."
-#: src/utils_tools.c:202
-msgid "device already exists or device is busy"
-msgstr "enheten existerar redan eller så är enheten upptagen"
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Sökvägen till dataenhet (om separat)"
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr "okänt fel"
+#~ msgid "Journal size"
+#~ msgstr "Journalstorlek"
-#: src/utils_tools.c:206
-#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Kommandot misslyckades med kod %i (%s).\n"
+#~ msgid "Interleave sectors"
+#~ msgstr "Infoga sektorer"
-#: src/utils_tools.c:284
-#, c-format
-msgid "Key slot %i created."
-msgstr "Nyckelplats %i är ändrad."
+#~ msgid "Journal watermark"
+#~ msgstr "Journalvattenmärke"
-#: src/utils_tools.c:286
-#, c-format
-msgid "Key slot %i unlocked."
-msgstr "Nyckelplats %i är upplåst."
+#~ msgid "percent"
+#~ msgstr "procent"
-#: src/utils_tools.c:288
-#, c-format
-msgid "Key slot %i removed."
-msgstr "Nyckelplats %i är upplåst."
+#~ msgid "Journal commit time"
+#~ msgstr "Journalincheckningstid"
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr "Token %i används."
+#~ msgid "ms"
+#~ msgstr "ms"
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr "Token %i används."
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Antal 512-byte sektorer per bit (bitmap-läge)."
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Skrivning avbruten."
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Renstid för bitmap-läge"
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "VARNING: Enheten %s innehåller redan en ”%s”-partitionssignatur.\n"
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Taggstorlek (per sektor)"
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "VARNING: Enheten %s innehåller redan en ”%s”-superblocksignatur.\n"
+#~ msgid "Sector size"
+#~ msgstr "Sektorstorlek"
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Misslyckades med att initiera identifiering av enhetssignatur."
+#~ msgid "Buffers size"
+#~ msgstr "Bufferstorlek"
-#: src/utils_tools.c:549
-#, c-format
-msgid "Failed to stat device %s."
-msgstr "Misslyckades med att ta status på enhet %s."
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Dataintegritetsalgoritm"
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Enheten %s används. Det går inte att fortsätta med formateringsåtgärden."
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Storleken för dataintegritetsnyckeln"
-#: src/utils_tools.c:564
-#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Misslyckades med att öppna filen %s i läs-/skrivläge."
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Läs integritetsnyckeln från en fil"
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Kommer att rensa befintlig ”%s”-partitionssignatur (förskjutning: %<PRIi64> byte) på enheten %s."
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Integritetsalgoritm för journal"
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Kommer att rensa befintlig ”%s”-superblocksignatur (förskjutning: %<PRIi64> byte) på enheten %s."
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Storleken för journalens integritetssnyckel"
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Misslyckades med att radera enhetssignatur."
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Läs journalens integritetsnyckel från en fil"
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Misslyckades med söka av enheten %s efter en signatur."
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Krypteringsalgoritm för journal"
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Omkryptering avbryten."
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Storleken för journalens krypteringsnyckel"
-#: src/utils_password.c:43 src/utils_password.c:76
-#, c-format
-msgid "Cannot check password quality: %s"
-msgstr "Det går inte att kontrollera lösenordskvalitet: %s"
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Läs journalens krypteringsnyckel från en fil"
-#: src/utils_password.c:51
-#, c-format
-msgid ""
-"Password quality check failed:\n"
-" %s"
-msgstr ""
-"Misslyckades med kvalitetskontroll av lösenord:\n"
-"%s"
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Återhämtningsläge (ingen journal, ingen taggkontroll)"
-#: src/utils_password.c:83
-#, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Misslyckades med kvalitetskontroll av lösenord: Dålig lösenfras (%s)"
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Använd bitmap för att spåra ändringar och inaktivera journal för integritetsenhet"
-#: src/utils_password.c:228 src/utils_password.c:242
-msgid "Error reading passphrase from terminal."
-msgstr "Fel vid läsning av lösenfras från terminal."
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Räkna automatiskt initiala taggar."
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Verifiera lösenfras: "
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Skydda inte superblock md HMAC (gamla kärnor)"
-#: src/utils_password.c:247
-msgid "Passphrases do not match."
-msgstr "Lösenfraserna stämmer inte överens."
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Tillåt recalculating (omräkning) av volymer med HMAC-nycklar (äldre kärnor)"
-#: src/utils_password.c:284
-msgid "Cannot use offset with terminal input."
-msgstr "Det går inte att använda offset med terminalinmatning."
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Flaggan --integrity-recalculate kan användas endast för öppen åtgärd."
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Ange lösenfras: "
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Flaggorna --journal-size, --interleave-sectors, --sector-size, --tag-size och --no-wipe kan endast användas för åtgärden formatera."
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Ange lösenfras för %s: "
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Ogiltig storlekspecifikation på journal."
-#: src/utils_password.c:321
-msgid "No key available with this passphrase."
-msgstr "Ingen nyckel finns tillgänglig med denna lösenfras."
+#~ msgid "Reencryption block size"
+#~ msgstr "Blockstorlek för omkryptering"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr "Ingen tillgänglig användbar nyckelplats."
+#~ msgid "MiB"
+#~ msgstr "MiB"
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Det går inte att öppna nyckelfilen %s för skrivning."
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Ändra inte nyckel, ingen omkryptering av dataområde"
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Det går inte att skriva till nyckelfilen %s."
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Läs volymnyckeln (master) från fil"
-#: src/utils_luks2.c:47
-#, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Misslyckades med att öppna filen %s i skrivskyddat läge."
+#~ msgid "PBKDF2 iteration time for LUKS (in ms)"
+#~ msgstr "PBKDF2-iterationstid för LUKS (i ms)"
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Tillhandahåll giltig JSON för LUKS2-token:\n"
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Använd direct-io vid enhetsåtkomst"
-#: src/utils_luks2.c:67
-msgid "Failed to read JSON file."
-msgstr "Misslyckades med att läsa in JSON-filen."
+#~ msgid "Use fsync after each block"
+#~ msgstr "Använd fsync efter varje block"
-#: src/utils_luks2.c:72
-msgid ""
-"\n"
-"Read interrupted."
-msgstr ""
-"\n"
-"Läsning avbryten."
+#~ msgid "Update log file after every block"
+#~ msgstr "Uppdatera loggfilen efter varje block"
-#: src/utils_luks2.c:113
-#, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Misslyckades med att öppna filen %s in skrivläge."
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Använd endast denna plats (andra kommer att inaktiveras)"
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-"\n"
-"Skrivning avbruten."
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Skapa nytt huvud på icke-krypterad enhet"
-#: src/utils_luks2.c:126
-msgid "Failed to write JSON file."
-msgstr "Misslyckades med att skriva JSON-fil."
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Avkoda enheten permanent (ta bort kryptering)"
+
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "Det UUID som används för att återuppta kryptering"
+
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Typ av LUKS-metadata: luks1, luks2"
-#, c-format
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "VARNING:Låskatalog %s/%s saknas!\n"
#~ msgid "Invalid size parameters for verity device."
#~ msgstr "Ogiltig storlek på parametrar för verity-enhet."
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Misslyckades med att inaktivera flaggan för omkrypteringskrav."
-
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Verkar som enheten inte kräver omkrypteringsåterställning.\n"
-#~ "Vill du ändå fortsätta?"
-
#~ msgid "Integrity algorithm must be specified if integrity key is used."
#~ msgstr "Integritetsalgoritm måste specificieras om integritetsnyckel används."
#~ msgid "Function not available in FIPS mode."
#~ msgstr "Funktionen är inte tillgänglig i FIPS-läge."
-#~ msgid "Cipher %s is not available."
-#~ msgstr "Chiffret %s är inte tillgängligt."
-
#~ msgid "Key slot %d selected for deletion."
#~ msgstr "Nyckelplats %d markerad för borttagning."
#~ msgid "exclusive "
#~ msgstr "exklusiv"
-#~ msgid "writable"
-#~ msgstr "skrivbar"
-
#~ msgid "read-only"
#~ msgstr "skrivskyddad"
# Copyright (C) 2012 Free Software Foundation, Inc.
# This file is put in the public domain.
#
-# Yuri Chornoivan <yurchor@ukr.net>, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021.
+# Yuri Chornoivan <yurchor@ukr.net>, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023.
msgid ""
msgstr ""
-"Project-Id-Version: cryptsetup 2.3.6-rc0\n"
-"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
-"PO-Revision-Date: 2021-05-22 18:02+0300\n"
+"Project-Id-Version: cryptsetup 2.6.1-rc0\n"
+"Report-Msgid-Bugs-To: cryptsetup@lists.linux.dev\n"
+"POT-Creation-Date: 2023-02-01 15:58+0100\n"
+"PO-Revision-Date: 2023-02-02 10:48+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
"Language: uk\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: Lokalize 20.12.0\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:419
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "Не можна ініціалізувати device-mapper, якщо програму запущено не від імені адміністратора (root)."
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:422
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "Не вдалося ініціалізувати device-mapper. Чи завантажено модуль ядра dm_mod?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:1102
msgid "Requested deferred flag is not supported."
msgstr "Підтримки бажаного прапорця відкладення, %s, не передбачено."
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1171
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "DM-UUID для пристрою %s було обрізано."
-#: lib/libdevmapper.c:1580
+#: lib/libdevmapper.c:1501
msgid "Unknown dm target type."
msgstr "Невідомий тип призначення dm."
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1620 lib/libdevmapper.c:1626 lib/libdevmapper.c:1724
+#: lib/libdevmapper.c:1727
msgid "Requested dm-crypt performance options are not supported."
msgstr "Підтримки вказаних параметрів швидкодії dm-crypt не передбачено."
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1635 lib/libdevmapper.c:1647
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "Підтримки вказаних параметрів обробки пошкоджених даних за допомогою dm-verity не передбачено."
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1641
+msgid "Requested dm-verity tasklets option is not supported."
+msgstr "Підтримки вказаного параметра завдань dm-verity не передбачено."
+
+#: lib/libdevmapper.c:1653
msgid "Requested dm-verity FEC options are not supported."
msgstr "Підтримки вказаних параметрів FEC за допомогою dm-verity не передбачено."
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1659
msgid "Requested data integrity options are not supported."
msgstr "Підтримки вказаних параметрів цілісності даних не передбачено."
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1663
msgid "Requested sector_size option is not supported."
msgstr "Підтримки вказаного параметра sector_size не передбачено."
-#: lib/libdevmapper.c:1732
+#: lib/libdevmapper.c:1670 lib/libdevmapper.c:1676
msgid "Requested automatic recalculation of integrity tags is not supported."
msgstr "Підтримки потрібного вам автоматичного повторного обчислення міток цілісності не передбачено."
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
+#: lib/libdevmapper.c:1682 lib/libdevmapper.c:1730 lib/libdevmapper.c:1733
+#: lib/luks2/luks2_json_metadata.c:2620
msgid "Discard/TRIM is not supported."
msgstr "Підтримки відкидання або обрізання не передбачено."
-#: lib/libdevmapper.c:1740
+#: lib/libdevmapper.c:1688
msgid "Requested dm-integrity bitmap mode is not supported."
msgstr "Підтримки вказаного режиму бітової карти цілісності dm не передбачено."
-#: lib/libdevmapper.c:2713
+#: lib/libdevmapper.c:2724
#, c-format
msgid "Failed to query dm-%s segment."
msgstr "Не вдалося опитати сегмент dm-%s."
-#: lib/random.c:75
+#: lib/random.c:73
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Під час створення ключа тому було вичерпано буфер ентропії системи.\n"
"Будь ласка, пересуньте вказівник миші або наберіть якийсь текст у іншому вікні, щоб зібрати додаткові дані на основі випадкових подій.\n"
-#: lib/random.c:79
+#: lib/random.c:77
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Створення ключа (виконано %d%%).\n"
-#: lib/random.c:165
+#: lib/random.c:163
msgid "Running in FIPS mode."
msgstr "Працюємо у режимі FIPS."
-#: lib/random.c:171
+#: lib/random.c:169
msgid "Fatal error during RNG initialisation."
msgstr "Критична помилка під час ініціалізації генератора псевдовипадкових чисел."
-#: lib/random.c:208
+#: lib/random.c:207
msgid "Unknown RNG quality requested."
msgstr "Надійшов запит щодо невідомої якості псевдовипадкових чисел."
-#: lib/random.c:213
+#: lib/random.c:212
msgid "Error reading from RNG."
msgstr "Помилка читання з генератора псевдовипадкових чисел."
-#: lib/setup.c:229
+#: lib/setup.c:231
msgid "Cannot initialize crypto RNG backend."
msgstr "Не вдалося ініціалізувати допоміжну програму шифрування генератора псевдовипадкових чисел."
-#: lib/setup.c:235
+#: lib/setup.c:237
msgid "Cannot initialize crypto backend."
msgstr "Не вдалося ініціалізувати допоміжну програму шифрування."
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:268 lib/setup.c:2151 lib/verity/verity.c:122
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "Підтримки алгоритму хешування %s не передбачено."
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:271 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "Помилка під час обробки ключа (на основі хешу %s)."
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:342 lib/setup.c:369
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "Не вдалося визначити тип пристрою. Несумісна дія з активації пристрою?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:348 lib/setup.c:3320
msgid "This operation is supported only for LUKS device."
msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS."
-#: lib/setup.c:368
+#: lib/setup.c:375
msgid "This operation is supported only for LUKS2 device."
msgstr "Підтримку цієї дії передбачено лише для пристроїв LUKS2."
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:427 lib/luks2/luks2_reencrypt.c:3010
msgid "All key slots full."
msgstr "Заповнено всі слоти ключів."
-#: lib/setup.c:434
+#: lib/setup.c:438
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "Слот ключа %d є некоректним, будь ласка, виберіть число від 0 до %d."
-#: lib/setup.c:440
+#: lib/setup.c:444
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "Слот ключа %d заповнено, будь ласка, виберіть інший."
-#: lib/setup.c:525 lib/setup.c:2832
+#: lib/setup.c:529 lib/setup.c:3042
msgid "Device size is not aligned to device logical block size."
msgstr "Розмір пристрою не вирівняно за розміром логічного блоку пристрою."
-#: lib/setup.c:624
+#: lib/setup.c:627
#, c-format
msgid "Header detected but device %s is too small."
msgstr "Виявлено заголовок, але об’єм пристрою %s є надто малим."
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:668 lib/setup.c:2942 lib/setup.c:4287
+#: lib/luks2/luks2_reencrypt.c:3782 lib/luks2/luks2_reencrypt.c:4184
msgid "This operation is not supported for this device type."
msgstr "Підтримки цієї дії для цього типу пристроїв не передбачено."
-#: lib/setup.c:666
+#: lib/setup.c:673
msgid "Illegal operation with reencryption in-progress."
msgstr "Виконуємо заборонену дію із повторного шифрування."
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
+#: lib/setup.c:802
+msgid "Failed to rollback LUKS2 metadata in memory."
+msgstr "Не вдалося відкотити метадані LUKS2 у пам'яті."
+
+#: lib/setup.c:889 lib/luks1/keymanage.c:249 lib/luks1/keymanage.c:527
+#: lib/luks2/luks2_json_metadata.c:1336 src/cryptsetup.c:1587
+#: src/cryptsetup.c:1727 src/cryptsetup.c:1782 src/cryptsetup.c:1977
+#: src/cryptsetup.c:2133 src/cryptsetup.c:2414 src/cryptsetup.c:2656
+#: src/cryptsetup.c:2716 src/utils_reencrypt.c:1465
+#: src/utils_reencrypt_luks1.c:1192 tokens/ssh/cryptsetup-ssh.c:77
+#, c-format
+msgid "Device %s is not a valid LUKS device."
+msgstr "Пристрій %s не є коректним пристроєм LUKS."
+
+#: lib/setup.c:892 lib/luks1/keymanage.c:530
#, c-format
msgid "Unsupported LUKS version %d."
msgstr "Непідтримувана версія LUKS, %d."
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1491 lib/setup.c:2691 lib/setup.c:2773 lib/setup.c:2785
+#: lib/setup.c:2952 lib/setup.c:4764
#, c-format
msgid "Device %s is not active."
msgstr "Пристрій %s є неактивним."
-#: lib/setup.c:1444
+#: lib/setup.c:1508
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "Зник основний пристрій для пристрою для шифрування %s."
-#: lib/setup.c:1524
+#: lib/setup.c:1590
msgid "Invalid plain crypt parameters."
msgstr "Некоректні параметри звичайного шифрування."
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1595 lib/setup.c:2054
msgid "Invalid key size."
msgstr "Некоректний розмір ключа."
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1600 lib/setup.c:2059 lib/setup.c:2262
msgid "UUID is not supported for this crypt type."
msgstr "Підтримки UUID для цього типу шифрування не передбачено."
-#: lib/setup.c:1539 lib/setup.c:1959
+#: lib/setup.c:1605 lib/setup.c:2064
msgid "Detached metadata device is not supported for this crypt type."
msgstr "Підтримки пристрою від'єднаних метаданих для цього типу шифрування не передбачено."
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1615 lib/setup.c:1831 lib/luks2/luks2_reencrypt.c:2966
+#: src/cryptsetup.c:1387 src/cryptsetup.c:3383
msgid "Unsupported encryption sector size."
msgstr "Непідтримуваний розмір сектора шифрування."
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
+#: lib/setup.c:1623 lib/setup.c:1959 lib/setup.c:3036
msgid "Device size is not aligned to requested sector size."
msgstr "Розмір пристрою не вирівняно за вказаним розміром сектора."
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1675 lib/setup.c:1799
msgid "Can't format LUKS without device."
msgstr "Форматування LUKS без пристрою неможливе."
-#: lib/setup.c:1614 lib/setup.c:1733
+#: lib/setup.c:1681 lib/setup.c:1805
msgid "Requested data alignment is not compatible with data offset."
msgstr "Потрібне вам вирівнювання даних є несумісним із відступом у даних."
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr "Увага: відступ у даних виходить за межі поточного доступного пристрою для зберігання даних.\n"
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1756 lib/setup.c:1976 lib/setup.c:1997 lib/setup.c:2274
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "Не можна витирати заголовок на пристрої %s."
-#: lib/setup.c:1744
+#: lib/setup.c:1769 lib/setup.c:2036
+#, c-format
+msgid "Device %s is too small for activation, there is no remaining space for data.\n"
+msgstr "Пристрій %s є надто малим для активації, на ньому не лишиться місця для даних.\n"
+
+#: lib/setup.c:1840
msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
msgstr "Увага: спроба активувати пристрій завершиться невдало, у dm-crypt не передбачено підтримки для вказаного розміру сектора шифрування.\n"
-#: lib/setup.c:1766
+#: lib/setup.c:1863
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "Ключ тому є надто малим для шифрування із розширеннями цілісності."
-#: lib/setup.c:1821
+#: lib/setup.c:1923
#, c-format
msgid "Cipher %s-%s (key size %zd bits) is not available."
msgstr "Шифрування %s-%s (розмір ключа — %zd бітів) є недоступним."
-#: lib/setup.c:1854
+#: lib/setup.c:1949
#, c-format
msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
msgstr "Увага: розмір метаданих LUKS2 змінено до %<PRIu64> байтів.\n"
-#: lib/setup.c:1858
+#: lib/setup.c:1953
#, c-format
msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
msgstr "Увага: розмір області слотів ключів LUKS2 змінено до %<PRIu64> байтів.\n"
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1979 lib/utils_device.c:911 lib/luks1/keyencryption.c:255
+#: lib/luks2/luks2_reencrypt.c:3034 lib/luks2/luks2_reencrypt.c:4279
#, c-format
msgid "Device %s is too small."
msgstr "Об’єм пристрою %s є надто малим."
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1990 lib/setup.c:2016
#, c-format
msgid "Cannot format device %s in use."
msgstr "Не можна форматувати пристрій %s, який перебуває у користуванні."
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1993 lib/setup.c:2019
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "Не можна форматувати пристрій %s, недостатні права доступу."
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:2005 lib/setup.c:2334
#, c-format
msgid "Cannot format integrity for device %s."
msgstr "Не вдалося форматувати цілісність для пристрою %s."
-#: lib/setup.c:1926
+#: lib/setup.c:2023
#, c-format
msgid "Cannot format device %s."
msgstr "Не вдалося форматувати пристрій %s."
-#: lib/setup.c:1944
+#: lib/setup.c:2049
msgid "Can't format LOOPAES without device."
msgstr "Не можна форматувати LOOPAES без пристрою."
-#: lib/setup.c:1989
+#: lib/setup.c:2094
msgid "Can't format VERITY without device."
msgstr "Форматування VERITY без пристрою неможливе."
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:2105 lib/verity/verity.c:101
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "Непідтримуваний тип хешування VERITY, %d."
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:2111 lib/verity/verity.c:109
msgid "Unsupported VERITY block size."
msgstr "Непідтримуваний розмір блоку VERITY."
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:2116 lib/verity/verity.c:74
msgid "Unsupported VERITY hash offset."
msgstr "Непідтримуваний відступ хешу VERITY."
-#: lib/setup.c:2016
+#: lib/setup.c:2121
msgid "Unsupported VERITY FEC offset."
msgstr "Непідтримуваний зсув FEC VERITY."
-#: lib/setup.c:2040
+#: lib/setup.c:2145
msgid "Data area overlaps with hash area."
msgstr "Область даних перекривається із областю хешу."
-#: lib/setup.c:2065
+#: lib/setup.c:2170
msgid "Hash area overlaps with FEC area."
msgstr "Область хешування перекриваються з областю FEC."
-#: lib/setup.c:2072
+#: lib/setup.c:2177
msgid "Data area overlaps with FEC area."
msgstr "Область даних перекривається із областю FEC."
-#: lib/setup.c:2208
+#: lib/setup.c:2313
#, c-format
msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
msgstr "Увага: бажаний розмір мітки у %d байтів відрізняється від розміру у результаті %s (%d байтів).\n"
-#: lib/setup.c:2286
+#: lib/setup.c:2392
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "Надіслано запит щодо невідомого типу пристрою шифрування, %s."
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
+#: lib/setup.c:2699 lib/setup.c:2778 lib/setup.c:2791
#, c-format
msgid "Unsupported parameters on device %s."
msgstr "Непідтримувані параметри на пристрої %s."
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
+#: lib/setup.c:2705 lib/setup.c:2798 lib/luks2/luks2_reencrypt.c:2862
+#: lib/luks2/luks2_reencrypt.c:3099 lib/luks2/luks2_reencrypt.c:3484
#, c-format
msgid "Mismatching parameters on device %s."
msgstr "Невідповідність параметрів на пристрої %s."
-#: lib/setup.c:2664
+#: lib/setup.c:2822
msgid "Crypt devices mismatch."
msgstr "Невідповідність пристроїв шифрування."
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
+#: lib/setup.c:2859 lib/setup.c:2864 lib/luks2/luks2_reencrypt.c:2361
+#: lib/luks2/luks2_reencrypt.c:2878 lib/luks2/luks2_reencrypt.c:4032
#, c-format
msgid "Failed to reload device %s."
msgstr "Не вдалося перезавантажити пристрій %s."
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
+#: lib/setup.c:2870 lib/setup.c:2876 lib/luks2/luks2_reencrypt.c:2332
+#: lib/luks2/luks2_reencrypt.c:2339 lib/luks2/luks2_reencrypt.c:2892
#, c-format
msgid "Failed to suspend device %s."
msgstr "Не вдалося приспати пристрій %s."
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
+#: lib/setup.c:2882 lib/luks2/luks2_reencrypt.c:2346
+#: lib/luks2/luks2_reencrypt.c:2913 lib/luks2/luks2_reencrypt.c:3945
+#: lib/luks2/luks2_reencrypt.c:4036
#, c-format
msgid "Failed to resume device %s."
msgstr "Не вдалося відновити роботу пристрою %s."
-#: lib/setup.c:2735
+#: lib/setup.c:2897
#, c-format
msgid "Fatal error while reloading device %s (on top of device %s)."
msgstr "Критична помилка під час перезавантаження пристрої %s (над пристроєм %s)."
-#: lib/setup.c:2738 lib/setup.c:2740
+#: lib/setup.c:2900 lib/setup.c:2902
#, c-format
msgid "Failed to switch device %s to dm-error."
msgstr "Не вдалося перемкнути пристрій %s у режим dm-error."
-#: lib/setup.c:2817
+#: lib/setup.c:2984
msgid "Cannot resize loop device."
msgstr "Неможливо змінити розмір петльового пристрою."
-#: lib/setup.c:2890
+#: lib/setup.c:3027
+msgid "WARNING: Maximum size already set or kernel doesn't support resize.\n"
+msgstr "УВАГА: уже вказано максимальний розмір або у ядрі не передбачено можливості зміни розміру.\n"
+
+#: lib/setup.c:3088
+msgid "Resize failed, the kernel doesn't support it."
+msgstr "Не вдалося змінити розмір, у ядрі не передбачено підтримки такої дії."
+
+#: lib/setup.c:3120
msgid "Do you really want to change UUID of device?"
msgstr "Ви справді хочете змінити UUID пристрою?"
-#: lib/setup.c:2966
+#: lib/setup.c:3212
msgid "Header backup file does not contain compatible LUKS header."
msgstr "Файл резервної копії заголовка не містить сумісного із LUKS заголовка."
-#: lib/setup.c:3066
+#: lib/setup.c:3328
#, c-format
msgid "Volume %s is not active."
msgstr "Том %s не є активним."
-#: lib/setup.c:3077
+#: lib/setup.c:3339
#, c-format
msgid "Volume %s is already suspended."
msgstr "Том %s вже приспано."
-#: lib/setup.c:3090
+#: lib/setup.c:3352
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "Підтримки присипляння для пристрою %s не передбачено."
-#: lib/setup.c:3092
+#: lib/setup.c:3354
#, c-format
msgid "Error during suspending device %s."
msgstr "Помилка під час спроби приспати пристрій %s."
-#: lib/setup.c:3128
+#: lib/setup.c:3389
#, c-format
msgid "Resume is not supported for device %s."
msgstr "Підтримки дії з пробудження для пристрою %s не передбачено."
-#: lib/setup.c:3130
+#: lib/setup.c:3391
#, c-format
msgid "Error during resuming device %s."
msgstr "Помилка під час спроби пробудити пристрій %s."
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
+#: lib/setup.c:3425 lib/setup.c:3473 lib/setup.c:3544 lib/setup.c:3589
+#: src/cryptsetup.c:2479
#, c-format
msgid "Volume %s is not suspended."
msgstr "Том %s не приспано."
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
+#: lib/setup.c:3559 lib/setup.c:4540 lib/setup.c:4553 lib/setup.c:4561
+#: lib/setup.c:4574 lib/setup.c:6157 lib/setup.c:6179 lib/setup.c:6228
+#: src/cryptsetup.c:2011
msgid "Volume key does not match the volume."
msgstr "Ключ тому не відповідає тому."
-#: lib/setup.c:3344 lib/setup.c:3535
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
-msgstr "Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому."
-
-#: lib/setup.c:3487
+#: lib/setup.c:3737
msgid "Failed to swap new key slot."
msgstr "Не вдалося зарезервувати новий слот ключа."
-#: lib/setup.c:3673
+#: lib/setup.c:3835
#, c-format
msgid "Key slot %d is invalid."
msgstr "Слот ключа %d є некоректним."
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
+#: lib/setup.c:3841 src/cryptsetup.c:1740 src/cryptsetup.c:2208
+#: src/cryptsetup.c:2816 src/cryptsetup.c:2876
#, c-format
msgid "Keyslot %d is not active."
msgstr "Слот ключа %d не є активним."
-#: lib/setup.c:3698
+#: lib/setup.c:3860
msgid "Device header overlaps with data area."
msgstr "Заголовок пристрою перекривається із областю даних."
-#: lib/setup.c:3992
+#: lib/setup.c:4165
msgid "Reencryption in-progress. Cannot activate device."
msgstr "Виконуємо повторне шифрування. Не можна активувати пристрій."
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
+#: lib/setup.c:4167 lib/luks2/luks2_json_metadata.c:2703
+#: lib/luks2/luks2_reencrypt.c:3590
msgid "Failed to get reencryption lock."
msgstr "Не вдалося отримати стан блокування для повторного шифрування."
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
+#: lib/setup.c:4180 lib/luks2/luks2_reencrypt.c:3609
msgid "LUKS2 reencryption recovery failed."
msgstr "Не вдалося виконати відновлення даних повторного шифрування LUKS2."
-#: lib/setup.c:4175 lib/setup.c:4437
+#: lib/setup.c:4352 lib/setup.c:4618
msgid "Device type is not properly initialized."
msgstr "Тип пристрою не ініціалізовано належним чином."
-#: lib/setup.c:4223
+#: lib/setup.c:4400
#, c-format
msgid "Device %s already exists."
msgstr "Пристрій %s вже існує."
-#: lib/setup.c:4230
+#: lib/setup.c:4407
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "Неможливо скористатися пристроєм %s, некоректна назва або пристрій усе ще використовується."
-#: lib/setup.c:4350
+#: lib/setup.c:4527
msgid "Incorrect volume key specified for plain device."
msgstr "Для пристрою зі звичайним шифруванням вказано помилковий ключ тому."
-#: lib/setup.c:4463
+#: lib/setup.c:4644
msgid "Incorrect root hash specified for verity device."
msgstr "Для пристрою перевірки вказано помилковий кореневий хеш."
-#: lib/setup.c:4470
+#: lib/setup.c:4654
msgid "Root hash signature required."
msgstr "Потрібен хеш-підпис кореневої теки."
-#: lib/setup.c:4479
+#: lib/setup.c:4663
msgid "Kernel keyring missing: required for passing signature to kernel."
msgstr "Немає сховища ключів ядра: це сховище потрібне для передавання підпису ядру."
-#: lib/setup.c:4496 lib/setup.c:5976
+#: lib/setup.c:4680 lib/setup.c:6423
msgid "Failed to load key in kernel keyring."
msgstr "Не вдалося завантажити ключ до сховища ключів ядра."
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:4736
+#, c-format
+msgid "Could not cancel deferred remove from device %s."
+msgstr "Не вдалося скасувати відкладене вилучення з пристрою %s."
+
+#: lib/setup.c:4743 lib/setup.c:4759 lib/luks2/luks2_json_metadata.c:2756
+#: src/utils_reencrypt.c:116
#, c-format
msgid "Device %s is still in use."
msgstr "Пристрій %s все ще використовується."
-#: lib/setup.c:4574
+#: lib/setup.c:4768
#, c-format
msgid "Invalid device %s."
msgstr "Некоректний пристрій %s."
-#: lib/setup.c:4690
+#: lib/setup.c:4908
msgid "Volume key buffer too small."
msgstr "Буфер ключів тому є занадто малим."
-#: lib/setup.c:4698
+#: lib/setup.c:4925
+msgid "Cannot retrieve volume key for LUKS2 device."
+msgstr "Неможливо отримати ключ тому для пристрою із шифруванням LUKS2."
+
+#: lib/setup.c:4934
+msgid "Cannot retrieve volume key for LUKS1 device."
+msgstr "Неможливо отримати ключ тому для пристрою із шифруванням LUKS1."
+
+#: lib/setup.c:4944
msgid "Cannot retrieve volume key for plain device."
msgstr "Неможливо отримати ключ тому для пристрою зі звичайним шифруванням."
-#: lib/setup.c:4715
+#: lib/setup.c:4952
msgid "Cannot retrieve root hash for verity device."
msgstr "Не вдалося отримати кореневий хеш для пристрою VERITY."
-#: lib/setup.c:4717
+#: lib/setup.c:4959
+msgid "Cannot retrieve volume key for BITLK device."
+msgstr "Неможливо отримати ключ тому для пристрою BITLK."
+
+#: lib/setup.c:4964
+msgid "Cannot retrieve volume key for FVAULT2 device."
+msgstr "Неможливо отримати ключ тому для пристрою FVAULT2."
+
+#: lib/setup.c:4966
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "Підтримки цієї дії для шифрованого пристрою %s не передбачено."
-#: lib/setup.c:4923
+#: lib/setup.c:5147 lib/setup.c:5158
msgid "Dump operation is not supported for this device type."
msgstr "Підтримки дії зі створення дампу для цього типу пристроїв не передбачено."
-#: lib/setup.c:5251
+#: lib/setup.c:5500
#, c-format
msgid "Data offset is not multiple of %u bytes."
msgstr "Зсув у даних не є кратним до %u байтів."
-#: lib/setup.c:5536
+#: lib/setup.c:5788
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "Не можна перетворити пристрій %s, який перебуває у користуванні."
-#: lib/setup.c:5833
+#: lib/setup.c:6098 lib/setup.c:6237
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "Не вдалося прив'язати слот ключа %u як новий ключ тому."
-#: lib/setup.c:5906
+#: lib/setup.c:6122
msgid "Failed to initialize default LUKS2 keyslot parameters."
msgstr "Не вдалося ініціалізувати типові параметри слоту ключів LUKS2."
-#: lib/setup.c:5912
+#: lib/setup.c:6128
#, c-format
msgid "Failed to assign keyslot %d to digest."
msgstr "Не вдалося прив'язати слот ключа %d до контрольної суми."
-#: lib/setup.c:6043
+#: lib/setup.c:6353
+msgid "Cannot add key slot, all slots disabled and no volume key provided."
+msgstr "Не вдалося додати слот ключа, всі слоти вимкнено і не вказано ключа тому."
+
+#: lib/setup.c:6490
msgid "Kernel keyring is not supported by the kernel."
msgstr "У ядрі не передбачено підтримки сховища ключів ядра."
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:6500 lib/luks2/luks2_reencrypt.c:3807
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "Не вдалося прочитати пароль із ключа зі сховища ключів (помилка %d)."
-#: lib/setup.c:6077
+#: lib/setup.c:6523
msgid "Failed to acquire global memory-hard access serialization lock."
msgstr "Не вдалося створити загальне блокування серіалізації доступу до пам'яті."
-#: lib/utils.c:80
-msgid "Cannot get process priority."
-msgstr "Не вдалося отримати значення пріоритетності процесу."
-
-#: lib/utils.c:94
-msgid "Cannot unlock memory."
-msgstr "Не вдалося розблокувати пам’ять."
-
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:158 lib/tcrypt/tcrypt.c:501
msgid "Failed to open key file."
msgstr "Не вдалося відкрити файл ключа."
-#: lib/utils.c:173
+#: lib/utils.c:163
msgid "Cannot read keyfile from a terminal."
msgstr "Не вдалося прочитати файл ключа з термінала."
-#: lib/utils.c:190
+#: lib/utils.c:179
msgid "Failed to stat key file."
msgstr "Не вдалося отримати статистичні дані щодо файла ключа."
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:187 lib/utils.c:208
msgid "Cannot seek to requested keyfile offset."
msgstr "Не вдалося встановити потрібну позицію у файлі ключа."
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:202 lib/utils.c:217 src/utils_password.c:225
+#: src/utils_password.c:237
msgid "Out of memory while reading passphrase."
msgstr "Під час читання пароля вичерпано пам’ять."
-#: lib/utils.c:248
+#: lib/utils.c:237
msgid "Error reading passphrase."
msgstr "Помилка під час читання пароля."
-#: lib/utils.c:265
+#: lib/utils.c:254
msgid "Nothing to read on input."
msgstr "Нічого читати з вхідних даних."
-#: lib/utils.c:272
+#: lib/utils.c:261
msgid "Maximum keyfile size exceeded."
msgstr "Перевищено максимальний розмір файла ключа."
-#: lib/utils.c:277
+#: lib/utils.c:266
msgid "Cannot read requested amount of data."
msgstr "Не вдалося прочитати бажаний об’єм даних."
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
+#: lib/utils_device.c:207 lib/utils_storage_wrappers.c:110
+#: lib/luks1/keyencryption.c:91 src/utils_reencrypt.c:1440
#, c-format
msgid "Device %s does not exist or access denied."
msgstr "Пристрою %s не існує або доступ до цього пристрою заборонено."
-#: lib/utils_device.c:200
+#: lib/utils_device.c:217
#, c-format
msgid "Device %s is not compatible."
msgstr "Пристрій %s є сумісним."
-#: lib/utils_device.c:544
+#: lib/utils_device.c:561
#, c-format
msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
msgstr "Ігноруємо фіктивний розмір optimal-io для пристрою даних (%u байтів)."
-#: lib/utils_device.c:666
+#: lib/utils_device.c:722
#, c-format
msgid "Device %s is too small. Need at least %<PRIu64> bytes."
msgstr "Обсяг пристрою %s є надто малим. Потрібно принаймні %<PRIu64> байтів."
-#: lib/utils_device.c:747
+#: lib/utils_device.c:803
#, c-format
msgid "Cannot use device %s which is in use (already mapped or mounted)."
msgstr "Не можна використовувати пристрій %s, оскільки його вже використано (призначено або змонтовано)."
-#: lib/utils_device.c:751
+#: lib/utils_device.c:807
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "Не можна скористатися пристроєм %s, недостатні права доступу."
-#: lib/utils_device.c:754
+#: lib/utils_device.c:810
#, c-format
msgid "Cannot get info about device %s."
msgstr "Не вдалося отримати дані щодо пристрою %s."
-#: lib/utils_device.c:777
+#: lib/utils_device.c:833
msgid "Cannot use a loopback device, running as non-root user."
msgstr "Не можна використовувати петльовий пристрій, програму запущено не від імені адміністративного користувача (root)."
-#: lib/utils_device.c:787
+#: lib/utils_device.c:844
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "Спроба долучення петльового пристрою зазнала невдачі (потрібен петльовий пристрій з встановленим прапорцем автоматичного спорожнення)."
-#: lib/utils_device.c:833
+#: lib/utils_device.c:892
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "Бажана точка відступу перебуває за межами об’єму пристрою %s."
-#: lib/utils_device.c:841
+#: lib/utils_device.c:900
#, c-format
msgid "Device %s has zero size."
msgstr "Об’єм пристрою %s є нульовим."
msgid "Only PBKDF2 is supported in FIPS mode."
msgstr "У режимі FIPS передбачено підтримку лише PBKDF2."
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:175
msgid "PBKDF benchmark disabled but iterations not set."
msgstr "Тестування PBKDF вимкнено, але кількість ітерацій не встановлено."
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:194
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "Несумісні параметри PBKDF2 (з використанням алгоритму хешування %s)."
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:214
msgid "Not compatible PBKDF options."
msgstr "Несумісні параметри PBKDF."
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:101
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "Блокування перервано. Шлях блокування %s/%s є непридатним для користування (не є каталогом або його не вказано)."
-#: lib/utils_device_locking.c:109
-#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr "Буде створено каталог блокування %s/%s із типовими вбудованими правами доступу."
-
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:118
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "Блокування перервано Шлях блокування %s/%s є непридатним для користування (%s не є каталогом)."
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
+#: lib/utils_wipe.c:154 lib/utils_wipe.c:225 src/utils_reencrypt_luks1.c:734
+#: src/utils_reencrypt_luks1.c:832
msgid "Cannot seek to device offset."
msgstr "Не вдалося встановити вказану позицію на пристрої."
-#: lib/utils_wipe.c:208
+#: lib/utils_wipe.c:247
#, c-format
msgid "Device wipe error, offset %<PRIu64>."
msgstr "Помилка витирання пристрою, зсув %<PRIu64>."
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr "Специфікацію шифрування слід вказувати так: [алгоритм]-[режим]-[iv]."
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:366
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:1132
+#: lib/luks2/luks2_json_metadata.c:1490 lib/luks2/luks2_keyslot.c:714
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "Не вдалося виконати запис на пристрій %s, недостатні права доступу."
msgid "Failed to access temporary keystore device."
msgstr "Не вдалося отримати доступ до пристрою тимчасового сховища ключів."
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:62
+#: lib/luks2/luks2_keyslot_luks2.c:80 lib/luks2/luks2_keyslot_reenc.c:192
msgid "IO error while encrypting keyslot."
msgstr "Помилка введення-виведення під час шифрування слоту ключів."
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
+#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:369
+#: lib/luks1/keymanage.c:630 lib/luks1/keymanage.c:680 lib/tcrypt/tcrypt.c:679
+#: lib/fvault2/fvault2.c:877 lib/verity/verity.c:80 lib/verity/verity.c:196
+#: lib/verity/verity_hash.c:320 lib/verity/verity_hash.c:329
+#: lib/verity/verity_hash.c:349 lib/verity/verity_fec.c:260
+#: lib/verity/verity_fec.c:272 lib/verity/verity_fec.c:277
+#: lib/luks2/luks2_json_metadata.c:1493 src/utils_reencrypt_luks1.c:121
+#: src/utils_reencrypt_luks1.c:133
#, c-format
msgid "Cannot open device %s."
msgstr "Не вдалося відкрити пристрій %s."
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:139
msgid "IO error while decrypting keyslot."
msgstr "Помилка введення-виведення під час розшифрування слоту ключів."
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:130
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "Обсяг пристрою %s є надто малим. (LUKS1 потрібно принаймні %<PRIu64> байтів.)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:159
+#: lib/luks1/keymanage.c:171 lib/luks1/keymanage.c:182
+#: lib/luks1/keymanage.c:194
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "Слот ключа LUKS %u є некоректним."
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, c-format
-msgid "Device %s is not a valid LUKS device."
-msgstr "Пристрій %s не є коректним пристроєм LUKS."
-
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:267 lib/luks2/luks2_json_metadata.c:1353
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "Потрібний вам файл резервної копії заголовка, %s, вже існує."
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:269 lib/luks2/luks2_json_metadata.c:1355
#, c-format
msgid "Cannot create header backup file %s."
msgstr "Не вдалося створити файл резервної копії заголовка, %s."
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:276 lib/luks2/luks2_json_metadata.c:1362
#, c-format
msgid "Cannot write header backup file %s."
msgstr "Не вдалося записати файл резервної копії заголовка, %s."
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
+#: lib/luks1/keymanage.c:308 lib/luks2/luks2_json_metadata.c:1399
msgid "Backup file does not contain valid LUKS header."
msgstr "Файл резервної копії не містить коректного заголовка LUKS."
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:321 lib/luks1/keymanage.c:593
+#: lib/luks2/luks2_json_metadata.c:1420
#, c-format
msgid "Cannot open header backup file %s."
msgstr "Не вдалося відкрити файл резервної копії заголовка, %s."
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:329 lib/luks2/luks2_json_metadata.c:1428
#, c-format
msgid "Cannot read header backup file %s."
msgstr "Не вдалося прочитати дані з файла резервної копії заголовка, %s."
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:339
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "Відступ у даних або розмір ключа на пристрої і у резервній копії є різними. Відновлення неможливе."
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:347
#, c-format
msgid "Device %s %s%s"
msgstr "Пристрій %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:348
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "не містить заголовка LUKS. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:349
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "вже містить заголовок LUKS. Заміна заголовка призведе до руйнування вже створених слотів ключів."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:350 lib/luks2/luks2_json_metadata.c:1462
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"ПОПЕРЕДЖЕННЯ: заголовок, що зберігається на пристрої, має інший UUID, ніж заголовок у резервній копії!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:398
msgid "Non standard key size, manual repair required."
msgstr "Нестандартний розмір ключа, слід виправити дані вручну."
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:408
msgid "Non standard keyslots alignment, manual repair required."
msgstr "Нестандартне вирівнювання слотів ключів, слід виправити дані вручну."
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:417
+#, c-format
+msgid "Cipher mode repaired (%s -> %s)."
+msgstr "Виправлений режим шифрування (%s -> %s)."
+
+#: lib/luks1/keymanage.c:428
+#, c-format
+msgid "Cipher hash repaired to lowercase (%s)."
+msgstr "Виправлений хеш шифрування малими літерами (%s)."
+
+#: lib/luks1/keymanage.c:430 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:792
+#, c-format
+msgid "Requested LUKS hash %s is not supported."
+msgstr "Підтримки бажаного хешування LUKS, %s, не передбачено."
+
+#: lib/luks1/keymanage.c:444
msgid "Repairing keyslots."
msgstr "Виправлення слотів ключів."
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:463
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "Слот ключа %i: виправлено відступ (%u -> %u)."
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:471
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "Слот ключа %i: виправлено смужки (%u -> %u)."
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:480
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "Слот ключа %i: зайвий підпис розділу."
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:485
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "Слот ключа %i: дані ініціалізації (сіль) витерто."
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:502
msgid "Writing LUKS header to disk."
msgstr "Запис заголовка LUKS на диск."
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:507
msgid "Repair failed."
msgstr "Спроба виправлення зазнала невдачі."
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:562
#, c-format
-msgid "Requested LUKS hash %s is not supported."
-msgstr "Підтримки бажаного хешування LUKS, %s, не передбачено."
+msgid "LUKS cipher mode %s is invalid."
+msgstr "Режим шифрування LUKS %s є некоректним."
+
+#: lib/luks1/keymanage.c:567
+#, c-format
+msgid "LUKS hash %s is invalid."
+msgstr "Хеш-сума LUKS %s є некоректною."
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:574 src/cryptsetup.c:1281
msgid "No known problems detected for LUKS header."
msgstr "У заголовку LUKS не виявлено жодних проблем."
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:702
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "Помилка під час оновлення заголовка LUKS на пристрої %s."
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:710
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "Помилка під час спроби повторного читання заголовка LUKS після оновлення на пристрої %s."
-#: lib/luks1/keymanage.c:751
+#: lib/luks1/keymanage.c:786
msgid "Data offset for LUKS header must be either 0 or higher than header size."
msgstr "Відступ даних для заголовка LUKS має бути або рівним нулеві, або перевищувати розмір заголовка."
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:797 lib/luks1/keymanage.c:866
+#: lib/luks2/luks2_json_format.c:286 lib/luks2/luks2_json_metadata.c:1236
+#: src/utils_reencrypt.c:539
msgid "Wrong LUKS UUID format provided."
msgstr "Вказано UUID LUKS у помилковому форматі."
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:819
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "Не вдалося створити заголовок LUKS: помилка читання випадкових даних для ініціалізації."
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:845
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "Не вдалося створити заголовок LUKS: помилка під час обчислення контрольної суми заголовка (з використанням хешу %s)."
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:889
#, c-format
msgid "Key slot %d active, purge first."
msgstr "Слот ключа %d є активним. Його слід спочатку спорожнити."
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:895
#, c-format
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "Ентропія даних слота ключа %d є надто низькою. Маніпуляції з заголовком?"
-#: lib/luks1/keymanage.c:1002
+#: lib/luks1/keymanage.c:931 lib/luks2/luks2_keyslot_luks2.c:270
+msgid "PBKDF2 iteration value overflow."
+msgstr "Переповнення значення ітерації PBKDF2."
+
+#: lib/luks1/keymanage.c:1040
#, c-format
msgid "Cannot open keyslot (using hash %s)."
msgstr "Не вдалося відкрити слот ключа (за допомогою хешу %s)."
-#: lib/luks1/keymanage.c:1080
+#: lib/luks1/keymanage.c:1118
#, c-format
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "Слот ключа %d є некоректним, будь ласка, виберіть слот ключа з номером від 0 до %d."
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1136 lib/luks2/luks2_keyslot.c:718
#, c-format
msgid "Cannot wipe device %s."
msgstr "Не вдалося витерти пристрій %s."
msgid "Kernel does not support loop-AES compatible mapping."
msgstr "У ядрі не передбачено підтримки призначення, сумісного з loop-AES."
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:508
#, c-format
msgid "Error reading keyfile %s."
msgstr "Помилка під час спроби читання файла ключа %s."
-#: lib/tcrypt/tcrypt.c:554
+#: lib/tcrypt/tcrypt.c:558
#, c-format
msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
msgstr "Перевищено максимальну можливу довжину пароля TCRYPT (%zu)."
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:600
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "Засіб створення хешів PBKDF2 за алгоритмом %s недоступний, пропускаємо."
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:619 src/cryptsetup.c:1156
msgid "Required kernel crypto interface not available."
msgstr "Потрібний для роботи інтерфейс ядра для шифрування недоступний."
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:621 src/cryptsetup.c:1158
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "Переконайтеся, що завантажено модуль ядра algif_skcipher."
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:762
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "Підтримки активації для розміру сектора %d не передбачено."
-#: lib/tcrypt/tcrypt.c:759
+#: lib/tcrypt/tcrypt.c:768
msgid "Kernel does not support activation for this TCRYPT legacy mode."
msgstr "У ядрі не передбачено підтримки вмикання цього застарілого режиму TCRYPT."
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:799
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "Активуємо шифрування системи за допомогою TCRYPT для розділу %s."
-#: lib/tcrypt/tcrypt.c:868
+#: lib/tcrypt/tcrypt.c:882
msgid "Kernel does not support TCRYPT compatible mapping."
msgstr "У ядрі не передбачено підтримки призначення, сумісного з TCRYPT."
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1095
msgid "This function is not supported without TCRYPT header load."
msgstr "Підтримки цієї дії без завантаження заголовка TCRYPT."
-#: lib/bitlk/bitlk.c:350
+#: lib/bitlk/bitlk.c:278
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний тип запису метаданих «%u»."
-#: lib/bitlk/bitlk.c:397
+#: lib/bitlk/bitlk.c:337
msgid "Invalid string found when parsing Volume Master Key."
msgstr "Під час обробки основного ключа тому виявлено некоректний рядок."
-#: lib/bitlk/bitlk.c:402
+#: lib/bitlk/bitlk.c:341
#, c-format
msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуваний рядок («%s»)."
-#: lib/bitlk/bitlk.c:419
+#: lib/bitlk/bitlk.c:358
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
msgstr "Під час обробки підтримуваного основного ключа тому виявлено неочікуване значення запису метаданих «%u»."
-#: lib/bitlk/bitlk.c:502
-#, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Не вдалося прочитати підпис BITLK з %s."
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr "Некоректний або невідомий підпис для пристрою BITLK."
-
-#: lib/bitlk/bitlk.c:520
+#: lib/bitlk/bitlk.c:460
msgid "BITLK version 1 is currently not supported."
msgstr "Підтримки BITLK версії 1 у поточній версії не передбачено."
-#: lib/bitlk/bitlk.c:526
+#: lib/bitlk/bitlk.c:466
msgid "Invalid or unknown boot signature for BITLK device."
msgstr "Некоректний або невідомий підпис завантаження для пристрою BITLK."
-#: lib/bitlk/bitlk.c:538
+#: lib/bitlk/bitlk.c:478
#, c-format
msgid "Unsupported sector size %<PRIu16>."
msgstr "Непідтримуваний розмір сектора %<PRIu16>."
-#: lib/bitlk/bitlk.c:546
+#: lib/bitlk/bitlk.c:486
#, c-format
msgid "Failed to read BITLK header from %s."
msgstr "Не вдалося прочитати заголовок BITLK з %s."
-#: lib/bitlk/bitlk.c:571
+#: lib/bitlk/bitlk.c:511
#, c-format
msgid "Failed to read BITLK FVE metadata from %s."
msgstr "Не вдалося прочитати метадані FVE BITLK з %s."
-#: lib/bitlk/bitlk.c:622
+#: lib/bitlk/bitlk.c:562
msgid "Unknown or unsupported encryption type."
msgstr "Невідомий або непідтримуваний тип шифрування."
-#: lib/bitlk/bitlk.c:655
+#: lib/bitlk/bitlk.c:602
#, c-format
msgid "Failed to read BITLK metadata entries from %s."
msgstr "Не вдалося прочитати записи метаданих BITLK з %s."
-#: lib/bitlk/bitlk.c:897
+#: lib/bitlk/bitlk.c:719
+msgid "Failed to convert BITLK volume description"
+msgstr "Не вдалося перетворити опис тому BITLK"
+
+#: lib/bitlk/bitlk.c:882
#, c-format
msgid "Unexpected metadata entry type '%u' found when parsing external key."
msgstr "Під час обробки зовнішнього ключа виявлено неочікуваний тип запису метаданих «%u»."
-#: lib/bitlk/bitlk.c:912
+#: lib/bitlk/bitlk.c:905
+#, c-format
+msgid "BEK file GUID '%s' does not match GUID of the volume."
+msgstr "Файл GUID BEK «%s» не відповідає GUID тому."
+
+#: lib/bitlk/bitlk.c:909
#, c-format
msgid "Unexpected metadata entry value '%u' found when parsing external key."
msgstr "Під час обробки зовнішнього ключа виявлено неочікуване значення запису метаданих «%u»."
-#: lib/bitlk/bitlk.c:980
+#: lib/bitlk/bitlk.c:948
+#, c-format
+msgid "Unsupported BEK metadata version %<PRIu32>"
+msgstr "Непідтримувана версія метаданих BEK, %<PRIu32>"
+
+#: lib/bitlk/bitlk.c:953
+#, c-format
+msgid "Unexpected BEK metadata size %<PRIu32> does not match BEK file length"
+msgstr "Неочікуваний розмір метаданих BEK, %<PRIu32>, не відповідає довжині файла BEK"
+
+#: lib/bitlk/bitlk.c:979
msgid "Unexpected metadata entry found when parsing startup key."
msgstr "Під час обробки ключа запуску виявлено неочікуваний запис метаданих."
-#: lib/bitlk/bitlk.c:1071
+#: lib/bitlk/bitlk.c:1075
msgid "This operation is not supported."
msgstr "Підтримки цієї дії не передбачено."
-#: lib/bitlk/bitlk.c:1079
+#: lib/bitlk/bitlk.c:1083
msgid "Unexpected key data size."
msgstr "Неочікуваний розмір даних ключа."
-#: lib/bitlk/bitlk.c:1133
+#: lib/bitlk/bitlk.c:1209
msgid "This BITLK device is in an unsupported state and cannot be activated."
msgstr "Цей пристрій BITLK перебуває у непідтримуваному стані — його неможливо активувати."
-#: lib/bitlk/bitlk.c:1139
+#: lib/bitlk/bitlk.c:1214
#, c-format
msgid "BITLK devices with type '%s' cannot be activated."
msgstr "Пристрої BITLK типу «%s» неможливо активувати."
-#: lib/bitlk/bitlk.c:1234
+#: lib/bitlk/bitlk.c:1221
msgid "Activation of partially decrypted BITLK device is not supported."
msgstr "Активації частково розшифрованого пристрою BITLK не передбачено."
-#: lib/bitlk/bitlk.c:1370
+#: lib/bitlk/bitlk.c:1262
+#, c-format
+msgid "WARNING: BitLocker volume size %<PRIu64> does not match the underlying device size %<PRIu64>"
+msgstr "УВАГА: розмір тому BitLocker %<PRIu64> не відповідає розміру базового пристрою %<PRIu64>"
+
+#: lib/bitlk/bitlk.c:1389
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки BITLK IV."
-#: lib/bitlk/bitlk.c:1374
+#: lib/bitlk/bitlk.c:1393
msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки дифузера Elephant BITLK."
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
+#: lib/bitlk/bitlk.c:1397
+msgid "Cannot activate device, kernel dm-crypt is missing support for large sector size."
+msgstr "Не вдалося активувати пристрій — у dm-crypt ядра немає підтримки великого розміру секторів."
+
+#: lib/bitlk/bitlk.c:1401
+msgid "Cannot activate device, kernel dm-zero module is missing."
+msgstr "Не вдалося активувати пристрій — немає модуля ядра dm-zero."
+
+#: lib/fvault2/fvault2.c:542
#, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Ð\9dа пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97 VERITY %s не викоÑ\80иÑ\81Ñ\82овÑ\83Ñ\94Ñ\82Ñ\8cÑ\81Ñ\8f вбÑ\83дований заголовок."
+msgid "Could not read %u bytes of volume header."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80оÑ\87иÑ\82аÑ\82и %u байÑ\82Ñ\96в заголовка Ñ\82омÑ\83."
-#: lib/verity/verity.c:91
+#: lib/fvault2/fvault2.c:554
#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "Пристрій %s не є коректним пристроєм VERITY."
+msgid "Unsupported FVAULT2 version %<PRIu16>."
+msgstr "Непідтримувана версія FVAULT2 %<PRIu16>."
+
+#: lib/verity/verity.c:68 lib/verity/verity.c:182
+#, c-format
+msgid "Verity device %s does not use on-disk header."
+msgstr "На пристрої VERITY %s не використовується вбудований заголовок."
-#: lib/verity/verity.c:98
+#: lib/verity/verity.c:96
#, c-format
msgid "Unsupported VERITY version %d."
msgstr "Непідтримувана версія VERITY, %d."
-#: lib/verity/verity.c:129
+#: lib/verity/verity.c:131
msgid "VERITY header corrupted."
msgstr "Пошкоджено заголовок VERITY."
-#: lib/verity/verity.c:174
+#: lib/verity/verity.c:176
#, c-format
msgid "Wrong VERITY UUID format provided on device %s."
msgstr "На пристрої %s вказано UUID VERITY у помилковому форматі."
-#: lib/verity/verity.c:218
+#: lib/verity/verity.c:220
#, c-format
msgid "Error during update of verity header on device %s."
msgstr "Помилка під час оновлення заголовка verity на пристрої %s."
-#: lib/verity/verity.c:276
+#: lib/verity/verity.c:278
msgid "Root hash signature verification is not supported."
msgstr "Підтримки перевірки підпису кореневого хешу не передбачено."
-#: lib/verity/verity.c:288
+#: lib/verity/verity.c:290
msgid "Errors cannot be repaired with FEC device."
msgstr "Помилки не може бути виправлено за допомогою пристрою FEC."
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:292
#, c-format
msgid "Found %u repairable errors with FEC device."
msgstr "За допомогою пристрою FEC виявлено %u придатних до виправлення помилок."
-#: lib/verity/verity.c:333
+#: lib/verity/verity.c:335
msgid "Kernel does not support dm-verity mapping."
msgstr "У ядрі не передбачено підтримки прив'язки dm-verity."
-#: lib/verity/verity.c:337
+#: lib/verity/verity.c:339
msgid "Kernel does not support dm-verity signature option."
msgstr "У ядрі не передбачено підтримки параметра підпису dm-verity."
-#: lib/verity/verity.c:348
+#: lib/verity/verity.c:350
msgid "Verity device detected corruption after activation."
msgstr "Виявлено пошкодження даних на пристрої перевірки після активації."
-#: lib/verity/verity_hash.c:59
+#: lib/verity/verity_hash.c:66
#, c-format
msgid "Spare area is not zeroed at position %<PRIu64>."
msgstr "Резервну область не занулено у позиції %<PRIu64>."
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
+#: lib/verity/verity_hash.c:167 lib/verity/verity_hash.c:300
+#: lib/verity/verity_hash.c:311
msgid "Device offset overflow."
msgstr "Переповнення відступу на пристрої."
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:218
#, c-format
msgid "Verification failed at position %<PRIu64>."
msgstr "Помилка під час перевірки за позицією %<PRIu64>."
-#: lib/verity/verity_hash.c:273
+#: lib/verity/verity_hash.c:307
msgid "Hash area overflow."
msgstr "Переповнення області хешу."
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:380
msgid "Verification of data area failed."
msgstr "Не вдалося перевірити область даних."
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:385
msgid "Verification of root hash failed."
msgstr "Не вдалося перевірити кореневий хеш."
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:391
msgid "Input/output error while creating hash area."
msgstr "Під час створення області хешу сталася помилка введення або виведення даних."
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:393
msgid "Creation of hash area failed."
msgstr "Не вдалося створити область хешу."
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:428
#, c-format
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "Попередження: ядро не зможе задіяти пристрій, якщо розмір блоку перевищуватиме розмір сторінки (%u)."
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "Не вдалося відновити парність для блоку %<PRIu64>."
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:192
#, c-format
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "Не вдалося прочитати парність для блоку RS %<PRIu64>."
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:208
msgid "Block sizes must match for FEC."
msgstr "Розміри блоків для FEC мають бути однаковими."
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:214
msgid "Invalid number of parity bytes."
msgstr "Некоректна кількість байтів парності."
-#: lib/verity/verity_fec.c:238
+#: lib/verity/verity_fec.c:248
msgid "Invalid FEC segment length."
msgstr "Некоректна довжина сегмента FEC."
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:316
#, c-format
msgid "Failed to determine size for device %s."
msgstr "Не вдалося визначити розмір для пристрою %s."
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
+#: lib/integrity/integrity.c:57
+#, c-format
+msgid "Incompatible kernel dm-integrity metadata (version %u) detected on %s."
+msgstr "Виявлено несумісні метадані dm-integrity ядра (версія %u) у %s."
+
+#: lib/integrity/integrity.c:277 lib/integrity/integrity.c:379
msgid "Kernel does not support dm-integrity mapping."
msgstr "У ядрі не передбачено підтримки прив'язки dm-integrity."
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:283
msgid "Kernel does not support dm-integrity fixed metadata alignment."
msgstr "У ядрі не передбачено підтримки вирівнювання фіксованих метаданих dm-integrity."
-#: lib/integrity/integrity.c:287
+#: lib/integrity/integrity.c:292
msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
msgstr "Ядром відмовлено у активації небезпечного параметра повторного обчислення (див. застарілі параметри активації, щоб скористатися обчисленням попри це)."
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:391 lib/luks2/luks2_json_metadata.c:1159
+#: lib/luks2/luks2_json_metadata.c:1482
#, c-format
msgid "Failed to acquire write lock on device %s."
msgstr "Не вдалося отримати блокування запису на пристрої %s."
-#: lib/luks2/luks2_disk_metadata.c:392
+#: lib/luks2/luks2_disk_metadata.c:400
msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
msgstr "Виявлено спробу конкурентного оновлення метаданих LUKS2. Перериваємо виконання дії."
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
+#: lib/luks2/luks2_disk_metadata.c:699 lib/luks2/luks2_disk_metadata.c:720
msgid ""
"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
"Please run \"cryptsetup repair\" for recovery."
"Пристрій містить неоднозначні підписи. Автоматичне відновлення LUKS2 неможливе.\n"
"Будь ласка, запустіть «cryptsetup repair» для відновлення."
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:229
msgid "Requested data offset is too small."
msgstr "Вказаний відступ у даних є надто малим."
-#: lib/luks2/luks2_json_format.c:272
+#: lib/luks2/luks2_json_format.c:274
#, c-format
msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
msgstr "Увага: область слоту ключів є надто малою (%<PRIu64> байтів), доступна кількість слотів ключів LUKS2 буде дуже обмеженою.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:1146 lib/luks2/luks2_json_metadata.c:1328
+#: lib/luks2/luks2_json_metadata.c:1388 lib/luks2/luks2_keyslot_luks2.c:94
+#: lib/luks2/luks2_keyslot_luks2.c:116
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "Не вдалося отримати блокування читання на пристрої %s."
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1405
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr "У резервній копії %s виявлено заборонені вимоги щодо LUKS2."
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1446
msgid "Data offset differ on device and backup, restore failed."
msgstr "Зсуви даних на пристрої і на резервній копії різняться, не вдалося відновити."
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1452
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "Двійкові заголовки із розмірами областей слотів ключів на пристрої і у резервній копії різняться, не вдалося відновити копію."
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1459
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "Пристрій %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1460
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "не містить заголовка LUKS2. Заміна заголовка може зруйнувати дані, що зберігаються на пристрої."
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1461
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "вже містить заголовок LUKS2. Заміна заголовка призведе до руйнування вже створених слотів ключів."
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1463
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"ПОПЕРЕДЖЕННЯ: виявлено невідомі вимоги LUKS2 у справжньому заголовку пристрою!\n"
"Заміна заголовка резервною копією може пошкодити дані на пристрої!"
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1465
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"ПОПЕРЕДЖЕННЯ: на пристрої виявлено дані незавершеного повторного шифрування!\n"
"Заміна заголовка заголовком із резервної копії може пошкодити дані."
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1562
#, c-format
msgid "Ignored unknown flag %s."
msgstr "Проігноровано невідомий прапорець %s."
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: lib/luks2/luks2_json_metadata.c:2470 lib/luks2/luks2_reencrypt.c:2061
#, c-format
msgid "Missing key for dm-crypt segment %u"
msgstr "Не вистачає ключа для сегмента dm-crypt %u"
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
+#: lib/luks2/luks2_json_metadata.c:2482 lib/luks2/luks2_reencrypt.c:2075
msgid "Failed to set dm-crypt segment."
msgstr "Не вдалося встановити сегмент dm-crypt."
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
+#: lib/luks2/luks2_json_metadata.c:2488 lib/luks2/luks2_reencrypt.c:2081
msgid "Failed to set dm-linear segment."
msgstr "Не вдалося встановити сегмент dm-linear."
-#: lib/luks2/luks2_json_metadata.c:2342
+#: lib/luks2/luks2_json_metadata.c:2615
msgid "Unsupported device integrity configuration."
msgstr "Непідтримувані налаштування цілісності даних на пристрої."
-#: lib/luks2/luks2_json_metadata.c:2428
+#: lib/luks2/luks2_json_metadata.c:2701
msgid "Reencryption in-progress. Cannot deactivate device."
msgstr "Виконуємо повторне шифрування. Не можна деактивувати пристрій."
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: lib/luks2/luks2_json_metadata.c:2712 lib/luks2/luks2_reencrypt.c:4082
#, c-format
msgid "Failed to replace suspended device %s with dm-error target."
msgstr "Не вдалося замінити пристрій %s, роботу якого призупинено, ціллю dm-error."
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:2792
msgid "Failed to read LUKS2 requirements."
msgstr "Не вдалося прочитати вимоги LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:2799
msgid "Unmet LUKS2 requirements detected."
msgstr "Виявлено невідповідність вимог LUKS2."
-#: lib/luks2/luks2_json_metadata.c:2534
+#: lib/luks2/luks2_json_metadata.c:2807
msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування застарілого варіанта. Перериваємо дію."
-#: lib/luks2/luks2_json_metadata.c:2536
+#: lib/luks2/luks2_json_metadata.c:2809
msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
msgstr "Дія є несумісною із пристроєм, який позначено для перешифрування LUKS2. Перериваємо дію."
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
+#: lib/luks2/luks2_keyslot.c:563 lib/luks2/luks2_keyslot.c:600
msgid "Not enough available memory to open a keyslot."
msgstr "Недостатньо пам'яті для відкриття слоту ключів."
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
+#: lib/luks2/luks2_keyslot.c:565 lib/luks2/luks2_keyslot.c:602
msgid "Keyslot open failed."
msgstr "Не вдалося відкрити слот ключів."
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
+#: lib/luks2/luks2_keyslot_luks2.c:55 lib/luks2/luks2_keyslot_luks2.c:110
#, c-format
msgid "Cannot use %s-%s cipher for keyslot encryption."
msgstr "Не можна використовувати шифрування %s-%s для слотів ключів."
-#: lib/luks2/luks2_keyslot_luks2.c:480
+#: lib/luks2/luks2_keyslot_luks2.c:285 lib/luks2/luks2_keyslot_luks2.c:394
+#: lib/luks2/luks2_keyslot_reenc.c:443 lib/luks2/luks2_reencrypt.c:2668
+#, c-format
+msgid "Hash algorithm %s is not available."
+msgstr "Алгоритм хешування %s є недоступним."
+
+#: lib/luks2/luks2_keyslot_luks2.c:510
msgid "No space for new keyslot."
msgstr "Немає простору для нового слоту ключа."
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_keyslot_reenc.c:593
+msgid "Invalid reencryption resilience mode change requested."
+msgstr "Отримано запит щодо некоректної зміни режиму стійкості для повторного шифрування."
+
+#: lib/luks2/luks2_keyslot_reenc.c:714
+#, c-format
+msgid "Can not update resilience type. New type only provides %<PRIu64> bytes, required space is: %<PRIu64> bytes."
+msgstr "Не вдалося оновити тип стійкості. Новим типом передбачено %<PRIu64> байтів, потрібне місце: %<PRIu64> байтів."
+
+#: lib/luks2/luks2_keyslot_reenc.c:724
+msgid "Failed to refresh reencryption verification digest."
+msgstr "Не вдалося освіжити контрольні суми для перевірки для повторного шифрування."
+
+#: lib/luks2/luks2_luks1_convert.c:512
#, c-format
msgid "Cannot check status of device with uuid: %s."
msgstr "Не вдалося перевірити стан пристрою з uuid %s."
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:538
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr "Не вдалося перетворити заголовок з додатковими метаданими LUKSMETA."
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:569 lib/luks2/luks2_reencrypt.c:3740
+#, c-format
+msgid "Unable to use cipher specification %s-%s for LUKS2."
+msgstr "Не вдалося використати специфікацію шифрування %s-%s для LUKS2."
+
+#: lib/luks2/luks2_luks1_convert.c:584
msgid "Unable to move keyslot area. Not enough space."
msgstr "Не вдалося пересунути область слотів ключів. Недостатньо місця."
-#: lib/luks2/luks2_luks1_convert.c:599
+#: lib/luks2/luks2_luks1_convert.c:619
+msgid "Cannot convert to LUKS2 format - invalid metadata."
+msgstr "Не вдалося перетворити до формату LUKS2 - некоректні метадані."
+
+#: lib/luks2/luks2_luks1_convert.c:636
msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
msgstr "Не вдалося пересунути область слотів ключів. Область слотів ключів LUKS2 є надто малою."
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:642 lib/luks2/luks2_luks1_convert.c:936
msgid "Unable to move keyslot area."
msgstr "Не вдалося пересунути область слотів ключів."
-#: lib/luks2/luks2_luks1_convert.c:697
+#: lib/luks2/luks2_luks1_convert.c:732
msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
msgstr "Не вдалося перетворити на формат LUKS1 — типовий розмір сектору шифрування сегмента не дорівнює 512 байтам."
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:740
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "Не вдалося перетворити до формату LUKS1 — контрольні суми слотів ключів не сумісні з LUKS1."
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:752
#, c-format
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "Не вдалося перетворити до формату LUKS1 — на пристрої використовується загорнуте шифрування ключів %s."
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:757
+msgid "Cannot convert to LUKS1 format - device uses more segments."
+msgstr "Не вдалося перетворити до формату LUKS1 — на пристрої використовується більше сегментів."
+
+#: lib/luks2/luks2_luks1_convert.c:765
#, c-format
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f пеÑ\80еÑ\82воÑ\80иÑ\82и до Ñ\84оÑ\80маÑ\82Ñ\83 LUKS1 - заголовок LUKS2 мÑ\96Ñ\81Ñ\82иÑ\82Ñ\8c %u клÑ\8eÑ\87ів."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f пеÑ\80еÑ\82воÑ\80иÑ\82и до Ñ\84оÑ\80маÑ\82Ñ\83 LUKS1 - заголовок LUKS2 мÑ\96Ñ\81Ñ\82иÑ\82Ñ\8c %u жеÑ\82онів."
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:779
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "Не вдалося перетворити до формату LUKS1 - слот ключа %u перебуває у некоректному стані."
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:784
#, c-format
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "Не вдалося перетворити до формату LUKS1 — слот %u (перевищує максимальну кількість слотів) усе ще є активним."
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:789
#, c-format
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "не вдалося перетворити до формату LUKS1 — слот ключів %u є несумісним з LUKS1."
-#: lib/luks2/luks2_reencrypt.c:1002
+#: lib/luks2/luks2_reencrypt.c:1152
#, c-format
msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Розмір «гарячої» ділянки має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)."
-#: lib/luks2/luks2_reencrypt.c:1007
+#: lib/luks2/luks2_reencrypt.c:1157
#, c-format
msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
msgstr "Розмір пристрою має бути кратним до обчисленого вирівнювання ділянки (%zu байтів)."
-#: lib/luks2/luks2_reencrypt.c:1051
-#, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Непідтримуваний режим стійкості %s"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
+#: lib/luks2/luks2_reencrypt.c:1364 lib/luks2/luks2_reencrypt.c:1551
+#: lib/luks2/luks2_reencrypt.c:1634 lib/luks2/luks2_reencrypt.c:1676
+#: lib/luks2/luks2_reencrypt.c:3877
msgid "Failed to initialize old segment storage wrapper."
msgstr "Не вдалося ініціалізувати обгортку старого сховища сегментів."
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
+#: lib/luks2/luks2_reencrypt.c:1378 lib/luks2/luks2_reencrypt.c:1529
msgid "Failed to initialize new segment storage wrapper."
msgstr "Не вдалося ініціалізувати обгортку нового сховища сегментів."
-#: lib/luks2/luks2_reencrypt.c:1450
+#: lib/luks2/luks2_reencrypt.c:1505 lib/luks2/luks2_reencrypt.c:3889
+msgid "Failed to initialize hotzone protection."
+msgstr "Не вдалося ініціалізувати захист «гарячої» зони"
+
+#: lib/luks2/luks2_reencrypt.c:1578
msgid "Failed to read checksums for current hotzone."
msgstr "Не вдалося прочитати контрольні суми для поточної «гарячої» ділянки."
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
+#: lib/luks2/luks2_reencrypt.c:1585 lib/luks2/luks2_reencrypt.c:3903
#, c-format
msgid "Failed to read hotzone area starting at %<PRIu64>."
msgstr "Не вдалося прочитати «гарячу» ділянку, починаючи з %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:1476
+#: lib/luks2/luks2_reencrypt.c:1604
#, c-format
msgid "Failed to decrypt sector %zu."
msgstr "Не вдалося розшифрувати сектор %zu."
-#: lib/luks2/luks2_reencrypt.c:1482
+#: lib/luks2/luks2_reencrypt.c:1610
#, c-format
msgid "Failed to recover sector %zu."
msgstr "Не вдалося відновити сектор %zu."
-#: lib/luks2/luks2_reencrypt.c:1977
+#: lib/luks2/luks2_reencrypt.c:2174
#, c-format
msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
msgstr "Розміри пристроїв джерела та призначення не збігаються. Розмір джерела — %<PRIu64>, розмір призначення — %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:2075
+#: lib/luks2/luks2_reencrypt.c:2272
#, c-format
msgid "Failed to activate hotzone device %s."
msgstr "Не вдалося задіяти пристрій «гарячої» ділянки %s."
-#: lib/luks2/luks2_reencrypt.c:2092
+#: lib/luks2/luks2_reencrypt.c:2289
#, c-format
msgid "Failed to activate overlay device %s with actual origin table."
msgstr "Не вдалося задіяти пристрій-накладку %s зі справжньою таблицею походження."
-#: lib/luks2/luks2_reencrypt.c:2099
+#: lib/luks2/luks2_reencrypt.c:2296
#, c-format
msgid "Failed to load new mapping for device %s."
msgstr "Не вдалося завантажити нову прив'язку для пристрою %s."
-#: lib/luks2/luks2_reencrypt.c:2170
+#: lib/luks2/luks2_reencrypt.c:2367
msgid "Failed to refresh reencryption devices stack."
msgstr "Не вдалося освіжити тек пристрої для повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:2326
+#: lib/luks2/luks2_reencrypt.c:2550
msgid "Failed to set new keyslots area size."
msgstr "Не вдалося встановити розмір області нових слотів ключів."
-#: lib/luks2/luks2_reencrypt.c:2430
+#: lib/luks2/luks2_reencrypt.c:2686
+#, c-format
+msgid "Data shift value is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Значення зміщення даних не вирівняно до розміру сектора для шифрування (%<PRIu32> байтів)."
+
+#: lib/luks2/luks2_reencrypt.c:2723 src/utils_reencrypt.c:189
+#, c-format
+msgid "Unsupported resilience mode %s"
+msgstr "Непідтримуваний режим стійкості %s"
+
+#: lib/luks2/luks2_reencrypt.c:2760
+msgid "Moved segment size can not be greater than data shift value."
+msgstr "Розмір пересунутого сегмента не може перевищувати значення зсуву даних."
+
+#: lib/luks2/luks2_reencrypt.c:2802
+msgid "Invalid reencryption resilience parameters."
+msgstr "Некоректні параметри стійкості для повторного шифрування."
+
+#: lib/luks2/luks2_reencrypt.c:2824
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Зміщення даних не вирівняно до запитаного розміру сектора для шифрування (%<PRIu32> байтів)."
+msgid "Moved segment too large. Requested size %<PRIu64>, available space for: %<PRIu64>."
+msgstr "Пересунутий сегмент є надто великим. Потрібний розмір %<PRIu64>, доступне місце: %<PRIu64>."
+
+#: lib/luks2/luks2_reencrypt.c:2911
+msgid "Failed to clear table."
+msgstr "Не вдалося очистити таблицю."
-#: lib/luks2/luks2_reencrypt.c:2451
+#: lib/luks2/luks2_reencrypt.c:2997
+msgid "Reduced data size is larger than real device size."
+msgstr "Зменшений розмір даних перевищує справжній розмір пристрою."
+
+#: lib/luks2/luks2_reencrypt.c:3004
#, c-format
-msgid "Data device is not aligned to
requested encryption sector size (%<PRIu32> bytes)."
-msgstr "Пристрій зберігання даних не вирівняно до
запитаного розміру сектора для шифрування (%<PRIu32> байтів)."
+msgid "Data device is not aligned to encryption sector size (%<PRIu32> bytes)."
+msgstr "Пристрій зберігання даних не вирівняно до розміру сектора для шифрування (%<PRIu32> байтів)."
-#: lib/luks2/luks2_reencrypt.c:2472
+#: lib/luks2/luks2_reencrypt.c:3038
#, c-format
msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
msgstr "Зміщення даних (%<PRIu64> секторів) є меншим за майбутній зсув даних (%<PRIu64> секторів)."
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
+#: lib/luks2/luks2_reencrypt.c:3045 lib/luks2/luks2_reencrypt.c:3533
+#: lib/luks2/luks2_reencrypt.c:3554
#, c-format
msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
msgstr "Не вдалося відкрити %s в ексклюзивному режимі (вже пов'язано або змонтовано)."
-#: lib/luks2/luks2_reencrypt.c:2647
+#: lib/luks2/luks2_reencrypt.c:3234
msgid "Device not marked for LUKS2 reencryption."
msgstr "Пристрій не позначено для повторного шифрування LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
+#: lib/luks2/luks2_reencrypt.c:3251 lib/luks2/luks2_reencrypt.c:4206
msgid "Failed to load LUKS2 reencryption context."
msgstr "Не вдалося завантажити контекст повторного шифрування LUKS2."
-#: lib/luks2/luks2_reencrypt.c:2744
+#: lib/luks2/luks2_reencrypt.c:3331
msgid "Failed to get reencryption state."
msgstr "Не вдалося отримати стан повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
+#: lib/luks2/luks2_reencrypt.c:3335 lib/luks2/luks2_reencrypt.c:3649
msgid "Device is not in reencryption."
msgstr "Пристрій не перебуває у повторному шифруванні."
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
+#: lib/luks2/luks2_reencrypt.c:3342 lib/luks2/luks2_reencrypt.c:3656
msgid "Reencryption process is already running."
msgstr "Процес повторного шифрування вже виконується."
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
+#: lib/luks2/luks2_reencrypt.c:3344 lib/luks2/luks2_reencrypt.c:3658
msgid "Failed to acquire reencryption lock."
msgstr "Не вдалося створити блокування для повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:2775
+#: lib/luks2/luks2_reencrypt.c:3362
msgid "Cannot proceed with reencryption. Run reencryption recovery first."
msgstr "Продовження повторного шифрування неможливе. Спочатку слід виконати відновлення повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:2889
+#: lib/luks2/luks2_reencrypt.c:3497
msgid "Active device size and requested reencryption size don't match."
msgstr "Не збігаються розмір активного пристрою і запитаний розмір повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:2903
+#: lib/luks2/luks2_reencrypt.c:3511
msgid "Illegal device size requested in reencryption parameters."
msgstr "У параметрах повторного шифрування вказано некоректний розмір пристрою."
-#: lib/luks2/luks2_reencrypt.c:2973
+#: lib/luks2/luks2_reencrypt.c:3588
msgid "Reencryption in-progress. Cannot perform recovery."
msgstr "Виконується повторне шифрування. Неможливо виконати відновлення."
-#: lib/luks2/luks2_reencrypt.c:3129
+#: lib/luks2/luks2_reencrypt.c:3757
msgid "LUKS2 reencryption already initialized in metadata."
msgstr "Повторне шифрування LUKS2 вже ініційовано у метаданих."
-#: lib/luks2/luks2_reencrypt.c:3136
+#: lib/luks2/luks2_reencrypt.c:3764
msgid "Failed to initialize LUKS2 reencryption in metadata."
msgstr "Не вдалося ініціалізувати повторне шифрування LUKS2 лише у метаданих."
-#: lib/luks2/luks2_reencrypt.c:3225
+#: lib/luks2/luks2_reencrypt.c:3859
msgid "Failed to set device segments for next reencryption hotzone."
msgstr "Не вдалося встановити сегменти пристрою для наступної «гарячої» ділянки повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3267
+#: lib/luks2/luks2_reencrypt.c:3911
msgid "Failed to write reencryption resilience metadata."
msgstr "Не вдалося записати метадані стійкості для повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3274
+#: lib/luks2/luks2_reencrypt.c:3918
msgid "Decryption failed."
msgstr "Помилка розшифрування."
-#: lib/luks2/luks2_reencrypt.c:3279
+#: lib/luks2/luks2_reencrypt.c:3923
#, c-format
msgid "Failed to write hotzone area starting at %<PRIu64>."
msgstr "Не вдалося записати «гарячу» ділянку, починаючи з %<PRIu64>."
-#: lib/luks2/luks2_reencrypt.c:3284
+#: lib/luks2/luks2_reencrypt.c:3928
msgid "Failed to sync data."
msgstr "Не вдалося синхронізувати дані."
-#: lib/luks2/luks2_reencrypt.c:3292
+#: lib/luks2/luks2_reencrypt.c:3936
msgid "Failed to update metadata after current reencryption hotzone completed."
msgstr "Не вдалося оновити метадані після завершення обробки поточної «гарячої» зони повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3359
+#: lib/luks2/luks2_reencrypt.c:4025
msgid "Failed to write LUKS2 metadata."
msgstr "Не вдалося записати метадані LUKS2."
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f виÑ\82еÑ\80Ñ\82и данÑ\96 Ñ\80езеÑ\80вного Ñ\81егменÑ\82а."
+#: lib/luks2/luks2_reencrypt.c:4048
+msgid "Failed to wipe unused data device area."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f виÑ\82еÑ\80Ñ\82и облаÑ\81Ñ\82Ñ\8c невикоÑ\80иÑ\81Ñ\82аниÑ\85 даниÑ\85 пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e."
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
+#: lib/luks2/luks2_reencrypt.c:4054
+#, c-format
msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80ив'Ñ\8fзаÑ\82и клÑ\8eÑ\87 %d до Ñ\81лоÑ\82Ñ\83 ключа %d."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f вилÑ\83Ñ\87иÑ\82и невикоÑ\80иÑ\81Ñ\82аний (непов'Ñ\8fзаний) Ñ\81лоÑ\82 ключа %d."
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
+#: lib/luks2/luks2_reencrypt.c:4064
msgid "Failed to remove reencryption keyslot."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f оÑ\82Ñ\80имаÑ\82и Ñ\81Ñ\82ан блокÑ\83ваннÑ\8f для повторного шифрування."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f вилÑ\83Ñ\87иÑ\82и Ñ\81лоÑ\82 клÑ\8eÑ\87а для повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3408
+#: lib/luks2/luks2_reencrypt.c:4074
#, c-format
msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
msgstr "Критична помилка під час повторного шифрування фрагмента, починаючи з %<PRIu64>, довжиною у %<PRIu64> секторів."
-#: lib/luks2/luks2_reencrypt.c:3417
+#: lib/luks2/luks2_reencrypt.c:4078
+msgid "Online reencryption failed."
+msgstr "Не вдалося виконати інтерактивне повторне шифрування."
+
+#: lib/luks2/luks2_reencrypt.c:4083
msgid "Do not resume the device unless replaced with error target manually."
msgstr "Не відновлюйте пристрій, якщо не заміните вручну пристрій призначення для помилок."
-#: lib/luks2/luks2_reencrypt.c:3467
+#: lib/luks2/luks2_reencrypt.c:4137
msgid "Cannot proceed with reencryption. Unexpected reencryption status."
msgstr "Не вдалося виконати повторне шифрування. Неочікуваний стан засобу повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3473
+#: lib/luks2/luks2_reencrypt.c:4143
msgid "Missing or invalid reencrypt context."
msgstr "Не вказано контекст повторного шифрування або вказано некоректний контекст."
-#: lib/luks2/luks2_reencrypt.c:3480
+#: lib/luks2/luks2_reencrypt.c:4150
msgid "Failed to initialize reencryption device stack."
msgstr "Не вдалося ініціалізувати стос пристроїв повторного шифрування."
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
+#: lib/luks2/luks2_reencrypt.c:4172 lib/luks2/luks2_reencrypt.c:4219
msgid "Failed to update reencryption context."
msgstr "Не вдалося оновити контекст повторного шифрування."
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
+#: lib/luks2/luks2_reencrypt_digest.c:405
msgid "Reencryption metadata is invalid."
-msgstr "СлоÑ\82 клÑ\8eÑ\87а %d Ñ\94 некоÑ\80екÑ\82ним."
+msgstr "Ð\9cеÑ\82аданÑ\96 повÑ\82оÑ\80ного Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f Ñ\94 некоÑ\80екÑ\82ними."
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr "Ð\9dемаÑ\94 вÑ\96лÑ\8cного Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87Ñ\96в."
+#: src/cryptsetup.c:85
+msgid "Keyslot encryption parameters can be set only for LUKS2 device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80и Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87Ñ\96в можна вÑ\81Ñ\82ановлÑ\8eваÑ\82и лиÑ\88е длÑ\8f пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97в LUKS2."
-#: lib/luks2/luks2_token.c:270
+#: src/cryptsetup.c:108 src/cryptsetup.c:1901
#, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Не вдалося створити вбудований ключ %s."
-
-#: src/cryptsetup.c:198
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Перевірку паролів не можна виконувати на основі вхідних даних, які надходять не з tty."
+msgid "Enter token PIN: "
+msgstr "Введіть пінкод жетона: "
-#: src/cryptsetup.c:261
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Параметри шифрування слоту ключів можна встановлювати лише для пристроїв LUKS2."
+#: src/cryptsetup.c:110 src/cryptsetup.c:1903
+#, c-format
+msgid "Enter token %d PIN: "
+msgstr "Введіть пінкод жетона %d: "
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:159 src/cryptsetup.c:1103 src/cryptsetup.c:1430
+#: src/utils_reencrypt.c:1122 src/utils_reencrypt_luks1.c:517
+#: src/utils_reencrypt_luks1.c:580
msgid "No known cipher specification pattern detected."
msgstr "Не виявлено жодного відомого зразка специфікації шифрування."
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:167
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "Попередження: параметр --hash у простому режимі із вказаним файлом ключа ігнорується.\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:175
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "Попередження: параметр --keyfile-size проігноровано, розмір прочитаних даних збігається із розміром ключа шифрування.\n"
-#: src/cryptsetup.c:347
+#: src/cryptsetup.c:215
#, c-format
msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
msgstr "На %s виявлено підписи пристроїв. Подальша обробка може пошкодити наявні дані."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
+#: src/cryptsetup.c:221 src/cryptsetup.c:1177 src/cryptsetup.c:1225
+#: src/cryptsetup.c:1291 src/cryptsetup.c:1407 src/cryptsetup.c:1480
+#: src/cryptsetup.c:2266 src/integritysetup.c:187 src/utils_reencrypt.c:138
+#: src/utils_reencrypt.c:314 src/utils_reencrypt.c:749
msgid "Operation aborted.\n"
msgstr "Дію перервано.\n"
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:294
msgid "Option --key-file is required."
msgstr "Слід вказати параметр --key-file."
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:345
msgid "Enter VeraCrypt PIM: "
msgstr "Введіть PIM VeraCrypt: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:354
msgid "Invalid PIM value: parse error."
msgstr "Некоректне значення PIM: помилка обробки."
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:357
msgid "Invalid PIM value: 0."
msgstr "Некоректне значення PIM: 0."
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:360
msgid "Invalid PIM value: outside of range."
msgstr "Некоректне значення PIM: поза межами діапазону."
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:383
msgid "No device header detected with this passphrase."
msgstr "Для цього пароля не виявлено заголовка пристрою."
-#: src/cryptsetup.c:582
+#: src/cryptsetup.c:456 src/cryptsetup.c:632
#, c-format
msgid "Device %s is not a valid BITLK device."
msgstr "Пристрій %s не є коректним пристроєм BITLK."
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:464
+msgid "Cannot determine volume key size for BITLK, please use --key-size option."
+msgstr "Неможливо визначити розмір ключа тому для BITLK. Будь ласка, скористайтеся параметром --key-size."
+
+#: src/cryptsetup.c:506
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n"
"у безпечному місці."
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:573 src/cryptsetup.c:654 src/cryptsetup.c:2291
+msgid ""
+"The header dump with volume key is sensitive information\n"
+"that allows access to encrypted partition without a passphrase.\n"
+"This dump should be stored encrypted in a safe place."
+msgstr ""
+"Дамп заголовка з ключем тому є конфіденційними даними,\n"
+"за допомогою яких можна отримати доступ до шифрованого розділу\n"
+"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n"
+"у безпечному місці."
+
+#: src/cryptsetup.c:709 src/cryptsetup.c:739
+#, c-format
+msgid "Device %s is not a valid FVAULT2 device."
+msgstr "Пристрій %s не є коректним пристроєм FVAULT2."
+
+#: src/cryptsetup.c:747
+msgid "Cannot determine volume key size for FVAULT2, please use --key-size option."
+msgstr "Неможливо визначити розмір ключа тому для FVAULT2. Будь ласка, скористайтеся параметром --key-size."
+
+#: src/cryptsetup.c:801 src/veritysetup.c:323 src/integritysetup.c:400
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr "Пристрій %s усе ще є активним, його заплановано для відкладеного вилучення.\n"
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:835
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr "Зміна розмірів активного пристрою потребує наявності ключа тому у сховищі ключів, але вказано параметр --disable-keyring."
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:982
msgid "Benchmark interrupted."
msgstr "Тестування перервано."
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:1003
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr "PBKDF2-%-9s н/д\n"
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:1005
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr "PBKDF2-%-9s %7u ітерацій за секунду для %zu-бітового ключа\n"
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:1019
#, c-format
msgid "%-10s N/A\n"
msgstr "%-10s н/д\n"
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:1021
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr "%-10s %4u ітерацій, пам'ять: %5u, %1u паралельних потоків (процесорів) для %zu-бітового ключа (запит на %u мс часу)\n"
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:1045
msgid "Result of benchmark is not reliable."
msgstr "Результат тестування є ненадійним."
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:1095
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# Наближені значення під час перевірки визначаються лише за допомогою оперативної пам’яті (без запису на диск).\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
+#: src/cryptsetup.c:1115
#, c-format
msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
msgstr "№%*s Алгоритм | Ключ | Шифрування | Розшифрування\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:1119
#, c-format
msgid "Cipher %s (with %i bits key) is not available."
msgstr "Шифрування %s (розмір ключа — %i бітів) є недоступним."
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
+#: src/cryptsetup.c:1138
msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "№ Алгоритм | Ключ | Шифрування | Розшифрування\n"
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:1149
msgid "N/A"
msgstr "н/д"
-#: src/cryptsetup.c:1134
+#: src/cryptsetup.c:1174
msgid ""
"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
msgstr ""
+"Виявлено незахищені метадані повторного шифрування LUKS2. Будь ласка, перевірте, чи бажаною є дія з повторного шифрування\n"
+"(див. виведення luksDump), і продовжуйте (оновлення метаданих), лише якщо впевнені, що дія є бажаною."
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Вкажіть пароль для відновлення повторного шифрування: "
+#: src/cryptsetup.c:1180
+msgid "Enter passphrase to protect and upgrade reencryption metadata: "
+msgstr "Вкажіть пароль для захисту і оновлення метаданих повторного шифрування: "
-#: src/cryptsetup.c:1183
+#: src/cryptsetup.c:1224
msgid "Really proceed with LUKS2 reencryption recovery?"
msgstr "Ви справді хочете продовжити процедуру відновлення повторного шифрування LUKS2?"
-#: src/cryptsetup.c:1193
-#, fuzzy
+#: src/cryptsetup.c:1233
msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Ð\92кажÑ\96Ñ\82Ñ\8c паÑ\80олÑ\8c длÑ\8f вÑ\96дновленнÑ\8f повторного шифрування: "
+msgstr "Ð\92кажÑ\96Ñ\82Ñ\8c паÑ\80олÑ\8c длÑ\8f пеÑ\80евÑ\96Ñ\80ки конÑ\82Ñ\80олÑ\8cноÑ\97 Ñ\81Ñ\83ми меÑ\82аданиÑ\85 повторного шифрування: "
-#: src/cryptsetup.c:1195
+#: src/cryptsetup.c:1235
msgid "Enter passphrase for reencryption recovery: "
msgstr "Вкажіть пароль для відновлення повторного шифрування: "
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:1290
msgid "Really try to repair LUKS device header?"
msgstr "Спробувати відновити заголовок пристрою LUKS?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:1314 src/integritysetup.c:89 src/integritysetup.c:238
+msgid ""
+"\n"
+"Wipe interrupted."
+msgstr ""
+"\n"
+"Витирання перервано."
+
+#: src/cryptsetup.c:1319 src/integritysetup.c:94 src/integritysetup.c:275
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
"Витираємо пристрій для ініціалізації контрольних сум для цілісності.\n"
"Ви можете перервати цей процес натисканням комбінації клавіш CTRL+C (решта невитертого пристрою міститиме некоректну контрольну суму).\n"
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:1341 src/integritysetup.c:116
#, c-format
msgid "Cannot deactivate temporary device %s."
msgstr "Не можна скасувати активацію тимчасового пристрою %s."
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:1392
msgid "Integrity option can be used only for LUKS2 format."
msgstr "Параметр цілісності може бути використано лише для формату LUKS2."
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
+#: src/cryptsetup.c:1397 src/cryptsetup.c:1457
msgid "Unsupported LUKS2 metadata size options."
msgstr "Непідтримувані параметри розміру метаданих LUKS2."
-#: src/cryptsetup.c:1365
+#: src/cryptsetup.c:1406
msgid "Header file does not exist, do you want to create it?"
msgstr "Файла заголовка не існує. Хочете його створити?"
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:1414
#, c-format
msgid "Cannot create header file %s."
msgstr "Не вдалося створити файл заголовка %s."
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:1437 src/integritysetup.c:144 src/integritysetup.c:152
+#: src/integritysetup.c:161 src/integritysetup.c:315 src/integritysetup.c:323
+#: src/integritysetup.c:333
msgid "No known integrity specification pattern detected."
msgstr "Не виявлено жодного відомого зразка специфікації цілісності."
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1450
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "Не можна використовувати %s як заголовок на диску."
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
+#: src/cryptsetup.c:1474 src/integritysetup.c:181
#, c-format
msgid "This will overwrite data on %s irrevocably."
msgstr "Дані на %s буде перезаписано без можливості відновлення."
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1507 src/cryptsetup.c:1853 src/cryptsetup.c:1993
+#: src/cryptsetup.c:2148 src/cryptsetup.c:2214 src/utils_reencrypt_luks1.c:443
msgid "Failed to set pbkdf parameters."
msgstr "Не вдалося встановити параметри pbkdf."
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1593
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "Зменшений відступ даних можна використовувати лише для від’єднаних заголовків LUKS."
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
+#: src/cryptsetup.c:1600
+#, c-format
+msgid "LUKS file container %s is too small for activation, there is no remaining space for data."
+msgstr "Контейнер файлів LUKS %s є надто малим для активації, на ньому не лишиться місця для даних."
+
+#: src/cryptsetup.c:1612 src/cryptsetup.c:1999
msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
msgstr "Неможливо визначити розмір ключа тому для LUKS без слотів ключів. Будь ласка, скористайтеся параметром --key-size."
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1658
msgid "Device activated but cannot make flags persistent."
msgstr "Пристрій задіяно, але не вдалося зробити прапорці сталими."
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1737 src/cryptsetup.c:1805
#, c-format
msgid "Keyslot %d is selected for deletion."
msgstr "Слот ключа %d позначено для вилучення."
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1749 src/cryptsetup.c:1809
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "Це останній слот ключа. Пристрій стане непридатним для використання після спорожнення цього ключа."
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1750
msgid "Enter any remaining passphrase: "
msgstr "Введіть будь-який інший пароль: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1751 src/cryptsetup.c:1811
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr "Дію перервано, слот ключів НЕ витерто.\n"
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1787
msgid "Enter passphrase to be deleted: "
msgstr "Введіть пароль, який слід вилучити: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1837 src/cryptsetup.c:2197 src/cryptsetup.c:2781
+#: src/cryptsetup.c:2948
+#, c-format
+msgid "Device %s is not a valid LUKS2 device."
+msgstr "Пристрій %s не є коректним пристроєм LUKS2."
+
+#: src/cryptsetup.c:1867 src/cryptsetup.c:2072
msgid "Enter new passphrase for key slot: "
msgstr "Введіть новий пароль для слота ключа: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1968
+msgid "WARNING: The --key-slot parameter is used for new keyslot number.\n"
+msgstr "Попередження: параметр --key-slot використано для нового числа слоту ключа.\n"
+
+#: src/cryptsetup.c:2028 src/utils_reencrypt_luks1.c:1149
#, c-format
msgid "Enter any existing passphrase: "
msgstr "Введіть будь-який пароль: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:2152
msgid "Enter passphrase to be changed: "
msgstr "Введіть пароль, який слід змінити: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:2168 src/utils_reencrypt_luks1.c:1135
msgid "Enter new passphrase: "
msgstr "Введіть новий пароль: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:2218
msgid "Enter passphrase for keyslot to be converted: "
msgstr "Вкажіть пароль для слоту ключа, який буде перетворено: "
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:2242
msgid "Only one device argument for isLuks operation is supported."
msgstr "У команді isLuks можна використовувати лише один аргумент назви пристрою."
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Дамп заголовка з ключем тому є конфіденційними даними,\n"
-"за допомогою яких можна отримати доступ до шифрованого розділу\n"
-"без пароля. Цей дамп слід зберігати у зашифрованому форматі\n"
-"у безпечному місці."
-
-#: src/cryptsetup.c:2178
+#: src/cryptsetup.c:2350
#, c-format
msgid "Keyslot %d does not contain unbound key."
msgstr "Слот ключа %d не містить непов'язаного ключа."
-#: src/cryptsetup.c:2184
+#: src/cryptsetup.c:2355
msgid ""
"The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."
"Дамп заголовка з непов'язаним ключем є конфіденційними даними.\n"
"Цей дамп слід зберігати у зашифрованому форматі у безпечному місці."
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
+#: src/cryptsetup.c:2441 src/cryptsetup.c:2470
#, c-format
msgid "%s is not active %s device name."
msgstr "%s не є назвою активного пристрою %s."
-#: src/cryptsetup.c:2297
+#: src/cryptsetup.c:2465
#, c-format
msgid "%s is not active LUKS device name or header is missing."
msgstr "%s не є назвою активного пристрою LUKS або пропущено заголовок."
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:2527 src/cryptsetup.c:2546
msgid "Option --header-backup-file is required."
msgstr "Слід вказати параметр --header-backup-file."
-#: src/cryptsetup.c:2386
+#: src/cryptsetup.c:2577
#, c-format
msgid "%s is not cryptsetup managed device."
msgstr "%s не є керованим cryptsetup пристроєм."
-#: src/cryptsetup.c:2397
+#: src/cryptsetup.c:2588
#, c-format
msgid "Refresh is not supported for device type %s"
msgstr "Підтримки дії з оновлення для пристрою типу %s не передбачено."
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:2638
#, c-format
msgid "Unrecognized metadata device type %s."
msgstr "Нерозпізнаний тип пристрою метаданих, %s."
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:2640
msgid "Command requires device and mapped name as arguments."
msgstr "Аргументами команди мають бути назва пристрою та призначена до нього назва."
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:2661
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"У результаті виконання цієї операції буде витерто усі слоти ключів на пристрої %s.\n"
"Після виконання цієї дії пристроєм не можна буде скористатися."
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:2668
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "Дію перервано, слоти ключів НЕ витерто.\n"
-#: src/cryptsetup.c:2510
+#: src/cryptsetup.c:2707
msgid "Invalid LUKS type, only luks1 and luks2 are supported."
msgstr "Некоректний тип LUKS. Передбачено підтримку лише luks1 і luks2."
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:2723
#, c-format
msgid "Device is already %s type."
msgstr "Пристрій вже належить до типу %s."
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:2730
#, c-format
msgid "This operation will convert %s to %s format.\n"
msgstr "Ця дія перетворить %s до формату %s.\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:2733
msgid "Operation aborted, device was NOT converted.\n"
msgstr "Дію перервано, дані пристрою НЕ перетворено.\n"
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:2773
msgid "Option --priority, --label or --subsystem is missing."
msgstr "Пропущено параметр --priority, --label або --subsystem."
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:2807 src/cryptsetup.c:2847 src/cryptsetup.c:2867
#, c-format
msgid "Token %d is invalid."
-msgstr "Ð\9aлÑ\8eÑ\87 %d є некоректним."
+msgstr "Ð\96еÑ\82он %d є некоректним."
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:2810 src/cryptsetup.c:2870
#, c-format
msgid "Token %d in use."
-msgstr "Ð\9aлÑ\8eÑ\87 %d використовується."
+msgstr "Ð\96еÑ\82он %d використовується."
-#: src/cryptsetup.c:2623
+#: src/cryptsetup.c:2822
#, c-format
msgid "Failed to add luks2-keyring token %d."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f додаÑ\82и клÑ\8eÑ\87 %d зі сховища ключів luks2."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f додаÑ\82и жеÑ\82он %d зі сховища ключів luks2."
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:2833 src/cryptsetup.c:2896
#, c-format
msgid "Failed to assign token %d to keyslot %d."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80ив'Ñ\8fзаÑ\82и клÑ\8eÑ\87 %d до слоту ключа %d."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80ив'Ñ\8fзаÑ\82и жеÑ\82он %d до слоту ключа %d."
-#: src/cryptsetup.c:2649
+#: src/cryptsetup.c:2850
#, c-format
msgid "Token %d is not in use."
-msgstr "Ð\9aлÑ\8eÑ\87 %d не використовується."
+msgstr "Ð\96еÑ\82он %d не використовується."
-#: src/cryptsetup.c:2684
+#: src/cryptsetup.c:2887
msgid "Failed to import token from file."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f Ñ\96мпоÑ\80Ñ\82Ñ\83ваÑ\82и клÑ\8eÑ\87 з файла."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f Ñ\96мпоÑ\80Ñ\82Ñ\83ваÑ\82и жеÑ\82он з файла."
-#: src/cryptsetup.c:2709
+#: src/cryptsetup.c:2912
#, c-format
msgid "Failed to get token %d for export."
-msgstr "Не вдалося отримати ключ %d для експортування."
-
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr "Параметр --key-description є обов'язковим для дій із додавання ключів."
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr "Для виконання дії потрібен специфічний ключ. Скористайтеся параметром --token-id."
+msgstr "Не вдалося отримати жетон %d для експортування."
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:2925
#, c-format
-msgid "Invalid token operation %s."
-msgstr "Ð\9dекоÑ\80екÑ\82на дÑ\96Ñ\8f з клÑ\8eÑ\87ем %s."
+msgid "Token %d is not assigned to keyslot %d."
+msgstr "Ð\96еÑ\82он %d не пов'Ñ\8fзано зÑ\96 Ñ\81лоÑ\82ом клÑ\8eÑ\87а %d."
-#: src/cryptsetup.c:2798
+#: src/cryptsetup.c:2927 src/cryptsetup.c:2934
#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr "Ð\90вÑ\82омаÑ\82иÑ\87но виÑ\8fвлено акÑ\82ивний пÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й dm «%s» длÑ\8f пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e даниÑ\85 %s.\n"
+msgid "Failed to unassign token %d from keyslot %d."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f вÑ\96дв'Ñ\8fзаÑ\82и жеÑ\82он %d вÑ\96д Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87а %d."
-#: src/cryptsetup.c:2802
-#, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Пристрій %s не є блоковим пристроєм.\n"
+#: src/cryptsetup.c:2983
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+msgstr "Підтримку параметрів --tcrypt-hidden, --tcrypt-system і --tcrypt-backup передбачено лише для пристроїв TCRYPT."
-#: src/cryptsetup.c:2804
-#, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Не вдалося автоматично визначити утримувачів пристрою %s."
+#: src/cryptsetup.c:2986
+msgid "Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type."
+msgstr "Підтримку параметра --veracrypt або --disable-veracrypt передбачено лише для пристроїв TCRYPT."
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-"Не вдалося визначити, чи задіяно пристрій %s.\n"
-"Ви справді хочете продовжити повторне шифрування у режимі з від'єднанням?\n"
-"Таке шифрування може призвести до пошкодження даних, якщо пристрій задіяно.\n"
-"Щоб запустити повторне шифрування у режимі без від'єднання, скористайтеся параметром --active-name.\n"
+#: src/cryptsetup.c:2989
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
+msgstr "Параметр --veracrypt-pim можна використовувати лише для сумісних із VeraCrypt пристроїв."
-#: src/cryptsetup.c:2886
-msgid "Invalid LUKS device type."
-msgstr "Ð\9dекоÑ\80екÑ\82ний Ñ\82ип пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e LUKS."
+#: src/cryptsetup.c:2993
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --veracrypt-query-pim можна викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и лиÑ\88е длÑ\8f Ñ\81Ñ\83мÑ\96Ñ\81ниÑ\85 Ñ\96з VeraCrypt пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97в."
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr "ШиÑ\84Ñ\80Ñ\83ваннÑ\8f без вÑ\96д'Ñ\94днаного заголовка (--header) Ñ\94 неможливим без зменÑ\88еннÑ\8f Ñ\80озмÑ\96Ñ\80Ñ\83 пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e збеÑ\80Ñ\96ганнÑ\8f даниÑ\85 (--reduce-device-size)."
+#: src/cryptsetup.c:2995
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
+msgstr "Ð\9dе можна поÑ\94днÑ\83ваÑ\82и паÑ\80амеÑ\82Ñ\80и --veracrypt-pim Ñ\96 --veracrypt-query-pim."
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr "Ð\92казаний зÑ\81Ñ\83в даниÑ\85 маÑ\94 бÑ\83Ñ\82и менÑ\88им або Ñ\80Ñ\96вним половинÑ\96 знаÑ\87еннÑ\8f паÑ\80амеÑ\82Ñ\80а --reduce-device-size."
+#: src/cryptsetup.c:3004
+msgid "Option --persistent is not allowed with --test-passphrase."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --persistent не можна викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и Ñ\80азом Ñ\96з --test-passphrase."
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr "Коригуємо значення --reduce-device-size до подвійного значення --offset %<PRIu64> (у секторах).\n"
+#: src/cryptsetup.c:3007
+msgid "Options --refresh and --test-passphrase are mutually exclusive."
+msgstr "Не можна поєднувати параметри --refresh і --test-passphrase."
-#: src/cryptsetup.c:2909
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Підтримку шифрування передбачено лише для формату LUKS2."
+#: src/cryptsetup.c:3010
+msgid "Option --shared is allowed only for open of plain device."
+msgstr "Параметр --shared можна використовувати лише для відкриття незашифрованого пристрою."
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr "Виявлено пристрій LUKS на %s. Хочете зашифрувати цей пристрій LUKS знову?"
+#: src/cryptsetup.c:3013
+msgid "Option --skip is supported only for open of plain and loopaes devices."
+msgstr "Підтримку параметра --skip передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes."
-#: src/cryptsetup.c:2950
-#, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Файл тимчасового заголовка %s вже існує. Перериваємо обробку."
+#: src/cryptsetup.c:3016
+msgid "Option --offset with open action is only supported for plain and loopaes devices."
+msgstr "Підтримку параметра --offset разом із дією з відкриття передбачено лише для незашифрованих пристроїв та пристроїв loopaes."
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Не вдалося створити файл тимчасового заголовка %s."
+#: src/cryptsetup.c:3019
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards."
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr "%s/%s задіяно, система готова до інтерактивного шифрування.\n"
+#: src/cryptsetup.c:3023
+msgid "Sector size option with open action is supported only for plain devices."
+msgstr "Підтримку параметра розміру сектора разом із дією з відкриття передбачено лише для незашифрованих пристроїв."
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr "Підтримку розшифровування LUKS2 передбачено лише для пристроїв із від'єднаним заголовком."
+#: src/cryptsetup.c:3027
+msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
+msgstr "Підтримку можливості використання великих секторів IV передбачено лише для відкриття пристроїв простого типу з розміром сектора, який перевищує 512 байтів."
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-msgid "Not enough free keyslots for reencryption."
-msgstr "Ð\9dедоÑ\81Ñ\82аÑ\82нÑ\8cо вÑ\96лÑ\8cниÑ\85 Ñ\81лоÑ\82Ñ\96в клÑ\8eÑ\87Ñ\96в длÑ\8f повÑ\82оÑ\80ного Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f."
+#: src/cryptsetup.c:3032
+msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --test-passphrase можна викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и лиÑ\88е длÑ\8f вÑ\96дкÑ\80иÑ\82Ñ\82Ñ\8f пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97в LUKS, TCRYPT, BITLK Ñ\82а FVAULT2."
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Файлом клÑ\8eÑ\87а можна коÑ\80иÑ\81Ñ\82Ñ\83ваÑ\82иÑ\81Ñ\8f лиÑ\88е з --key-slot, або Ñ\8fкÑ\89о акÑ\82ивним Ñ\94 лиÑ\88е один Ñ\81лоÑ\82 клÑ\8eÑ\87а."
+#: src/cryptsetup.c:3035 src/cryptsetup.c:3058
+msgid "Options --device-size and --size cannot be combined."
+msgstr "Ð\9dе можна одноÑ\87аÑ\81но викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и паÑ\80амеÑ\82Ñ\80и --device-size Ñ\96 --size."
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Вкажіть пароль для слоту ключа %d: "
+#: src/cryptsetup.c:3038
+msgid "Option --unbound is allowed only for open of luks device."
+msgstr "Параметр --sunbound можна використовувати лише для відкриття пристрою LUKS."
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Вкажіть пароль для слоту ключа %u: "
+#: src/cryptsetup.c:3041
+msgid "Option --unbound cannot be used without --test-passphrase."
+msgstr "Параметр --unbound не можна використовувати без --test-passphrase."
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr "Перемикаємося на шифрування даних %s.\n"
+#: src/cryptsetup.c:3050 src/veritysetup.c:668 src/integritysetup.c:755
+msgid "Options --cancel-deferred and --deferred cannot be used at the same time."
+msgstr "Не можна одночасно використовувати параметр --cancel-deferred і --deferred."
-#: src/cryptsetup.c:3419
-msgid "Command requires device as argument."
-msgstr "Ð\9aомаÑ\80нÑ\96 Ñ\81лÑ\96д пеÑ\80едаÑ\82и аÑ\80гÑ\83менÑ\82 пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e."
+#: src/cryptsetup.c:3066
+msgid "Options --reduce-device-size and --data-size cannot be combined."
+msgstr "Ð\9dе можна одноÑ\87аÑ\81но викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и паÑ\80амеÑ\82Ñ\80и --reduce-device-size Ñ\96 --data-size."
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr "У поÑ\82оÑ\87нÑ\96й веÑ\80Ñ\81Ñ\96Ñ\97 пеÑ\80едбаÑ\87ено пÑ\96дÑ\82Ñ\80имкÑ\83 лиÑ\88е Ñ\84оÑ\80маÑ\82Ñ\83 LUKS2. Ð\94лÑ\8f Ñ\80обоÑ\82и з LUKS1, бÑ\83дÑ\8c лаÑ\81ка, Ñ\81коÑ\80иÑ\81Ñ\82айÑ\82еÑ\81Ñ\8f пÑ\80огÑ\80амоÑ\8e cryptsetup-reencrypt."
+#: src/cryptsetup.c:3069
+msgid "Option --active-name can be set only for LUKS2 device."
+msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --active-name можна вÑ\81Ñ\82ановлÑ\8eваÑ\82и лиÑ\88е длÑ\8f пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97в LUKS2."
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr "Ð\92же виконÑ\83Ñ\94Ñ\82Ñ\8cÑ\81Ñ\8f повÑ\82оÑ\80не Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f з вÑ\96д'Ñ\94днаннÑ\8fм Ñ\83 заÑ\81Ñ\82аÑ\80Ñ\96ломÑ\83 Ñ\80ежимÑ\96. СкоÑ\80иÑ\81Ñ\82айÑ\82еÑ\81Ñ\8f пÑ\80огÑ\80амоÑ\8e cryptsetup-reencrypt."
+#: src/cryptsetup.c:3072
+msgid "Options --active-name and --force-offline-reencrypt cannot be combined."
+msgstr "Ð\9dе можна одноÑ\87аÑ\81но викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и паÑ\80амеÑ\82Ñ\80и ---active-name Ñ\96 --force-offline-reencrypt."
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "Ð\9fÑ\96дÑ\82Ñ\80имки повÑ\82оÑ\80ного Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e Ñ\96з пÑ\80оÑ\84Ñ\96лем Ñ\86Ñ\96лÑ\96Ñ\81ноÑ\81Ñ\82Ñ\96 не пеÑ\80едбаÑ\87ено."
+#: src/cryptsetup.c:3080 src/cryptsetup.c:3110
+msgid "Keyslot specification is required."
+msgstr "СлÑ\96д вказаÑ\82и Ñ\81пеÑ\86иÑ\84Ñ\96каÑ\86Ñ\96Ñ\8f Ñ\81лоÑ\82Ñ\96в клÑ\8eÑ\87Ñ\96в."
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr "Вже ініційовано повторне шифрування LUKS2. Перериваємо виконання дії."
+#: src/cryptsetup.c:3088
+msgid "Options --align-payload and --offset cannot be combined."
+msgstr "Не можна одночасно використовувати параметри --align-payload і --offset."
+
+#: src/cryptsetup.c:3091
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+msgstr "Параметром --integrity-no-wipe можна користуватися лише для дії з форматування із розширенням забезпечення цілісності."
+
+#: src/cryptsetup.c:3094
+msgid "Only one of --use-[u]random options is allowed."
+msgstr "Можна використовувати лише один з параметрів --use-[u]random."
+
+#: src/cryptsetup.c:3102
+msgid "Key size is required with --unbound option."
+msgstr "Разом із параметром --unbound слід вказувати розмір ключа."
+
+#: src/cryptsetup.c:3122
+msgid "Invalid token action."
+msgstr "Некоректна дія з жетоном."
+
+#: src/cryptsetup.c:3125
+msgid "--key-description parameter is mandatory for token add action."
+msgstr "Параметр --key-description є обов'язковим для дій із додавання жетонів."
+
+#: src/cryptsetup.c:3129 src/cryptsetup.c:3142
+msgid "Action requires specific token. Use --token-id parameter."
+msgstr "Для виконання дії потрібен специфічний жетон. Скористайтеся параметром --token-id."
+
+#: src/cryptsetup.c:3133
+msgid "Option --unbound is valid only with token add action."
+msgstr "Параметр --unbound можна використовувати лише разом із дією з додавання жетона."
+
+#: src/cryptsetup.c:3135
+msgid "Options --key-slot and --unbound cannot be combined."
+msgstr "Не можна поєднувати параметри --key-slot і --unbound."
-#: src/cryptsetup.c:3475
-msgid "LUKS2 device is not in reencryption."
-msgstr "Ð\9fÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й LUKS2 не пеÑ\80ебÑ\83ваÑ\94 Ñ\83 Ñ\81Ñ\82анÑ\96 повÑ\82оÑ\80ного Ñ\88иÑ\84Ñ\80Ñ\83ваннÑ\8f."
+#: src/cryptsetup.c:3140
+msgid "Action requires specific keyslot. Use --key-slot parameter."
+msgstr "Ð\94Ñ\96Ñ\8f поÑ\82Ñ\80ебÑ\83Ñ\94 зазнаÑ\87еннÑ\8f Ñ\81лоÑ\82Ñ\83 клÑ\8eÑ\87а. СкоÑ\80иÑ\81Ñ\82айÑ\82еÑ\81Ñ\8f паÑ\80амеÑ\82Ñ\80ом --key-slot."
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:3156
msgid "<device> [--type <type>] [<name>]"
msgstr "<пристрій> [--type <тип>] [<назва>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
+#: src/cryptsetup.c:3156 src/veritysetup.c:491 src/integritysetup.c:535
msgid "open device as <name>"
msgstr "відкрити пристрій як <назва>"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:3157 src/cryptsetup.c:3158 src/cryptsetup.c:3159
+#: src/veritysetup.c:492 src/veritysetup.c:493 src/integritysetup.c:536
+#: src/integritysetup.c:537 src/integritysetup.c:539
msgid "<name>"
msgstr "<назва>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:3157 src/veritysetup.c:492 src/integritysetup.c:536
msgid "close device (remove mapping)"
msgstr "закрити пристрій (вилучити призначення)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:3158 src/integritysetup.c:539
msgid "resize active device"
msgstr "змінити розмір активного пристрою"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:3159
msgid "show device status"
msgstr "показати стан пристрою"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "[--cipher <cipher>]"
msgstr "[--cipher <шифр>]"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:3160
msgid "benchmark cipher"
msgstr "перевірити швидкодію шифрування"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:3161 src/cryptsetup.c:3162 src/cryptsetup.c:3163
+#: src/cryptsetup.c:3164 src/cryptsetup.c:3165 src/cryptsetup.c:3172
+#: src/cryptsetup.c:3173 src/cryptsetup.c:3174 src/cryptsetup.c:3175
+#: src/cryptsetup.c:3176 src/cryptsetup.c:3177 src/cryptsetup.c:3178
+#: src/cryptsetup.c:3179 src/cryptsetup.c:3180 src/cryptsetup.c:3181
msgid "<device>"
msgstr "<пристрій>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:3161
msgid "try to repair on-disk metadata"
msgstr "спробувати виправити метадані на диску"
-#: src/cryptsetup.c:3508
+#: src/cryptsetup.c:3162
msgid "reencrypt LUKS2 device"
msgstr "повторно зашифрувати пристрій LUKS2"
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:3163
msgid "erase all keyslots (remove encryption key)"
msgstr "витерти усі слоти ключів (вилучити ключ шифрування)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:3164
msgid "convert LUKS from/to LUKS2 format"
msgstr "перетворити LUKS із формату LUKS2 або навпаки"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:3165
msgid "set permanent configuration options for LUKS2"
msgstr "встановити сталі параметри налаштування для LUKS2"
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:3166 src/cryptsetup.c:3167
msgid "<device> [<new key file>]"
msgstr "<пристрій> [<новий файл ключа>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:3166
msgid "formats a LUKS device"
msgstr "форматує пристрій LUKS"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:3167
msgid "add key to LUKS device"
msgstr "додати ключ до пристрою LUKS"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:3168 src/cryptsetup.c:3169 src/cryptsetup.c:3170
msgid "<device> [<key file>]"
msgstr "<пристрій> [<файл ключа>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:3168
msgid "removes supplied key or key file from LUKS device"
msgstr "вилучає наданий ключ або файл ключа з пристрою LUKS"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:3169
msgid "changes supplied key or key file of LUKS device"
msgstr "змінює наданий ключ або файл ключа пристрою LUKS"
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:3170
msgid "converts a key to new pbkdf parameters"
msgstr "перетворює ключ до нових параметрів pbkdf"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "<device> <key slot>"
msgstr "<пристрій> <слот ключа>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:3171
msgid "wipes key with number <key slot> from LUKS device"
msgstr "вилучає ключ з номером <слот ключа> з пристрою LUKS"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:3172
msgid "print UUID of LUKS device"
msgstr "вивести UUID пристрою LUKS"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:3173
msgid "tests <device> for LUKS partition header"
msgstr "виконати спробу виявлення заголовка розділу LUKS на пристрої <пристрій>"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:3174
msgid "dump LUKS partition information"
msgstr "створити дамп даних щодо розділу LUKS"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:3175
msgid "dump TCRYPT device information"
msgstr "створити дамп даних пристрою TCRYPT"
-#: src/cryptsetup.c:3522
+#: src/cryptsetup.c:3176
msgid "dump BITLK device information"
msgstr "створити дамп даних пристрою BITLK"
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:3177
+msgid "dump FVAULT2 device information"
+msgstr "створити дамп даних пристрою FVAULT2"
+
+#: src/cryptsetup.c:3178
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "Приспати пристрій LUKS і витерти ключ (роботу всіх каналів введення-виведення буде заморожено)"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:3179
msgid "Resume suspended LUKS device"
msgstr "Відновити роботу приспаного пристрою LUKS"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:3180
msgid "Backup LUKS device header and keyslots"
msgstr "Створити резервну копію заголовка пристрою LUKS і слотів ключів"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:3181
msgid "Restore LUKS device header and keyslots"
msgstr "Відновити заголовок пристрою LUKS і слоти ключів"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "<add|remove|import|export> <device>"
msgstr "<add|remove|import|export> <пристрій>"
-#: src/cryptsetup.c:3527
+#: src/cryptsetup.c:3182
msgid "Manipulate LUKS2 tokens"
-msgstr "Ð\9aеÑ\80Ñ\83ваннÑ\8f клÑ\8eÑ\87ами LUKS2"
+msgstr "Ð\9aеÑ\80Ñ\83ваннÑ\8f жеÑ\82онами LUKS2"
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:3201 src/veritysetup.c:509 src/integritysetup.c:554
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<дія> є однією з таких:\n"
-#: src/cryptsetup.c:3551
+#: src/cryptsetup.c:3207
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
msgstr ""
"\n"
"Ви також можете скористатися застарілими альтернативними\n"
"синтаксичними конструкціями для запису <дія>:\n"
-"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\tвідкрити: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+"\tзакрити: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:3211
#, c-format
msgid ""
"\n"
"<слот ключа> — номер слота ключа LUKS, який слід змінити\n"
"<файл ключа> — необов’язковий файл ключа для нового ключа для дії luksAddKey\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:3218
#, c-format
msgid ""
"\n"
"\n"
"Типовий укомпільований формат метаданих — %s (для дії luksFormat).\n"
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:3223 src/cryptsetup.c:3226
+#, c-format
+msgid ""
+"\n"
+"LUKS2 external token plugin support is %s.\n"
+msgstr ""
+"\n"
+"Підтримка додатків зовнішніх жетонів LUKS2 — %s.\n"
+
+#: src/cryptsetup.c:3223
+msgid "compiled-in"
+msgstr "вбудована"
+
+#: src/cryptsetup.c:3224
+#, c-format
+msgid "LUKS2 external token plugin path: %s.\n"
+msgstr "Шлях до теки додатків зовнішніх жетонів LUKS2: %s.\n"
+
+#: src/cryptsetup.c:3226
+msgid "disabled"
+msgstr "вимкнено"
+
+#: src/cryptsetup.c:3230
#, c-format
msgid ""
"\n"
"Типовий PBKDF для LUKS2: %s\n"
"\tЧас ітерації: %d, потрібний обсяг пам'яті: %d кБ, паралельних потоків: %d\n"
-#: src/cryptsetup.c:3578
+#: src/cryptsetup.c:3241
#, c-format
msgid ""
"\n"
"\tзвичайне: %s, ключ: %d-бітовий, хешування пароля: %s\n"
"\tLUKS: %s, ключ: %d-бітовий, хешування заголовка LUKS: %s, RNG: %s\n"
-#: src/cryptsetup.c:3587
+#: src/cryptsetup.c:3250
msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
msgstr "\tLUKS: типовий розмір ключа у режимі XTS (два вбудованих ключа) буде подвоєно.\n"
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:3268 src/veritysetup.c:648 src/integritysetup.c:711
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: слід вказати у параметрах %s"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:3308 src/utils_reencrypt_luks1.c:1198
+msgid "Key slot is invalid."
+msgstr "Некоректний слот ключа."
+
+#: src/cryptsetup.c:3335
+msgid "Device size must be multiple of 512 bytes sector."
+msgstr "Розмір пристрою має бути кратним до 512-байтового сектора."
+
+#: src/cryptsetup.c:3340
+msgid "Invalid max reencryption hotzone size specification."
+msgstr "Некоректна специфікація розміру «гарячої» ділянки повторного шифрування."
+
+#: src/cryptsetup.c:3354 src/cryptsetup.c:3366
+msgid "Key size must be a multiple of 8 bits"
+msgstr "Розмір ключа має бути кратним 8 бітам"
+
+#: src/cryptsetup.c:3371
+msgid "Maximum device reduce size is 1 GiB."
+msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 1 ГіБ."
+
+#: src/cryptsetup.c:3374
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Розмір зменшення має бути кратним до 512-байтового сектора."
+
+#: src/cryptsetup.c:3391
+msgid "Option --priority can be only ignore/normal/prefer."
+msgstr "Значенням для параметра --priority може бути лише один з таких рядків: ignore, normal або prefer."
+
+#: src/cryptsetup.c:3410 src/veritysetup.c:572 src/integritysetup.c:634
msgid "Show this help message"
msgstr "Показати цю довідку"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:3411 src/veritysetup.c:573 src/integritysetup.c:635
msgid "Display brief usage"
msgstr "Показати короткі настанови щодо користування"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
+#: src/cryptsetup.c:3412 src/veritysetup.c:574 src/integritysetup.c:636
msgid "Print package version"
msgstr "Вивести дані щодо версії пакунка"
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:3423 src/veritysetup.c:585 src/integritysetup.c:647
msgid "Help options:"
msgstr "Пункти довідки:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Показувати докладні повідомлення про помилки"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Показувати діагностичні повідомлення"
-
-#: src/cryptsetup.c:3646
-msgid "Show debug messages including JSON metadata"
-msgstr "Показувати діагностичні повідомлення, зокрема метадані JSON"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Шифр, який використано для шифрування даних диска (див. /proc/crypto)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Хеш, використаний для створення ключа шифрування на основі пароля"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Перевіряє пароль повторним запитом щодо нього"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-msgid "Read the key from a file"
-msgstr "Прочитати ключ з файла"
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Прочитати ключ тому (основний ключ) з файла."
-
-#: src/cryptsetup.c:3652
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Створити дамп ключа тому (основного ключа) замість показу даних щодо слотів ключів"
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Розмір ключа шифрування"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "БІТИ"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Обмежує читання з файла ключа"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "байти"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Кількість байтів, які слід пропустити у файлі ключа"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Обмежує читання з щойно доданого файла ключа"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Кількість байтів, які слід пропустити у щойно доданому файлі ключа"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Номер слоту для нового ключа (типовим слотом є перший вільний слот)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Розмір пристрою"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "СЕКТОРИ"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Використовувати лише вказаний розмір пристрою (ігнорувати решту об’єму). НЕБЕЗПЕЧНО!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Початковий відступ на допоміжному пристрої"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Кількість секторів зашифрованих даних, які слід пропустити на початку"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Створити призначення у режимі лише читання"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Не питати про підтвердження"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Час очікування у інтерактивному запиті щодо пароля (у секундах)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "секунди"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr "Оновлення лінії поступу (у секундах)"
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Частота повторень спроб отримання вхідних даних пароля"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Вирівняти дані за областями у <n> секторів, для luksFormat"
-
-#: src/cryptsetup.c:3669
-msgid "File with LUKS header and keyslots backup"
-msgstr "Файл з заголовком LUKS та резервною копію слотів ключів"
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-msgid "Use /dev/random for generating volume key"
-msgstr "Використовувати для створення ключа тому /dev/random"
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Використовувати для створення ключа тому /dev/urandom"
-
-#: src/cryptsetup.c:3672
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Використовувати пристрій спільно з іншим сегментом шифрування, без перекриття"
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-msgid "UUID for device to use"
-msgstr "UUID пристрою, який слід використати"
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Дозволити запити відкидання (або TRIM) до пристрою"
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-msgid "Device or file with separated LUKS header"
-msgstr "Пристрій або файл з окремим заголовком LUKS"
-
-#: src/cryptsetup.c:3676
-msgid "Do not activate device, just check passphrase"
-msgstr "Не задіювати пристрій, просто перевірити пароль"
-
-#: src/cryptsetup.c:3677
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Використовувати прихований заголовок (прихований пристрій TCRYPT)"
-
-#: src/cryptsetup.c:3678
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Пристрій є системним диском TCRYPT (диском з завантажувачем)"
-
-#: src/cryptsetup.c:3679
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Використовувати резервний (вторинний) заголовок TCRYPT"
-
-#: src/cryptsetup.c:3680
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Виконати також пошук сумісних із VeraCrypt пристроїв"
-
-#: src/cryptsetup.c:3681
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) для сумісного з VeraCrypt пристрою"
-
-#: src/cryptsetup.c:3682
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) запису для сумісного з VeraCrypt пристрою"
-
-#: src/cryptsetup.c:3683
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Типи метаданих пристрою: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-
-#: src/cryptsetup.c:3684
-msgid "Disable password quality check (if enabled)"
-msgstr "Вимкнути перевірку якості пароля (якщо її увімкнено)"
-
-#: src/cryptsetup.c:3685
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Скористатися параметром сумісності швидкодії dm-crypt same_cpu_crypt"
-
-#: src/cryptsetup.c:3686
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Скористатися параметром сумісності швидкодії dm-crypt submit_from_crypt_cpus"
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr "Обійти чергу обробки dm-crypt і обробляти запити щодо читання синхронно"
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr "Обійти чергу обробки dm-crypt і обробляти запити щодо запису синхронно"
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr "Вилучення пристрою відкладено до часу, коли останній користувач закриє його"
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr "Скористатися загальним блокуванням для перетворення у послідовну форму «жорсткого» PBKDF у пам'яті (обхід OOM)"
-
-#: src/cryptsetup.c:3691
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Тривалість ітерації PBKDF для LUKS (у мс)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "мс"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr "Алгоритм PBKDF (для LUKS2) (argon2i/argon2id/pbkdf2)"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr "Обмеження вартості пам'яті PBKDF"
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "kilobytes"
-msgstr "кілобайти"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr "Вартість розпаралелювання PBKDF"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr "threads"
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr "Вартість ітерацій PBKDF (примусово, вимикає тестування)"
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr "Пріоритетність слотів ключів: ignore, normal, prefer"
-
-#: src/cryptsetup.c:3697
-msgid "Disable locking of on-disk metadata"
-msgstr "Вимкнути блокування метаданих на диску"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr "Вимкнути завантаження ключів тому за допомогою сховища ключів ядра"
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr "Алгоритм перевірки цілісності даних (лише LUKS2)"
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr "Вимкнути журнал для пристрою забезпечення цілісності"
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr "Не витирати пристрій після форматування"
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr "Скористатися неефективним застарілим відступом (застарілі ядра)"
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr "Не просити ввести пароль, якщо не вдасться скористатися активацією за ключем"
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr "Номер ключа (типове значення: будь-який)"
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr "Опис ключа"
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr "Розмір сектора шифрування (типове значення: 512 байтів)"
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr "Використовувати обчислення за IV у розмірі сектора (не за блоками у 512 байтів)"
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr "Встановити сталі прапорці активації для пристрою"
-
-#: src/cryptsetup.c:3709
-msgid "Set label for the LUKS2 device"
-msgstr "Встановити мітку для пристрою LUKS2"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr "Встановити мітку підтому для пристрою LUKS2"
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr "Створити непов'язаний (без пов'язаного сегмента даних) слот ключів LUKS2 або його дамп"
-
-#: src/cryptsetup.c:3712
-msgid "Read or write the json from or to a file"
-msgstr "Прочитати json з файла або записати json до файла"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr "Розмір області метаданих у заголовку LUKS2"
-
-#: src/cryptsetup.c:3714
-msgid "LUKS2 header keyslots area size"
-msgstr "Розмір області слотів ключів у заголовку LUKS2"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr "Оновити (повторно активувати) пристрій згідно з новими параметрами"
-
-#: src/cryptsetup.c:3716
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Слот ключів LUKS2: розмір ключа шифрування"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr "Слот ключа LUKS2: шифрування, яке використано для слоту ключів"
-
-#: src/cryptsetup.c:3718
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Зашифрувати пристрій LUKS2 (шифрування на місці)."
-
-#: src/cryptsetup.c:3719
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Розшифрувати пристрій LUKS2 (усунути шифрування)."
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr "Ініціалізувати повторне шифрування LUKS2 лише у метаданих."
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr "Відновлювати лише ініціалізоване повторне шифрування LUKS2."
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Зменшити розмір пристрою зберігання даних (змістити відступ даних). НЕБЕЗПЕЧНО!"
-
-#: src/cryptsetup.c:3723
-msgid "Maximal reencryption hotzone size."
-msgstr "Максимальний розмір «гарячої» ділянки повторного шифрування."
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr "Тип стійкості «гарячої» ділянки повторного шифрування (checksum (контрольна сума), journal (журнал), none (немає))"
-
-#: src/cryptsetup.c:3725
-msgid "Reencryption hotzone checksums hash"
-msgstr "Хеш контрольних сум «гарячої» ділянки повторного шифрування"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr "Перевизначити автоматично визначені параметри пристрою dm, який буде повторно зашифровано"
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:3443 src/veritysetup.c:603 src/integritysetup.c:664
msgid "[OPTION...] <action> <action-specific>"
msgstr "[ПАРАМЕТР...] <дія> <параметри_дії>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:3452 src/veritysetup.c:612 src/integritysetup.c:675
msgid "Argument <action> missing."
msgstr "Не вказано аргумент <дія>."
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:3528 src/veritysetup.c:643 src/integritysetup.c:706
msgid "Unknown action."
msgstr "Невідома дія."
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr "Не можна поєднувати параметри --refresh і --test-passphrase."
-
-#: src/cryptsetup.c:3882
-msgid "Option --deferred is allowed only for close command."
-msgstr "Параметр --deferred можна використовувати лише для команди закриття (close)."
-
-#: src/cryptsetup.c:3887
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Параметр --shared можна використовувати лише для відкриття незашифрованого пристрою."
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Параметр --shared можна використовувати лише для дії з відкриття."
-
-#: src/cryptsetup.c:3897
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Параметр --persistent можна використовувати лише для дії з відкриття."
-
-#: src/cryptsetup.c:3902
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Параметр --serialize-memory-hard-pbkdf можна використовувати лише для дії з відкриття."
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "Параметр --persistent не можна використовувати разом із --test-passphrase."
-
-#: src/cryptsetup.c:3917
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Параметр --key-size можна використовувати лише для luksFormat, luksAddKey,\n"
-"дій open і benchmark. Щоб обмежити читання з файла ключа, скористайтеся параметром --keyfile-size=(об’єм у байтах)."
-
-#: src/cryptsetup.c:3923
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Параметр --integrity можна використовувати лише для luksFormat (LUKS2)."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr "Параметром --integrity-no-wipe можна користуватися лише для дії з форматування із розширенням забезпечення цілісності."
-
-#: src/cryptsetup.c:3934
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Параметри --label і --subsystem можна використовувати лише для дій luksFormat та config для LUKS2."
-
-#: src/cryptsetup.c:3940
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Параметр --test-passphrase можна використовувати лише для відкриття пристроїв LUKS, TCRYPT та BITLK."
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
-msgid "Key size must be a multiple of 8 bits"
-msgstr "Розмір ключа має бути кратним 8 бітам"
-
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
-msgid "Key slot is invalid."
-msgstr "Некоректний слот ключа."
-
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:3546
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "Параметр --key-file має пріоритет над вказаним параметром файла ключа."
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
-msgid "Negative number for option not permitted."
-msgstr "Не можна використовувати від’ємні значення для параметра."
-
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:3552
msgid "Only one --key-file argument is allowed."
msgstr "Можна використовувати лише один аргумент --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
-msgid "Only one of --use-[u]random options is allowed."
-msgstr "Можна використовувати лише один з параметрів --use-[u]random."
-
-#: src/cryptsetup.c:3977
-msgid "Option --use-[u]random is allowed only for luksFormat."
-msgstr "Параметр --use-[u]random можна використовувати лише для дії luksFormat."
-
-#: src/cryptsetup.c:3981
-msgid "Option --uuid is allowed only for luksFormat and luksUUID."
-msgstr "Параметр --uuid можна використовувати лише для дій luksFormat і luksUUID."
-
-#: src/cryptsetup.c:3985
-msgid "Option --align-payload is allowed only for luksFormat."
-msgstr "Параметр --align-payload можна використовувати лише для дії luksFormat."
-
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "Параметрами --luks2-metadata-size і --opt-luks2-keyslots-size можна користуватися лише для luksFormat з LUKS2."
-
-#: src/cryptsetup.c:3994
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Некоректна специфікація розміру метаданих LUKS2."
-
-#: src/cryptsetup.c:3998
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Некоректна специфікація розміру слоту ключів LUKS2."
-
-#: src/cryptsetup.c:4002
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Не можна одночасно використовувати параметри --align-payload і --offset."
-
-#: src/cryptsetup.c:4008
-msgid "Option --skip is supported only for open of plain and loopaes devices."
-msgstr "Підтримку параметра --skip передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes."
-
-#: src/cryptsetup.c:4015
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
-msgstr "Підтримку параметра --offset передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes, luksFormat та повторного шифрування."
-
-#: src/cryptsetup.c:4021
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
-msgstr "Підтримку параметрів --tcrypt-hidden, --tcrypt-system і --tcrypt-backup передбачено лише для пристроїв TCRYPT."
-
-#: src/cryptsetup.c:4026
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
-msgstr "Параметр --tcrypt-hidden не можна поєднувати з --allow-discards."
-
-#: src/cryptsetup.c:4031
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Підтримку параметра --veracrypt передбачено лише для пристроїв TCRYPT."
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr "Надано некоректний аргумент для параметра --veracrypt-pim."
-
-#: src/cryptsetup.c:4041
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Параметр --veracrypt-pim можна використовувати лише для сумісних із VeraCrypt пристроїв."
-
-#: src/cryptsetup.c:4049
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "Параметр --veracrypt-query-pim можна використовувати лише для сумісних із VeraCrypt пристроїв."
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr "Не можна поєднувати параметри --veracrypt-pim і --veracrypt-query-pim."
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr "Значенням для параметра --priority може бути лише один з таких рядків: ignore, normal або prefer."
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr "Слід вказати специфікація слотів ключів."
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
+#: src/cryptsetup.c:3557
msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
msgstr "Функцією отримання ключа на основі пароля (PBKDF) може бути лише pbkdf2 або argon2i/argon2id."
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
+#: src/cryptsetup.c:3562
msgid "PBKDF forced iterations cannot be combined with iteration time option."
msgstr "Примусові ітерації PBKDF не можна поєднувати із параметром тривалості ітерацій."
-#: src/cryptsetup.c:4081
-msgid "Sector size option is not supported for this command."
-msgstr "У цій команді не передбачено підтримки параметра розміру сектора."
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr "Підтримку можливості використання великих секторів IV передбачено лише для відкриття пристроїв простого типу з розміром сектора, який перевищує 512 байтів."
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr "Разом із параметром --unbound слід вказувати розмір ключа."
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "Параметр --unbound можна використовувати лише з діями luksAddKey і luksDump."
+#: src/cryptsetup.c:3573
+msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+msgstr "Параметри --keyslot-cipher і --keyslot-key-size має бути використано разом."
-#: src/cryptsetup.c:4113
-msgid "Option --refresh may be used only with open action."
-msgstr "Ð\9fаÑ\80амеÑ\82Ñ\80 --refresh можна викоÑ\80иÑ\81Ñ\82овÑ\83ваÑ\82и лиÑ\88е пÑ\96д Ñ\87аÑ\81 дÑ\96Ñ\97 з вÑ\96дкÑ\80иÑ\82Ñ\82Ñ\8f (open)."
+#: src/cryptsetup.c:3581
+msgid "No action taken. Invoked with --test-args option.\n"
+msgstr "Ð\94Ñ\96й не виконано. Ð\92икликано Ñ\96з паÑ\80амеÑ\82Ñ\80ом --test-args.\n"
-#: src/cryptsetup.c:4124
+#: src/cryptsetup.c:3594
msgid "Cannot disable metadata locking."
msgstr "Не вдалося вимкнути блокування метаданих."
-#: src/cryptsetup.c:4135
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Некоректна специфікація розміру «гарячої» ділянки повторного шифрування."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Некоректна специфікація розміру пристрою."
-
-#: src/cryptsetup.c:4146
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 1 ГіБ."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Розмір зменшення має бути кратним до 512-байтового сектора."
-
-#: src/cryptsetup.c:4154
-msgid "Invalid data size specification."
-msgstr "Некоректна специфікація розміру даних."
-
-#: src/cryptsetup.c:4159
-msgid "Reduce size overflow."
-msgstr "Переповнення розміру зменшення."
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr "Розшифрування LUKS2 потребує параметра --header."
-
-#: src/cryptsetup.c:4167
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Розмір пристрою має бути кратним до 512-байтового сектора."
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr "Не можна одночасно використовувати параметри --reduce-device-size і --data-size."
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr "Не можна одночасно використовувати параметри --device-size і --size."
-
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Параметри --keyslot-cipher і --keyslot-key-size має бути використано разом."
-
-#: src/veritysetup.c:76
+#: src/veritysetup.c:54
msgid "Invalid salt string specified."
msgstr "Вказано некоректний рядок солі."
-#: src/veritysetup.c:107
+#: src/veritysetup.c:87
#, c-format
msgid "Cannot create hash image %s for writing."
msgstr "Не вдалося створити образ хешу %s для запису."
-#: src/veritysetup.c:117
+#: src/veritysetup.c:97
#, c-format
msgid "Cannot create FEC image %s for writing."
msgstr "Не вдалося створити образ FEC %s для запису."
-#: src/veritysetup.c:191
+#: src/veritysetup.c:136
+#, c-format
+msgid "Cannot create root hash file %s for writing."
+msgstr "Не вдалося створити файл кореневого хешу %s для запису."
+
+#: src/veritysetup.c:143
+#, c-format
+msgid "Cannot write to root hash file %s."
+msgstr "Не вдалося записати файл кореневого хешу %s."
+
+#: src/veritysetup.c:198 src/veritysetup.c:476
+#, c-format
+msgid "Device %s is not a valid VERITY device."
+msgstr "Пристрій %s не є коректним пристроєм VERITY."
+
+#: src/veritysetup.c:215 src/veritysetup.c:232
+#, c-format
+msgid "Cannot read root hash file %s."
+msgstr "Не вдалося прочитати файл кореневого хешу %s."
+
+#: src/veritysetup.c:220
+#, c-format
+msgid "Invalid root hash file %s."
+msgstr "Некоректний файл кореневого хешу %s."
+
+#: src/veritysetup.c:241
msgid "Invalid root hash string specified."
msgstr "Вказано некоректний рядок кореневого хешу."
-#: src/veritysetup.c:199
+#: src/veritysetup.c:249
#, c-format
msgid "Invalid signature file %s."
msgstr "Некоректний файл підпису %s."
-#: src/veritysetup.c:206
+#: src/veritysetup.c:256
#, c-format
msgid "Cannot read signature file %s."
msgstr "Не вдалося прочитати файл підпису %s."
-#: src/veritysetup.c:406
+#: src/veritysetup.c:279 src/veritysetup.c:293
+msgid "Command requires <root_hash> or --root-hash-file option as argument."
+msgstr "Для виконання команди потрібен <кореневий_хеш> або параметр --root-hash-file як аргумент."
+
+#: src/veritysetup.c:489
msgid "<data_device> <hash_device>"
msgstr "<пристрій_даних> <пристрій_хешу>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:489 src/integritysetup.c:534
msgid "format device"
msgstr "форматувати пристрій"
-#: src/veritysetup.c:407
-msgid "<data_device> <hash_device> <root_hash>"
-msgstr "<пристрій_даних> <пристрій_хешу> <кореневий_хеш>"
+#: src/veritysetup.c:490
+msgid "<data_device> <hash_device> [<root_hash>]"
+msgstr "<пристрій_даних> <пристрій_хешу> [<кореневий_хеш>]"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:490
msgid "verify device"
msgstr "перевірити пристрій"
-#: src/veritysetup.c:408
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<пристрій_даних> <назва> <пристрій_хешу> <кореневий_хеш>"
+#: src/veritysetup.c:491
+msgid "<data_device> <name> <hash_device> [<root_hash>]"
+msgstr "<пристрій_даних> <назва> <пристрій_хешу> [<кореневий_хеш>]"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:493 src/integritysetup.c:537
msgid "show active device status"
msgstr "показати стан активного пристрою"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:494
msgid "<hash_device>"
msgstr "<пристрій_хешу>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:494 src/integritysetup.c:538
msgid "show on-disk information"
msgstr "показати вбудовані дані"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:513
#, c-format
msgid ""
"\n"
"<пристрій_хешу> — пристрій, на якому зберігаються дані для перевірки\n"
"<кореневий_хеш> — хеш кореневого вузла на пристрої <пристрій_хешу>\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:520
#, c-format
msgid ""
"\n"
"Типові вбудовані параметри dm-verity:\n"
"\tхеш: %s, блок даних (у байтах): %u, блок хешу (у байтах): %u, розмір солі: %u, формат хешування: %u\n"
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Не використовувати суперблок verity"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Тип форматування (1 — звичайне, 0 — початкове Chrome OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "номер"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Розмір блоку на пристрої даних"
-
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Розмір блоку на пристрої хешу"
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr "Байти парності FEC"
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Кількість блоків у файлі даних"
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "блоки"
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr "Шлях до пристрою із даними для виправлення помилок"
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr "шлях"
-
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Початковий відступ на пристрої хешу"
-
-#: src/veritysetup.c:489
-msgid "Starting offset on the FEC device"
-msgstr "Початковий відступ на пристрої FEC"
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Алгоритм хешування"
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "рядок"
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Сіль"
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "шістнадцятковий рядок"
-
-#: src/veritysetup.c:493
-msgid "Path to root hash signature file"
-msgstr "Шлях до файла підпису кореневого хешу"
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Перезапустити ядро, якщо виявлено пошкодження"
-
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr "Запустити паніку ядра, якщо виявлено пошкодження"
-
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Ігнорувати пошкодження, лише записати повідомлення до журналу"
-
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Не перевіряти занулені блоки"
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr "Перевіряти блок даних лише під час його першого читання"
-
-#: src/veritysetup.c:600
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Параметри --ignore-corruption, --restart-on-corruption та --ignore-zero-blocks можна використовувати лише для дії з відкриття (open)."
-
-#: src/veritysetup.c:605
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Параметром --root-hash-signature можна користуватися лише для дії з відкриття."
-
-#: src/veritysetup.c:610
+#: src/veritysetup.c:658
msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
msgstr "Параметри --ignore-corruption і --restart-on-corruption не можна використовувати одночасно."
-#: src/veritysetup.c:615
+#: src/veritysetup.c:663
msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
msgstr "Параметри --panic-on-corruption і --restart-on-corruption не можна використовувати одночасно."
-#: src/integritysetup.c:85
+#: src/integritysetup.c:177
#, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Некоректний розмір ключа. Максимальний розмір дорівнює %u байтів."
+msgid ""
+"This will overwrite data on %s and %s irrevocably.\n"
+"To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."
+msgstr ""
+"Дані на %s і %s буде перезаписано без можливості відновлення.\n"
+"Щоб зберегти пристрій даних, скористайтеся параметром --no-wipe (а потім активуйте за допомогою --integrity-recalculate)."
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:212
#, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80оÑ\87иÑ\82аÑ\82и Ñ\84айл клÑ\8eÑ\87а %s."
+msgid "Formatted with tag size %u, internal integrity %s.\n"
+msgstr "ФоÑ\80маÑ\82овано Ñ\96з Ñ\80озмÑ\96Ñ\80ом мÑ\96Ñ\82ки %u, внÑ\83Ñ\82Ñ\80Ñ\96Ñ\88нÑ\8f Ñ\86Ñ\96лÑ\96Ñ\81нÑ\96Ñ\81Ñ\82Ñ\8c %s.\n"
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Не вдалося прочитати %d байтів з файла ключа %s."
+#: src/integritysetup.c:289
+msgid "Setting recalculate flag is not supported, you may consider using --wipe instead."
+msgstr "Підтримки встановлення прапорця повторного обчислення не передбачено. Вам варто розглянути можливість використання --wipe."
-#: src/integritysetup.c:266
+#: src/integritysetup.c:364 src/integritysetup.c:521
#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr "ФоÑ\80маÑ\82овано Ñ\96з Ñ\80озмÑ\96Ñ\80ом мÑ\96Ñ\82ки %u, внÑ\83Ñ\82Ñ\80Ñ\96Ñ\88нÑ\8f Ñ\86Ñ\96лÑ\96Ñ\81нÑ\96Ñ\81Ñ\82Ñ\8c %s.\n"
+msgid "Device %s is not a valid INTEGRITY device."
+msgstr "Ð\9fÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й %s не Ñ\94 коÑ\80екÑ\82ним пÑ\80иÑ\81Ñ\82Ñ\80оÑ\94м INTEGRITY."
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:534 src/integritysetup.c:538
msgid "<integrity_device>"
msgstr "<пристрій_цілісності>"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:535
msgid "<integrity_device> <name>"
msgstr "<пристрій_цілісності> <назва>"
-#: src/integritysetup.c:515
+#: src/integritysetup.c:558
#, c-format
msgid ""
"\n"
"<назва> є пристроєм, який слід створити у %s\n"
"<пристрій_цілісності> є пристроєм, на якому зберігаються дані із мітками цілісності\n"
-#: src/integritysetup.c:520
+#: src/integritysetup.c:563
#, c-format
msgid ""
"\n"
"\tАлгоритм обчислення контрольної суми: %s\n"
"\tМаксимальний розмір файла ключа: %d кБ\n"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr "Шлях до пристрою даних (якщо відокремлено)"
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr "Розмір журналу"
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr "Перемежовування секторів"
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr "«Водяний знак» журналу"
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr "відсоток"
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr "Час внесення до журналу"
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr "мс"
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr "Кількість 512-байтових секторів на біт (режим бітової карти)."
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr "Час спорожнення режиму бітової карти"
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr "Розмір мітки на сектор"
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr "Розмір сектора"
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr "Розмір буферів"
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr "Алгоритм забезпечення цілісності даних"
-
-#: src/integritysetup.c:579
-msgid "The size of the data integrity key"
-msgstr "Розмір ключа цілісності даних"
-
-#: src/integritysetup.c:580
-msgid "Read the integrity key from a file"
-msgstr "Прочитати ключ цілісності з файла"
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr "Алгоритм забезпечення цілісності журналу"
-
-#: src/integritysetup.c:583
-msgid "The size of the journal integrity key"
-msgstr "Розмір ключа цілісності журналу"
-
-#: src/integritysetup.c:584
-msgid "Read the journal integrity key from a file"
-msgstr "Прочитати ключ цілісності журналу з файла"
-
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr "Алгоритм шифрування журналу"
-
-#: src/integritysetup.c:587
-msgid "The size of the journal encryption key"
-msgstr "Розмір ключа шифрування журналу"
-
-#: src/integritysetup.c:588
-msgid "Read the journal encryption key from a file"
-msgstr "Читати ключ шифрування журналу з файла"
-
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
-msgstr "Режим відновлення (без журналу, без перевірки міток)"
-
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "Використовувати для стеження за змінами бітову карту і вимкнути журнал для пристрою забезпечення цілісності"
-
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr "Обчислювати початкові мітки автоматично."
-
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr "Не захищати суперблок HMAC (застарілі ядра)"
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr "Дозволити повторне обчислення томів за допомогою ключів HMAC (застарілі ядра)"
-
-#: src/integritysetup.c:672
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Параметр --integrity-recalculate можна використовувати лише під час дії з відкриття (open)."
-
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr "Параметри --journal-size, --interleave-sectors, --sector-size, --tag-size та --no-wipe можна використовувати лише для дії з форматування."
-
-#: src/integritysetup.c:698
-msgid "Invalid journal size specification."
-msgstr "Некоректна специфікація розміру журналу."
+#: src/integritysetup.c:620
+#, c-format
+msgid "Invalid --%s size. Maximum is %u bytes."
+msgstr "Некоректний розмір --%s. Максимальний розмір дорівнює %u байтів."
-#: src/integritysetup.c:703
+#: src/integritysetup.c:720
msgid "Both key file and key size options must be specified."
msgstr "Не можна одночасно вказувати параметри файла ключа і розміру ключа."
-#: src/integritysetup.c:708
+#: src/integritysetup.c:724
msgid "Both journal integrity key file and key size options must be specified."
msgstr "Не можна одночасно вказувати параметри файла ключа цілісності журналу і розміру ключа."
-#: src/integritysetup.c:711
+#: src/integritysetup.c:727
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "Якщо використано ключ цілісності журналу, має бути вказано алгоритм забезпечення цілісності журналу."
-#: src/integritysetup.c:716
+#: src/integritysetup.c:731
msgid "Both journal encryption key file and key size options must be specified."
msgstr "Не можна одночасно вказувати параметри файла ключа шифрування журналу і розміру ключа."
-#: src/integritysetup.c:719
+#: src/integritysetup.c:734
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "Якщо використано ключ шифрування журналу, має бути вказано алгоритм забезпечення шифрування журналу."
-#: src/integritysetup.c:723
+#: src/integritysetup.c:738
msgid "Recovery and bitmap mode options are mutually exclusive."
msgstr "Не можна поєднувати параметри відновлення і бітової карти."
-#: src/integritysetup.c:727
+#: src/integritysetup.c:745
msgid "Journal options cannot be used in bitmap mode."
msgstr "Параметри журналу у режимі бітової карти використовувати не можна."
-#: src/integritysetup.c:731
+#: src/integritysetup.c:750
msgid "Bitmap options can be used only in bitmap mode."
msgstr "Параметри бітової карти можна використовувати лише у режимі бітового карти."
-#: src/cryptsetup_reencrypt.c:190
-msgid "Reencryption already in-progress."
-msgstr "Вже виконується повторне шифрування."
-
-#: src/cryptsetup_reencrypt.c:226
-#, c-format
-msgid "Cannot exclusively open %s, device in use."
-msgstr "Не можна відкрити %s у виключному режимі, пристрій вже використовується."
-
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-msgid "Allocation of aligned memory failed."
-msgstr "Спроба розподілу вирівняних ділянок пам’яті зазнала невдачі."
-
-#: src/cryptsetup_reencrypt.c:247
-#, c-format
-msgid "Cannot read device %s."
-msgstr "Не вдалося виконати читання з пристрою %s."
-
-#: src/cryptsetup_reencrypt.c:258
-#, c-format
-msgid "Marking LUKS1 device %s unusable."
-msgstr "Позначаємо пристрій LUKS1 %s як непридатний."
-
-#: src/cryptsetup_reencrypt.c:262
-#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr "Встановлюємо прапорець повторного шифрування LUKS2 з від'єднанням на пристрій %s."
-
-#: src/cryptsetup_reencrypt.c:279
-#, c-format
-msgid "Cannot write device %s."
-msgstr "Не вдалося виконати запис на пристрій %s."
-
-#: src/cryptsetup_reencrypt.c:327
-msgid "Cannot write reencryption log file."
-msgstr "Не вдалося записати файл журналу повторного шифрування."
-
-#: src/cryptsetup_reencrypt.c:383
-msgid "Cannot read reencryption log file."
-msgstr "Не вдалося прочитати файл журналу повторного шифрування."
-
-#: src/cryptsetup_reencrypt.c:421
-#, c-format
-msgid "Log file %s exists, resuming reencryption.\n"
-msgstr "Файл журналу %s вже існує, поновлюємо повторне шифрування.\n"
-
-#: src/cryptsetup_reencrypt.c:470
-msgid "Activating temporary device using old LUKS header."
-msgstr "Спроба задіяти тимчасовий пристрій за допомогою старого заголовка LUKS."
-
-#: src/cryptsetup_reencrypt.c:480
-msgid "Activating temporary device using new LUKS header."
-msgstr "Спроба задіяти тимчасовий пристрій за допомогою нового заголовка LUKS."
-
-#: src/cryptsetup_reencrypt.c:490
-msgid "Activation of temporary devices failed."
-msgstr "Спроба задіяти тимчасові пристрої зазнала невдачі."
-
-#: src/cryptsetup_reencrypt.c:577
-msgid "Failed to set data offset."
-msgstr "Не вдалося встановити відступ у даних."
-
-#: src/cryptsetup_reencrypt.c:583
-msgid "Failed to set metadata size."
-msgstr "Не вдалося встановити розмір метаданих."
-
-#: src/cryptsetup_reencrypt.c:591
-#, c-format
-msgid "New LUKS header for device %s created."
-msgstr "Створено новий заголовок LUKS для пристрою %s."
-
-#: src/cryptsetup_reencrypt.c:651
-#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr "Ця версія cryptsetup-reencrypt не може обробляти новий тип вбудованих ключів %s."
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr "Не вдалося прочитати прапорці активації з резервного заголовка."
-
-#: src/cryptsetup_reencrypt.c:677
-msgid "Failed to write activation flags to new header."
-msgstr "Не вдалося записати прапорці активації до нового заголовка."
-
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-msgid "Failed to read requirements from backup header."
-msgstr "Не вдалося прочитати вимоги із резервного заголовка."
-
-#: src/cryptsetup_reencrypt.c:723
-#, c-format
-msgid "%s header backup of device %s created."
-msgstr "Створено резервну копію заголовка %s пристрою %s."
-
-#: src/cryptsetup_reencrypt.c:786
-msgid "Creation of LUKS backup headers failed."
-msgstr "Спроба створення заголовків резервних копій LUKS зазнала невдачі."
-
-#: src/cryptsetup_reencrypt.c:919
-#, c-format
-msgid "Cannot restore %s header on device %s."
-msgstr "Не вдалося відновити заголовок %s на пристрої %s."
-
-#: src/cryptsetup_reencrypt.c:921
-#, c-format
-msgid "%s header on device %s restored."
-msgstr "Відновлено заголовок %s на пристрої %s."
-
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-msgid "Cannot open temporary LUKS device."
-msgstr "Неможливо відкрити тимчасовий пристрій LUKS."
-
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-msgid "Cannot get device size."
-msgstr "Не вдалося отримати дані щодо розміру пристрою."
-
-#: src/cryptsetup_reencrypt.c:1176
-msgid "IO error during reencryption."
-msgstr "Помилка введення-виведення під час повторного шифрування."
-
-#: src/cryptsetup_reencrypt.c:1207
-msgid "Provided UUID is invalid."
-msgstr "Наданий UUID є некоректним."
-
-#: src/cryptsetup_reencrypt.c:1441
-msgid "Cannot open reencryption log file."
-msgstr "Не вдалося відкрити файл журналу повторного шифрування."
-
-#: src/cryptsetup_reencrypt.c:1447
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
-msgstr "Розшифровування не виконується. Наданий UUID можна використовувати лише для відновлення призупиненого процесу розшифровування."
-
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr "Змінено параметри pbkdf у слоті ключа %i."
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "Reencryption block size"
-msgstr "Розмір блоку повторного шифрування"
-
-#: src/cryptsetup_reencrypt.c:1636
-msgid "MiB"
-msgstr "МіБ"
-
-#: src/cryptsetup_reencrypt.c:1640
-msgid "Do not change key, no data area reencryption"
-msgstr "Не змінювати ключ, не виконувати повторного шифрування області даних"
-
-#: src/cryptsetup_reencrypt.c:1642
-msgid "Read new volume (master) key from file"
-msgstr "Прочитати новий ключ тому (основний ключ) з файла"
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Тривалість ітерації PBKDF2 для LUKS (у мс)"
-
-#: src/cryptsetup_reencrypt.c:1649
-msgid "Use direct-io when accessing devices"
-msgstr "Використовувати безпосереднє введення-виведення під час доступу до пристроїв"
-
-#: src/cryptsetup_reencrypt.c:1650
-msgid "Use fsync after each block"
-msgstr "Використовувати fsync після кожного блоку"
-
-#: src/cryptsetup_reencrypt.c:1651
-msgid "Update log file after every block"
-msgstr "Оновлювати файл журналу після кожного блоку"
-
-#: src/cryptsetup_reencrypt.c:1652
-msgid "Use only this slot (others will be disabled)"
-msgstr "Використовувати лише цей слот (інші буде вимкнено)"
-
-#: src/cryptsetup_reencrypt.c:1657
-msgid "Create new header on not encrypted device"
-msgstr "Створити новий заголовок на незашифрованому пристрої"
-
-#: src/cryptsetup_reencrypt.c:1658
-msgid "Permanently decrypt device (remove encryption)"
-msgstr "Остаточно розшифрувати пристрій (скасувати шифрування)"
-
-#: src/cryptsetup_reencrypt.c:1659
-msgid "The UUID used to resume decryption"
-msgstr "UUID, що використовується для відновлення розшифровування"
-
-#: src/cryptsetup_reencrypt.c:1660
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Тип метаданих LUKS (luks1 або luks2)"
-
-#: src/cryptsetup_reencrypt.c:1679
-msgid "[OPTION...] <device>"
-msgstr "[ПАРАМЕТР...] <пристрій>"
+#: src/utils_tools.c:118
+msgid ""
+"\n"
+"WARNING!\n"
+"========\n"
+msgstr ""
+"\n"
+"УВАГА!\n"
+"======\n"
-#: src/cryptsetup_reencrypt.c:1687
+#. TRANSLATORS: User must type "YES" (in capital letters), do not translate this word.
+#: src/utils_tools.c:120
#, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
-msgstr "Повторне шифрування призведе до зміни: %s%s%s%s%s%s."
-
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr "ключ тому"
-
-#: src/cryptsetup_reencrypt.c:1690
-msgid "set hash to "
-msgstr "встановити хеш у значення "
-
-#: src/cryptsetup_reencrypt.c:1691
-msgid ", set cipher to "
-msgstr ", встановити шифрування "
-
-#: src/cryptsetup_reencrypt.c:1695
-msgid "Argument required."
-msgstr "Слід вказати аргумент."
-
-#: src/cryptsetup_reencrypt.c:1723
-msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
-msgstr "Розмір блоку повторного шифрування повинен належати діапазону від 1 МіБ до 64 МІБ."
-
-#: src/cryptsetup_reencrypt.c:1750
-msgid "Maximum device reduce size is 64 MiB."
-msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 64 МіБ."
-
-#: src/cryptsetup_reencrypt.c:1757
-msgid "Option --new must be used together with --reduce-device-size or --header."
-msgstr "Параметр --new слід використовувати разом з --reduce-device-size або --header."
-
-#: src/cryptsetup_reencrypt.c:1761
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
-msgstr "Параметр --keep-key можна використовувати лише разом з параметром --hash --iter-time або --pbkdf-force-iterations."
-
-#: src/cryptsetup_reencrypt.c:1765
-msgid "Option --new cannot be used together with --decrypt."
-msgstr "Параметр --new не можна використовувати разом з --decrypt."
-
-#: src/cryptsetup_reencrypt.c:1769
-msgid "Option --decrypt is incompatible with specified parameters."
-msgstr "Параметр --decrypt є несумісним із вказаними параметрами."
-
-#: src/cryptsetup_reencrypt.c:1773
-msgid "Option --uuid is allowed only together with --decrypt."
-msgstr "Параметр --uuid можна використовувати лише разом із --decrypt."
-
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr "Некоректний тип luks. Скористайтеся одним з таких типів: luks, luks1 або luks2."
+msgid ""
+"%s\n"
+"\n"
+"Are you sure? (Type 'yes' in capital letters): "
+msgstr ""
+"%s\n"
+"\n"
+"Ви впевнені? (Введіть «yes» великими літерами): "
-#: src/utils_tools.c:151
+#: src/utils_tools.c:126
msgid "Error reading response from terminal."
msgstr "Помилка під час спроби читання відповіді з термінала."
-#: src/utils_tools.c:186
-msgid "Command successful.\n"
-msgstr "Команду виконано успішно.\n"
+#: src/utils_tools.c:158
+msgid "Command successful."
+msgstr "Команду виконано успішно."
-#: src/utils_tools.c:194
+#: src/utils_tools.c:166
msgid "wrong or missing parameters"
msgstr "помилкові параметри або параметри не вказано"
-#: src/utils_tools.c:196
+#: src/utils_tools.c:168
msgid "no permission or bad passphrase"
msgstr "немає права доступу або помилковий пароль"
-#: src/utils_tools.c:198
+#: src/utils_tools.c:170
msgid "out of memory"
msgstr "недостатньо пам'яті"
-#: src/utils_tools.c:200
+#: src/utils_tools.c:172
msgid "wrong device or file specified"
msgstr "вказано помилковий пристрій або файл"
-#: src/utils_tools.c:202
+#: src/utils_tools.c:174
msgid "device already exists or device is busy"
msgstr "пристрій вже існує або пристрій зайнято"
-#: src/utils_tools.c:204
+#: src/utils_tools.c:176
msgid "unknown error"
msgstr "невідома помилка"
-#: src/utils_tools.c:206
+#: src/utils_tools.c:178
#, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Спроба виконання команди завершилася повідомленням про помилку з кодом %i (%s).\n"
+msgid "Command failed with code %i (%s)."
+msgstr "Спроба виконання команди завершилася повідомленням про помилку з кодом %i (%s)."
-#: src/utils_tools.c:284
+#: src/utils_tools.c:256
#, c-format
msgid "Key slot %i created."
msgstr "Створено слот ключа %i."
-#: src/utils_tools.c:286
+#: src/utils_tools.c:258
#, c-format
msgid "Key slot %i unlocked."
msgstr "Слот ключа %i розблоковано."
-#: src/utils_tools.c:288
+#: src/utils_tools.c:260
#, c-format
msgid "Key slot %i removed."
msgstr "Слот ключа %i вилучено."
-#: src/utils_tools.c:297
+#: src/utils_tools.c:269
#, c-format
msgid "Token %i created."
-msgstr "СÑ\82воÑ\80ено клÑ\8eÑ\87 %i."
+msgstr "СÑ\82воÑ\80ено жеÑ\82он %i."
-#: src/utils_tools.c:299
+#: src/utils_tools.c:271
#, c-format
msgid "Token %i removed."
-msgstr "Ð\9aлÑ\8eÑ\87 %i вилучено."
+msgstr "Ð\96еÑ\82он %i вилучено."
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-"\n"
-"Витирання перервано."
+#: src/utils_tools.c:281
+msgid "No token could be unlocked with this PIN."
+msgstr "За допомогою цього коду не можна розблокувати жоден жетон."
-#: src/utils_tools.c:476
+#: src/utils_tools.c:283
#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr "Ð\9fопеÑ\80едженнÑ\8f: пÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й %s вже мÑ\96Ñ\81Ñ\82иÑ\82Ñ\8c пÑ\96дпиÑ\81 Ñ\80оздÑ\96лÑ\83 «%s».\n"
+msgid "Token %i requires PIN."
+msgstr "Ð\94лÑ\8f доÑ\81Ñ\82Ñ\83пÑ\83 до жеÑ\82она %i поÑ\82Ñ\80Ñ\96бен пÑ\96нкод."
-#: src/utils_tools.c:484
+#: src/utils_tools.c:285
#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr "Ð\9fопеÑ\80едженнÑ\8f: пÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й %s вже мÑ\96Ñ\81Ñ\82иÑ\82Ñ\8c пÑ\96дпиÑ\81 Ñ\81Ñ\83пеÑ\80блокÑ\83 «%s».\n"
+msgid "Token (type %s) requires PIN."
+msgstr "Ð\94лÑ\8f доÑ\81Ñ\82Ñ\83пÑ\83 до жеÑ\82она (Ñ\82ип %s) поÑ\82Ñ\80Ñ\96бен пÑ\96нкод."
-#: src/utils_tools.c:505 src/utils_tools.c:569
-msgid "Failed to initialize device signature probes."
-msgstr "Не вдалося ініціалізувати зондування підписів пристроїв."
+#: src/utils_tools.c:288
+#, c-format
+msgid "Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Жетон %i не може розблокувати пов'язані слоти ключів (помилковий пароль до слота ключів)."
-#: src/utils_tools.c:549
+#: src/utils_tools.c:290
#, c-format
-msgid "Failed to stat device %s."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f зÑ\96бÑ\80аÑ\82и Ñ\81Ñ\82аÑ\82иÑ\81Ñ\82иÑ\87нÑ\96 данÑ\96 Ñ\89одо пÑ\80иÑ\81Ñ\82Ñ\80оÑ\8e %s."
+msgid "Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."
+msgstr "Ð\96еÑ\82он (Ñ\82ипÑ\83 %s) не може Ñ\80озблокÑ\83ваÑ\82и пов'Ñ\8fзанÑ\96 Ñ\81лоÑ\82и клÑ\8eÑ\87Ñ\96в (помилковий паÑ\80олÑ\8c до Ñ\81лоÑ\82а клÑ\8eÑ\87Ñ\96в)."
-#: src/utils_tools.c:562
+#: src/utils_tools.c:293
#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr "Ð\9fÑ\80иÑ\81Ñ\82Ñ\80Ñ\96й %s викоÑ\80иÑ\81Ñ\82овÑ\83Ñ\94Ñ\82Ñ\8cÑ\81Ñ\8f Ñ\81Ñ\82оÑ\80оннÑ\8cоÑ\8e пÑ\80огÑ\80амоÑ\8e. Ð\9fÑ\80одовженнÑ\8f дÑ\96й з Ñ\84оÑ\80маÑ\82Ñ\83ваннÑ\8f неможливе."
+msgid "Token %i requires additional missing resource."
+msgstr "Ð\96еÑ\82онÑ\83 %i поÑ\82Ñ\80Ñ\96бен додаÑ\82ковий Ñ\80еÑ\81Ñ\83Ñ\80Ñ\81, Ñ\8fкого не виÑ\81Ñ\82аÑ\87аÑ\94."
-#: src/utils_tools.c:564
+#: src/utils_tools.c:295
#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "Ð\9dе вдалоÑ\81Ñ\8f вÑ\96дкÑ\80иÑ\82и Ñ\84айл %s Ñ\83 Ñ\80ежимÑ\96 Ñ\87иÑ\82аннÑ\8f-запиÑ\81Ñ\83."
+msgid "Token (type %s) requires additional missing resource."
+msgstr "Ð\96еÑ\82онÑ\83 (Ñ\82ипÑ\83 %s) поÑ\82Ñ\80Ñ\96бен додаÑ\82ковий Ñ\80еÑ\81Ñ\83Ñ\80Ñ\81, Ñ\8fкого не виÑ\81Ñ\82аÑ\87аÑ\94."
-#: src/utils_tools.c:578
+#: src/utils_tools.c:298
#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Ð\9dаÑ\8fвний пÑ\96дпиÑ\81 Ñ\80оздÑ\96лÑ\83 «%s» (змÑ\96Ñ\89еннÑ\8f: %<PRIi64> байÑ\82Ñ\96в) на пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97 %s бÑ\83де виÑ\82еÑ\80Ñ\82о."
+msgid "No usable token (type %s) is available."
+msgstr "Ð\9dемаÑ\94 пÑ\80идаÑ\82ного до викоÑ\80иÑ\81Ñ\82аннÑ\8f жеÑ\82она (Ñ\82ипÑ\83 %s)."
-#: src/utils_tools.c:581
+#: src/utils_tools.c:300
+msgid "No usable token is available."
+msgstr "Немає придатного до використання жетона."
+
+#: src/utils_tools.c:393
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr "Ð\9dаÑ\8fвний пÑ\96дпиÑ\81 Ñ\81Ñ\83пеÑ\80блокÑ\83 «%s» (змÑ\96Ñ\89еннÑ\8f: %<PRIi64> байÑ\82Ñ\96в) на пÑ\80иÑ\81Ñ\82Ñ\80оÑ\97 %s бÑ\83де виÑ\82еÑ\80Ñ\82о."
+msgid "Cannot read keyfile %s."
+msgstr "Ð\9dе вдалоÑ\81Ñ\8f пÑ\80оÑ\87иÑ\82аÑ\82и Ñ\84айл клÑ\8eÑ\87а %s."
-#: src/utils_tools.c:584
-msgid "Failed to wipe device signature."
-msgstr "Не вдалося витерти підпис пристрою."
+#: src/utils_tools.c:398
+#, c-format
+msgid "Cannot read %d bytes from keyfile %s."
+msgstr "Не вдалося прочитати %d байтів з файла ключа %s."
-#: src/utils_tools.c:591
+#: src/utils_tools.c:423
#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Не вдалося виконати зондування пристрою %s з метою виявлення підпису."
+msgid "Cannot open keyfile %s for write."
+msgstr "Не вдалося відкрити файл ключа %s для запису."
-#: src/utils_tools.c:622
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr ""
-"\n"
-"Повторне шифрування перервано."
+#: src/utils_tools.c:430
+#, c-format
+msgid "Cannot write to keyfile %s."
+msgstr "Не вдалося виконати запису до файла ключа %s."
+
+#: src/utils_progress.c:74
+#, c-format
+msgid "%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>х%02<PRIu64>с"
+
+#: src/utils_progress.c:76
+#, c-format
+msgid "%02<PRIu64>h%02<PRIu64>m%02<PRIu64>s"
+msgstr "%02<PRIu64>г%02<PRIu64>х%02<PRIu64>с"
+
+#: src/utils_progress.c:78
+#, c-format
+msgid "%02<PRIu64> days"
+msgstr "%02<PRIu64> днів"
+
+#: src/utils_progress.c:105 src/utils_progress.c:138
+#, c-format
+msgid "%4<PRIu64> %s written"
+msgstr "Записано %4<PRIu64> %s"
+
+#: src/utils_progress.c:109 src/utils_progress.c:142
+#, c-format
+msgid "speed %5.1f %s/s"
+msgstr "швидкість %5.1f %s/с"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. 'eol' is always new-line or empty.
+#. See above.
+#.
+#: src/utils_progress.c:118
+#, c-format
+msgid "Progress: %5.1f%%, ETA %s, %s, %s%s"
+msgstr "Поступ: %5.1f%%, приблизний час %s, %s, %s%s"
+
+#. TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+#. to get translated as well. See above
+#.
+#: src/utils_progress.c:150
+#, c-format
+msgid "Finished, time %s, %s, %s\n"
+msgstr "Завершено, час %s, %s, %s\n"
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:41 src/utils_password.c:72
#, c-format
msgid "Cannot check password quality: %s"
msgstr "Не вдалося перевірити якість пароля: %s"
-#: src/utils_password.c:51
+#: src/utils_password.c:49
#, c-format
msgid ""
"Password quality check failed:\n"
"Помилка під час спроби оцінити якість пароля:\n"
" %s"
-#: src/utils_password.c:83
+#: src/utils_password.c:79
#, c-format
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "Помилка під час спроби оцінити якість пароля: некоректний пароль (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:230 src/utils_password.c:244
msgid "Error reading passphrase from terminal."
msgstr "Помилка під час читання пароля з термінала."
-#: src/utils_password.c:240
+#: src/utils_password.c:242
msgid "Verify passphrase: "
msgstr "Перевірка пароля: "
-#: src/utils_password.c:247
+#: src/utils_password.c:249
msgid "Passphrases do not match."
msgstr "Паролі не збігаються."
-#: src/utils_password.c:284
+#: src/utils_password.c:287
msgid "Cannot use offset with terminal input."
msgstr "Не можна використовувати відступ у даних, що надходять з термінала."
-#: src/utils_password.c:287
+#: src/utils_password.c:291
#, c-format
msgid "Enter passphrase: "
msgstr "Введіть пароль: "
-#: src/utils_password.c:290
+#: src/utils_password.c:294
#, c-format
msgid "Enter passphrase for %s: "
msgstr "Введіть пароль до %s: "
-#: src/utils_password.c:321
+#: src/utils_password.c:328
msgid "No key available with this passphrase."
msgstr "Для цього пароля немає відповідного ключа."
-#: src/utils_password.c:323
+#: src/utils_password.c:330
msgid "No usable keyslot is available."
msgstr "Немає доступних придатних до користування слотів ключів."
-#: src/utils_password.c:365
-#, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Не вдалося відкрити файл ключа %s для запису."
-
-#: src/utils_password.c:372
-#, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Не вдалося виконати запису до файла ключа %s."
+#: src/utils_luks.c:67
+msgid "Can't do passphrase verification on non-tty inputs."
+msgstr "Перевірку паролів не можна виконувати на основі вхідних даних, які надходять не з tty."
-#: src/utils_luks2.c:47
+#: src/utils_luks.c:182
#, c-format
msgid "Failed to open file %s in read-only mode."
msgstr "Не вдалося відкрити файл %s у режимі лише читання."
-#: src/utils_luks2.c:60
+#: src/utils_luks.c:195
msgid "Provide valid LUKS2 token JSON:\n"
-msgstr "Ð\9dадайÑ\82е коÑ\80екÑ\82ний клÑ\8eÑ\87 JSON LUKS2:\n"
+msgstr "Ð\9dадайÑ\82е коÑ\80екÑ\82ний жеÑ\82он JSON LUKS2:\n"
-#: src/utils_luks2.c:67
+#: src/utils_luks.c:202
msgid "Failed to read JSON file."
msgstr "Не вдалося прочитати файл JSON."
-#: src/utils_luks2.c:72
+#: src/utils_luks.c:207
msgid ""
"\n"
"Read interrupted."
"\n"
"Читання перервано."
-#: src/utils_luks2.c:113
+#: src/utils_luks.c:248
#, c-format
msgid "Failed to open file %s in write mode."
msgstr "Не вдалося відкрити файл %s у режимі запису."
-#: src/utils_luks2.c:122
+#: src/utils_luks.c:257
msgid ""
"\n"
"Write interrupted."
"\n"
"Запис перервано."
-#: src/utils_luks2.c:126
+#: src/utils_luks.c:261
msgid "Failed to write JSON file."
msgstr "Не вдалося записати файл JSON."
-#~ msgid "Failed to disable reencryption requirement flag."
-#~ msgstr "Не вдалося вимкнути прапорець вимоги повторного шифрування."
+#: src/utils_reencrypt.c:120
+#, c-format
+msgid "Auto-detected active dm device '%s' for data device %s.\n"
+msgstr "Автоматично виявлено активний пристрій dm «%s» для пристрою даних %s.\n"
-#~ msgid ""
-#~ "Seems device does not require reencryption recovery.\n"
-#~ "Do you want to proceed anyway?"
-#~ msgstr ""
-#~ "Здається, пристрій не потребує відновлення повторного шифрування.\n"
-#~ "Хочете виконати цю дію попри це?"
+#: src/utils_reencrypt.c:124
+#, c-format
+msgid "Failed to auto-detect device %s holders."
+msgstr "Не вдалося автоматично визначити утримувачів пристрою %s."
+
+#: src/utils_reencrypt.c:130
+#, c-format
+msgid "Device %s is not a block device.\n"
+msgstr "Пристрій %s не є блоковим пристроєм.\n"
+
+#: src/utils_reencrypt.c:132
+#, c-format
+msgid ""
+"Unable to decide if device %s is activated or not.\n"
+"Are you sure you want to proceed with reencryption in offline mode?\n"
+"It may lead to data corruption if the device is actually activated.\n"
+"To run reencryption in online mode, use --active-name parameter instead.\n"
+msgstr ""
+"Не вдалося визначити, чи задіяно пристрій %s.\n"
+"Ви справді хочете продовжити повторне шифрування у режимі з від'єднанням?\n"
+"Таке шифрування може призвести до пошкодження даних, якщо пристрій задіяно.\n"
+"Щоб запустити повторне шифрування у режимі без від'єднання, скористайтеся параметром --active-name.\n"
+
+#: src/utils_reencrypt.c:141 src/utils_reencrypt.c:274
+#, c-format
+msgid ""
+"Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."
+msgstr ""
+"Пристрій %s не є блоковим пристроєм. Не можна визначити, чи є він активним.\n"
+"Скористайтеся --force-offline-reencrypt для обходу перевірки та запуску в автономному режимі (небезпечно!)."
+
+#: src/utils_reencrypt.c:178 src/utils_reencrypt.c:221
+#: src/utils_reencrypt.c:231
+msgid "Requested --resilience option cannot be applied to current reencryption operation."
+msgstr "Вказаний параметр --resilience не може бути застосовано до поточної дії з повторного шифрування."
+
+#: src/utils_reencrypt.c:203
+msgid "Device is not in LUKS2 encryption. Conflicting option --encrypt."
+msgstr "Пристрій не у шифруванні LUKS2. Конфліктний параметр --encrypt."
+
+#: src/utils_reencrypt.c:208
+msgid "Device is not in LUKS2 decryption. Conflicting option --decrypt."
+msgstr "Пристрій не у розшифруванні LUKS2. Конфліктний параметр --decrypt."
+
+#: src/utils_reencrypt.c:215
+msgid "Device is in reencryption using datashift resilience. Requested --resilience option cannot be applied."
+msgstr "Пристрій перебуває у повторному шифруванні з використанням стійкості зсуву даних. Вказаний параметр --resilience не може бути застосовано."
+
+#: src/utils_reencrypt.c:293
+msgid "Device requires reencryption recovery. Run repair first."
+msgstr "Пристрій потребує відновлення повторного шифрування. Спочатку виконайте відновлення."
+
+#: src/utils_reencrypt.c:307
+#, c-format
+msgid "Device %s is already in LUKS2 reencryption. Do you wish to resume previously initialised operation?"
+msgstr "Пристрій %s вже перебуває у стані повторного шифрування LUKS2. Хочете відновити раніше ініціалізовану дію?"
+
+#: src/utils_reencrypt.c:353
+msgid "Legacy LUKS2 reencryption is no longer supported."
+msgstr "Підтримки застарілого повторного шифрування LUKS2 більше не передбачено."
+
+#: src/utils_reencrypt.c:418
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "Підтримки повторного шифрування пристрою із профілем цілісності не передбачено."
+
+#: src/utils_reencrypt.c:449
+#, c-format
+msgid ""
+"Requested --sector-size %<PRIu32> is incompatible with %s superblock\n"
+"(block size: %<PRIu32> bytes) detected on device %s."
+msgstr ""
+"Вказаний --sector-size %<PRIu32> є несумісним із суперблоком %s\n"
+"(розмір блоку: %<PRIu32> байтів), який виявлено на пристрої %s."
+
+#: src/utils_reencrypt.c:518 src/utils_reencrypt.c:1391
+msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
+msgstr "Шифрування без від'єднаного заголовка (--header) є неможливим без зменшення розміру пристрою зберігання даних (--reduce-device-size)."
+
+#: src/utils_reencrypt.c:525
+msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
+msgstr "Вказаний зсув даних має бути меншим або рівним половині значення параметра --reduce-device-size."
+
+#: src/utils_reencrypt.c:535
+#, c-format
+msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
+msgstr "Коригуємо значення --reduce-device-size до подвійного значення --offset %<PRIu64> (у секторах).\n"
+
+#: src/utils_reencrypt.c:565
+#, c-format
+msgid "Temporary header file %s already exists. Aborting."
+msgstr "Файл тимчасового заголовка %s вже існує. Перериваємо обробку."
+
+#: src/utils_reencrypt.c:567 src/utils_reencrypt.c:574
+#, c-format
+msgid "Cannot create temporary header file %s."
+msgstr "Не вдалося створити файл тимчасового заголовка %s."
+
+#: src/utils_reencrypt.c:599
+msgid "LUKS2 metadata size is larger than data shift value."
+msgstr "Розмір метаданих LUKS2 перевищує значення зсуву даних."
+
+#: src/utils_reencrypt.c:636
+#, c-format
+msgid "Failed to place new header at head of device %s."
+msgstr "Не вдалося розмістити новий заголовок на початку пристрою %s."
+
+#: src/utils_reencrypt.c:646
+#, c-format
+msgid "%s/%s is now active and ready for online encryption.\n"
+msgstr "%s/%s задіяно, система готова до інтерактивного шифрування.\n"
+
+#: src/utils_reencrypt.c:682
+#, c-format
+msgid "Active device %s is not LUKS2."
+msgstr "Активний пристрій %s не є пристроєм LUKS2."
+
+#: src/utils_reencrypt.c:710
+msgid "Restoring original LUKS2 header."
+msgstr "Відновлюємо початковий заголовок LUKS2."
+
+#: src/utils_reencrypt.c:718
+msgid "Original LUKS2 header restore failed."
+msgstr "Спроба відновлення початкового заголовка LUKS2 зазнала невдачі."
+
+#: src/utils_reencrypt.c:744
+#, c-format
+msgid "Header file %s does not exist. Do you want to initialize LUKS2 decryption of device %s and export LUKS2 header to file %s?"
+msgstr "Файла заголовка %s не існує. Хочете ініціалізувати розшифрування LUKS2 пристрою %s і експортувати заголовок LUKS2 до файла %s?"
+
+#: src/utils_reencrypt.c:792
+msgid "Failed to add read/write permissions to exported header file."
+msgstr "Не вдалося додати права доступу для читання-запису до експортованого файла заголовка."
+
+#: src/utils_reencrypt.c:845
+#, c-format
+msgid "Reencryption initialization failed. Header backup is available in %s."
+msgstr "Не вдалося ініціалізувати повторне шифрування. Резервна копія заголовка перебуває у %s."
+
+#: src/utils_reencrypt.c:873
+msgid "LUKS2 decryption is supported with detached header device only (with data offset set to 0)."
+msgstr "Підтримку розшифровування LUKS2 передбачено лише для пристроїв із від'єднаним заголовком (із встановленим нульовим відступом даних)."
+
+#: src/utils_reencrypt.c:1008 src/utils_reencrypt.c:1017
+msgid "Not enough free keyslots for reencryption."
+msgstr "Недостатньо вільних слотів ключів для повторного шифрування."
+
+#: src/utils_reencrypt.c:1038 src/utils_reencrypt_luks1.c:1100
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "Файлом ключа можна користуватися лише з --key-slot, або якщо активним є лише один слот ключа."
+
+#: src/utils_reencrypt.c:1047 src/utils_reencrypt_luks1.c:1147
+#: src/utils_reencrypt_luks1.c:1158
+#, c-format
+msgid "Enter passphrase for key slot %d: "
+msgstr "Вкажіть пароль для слоту ключа %d: "
+
+#: src/utils_reencrypt.c:1059
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Вкажіть пароль для слоту ключа %u: "
+
+#: src/utils_reencrypt.c:1111
+#, c-format
+msgid "Switching data encryption cipher to %s.\n"
+msgstr "Перемикаємося на шифрування даних %s.\n"
+
+#: src/utils_reencrypt.c:1165
+msgid "No data segment parameters changed. Reencryption aborted."
+msgstr "Не змінено параметри сегмента даних. Повторне шифрування перервано."
+
+#: src/utils_reencrypt.c:1267
+msgid ""
+"Encryption sector size increase on offline device is not supported.\n"
+"Activate the device first or use --force-offline-reencrypt option (dangerous!)."
+msgstr ""
+"Підтримки збільшення розміру сектора шифрування на вимкненому пристрої не передбачено.\n"
+"Спочатку активуйте пристрій або скористайтеся параметром --force-offline-reencrypt (небезпечно!)."
+
+#: src/utils_reencrypt.c:1307 src/utils_reencrypt_luks1.c:726
+#: src/utils_reencrypt_luks1.c:798
+msgid ""
+"\n"
+"Reencryption interrupted."
+msgstr ""
+"\n"
+"Повторне шифрування перервано."
+
+#: src/utils_reencrypt.c:1312
+msgid "Resuming LUKS reencryption in forced offline mode.\n"
+msgstr "Відновлюємо повторне шифрування LUKS у примусовому вимкненому режимі.\n"
+
+#: src/utils_reencrypt.c:1329
+#, c-format
+msgid "Device %s contains broken LUKS metadata. Aborting operation."
+msgstr "На пристрої %s містяться пошкоджені метадані LUKS. Перериваємо дію."
+
+#: src/utils_reencrypt.c:1345 src/utils_reencrypt.c:1367
+#, c-format
+msgid "Device %s is already LUKS device. Aborting operation."
+msgstr "Пристрій %s вже є пристроєм LUKS. Перериваємо дію."
+
+#: src/utils_reencrypt.c:1373
+#, c-format
+msgid "Device %s is already in LUKS reencryption. Aborting operation."
+msgstr "Пристрій %s вже перебуває у стані повторного шифрування LUKS. Перериваємо дію."
+
+#: src/utils_reencrypt.c:1453
+msgid "LUKS2 decryption requires --header option."
+msgstr "Для розшифровування LUKS2 потрібен параметр --header."
+
+#: src/utils_reencrypt.c:1501
+msgid "Command requires device as argument."
+msgstr "Комарні слід передати аргумент пристрою."
+
+#: src/utils_reencrypt.c:1514
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS1."
+msgstr "Конфлікт версій. Пристрій %s є пристроєм LUKS1."
+
+#: src/utils_reencrypt.c:1520
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS1 reencryption."
+msgstr "Конфлікт версій. Пристрій %s перебуває у стані повторного шифрування LUKS1."
+
+#: src/utils_reencrypt.c:1526
+#, c-format
+msgid "Conflicting versions. Device %s is LUKS2."
+msgstr "Конфлікт версій. Пристрій %s є пристроєм LUKS2."
+
+#: src/utils_reencrypt.c:1532
+#, c-format
+msgid "Conflicting versions. Device %s is in LUKS2 reencryption."
+msgstr "Конфлікт версій. Пристрій %s перебуває у стані повторного шифрування LUKS2."
+
+#: src/utils_reencrypt.c:1538
+msgid "LUKS2 reencryption already initialized. Aborting operation."
+msgstr "Вже ініційовано повторне шифрування LUKS2. Перериваємо виконання дії."
+
+#: src/utils_reencrypt.c:1545
+msgid "Device reencryption not in progress."
+msgstr "Повторне шифрування пристрою не виконується."
+
+#: src/utils_reencrypt_luks1.c:129 src/utils_blockdev.c:287
+#, c-format
+msgid "Cannot exclusively open %s, device in use."
+msgstr "Не можна відкрити %s у виключному режимі, пристрій вже використовується."
+
+#: src/utils_reencrypt_luks1.c:143 src/utils_reencrypt_luks1.c:945
+msgid "Allocation of aligned memory failed."
+msgstr "Спроба розподілу вирівняних ділянок пам’яті зазнала невдачі."
+
+#: src/utils_reencrypt_luks1.c:150
+#, c-format
+msgid "Cannot read device %s."
+msgstr "Не вдалося виконати читання з пристрою %s."
+
+#: src/utils_reencrypt_luks1.c:161
+#, c-format
+msgid "Marking LUKS1 device %s unusable."
+msgstr "Позначаємо пристрій LUKS1 %s як непридатний."
+
+#: src/utils_reencrypt_luks1.c:177
+#, c-format
+msgid "Cannot write device %s."
+msgstr "Не вдалося виконати запис на пристрій %s."
+
+#: src/utils_reencrypt_luks1.c:226
+msgid "Cannot write reencryption log file."
+msgstr "Не вдалося записати файл журналу повторного шифрування."
+
+#: src/utils_reencrypt_luks1.c:282
+msgid "Cannot read reencryption log file."
+msgstr "Не вдалося прочитати файл журналу повторного шифрування."
+
+#: src/utils_reencrypt_luks1.c:293
+msgid "Wrong log format."
+msgstr "Помилкове форматування журналу."
+
+#: src/utils_reencrypt_luks1.c:320
+#, c-format
+msgid "Log file %s exists, resuming reencryption.\n"
+msgstr "Файл журналу %s вже існує, поновлюємо повторне шифрування.\n"
+
+#: src/utils_reencrypt_luks1.c:369
+msgid "Activating temporary device using old LUKS header."
+msgstr "Спроба задіяти тимчасовий пристрій за допомогою старого заголовка LUKS."
+
+#: src/utils_reencrypt_luks1.c:379
+msgid "Activating temporary device using new LUKS header."
+msgstr "Спроба задіяти тимчасовий пристрій за допомогою нового заголовка LUKS."
+
+#: src/utils_reencrypt_luks1.c:389
+msgid "Activation of temporary devices failed."
+msgstr "Спроба задіяти тимчасові пристрої зазнала невдачі."
+
+#: src/utils_reencrypt_luks1.c:449
+msgid "Failed to set data offset."
+msgstr "Не вдалося встановити відступ у даних."
+
+#: src/utils_reencrypt_luks1.c:455
+msgid "Failed to set metadata size."
+msgstr "Не вдалося встановити розмір метаданих."
+
+#: src/utils_reencrypt_luks1.c:463
+#, c-format
+msgid "New LUKS header for device %s created."
+msgstr "Створено новий заголовок LUKS для пристрою %s."
+
+#: src/utils_reencrypt_luks1.c:500
+#, c-format
+msgid "%s header backup of device %s created."
+msgstr "Створено резервну копію заголовка %s пристрою %s."
+
+#: src/utils_reencrypt_luks1.c:556
+msgid "Creation of LUKS backup headers failed."
+msgstr "Спроба створення заголовків резервних копій LUKS зазнала невдачі."
+
+#: src/utils_reencrypt_luks1.c:685
+#, c-format
+msgid "Cannot restore %s header on device %s."
+msgstr "Не вдалося відновити заголовок %s на пристрої %s."
+
+#: src/utils_reencrypt_luks1.c:687
+#, c-format
+msgid "%s header on device %s restored."
+msgstr "Відновлено заголовок %s на пристрої %s."
+
+#: src/utils_reencrypt_luks1.c:917 src/utils_reencrypt_luks1.c:923
+msgid "Cannot open temporary LUKS device."
+msgstr "Неможливо відкрити тимчасовий пристрій LUKS."
+
+#: src/utils_reencrypt_luks1.c:928 src/utils_reencrypt_luks1.c:933
+msgid "Cannot get device size."
+msgstr "Не вдалося отримати дані щодо розміру пристрою."
+
+#: src/utils_reencrypt_luks1.c:968
+msgid "IO error during reencryption."
+msgstr "Помилка введення-виведення під час повторного шифрування."
+
+#: src/utils_reencrypt_luks1.c:998
+msgid "Provided UUID is invalid."
+msgstr "Наданий UUID є некоректним."
+
+#: src/utils_reencrypt_luks1.c:1224
+msgid "Cannot open reencryption log file."
+msgstr "Не вдалося відкрити файл журналу повторного шифрування."
+
+#: src/utils_reencrypt_luks1.c:1230
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+msgstr "Розшифровування не виконується. Наданий UUID можна використовувати лише для відновлення призупиненого процесу розшифровування."
+
+#: src/utils_reencrypt_luks1.c:1286
+#, c-format
+msgid "Reencryption will change: %s%s%s%s%s%s."
+msgstr "Повторне шифрування призведе до зміни: %s%s%s%s%s%s."
+
+#: src/utils_reencrypt_luks1.c:1287
+msgid "volume key"
+msgstr "ключ тому"
+
+#: src/utils_reencrypt_luks1.c:1289
+msgid "set hash to "
+msgstr "встановити хеш у значення "
+
+#: src/utils_reencrypt_luks1.c:1290
+msgid ", set cipher to "
+msgstr ", встановити шифрування "
+
+#: src/utils_blockdev.c:189
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
+msgstr "Попередження: пристрій %s вже містить підпис розділу «%s».\n"
+
+#: src/utils_blockdev.c:197
+#, c-format
+msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
+msgstr "Попередження: пристрій %s вже містить підпис суперблоку «%s».\n"
+
+#: src/utils_blockdev.c:219 src/utils_blockdev.c:294 src/utils_blockdev.c:344
+msgid "Failed to initialize device signature probes."
+msgstr "Не вдалося ініціалізувати зондування підписів пристроїв."
+
+#: src/utils_blockdev.c:274
+#, c-format
+msgid "Failed to stat device %s."
+msgstr "Не вдалося зібрати статистичні дані щодо пристрою %s."
+
+#: src/utils_blockdev.c:289
+#, c-format
+msgid "Failed to open file %s in read/write mode."
+msgstr "Не вдалося відкрити файл %s у режимі читання-запису."
+
+#: src/utils_blockdev.c:307
+#, c-format
+msgid "Existing '%s' partition signature on device %s will be wiped."
+msgstr "Наявний підпис розділу «%s» на пристрої %s буде витерто."
+
+#: src/utils_blockdev.c:310
+#, c-format
+msgid "Existing '%s' superblock signature on device %s will be wiped."
+msgstr "Наявний підпис суперблоку «%s» на пристрої %s буде витерто."
+
+#: src/utils_blockdev.c:313
+msgid "Failed to wipe device signature."
+msgstr "Не вдалося витерти підпис пристрою."
+
+#: src/utils_blockdev.c:320
+#, c-format
+msgid "Failed to probe device %s for a signature."
+msgstr "Не вдалося виконати зондування пристрою %s з метою виявлення підпису."
+
+#: src/utils_args.c:65
+#, c-format
+msgid "Invalid size specification in parameter --%s."
+msgstr "Некоректна специфікація розміру у параметрі --%s."
+
+#: src/utils_args.c:125
+#, c-format
+msgid "Option --%s is not allowed with %s action."
+msgstr "Параметр --%s не можна використовувати разом із дією %s."
+
+#: tokens/ssh/cryptsetup-ssh.c:110
+msgid "Failed to write ssh token json."
+msgstr "Не вдалося записати JSON жетона ssh."
+
+#: tokens/ssh/cryptsetup-ssh.c:128
+msgid ""
+"Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server\vThis plugin currently allows only adding a token to an existing key slot.\n"
+"\n"
+"Specified SSH server must contain a key file on the specified path with a passphrase for an existing key slot on the device.\n"
+"Provided credentials will be used by cryptsetup to get the password when opening the device using the token.\n"
+"\n"
+"Note: The information provided when adding the token (SSH server address, user and paths) will be stored in the LUKS2 header in plaintext."
+msgstr ""
+"Експериментальний додаток cryptsetup для розблоковування пристроїв LUKS2 за допомогою жетона, який з'єднано із сервером SSH.\vУ поточній версії цей додаток уможливлює лише додавання жетона до наявного слоту ключа.\n"
+"\n"
+"Вказаний сервер SSH має містити файл ключа за вказаним шляхом із паролем для наявного слоту ключа на пристрою.\n"
+"Надані реєстраційні дані буде використано cryptsetup для отримання пароля для відкриття пристрою за допомогою жетона.\n"
+"\n"
+"Зауваження: дані, які надано при додаванні жетона (адреса сервера SSH, користувач та шляхи) буде збережено у заголовку LUKS2 у форматі звичайного тексту."
+
+#: tokens/ssh/cryptsetup-ssh.c:138
+msgid "<action> <device>"
+msgstr "<дія> <пристрій>"
+
+#: tokens/ssh/cryptsetup-ssh.c:141
+msgid "Options for the 'add' action:"
+msgstr "Параметри дії «add» (додати):"
+
+#: tokens/ssh/cryptsetup-ssh.c:142
+msgid "IP address/URL of the remote server for this token"
+msgstr "IP-адреса/Назва віддаленого сервера для цього жетона"
+
+#: tokens/ssh/cryptsetup-ssh.c:143
+msgid "Username used for the remote server"
+msgstr "Ім'я користувача для доступу до віддаленого сервера"
+
+#: tokens/ssh/cryptsetup-ssh.c:144
+msgid "Path to the key file on the remote server"
+msgstr "Шлях до файла ключа на віддаленому сервері"
+
+#: tokens/ssh/cryptsetup-ssh.c:145
+msgid "Path to the SSH key for connecting to the remote server"
+msgstr "Шлях до ключа SSH для з'єднання із віддаленим сервером"
+
+#: tokens/ssh/cryptsetup-ssh.c:146
+msgid "Keyslot to assign the token to. If not specified, token will be assigned to the first keyslot matching provided passphrase."
+msgstr "Слот ключа для прив'язування жетона. Якщо не вказано, жетон буде пов'язано із першим слотом ключа, який відповідає наданому паролю."
+
+#: tokens/ssh/cryptsetup-ssh.c:148
+msgid "Generic options:"
+msgstr "Загальні параметри:"
+
+#: tokens/ssh/cryptsetup-ssh.c:149
+msgid "Shows more detailed error messages"
+msgstr "Показувати докладні повідомлення про помилки"
+
+#: tokens/ssh/cryptsetup-ssh.c:150
+msgid "Show debug messages"
+msgstr "Показувати діагностичні повідомлення"
+
+#: tokens/ssh/cryptsetup-ssh.c:151
+msgid "Show debug messages including JSON metadata"
+msgstr "Показувати діагностичні повідомлення, зокрема метадані JSON"
+
+#: tokens/ssh/cryptsetup-ssh.c:262
+msgid "Failed to open and import private key:\n"
+msgstr "Не вдалося відкрити і імпортувати закритий ключ:\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:266
+msgid "Failed to import private key (password protected?).\n"
+msgstr "Не вдалося імпортувати закритий ключ (захищено паролем?).\n"
+
+#. TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: "
+#: tokens/ssh/cryptsetup-ssh.c:268
+#, c-format
+msgid "%s@%s's password: "
+msgstr "Пароль до %s@%s: "
+
+#: tokens/ssh/cryptsetup-ssh.c:357
+#, c-format
+msgid "Failed to parse arguments.\n"
+msgstr "Не вдалося обробити аргументи.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:368
+#, c-format
+msgid "An action must be specified\n"
+msgstr "Має бути вказано дію\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:374
+#, c-format
+msgid "Device must be specified for '%s' action.\n"
+msgstr "Для виконання дії «%s» має бути вказано пристрій.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:379
+#, c-format
+msgid "SSH server must be specified for '%s' action.\n"
+msgstr "Для виконання дії «%s» має бути вказано сервер SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:384
+#, c-format
+msgid "SSH user must be specified for '%s' action.\n"
+msgstr "Для виконання дії «%s» має бути вказано користувача SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:389
+#, c-format
+msgid "SSH path must be specified for '%s' action.\n"
+msgstr "Для виконання дії «%s» має бути вказано шлях до SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:394
+#, c-format
+msgid "SSH key path must be specified for '%s' action.\n"
+msgstr "Для виконання дії «%s» має бути вказано шлях до ключа SSH.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:401
+#, c-format
+msgid "Failed open %s using provided credentials.\n"
+msgstr "Не вдалося відкрити %s за допомогою наданих реєстраційних даних.\n"
+
+#: tokens/ssh/cryptsetup-ssh.c:417
+#, c-format
+msgid "Only 'add' action is currently supported by this plugin.\n"
+msgstr "У поточній версії цього додатка передбачено підтримку лише дії «add» (додати0.\n"
+
+#: tokens/ssh/ssh-utils.c:46
+msgid "Cannot create sftp session: "
+msgstr "Не вдалося створити сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:53
+msgid "Cannot init sftp session: "
+msgstr "Не вдалося ініціалізувати сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:59
+msgid "Cannot open sftp session: "
+msgstr "Не вдалося відкрити сеанс sftp: "
+
+#: tokens/ssh/ssh-utils.c:66
+msgid "Cannot stat sftp file: "
+msgstr "Не вдалося статистично обробити файл sftp: "
+
+#: tokens/ssh/ssh-utils.c:74
+msgid "Not enough memory.\n"
+msgstr "Недостатньо пам'яті.\n"
+
+#: tokens/ssh/ssh-utils.c:81
+msgid "Cannot read remote key: "
+msgstr "Не вдалося прочитати віддалений ключ: "
+
+#: tokens/ssh/ssh-utils.c:122
+msgid "Connection failed: "
+msgstr "Не вдалось з'єднатись: "
+
+#: tokens/ssh/ssh-utils.c:132
+msgid "Server not known: "
+msgstr "Невідомий сервер: "
+
+#: tokens/ssh/ssh-utils.c:160
+msgid "Public key auth method not allowed on host.\n"
+msgstr "На вузлі заборонено спосіб розпізнавання за відкритим ключем.\n"
+
+#: tokens/ssh/ssh-utils.c:171
+msgid "Public key authentication error: "
+msgstr "Помилка розпізнавання за відкритим ключем: "
+
+#~ msgid "WARNING: Data offset is outside of currently available data device.\n"
+#~ msgstr "Увага: відступ у даних виходить за межі поточного доступного пристрою для зберігання даних.\n"
+
+#~ msgid "Cannot get process priority."
+#~ msgstr "Не вдалося отримати значення пріоритетності процесу."
+
+#~ msgid "Cannot unlock memory."
+#~ msgstr "Не вдалося розблокувати пам’ять."
+
+#~ msgid "Locking directory %s/%s will be created with default compiled-in permissions."
+#~ msgstr "Буде створено каталог блокування %s/%s із типовими вбудованими правами доступу."
+
+#~ msgid "Failed to read BITLK signature from %s."
+#~ msgstr "Не вдалося прочитати підпис BITLK з %s."
+
+#~ msgid "Invalid or unknown signature for BITLK device."
+#~ msgstr "Некоректний або невідомий підпис для пристрою BITLK."
+
+#~ msgid "Failed to wipe backup segment data."
+#~ msgstr "Не вдалося витерти дані резервного сегмента."
+
+#~ msgid "Failed to disable reencryption requirement flag."
+#~ msgstr "Не вдалося вимкнути прапорець вимоги повторного шифрування."
+
+#~ msgid "Encryption is supported only for LUKS2 format."
+#~ msgstr "Підтримку шифрування передбачено лише для формату LUKS2."
+
+#~ msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
+#~ msgstr "Виявлено пристрій LUKS на %s. Хочете зашифрувати цей пристрій LUKS знову?"
+
+#~ msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
+#~ msgstr "У поточній версії передбачено підтримку лише формату LUKS2. Для роботи з LUKS1, будь ласка, скористайтеся програмою cryptsetup-reencrypt."
+
+#~ msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
+#~ msgstr "Вже виконується повторне шифрування з від'єднанням у застарілому режимі. Скористайтеся програмою cryptsetup-reencrypt."
+
+#~ msgid "LUKS2 device is not in reencryption."
+#~ msgstr "Пристрій LUKS2 не перебуває у стані повторного шифрування."
+
+#~ msgid "Setting LUKS2 offline reencrypt flag on device %s."
+#~ msgstr "Встановлюємо прапорець повторного шифрування LUKS2 з від'єднанням на пристрій %s."
+
+#~ msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
+#~ msgstr "Ця версія cryptsetup-reencrypt не може обробляти новий тип вбудованих жетонів %s."
+
+#~ msgid "Failed to read activation flags from backup header."
+#~ msgstr "Не вдалося прочитати прапорці активації з резервного заголовка."
+
+#~ msgid "Failed to write activation flags to new header."
+#~ msgstr "Не вдалося записати прапорці активації до нового заголовка."
+
+#~ msgid "Changed pbkdf parameters in keyslot %i."
+#~ msgstr "Змінено параметри pbkdf у слоті ключа %i."
+
+#~ msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
+#~ msgstr "Розмір блоку повторного шифрування повинен належати діапазону від 1 МіБ до 64 МІБ."
+
+#~ msgid "Maximum device reduce size is 64 MiB."
+#~ msgstr "Максимальний розмір зменшення розміру пристрою дорівнює 64 МіБ."
+
+#~ msgid "[OPTION...] <device>"
+#~ msgstr "[ПАРАМЕТР...] <пристрій>"
+
+#~ msgid "Argument required."
+#~ msgstr "Слід вказати аргумент."
+
+#~ msgid "Option --new must be used together with --reduce-device-size or --header."
+#~ msgstr "Параметр --new слід використовувати разом з --reduce-device-size або --header."
+
+#~ msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#~ msgstr "Параметр --keep-key можна використовувати лише разом з параметром --hash --iter-time або --pbkdf-force-iterations."
+
+#~ msgid "Option --new cannot be used together with --decrypt."
+#~ msgstr "Параметр --new не можна використовувати разом з --decrypt."
+
+#~ msgid "Option --decrypt is incompatible with specified parameters."
+#~ msgstr "Параметр --decrypt є несумісним із вказаними параметрами."
+
+#~ msgid "Option --uuid is allowed only together with --decrypt."
+#~ msgstr "Параметр --uuid можна використовувати лише разом із --decrypt."
+
+#~ msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
+#~ msgstr "Некоректний тип luks. Скористайтеся одним з таких типів: luks, luks1 або luks2."
+
+#~ msgid "Device %s is in use. Cannot proceed with format operation."
+#~ msgstr "Пристрій %s використовується сторонньою програмою. Продовження дій з форматування неможливе."
+
+#~ msgid "No free token slot."
+#~ msgstr "Немає вільного слоту ключів."
+
+#~ msgid "Invalid LUKS device type."
+#~ msgstr "Некоректний тип пристрою LUKS."
+
+#~ msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+#~ msgstr "Шифр, який використано для шифрування даних диска (див. /proc/crypto)"
+
+#~ msgid "The hash used to create the encryption key from the passphrase"
+#~ msgstr "Хеш, використаний для створення ключа шифрування на основі пароля"
+
+#~ msgid "Verifies the passphrase by asking for it twice"
+#~ msgstr "Перевіряє пароль повторним запитом щодо нього"
+
+#~ msgid "Read the key from a file"
+#~ msgstr "Прочитати ключ з файла"
+
+#~ msgid "Read the volume (master) key from file."
+#~ msgstr "Прочитати ключ тому (основний ключ) з файла."
+
+#~ msgid "Dump volume (master) key instead of keyslots info"
+#~ msgstr "Створити дамп ключа тому (основного ключа) замість показу даних щодо слотів ключів"
+
+#~ msgid "The size of the encryption key"
+#~ msgstr "Розмір ключа шифрування"
+
+#~ msgid "BITS"
+#~ msgstr "БІТИ"
+
+#~ msgid "Limits the read from keyfile"
+#~ msgstr "Обмежує читання з файла ключа"
+
+#~ msgid "bytes"
+#~ msgstr "байти"
+
+#~ msgid "Number of bytes to skip in keyfile"
+#~ msgstr "Кількість байтів, які слід пропустити у файлі ключа"
+
+#~ msgid "Limits the read from newly added keyfile"
+#~ msgstr "Обмежує читання з щойно доданого файла ключа"
+
+#~ msgid "Number of bytes to skip in newly added keyfile"
+#~ msgstr "Кількість байтів, які слід пропустити у щойно доданому файлі ключа"
+
+#~ msgid "Slot number for new key (default is first free)"
+#~ msgstr "Номер слоту для нового ключа (типовим слотом є перший вільний слот)"
+
+#~ msgid "The size of the device"
+#~ msgstr "Розмір пристрою"
+
+#~ msgid "SECTORS"
+#~ msgstr "СЕКТОРИ"
+
+#~ msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+#~ msgstr "Використовувати лише вказаний розмір пристрою (ігнорувати решту об’єму). НЕБЕЗПЕЧНО!"
+
+#~ msgid "The start offset in the backend device"
+#~ msgstr "Початковий відступ на допоміжному пристрої"
+
+#~ msgid "How many sectors of the encrypted data to skip at the beginning"
+#~ msgstr "Кількість секторів зашифрованих даних, які слід пропустити на початку"
+
+#~ msgid "Create a readonly mapping"
+#~ msgstr "Створити призначення у режимі лише читання"
+
+#~ msgid "Do not ask for confirmation"
+#~ msgstr "Не питати про підтвердження"
+
+#~ msgid "Timeout for interactive passphrase prompt (in seconds)"
+#~ msgstr "Час очікування у інтерактивному запиті щодо пароля (у секундах)"
+
+#~ msgid "secs"
+#~ msgstr "секунди"
+
+#~ msgid "Progress line update (in seconds)"
+#~ msgstr "Оновлення лінії поступу (у секундах)"
+
+#~ msgid "How often the input of the passphrase can be retried"
+#~ msgstr "Частота повторень спроб отримання вхідних даних пароля"
+
+#~ msgid "Align payload at <n> sector boundaries - for luksFormat"
+#~ msgstr "Вирівняти дані за областями у <n> секторів, для luksFormat"
+
+#~ msgid "File with LUKS header and keyslots backup"
+#~ msgstr "Файл з заголовком LUKS та резервною копію слотів ключів"
+
+#~ msgid "Use /dev/random for generating volume key"
+#~ msgstr "Використовувати для створення ключа тому /dev/random"
+
+#~ msgid "Use /dev/urandom for generating volume key"
+#~ msgstr "Використовувати для створення ключа тому /dev/urandom"
+
+#~ msgid "Share device with another non-overlapping crypt segment"
+#~ msgstr "Використовувати пристрій спільно з іншим сегментом шифрування, без перекриття"
+
+#~ msgid "UUID for device to use"
+#~ msgstr "UUID пристрою, який слід використати"
+
+#~ msgid "Allow discards (aka TRIM) requests for device"
+#~ msgstr "Дозволити запити відкидання (або TRIM) до пристрою"
+
+#~ msgid "Device or file with separated LUKS header"
+#~ msgstr "Пристрій або файл з окремим заголовком LUKS"
+
+#~ msgid "Do not activate device, just check passphrase"
+#~ msgstr "Не задіювати пристрій, просто перевірити пароль"
+
+#~ msgid "Use hidden header (hidden TCRYPT device)"
+#~ msgstr "Використовувати прихований заголовок (прихований пристрій TCRYPT)"
+
+#~ msgid "Device is system TCRYPT drive (with bootloader)"
+#~ msgstr "Пристрій є системним диском TCRYPT (диском з завантажувачем)"
+
+#~ msgid "Use backup (secondary) TCRYPT header"
+#~ msgstr "Використовувати резервний (вторинний) заголовок TCRYPT"
+
+#~ msgid "Scan also for VeraCrypt compatible device"
+#~ msgstr "Виконати також пошук сумісних із VeraCrypt пристроїв"
+
+#~ msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) для сумісного з VeraCrypt пристрою"
+
+#~ msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
+#~ msgstr "Особистий множник ітерації (Personal Iteration Multiplier або PIM) запису для сумісного з VeraCrypt пристрою"
+
+#~ msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#~ msgstr "Типи метаданих пристрою: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+
+#~ msgid "Disable password quality check (if enabled)"
+#~ msgstr "Вимкнути перевірку якості пароля (якщо її увімкнено)"
+
+#~ msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
+#~ msgstr "Скористатися параметром сумісності швидкодії dm-crypt same_cpu_crypt"
+
+#~ msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
+#~ msgstr "Скористатися параметром сумісності швидкодії dm-crypt submit_from_crypt_cpus"
+
+#~ msgid "Bypass dm-crypt workqueue and process read requests synchronously"
+#~ msgstr "Обійти чергу обробки dm-crypt і обробляти запити щодо читання синхронно"
+
+#~ msgid "Bypass dm-crypt workqueue and process write requests synchronously"
+#~ msgstr "Обійти чергу обробки dm-crypt і обробляти запити щодо запису синхронно"
+
+#~ msgid "Device removal is deferred until the last user closes it"
+#~ msgstr "Вилучення пристрою відкладено до часу, коли останній користувач закриє його"
+
+#~ msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
+#~ msgstr "Скористатися загальним блокуванням для перетворення у послідовну форму «жорсткого» PBKDF у пам'яті (обхід OOM)"
+
+#~ msgid "PBKDF iteration time for LUKS (in ms)"
+#~ msgstr "Тривалість ітерації PBKDF для LUKS (у мс)"
+
+#~ msgid "msecs"
+#~ msgstr "мс"
+
+#~ msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
+#~ msgstr "Алгоритм PBKDF (для LUKS2) (argon2i/argon2id/pbkdf2)"
+
+#~ msgid "PBKDF memory cost limit"
+#~ msgstr "Обмеження вартості пам'яті PBKDF"
+
+#~ msgid "kilobytes"
+#~ msgstr "кілобайти"
+
+#~ msgid "PBKDF parallel cost"
+#~ msgstr "Вартість розпаралелювання PBKDF"
+
+#~ msgid "threads"
+#~ msgstr "threads"
+
+#~ msgid "PBKDF iterations cost (forced, disables benchmark)"
+#~ msgstr "Вартість ітерацій PBKDF (примусово, вимикає тестування)"
+
+#~ msgid "Keyslot priority: ignore, normal, prefer"
+#~ msgstr "Пріоритетність слотів ключів: ignore, normal, prefer"
+
+#~ msgid "Disable locking of on-disk metadata"
+#~ msgstr "Вимкнути блокування метаданих на диску"
+
+#~ msgid "Disable loading volume keys via kernel keyring"
+#~ msgstr "Вимкнути завантаження ключів тому за допомогою сховища ключів ядра"
+
+#~ msgid "Data integrity algorithm (LUKS2 only)"
+#~ msgstr "Алгоритм перевірки цілісності даних (лише LUKS2)"
+
+#~ msgid "Disable journal for integrity device"
+#~ msgstr "Вимкнути журнал для пристрою забезпечення цілісності"
+
+#~ msgid "Do not wipe device after format"
+#~ msgstr "Не витирати пристрій після форматування"
+
+#~ msgid "Use inefficient legacy padding (old kernels)"
+#~ msgstr "Скористатися неефективним застарілим відступом (застарілі ядра)"
+
+#~ msgid "Do not ask for passphrase if activation by token fails"
+#~ msgstr "Не просити ввести пароль, якщо не вдасться скористатися активацією за ключем"
+
+#~ msgid "Token number (default: any)"
+#~ msgstr "Номер ключа (типове значення: будь-який)"
+
+#~ msgid "Key description"
+#~ msgstr "Опис ключа"
+
+#~ msgid "Encryption sector size (default: 512 bytes)"
+#~ msgstr "Розмір сектора шифрування (типове значення: 512 байтів)"
+
+#~ msgid "Use IV counted in sector size (not in 512 bytes)"
+#~ msgstr "Використовувати обчислення за IV у розмірі сектора (не за блоками у 512 байтів)"
+
+#~ msgid "Set activation flags persistent for device"
+#~ msgstr "Встановити сталі прапорці активації для пристрою"
+
+#~ msgid "Set label for the LUKS2 device"
+#~ msgstr "Встановити мітку для пристрою LUKS2"
+
+#~ msgid "Set subsystem label for the LUKS2 device"
+#~ msgstr "Встановити мітку підтому для пристрою LUKS2"
+
+#~ msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
+#~ msgstr "Створити непов'язаний (без пов'язаного сегмента даних) слот ключів LUKS2 або його дамп"
+
+#~ msgid "Read or write the json from or to a file"
+#~ msgstr "Прочитати json з файла або записати json до файла"
+
+#~ msgid "LUKS2 header metadata area size"
+#~ msgstr "Розмір області метаданих у заголовку LUKS2"
+
+#~ msgid "LUKS2 header keyslots area size"
+#~ msgstr "Розмір області слотів ключів у заголовку LUKS2"
+
+#~ msgid "Refresh (reactivate) device with new parameters"
+#~ msgstr "Оновити (повторно активувати) пристрій згідно з новими параметрами"
+
+#~ msgid "LUKS2 keyslot: The size of the encryption key"
+#~ msgstr "Слот ключів LUKS2: розмір ключа шифрування"
+
+#~ msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
+#~ msgstr "Слот ключа LUKS2: шифрування, яке використано для слоту ключів"
+
+#~ msgid "Encrypt LUKS2 device (in-place encryption)."
+#~ msgstr "Зашифрувати пристрій LUKS2 (шифрування на місці)."
+
+#~ msgid "Decrypt LUKS2 device (remove encryption)."
+#~ msgstr "Розшифрувати пристрій LUKS2 (усунути шифрування)."
+
+#~ msgid "Initialize LUKS2 reencryption in metadata only."
+#~ msgstr "Ініціалізувати повторне шифрування LUKS2 лише у метаданих."
+
+#~ msgid "Resume initialized LUKS2 reencryption only."
+#~ msgstr "Відновлювати лише ініціалізоване повторне шифрування LUKS2."
+
+#~ msgid "Reduce data device size (move data offset). DANGEROUS!"
+#~ msgstr "Зменшити розмір пристрою зберігання даних (змістити відступ даних). НЕБЕЗПЕЧНО!"
+
+#~ msgid "Maximal reencryption hotzone size."
+#~ msgstr "Максимальний розмір «гарячої» ділянки повторного шифрування."
+
+#~ msgid "Reencryption hotzone resilience type (checksum,journal,none)"
+#~ msgstr "Тип стійкості «гарячої» ділянки повторного шифрування (checksum (контрольна сума), journal (журнал), none (немає))"
+
+#~ msgid "Reencryption hotzone checksums hash"
+#~ msgstr "Хеш контрольних сум «гарячої» ділянки повторного шифрування"
+
+#~ msgid "Override device autodetection of dm device to be reencrypted"
+#~ msgstr "Перевизначити автоматично визначені параметри пристрою dm, який буде повторно зашифровано"
+
+#~ msgid "Option --deferred is allowed only for close command."
+#~ msgstr "Параметр --deferred можна використовувати лише для команди закриття (close)."
+
+#~ msgid "Option --allow-discards is allowed only for open operation."
+#~ msgstr "Параметр --shared можна використовувати лише для дії з відкриття."
+
+#~ msgid "Option --persistent is allowed only for open operation."
+#~ msgstr "Параметр --persistent можна використовувати лише для дії з відкриття."
+
+#~ msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#~ msgstr "Параметр --serialize-memory-hard-pbkdf можна використовувати лише для дії з відкриття."
+
+#~ msgid ""
+#~ "Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+#~ "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
+#~ msgstr ""
+#~ "Параметр --key-size можна використовувати лише для luksFormat, luksAddKey,\n"
+#~ "дій open і benchmark. Щоб обмежити читання з файла ключа, скористайтеся параметром --keyfile-size=(об’єм у байтах)."
+
+#~ msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#~ msgstr "Параметр --integrity можна використовувати лише для luksFormat (LUKS2)."
+
+#~ msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#~ msgstr "Параметри --label і --subsystem можна використовувати лише для дій luksFormat та config для LUKS2."
+
+#~ msgid "Negative number for option not permitted."
+#~ msgstr "Не можна використовувати від’ємні значення для параметра."
+
+#~ msgid "Option --use-[u]random is allowed only for luksFormat."
+#~ msgstr "Параметр --use-[u]random можна використовувати лише для дії luksFormat."
+
+#~ msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+#~ msgstr "Параметр --uuid можна використовувати лише для дій luksFormat і luksUUID."
+
+#~ msgid "Option --align-payload is allowed only for luksFormat."
+#~ msgstr "Параметр --align-payload можна використовувати лише для дії luksFormat."
+
+#~ msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
+#~ msgstr "Параметрами --luks2-metadata-size і --opt-luks2-keyslots-size можна користуватися лише для luksFormat з LUKS2."
+
+#~ msgid "Invalid LUKS2 metadata size specification."
+#~ msgstr "Некоректна специфікація розміру метаданих LUKS2."
+
+#~ msgid "Invalid LUKS2 keyslots size specification."
+#~ msgstr "Некоректна специфікація розміру слоту ключів LUKS2."
+
+#~ msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#~ msgstr "Підтримку параметра --offset передбачено лише для відкриття незашифрованих пристроїв та пристроїв loopaes, luksFormat та повторного шифрування."
+
+#~ msgid "Invalid argument for parameter --veracrypt-pim supplied."
+#~ msgstr "Надано некоректний аргумент для параметра --veracrypt-pim."
+
+#~ msgid "Sector size option is not supported for this command."
+#~ msgstr "У цій команді не передбачено підтримки параметра розміру сектора."
+
+#~ msgid "Option --refresh may be used only with open action."
+#~ msgstr "Параметр --refresh можна використовувати лише під час дії з відкриття (open)."
+
+#~ msgid "Invalid device size specification."
+#~ msgstr "Некоректна специфікація розміру пристрою."
+
+#~ msgid "Reduce size overflow."
+#~ msgstr "Переповнення розміру зменшення."
+
+#~ msgid "Do not use verity superblock"
+#~ msgstr "Не використовувати суперблок verity"
+
+#~ msgid "Format type (1 - normal, 0 - original Chrome OS)"
+#~ msgstr "Тип форматування (1 — звичайне, 0 — початкове Chrome OS)"
+
+#~ msgid "number"
+#~ msgstr "номер"
+
+#~ msgid "Block size on the data device"
+#~ msgstr "Розмір блоку на пристрої даних"
+
+#~ msgid "Block size on the hash device"
+#~ msgstr "Розмір блоку на пристрої хешу"
+
+#~ msgid "FEC parity bytes"
+#~ msgstr "Байти парності FEC"
+
+#~ msgid "The number of blocks in the data file"
+#~ msgstr "Кількість блоків у файлі даних"
+
+#~ msgid "blocks"
+#~ msgstr "блоки"
+
+#~ msgid "Path to device with error correction data"
+#~ msgstr "Шлях до пристрою із даними для виправлення помилок"
+
+#~ msgid "path"
+#~ msgstr "шлях"
+
+#~ msgid "Starting offset on the hash device"
+#~ msgstr "Початковий відступ на пристрої хешу"
+
+#~ msgid "Starting offset on the FEC device"
+#~ msgstr "Початковий відступ на пристрої FEC"
+
+#~ msgid "Hash algorithm"
+#~ msgstr "Алгоритм хешування"
+
+#~ msgid "string"
+#~ msgstr "рядок"
+
+#~ msgid "Salt"
+#~ msgstr "Сіль"
+
+#~ msgid "hex string"
+#~ msgstr "шістнадцятковий рядок"
+
+#~ msgid "Path to root hash signature file"
+#~ msgstr "Шлях до файла підпису кореневого хешу"
+
+#~ msgid "Restart kernel if corruption is detected"
+#~ msgstr "Перезапустити ядро, якщо виявлено пошкодження"
+
+#~ msgid "Panic kernel if corruption is detected"
+#~ msgstr "Запустити паніку ядра, якщо виявлено пошкодження"
+
+#~ msgid "Ignore corruption, log it only"
+#~ msgstr "Ігнорувати пошкодження, лише записати повідомлення до журналу"
+
+#~ msgid "Do not verify zeroed blocks"
+#~ msgstr "Не перевіряти занулені блоки"
+
+#~ msgid "Verify data block only the first time it is read"
+#~ msgstr "Перевіряти блок даних лише під час його першого читання"
+
+#~ msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
+#~ msgstr "Параметри --ignore-corruption, --restart-on-corruption та --ignore-zero-blocks можна використовувати лише для дії з відкриття (open)."
+
+#~ msgid "Option --root-hash-signature can be used only for open operation."
+#~ msgstr "Параметром --root-hash-signature можна користуватися лише для дії з відкриття."
+
+#~ msgid "Path to data device (if separated)"
+#~ msgstr "Шлях до пристрою даних (якщо відокремлено)"
+
+#~ msgid "Journal size"
+#~ msgstr "Розмір журналу"
+
+#~ msgid "Interleave sectors"
+#~ msgstr "Перемежовування секторів"
+
+#~ msgid "Journal watermark"
+#~ msgstr "«Водяний знак» журналу"
+
+#~ msgid "percent"
+#~ msgstr "відсоток"
+
+#~ msgid "Journal commit time"
+#~ msgstr "Час внесення до журналу"
+
+#~ msgid "ms"
+#~ msgstr "мс"
+
+#~ msgid "Number of 512-byte sectors per bit (bitmap mode)."
+#~ msgstr "Кількість 512-байтових секторів на біт (режим бітової карти)."
+
+#~ msgid "Bitmap mode flush time"
+#~ msgstr "Час спорожнення режиму бітової карти"
+
+#~ msgid "Tag size (per-sector)"
+#~ msgstr "Розмір мітки на сектор"
+
+#~ msgid "Sector size"
+#~ msgstr "Розмір сектора"
+
+#~ msgid "Buffers size"
+#~ msgstr "Розмір буферів"
+
+#~ msgid "Data integrity algorithm"
+#~ msgstr "Алгоритм забезпечення цілісності даних"
+
+#~ msgid "The size of the data integrity key"
+#~ msgstr "Розмір ключа цілісності даних"
+
+#~ msgid "Read the integrity key from a file"
+#~ msgstr "Прочитати ключ цілісності з файла"
+
+#~ msgid "Journal integrity algorithm"
+#~ msgstr "Алгоритм забезпечення цілісності журналу"
+
+#~ msgid "The size of the journal integrity key"
+#~ msgstr "Розмір ключа цілісності журналу"
+
+#~ msgid "Read the journal integrity key from a file"
+#~ msgstr "Прочитати ключ цілісності журналу з файла"
+
+#~ msgid "Journal encryption algorithm"
+#~ msgstr "Алгоритм шифрування журналу"
+
+#~ msgid "The size of the journal encryption key"
+#~ msgstr "Розмір ключа шифрування журналу"
+
+#~ msgid "Read the journal encryption key from a file"
+#~ msgstr "Читати ключ шифрування журналу з файла"
+
+#~ msgid "Recovery mode (no journal, no tag checking)"
+#~ msgstr "Режим відновлення (без журналу, без перевірки міток)"
+
+#~ msgid "Use bitmap to track changes and disable journal for integrity device"
+#~ msgstr "Використовувати для стеження за змінами бітову карту і вимкнути журнал для пристрою забезпечення цілісності"
+
+#~ msgid "Recalculate initial tags automatically."
+#~ msgstr "Обчислювати початкові мітки автоматично."
+
+#~ msgid "Do not protect superblock with HMAC (old kernels)"
+#~ msgstr "Не захищати суперблок HMAC (застарілі ядра)"
+
+#~ msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
+#~ msgstr "Дозволити повторне обчислення томів за допомогою ключів HMAC (застарілі ядра)"
+
+#~ msgid "Option --integrity-recalculate can be used only for open action."
+#~ msgstr "Параметр --integrity-recalculate можна використовувати лише під час дії з відкриття (open)."
+
+#~ msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#~ msgstr "Параметри --journal-size, --interleave-sectors, --sector-size, --tag-size та --no-wipe можна використовувати лише для дії з форматування."
+
+#~ msgid "Invalid journal size specification."
+#~ msgstr "Некоректна специфікація розміру журналу."
+
+#~ msgid "Reencryption block size"
+#~ msgstr "Розмір блоку повторного шифрування"
+
+#~ msgid "MiB"
+#~ msgstr "МіБ"
+
+#~ msgid "Do not change key, no data area reencryption"
+#~ msgstr "Не змінювати ключ, не виконувати повторного шифрування області даних"
+
+#~ msgid "Read new volume (master) key from file"
+#~ msgstr "Прочитати новий ключ тому (основний ключ) з файла"
+
+#~ msgid "Use direct-io when accessing devices"
+#~ msgstr "Використовувати безпосереднє введення-виведення під час доступу до пристроїв"
+
+#~ msgid "Use fsync after each block"
+#~ msgstr "Використовувати fsync після кожного блоку"
+
+#~ msgid "Update log file after every block"
+#~ msgstr "Оновлювати файл журналу після кожного блоку"
+
+#~ msgid "Use only this slot (others will be disabled)"
+#~ msgstr "Використовувати лише цей слот (інші буде вимкнено)"
+
+#~ msgid "Create new header on not encrypted device"
+#~ msgstr "Створити новий заголовок на незашифрованому пристрої"
+
+#~ msgid "Permanently decrypt device (remove encryption)"
+#~ msgstr "Остаточно розшифрувати пристрій (скасувати шифрування)"
+
+#~ msgid "The UUID used to resume decryption"
+#~ msgstr "UUID, що використовується для відновлення розшифровування"
+
+#~ msgid "Type of LUKS metadata: luks1, luks2"
+#~ msgstr "Тип метаданих LUKS (luks1 або luks2)"
#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
#~ msgstr "ПОПЕРЕДЖЕННЯ: не вистачає блокування каталогу %s/%s!\n"
msgstr ""
"Project-Id-Version: cryptsetup 1.7.4\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2017-03-02 09:40+0100\n"
"PO-Revision-Date: 2017-03-05 15:08+0700\n"
"Last-Translator: Trần Ngọc Quân <vnwildman@gmail.com>\n"
"Language-Team: Vietnamese <translation-team-vi@lists.sourceforge.net>\n"
"Language: vi\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Bugs: Report translation errors to the Language-Team address.\n"
"Plural-Forms: nplurals=1; plural=0;\n"
"X-Generator: Gtranslator 2.91.7\n"
-#: lib/libdevmapper.c:408
-#, fuzzy
-msgid "Cannot initialize device-mapper, running as non-root user."
+#: lib/libdevmapper.c:262
+msgid "Cannot initialize device-mapper, running as non-root user.\n"
msgstr "Không thể khởi tạo ánh-xạ-thiết-bị (device-mapper), do không chạy dưới quyền siêu người dùng.\n"
-#: lib/libdevmapper.c:411
-#, fuzzy
-msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
+#: lib/libdevmapper.c:265
+msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"
msgstr ""
"Không thể khởi tạo tiến trình ánh xạ thiết bị.\n"
"Mô-đun hạt nhân “dm_mod” được nạp chưa?\n"
-#: lib/libdevmapper.c:1180
-#, fuzzy
-msgid "Requested deferred flag is not supported."
-msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n"
-
-#: lib/libdevmapper.c:1249
-#, fuzzy, c-format
-msgid "DM-UUID for device %s was truncated."
+#: lib/libdevmapper.c:581
+#, c-format
+msgid "DM-UUID for device %s was truncated.\n"
msgstr "Mã số DM-UUID cho thiết bị %s bị cắt ngắn.\n"
-#: lib/libdevmapper.c:1580
-msgid "Unknown dm target type."
-msgstr ""
-
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
-#, fuzzy
-msgid "Requested dm-crypt performance options are not supported."
-msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n"
-
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
-#, fuzzy
-msgid "Requested dm-verity data corruption handling options are not supported."
-msgstr "Không hỗ trợ tùy chọn xử lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n"
-
-#: lib/libdevmapper.c:1721
-#, fuzzy
-msgid "Requested dm-verity FEC options are not supported."
-msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n"
-
-#: lib/libdevmapper.c:1725
-#, fuzzy
-msgid "Requested data integrity options are not supported."
-msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n"
-
-#: lib/libdevmapper.c:1727
-#, fuzzy
-msgid "Requested sector_size option is not supported."
+#: lib/libdevmapper.c:729
+msgid "Requested dm-crypt performance options are not supported.\n"
msgstr "Không hỗ trợ tùy chọn hiệu năng dm-crypt đã yêu cầu.\n"
-#: lib/libdevmapper.c:1732
-#, fuzzy
-msgid "Requested automatic recalculation of integrity tags is not supported."
-msgstr "Không hỗ trợ tùy chọn xử lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n"
-
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-#, fuzzy
-msgid "Discard/TRIM is not supported."
-msgstr "Thuật toán băm %s không được hỗ trợ.\n"
-
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
+#: lib/libdevmapper.c:735
+msgid "Requested dm-verity data corruption handling options are not supported.\n"
msgstr "Không hỗ trợ tùy chọn xử lý dữ liệu sai hỏng dm-verity đã yêu cầu.\n"
-#: lib/libdevmapper.c:2713
-#, c-format
-msgid "Failed to query dm-%s segment."
-msgstr ""
-
-#: lib/random.c:75
+#: lib/random.c:80
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"Hệ thống bị nằm ngoài en-trô-pi trong khi tạo khóa vùng chứa.\n"
"Xin hãy di chuyển con chuột hay gõ vài chữ trong cửa sổ khác để thu thập sự kiện ngẫu nhiên.\n"
-#: lib/random.c:79
+#: lib/random.c:84
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "Đang tạo khóa (xong %d%%).\n"
-#: lib/random.c:165
-#, fuzzy
-msgid "Running in FIPS mode."
+#: lib/random.c:170
+msgid "Running in FIPS mode.\n"
msgstr "Đang chạy trong chế độ FIPS.\n"
-#: lib/random.c:171
-#, fuzzy
-msgid "Fatal error during RNG initialisation."
+#: lib/random.c:176
+msgid "Fatal error during RNG initialisation.\n"
msgstr "Gặp lỗi nghiêm trọng trong quá trình khởi tạo RNG.\n"
-#: lib/random.c:208
-#, fuzzy
-msgid "Unknown RNG quality requested."
+#: lib/random.c:213
+msgid "Unknown RNG quality requested.\n"
msgstr "Không hiểu chất lượng RNG đã yêu cầu.\n"
-#: lib/random.c:213
-#, fuzzy
-msgid "Error reading from RNG."
+#: lib/random.c:218
+#, c-format
+msgid "Error %d reading from RNG: %s\n"
msgstr "Lỗi %d khi đọc từ RNG: %s\n"
-#: lib/setup.c:229
-#, fuzzy
-msgid "Cannot initialize crypto RNG backend."
+#: lib/setup.c:200
+msgid "Cannot initialize crypto RNG backend.\n"
msgstr "Không thể khởi tạo ứng dụng chạy ở phía sau (backend) mã hóa RNG.\n"
-#: lib/setup.c:235
-#, fuzzy
-msgid "Cannot initialize crypto backend."
+#: lib/setup.c:206
+msgid "Cannot initialize crypto backend.\n"
msgstr "Không thể khởi ứng dụng mã hóa chạy ở phía sau (backend).\n"
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
-#, fuzzy, c-format
-msgid "Hash algorithm %s not supported."
+#: lib/setup.c:237 lib/setup.c:1199 lib/verity/verity.c:123
+#, c-format
+msgid "Hash algorithm %s not supported.\n"
msgstr "Thuật toán băm %s không được hỗ trợ.\n"
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
-#, fuzzy, c-format
-msgid "Key processing error (using hash %s)."
+#: lib/setup.c:240 lib/loopaes/loopaes.c:90
+#, c-format
+msgid "Key processing error (using hash %s).\n"
msgstr "Lỗi xử lý khóa (dùng mã băm %s).\n"
-#: lib/setup.c:335 lib/setup.c:362
-#, fuzzy
-msgid "Cannot determine device type. Incompatible activation of device?"
+#: lib/setup.c:285
+msgid "Cannot determine device type. Incompatible activation of device?\n"
msgstr "Không thể dò tìm kiểu thiết bị. Phần hoạt hóa của thiết bị không tương thích à?\n"
-#: lib/setup.c:341 lib/setup.c:3058
-#, fuzzy
-msgid "This operation is supported only for LUKS device."
-msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n"
-
-#: lib/setup.c:368
-#, fuzzy
-msgid "This operation is supported only for LUKS2 device."
+#: lib/setup.c:289 lib/setup.c:1552
+msgid "This operation is supported only for LUKS device.\n"
msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n"
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
-#, fuzzy
-msgid "All key slots full."
+#: lib/setup.c:321
+msgid "All key slots full.\n"
msgstr "Mọi khe khóa đều đã đầy.\n"
-#: lib/setup.c:434
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select between 0 and %d."
+#: lib/setup.c:328
+#, c-format
+msgid "Key slot %d is invalid, please select between 0 and %d.\n"
msgstr "Khe khóa %d không đúng, hãy chọn một giá trị trong phạm vi từ 0 đến %d.\n"
-#: lib/setup.c:440
-#, fuzzy, c-format
-msgid "Key slot %d is full, please select another one."
+#: lib/setup.c:334
+#, c-format
+msgid "Key slot %d is full, please select another one.\n"
msgstr "Khe khóa %d bị đầy, hãy chọn một khe khác.\n"
-#: lib/setup.c:525 lib/setup.c:2832
-#, fuzzy
-msgid "Device size is not aligned to device logical block size."
-msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
+#: lib/setup.c:473
+#, c-format
+msgid "Enter passphrase for %s: "
+msgstr "Nhập cụm từ mật khẩu cho %s: "
-#: lib/setup.c:624
-#, fuzzy, c-format
-msgid "Header detected but device %s is too small."
+#: lib/setup.c:654
+#, c-format
+msgid "Header detected but device %s is too small.\n"
msgstr "Phát hiện được phần đầu nhưng mà thiết bị %s quá nhỏ.\n"
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
-#, fuzzy
-msgid "This operation is not supported for this device type."
+#: lib/setup.c:670 lib/setup.c:1435
+msgid "This operation is not supported for this device type.\n"
msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n"
-#: lib/setup.c:666
-msgid "Illegal operation with reencryption in-progress."
-msgstr ""
-
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
-#, fuzzy, c-format
-msgid "Unsupported LUKS version %d."
-msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
-
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
-#, fuzzy, c-format
-msgid "Device %s is not active."
+#: lib/setup.c:909 lib/setup.c:1388 lib/setup.c:2279
+#, c-format
+msgid "Device %s is not active.\n"
msgstr "Thiết bị %s không hoạt động.\n"
-#: lib/setup.c:1444
-#, fuzzy, c-format
-msgid "Underlying device for crypt device %s disappeared."
+#: lib/setup.c:926
+#, c-format
+msgid "Underlying device for crypt device %s disappeared.\n"
msgstr "Thiết bị nằm dưới cho thiết bị crypt %s đã bị biến mất.\n"
-#: lib/setup.c:1524
-#, fuzzy
-msgid "Invalid plain crypt parameters."
+#: lib/setup.c:995
+msgid "Invalid plain crypt parameters.\n"
msgstr "Đặt sai tham số mã hóa bình thường.\n"
-#: lib/setup.c:1529 lib/setup.c:1949
-#, fuzzy
-msgid "Invalid key size."
+#: lib/setup.c:1000 lib/setup.c:1120
+msgid "Invalid key size.\n"
msgstr "Kích cỡ khóa không đúng.\n"
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
-#, fuzzy
-msgid "UUID is not supported for this crypt type."
-msgstr "UUID không hỗ trợ kiểu mã hóa này.\n"
-
-#: lib/setup.c:1539 lib/setup.c:1959
-#, fuzzy
-msgid "Detached metadata device is not supported for this crypt type."
+#: lib/setup.c:1005 lib/setup.c:1125
+msgid "UUID is not supported for this crypt type.\n"
msgstr "UUID không hỗ trợ kiểu mã hóa này.\n"
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
-#, fuzzy
-msgid "Unsupported encryption sector size."
-msgstr "Không đọc được tập tin nhật ký reencryption.\n"
-
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
-#, fuzzy
-msgid "Device size is not aligned to requested sector size."
-msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
-
-#: lib/setup.c:1608 lib/setup.c:1727
-#, fuzzy
-msgid "Can't format LUKS without device."
+#: lib/setup.c:1047
+msgid "Can't format LUKS without device.\n"
msgstr "Không thể định dạng “LUKS” mà không có thiết bị.\n"
-#: lib/setup.c:1614 lib/setup.c:1733
-msgid "Requested data alignment is not compatible with data offset."
-msgstr ""
-
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr ""
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
-#, fuzzy, c-format
-msgid "Cannot wipe header on device %s."
-msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n"
-
-#: lib/setup.c:1744
-msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
-msgstr ""
-
-#: lib/setup.c:1766
-msgid "Volume key is too small for encryption with integrity extensions."
-msgstr ""
-
-#: lib/setup.c:1821
-#, fuzzy, c-format
-msgid "Cipher %s-%s (key size %zd bits) is not available."
-msgstr "Mã hóa kiểu %s không sẵn có.\n"
-
-#: lib/setup.c:1854
-#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1858
+#: lib/setup.c:1090
#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
-#, fuzzy, c-format
-msgid "Device %s is too small."
-msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n"
-
-#: lib/setup.c:1893 lib/setup.c:1919
-#, fuzzy, c-format
-msgid "Cannot format device %s in use."
+msgid "Cannot format device %s which is still in use.\n"
msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sử dụng.\n"
-#: lib/setup.c:1896 lib/setup.c:1922
-#, fuzzy, c-format
-msgid "Cannot format device %s, permission denied."
+#: lib/setup.c:1093
+#, c-format
+msgid "Cannot format device %s, permission denied.\n"
msgstr "Không thể định dạng thiết bị %s, không đủ thẩm quyền.\n"
-#: lib/setup.c:1908 lib/setup.c:2229
-#, fuzzy, c-format
-msgid "Cannot format integrity for device %s."
-msgstr "Không thể ghi thiết bị %s.\n"
-
-#: lib/setup.c:1926
-#, fuzzy, c-format
-msgid "Cannot format device %s."
-msgstr "Không thể đọc thiết bị %s.\n"
+#: lib/setup.c:1097
+#, c-format
+msgid "Cannot wipe header on device %s.\n"
+msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n"
-#: lib/setup.c:1944
-#, fuzzy
-msgid "Can't format LOOPAES without device."
+#: lib/setup.c:1115
+msgid "Can't format LOOPAES without device.\n"
msgstr "Không thể định dạng “LOOPAES” bên ngoài thiết bị.\n"
-#: lib/setup.c:1989
-#, fuzzy
-msgid "Can't format VERITY without device."
+#: lib/setup.c:1153
+msgid "Can't format VERITY without device.\n"
msgstr "Không thể định dạng “VERITY” mà không có thiết bị.\n"
-#: lib/setup.c:2000 lib/verity/verity.c:103
-#, fuzzy, c-format
-msgid "Unsupported VERITY hash type %d."
+#: lib/setup.c:1161 lib/verity/verity.c:106
+#, c-format
+msgid "Unsupported VERITY hash type %d.\n"
msgstr "Kiểu băm “VERITY” %d không được hỗ trợ.\n"
-#: lib/setup.c:2006 lib/verity/verity.c:111
-#, fuzzy
-msgid "Unsupported VERITY block size."
+#: lib/setup.c:1167 lib/verity/verity.c:114
+msgid "Unsupported VERITY block size.\n"
msgstr "Kích thước khối “VERITY” không được hỗ trợ.\n"
-#: lib/setup.c:2011 lib/verity/verity.c:75
-#, fuzzy
-msgid "Unsupported VERITY hash offset."
-msgstr "Khoảng bù (offset) mã băm “VERITY” không được hỗ trợ.\n"
-
-#: lib/setup.c:2016
-#, fuzzy
-msgid "Unsupported VERITY FEC offset."
+#: lib/setup.c:1172 lib/verity/verity.c:76
+msgid "Unsupported VERITY hash offset.\n"
msgstr "Khoảng bù (offset) mã băm “VERITY” không được hỗ trợ.\n"
-#: lib/setup.c:2040
-#, fuzzy
-msgid "Data area overlaps with hash area."
-msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n"
-
-#: lib/setup.c:2065
-#, fuzzy
-msgid "Hash area overlaps with FEC area."
-msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n"
-
-#: lib/setup.c:2072
-#, fuzzy
-msgid "Data area overlaps with FEC area."
+#: lib/setup.c:1193
+msgid "Data area overlaps with hash area.\n"
msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n"
-#: lib/setup.c:2208
+#: lib/setup.c:1292
#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
-
-#: lib/setup.c:2286
-#, fuzzy, c-format
-msgid "Unknown crypt device type %s requested."
+msgid "Unknown crypt device type %s requested.\n"
msgstr "Không rõ kiểu thiết bị mã hóa %s được yêu cầu.\n"
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
-#, fuzzy, c-format
-msgid "Unsupported parameters on device %s."
-msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n"
-
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
-#, fuzzy, c-format
-msgid "Mismatching parameters on device %s."
-msgstr "Không thể tẩy xóa phần đầu trên thiết bị %s.\n"
-
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
-
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "Không thể đọc thiết bị %s.\n"
-
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "Không thể đọc thiết bị %s.\n"
-
-#: lib/setup.c:2735
-#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
-
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
-
-#: lib/setup.c:2817
-#, fuzzy
-msgid "Cannot resize loop device."
+#: lib/setup.c:1402
+msgid "Cannot resize loop device.\n"
msgstr "Không thể đổi cỡ thiết bị vòng ngược (loopback).\n"
-#: lib/setup.c:2890
+#: lib/setup.c:1450
msgid "Do you really want to change UUID of device?"
msgstr "Bạn có thực sự muốn thay đổi UUID cho thiết bị?"
-#: lib/setup.c:2966
-#, fuzzy
-msgid "Header backup file does not contain compatible LUKS header."
-msgstr "Tập tin sao lưu không chứa phần đầu LUKS hợp lệ.\n"
-
-#: lib/setup.c:3066
-#, fuzzy, c-format
-msgid "Volume %s is not active."
+#: lib/setup.c:1560
+#, c-format
+msgid "Volume %s is not active.\n"
msgstr "Khối tin %s không hoạt động.\n"
-#: lib/setup.c:3077
-#, fuzzy, c-format
-msgid "Volume %s is already suspended."
+#: lib/setup.c:1571
+#, c-format
+msgid "Volume %s is already suspended.\n"
msgstr "Khối %s đã bị ngưng.\n"
-#: lib/setup.c:3090
-#, fuzzy, c-format
-msgid "Suspend is not supported for device %s."
+#: lib/setup.c:1578
+#, c-format
+msgid "Suspend is not supported for device %s.\n"
msgstr "Tạm dừng không được hỗ trợ cho kiểu thiết bị %s.\n"
-#: lib/setup.c:3092
-#, fuzzy, c-format
-msgid "Error during suspending device %s."
+#: lib/setup.c:1580
+#, c-format
+msgid "Error during suspending device %s.\n"
msgstr "Gặp lỗi khi tạm dừng thiết bị %s.\n"
-#: lib/setup.c:3128
-#, fuzzy, c-format
-msgid "Resume is not supported for device %s."
+#: lib/setup.c:1606 lib/setup.c:1653
+#, c-format
+msgid "Volume %s is not suspended.\n"
+msgstr "Vùng %s không bị treo.\n"
+
+#: lib/setup.c:1620
+#, c-format
+msgid "Resume is not supported for device %s.\n"
msgstr "Thao tác phục hồi không được hỗ trợ cho kiểu thiết bị %s.\n"
-#: lib/setup.c:3130
-#, fuzzy, c-format
-msgid "Error during resuming device %s."
+#: lib/setup.c:1622 lib/setup.c:1674
+#, c-format
+msgid "Error during resuming device %s.\n"
msgstr "Gặp lỗi khi cho hoạt động trở lại thiết bị %s.\n"
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, fuzzy, c-format
-msgid "Volume %s is not suspended."
-msgstr "Vùng %s không bị treo.\n"
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-#, fuzzy
-msgid "Volume key does not match the volume."
-msgstr "Khóa khối tin không tương ứng với khối tin đó.\n"
+#: lib/setup.c:1660 lib/setup.c:2095 lib/setup.c:2109 src/cryptsetup.c:184
+#: src/cryptsetup.c:248 src/cryptsetup.c:736 src/cryptsetup.c:1171
+msgid "Enter passphrase: "
+msgstr "Gõ cụm từ mật khẩu: "
-#: lib/setup.c:3344 lib/setup.c:3535
-#, fuzzy
-msgid "Cannot add key slot, all slots disabled and no volume key provided."
+#: lib/setup.c:1722 lib/setup.c:1858
+msgid "Cannot add key slot, all slots disabled and no volume key provided.\n"
msgstr "Không thể thêm khe khóa vì mọi khe đều bị tắt và không cung cấp khóa khối tin.\n"
-#: lib/setup.c:3487
-#, fuzzy
-msgid "Failed to swap new key slot."
-msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n"
+#: lib/setup.c:1731 lib/setup.c:1864 lib/setup.c:1868
+msgid "Enter any passphrase: "
+msgstr "Nhập bất cứ cụm từ mật khẩu nào: "
-#: lib/setup.c:3673
-#, fuzzy, c-format
-msgid "Key slot %d is invalid."
-msgstr "Khe khóa %d không đúng.\n"
+#: lib/setup.c:1748 lib/setup.c:1881 lib/setup.c:1885 lib/setup.c:1947
+#: src/cryptsetup.c:1001 src/cryptsetup.c:1032
+msgid "Enter new passphrase for key slot: "
+msgstr "Gõ cụm từ mật khẩu mới cho khe khóa: "
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
-#, fuzzy, c-format
-msgid "Keyslot %d is not active."
-msgstr "Khe khóa %d không được dùng.\n"
+#: lib/setup.c:1813
+#, c-format
+msgid "Key slot %d changed.\n"
+msgstr "Khe khóa %d đã thay đổi.\n"
-#: lib/setup.c:3698
-#, fuzzy
-msgid "Device header overlaps with data area."
-msgstr "Vùng dữ liệu chồng lấn với vùng mã băm.\n"
+#: lib/setup.c:1816
+#, c-format
+msgid "Replaced with key slot %d.\n"
+msgstr "Đã thay thế với khe khóa %d.\n"
-#: lib/setup.c:3992
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr ""
+#: lib/setup.c:1821
+msgid "Failed to swap new key slot.\n"
+msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n"
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "Không đọc được tập tin nhật ký reencryption.\n"
+#: lib/setup.c:1938 lib/setup.c:2199 lib/setup.c:2212 lib/setup.c:2354
+msgid "Volume key does not match the volume.\n"
+msgstr "Khóa khối tin không tương ứng với khối tin đó.\n"
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-#, fuzzy
-msgid "LUKS2 reencryption recovery failed."
-msgstr "Không mở được tập tin nhật ký reencryption.\n"
+#: lib/setup.c:1976
+#, c-format
+msgid "Key slot %d is invalid.\n"
+msgstr "Khe khóa %d không đúng.\n"
-#: lib/setup.c:4175 lib/setup.c:4437
-#, fuzzy
-msgid "Device type is not properly initialized."
-msgstr "Kiểu thiết bị gần như chắc chắn là chưa được thiết lập.\n"
+#: lib/setup.c:1981
+#, c-format
+msgid "Key slot %d is not used.\n"
+msgstr "Khe khóa %d không được dùng.\n"
-#: lib/setup.c:4223
-#, fuzzy, c-format
-msgid "Device %s already exists."
+#: lib/setup.c:2011 lib/setup.c:2083 lib/setup.c:2175
+#, c-format
+msgid "Device %s already exists.\n"
msgstr "Thiết bị %s đã sẵn có.\n"
-#: lib/setup.c:4230
-#, fuzzy, c-format
-msgid "Cannot use device %s, name is invalid or still in use."
-msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sử dụng.\n"
-
-#: lib/setup.c:4350
-#, fuzzy
-msgid "Incorrect volume key specified for plain device."
+#: lib/setup.c:2186
+msgid "Incorrect volume key specified for plain device.\n"
msgstr "Khóa vùng chứa đã chỉ định không đúng cho thiết bị thường.\n"
-#: lib/setup.c:4463
-#, fuzzy
-msgid "Incorrect root hash specified for verity device."
+#: lib/setup.c:2219
+msgid "Incorrect root hash specified for verity device.\n"
msgstr "Mã băm gốc đã chỉ định không đúng cho thiết bị chứng thực (verity).\n"
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr ""
-
-#: lib/setup.c:4496 lib/setup.c:5976
-#, fuzzy
-msgid "Failed to load key in kernel keyring."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
+#: lib/setup.c:2242
+msgid "Device type is not properly initialised.\n"
+msgstr "Kiểu thiết bị gần như chắc chắn là chưa được thiết lập.\n"
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
-#, fuzzy, c-format
-msgid "Device %s is still in use."
+#: lib/setup.c:2274
+#, c-format
+msgid "Device %s is still in use.\n"
msgstr "Thiết bị %s vẫn đang được sử dụng.\n"
-#: lib/setup.c:4574
-#, fuzzy, c-format
-msgid "Invalid device %s."
+#: lib/setup.c:2283
+#, c-format
+msgid "Invalid device %s.\n"
msgstr "Thiết bị không đúng %s.\n"
-#: lib/setup.c:4690
-#, fuzzy
-msgid "Volume key buffer too small."
+#: lib/setup.c:2304
+msgid "Function not available in FIPS mode.\n"
+msgstr "Chức năng không khả dụng trong chế độ “FIPS”.\n"
+
+#: lib/setup.c:2310
+msgid "Volume key buffer too small.\n"
msgstr "Vùng đệm khóa khối tin quá nhỏ.\n"
-#: lib/setup.c:4698
-#, fuzzy
-msgid "Cannot retrieve volume key for plain device."
+#: lib/setup.c:2318
+msgid "Cannot retrieve volume key for plain device.\n"
msgstr "Không thể lấy khóa khối tin cho thiết bị bình thường.\n"
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "Mã băm gốc đã chỉ định không đúng cho thiết bị chứng thực (verity).\n"
-
-#: lib/setup.c:4717
-#, fuzzy, c-format
-msgid "This operation is not supported for %s crypt device."
+#: lib/setup.c:2325
+#, c-format
+msgid "This operation is not supported for %s crypt device.\n"
msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n"
-#: lib/setup.c:4923
-#, fuzzy
-msgid "Dump operation is not supported for this device type."
+#: lib/setup.c:2521
+msgid "Dump operation is not supported for this device type.\n"
msgstr "Thao tác đổ đống (dump) không được hỗ trợ cho kiểu thiết bị này.\n"
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
-#, fuzzy, c-format
-msgid "Cannot convert device %s which is still in use."
-msgstr "Không thể định dạng thiết bị %s mà nó lại vẫn đang được sử dụng.\n"
-
-#: lib/setup.c:5833
-#, c-format
-msgid "Failed to assign keyslot %u as the new volume key."
-msgstr ""
-
-#: lib/setup.c:5906
-msgid "Failed to initialize default LUKS2 keyslot parameters."
-msgstr ""
+#: lib/utils.c:244
+msgid "Cannot get process priority.\n"
+msgstr "Không thể lấy mức ưu tiên của tiến trình.\n"
-#: lib/setup.c:5912
-#, fuzzy, c-format
-msgid "Failed to assign keyslot %d to digest."
-msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n"
+#: lib/utils.c:258
+msgid "Cannot unlock memory.\n"
+msgstr "Không thể mở khóa bộ nhớ.\n"
-#: lib/setup.c:6043
-#, fuzzy
-msgid "Kernel keyring is not supported by the kernel."
-msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n"
+#: lib/utils_crypt.c:242 lib/utils_crypt.c:255 lib/utils_crypt.c:402
+#: lib/utils_crypt.c:417
+msgid "Out of memory while reading passphrase.\n"
+msgstr "Tràn bộ nhớ trong khi đọc cụm từ mật khẩu.\n"
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
-#, fuzzy, c-format
-msgid "Failed to read passphrase from keyring (error %d)."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
+#: lib/utils_crypt.c:247 lib/utils_crypt.c:262
+msgid "Error reading passphrase from terminal.\n"
+msgstr "Gặp lỗi khi đọc cụm từ mật khẩu từ thiết bị cuối.\n"
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
+#: lib/utils_crypt.c:260
+msgid "Verify passphrase: "
+msgstr "Nhập lại mật khẩu: "
-#: lib/utils.c:80
-#, fuzzy
-msgid "Cannot get process priority."
-msgstr "Không thể lấy mức ưu tiên của tiến trình.\n"
+#: lib/utils_crypt.c:267
+msgid "Passphrases do not match.\n"
+msgstr "Hai cụm từ mật khẩu không trùng nhau.\n"
-#: lib/utils.c:94
-#, fuzzy
-msgid "Cannot unlock memory."
-msgstr "Không thể mở khóa bộ nhớ.\n"
+#: lib/utils_crypt.c:351
+msgid "Cannot use offset with terminal input.\n"
+msgstr "Không thể sử dụng khoảng bù (offset) với đầu vào là thiết bị cuối.\n"
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
-#, fuzzy
-msgid "Failed to open key file."
+#: lib/utils_crypt.c:370 lib/tcrypt/tcrypt.c:468
+msgid "Failed to open key file.\n"
msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-#: lib/utils.c:173
-#, fuzzy
-msgid "Cannot read keyfile from a terminal."
-msgstr "Không thể đọc tập-tin khóa %s.\n"
-
-#: lib/utils.c:190
-#, fuzzy
-msgid "Failed to stat key file."
+#: lib/utils_crypt.c:379
+msgid "Failed to stat key file.\n"
msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-#: lib/utils.c:198 lib/utils.c:219
-#, fuzzy
-msgid "Cannot seek to requested keyfile offset."
+#: lib/utils_crypt.c:387 lib/utils_crypt.c:408
+msgid "Cannot seek to requested keyfile offset.\n"
msgstr "Không thể di chuyển vị trí đầu đọc tới vị trí tương đối (offset) tập tin khóa đã yêu cầu.\n"
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
-#, fuzzy
-msgid "Out of memory while reading passphrase."
-msgstr "Tràn bộ nhớ trong khi đọc cụm từ mật khẩu.\n"
-
-#: lib/utils.c:248
-#, fuzzy
-msgid "Error reading passphrase."
+#: lib/utils_crypt.c:425
+msgid "Error reading passphrase.\n"
msgstr "Lỗi đọc cụm từ mật khẩu.\n"
-#: lib/utils.c:265
-msgid "Nothing to read on input."
-msgstr ""
-
-#: lib/utils.c:272
-#, fuzzy
-msgid "Maximum keyfile size exceeded."
+#: lib/utils_crypt.c:448
+msgid "Maximum keyfile size exceeded.\n"
msgstr "Đã vượt quá kích thước tập tin khóa tối đa.\n"
-#: lib/utils.c:277
-#, fuzzy
-msgid "Cannot read requested amount of data."
+#: lib/utils_crypt.c:453
+msgid "Cannot read requested amount of data.\n"
msgstr "Không thể đọc đống dữ liệu đã yêu cầu.\n"
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
-msgstr "Thiết bị %s không tồn tại hoặc không đủ quyền truy cập.\n"
-
-#: lib/utils_device.c:200
-#, fuzzy, c-format
-msgid "Device %s is not compatible."
-msgstr "Thiết bị %s không hoạt động.\n"
-
-#: lib/utils_device.c:544
+#: lib/utils_device.c:138 lib/luks1/keyencryption.c:90
#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
-#, fuzzy, c-format
-msgid "Device %s is too small. Need at least %<PRIu64> bytes."
-msgstr "Thiết bị %s quá nhỏ. (LUKS cần ít nhất %<PRIu64> byte.)\n"
-
-#: lib/utils_device.c:747
-#, fuzzy, c-format
-msgid "Cannot use device %s which is in use (already mapped or mounted)."
-msgstr "Không thể sử dụng thiết bị %s mà nó lại đang được sử dụng (đang được ánh xạ hoặc gắn).\n"
-
-#: lib/utils_device.c:751
-#, fuzzy, c-format
-msgid "Cannot use device %s, permission denied."
-msgstr "Không thể ghi thiết bị %s, không đủ thẩm quyền.\n"
-
-#: lib/utils_device.c:754
-#, fuzzy, c-format
-msgid "Cannot get info about device %s."
-msgstr "Không thể lấy thông tin về thiết bị %s.\n"
+msgid "Device %s doesn't exist or access denied.\n"
+msgstr "Thiết bị %s không tồn tại hoặc không đủ quyền truy cập.\n"
-#: lib/utils_device.c:777
-#, fuzzy
-msgid "Cannot use a loopback device, running as non-root user."
+#: lib/utils_device.c:429
+msgid "Cannot use a loopback device, running as non-root user.\n"
msgstr "Không thể sử dụng thiết-bị vòng ngược (loopback), do không chạy dưới quyền siêu người dùng.\n"
-#: lib/utils_device.c:787
-#, fuzzy
-msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
+#: lib/utils_device.c:439
+msgid "Attaching loopback device failed (loop device with autoclear flag is required).\n"
msgstr "Gặp lỗi khi gắn thiết bị vòng ngược (loopback) (thiết bị lặp với cờ autoclear là bắt buộc).\n"
-#: lib/utils_device.c:833
-#, fuzzy, c-format
-msgid "Requested offset is beyond real size of device %s."
-msgstr "Khoảng bù (offset) đã yêu cầu nằm ngoài kích thước thật của thiết bị %s.\n"
-
-#: lib/utils_device.c:841
-#, fuzzy, c-format
-msgid "Device %s has zero size."
-msgstr "Thiết bị %s có kích cỡ là không.\n"
-
-#: lib/utils_pbkdf.c:100
-msgid "Requested PBKDF target time cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:106
-#, c-format
-msgid "Unknown PBKDF type %s."
-msgstr ""
-
-#: lib/utils_pbkdf.c:111
-#, fuzzy, c-format
-msgid "Requested hash %s is not supported."
-msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n"
-
-#: lib/utils_pbkdf.c:122
-#, fuzzy
-msgid "Requested PBKDF type is not supported for LUKS1."
-msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n"
-
-#: lib/utils_pbkdf.c:128
-msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
-msgstr ""
-
-#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
+#: lib/utils_device.c:483
#, c-format
-msgid "Forced iteration count is too low for %s (minimum is %u)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:148
-#, c-format
-msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
-msgstr ""
+msgid "Cannot use device %s which is in use (already mapped or mounted).\n"
+msgstr "Không thể sử dụng thiết bị %s mà nó lại đang được sử dụng (đang được ánh xạ hoặc gắn).\n"
-#: lib/utils_pbkdf.c:155
+#: lib/utils_device.c:487
#, c-format
-msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
-msgstr ""
-
-#: lib/utils_pbkdf.c:160
-msgid "Requested maximum PBKDF memory cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:164
-msgid "Requested PBKDF parallel threads cannot be zero."
-msgstr ""
-
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
-
-#: lib/utils_benchmark.c:172
-msgid "PBKDF benchmark disabled but iterations not set."
-msgstr ""
-
-#: lib/utils_benchmark.c:191
-#, fuzzy, c-format
-msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
-msgstr "Gặp các tùy chọn PBKDF2 không tương thích (dùng thuật toán chuỗi duy nhất %s).\n"
-
-#: lib/utils_benchmark.c:211
-#, fuzzy
-msgid "Not compatible PBKDF options."
-msgstr "Gặp các tùy chọn PBKDF2 không tương thích (dùng thuật toán chuỗi duy nhất %s).\n"
+msgid "Cannot get info about device %s.\n"
+msgstr "Không thể lấy thông tin về thiết bị %s.\n"
-#: lib/utils_device_locking.c:102
+#: lib/utils_device.c:493
#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
-msgstr ""
+msgid "Requested offset is beyond real size of device %s.\n"
+msgstr "Khoảng bù (offset) đã yêu cầu nằm ngoài kích thước thật của thiết bị %s.\n"
-#: lib/utils_device_locking.c:109
+#: lib/utils_device.c:501
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "Device %s has zero size.\n"
+msgstr "Thiết bị %s có kích cỡ là không.\n"
-#: lib/utils_device_locking.c:119
+#: lib/utils_device.c:512
#, c-format
-msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
-msgstr ""
-
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-#, fuzzy
-msgid "Cannot seek to device offset."
-msgstr "Không thể di chuyển vị trí tới vị trí tương đối thiết bị.\n"
+msgid "Device %s is too small.\n"
+msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n"
-#: lib/utils_wipe.c:208
+#: lib/luks1/keyencryption.c:37
#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:39
-#, fuzzy, c-format
msgid ""
"Failed to setup dm-crypt key mapping for device %s.\n"
-"Check that kernel supports %s cipher (check syslog for more info)."
+"Check that kernel supports %s cipher (check syslog for more info).\n"
msgstr ""
"Gặp lỗi khi cài đặt ánh xạ khóa dm-crypt cho thiết bị %s.\n"
"Kiểm tra lại hạt nhân hỗ trợ mật mã %s (kiểu tra sổ theo dõi hệ thống để tìm thêm thông tin.)\n"
-#: lib/luks1/keyencryption.c:44
-#, fuzzy
-msgid "Key size in XTS mode must be 256 or 512 bits."
+#: lib/luks1/keyencryption.c:42
+msgid "Key size in XTS mode must be 256 or 512 bits.\n"
msgstr "Kích thước khóa trong chế độ “XTS” phải là 256 hay 512 bit.\n"
-#: lib/luks1/keyencryption.c:46
-msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
-msgstr ""
-
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
-#, fuzzy, c-format
-msgid "Cannot write to device %s, permission denied."
+#: lib/luks1/keyencryption.c:96 lib/luks1/keymanage.c:296
+#: lib/luks1/keymanage.c:583 lib/luks1/keymanage.c:1033
+#, c-format
+msgid "Cannot write to device %s, permission denied.\n"
msgstr "Không thể ghi thiết bị %s, không đủ thẩm quyền.\n"
-#: lib/luks1/keyencryption.c:120
-#, fuzzy
-msgid "Failed to open temporary keystore device."
+#: lib/luks1/keyencryption.c:111
+msgid "Failed to open temporary keystore device.\n"
msgstr "Gặp lỗi khi mở thiết bị lưu trữ khóa tạm thời.\n"
-#: lib/luks1/keyencryption.c:127
-#, fuzzy
-msgid "Failed to access temporary keystore device."
+#: lib/luks1/keyencryption.c:118
+msgid "Failed to access temporary keystore device.\n"
msgstr "Gl khi truy cập đến thiết bị lưu trữ khóa tạm thời.\n"
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
-#, fuzzy
-msgid "IO error while encrypting keyslot."
+#: lib/luks1/keyencryption.c:191
+msgid "IO error while encrypting keyslot.\n"
msgstr "Lỗi IO (vào/ra) trong quá trình mã hóa khe khóa.\n"
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
-#, fuzzy, c-format
-msgid "Cannot open device %s."
-msgstr "Không thể mở thiết bị %s.\n"
-
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
-#, fuzzy
-msgid "IO error while decrypting keyslot."
+#: lib/luks1/keyencryption.c:256
+msgid "IO error while decrypting keyslot.\n"
msgstr "Lỗi IO (vào/ra) trong quá trình giải mã khe khóa.\n"
-#: lib/luks1/keymanage.c:110
-#, fuzzy, c-format
-msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
+#: lib/luks1/keymanage.c:90
+#, c-format
+msgid "Device %s is too small. (LUKS requires at least %<PRIu64> bytes.)\n"
msgstr "Thiết bị %s quá nhỏ. (LUKS cần ít nhất %<PRIu64> byte.)\n"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
-#, fuzzy, c-format
-msgid "LUKS keyslot %u is invalid."
-msgstr "khe-khóa LUKS %u là không hợp lệ.\n"
-
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
-#, fuzzy, c-format
-msgid "Device %s is not a valid LUKS device."
+#: lib/luks1/keymanage.c:180 lib/luks1/keymanage.c:419
+#: src/cryptsetup_reencrypt.c:1152
+#, c-format
+msgid "Device %s is not a valid LUKS device.\n"
msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
-#, fuzzy, c-format
-msgid "Requested header backup file %s already exists."
+#: lib/luks1/keymanage.c:198
+#, c-format
+msgid "Requested header backup file %s already exists.\n"
msgstr "Phần đầu tập tin sao lưu dự phòng đã yêu cầu %s đã sẵn có.\n"
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
-#, fuzzy, c-format
-msgid "Cannot create header backup file %s."
+#: lib/luks1/keymanage.c:200
+#, c-format
+msgid "Cannot create header backup file %s.\n"
msgstr "Không thể tạo phần đầu của tập tin sao lưu dự phòng %s.\n"
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
-#, fuzzy, c-format
-msgid "Cannot write header backup file %s."
+#: lib/luks1/keymanage.c:205
+#, c-format
+msgid "Cannot write header backup file %s.\n"
msgstr "Không thể ghi tập tin sao lưu phần đầu %s.\n"
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
+#: lib/luks1/keymanage.c:238
+msgid "Backup file doesn't contain valid LUKS header.\n"
msgstr "Tập tin sao lưu không chứa phần đầu LUKS hợp lệ.\n"
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
-#, fuzzy, c-format
-msgid "Cannot open header backup file %s."
+#: lib/luks1/keymanage.c:251 lib/luks1/keymanage.c:497
+#, c-format
+msgid "Cannot open header backup file %s.\n"
msgstr "Không mở được tập tin sao lưu phần đầu %s.\n"
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
-#, fuzzy, c-format
-msgid "Cannot read header backup file %s."
+#: lib/luks1/keymanage.c:257
+#, c-format
+msgid "Cannot read header backup file %s.\n"
msgstr "Không đọc được tập tin sao lưu phần đầu %s.\n"
-#: lib/luks1/keymanage.c:317
-#, fuzzy
-msgid "Data offset or key size differs on device and backup, restore failed."
+#: lib/luks1/keymanage.c:269
+msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lưu thì chức năng phục hồi bị lỗi.\n"
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:277
#, c-format
msgid "Device %s %s%s"
msgstr "Thiết bị %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:278
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "không chứa phần đầu LUKS. Thay thế phần đầu thì cũng có thể hủy dữ liệu trên thiết bị đó."
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:279
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "đã chứa phần đầu LUKS. Thay thế phần đầu thì cũng hủy các khe khóa đã có."
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:280
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"CẢNH BÁO: phần đầu thiết bị thật có mã số “UUID” khác với bản sao lưu!"
-#: lib/luks1/keymanage.c:375
-#, fuzzy
-msgid "Non standard key size, manual repair required."
+#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:536
+#: lib/luks1/keymanage.c:586 lib/tcrypt/tcrypt.c:625 lib/verity/verity.c:82
+#: lib/verity/verity.c:180 lib/verity/verity_hash.c:292
+#: lib/verity/verity_hash.c:303 lib/verity/verity_hash.c:323
+#: src/cryptsetup_reencrypt.c:154
+#, c-format
+msgid "Cannot open device %s.\n"
+msgstr "Không thể mở thiết bị %s.\n"
+
+#: lib/luks1/keymanage.c:330
+msgid "Non standard key size, manual repair required.\n"
msgstr "Kích thước khóa không tiêu chuẩn, yêu cầu sửa chữa bằng tay.\n"
-#: lib/luks1/keymanage.c:385
-#, fuzzy
-msgid "Non standard keyslots alignment, manual repair required."
+#: lib/luks1/keymanage.c:335
+msgid "Non standard keyslots alignment, manual repair required.\n"
msgstr "Không thể đồng chỉnh các khe khóa (keyslot) tiêu chuẩn, yêu cầu sửa chữa bằng tay.\n"
-#: lib/luks1/keymanage.c:397
-#, fuzzy
-msgid "Repairing keyslots."
+#: lib/luks1/keymanage.c:341
+msgid "Repairing keyslots.\n"
msgstr "Đang chuẩn bị các khe khóa (keyslots).\n"
-#: lib/luks1/keymanage.c:416
-#, fuzzy, c-format
-msgid "Keyslot %i: offset repaired (%u -> %u)."
-msgstr "Khe-khóa (keyslot) %i: khoảng bù (offset) được sửa chữa (%u -> %u).\n"
+#: lib/luks1/keymanage.c:352
+msgid "Repair failed."
+msgstr "Gặp lỗi khi sửa chữa."
+
+#: lib/luks1/keymanage.c:364
+#, c-format
+msgid "Keyslot %i: offset repaired (%u -> %u).\n"
+msgstr "Khe-khóa (keyslot) %i: khoảng bù (offset) được sửa chữa (%u -> %u).\n"
-#: lib/luks1/keymanage.c:424
-#, fuzzy, c-format
-msgid "Keyslot %i: stripes repaired (%u -> %u)."
+#: lib/luks1/keymanage.c:372
+#, c-format
+msgid "Keyslot %i: stripes repaired (%u -> %u).\n"
msgstr "Khe-khóa (keyslot) %i: stripes được sửa chữa (%u -> %u).\n"
-#: lib/luks1/keymanage.c:433
-#, fuzzy, c-format
-msgid "Keyslot %i: bogus partition signature."
+#: lib/luks1/keymanage.c:381
+#, c-format
+msgid "Keyslot %i: bogus partition signature.\n"
msgstr "Khe-khóa (keyslot) %i: chữ ký phân vùng không có thật.\n"
-#: lib/luks1/keymanage.c:438
-#, fuzzy, c-format
-msgid "Keyslot %i: salt wiped."
+#: lib/luks1/keymanage.c:386
+#, c-format
+msgid "Keyslot %i: salt wiped.\n"
msgstr "Khe-khóa (keyslot) %i: muối bị tẩy xóa.\n"
-#: lib/luks1/keymanage.c:455
-#, fuzzy
-msgid "Writing LUKS header to disk."
+#: lib/luks1/keymanage.c:397
+msgid "Writing LUKS header to disk.\n"
msgstr "Đang ghi phần đầu của LUKS lên đĩa.\n"
-#: lib/luks1/keymanage.c:460
-msgid "Repair failed."
-msgstr "Gặp lỗi khi sửa chữa."
+#: lib/luks1/keymanage.c:422
+#, c-format
+msgid "Unsupported LUKS version %d.\n"
+msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
-#, fuzzy, c-format
-msgid "Requested LUKS hash %s is not supported."
+#: lib/luks1/keymanage.c:428 lib/luks1/keymanage.c:672
+#, c-format
+msgid "Requested LUKS hash %s is not supported.\n"
msgstr "Không hỗ trợ chuỗi duy nhất LUKS %s được yêu cầu.\n"
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
-#, fuzzy
-msgid "No known problems detected for LUKS header."
+#: lib/luks1/keymanage.c:443
+#, c-format
+msgid "LUKS keyslot %u is invalid.\n"
+msgstr "khe-khóa LUKS %u là không hợp lệ.\n"
+
+#: lib/luks1/keymanage.c:457 src/cryptsetup.c:668
+msgid "No known problems detected for LUKS header.\n"
msgstr "Không phát hiện thấy vấn đề với phần đầu LUKS.\n"
-#: lib/luks1/keymanage.c:667
-#, fuzzy, c-format
-msgid "Error during update of LUKS header on device %s."
+#: lib/luks1/keymanage.c:607
+#, c-format
+msgid "Error during update of LUKS header on device %s.\n"
msgstr "Gặp lỗi trong khi cập nhật phần đầu LUKS trên thiết bị %s.\n"
-#: lib/luks1/keymanage.c:675
-#, fuzzy, c-format
-msgid "Error re-reading LUKS header after update on device %s."
+#: lib/luks1/keymanage.c:614
+#, c-format
+msgid "Error re-reading LUKS header after update on device %s.\n"
msgstr "Gặp lỗi trong khi đọc lại phần đầu LUKS sau khi cập nhật trên thiết bị %s.\n"
-#: lib/luks1/keymanage.c:751
-#, fuzzy
-msgid "Data offset for LUKS header must be either 0 or higher than header size."
+#: lib/luks1/keymanage.c:665
+#, c-format
+msgid "Data offset for detached LUKS header must be either 0 or higher than header size (%d sectors).\n"
msgstr "Khoảng bù dữ liệu cho phần đầu LUKS tách rời phải hoặc là 0 hoặc là lớn hơn kích thước phần đầu (%d cung từ).\n"
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
-#, fuzzy
-msgid "Wrong LUKS UUID format provided."
+#: lib/luks1/keymanage.c:677 lib/luks1/keymanage.c:768
+msgid "Wrong LUKS UUID format provided.\n"
msgstr "Đưa ra định dạng mã số UUID LUKS không đúng.\n"
-#: lib/luks1/keymanage.c:785
-#, fuzzy
-msgid "Cannot create LUKS header: reading random salt failed."
+#: lib/luks1/keymanage.c:706
+msgid "Cannot create LUKS header: reading random salt failed.\n"
msgstr "Không thể tạo phần đầu LUKS: lỗi đọc salt ngẫu nhiên.\n"
-#: lib/luks1/keymanage.c:811
-#, fuzzy, c-format
-msgid "Cannot create LUKS header: header digest failed (using hash %s)."
+#: lib/luks1/keymanage.c:713 lib/luks1/keymanage.c:809
+#, c-format
+msgid "Not compatible PBKDF2 options (using hash algorithm %s).\n"
+msgstr "Gặp các tùy chọn PBKDF2 không tương thích (dùng thuật toán chuỗi duy nhất %s).\n"
+
+#: lib/luks1/keymanage.c:728
+#, c-format
+msgid "Cannot create LUKS header: header digest failed (using hash %s).\n"
msgstr "Không thể tạo phần đầu LUKS: lỗi tạo bản tóm tắt (dùng chuỗi duy nhất %s).\n"
-#: lib/luks1/keymanage.c:855
-#, fuzzy, c-format
-msgid "Key slot %d active, purge first."
+#: lib/luks1/keymanage.c:793
+#, c-format
+msgid "Key slot %d active, purge first.\n"
msgstr "Khe khóa %d vẫn hoạt động: cần tẩy trước.\n"
-#: lib/luks1/keymanage.c:861
-#, fuzzy, c-format
-msgid "Key slot %d material includes too few stripes. Header manipulation?"
+#: lib/luks1/keymanage.c:799
+#, c-format
+msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgstr "Nguyên liệu khe khóa %d gồm có quá ít sọc. Có nên thao tác phần đầu không?\n"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "Lỗi xử lý khóa (dùng mã băm %s).\n"
+#: lib/luks1/keymanage.c:966
+#, c-format
+msgid "Key slot %d unlocked.\n"
+msgstr "Khe khóa %d được mở khóa.\n"
+
+#: lib/luks1/keymanage.c:1001 src/cryptsetup.c:867
+#: src/cryptsetup_reencrypt.c:1041 src/cryptsetup_reencrypt.c:1078
+msgid "No key available with this passphrase.\n"
+msgstr "Không có khóa sẵn sàng dùng với cụm từ mật khẩu này.\n"
-#: lib/luks1/keymanage.c:1080
-#, fuzzy, c-format
-msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
+#: lib/luks1/keymanage.c:1019
+#, c-format
+msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgstr "Khe khóa %d không đúng: hãy chọn khe khóa trong phạm vi 0 đến %d.\n"
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
-#, fuzzy, c-format
-msgid "Cannot wipe device %s."
+#: lib/luks1/keymanage.c:1037
+#, c-format
+msgid "Cannot wipe device %s.\n"
msgstr "Không thể tẩy thiết bị %s.\n"
#: lib/loopaes/loopaes.c:146
-#, fuzzy
-msgid "Detected not yet supported GPG encrypted keyfile."
+msgid "Detected not yet supported GPG encrypted keyfile.\n"
msgstr "Tìm thấy tập tin khóa mã hóa GPG vẫn chưa được hỗ trợ.\n"
#: lib/loopaes/loopaes.c:147
msgstr "Hãy dùng gpg --decrypt <TẬP-TIN-KHÓA> | cryptsetup --keyfile=- …\n"
#: lib/loopaes/loopaes.c:168 lib/loopaes/loopaes.c:188
-#, fuzzy
-msgid "Incompatible loop-AES keyfile detected."
+msgid "Incompatible loop-AES keyfile detected.\n"
msgstr "Tập tin khóa (keyfile) loop-AES không tương thích được tìm thấy.\n"
-#: lib/loopaes/loopaes.c:245
-#, fuzzy
-msgid "Kernel does not support loop-AES compatible mapping."
+#: lib/loopaes/loopaes.c:244
+msgid "Kernel doesn't support loop-AES compatible mapping.\n"
msgstr "Nhân không hỗ trợ ánh xạ tương thích loop-AES.\n"
-#: lib/tcrypt/tcrypt.c:504
-#, fuzzy, c-format
-msgid "Error reading keyfile %s."
+#: lib/tcrypt/tcrypt.c:476
+#, c-format
+msgid "Error reading keyfile %s.\n"
msgstr "Gặp lỗi khi đọc tập-tin khóa %s.\n"
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:514
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded.\n"
msgstr "Độ dài cụm từ mật khẩu TCRYPT tối đa (%d) đã bị vượt quá.\n"
-#: lib/tcrypt/tcrypt.c:595
-#, fuzzy, c-format
-msgid "PBKDF2 hash algorithm %s not available, skipping."
+#: lib/tcrypt/tcrypt.c:544
+#, c-format
+msgid "PBKDF2 hash algorithm %s not available, skipping.\n"
msgstr "Thuật toán băm PBKDF2 không khả dụng %s, bỏ qua.\n"
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
-#, fuzzy
-msgid "Required kernel crypto interface not available."
+#: lib/tcrypt/tcrypt.c:562 src/cryptsetup.c:621
+msgid "Required kernel crypto interface not available.\n"
msgstr "Giao diện mã hóa từ nhân đã yêu cầu không khả dụng.\n"
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
-#, fuzzy
-msgid "Ensure you have algif_skcipher kernel module loaded."
+#: lib/tcrypt/tcrypt.c:564 src/cryptsetup.c:623
+msgid "Ensure you have algif_skcipher kernel module loaded.\n"
msgstr "Bạn cần chắc chắn là mô-đun nhân algif_skcipher đã được tải.\n"
-#: lib/tcrypt/tcrypt.c:753
-#, fuzzy, c-format
-msgid "Activation is not supported for %d sector size."
+#: lib/tcrypt/tcrypt.c:708
+#, c-format
+msgid "Activation is not supported for %d sector size.\n"
msgstr "Hoạt hóa không được hỗ trợ cho kích thước cung %d.\n"
-#: lib/tcrypt/tcrypt.c:759
-#, fuzzy
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
+#: lib/tcrypt/tcrypt.c:714
+msgid "Kernel doesn't support activation for this TCRYPT legacy mode.\n"
msgstr "Nhân không hỗ trợ hoạt hóa cho chế độ cũ của TCRYPT.\n"
-#: lib/tcrypt/tcrypt.c:790
-#, fuzzy, c-format
-msgid "Activating TCRYPT system encryption for partition %s."
+#: lib/tcrypt/tcrypt.c:748
+#, c-format
+msgid "Activating TCRYPT system encryption for partition %s.\n"
msgstr "Đang kích hoạt mã hóa hệ thống TCRYPT cho phân vùng %s.\n"
-#: lib/tcrypt/tcrypt.c:868
-#, fuzzy
-msgid "Kernel does not support TCRYPT compatible mapping."
+#: lib/tcrypt/tcrypt.c:815
+msgid "Kernel doesn't support TCRYPT compatible mapping.\n"
msgstr "Nhân không hỗ trợ ánh xạ tương thích TCRYPT.\n"
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1030
msgid "This function is not supported without TCRYPT header load."
msgstr "Chức năng này không được hỗ trợ mà không có phần tải đầu TCRYPT."
-#: lib/bitlk/bitlk.c:350
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:402
-#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:419
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:502
-#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
-
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
-
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
-
-#: lib/bitlk/bitlk.c:571
-#, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:622
-#, fuzzy
-msgid "Unknown or unsupported encryption type."
-msgstr "UUID không hỗ trợ kiểu mã hóa này.\n"
-
-#: lib/bitlk/bitlk.c:655
+#: lib/verity/verity.c:70 lib/verity/verity.c:173
#, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n"
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, fuzzy, c-format
-msgid "Verity device %s does not use on-disk header."
+msgid "Verity device %s doesn't use on-disk header.\n"
msgstr "Thiết bị xác thực %s không sử dụng phần đầu on-disk.\n"
-#: lib/verity/verity.c:91
-#, fuzzy, c-format
-msgid "Device %s is not a valid VERITY device."
+#: lib/verity/verity.c:94
+#, c-format
+msgid "Device %s is not a valid VERITY device.\n"
msgstr "Thiết bị %s không phải là thiết bị VERITY thích hợp.\n"
-#: lib/verity/verity.c:98
-#, fuzzy, c-format
-msgid "Unsupported VERITY version %d."
+#: lib/verity/verity.c:101
+#, c-format
+msgid "Unsupported VERITY version %d.\n"
msgstr "Không hỗ trợ phiên bản VERITY %d.\n"
-#: lib/verity/verity.c:129
-#, fuzzy
-msgid "VERITY header corrupted."
+#: lib/verity/verity.c:131
+msgid "VERITY header corrupted.\n"
msgstr "phần đầu VERITY sai hỏng.\n"
-#: lib/verity/verity.c:174
-#, fuzzy, c-format
-msgid "Wrong VERITY UUID format provided on device %s."
+#: lib/verity/verity.c:167
+#, c-format
+msgid "Wrong VERITY UUID format provided on device %s.\n"
msgstr "Đưa ra định dạng mã số VERITY không đúng trên thiết bị %s.\n"
-#: lib/verity/verity.c:218
-#, fuzzy, c-format
-msgid "Error during update of verity header on device %s."
-msgstr "Gặp lỗi trong khi cập nhật phần đầu xác thực trên thiết bị %s.\n"
-
-#: lib/verity/verity.c:276
-#, fuzzy
-msgid "Root hash signature verification is not supported."
-msgstr "Thuật toán băm %s không được hỗ trợ.\n"
-
-#: lib/verity/verity.c:288
-msgid "Errors cannot be repaired with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:290
+#: lib/verity/verity.c:199
#, c-format
-msgid "Found %u repairable errors with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:333
-#, fuzzy
-msgid "Kernel does not support dm-verity mapping."
-msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n"
+msgid "Error during update of verity header on device %s.\n"
+msgstr "Gặp lỗi trong khi cập nhật phần đầu xác thực trên thiết bị %s.\n"
-#: lib/verity/verity.c:337
-#, fuzzy
-msgid "Kernel does not support dm-verity signature option."
+#: lib/verity/verity.c:279
+msgid "Kernel doesn't support dm-verity mapping.\n"
msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n"
-#: lib/verity/verity.c:348
-#, fuzzy
-msgid "Verity device detected corruption after activation."
+#: lib/verity/verity.c:290
+msgid "Verity device detected corruption after activation.\n"
msgstr "Thiết bị xác thực đã được phát hiện sai hỏng sau khi hoạt hóa.\n"
#: lib/verity/verity_hash.c:59
-#, fuzzy, c-format
-msgid "Spare area is not zeroed at position %<PRIu64>."
+#, c-format
+msgid "Spare area is not zeroed at position %<PRIu64>.\n"
msgstr "Vùng để dành không được điền đầy bằng số không tại vị trí %<PRIu64>.\n"
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
-#, fuzzy
-msgid "Device offset overflow."
+#: lib/verity/verity_hash.c:121 lib/verity/verity_hash.c:249
+#: lib/verity/verity_hash.c:277 lib/verity/verity_hash.c:284
+msgid "Device offset overflow.\n"
msgstr "Khoảng bù (offset) thiết bị bị tràn.\n"
-#: lib/verity/verity_hash.c:194
-#, fuzzy, c-format
-msgid "Verification failed at position %<PRIu64>."
+#: lib/verity/verity_hash.c:161
+#, c-format
+msgid "Verification failed at position %<PRIu64>.\n"
msgstr "Thẩm tra gặp lỗi tại vị trí %<PRIu64>.\n"
-#: lib/verity/verity_hash.c:273
-msgid "Hash area overflow."
-msgstr ""
+#: lib/verity/verity_hash.c:235
+msgid "Invalid size parameters for verity device.\n"
+msgstr "Các tham số kích thước cho thiết bị xác thực không hợp lệ.\n"
+
+#: lib/verity/verity_hash.c:266
+msgid "Too many tree levels for verity volume.\n"
+msgstr "Có quá nhiều mức cây cho mỗi vùng xác thực.\n"
-#: lib/verity/verity_hash.c:346
-#, fuzzy
-msgid "Verification of data area failed."
+#: lib/verity/verity_hash.c:354
+msgid "Verification of data area failed.\n"
msgstr "Việc thẩm tra vùng dữ liệu gặp lỗi.\n"
-#: lib/verity/verity_hash.c:351
-#, fuzzy
-msgid "Verification of root hash failed."
+#: lib/verity/verity_hash.c:359
+msgid "Verification of root hash failed.\n"
msgstr "Việc thẩm tra mã băm gốc gặp lỗi.\n"
-#: lib/verity/verity_hash.c:357
-#, fuzzy
-msgid "Input/output error while creating hash area."
+#: lib/verity/verity_hash.c:365
+msgid "Input/output error while creating hash area.\n"
msgstr "Lỗi Vào/Ra trong khi đang tạo vùng băm.\n"
-#: lib/verity/verity_hash.c:359
-#, fuzzy
-msgid "Creation of hash area failed."
+#: lib/verity/verity_hash.c:367
+msgid "Creation of hash area failed.\n"
msgstr "Việc tạo vùng dữ liệu băm gặp lỗi.\n"
-#: lib/verity/verity_hash.c:394
-#, fuzzy, c-format
-msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
+#: lib/verity/verity_hash.c:414
+#, c-format
+msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
msgstr "CẢNH BÁO: Nhân (kernel) không thể kích hoạt thiết bị nếu kích thước khối dữ liệu vượt quá kích cỡ trang (%u).\n"
-#: lib/verity/verity_fec.c:131
-msgid "Failed to allocate RS context."
-msgstr ""
-
-#: lib/verity/verity_fec.c:149
-#, fuzzy
-msgid "Failed to allocate buffer."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-
-#: lib/verity/verity_fec.c:159
-#, c-format
-msgid "Failed to read RS block %<PRIu64> byte %d."
-msgstr ""
+#: src/cryptsetup.c:92
+msgid "Can't do passphrase verification on non-tty inputs.\n"
+msgstr "Không thể thẩm tra cụm từ mật khẩu trên đầu vào khác TTY.\n"
-#: lib/verity/verity_fec.c:172
-#, c-format
-msgid "Failed to read parity for RS block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:133 src/cryptsetup.c:564 src/cryptsetup.c:711
+#: src/cryptsetup_reencrypt.c:524 src/cryptsetup_reencrypt.c:578
+msgid "No known cipher specification pattern detected.\n"
+msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n"
-#: lib/verity/verity_fec.c:180
-#, c-format
-msgid "Failed to repair parity for block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:141
+msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
+msgstr "CẢNH BÁO: Tham số --hash bị bỏ qua trong chế độ thường với tập tin khóa đã cho.\n"
-#: lib/verity/verity_fec.c:191
-#, c-format
-msgid "Failed to write parity for RS block %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:149
+msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
+msgstr "CẢNH BÁO: Đang bỏ qua các tùy chọn kích thước tập-tin-khóa --keyfile-size --, kích thước đọc giống với kích thước khóa mã hóa.\n"
-#: lib/verity/verity_fec.c:227
-msgid "Block sizes must match for FEC."
-msgstr ""
+#: src/cryptsetup.c:215
+msgid "Option --key-file is required.\n"
+msgstr "Cần tùy chọn “--key-file”.\n"
-#: lib/verity/verity_fec.c:233
-msgid "Invalid number of parity bytes."
-msgstr ""
+#: src/cryptsetup.c:267
+msgid "No device header detected with this passphrase.\n"
+msgstr "Không có phần đầu thiết bị cho cụm từ mật khẩu này.\n"
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
+#: src/cryptsetup.c:327 src/cryptsetup.c:1160
+msgid ""
+"Header dump with volume key is sensitive information\n"
+"which allows access to encrypted partition without passphrase.\n"
+"This dump should be always stored encrypted on safe place."
msgstr ""
+"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n"
+"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n"
+"Việc đổ đống này nên luôn được lưu trữ mã hóa tại một nơi an toàn."
-#: lib/verity/verity_fec.c:302
-#, fuzzy, c-format
-msgid "Failed to determine size for device %s."
-msgstr "Gặp lỗi khi mở thiết bị lưu trữ khóa tạm thời.\n"
-
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-#, fuzzy
-msgid "Kernel does not support dm-integrity mapping."
-msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n"
-
-#: lib/integrity/integrity.c:278
-#, fuzzy
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
-msgstr "Nhân không hỗ trợ ánh xạ dm-verity.\n"
+#: src/cryptsetup.c:517
+msgid "Result of benchmark is not reliable.\n"
+msgstr "Kết quả đo kiểm không đáng tin cậy.\n"
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
+#: src/cryptsetup.c:558
+msgid "# Tests are approximate using memory only (no storage IO).\n"
+msgstr "# Các kiểm tra là chỉ ước lượng việc sử dụng bộ nhớ (không tính IO ổ đĩa).\n"
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
-#, fuzzy, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "Gl khi truy cập đến thiết bị lưu trữ khóa tạm thời.\n"
+#: src/cryptsetup.c:583 src/cryptsetup.c:605
+msgid "# Algorithm | Key | Encryption | Decryption\n"
+msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n"
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
+#: src/cryptsetup.c:587
+#, c-format
+msgid "Cipher %s is not available.\n"
+msgstr "Mã hóa kiểu %s không sẵn có.\n"
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
-msgid ""
-"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
-"Please run \"cryptsetup repair\" for recovery."
-msgstr ""
+#: src/cryptsetup.c:614
+msgid "N/A"
+msgstr "N/A"
-#: lib/luks2/luks2_json_format.c:227
-#, fuzzy
-msgid "Requested data offset is too small."
-msgstr "Thiết bị %s có kích cỡ quá nhỏ.\n"
+#: src/cryptsetup.c:639
+#, c-format
+msgid "Cannot read keyfile %s.\n"
+msgstr "Không thể đọc tập-tin khóa %s.\n"
-#: lib/luks2/luks2_json_format.c:272
+#: src/cryptsetup.c:643
#, c-format
-msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
-msgstr ""
+msgid "Cannot read %d bytes from keyfile %s.\n"
+msgstr "Không thể đọc %d byte từ tập tin khóa %s.\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
-#, fuzzy, c-format
-msgid "Failed to acquire read lock on device %s."
-msgstr "Gl khi truy cập đến thiết bị lưu trữ khóa tạm thời.\n"
+#: src/cryptsetup.c:672
+msgid "Really try to repair LUKS device header?"
+msgstr "Bạn có thực sự muốn thử sửa chữa phần đầu thiết bị LUKS không?"
-#: lib/luks2/luks2_json_metadata.c:1262
+#: src/cryptsetup.c:697
#, c-format
-msgid "Forbidden LUKS2 requirements detected in backup %s."
-msgstr ""
+msgid "This will overwrite data on %s irrevocably."
+msgstr "Thao tác này sẽ ghi đè lên dữ liệu trên thiết bị %s một cách không phục hồi được."
-#: lib/luks2/luks2_json_metadata.c:1303
-#, fuzzy
-msgid "Data offset differ on device and backup, restore failed."
-msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lưu thì chức năng phục hồi bị lỗi.\n"
+#: src/cryptsetup.c:699
+msgid "memory allocation error in action_luksFormat"
+msgstr "gặp lỗi phân cấp vùng nhớ trong“action_luksFormat”"
-#: lib/luks2/luks2_json_metadata.c:1309
-#, fuzzy
-msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
-msgstr "Khoảng bù dữ liệu hoặc kích cỡ khóa vẫn khác nhau trên thiết bị và bản sao lưu thì chức năng phục hồi bị lỗi.\n"
+#: src/cryptsetup.c:721
+#, c-format
+msgid "Cannot use %s as on-disk header.\n"
+msgstr "Không thể sử dụng %s như là phần đầu on-disk.\n"
-#: lib/luks2/luks2_json_metadata.c:1316
-#, fuzzy, c-format
-msgid "Device %s %s%s%s%s"
-msgstr "Thiết bị %s %s%s"
+#: src/cryptsetup.c:788
+msgid "Reduced data offset is allowed only for detached LUKS header.\n"
+msgstr "Giảm khoảng bù (offset) dữ liệu chỉ cho phép khi phần đầu LUKS được tách rời.\n"
-#: lib/luks2/luks2_json_metadata.c:1317
-#, fuzzy
-msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
-msgstr "không chứa phần đầu LUKS. Thay thế phần đầu thì cũng có thể hủy dữ liệu trên thiết bị đó."
+#: src/cryptsetup.c:890 src/cryptsetup.c:946
+#, c-format
+msgid "Key slot %d selected for deletion.\n"
+msgstr "Khe khóa %d đã được chọn để xóa.\n"
-#: lib/luks2/luks2_json_metadata.c:1318
-#, fuzzy
-msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
-msgstr "đã chứa phần đầu LUKS. Thay thế phần đầu thì cũng hủy các khe khóa đã có."
+#: src/cryptsetup.c:893
+#, c-format
+msgid "Key %d not active. Can't wipe.\n"
+msgstr "Khóa %d không hoạt động thì không xóa được.\n"
-#: lib/luks2/luks2_json_metadata.c:1320
-msgid ""
-"\n"
-"WARNING: unknown LUKS2 requirements detected in real device header!\n"
-"Replacing header with backup may corrupt the data on that device!"
-msgstr ""
+#: src/cryptsetup.c:901 src/cryptsetup.c:949
+msgid "This is the last keyslot. Device will become unusable after purging this key."
+msgstr "Đây là khe khóa cuối cùng. Sau khi tẩy khóa này thì thiết bị không dùng được."
-#: lib/luks2/luks2_json_metadata.c:1322
-msgid ""
-"\n"
-"WARNING: Unfinished offline reencryption detected on the device!\n"
-"Replacing header with backup may corrupt data."
-msgstr ""
+#: src/cryptsetup.c:902
+msgid "Enter any remaining passphrase: "
+msgstr "Gõ cụm từ mật khẩu bất kỳ còn lại: "
-#: lib/luks2/luks2_json_metadata.c:1420
-#, c-format
-msgid "Ignored unknown flag %s."
-msgstr ""
+#: src/cryptsetup.c:930
+msgid "Enter passphrase to be deleted: "
+msgstr "Gõ cụm từ mật khẩu cần xóa: "
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
+#: src/cryptsetup.c:1017 src/cryptsetup_reencrypt.c:1116
#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
+msgid "Enter any existing passphrase: "
+msgstr "Hãy nhập mật khẩu bất kỳ sẵn có: "
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
+#: src/cryptsetup.c:1072
+msgid "Enter passphrase to be changed: "
+msgstr "Gõ cụm từ mật khẩu cần được thay đổi: "
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-msgid "Failed to set dm-linear segment."
-msgstr ""
+#: src/cryptsetup.c:1086 src/cryptsetup_reencrypt.c:1101
+msgid "Enter new passphrase: "
+msgstr "Gõ cụm từ mật khẩu mới: "
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
+#: src/cryptsetup.c:1110
+msgid "Only one device argument for isLuks operation is supported.\n"
+msgstr "Chỉ hỗ trợ một đối số thiết-bị dành cho thao tác isLuks.\n"
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
+#: src/cryptsetup.c:1266 src/cryptsetup.c:1287
+msgid "Option --header-backup-file is required.\n"
+msgstr "Cần tùy chọn“--header-backup-file”.\n"
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
+#: src/cryptsetup.c:1324
#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
+msgid "Unrecognized metadata device type %s.\n"
+msgstr "Không nhận ra siêu dữ liệu của kiểu thiết bị %s.\n"
-#: lib/luks2/luks2_json_metadata.c:2519
-msgid "Failed to read LUKS2 requirements."
-msgstr ""
+#: src/cryptsetup.c:1327
+msgid "Command requires device and mapped name as arguments.\n"
+msgstr "Lệnh cần thiết bị và tên ánh xạ như là các tham số.\n"
-#: lib/luks2/luks2_json_metadata.c:2526
-msgid "Unmet LUKS2 requirements detected."
+#: src/cryptsetup.c:1346
+#, c-format
+msgid ""
+"This operation will erase all keyslots on device %s.\n"
+"Device will become unusable after this operation."
msgstr ""
+"Thao tác này sẽ tẩy mọi khe khóa trên thiết bị %s.\n"
+"Thiết bị sẽ không dùng được sau thao tác này."
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
+#: src/cryptsetup.c:1380
+msgid "<device> [--type <type>] [<name>]"
+msgstr "<thiết-bị> [--type <kiểu>] [<tên>]"
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
+#: src/cryptsetup.c:1380
+msgid "open device as mapping <name>"
+msgstr "mở thiết bị như là ánh xạ <tên>"
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
+#: src/cryptsetup.c:1381 src/cryptsetup.c:1382 src/cryptsetup.c:1383
+#: src/veritysetup.c:329 src/veritysetup.c:330
+msgid "<name>"
+msgstr "<tên>"
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "Khe khóa %d được thẩm định.\n"
+#: src/cryptsetup.c:1381
+msgid "close device (remove mapping)"
+msgstr "đóng thiết bị (gỡ bỏ ánh xạ)"
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr ""
+#: src/cryptsetup.c:1382
+msgid "resize active device"
+msgstr "thay đổi kích cỡ của thiết bị hoạt động"
-#: lib/luks2/luks2_keyslot_luks2.c:480
-#, fuzzy
-msgid "No space for new keyslot."
-msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n"
+#: src/cryptsetup.c:1383
+msgid "show device status"
+msgstr "hiển thị trạng thái về thiết bị"
-#: lib/luks2/luks2_luks1_convert.c:482
-#, fuzzy, c-format
-msgid "Cannot check status of device with uuid: %s."
-msgstr "Không thể kiểm tra chất lượng mật khẩu: %s\n"
+#: src/cryptsetup.c:1384
+msgid "[--cipher <cipher>]"
+msgstr "[--cipher <bộ mã hóa>]"
-#: lib/luks2/luks2_luks1_convert.c:508
-msgid "Unable to convert header with LUKSMETA additional metadata."
-msgstr ""
+#: src/cryptsetup.c:1384
+msgid "benchmark cipher"
+msgstr "đo kiểm tốc độ mã hóa"
-#: lib/luks2/luks2_luks1_convert.c:548
-msgid "Unable to move keyslot area. Not enough space."
-msgstr ""
+#: src/cryptsetup.c:1385 src/cryptsetup.c:1386 src/cryptsetup.c:1392
+#: src/cryptsetup.c:1393 src/cryptsetup.c:1394 src/cryptsetup.c:1395
+#: src/cryptsetup.c:1396 src/cryptsetup.c:1397 src/cryptsetup.c:1398
+#: src/cryptsetup.c:1399
+msgid "<device>"
+msgstr "<thiết_bị>"
-#: lib/luks2/luks2_luks1_convert.c:599
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr ""
+#: src/cryptsetup.c:1385
+msgid "try to repair on-disk metadata"
+msgstr "thử sửa chữa siêu dữ liệu (metadata) on-disk"
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
-#, fuzzy
-msgid "Unable to move keyslot area."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
+#: src/cryptsetup.c:1386
+msgid "erase all keyslots (remove encryption key)"
+msgstr "tẩy mọi khe khóa (gỡ bỏ khóa mã hóa)"
-#: lib/luks2/luks2_luks1_convert.c:697
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr ""
+#: src/cryptsetup.c:1387 src/cryptsetup.c:1388
+msgid "<device> [<new key file>]"
+msgstr "<thiết_bị> [<tập_tin_khóa_mới>]"
-#: lib/luks2/luks2_luks1_convert.c:705
-msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
-msgstr ""
+#: src/cryptsetup.c:1387
+msgid "formats a LUKS device"
+msgstr "định dạng một thiết bị kiểu LUKS"
-#: lib/luks2/luks2_luks1_convert.c:717
-#, c-format
-msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
-msgstr ""
-
-#: lib/luks2/luks2_luks1_convert.c:725
-#, c-format
-msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
-msgstr ""
+#: src/cryptsetup.c:1388
+msgid "add key to LUKS device"
+msgstr "thêm khóa vào thiết bị LUKS"
-#: lib/luks2/luks2_luks1_convert.c:739
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
-msgstr ""
+#: src/cryptsetup.c:1389 src/cryptsetup.c:1390
+msgid "<device> [<key file>]"
+msgstr "<thiết_bị> [<tập_tin_khóa>]"
-#: lib/luks2/luks2_luks1_convert.c:744
-#, c-format
-msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
-msgstr ""
+#: src/cryptsetup.c:1389
+msgid "removes supplied key or key file from LUKS device"
+msgstr "gỡ bỏ khỏi thiết bị LUKS khóa hoặc tập tin khóa đưa ra"
-#: lib/luks2/luks2_luks1_convert.c:749
-#, c-format
-msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
-msgstr ""
+#: src/cryptsetup.c:1390
+msgid "changes supplied key or key file of LUKS device"
+msgstr "thay đổi khóa hay tập tin khóa đã áp dụng của thiết bị LUKS"
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
+#: src/cryptsetup.c:1391
+msgid "<device> <key slot>"
+msgstr "<thiết_bị> <khe_khóa>"
-#: lib/luks2/luks2_reencrypt.c:1007
-#, fuzzy, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte"
+#: src/cryptsetup.c:1391
+msgid "wipes key with number <key slot> from LUKS device"
+msgstr "xóa khỏi thiết bị LUKS khóa có số <khe_khóa>"
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
+#: src/cryptsetup.c:1392
+msgid "print UUID of LUKS device"
+msgstr "in ra mã số UUID của thiết bị LUKS"
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, fuzzy, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr "Vùng để dành không được điền đầy bằng số không tại vị trí %<PRIu64>.\n"
+#: src/cryptsetup.c:1393
+msgid "tests <device> for LUKS partition header"
+msgstr "thử <thiết_bị> có phần đầu phân vùng LUKS không"
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
+#: src/cryptsetup.c:1394
+msgid "dump LUKS partition information"
+msgstr "đổ thông tin về phân vùng LUKS"
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+#: src/cryptsetup.c:1395
+msgid "dump TCRYPT device information"
+msgstr "dump thông tin thiết bị TCRYPT"
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
+#: src/cryptsetup.c:1396
+msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
+msgstr "Ngưng thiết bị LUKS và tẩy khóa (thì mọi việc V/R đều đông cứng)."
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "Gl khi truy cập đến thiết bị lưu trữ khóa tạm thời.\n"
+#: src/cryptsetup.c:1397
+msgid "Resume suspended LUKS device."
+msgstr "Tiếp tục lại sử dụng thiết bị LUKS bị ngưng."
-#: lib/luks2/luks2_reencrypt.c:2092
-#, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
-msgstr ""
+#: src/cryptsetup.c:1398
+msgid "Backup LUKS device header and keyslots"
+msgstr "Sao lưu phần đầu và các khe khóa của thiết bị LUKS"
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "Gặp lỗi khi mở thiết bị lưu trữ khóa tạm thời.\n"
+#: src/cryptsetup.c:1399
+msgid "Restore LUKS device header and keyslots"
+msgstr "Phục hồi phần đầu và các khe khóa của thiết bị LUKS"
-#: lib/luks2/luks2_reencrypt.c:2170
-msgid "Failed to refresh reencryption devices stack."
+#: src/cryptsetup.c:1416 src/veritysetup.c:346
+msgid ""
+"\n"
+"<action> is one of:\n"
msgstr ""
+"\n"
+"<thao-tác> là một trong:\n"
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "Gặp lỗi khi hoán đổi khe khóa mới.\n"
+#: src/cryptsetup.c:1422
+msgid ""
+"\n"
+"You can also use old <action> syntax aliases:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
+msgstr ""
+"\n"
+"Bạn còn có thể sử dụng cú pháp bí danh <thao-tác> kiểu cũ:\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
-#: lib/luks2/luks2_reencrypt.c:2430
+#: src/cryptsetup.c:1426
#, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<device> is the encrypted device\n"
+"<key slot> is the LUKS key slot number to modify\n"
+"<key file> optional key file for the new key for luksAddKey action\n"
msgstr ""
+"\n"
+"<tên> là thiết bị cần tạo dưới %s\n"
+"<thiết_bị> là thiết bị đã mã hóa\n"
+"<khe_khóa> là số thứ tự khe khóa LUKS cần sửa đổi\n"
+"<tập_tin_khóa> là tập tin khóa tùy chọn cho khóa mới trong thao tác luksAddKey\n"
-#: lib/luks2/luks2_reencrypt.c:2451
+#: src/cryptsetup.c:1433
#, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
+msgid ""
+"\n"
+"Default compiled-in key and passphrase parameters:\n"
+"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+"Default PBKDF2 iteration time for LUKS: %d (ms)\n"
msgstr ""
+"\n"
+"Các tham số mặc định liên quan đến khóa và mật khẩu được biên dịch sẵn:\n"
+"\tĐộ dài tập tin khóa tối đa: %dkB, Độ dài mật khẩu tương tác tối đa %d (ký tự)\n"
+"Thời gian tương tác PBKDF2 mặc định cho LUKS: %d (ms)\n"
-#: lib/luks2/luks2_reencrypt.c:2472
+#: src/cryptsetup.c:1440
#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
+msgid ""
+"\n"
+"Default compiled-in device cipher parameters:\n"
+"\tloop-AES: %s, Key %d bits\n"
+"\tplain: %s, Key: %d bits, Password hashing: %s\n"
+"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
msgstr ""
+"\n"
+"Các tham số mặc định liên quan đến việc mã hóa được đặt sẵn:\n"
+"\tloop-AES: %s, Khóa %d bit\n"
+"\tdữ liệu thô: %s, Khóa: %d bit, Kiểu băm mật khẩu: %s\n"
+"\tLUKS1: %s, Khóa: %d bit, Kiểu băm cho phần đầu LUKS: %s, RNG: %s\n"
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, fuzzy, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr "Không thể sử dụng thiết bị %s mà nó lại đang được sử dụng (đang được ánh xạ hoặc gắn).\n"
+#: src/cryptsetup.c:1457 src/veritysetup.c:481
+#, c-format
+msgid "%s: requires %s as arguments"
+msgstr "%s: cần thiết %s làm đối số"
-#: lib/luks2/luks2_reencrypt.c:2647
-#, fuzzy
-msgid "Device not marked for LUKS2 reencryption."
-msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu."
+#: src/cryptsetup.c:1490 src/veritysetup.c:386 src/cryptsetup_reencrypt.c:1302
+msgid "Show this help message"
+msgstr "Hiển thị trợ giúp này"
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-msgid "Failed to load LUKS2 reencryption context."
-msgstr ""
+#: src/cryptsetup.c:1491 src/veritysetup.c:387 src/cryptsetup_reencrypt.c:1303
+msgid "Display brief usage"
+msgstr "Hiển thị thông tin ngắn về cách sử dụng"
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+#: src/cryptsetup.c:1495 src/veritysetup.c:391 src/cryptsetup_reencrypt.c:1307
+msgid "Help options:"
+msgstr "Tùy chọn trợ giúp:"
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "Thiết bị %s không hoạt động.\n"
+#: src/cryptsetup.c:1496 src/veritysetup.c:392 src/cryptsetup_reencrypt.c:1308
+msgid "Print package version"
+msgstr "Hiển thị phiên bản của gói"
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-msgid "Reencryption process is already running."
-msgstr ""
+#: src/cryptsetup.c:1497 src/veritysetup.c:393 src/cryptsetup_reencrypt.c:1309
+msgid "Shows more detailed error messages"
+msgstr "Hiển thị các thông điệp lỗi chi tiết hơn"
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-#, fuzzy
-msgid "Failed to acquire reencryption lock."
-msgstr "Không đọc được tập tin nhật ký reencryption.\n"
+#: src/cryptsetup.c:1498 src/veritysetup.c:394 src/cryptsetup_reencrypt.c:1310
+msgid "Show debug messages"
+msgstr "Hiển thị thông điệp gỡ lỗi"
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
+#: src/cryptsetup.c:1499 src/cryptsetup_reencrypt.c:1312
+msgid "The cipher used to encrypt the disk (see /proc/crypto)"
+msgstr "Mật mã dùng để bảo vệ đĩa (xem “/proc/crypto”)"
-#: lib/luks2/luks2_reencrypt.c:2889
-msgid "Active device size and requested reencryption size don't match."
-msgstr ""
+#: src/cryptsetup.c:1500 src/cryptsetup_reencrypt.c:1314
+msgid "The hash used to create the encryption key from the passphrase"
+msgstr "Chuỗi duy nhất dùng để tạo khóa mã hóa từ cụm từ mật khẩu"
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
+#: src/cryptsetup.c:1501
+msgid "Verifies the passphrase by asking for it twice"
+msgstr "Thẩm tra cụm từ mật khẩu bằng cách yêu cầu nó hai lần"
-#: lib/luks2/luks2_reencrypt.c:2973
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr ""
+#: src/cryptsetup.c:1502 src/cryptsetup_reencrypt.c:1316
+msgid "Read the key from a file."
+msgstr "Đọc khóa từ một tập tin."
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
+#: src/cryptsetup.c:1503
+msgid "Read the volume (master) key from file."
+msgstr "Đọc khóa khối tin (chủ) từ tập tin."
-#: lib/luks2/luks2_reencrypt.c:3136
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr ""
+#: src/cryptsetup.c:1504
+msgid "Dump volume (master) key instead of keyslots info."
+msgstr "Dump (đổ thành đống) khóa vùng chứa (master) thay vì thông tin khe-khóa."
-#: lib/luks2/luks2_reencrypt.c:3225
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr ""
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1313
+msgid "The size of the encryption key"
+msgstr "Kích cỡ của khóa mã hóa"
-#: lib/luks2/luks2_reencrypt.c:3267
-#, fuzzy
-msgid "Failed to write reencryption resilience metadata."
-msgstr "Không thể ghi tập tin nhật ký reencryption (mã hóa lại).\n"
+#: src/cryptsetup.c:1505 src/cryptsetup_reencrypt.c:1313
+msgid "BITS"
+msgstr "BIT"
-#: lib/luks2/luks2_reencrypt.c:3274
-#, fuzzy
-msgid "Decryption failed."
-msgstr "Gặp lỗi khi sửa chữa."
+#: src/cryptsetup.c:1506 src/cryptsetup_reencrypt.c:1327
+msgid "Limits the read from keyfile"
+msgstr "Giới hạn việc đọc từ tập-tin-khóa"
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+#: src/cryptsetup.c:1506 src/cryptsetup.c:1507 src/cryptsetup.c:1508
+#: src/cryptsetup.c:1509 src/veritysetup.c:397 src/veritysetup.c:398
+#: src/veritysetup.c:400 src/cryptsetup_reencrypt.c:1326
+#: src/cryptsetup_reencrypt.c:1327 src/cryptsetup_reencrypt.c:1328
+#: src/cryptsetup_reencrypt.c:1329
+msgid "bytes"
+msgstr "byte"
-#: lib/luks2/luks2_reencrypt.c:3284
-#, fuzzy
-msgid "Failed to sync data."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
+#: src/cryptsetup.c:1507 src/cryptsetup_reencrypt.c:1326
+msgid "Number of bytes to skip in keyfile"
+msgstr "Số lượng byte nhảy qua trong tập tin khóa"
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
+#: src/cryptsetup.c:1508
+msgid "Limits the read from newly added keyfile"
+msgstr "Giới hạn đọc từ tập tin khóa mới thêm vào"
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+#: src/cryptsetup.c:1509
+msgid "Number of bytes to skip in newly added keyfile"
+msgstr "Số lượng byte để nhảy qua trong tập tin khóa mới thêm"
-#: lib/luks2/luks2_reencrypt.c:3382
-msgid "Failed to wipe backup segment data."
-msgstr ""
+#: src/cryptsetup.c:1510
+msgid "Slot number for new key (default is first free)"
+msgstr "Số thứ tự khe cho khóa mới (mặc định là khe trống thứ nhất)"
-#: lib/luks2/luks2_reencrypt.c:3388
-#, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr ""
+#: src/cryptsetup.c:1511
+msgid "The size of the device"
+msgstr "Kích cỡ của thiết bị"
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "tẩy mọi khe khóa (gỡ bỏ khóa mã hóa)"
+#: src/cryptsetup.c:1511 src/cryptsetup.c:1512 src/cryptsetup.c:1513
+#: src/cryptsetup.c:1519
+msgid "SECTORS"
+msgstr "CUNG-TỪ"
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
+#: src/cryptsetup.c:1512
+msgid "The start offset in the backend device"
+msgstr "Khoảng bù đầu tiên trong thiết bị thật chạy ở phía sau"
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
+#: src/cryptsetup.c:1513
+msgid "How many sectors of the encrypted data to skip at the beginning"
+msgstr "Bao nhiêu cung từ dữ liệu mã hóa cần bỏ qua ở đầu"
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
+#: src/cryptsetup.c:1514
+msgid "Create a readonly mapping"
+msgstr "Tạo một sự ánh xạ chỉ cho đọc"
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1317
+msgid "PBKDF2 iteration time for LUKS (in ms)"
+msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)"
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "Không thể khởi ứng dụng mã hóa chạy ở phía sau (backend).\n"
+#: src/cryptsetup.c:1515 src/cryptsetup_reencrypt.c:1317
+msgid "msecs"
+msgstr "mili-giây"
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-#, fuzzy
-msgid "Failed to update reencryption context."
-msgstr "Không mở được tập tin nhật ký reencryption.\n"
+#: src/cryptsetup.c:1516 src/cryptsetup_reencrypt.c:1318
+msgid "Do not ask for confirmation"
+msgstr "Không cần xác nhận"
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "Khe khóa không đúng."
+#: src/cryptsetup.c:1517
+msgid "Timeout for interactive passphrase prompt (in seconds)"
+msgstr "Thời gian chờ gõ cụm từ mật khẩu tối đa (theo giây)"
-#: lib/luks2/luks2_token.c:263
-msgid "No free token slot."
-msgstr ""
+#: src/cryptsetup.c:1517
+msgid "secs"
+msgstr "giây"
-#: lib/luks2/luks2_token.c:270
-#, fuzzy, c-format
-msgid "Failed to create builtin token %s."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+#: src/cryptsetup.c:1518 src/cryptsetup_reencrypt.c:1319
+msgid "How often the input of the passphrase can be retried"
+msgstr "Số các lần có cho phép thử gõ lại cụm từ mật khẩu"
-#: src/cryptsetup.c:198
-#, fuzzy
-msgid "Can't do passphrase verification on non-tty inputs."
-msgstr "Không thể thẩm tra cụm từ mật khẩu trên đầu vào khác TTY.\n"
+#: src/cryptsetup.c:1519
+msgid "Align payload at <n> sector boundaries - for luksFormat"
+msgstr "Căn chỉnh trọng tải ở <n> biên giới cung từ — cho định dạng “luksFormat”"
-#: src/cryptsetup.c:261
-#, fuzzy
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n"
+#: src/cryptsetup.c:1520
+msgid "File with LUKS header and keyslots backup."
+msgstr "Tập tin chứa bản sao lưu phần đầu và các khe khóa của thiết bị LUKS."
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
-#, fuzzy
-msgid "No known cipher specification pattern detected."
-msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n"
+#: src/cryptsetup.c:1521 src/cryptsetup_reencrypt.c:1320
+msgid "Use /dev/random for generating volume key."
+msgstr "Dùng /dev/random để tạo khóa volume."
-#: src/cryptsetup.c:299
-msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
-msgstr "CẢNH BÁO: Tham số --hash bị bỏ qua trong chế độ thường với tập tin khóa đã cho.\n"
+#: src/cryptsetup.c:1522 src/cryptsetup_reencrypt.c:1321
+msgid "Use /dev/urandom for generating volume key."
+msgstr "Dùng /dev/urandom để tạo khóa vùng."
-#: src/cryptsetup.c:307
-msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
-msgstr "CẢNH BÁO: Đang bỏ qua các tùy chọn kích thước tập-tin-khóa --keyfile-size --, kích thước đọc giống với kích thước khóa mã hóa.\n"
+#: src/cryptsetup.c:1523
+msgid "Share device with another non-overlapping crypt segment."
+msgstr "Thiết bị chia sẻ với đoạn crypt không-chồng-lên-nhau khác."
-#: src/cryptsetup.c:347
-#, c-format
-msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
-msgstr ""
+#: src/cryptsetup.c:1524 src/veritysetup.c:403
+msgid "UUID for device to use."
+msgstr "UUID dành cho tập tin sử dụng."
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
-msgid "Operation aborted.\n"
-msgstr ""
+#: src/cryptsetup.c:1525
+msgid "Allow discards (aka TRIM) requests for device."
+msgstr "Cho phép hủy bỏ (được biết đến như là TRIM) các yêu cầu cho thiết bị."
-#: src/cryptsetup.c:421
-#, fuzzy
-msgid "Option --key-file is required."
-msgstr "Cần tùy chọn “--key-file”.\n"
+#: src/cryptsetup.c:1526
+msgid "Device or file with separated LUKS header."
+msgstr "Thiết bị hay tập tin với phần đầu LUKS tách nhau."
-#: src/cryptsetup.c:474
-msgid "Enter VeraCrypt PIM: "
-msgstr ""
+#: src/cryptsetup.c:1527
+msgid "Do not activate device, just check passphrase."
+msgstr "Không kích hoạt thiết bị, chỉ cần kiểm tra mật khẩu."
-#: src/cryptsetup.c:483
-msgid "Invalid PIM value: parse error."
-msgstr ""
+#: src/cryptsetup.c:1528
+msgid "Use hidden header (hidden TCRYPT device)."
+msgstr "Dùng phần đầu ẩn (thiết bị TCRYPT ẩn)."
-#: src/cryptsetup.c:486
-#, fuzzy
-msgid "Invalid PIM value: 0."
-msgstr "Thiết bị không đúng %s.\n"
+#: src/cryptsetup.c:1529
+msgid "Device is system TCRYPT drive (with bootloader)."
+msgstr "Thiết bị là ổ đĩa TCRYPT hệ thống (có bootloader)."
-#: src/cryptsetup.c:489
-msgid "Invalid PIM value: outside of range."
-msgstr ""
+#: src/cryptsetup.c:1530
+msgid "Use backup (secondary) TCRYPT header."
+msgstr "Dùng phần đầu (thứ cấp) TCRYPT."
-#: src/cryptsetup.c:512
-#, fuzzy
-msgid "No device header detected with this passphrase."
-msgstr "Không có phần đầu thiết bị cho cụm từ mật khẩu này.\n"
+#: src/cryptsetup.c:1531
+msgid "Scan also for VeraCrypt compatible device."
+msgstr "Cũng quét cho thiết bị tương thích VeraCrypt."
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
+#: src/cryptsetup.c:1532
+msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
+msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt."
-#: src/cryptsetup.c:617
-msgid ""
-"Header dump with volume key is sensitive information\n"
-"which allows access to encrypted partition without passphrase.\n"
-"This dump should be always stored encrypted on safe place."
-msgstr ""
-"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n"
-"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n"
-"Việc đổ đống này nên luôn được lưu trữ mã hóa tại một nơi an toàn."
+#: src/cryptsetup.c:1533
+msgid "Disable password quality check (if enabled)."
+msgstr "Tắt chức năng kiểm tra chất lượng mật khẩu (nếu nó đang bật)."
-#: src/cryptsetup.c:714
-#, c-format
-msgid "Device %s is still active and scheduled for deferred removal.\n"
-msgstr ""
+#: src/cryptsetup.c:1534
+msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
+msgstr "Dùng tùy chọn tương thích hiệu năng same_cpu_crypt dm-crypt."
-#: src/cryptsetup.c:742
-msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
-msgstr ""
+#: src/cryptsetup.c:1535
+msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
+msgstr "Dùng tùy chọn tương thích hiệu năng submit_from_crypt_cpus dm-crypt."
-#: src/cryptsetup.c:885
-#, fuzzy
-msgid "Benchmark interrupted."
-msgstr "đo kiểm tốc độ mã hóa"
+#: src/cryptsetup.c:1551 src/veritysetup.c:423
+msgid "[OPTION...] <action> <action-specific>"
+msgstr "[TÙY CHỌN…] <thao-tác> <đặc-tả-thao-tác>"
-#: src/cryptsetup.c:906
-#, c-format
-msgid "PBKDF2-%-9s N/A\n"
-msgstr ""
+#: src/cryptsetup.c:1602 src/veritysetup.c:460
+msgid "Argument <action> missing."
+msgstr "Còn thiếu đối số <thao-tác>."
-#: src/cryptsetup.c:908
-#, c-format
-msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
-msgstr ""
+#: src/cryptsetup.c:1655 src/veritysetup.c:466
+msgid "Unknown action."
+msgstr "Không hiểu thao-tác."
-#: src/cryptsetup.c:922
-#, c-format
-msgid "%-10s N/A\n"
-msgstr ""
+#: src/cryptsetup.c:1665
+msgid "Option --shared is allowed only for open of plain device.\n"
+msgstr "Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n"
-#: src/cryptsetup.c:924
-#, c-format
-msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
-msgstr ""
+#: src/cryptsetup.c:1670
+msgid "Option --allow-discards is allowed only for open operation.\n"
+msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
-#: src/cryptsetup.c:948
-#, fuzzy
-msgid "Result of benchmark is not reliable."
-msgstr "Kết quả đo kiểm không đáng tin cậy.\n"
+#: src/cryptsetup.c:1678
+msgid ""
+"Option --key-size is allowed only for luksFormat, open and benchmark.\n"
+"To limit read from keyfile use --keyfile-size=(bytes)."
+msgstr ""
+"Tùy chọn --key-size thì chỉ cho phép với các thao tác luksFormat, mở và đo kiểm.\n"
+"Để giới hạn đọc từ tập-tin-khóa, hãy sử dụng tùy chọn --keyfile-size=(bytes)."
-#: src/cryptsetup.c:998
-msgid "# Tests are approximate using memory only (no storage IO).\n"
-msgstr "# Các kiểm tra là chỉ ước lượng việc sử dụng bộ nhớ (không tính IO ổ đĩa).\n"
+#: src/cryptsetup.c:1685
+msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
+msgstr "Tùy chọn “--test-passphrase” chỉ được phép cho lệnh mở thiết bị LUKS và TCRYPT.\n"
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
-#, fuzzy, c-format
-msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
-msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n"
-
-#: src/cryptsetup.c:1022
-#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
-msgstr "Mã hóa kiểu %s không sẵn có.\n"
-
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
-#, fuzzy
-msgid "# Algorithm | Key | Encryption | Decryption\n"
-msgstr "# Thuật toán| Khóa| Mã hóa | Giải mã\n"
-
-#: src/cryptsetup.c:1052
-msgid "N/A"
-msgstr "N/A"
-
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "Gõ cụm từ mật khẩu cần xóa: "
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "Gõ cụm từ mật khẩu cần xóa: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: "
-
-#: src/cryptsetup.c:1245
-msgid "Really try to repair LUKS device header?"
-msgstr "Bạn có thực sự muốn thử sửa chữa phần đầu thiết bị LUKS không?"
-
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
-msgid ""
-"Wiping device to initialize integrity checksum.\n"
-"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
-msgstr ""
-
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
-#, fuzzy, c-format
-msgid "Cannot deactivate temporary device %s."
-msgstr "Không thể r thiết bị LUKS tạm thời.\n"
-
-#: src/cryptsetup.c:1351
-msgid "Integrity option can be used only for LUKS2 format."
-msgstr ""
-
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
-#, fuzzy
-msgid "Unsupported LUKS2 metadata size options."
-msgstr "Phiên bản LUKS không được hỗ trợ %d.\n"
-
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
-#, fuzzy, c-format
-msgid "Cannot create header file %s."
-msgstr "Không thể tạo phần đầu của tập tin sao lưu dự phòng %s.\n"
-
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
-#, fuzzy
-msgid "No known integrity specification pattern detected."
-msgstr "Không phát hiện mẫu đặc tả mã hóa đã biết.\n"
-
-#: src/cryptsetup.c:1409
-#, fuzzy, c-format
-msgid "Cannot use %s as on-disk header."
-msgstr "Không thể sử dụng %s như là phần đầu on-disk.\n"
-
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
-#, c-format
-msgid "This will overwrite data on %s irrevocably."
-msgstr "Thao tác này sẽ ghi đè lên dữ liệu trên thiết bị %s một cách không phục hồi được."
-
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
-#, fuzzy
-msgid "Failed to set pbkdf parameters."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-
-#: src/cryptsetup.c:1551
-#, fuzzy
-msgid "Reduced data offset is allowed only for detached LUKS header."
-msgstr "Giảm khoảng bù (offset) dữ liệu chỉ cho phép khi phần đầu LUKS được tách rời.\n"
-
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
-msgid "Device activated but cannot make flags persistent."
-msgstr ""
-
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
-#, fuzzy, c-format
-msgid "Keyslot %d is selected for deletion."
-msgstr "Khe khóa %d đã được chọn để xóa.\n"
-
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
-msgid "This is the last keyslot. Device will become unusable after purging this key."
-msgstr "Đây là khe khóa cuối cùng. Sau khi tẩy khóa này thì thiết bị không dùng được."
-
-#: src/cryptsetup.c:1694
-msgid "Enter any remaining passphrase: "
-msgstr "Gõ cụm từ mật khẩu bất kỳ còn lại: "
-
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
-msgid "Operation aborted, the keyslot was NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:1733
-msgid "Enter passphrase to be deleted: "
-msgstr "Gõ cụm từ mật khẩu cần xóa: "
-
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
-msgid "Enter new passphrase for key slot: "
-msgstr "Gõ cụm từ mật khẩu mới cho khe khóa: "
-
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
-#, c-format
-msgid "Enter any existing passphrase: "
-msgstr "Hãy nhập mật khẩu bất kỳ sẵn có: "
-
-#: src/cryptsetup.c:1973
-msgid "Enter passphrase to be changed: "
-msgstr "Gõ cụm từ mật khẩu cần được thay đổi: "
-
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
-msgid "Enter new passphrase: "
-msgstr "Gõ cụm từ mật khẩu mới: "
-
-#: src/cryptsetup.c:2039
-#, fuzzy
-msgid "Enter passphrase for keyslot to be converted: "
-msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: "
-
-#: src/cryptsetup.c:2063
-#, fuzzy
-msgid "Only one device argument for isLuks operation is supported."
-msgstr "Chỉ hỗ trợ một đối số thiết-bị dành cho thao tác isLuks.\n"
-
-#: src/cryptsetup.c:2113
-#, fuzzy
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n"
-"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n"
-"Việc đổ đống này nên luôn được lưu trữ mã hóa tại một nơi an toàn."
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "Khe khóa %d không được dùng.\n"
-
-#: src/cryptsetup.c:2184
-#, fuzzy
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-"Đổ đống phần đầu với khóa vùng chứa là thông tin phân biệt hoa thường\n"
-"cái mà cho phép truy cập phân vùng được mã hóa mà không cần mật khẩu.\n"
-"Việc đổ đống này nên luôn được lưu trữ mã hóa tại một nơi an toàn."
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "hiển thị trạng thái các thiết bị đang hoạt động"
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
-#, fuzzy
-msgid "Option --header-backup-file is required."
-msgstr "Cần tùy chọn“--header-backup-file”.\n"
-
-#: src/cryptsetup.c:2386
-#, c-format
-msgid "%s is not cryptsetup managed device."
-msgstr ""
-
-#: src/cryptsetup.c:2397
-#, fuzzy, c-format
-msgid "Refresh is not supported for device type %s"
-msgstr "Thao tác phục hồi không được hỗ trợ cho kiểu thiết bị %s.\n"
-
-#: src/cryptsetup.c:2439
-#, fuzzy, c-format
-msgid "Unrecognized metadata device type %s."
-msgstr "Không nhận ra siêu dữ liệu của kiểu thiết bị %s.\n"
-
-#: src/cryptsetup.c:2442
-#, fuzzy
-msgid "Command requires device and mapped name as arguments."
-msgstr "Lệnh cần thiết bị và tên ánh xạ như là các tham số.\n"
-
-#: src/cryptsetup.c:2464
-#, c-format
-msgid ""
-"This operation will erase all keyslots on device %s.\n"
-"Device will become unusable after this operation."
-msgstr ""
-"Thao tác này sẽ tẩy mọi khe khóa trên thiết bị %s.\n"
-"Thiết bị sẽ không dùng được sau thao tác này."
-
-#: src/cryptsetup.c:2471
-msgid "Operation aborted, keyslots were NOT wiped.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2510
-msgid "Invalid LUKS type, only luks1 and luks2 are supported."
-msgstr ""
-
-#: src/cryptsetup.c:2528
-#, fuzzy, c-format
-msgid "Device is already %s type."
-msgstr "Thiết bị %s đã sẵn có.\n"
-
-#: src/cryptsetup.c:2533
-#, fuzzy, c-format
-msgid "This operation will convert %s to %s format.\n"
-msgstr "Thao tác này không được hỗ trợ cho thiết bị mã hóa %s.\n"
-
-#: src/cryptsetup.c:2539
-msgid "Operation aborted, device was NOT converted.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2579
-msgid "Option --priority, --label or --subsystem is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
-#, fuzzy, c-format
-msgid "Token %d is invalid."
-msgstr "Khe khóa %d không đúng.\n"
-
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
-#, c-format
-msgid "Token %d in use."
-msgstr ""
-
-#: src/cryptsetup.c:2623
-#, fuzzy, c-format
-msgid "Failed to add luks2-keyring token %d."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
-
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
-#, fuzzy, c-format
-msgid "Failed to assign token %d to keyslot %d."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
-
-#: src/cryptsetup.c:2649
-#, fuzzy, c-format
-msgid "Token %d is not in use."
-msgstr "Khe khóa %d không được dùng.\n"
-
-#: src/cryptsetup.c:2684
-#, fuzzy
-msgid "Failed to import token from file."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#: src/cryptsetup.c:2709
-#, fuzzy, c-format
-msgid "Failed to get token %d for export."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
-
-#: src/cryptsetup.c:2724
-msgid "--key-description parameter is mandatory for token add action."
-msgstr ""
-
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2743
-#, fuzzy, c-format
-msgid "Invalid token operation %s."
-msgstr "Kích cỡ khóa không đúng %d.\n"
-
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "Thiết bị %s không phải là một thiết bị kiểu LUKS đúng.\n"
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "Thiết bị không đúng %s.\n"
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "Thao tác này được hỗ trợ chỉ cho thiết bị LUKS.\n"
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "Phần đầu tập tin sao lưu dự phòng đã yêu cầu %s đã sẵn có.\n"
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
-#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "Không thể tạo phần đầu của tập tin sao lưu dự phòng %s.\n"
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-#, fuzzy
-msgid "Not enough free keyslots for reencryption."
-msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu."
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-#, fuzzy
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "Tập tin khóa có thể sử dụng với tùy chọn --key-slot hoặc với chính xác một khe khóa hoạt động.\n"
-
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
-#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: "
-
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: "
-
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "Lệnh cần thiết bị và tên ánh xạ như là các tham số.\n"
-
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
-
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
-
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr ""
-
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
-
-#: src/cryptsetup.c:3475
-#, fuzzy
-msgid "LUKS2 device is not in reencryption."
-msgstr "Tập tin nhật ký %s đã có sẵn rồi, giả định là reencryption (mã hóa lại).\n"
-
-#: src/cryptsetup.c:3502
-msgid "<device> [--type <type>] [<name>]"
-msgstr "<thiết-bị> [--type <kiểu>] [<tên>]"
-
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-#, fuzzy
-msgid "open device as <name>"
-msgstr "mở thiết bị như là ánh xạ <tên>"
-
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
-msgid "<name>"
-msgstr "<tên>"
-
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
-msgid "close device (remove mapping)"
-msgstr "đóng thiết bị (gỡ bỏ ánh xạ)"
-
-#: src/cryptsetup.c:3504
-msgid "resize active device"
-msgstr "thay đổi kích cỡ của thiết bị hoạt động"
-
-#: src/cryptsetup.c:3505
-msgid "show device status"
-msgstr "hiển thị trạng thái về thiết bị"
-
-#: src/cryptsetup.c:3506
-msgid "[--cipher <cipher>]"
-msgstr "[--cipher <bộ mã hóa>]"
-
-#: src/cryptsetup.c:3506
-msgid "benchmark cipher"
-msgstr "đo kiểm tốc độ mã hóa"
-
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
-msgid "<device>"
-msgstr "<thiết_bị>"
-
-#: src/cryptsetup.c:3507
-msgid "try to repair on-disk metadata"
-msgstr "thử sửa chữa siêu dữ liệu (metadata) on-disk"
-
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "thêm khóa vào thiết bị LUKS"
-
-#: src/cryptsetup.c:3509
-msgid "erase all keyslots (remove encryption key)"
-msgstr "tẩy mọi khe khóa (gỡ bỏ khóa mã hóa)"
-
-#: src/cryptsetup.c:3510
-msgid "convert LUKS from/to LUKS2 format"
-msgstr ""
-
-#: src/cryptsetup.c:3511
-msgid "set permanent configuration options for LUKS2"
-msgstr ""
-
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
-msgid "<device> [<new key file>]"
-msgstr "<thiết_bị> [<tập_tin_khóa_mới>]"
-
-#: src/cryptsetup.c:3512
-msgid "formats a LUKS device"
-msgstr "định dạng một thiết bị kiểu LUKS"
-
-#: src/cryptsetup.c:3513
-msgid "add key to LUKS device"
-msgstr "thêm khóa vào thiết bị LUKS"
-
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
-msgid "<device> [<key file>]"
-msgstr "<thiết_bị> [<tập_tin_khóa>]"
-
-#: src/cryptsetup.c:3514
-msgid "removes supplied key or key file from LUKS device"
-msgstr "gỡ bỏ khỏi thiết bị LUKS khóa hoặc tập tin khóa đưa ra"
-
-#: src/cryptsetup.c:3515
-msgid "changes supplied key or key file of LUKS device"
-msgstr "thay đổi khóa hay tập tin khóa đã áp dụng của thiết bị LUKS"
-
-#: src/cryptsetup.c:3516
-msgid "converts a key to new pbkdf parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3517
-msgid "<device> <key slot>"
-msgstr "<thiết_bị> <khe_khóa>"
-
-#: src/cryptsetup.c:3517
-msgid "wipes key with number <key slot> from LUKS device"
-msgstr "xóa khỏi thiết bị LUKS khóa có số <khe_khóa>"
-
-#: src/cryptsetup.c:3518
-msgid "print UUID of LUKS device"
-msgstr "in ra mã số UUID của thiết bị LUKS"
-
-#: src/cryptsetup.c:3519
-msgid "tests <device> for LUKS partition header"
-msgstr "thử <thiết_bị> có phần đầu phân vùng LUKS không"
-
-#: src/cryptsetup.c:3520
-msgid "dump LUKS partition information"
-msgstr "đổ thông tin về phân vùng LUKS"
-
-#: src/cryptsetup.c:3521
-msgid "dump TCRYPT device information"
-msgstr "dump thông tin thiết bị TCRYPT"
-
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "dump thông tin thiết bị TCRYPT"
-
-#: src/cryptsetup.c:3523
-#, fuzzy
-msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
-msgstr "Ngưng thiết bị LUKS và tẩy khóa (thì mọi việc V/R đều đông cứng)."
-
-#: src/cryptsetup.c:3524
-#, fuzzy
-msgid "Resume suspended LUKS device"
-msgstr "Tiếp tục lại sử dụng thiết bị LUKS bị ngưng."
-
-#: src/cryptsetup.c:3525
-msgid "Backup LUKS device header and keyslots"
-msgstr "Sao lưu phần đầu và các khe khóa của thiết bị LUKS"
-
-#: src/cryptsetup.c:3526
-msgid "Restore LUKS device header and keyslots"
-msgstr "Phục hồi phần đầu và các khe khóa của thiết bị LUKS"
-
-#: src/cryptsetup.c:3527
-msgid "<add|remove|import|export> <device>"
-msgstr ""
-
-#: src/cryptsetup.c:3527
-msgid "Manipulate LUKS2 tokens"
-msgstr ""
-
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
-msgid ""
-"\n"
-"<action> is one of:\n"
-msgstr ""
-"\n"
-"<thao-tác> là một trong:\n"
-
-#: src/cryptsetup.c:3551
-#, fuzzy
-msgid ""
-"\n"
-"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
-msgstr ""
-"\n"
-"Bạn còn có thể sử dụng cú pháp bí danh <thao-tác> kiểu cũ:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
-
-#: src/cryptsetup.c:3555
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<device> is the encrypted device\n"
-"<key slot> is the LUKS key slot number to modify\n"
-"<key file> optional key file for the new key for luksAddKey action\n"
-msgstr ""
-"\n"
-"<tên> là thiết bị cần tạo dưới %s\n"
-"<thiết_bị> là thiết bị đã mã hóa\n"
-"<khe_khóa> là số thứ tự khe khóa LUKS cần sửa đổi\n"
-"<tập_tin_khóa> là tập tin khóa tùy chọn cho khóa mới trong thao tác luksAddKey\n"
-
-#: src/cryptsetup.c:3562
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in metadata format is %s (for luksFormat action).\n"
-msgstr ""
-
-#: src/cryptsetup.c:3567
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in key and passphrase parameters:\n"
-"\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
-"Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n"
-"Default PBKDF for LUKS2: %s\n"
-"\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"
-msgstr ""
-"\n"
-"Các tham số mặc định liên quan đến khóa và mật khẩu được biên dịch sẵn:\n"
-"\tĐộ dài tập tin khóa tối đa: %dkB, Độ dài mật khẩu tương tác tối đa %d (ký tự)\n"
-"Thời gian tương tác PBKDF2 mặc định cho LUKS: %d (ms)\n"
-
-#: src/cryptsetup.c:3578
-#, fuzzy, c-format
-msgid ""
-"\n"
-"Default compiled-in device cipher parameters:\n"
-"\tloop-AES: %s, Key %d bits\n"
-"\tplain: %s, Key: %d bits, Password hashing: %s\n"
-"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
-msgstr ""
-"\n"
-"Các tham số mặc định liên quan đến việc mã hóa được đặt sẵn:\n"
-"\tloop-AES: %s, Khóa %d bit\n"
-"\tdữ liệu thô: %s, Khóa: %d bit, Kiểu băm mật khẩu: %s\n"
-"\tLUKS1: %s, Khóa: %d bit, Kiểu băm cho phần đầu LUKS: %s, RNG: %s\n"
-
-#: src/cryptsetup.c:3587
-msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
-#, c-format
-msgid "%s: requires %s as arguments"
-msgstr "%s: cần thiết %s làm đối số"
-
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
-msgid "Show this help message"
-msgstr "Hiển thị trợ giúp này"
-
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
-msgid "Display brief usage"
-msgstr "Hiển thị thông tin ngắn về cách sử dụng"
-
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "Hiển thị phiên bản của gói"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
-msgid "Help options:"
-msgstr "Tùy chọn trợ giúp:"
-
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
-msgid "Shows more detailed error messages"
-msgstr "Hiển thị các thông điệp lỗi chi tiết hơn"
-
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
-msgid "Show debug messages"
-msgstr "Hiển thị thông điệp gỡ lỗi"
-
-#: src/cryptsetup.c:3646
-#, fuzzy
-msgid "Show debug messages including JSON metadata"
-msgstr "Hiển thị thông điệp gỡ lỗi"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
-msgid "The cipher used to encrypt the disk (see /proc/crypto)"
-msgstr "Mật mã dùng để bảo vệ đĩa (xem “/proc/crypto”)"
-
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
-msgid "The hash used to create the encryption key from the passphrase"
-msgstr "Chuỗi duy nhất dùng để tạo khóa mã hóa từ cụm từ mật khẩu"
-
-#: src/cryptsetup.c:3649
-msgid "Verifies the passphrase by asking for it twice"
-msgstr "Thẩm tra cụm từ mật khẩu bằng cách yêu cầu nó hai lần"
-
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
-#, fuzzy
-msgid "Read the key from a file"
-msgstr "Đọc khóa từ một tập tin."
-
-#: src/cryptsetup.c:3651
-msgid "Read the volume (master) key from file."
-msgstr "Đọc khóa khối tin (chủ) từ tập tin."
-
-#: src/cryptsetup.c:3652
-#, fuzzy
-msgid "Dump volume (master) key instead of keyslots info"
-msgstr "Dump (đổ thành đống) khóa vùng chứa (master) thay vì thông tin khe-khóa."
-
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
-msgid "The size of the encryption key"
-msgstr "Kích cỡ của khóa mã hóa"
-
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
-msgid "BITS"
-msgstr "BIT"
-
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
-msgid "Limits the read from keyfile"
-msgstr "Giới hạn việc đọc từ tập-tin-khóa"
-
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
-msgid "bytes"
-msgstr "byte"
-
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
-msgid "Number of bytes to skip in keyfile"
-msgstr "Số lượng byte nhảy qua trong tập tin khóa"
-
-#: src/cryptsetup.c:3656
-msgid "Limits the read from newly added keyfile"
-msgstr "Giới hạn đọc từ tập tin khóa mới thêm vào"
-
-#: src/cryptsetup.c:3657
-msgid "Number of bytes to skip in newly added keyfile"
-msgstr "Số lượng byte để nhảy qua trong tập tin khóa mới thêm"
-
-#: src/cryptsetup.c:3658
-msgid "Slot number for new key (default is first free)"
-msgstr "Số thứ tự khe cho khóa mới (mặc định là khe trống thứ nhất)"
-
-#: src/cryptsetup.c:3659
-msgid "The size of the device"
-msgstr "Kích cỡ của thiết bị"
-
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
-msgid "SECTORS"
-msgstr "CUNG-TỪ"
-
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "Chỉ sử dụng kích thước dữ liệu thiết bị (bỏ qua phần còn lại của thiết bị). NGUY HIỂM!"
-
-#: src/cryptsetup.c:3661
-msgid "The start offset in the backend device"
-msgstr "Khoảng bù đầu tiên trong thiết bị thật chạy ở phía sau"
-
-#: src/cryptsetup.c:3662
-msgid "How many sectors of the encrypted data to skip at the beginning"
-msgstr "Bao nhiêu cung từ dữ liệu mã hóa cần bỏ qua ở đầu"
-
-#: src/cryptsetup.c:3663
-msgid "Create a readonly mapping"
-msgstr "Tạo một sự ánh xạ chỉ cho đọc"
-
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
-msgid "Do not ask for confirmation"
-msgstr "Không cần xác nhận"
-
-#: src/cryptsetup.c:3665
-msgid "Timeout for interactive passphrase prompt (in seconds)"
-msgstr "Thời gian chờ gõ cụm từ mật khẩu tối đa (theo giây)"
-
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "secs"
-msgstr "giây"
-
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
-msgid "Progress line update (in seconds)"
-msgstr ""
-
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
-msgid "How often the input of the passphrase can be retried"
-msgstr "Số các lần có cho phép thử gõ lại cụm từ mật khẩu"
-
-#: src/cryptsetup.c:3668
-msgid "Align payload at <n> sector boundaries - for luksFormat"
-msgstr "Căn chỉnh trọng tải ở <n> biên giới cung từ — cho định dạng “luksFormat”"
-
-#: src/cryptsetup.c:3669
-#, fuzzy
-msgid "File with LUKS header and keyslots backup"
-msgstr "Tập tin chứa bản sao lưu phần đầu và các khe khóa của thiết bị LUKS."
-
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
-#, fuzzy
-msgid "Use /dev/random for generating volume key"
-msgstr "Dùng /dev/random để tạo khóa volume."
-
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
-#, fuzzy
-msgid "Use /dev/urandom for generating volume key"
-msgstr "Dùng /dev/urandom để tạo khóa vùng."
-
-#: src/cryptsetup.c:3672
-#, fuzzy
-msgid "Share device with another non-overlapping crypt segment"
-msgstr "Thiết bị chia sẻ với đoạn crypt không-chồng-lên-nhau khác."
-
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
-#, fuzzy
-msgid "UUID for device to use"
-msgstr "UUID dành cho tập tin sử dụng."
-
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
-#, fuzzy
-msgid "Allow discards (aka TRIM) requests for device"
-msgstr "Cho phép hủy bỏ (được biết đến như là TRIM) các yêu cầu cho thiết bị."
-
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
-#, fuzzy
-msgid "Device or file with separated LUKS header"
-msgstr "Thiết bị hay tập tin với phần đầu LUKS tách nhau."
-
-#: src/cryptsetup.c:3676
-#, fuzzy
-msgid "Do not activate device, just check passphrase"
-msgstr "Không kích hoạt thiết bị, chỉ cần kiểm tra mật khẩu."
-
-#: src/cryptsetup.c:3677
-#, fuzzy
-msgid "Use hidden header (hidden TCRYPT device)"
-msgstr "Dùng phần đầu ẩn (thiết bị TCRYPT ẩn)."
-
-#: src/cryptsetup.c:3678
-#, fuzzy
-msgid "Device is system TCRYPT drive (with bootloader)"
-msgstr "Thiết bị là ổ đĩa TCRYPT hệ thống (có bootloader)."
-
-#: src/cryptsetup.c:3679
-#, fuzzy
-msgid "Use backup (secondary) TCRYPT header"
-msgstr "Dùng phần đầu (thứ cấp) TCRYPT."
-
-#: src/cryptsetup.c:3680
-#, fuzzy
-msgid "Scan also for VeraCrypt compatible device"
-msgstr "Cũng quét cho thiết bị tương thích VeraCrypt."
-
-#: src/cryptsetup.c:3681
-#, fuzzy
-msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Cũng quét cho thiết bị tương thích VeraCrypt."
-
-#: src/cryptsetup.c:3682
-#, fuzzy
-msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
-msgstr "Cũng quét cho thiết bị tương thích VeraCrypt."
-
-#: src/cryptsetup.c:3683
-#, fuzzy
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
-msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt."
-
-#: src/cryptsetup.c:3684
-#, fuzzy
-msgid "Disable password quality check (if enabled)"
-msgstr "Tắt chức năng kiểm tra chất lượng mật khẩu (nếu nó đang bật)."
-
-#: src/cryptsetup.c:3685
-#, fuzzy
-msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
-msgstr "Dùng tùy chọn tương thích hiệu năng same_cpu_crypt dm-crypt."
-
-#: src/cryptsetup.c:3686
-#, fuzzy
-msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
-msgstr "Dùng tùy chọn tương thích hiệu năng submit_from_crypt_cpus dm-crypt."
-
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
-msgid "Device removal is deferred until the last user closes it"
-msgstr ""
-
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
-#, fuzzy
-msgid "PBKDF iteration time for LUKS (in ms)"
-msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)"
-
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
-msgid "msecs"
-msgstr "mili-giây"
-
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
-msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-msgid "PBKDF memory cost limit"
-msgstr ""
-
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
-#, fuzzy
-msgid "kilobytes"
-msgstr "byte"
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "PBKDF parallel cost"
-msgstr ""
-
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
-msgid "threads"
-msgstr ""
-
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
-msgid "PBKDF iterations cost (forced, disables benchmark)"
-msgstr ""
-
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
-msgstr ""
-
-#: src/cryptsetup.c:3697
-#, fuzzy
-msgid "Disable locking of on-disk metadata"
-msgstr "thử sửa chữa siêu dữ liệu (metadata) on-disk"
-
-#: src/cryptsetup.c:3698
-msgid "Disable loading volume keys via kernel keyring"
-msgstr ""
-
-#: src/cryptsetup.c:3699
-msgid "Data integrity algorithm (LUKS2 only)"
-msgstr ""
-
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
-msgid "Disable journal for integrity device"
-msgstr ""
-
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
-msgid "Do not wipe device after format"
-msgstr ""
-
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
-msgid "Do not ask for passphrase if activation by token fails"
-msgstr ""
-
-#: src/cryptsetup.c:3704
-msgid "Token number (default: any)"
-msgstr ""
-
-#: src/cryptsetup.c:3705
-msgid "Key description"
-msgstr ""
-
-#: src/cryptsetup.c:3706
-msgid "Encryption sector size (default: 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3708
-msgid "Set activation flags persistent for device"
-msgstr ""
-
-#: src/cryptsetup.c:3709
-#, fuzzy
-msgid "Set label for the LUKS2 device"
-msgstr "định dạng một thiết bị kiểu LUKS"
-
-#: src/cryptsetup.c:3710
-msgid "Set subsystem label for the LUKS2 device"
-msgstr ""
-
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr ""
-
-#: src/cryptsetup.c:3712
-#, fuzzy
-msgid "Read or write the json from or to a file"
-msgstr "Đọc khóa từ một tập tin."
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr ""
-
-#: src/cryptsetup.c:3714
-#, fuzzy
-msgid "LUKS2 header keyslots area size"
-msgstr "Tập tin chứa bản sao lưu phần đầu và các khe khóa của thiết bị LUKS."
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3716
-#, fuzzy
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "Kích cỡ của khóa mã hóa"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr ""
-
-#: src/cryptsetup.c:3718
-#, fuzzy
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)."
-
-#: src/cryptsetup.c:3719
-#, fuzzy
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)."
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "Giảm kích thước dữ liệu thiết bị (di chuyển offset dữ liệu). NGUY HIỂM!"
-
-#: src/cryptsetup.c:3723
-#, fuzzy
-msgid "Maximal reencryption hotzone size."
-msgstr "Kích thước khối mã hóa lại"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-#, fuzzy
-msgid "Reencryption hotzone checksums hash"
-msgstr "Kích thước khối mã hóa lại"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
-msgstr ""
-
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
-msgid "[OPTION...] <action> <action-specific>"
-msgstr "[TÙY CHỌN…] <thao-tác> <đặc-tả-thao-tác>"
-
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
-msgid "Argument <action> missing."
-msgstr "Còn thiếu đối số <thao-tác>."
-
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
-msgid "Unknown action."
-msgstr "Không hiểu thao-tác."
-
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:3882
-#, fuzzy
-msgid "Option --deferred is allowed only for close command."
-msgstr "Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n"
-
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
-msgstr "Tùy chọn “--shared” chỉ cho phép với thao tác tạo mở của thiết bị thường.\n"
-
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
-
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
-msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
-
-#: src/cryptsetup.c:3902
-#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
-msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
-
-#: src/cryptsetup.c:3907
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr ""
-
-#: src/cryptsetup.c:3917
-#, fuzzy
-msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
-"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
-msgstr ""
-"Tùy chọn --key-size thì chỉ cho phép với các thao tác luksFormat, mở và đo kiểm.\n"
-"Để giới hạn đọc từ tập-tin-khóa, hãy sử dụng tùy chọn --keyfile-size=(bytes)."
-
-#: src/cryptsetup.c:3923
-#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
-msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”."
-
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
-msgstr ""
-
-#: src/cryptsetup.c:3934
-#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
-msgstr "Tùy chọn “--uuid” thì chỉ cho phép với “luksFormat” và “luksUUID”."
-
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
-msgstr "Tùy chọn “--test-passphrase” chỉ được phép cho lệnh mở thiết bị LUKS và TCRYPT.\n"
-
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:1690 src/cryptsetup_reencrypt.c:1389
msgid "Key size must be a multiple of 8 bits"
msgstr "Kích cỡ khóa phải là bội số của 8 bít"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:1697 src/cryptsetup_reencrypt.c:1394
msgid "Key slot is invalid."
msgstr "Khe khóa không đúng."
-#: src/cryptsetup.c:3958
-#, fuzzy
-msgid "Option --key-file takes precedence over specified key file argument."
+#: src/cryptsetup.c:1704
+msgid "Option --key-file takes precedence over specified key file argument.\n"
msgstr "Tùy chọn --key-file giữ quyền ưu tiên cao hơn tham số tập tin khóa đã chỉ định.\n"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:1712 src/veritysetup.c:488 src/cryptsetup_reencrypt.c:1378
msgid "Negative number for option not permitted."
msgstr "Tùy chọn không chấp nhận giá trị là số âm."
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:1716
msgid "Only one --key-file argument is allowed."
msgstr "Chỉ cho phép một tùy chọn --key-file."
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:1720 src/cryptsetup_reencrypt.c:1372
+#: src/cryptsetup_reencrypt.c:1398
msgid "Only one of --use-[u]random options is allowed."
msgstr "Chỉ cho phép một tùy chọn “--use-[u]random”."
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:1724
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "Tùy chọn “--use-[u]random” chỉ được phép cho “luksFormat”."
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:1728
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "Tùy chọn “--uuid” thì chỉ cho phép với “luksFormat” và “luksUUID”."
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:1732
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”."
-#: src/cryptsetup.c:3989
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr ""
-
-#: src/cryptsetup.c:3994
-#, fuzzy
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
-
-#: src/cryptsetup.c:3998
-#, fuzzy
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
-
-#: src/cryptsetup.c:4002
-#, fuzzy
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "Tùy chọn “--align-payload” chỉ được phép cho “luksFormat”."
-
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:1738
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "Tùy chọn “--skip” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và “loopaes”.\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:1744
+msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
msgstr "Tùy chọn “--offset” chỉ hỗ trợ cho lệnh mở (open) của thiết bị thường và “loopaes”.\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:1750
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "Tùy chọn --tcrypt-hidden, --tcrypt-system hay --tcrypt-backup chỉ được hỗ trợ trên thiết bị TCRYPT.\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:1755
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "Tùy chọn --tcrypt-hidden không thể được tổ hợp cùng với --allow-discards.\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n"
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr ""
-
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n"
-
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
+#: src/cryptsetup.c:1760
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
msgstr "Tùy chọn --veracrypt chỉ được hỗ trợ trên thiết bị TCRYPT.\n"
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr ""
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr ""
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr ""
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr ""
-
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
-msgstr "Thao tác này không được hỗ trợ cho kiểu thiết bị này.\n"
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr ""
-
-#: src/cryptsetup.c:4108
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr ""
-
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
-msgstr "Tùy chọn “--keep-key” có thể dùng với “--hash” hoặc “--iter-time”."
-
-#: src/cryptsetup.c:4124
-msgid "Cannot disable metadata locking."
-msgstr ""
-
-#: src/cryptsetup.c:4135
-#, fuzzy
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
-
-#: src/cryptsetup.c:4146
-#, fuzzy
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "Kích thước thu nhỏ thiết bị tối đa là 64 MiB."
-
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte"
-
-#: src/cryptsetup.c:4154
-#, fuzzy
-msgid "Invalid data size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
-
-#: src/cryptsetup.c:4159
-#, fuzzy
-msgid "Reduce size overflow."
-msgstr "Khoảng bù (offset) thiết bị bị tràn.\n"
-
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
-msgstr ""
-
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte"
-
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
-msgstr ""
-
-#: src/cryptsetup.c:4179
-#, fuzzy
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
-msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n"
-
-#: src/veritysetup.c:76
-#, fuzzy
-msgid "Invalid salt string specified."
+#: src/veritysetup.c:61
+msgid "Invalid salt string specified.\n"
msgstr "Chuỗi salt (muối) đã cho không hợp lệ.\n"
-#: src/veritysetup.c:107
-#, fuzzy, c-format
-msgid "Cannot create hash image %s for writing."
-msgstr "Không thể tạo ảnh băm %s để ghi.\n"
-
-#: src/veritysetup.c:117
-#, fuzzy, c-format
-msgid "Cannot create FEC image %s for writing."
+#: src/veritysetup.c:91
+#, c-format
+msgid "Cannot create hash image %s for writing.\n"
msgstr "Không thể tạo ảnh băm %s để ghi.\n"
-#: src/veritysetup.c:191
-#, fuzzy
-msgid "Invalid root hash string specified."
+#: src/veritysetup.c:158
+msgid "Invalid root hash string specified.\n"
msgstr "Chuỗi mã băm gốc (thư mục root) đã chỉ ra không hợp lệ.\n"
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "Thiết bị không đúng %s.\n"
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr "Không thể đọc tập-tin khóa %s.\n"
-
-#: src/veritysetup.c:406
+#: src/veritysetup.c:326
msgid "<data_device> <hash_device>"
msgstr "<thiết-bị-dữ-liệu> <thiết-bị-băm>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:326
msgid "format device"
msgstr "định dạng thiết bị"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:327
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<thiết-bị-dữ-liệu> <thiết-bị-băm> <mã-băm-gốc>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:327
msgid "verify device"
msgstr "thẩm tra thiết bị"
-#: src/veritysetup.c:408
-#, fuzzy
-msgid "<data_device> <name> <hash_device> <root_hash>"
-msgstr "<thiết-bị-dữ-liệu> <thiết-bị-băm> <mã-băm-gốc>"
-
-#: src/veritysetup.c:410 src/integritysetup.c:495
-msgid "show active device status"
-msgstr "hiển thị trạng thái các thiết bị đang hoạt động"
-
-#: src/veritysetup.c:411
-msgid "<hash_device>"
-msgstr "<thiết_bị_băm>"
-
-#: src/veritysetup.c:411 src/integritysetup.c:496
-msgid "show on-disk information"
-msgstr "hiển thị thông tin trên-đĩa"
-
-#: src/veritysetup.c:430
-#, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<data_device> is the data device\n"
-"<hash_device> is the device containing verification data\n"
-"<root_hash> hash of the root node on <hash_device>\n"
-msgstr ""
-"\n"
-"<tên> là thiết bị để tạo dưới %s\n"
-"<thiết-bị-dữ-liệu> là thiết bị dữ liệu\n"
-"<thiết-bị-băm> là thiết bị chứa dữ liệu xác thực\n"
-"<mã-băm-gốc> mã băm của nút root (gốc) trên <thiết-bị-băm>\n"
-
-#: src/veritysetup.c:437
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-verity parameters:\n"
-"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
-msgstr ""
-"\n"
-"Các tham số dm-verity dựng sẵn mặc định:\n"
-"\tBăm: %s, Khối dữ liệu (bytes): %u, Khối băm (bytes): %u, Kích thước muối: %u, Định dạng băm: %u\n"
-
-#: src/veritysetup.c:481
-msgid "Do not use verity superblock"
-msgstr "Không sử dụng siêu khối thẩm định"
-
-#: src/veritysetup.c:482
-msgid "Format type (1 - normal, 0 - original Chrome OS)"
-msgstr "Kiểu định dạng (1 - thông thường, 0 - Chrome OS)"
-
-#: src/veritysetup.c:482
-msgid "number"
-msgstr "số"
-
-#: src/veritysetup.c:483
-msgid "Block size on the data device"
-msgstr "Kích cỡ khối trên thiết bị dữ liệu"
-
-#: src/veritysetup.c:484
-msgid "Block size on the hash device"
-msgstr "Kích cỡ của khối trên thiết bị băm"
-
-#: src/veritysetup.c:485
-msgid "FEC parity bytes"
-msgstr ""
-
-#: src/veritysetup.c:486
-msgid "The number of blocks in the data file"
-msgstr "Số lượng khối trong tập tin dữ liệu"
-
-#: src/veritysetup.c:486
-msgid "blocks"
-msgstr "khối"
-
-#: src/veritysetup.c:487
-msgid "Path to device with error correction data"
-msgstr ""
-
-#: src/veritysetup.c:487 src/integritysetup.c:566
-msgid "path"
-msgstr ""
-
-#: src/veritysetup.c:488
-msgid "Starting offset on the hash device"
-msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm"
-
-#: src/veritysetup.c:489
-#, fuzzy
-msgid "Starting offset on the FEC device"
-msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm"
-
-#: src/veritysetup.c:490
-msgid "Hash algorithm"
-msgstr "Thuật toán băm"
-
-#: src/veritysetup.c:490
-msgid "string"
-msgstr "chuỗi"
-
-#: src/veritysetup.c:491
-msgid "Salt"
-msgstr "Muối"
-
-#: src/veritysetup.c:491
-msgid "hex string"
-msgstr "chuỗi hex (thập lục phân)"
-
-#: src/veritysetup.c:493
-#, fuzzy
-msgid "Path to root hash signature file"
-msgstr "Việc tạo vùng dữ liệu băm gặp lỗi.\n"
-
-#: src/veritysetup.c:494
-msgid "Restart kernel if corruption is detected"
-msgstr "Khởi động lại nhân nếu thấy có sai hỏng"
-
-#: src/veritysetup.c:495
-#, fuzzy
-msgid "Panic kernel if corruption is detected"
-msgstr "Khởi động lại nhân nếu thấy có sai hỏng"
-
-#: src/veritysetup.c:496
-msgid "Ignore corruption, log it only"
-msgstr "Bỏ qua sai hỏng, chỉ ghi nhật ký lại"
-
-#: src/veritysetup.c:497
-msgid "Do not verify zeroed blocks"
-msgstr "Không thẩm tra các khối không"
-
-#: src/veritysetup.c:498
-msgid "Verify data block only the first time it is read"
-msgstr ""
-
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "Tùy chọn --ignore-corruption, --restart-on-corruption hay --ignore-zero-blocks chỉ được phép dùng cho thao tác tạo.\n"
-
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
-
-#: src/veritysetup.c:610
-#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
-msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n"
-
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n"
-
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "Kích cỡ khóa không đúng %d.\n"
-
-#: src/integritysetup.c:95 src/utils_password.c:339
-#, fuzzy, c-format
-msgid "Cannot read keyfile %s."
-msgstr "Không thể đọc tập-tin khóa %s.\n"
-
-#: src/integritysetup.c:99 src/utils_password.c:344
-#, fuzzy, c-format
-msgid "Cannot read %d bytes from keyfile %s."
-msgstr "Không thể đọc %d byte từ tập tin khóa %s.\n"
-
-#: src/integritysetup.c:266
-#, c-format
-msgid "Formatted with tag size %u, internal integrity %s.\n"
-msgstr ""
-
-#: src/integritysetup.c:492 src/integritysetup.c:496
-#, fuzzy
-msgid "<integrity_device>"
-msgstr "thẩm tra thiết bị"
-
-#: src/integritysetup.c:493
-msgid "<integrity_device> <name>"
-msgstr ""
-
-#: src/integritysetup.c:515
-#, fuzzy, c-format
-msgid ""
-"\n"
-"<name> is the device to create under %s\n"
-"<integrity_device> is the device containing data with integrity tags\n"
-msgstr ""
-"\n"
-"<tên> là thiết bị để tạo dưới %s\n"
-"<thiết-bị-dữ-liệu> là thiết bị dữ liệu\n"
-"<thiết-bị-băm> là thiết bị chứa dữ liệu xác thực\n"
-"<mã-băm-gốc> mã băm của nút root (gốc) trên <thiết-bị-băm>\n"
-
-#: src/integritysetup.c:520
-#, c-format
-msgid ""
-"\n"
-"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
-msgstr ""
-
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr ""
-
-#: src/integritysetup.c:568
-msgid "Journal size"
-msgstr ""
-
-#: src/integritysetup.c:569
-msgid "Interleave sectors"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "Journal watermark"
-msgstr ""
-
-#: src/integritysetup.c:570
-msgid "percent"
-msgstr ""
-
-#: src/integritysetup.c:571
-msgid "Journal commit time"
-msgstr ""
-
-#: src/integritysetup.c:571 src/integritysetup.c:573
-msgid "ms"
-msgstr ""
-
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
-msgid "Tag size (per-sector)"
-msgstr ""
-
-#: src/integritysetup.c:575
-msgid "Sector size"
-msgstr ""
-
-#: src/integritysetup.c:576
-msgid "Buffers size"
-msgstr ""
-
-#: src/integritysetup.c:578
-msgid "Data integrity algorithm"
-msgstr ""
-
-#: src/integritysetup.c:579
-#, fuzzy
-msgid "The size of the data integrity key"
-msgstr "Kích cỡ của khóa mã hóa"
-
-#: src/integritysetup.c:580
-#, fuzzy
-msgid "Read the integrity key from a file"
-msgstr "Đọc khóa từ một tập tin."
-
-#: src/integritysetup.c:582
-msgid "Journal integrity algorithm"
-msgstr ""
+#: src/veritysetup.c:328
+msgid "<name> <data_device> <hash_device> <root_hash>"
+msgstr "<tên> <thiết-bị-dữ-liệu> <thiết-bị-băm> <mã-băm-gốc>"
-#: src/integritysetup.c:583
-#, fuzzy
-msgid "The size of the journal integrity key"
-msgstr "Kích cỡ của khóa mã hóa"
+#: src/veritysetup.c:328
+msgid "create active device"
+msgstr "tạo thiết bị hoạt động"
-#: src/integritysetup.c:584
-#, fuzzy
-msgid "Read the journal integrity key from a file"
-msgstr "Đọc khóa từ một tập tin."
+#: src/veritysetup.c:329
+msgid "remove (deactivate) device"
+msgstr "gỡ bỏ (dừng hoạt động) thiết bị"
-#: src/integritysetup.c:586
-msgid "Journal encryption algorithm"
-msgstr ""
+#: src/veritysetup.c:330
+msgid "show active device status"
+msgstr "hiển thị trạng thái các thiết bị đang hoạt động"
-#: src/integritysetup.c:587
-#, fuzzy
-msgid "The size of the journal encryption key"
-msgstr "Kích cỡ của khóa mã hóa"
+#: src/veritysetup.c:331
+msgid "<hash_device>"
+msgstr "<thiết_bị_băm>"
-#: src/integritysetup.c:588
-#, fuzzy
-msgid "Read the journal encryption key from a file"
-msgstr "Đọc khóa từ một tập tin."
+#: src/veritysetup.c:331
+msgid "show on-disk information"
+msgstr "hiển thị thông tin trên-đĩa"
-#: src/integritysetup.c:591
-msgid "Recovery mode (no journal, no tag checking)"
+#: src/veritysetup.c:350
+#, c-format
+msgid ""
+"\n"
+"<name> is the device to create under %s\n"
+"<data_device> is the data device\n"
+"<hash_device> is the device containing verification data\n"
+"<root_hash> hash of the root node on <hash_device>\n"
msgstr ""
+"\n"
+"<tên> là thiết bị để tạo dưới %s\n"
+"<thiết-bị-dữ-liệu> là thiết bị dữ liệu\n"
+"<thiết-bị-băm> là thiết bị chứa dữ liệu xác thực\n"
+"<mã-băm-gốc> mã băm của nút root (gốc) trên <thiết-bị-băm>\n"
-#: src/integritysetup.c:592
-msgid "Use bitmap to track changes and disable journal for integrity device"
+#: src/veritysetup.c:357
+#, c-format
+msgid ""
+"\n"
+"Default compiled-in dm-verity parameters:\n"
+"\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
msgstr ""
+"\n"
+"Các tham số dm-verity dựng sẵn mặc định:\n"
+"\tBăm: %s, Khối dữ liệu (bytes): %u, Khối băm (bytes): %u, Kích thước muối: %u, Định dạng băm: %u\n"
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr ""
+#: src/veritysetup.c:395
+msgid "Do not use verity superblock"
+msgstr "Không sử dụng siêu khối thẩm định"
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
+#: src/veritysetup.c:396
+msgid "Format type (1 - normal, 0 - original Chrome OS)"
+msgstr "Kiểu định dạng (1 - thông thường, 0 - Chrome OS)"
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
+#: src/veritysetup.c:396
+msgid "number"
+msgstr "số"
-#: src/integritysetup.c:672
-#, fuzzy
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "Tùy chọn “--allow-discards” chỉ cho phép với thao tác mở.\n"
+#: src/veritysetup.c:397
+msgid "Block size on the data device"
+msgstr "Kích cỡ khối trên thiết bị dữ liệu"
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
-msgstr ""
+#: src/veritysetup.c:398
+msgid "Block size on the hash device"
+msgstr "Kích cỡ của khối trên thiết bị băm"
-#: src/integritysetup.c:698
-#, fuzzy
-msgid "Invalid journal size specification."
-msgstr "Đặc tả kích thước thiết bị không đúng."
+#: src/veritysetup.c:399
+msgid "The number of blocks in the data file"
+msgstr "Số lượng khối trong tập tin dữ liệu"
-#: src/integritysetup.c:703
-msgid "Both key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:399
+msgid "blocks"
+msgstr "khối"
-#: src/integritysetup.c:708
-msgid "Both journal integrity key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:400
+msgid "Starting offset on the hash device"
+msgstr "Khoảng bù (offset) khởi đầu của thiết bị băm"
-#: src/integritysetup.c:711
-msgid "Journal integrity algorithm must be specified if journal integrity key is used."
-msgstr ""
+#: src/veritysetup.c:401
+msgid "Hash algorithm"
+msgstr "Thuật toán băm"
-#: src/integritysetup.c:716
-msgid "Both journal encryption key file and key size options must be specified."
-msgstr ""
+#: src/veritysetup.c:401
+msgid "string"
+msgstr "chuỗi"
-#: src/integritysetup.c:719
-msgid "Journal encryption algorithm must be specified if journal encryption key is used."
-msgstr ""
+#: src/veritysetup.c:402
+msgid "Salt"
+msgstr "Muối"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr ""
+#: src/veritysetup.c:402
+msgid "hex string"
+msgstr "chuỗi hex (thập lục phân)"
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
+#: src/veritysetup.c:404
+msgid "Restart kernel if corruption is detected"
+msgstr "Khởi động lại nhân nếu thấy có sai hỏng"
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr ""
+#: src/veritysetup.c:405
+msgid "Ignore corruption, log it only"
+msgstr "Bỏ qua sai hỏng, chỉ ghi nhật ký lại"
-#: src/cryptsetup_reencrypt.c:190
-#, fuzzy
-msgid "Reencryption already in-progress."
-msgstr "Kích thước khối mã hóa lại"
+#: src/veritysetup.c:406
+msgid "Do not verify zeroed blocks"
+msgstr "Không thẩm tra các khối không"
+
+#: src/veritysetup.c:494
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for create operation.\n"
+msgstr "Tùy chọn --ignore-corruption, --restart-on-corruption hay --ignore-zero-blocks chỉ được phép dùng cho thao tác tạo.\n"
+
+#: src/veritysetup.c:499
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
+msgstr "Không được dùng các tùy chọn --ignore-corruption và --restart-on-corruption cùng một lúc.\n"
-#: src/cryptsetup_reencrypt.c:226
-#, fuzzy, c-format
-msgid "Cannot exclusively open %s, device in use."
+#: src/cryptsetup_reencrypt.c:150
+#, c-format
+msgid "Cannot exclusively open %s, device in use.\n"
msgstr "Không thể mở %s một cách đệ qui, thiết bị vẫn đang được sử dụng.\n"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
-#, fuzzy
-msgid "Allocation of aligned memory failed."
+#: src/cryptsetup_reencrypt.c:164 src/cryptsetup_reencrypt.c:920
+msgid "Allocation of aligned memory failed.\n"
msgstr "Phân bổ bộ nhớ điều chỉnh gặp lỗi.\n"
-#: src/cryptsetup_reencrypt.c:247
-#, fuzzy, c-format
-msgid "Cannot read device %s."
+#: src/cryptsetup_reencrypt.c:171
+#, c-format
+msgid "Cannot read device %s.\n"
msgstr "Không thể đọc thiết bị %s.\n"
-#: src/cryptsetup_reencrypt.c:258
-#, fuzzy, c-format
-msgid "Marking LUKS1 device %s unusable."
+#: src/cryptsetup_reencrypt.c:182
+#, c-format
+msgid "Marking LUKS device %s unusable.\n"
msgstr "Đánh dấu thiết bị LUKS %s là không thể dùng.\n"
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:198
#, c-format
-msgid "Setting LUKS2 offline reencrypt flag on device %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:279
-#, fuzzy, c-format
-msgid "Cannot write device %s."
+msgid "Cannot write device %s.\n"
msgstr "Không thể ghi thiết bị %s.\n"
-#: src/cryptsetup_reencrypt.c:327
-#, fuzzy
-msgid "Cannot write reencryption log file."
+#: src/cryptsetup_reencrypt.c:281
+msgid "Cannot write reencryption log file.\n"
msgstr "Không thể ghi tập tin nhật ký reencryption (mã hóa lại).\n"
-#: src/cryptsetup_reencrypt.c:383
-#, fuzzy
-msgid "Cannot read reencryption log file."
+#: src/cryptsetup_reencrypt.c:337
+msgid "Cannot read reencryption log file.\n"
msgstr "Không đọc được tập tin nhật ký reencryption.\n"
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:375
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "Tập tin nhật ký %s đã có sẵn rồi, giả định là reencryption (mã hóa lại).\n"
-#: src/cryptsetup_reencrypt.c:470
-#, fuzzy
-msgid "Activating temporary device using old LUKS header."
+#: src/cryptsetup_reencrypt.c:425
+msgid "Activating temporary device using old LUKS header.\n"
msgstr "Hoạt hóa thiết bị tạm thời sử dụng phần đầu LUKS kiểu cũ.\n"
-#: src/cryptsetup_reencrypt.c:480
-#, fuzzy
-msgid "Activating temporary device using new LUKS header."
+#: src/cryptsetup_reencrypt.c:436
+msgid "Activating temporary device using new LUKS header.\n"
msgstr "Hoạt hóa thiết bị tạm thời sử dụng phần đầu LUKS kiểu mới.\n"
-#: src/cryptsetup_reencrypt.c:490
-#, fuzzy
-msgid "Activation of temporary devices failed."
+#: src/cryptsetup_reencrypt.c:446
+msgid "Activation of temporary devices failed.\n"
msgstr "Việc hoạt hóa các thiết bị tạm thời gặp lỗi.\n"
-#: src/cryptsetup_reencrypt.c:577
-#, fuzzy
-msgid "Failed to set data offset."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-
-#: src/cryptsetup_reencrypt.c:591
-#, fuzzy, c-format
-msgid "New LUKS header for device %s created."
+#: src/cryptsetup_reencrypt.c:472
+#, c-format
+msgid "New LUKS header for device %s created.\n"
msgstr "Phần đầu LUKS mới cho thiết bị %s được tạo.\n"
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:480
#, c-format
-msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:673
-msgid "Failed to read activation flags from backup header."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:677
-#, fuzzy
-msgid "Failed to write activation flags to new header."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+msgid "Activated keyslot %i.\n"
+msgstr "Khe-khóa (keyslot) đã được kích hoạt %i.\n"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
-#, fuzzy
-msgid "Failed to read requirements from backup header."
-msgstr "Lỗi đọc từ kho lưu khóa.\n"
-
-#: src/cryptsetup_reencrypt.c:723
-#, fuzzy, c-format
-msgid "%s header backup of device %s created."
+#: src/cryptsetup_reencrypt.c:506
+#, c-format
+msgid "LUKS header backup of device %s created.\n"
msgstr "Phần đầu sao lưu LUKS của thiết bị %s được tạo.\n"
-#: src/cryptsetup_reencrypt.c:786
-#, fuzzy
-msgid "Creation of LUKS backup headers failed."
+#: src/cryptsetup_reencrypt.c:554
+msgid "Creation of LUKS backup headers failed.\n"
msgstr "Việc tạo phần đầu LUKS sao lưu dự phòng gặp lỗi.\n"
-#: src/cryptsetup_reencrypt.c:919
-#, fuzzy, c-format
-msgid "Cannot restore %s header on device %s."
+#: src/cryptsetup_reencrypt.c:656
+#, c-format
+msgid "Cannot restore LUKS header on device %s.\n"
msgstr "Không thể phục hồi phần đầu LUKS trên thiết bị %s.\n"
-#: src/cryptsetup_reencrypt.c:921
-#, fuzzy, c-format
-msgid "%s header on device %s restored."
+#: src/cryptsetup_reencrypt.c:658
+#, c-format
+msgid "LUKS header on device %s restored.\n"
msgstr "Phần đầu LUKS trên thiết bị %s đã được phục hồi.\n"
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
-#, fuzzy
-msgid "Cannot open temporary LUKS device."
+#: src/cryptsetup_reencrypt.c:693
+#, c-format
+msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s"
+msgstr "Diễn biến: %5.1f%%, ETA %02llu:%02llu, đã ghi %4llu MiB, tốc độ %5.1f MiB/s%s"
+
+#: src/cryptsetup_reencrypt.c:732 src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup_reencrypt.c:853
+msgid "Cannot seek to device offset.\n"
+msgstr "Không thể di chuyển vị trí tới vị trí tương đối thiết bị.\n"
+
+#: src/cryptsetup_reencrypt.c:892 src/cryptsetup_reencrypt.c:898
+msgid "Cannot open temporary LUKS device.\n"
msgstr "Không thể r thiết bị LUKS tạm thời.\n"
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
-#, fuzzy
-msgid "Cannot get device size."
+#: src/cryptsetup_reencrypt.c:903 src/cryptsetup_reencrypt.c:908
+msgid "Cannot get device size.\n"
msgstr "Không thể lấy kích cỡ thiết bị.\n"
-#: src/cryptsetup_reencrypt.c:1176
-#, fuzzy
-msgid "IO error during reencryption."
+#: src/cryptsetup_reencrypt.c:946
+msgid "Interrupted by a signal.\n"
+msgstr "Bị ngắt bởi tín hiệu signal.\n"
+
+#: src/cryptsetup_reencrypt.c:948
+msgid "IO error during reencryption.\n"
msgstr "Lỗi IO (vào/ra) trong quá trình mã hóa lại.\n"
-#: src/cryptsetup_reencrypt.c:1207
-#, fuzzy
-msgid "Provided UUID is invalid."
+#: src/cryptsetup_reencrypt.c:978
+msgid "Provided UUID is invalid.\n"
msgstr "UUID đã cung cấp không hợp lệ.\n"
-#: src/cryptsetup_reencrypt.c:1441
-#, fuzzy
-msgid "Cannot open reencryption log file."
+#: src/cryptsetup_reencrypt.c:1070
+msgid "Key file can be used only with --key-slot or with exactly one key slot active.\n"
+msgstr "Tập tin khóa có thể sử dụng với tùy chọn --key-slot hoặc với chính xác một khe khóa hoạt động.\n"
+
+#: src/cryptsetup_reencrypt.c:1114 src/cryptsetup_reencrypt.c:1129
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "Gõ cụm từ mật khẩu cho khe khóa %u: "
+
+#: src/cryptsetup_reencrypt.c:1178
+msgid "Cannot open reencryption log file.\n"
msgstr "Không mở được tập tin nhật ký reencryption.\n"
-#: src/cryptsetup_reencrypt.c:1447
-#, fuzzy
-msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
+#: src/cryptsetup_reencrypt.c:1184
+msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process.\n"
msgstr "Không có quá trình giải mã nào đang xử lý, UUID đã cung cấp có thể chỉ được dùng để phục hồi lại tiến trình giải mã đã tạm dừng.\n"
-#: src/cryptsetup_reencrypt.c:1522
-#, c-format
-msgid "Changed pbkdf parameters in keyslot %i."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1311
msgid "Reencryption block size"
msgstr "Kích thước khối mã hóa lại"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1311
msgid "MiB"
msgstr "MiB"
-#: src/cryptsetup_reencrypt.c:1640
-#, fuzzy
-msgid "Do not change key, no data area reencryption"
+#: src/cryptsetup_reencrypt.c:1315
+msgid "Do not change key, no data area reencryption."
msgstr "Khôngười thay đổi khóa, không có mã hóa lại vùng dữ liệu."
-#: src/cryptsetup_reencrypt.c:1642
-#, fuzzy
-msgid "Read new volume (master) key from file"
-msgstr "Đọc khóa khối tin (chủ) từ tập tin."
-
-#: src/cryptsetup_reencrypt.c:1643
-msgid "PBKDF2 iteration time for LUKS (in ms)"
-msgstr "Thời gian lặp lại PBKDF2 cho LUKS (theo mili-giây)"
-
-#: src/cryptsetup_reencrypt.c:1649
-#, fuzzy
-msgid "Use direct-io when accessing devices"
+#: src/cryptsetup_reencrypt.c:1322
+msgid "Use direct-io when accessing devices."
msgstr "Sử dụng vào ra trực tiếp khi truy cập các thiết bị."
-#: src/cryptsetup_reencrypt.c:1650
-#, fuzzy
-msgid "Use fsync after each block"
+#: src/cryptsetup_reencrypt.c:1323
+msgid "Use fsync after each block."
msgstr "Sử dụng fsync sau mỗi khối."
-#: src/cryptsetup_reencrypt.c:1651
-#, fuzzy
-msgid "Update log file after every block"
+#: src/cryptsetup_reencrypt.c:1324
+msgid "Update log file after every block."
msgstr "Cập nhật tập tin nhật ký sau mỗi khối."
-#: src/cryptsetup_reencrypt.c:1652
-#, fuzzy
-msgid "Use only this slot (others will be disabled)"
+#: src/cryptsetup_reencrypt.c:1325
+msgid "Use only this slot (others will be disabled)."
msgstr "Chỉ sử dụng khe này (những cái khác sẽ bị tắt đi)."
-#: src/cryptsetup_reencrypt.c:1657
-#, fuzzy
-msgid "Create new header on not encrypted device"
+#: src/cryptsetup_reencrypt.c:1328
+msgid "Reduce data device size (move data offset). DANGEROUS!"
+msgstr "Giảm kích thước dữ liệu thiết bị (di chuyển offset dữ liệu). NGUY HIỂM!"
+
+#: src/cryptsetup_reencrypt.c:1329
+msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+msgstr "Chỉ sử dụng kích thước dữ liệu thiết bị (bỏ qua phần còn lại của thiết bị). NGUY HIỂM!"
+
+#: src/cryptsetup_reencrypt.c:1330
+msgid "Create new header on not encrypted device."
msgstr "Tạo phần đầu mới không trên thiết bị được mã hóa."
-#: src/cryptsetup_reencrypt.c:1658
-#, fuzzy
-msgid "Permanently decrypt device (remove encryption)"
+#: src/cryptsetup_reencrypt.c:1331
+msgid "Permanently decrypt device (remove encryption)."
msgstr "Thiết bị mã hóa cố định (gỡ bỏ mã hóa)."
-#: src/cryptsetup_reencrypt.c:1659
-#, fuzzy
-msgid "The UUID used to resume decryption"
+#: src/cryptsetup_reencrypt.c:1332
+msgid "The uuid used to resume decryption."
msgstr "uuid được dùng để khôi phục việc giải mã."
-#: src/cryptsetup_reencrypt.c:1660
-#, fuzzy
-msgid "Type of LUKS metadata: luks1, luks2"
-msgstr "Kiểu của siêu dữ liệu thiết bị: luks, plain, loopaes, tcrypt."
-
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1348
msgid "[OPTION...] <device>"
msgstr "[TÙY_CHỌN…] <thiết-bị>"
-#: src/cryptsetup_reencrypt.c:1687
-#, fuzzy, c-format
-msgid "Reencryption will change: %s%s%s%s%s%s."
+#: src/cryptsetup_reencrypt.c:1362
+#, c-format
+msgid "Reencryption will change: volume key%s%s%s%s.\n"
msgstr "Reencryption sẽ thay đổi: khóa dung lượng%s%s%s%s.\n"
-#: src/cryptsetup_reencrypt.c:1688
-msgid "volume key"
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:1690
-#, fuzzy
-msgid "set hash to "
+#: src/cryptsetup_reencrypt.c:1363
+msgid ", set hash to "
msgstr ", đặt kiểu băm thành "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1364
msgid ", set cipher to "
msgstr ", đặt kiểu mã hóa thành "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1368
msgid "Argument required."
msgstr "Cần đối số."
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1384
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "Chỉ những giá trị nằm giữa 1MiB và 64 MiB là cho phép đối với kích thước khối reencryption (mã hóa lại)."
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1403 src/cryptsetup_reencrypt.c:1408
+msgid "Invalid device size specification."
+msgstr "Đặc tả kích thước thiết bị không đúng."
+
+#: src/cryptsetup_reencrypt.c:1411
msgid "Maximum device reduce size is 64 MiB."
msgstr "Kích thước thu nhỏ thiết bị tối đa là 64 MiB."
-#: src/cryptsetup_reencrypt.c:1757
-#, fuzzy
-msgid "Option --new must be used together with --reduce-device-size or --header."
+#: src/cryptsetup_reencrypt.c:1414
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "Kích cỡ giảm phải là bội số cung từ (sector) 512 byte"
+
+#: src/cryptsetup_reencrypt.c:1418
+msgid "Option --new must be used together with --reduce-device-size."
msgstr "Tùy chọn “--new” phải được sử dụng cùng với “--reduce-device-size”."
-#: src/cryptsetup_reencrypt.c:1761
-#, fuzzy
-msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
+#: src/cryptsetup_reencrypt.c:1422
+msgid "Option --keep-key can be used only with --hash or --iter-time."
msgstr "Tùy chọn “--keep-key” có thể dùng với “--hash” hoặc “--iter-time”."
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1426
msgid "Option --new cannot be used together with --decrypt."
msgstr "Tùy chọn “--new” không được sử dụng cùng với “ --decrypt”."
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1430
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "Tùy chọn --decrypt không tương thích với các đối số đã cho."
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1434
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "Tùy chọn “--uuid” chỉ được sử dụng cùng với “ --decrypt”."
-#: src/cryptsetup_reencrypt.c:1777
-msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
-msgstr ""
-
#: src/utils_tools.c:151
-#, fuzzy
-msgid "Error reading response from terminal."
+msgid "Error reading response from terminal.\n"
msgstr "Gặp lỗi khi đọc phản hồi từ thiết bị cuối.\n"
-#: src/utils_tools.c:186
+#: src/utils_tools.c:173
msgid "Command successful.\n"
msgstr "Câu lệnh đã chạy thành công.\n"
-#: src/utils_tools.c:194
-msgid "wrong or missing parameters"
-msgstr ""
-
-#: src/utils_tools.c:196
-#, fuzzy
-msgid "no permission or bad passphrase"
-msgstr "Nhập bất cứ cụm từ mật khẩu nào: "
-
-#: src/utils_tools.c:198
-#, fuzzy
-msgid "out of memory"
-msgstr "Không thể mở khóa bộ nhớ.\n"
-
-#: src/utils_tools.c:200
-msgid "wrong device or file specified"
-msgstr ""
-
-#: src/utils_tools.c:202
-#, fuzzy
-msgid "device already exists or device is busy"
-msgstr "Thiết bị %s đã sẵn có.\n"
-
-#: src/utils_tools.c:204
-msgid "unknown error"
-msgstr ""
-
-#: src/utils_tools.c:206
-#, fuzzy, c-format
-msgid "Command failed with code %i (%s).\n"
-msgstr "Câu lệnh đã thất bại với mã %i"
-
-#: src/utils_tools.c:284
-#, fuzzy, c-format
-msgid "Key slot %i created."
-msgstr "Khe khóa %d đã thay đổi.\n"
-
-#: src/utils_tools.c:286
-#, fuzzy, c-format
-msgid "Key slot %i unlocked."
-msgstr "Khe khóa %d được mở khóa.\n"
-
-#: src/utils_tools.c:288
-#, fuzzy, c-format
-msgid "Key slot %i removed."
-msgstr "Khe khóa %d được mở khóa.\n"
-
-#: src/utils_tools.c:297
-#, c-format
-msgid "Token %i created."
-msgstr ""
-
-#: src/utils_tools.c:299
-#, c-format
-msgid "Token %i removed."
-msgstr ""
-
-#: src/utils_tools.c:465
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr ""
-
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:505 src/utils_tools.c:569
-#, fuzzy
-msgid "Failed to initialize device signature probes."
-msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
-
-#: src/utils_tools.c:549
-#, fuzzy, c-format
-msgid "Failed to stat device %s."
-msgstr "Gặp lỗi khi lấy thông tin tập tin khóa.\n"
-
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr ""
-
-#: src/utils_tools.c:564
+#: src/utils_tools.c:191
#, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr ""
-
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
+msgid "Command failed with code %i"
+msgstr "Câu lệnh đã thất bại với mã %i"
-#: src/utils_tools.c:581
+#: src/utils_password.c:42 src/utils_password.c:74
#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
-#, fuzzy
-msgid "Failed to wipe device signature."
-msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
-
-#: src/utils_tools.c:591
-#, fuzzy, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
-
-#: src/utils_tools.c:622
-#, fuzzy
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr "Kích thước khối mã hóa lại"
-
-#: src/utils_password.c:43 src/utils_password.c:76
-#, fuzzy, c-format
-msgid "Cannot check password quality: %s"
+msgid "Cannot check password quality: %s\n"
msgstr "Không thể kiểm tra chất lượng mật khẩu: %s\n"
-#: src/utils_password.c:51
-#, fuzzy, c-format
+#: src/utils_password.c:50
+#, c-format
msgid ""
"Password quality check failed:\n"
-" %s"
+" %s\n"
msgstr ""
"Chất lượng mật khẩu không đạt:\n"
" %s\n"
-#: src/utils_password.c:83
-#, fuzzy, c-format
-msgid "Password quality check failed: Bad passphrase (%s)"
-msgstr "Gặp lỗi khi kiểm tra chất lượng mật khẩu: mật khẩu sai (%s)\n"
-
-#: src/utils_password.c:228 src/utils_password.c:242
-#, fuzzy
-msgid "Error reading passphrase from terminal."
-msgstr "Gặp lỗi khi đọc cụm từ mật khẩu từ thiết bị cuối.\n"
-
-#: src/utils_password.c:240
-msgid "Verify passphrase: "
-msgstr "Nhập lại mật khẩu: "
-
-#: src/utils_password.c:247
-#, fuzzy
-msgid "Passphrases do not match."
-msgstr "Hai cụm từ mật khẩu không trùng nhau.\n"
-
-#: src/utils_password.c:284
-#, fuzzy
-msgid "Cannot use offset with terminal input."
-msgstr "Không thể sử dụng khoảng bù (offset) với đầu vào là thiết bị cuối.\n"
-
-#: src/utils_password.c:287
-#, c-format
-msgid "Enter passphrase: "
-msgstr "Gõ cụm từ mật khẩu: "
-
-#: src/utils_password.c:290
-#, c-format
-msgid "Enter passphrase for %s: "
-msgstr "Nhập cụm từ mật khẩu cho %s: "
-
-#: src/utils_password.c:321
-#, fuzzy
-msgid "No key available with this passphrase."
-msgstr "Không có khóa sẵn sàng dùng với cụm từ mật khẩu này.\n"
-
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
-
-#: src/utils_password.c:365
-#, fuzzy, c-format
-msgid "Cannot open keyfile %s for write."
-msgstr "Không thể mở tập tin %s.\n"
-
-#: src/utils_password.c:372
-#, fuzzy, c-format
-msgid "Cannot write to keyfile %s."
-msgstr "Không thể đọc tập-tin khóa %s.\n"
-
-#: src/utils_luks2.c:47
-#, fuzzy, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr ""
-
-#: src/utils_luks2.c:67
-#, fuzzy
-msgid "Failed to read JSON file."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#: src/utils_luks2.c:72
-#, fuzzy
-msgid ""
-"\n"
-"Read interrupted."
-msgstr "phần đầu VERITY sai hỏng.\n"
-
-#: src/utils_luks2.c:113
-#, fuzzy, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#: src/utils_luks2.c:122
-msgid ""
-"\n"
-"Write interrupted."
-msgstr ""
-
-#: src/utils_luks2.c:126
-#, fuzzy
-msgid "Failed to write JSON file."
-msgstr "Gặp lỗi khi mở tập tin khóa.\n"
-
-#, c-format
-#~ msgid "Replaced with key slot %d.\n"
-#~ msgstr "Đã thay thế với khe khóa %d.\n"
-
-#~ msgid "Function not available in FIPS mode.\n"
-#~ msgstr "Chức năng không khả dụng trong chế độ “FIPS”.\n"
-
-#~ msgid "Invalid size parameters for verity device.\n"
-#~ msgstr "Các tham số kích thước cho thiết bị xác thực không hợp lệ.\n"
-
-#~ msgid "Too many tree levels for verity volume.\n"
-#~ msgstr "Có quá nhiều mức cây cho mỗi vùng xác thực.\n"
-
-#~ msgid "memory allocation error in action_luksFormat"
-#~ msgstr "gặp lỗi phân cấp vùng nhớ trong“action_luksFormat”"
-
-#, c-format
-#~ msgid "Key %d not active. Can't wipe.\n"
-#~ msgstr "Khóa %d không hoạt động thì không xóa được.\n"
-
-#~ msgid "<name> <data_device> <hash_device> <root_hash>"
-#~ msgstr "<tên> <thiết-bị-dữ-liệu> <thiết-bị-băm> <mã-băm-gốc>"
-
-#~ msgid "create active device"
-#~ msgstr "tạo thiết bị hoạt động"
-
-#~ msgid "remove (deactivate) device"
-#~ msgstr "gỡ bỏ (dừng hoạt động) thiết bị"
-
-#, c-format
-#~ msgid "Activated keyslot %i.\n"
-#~ msgstr "Khe-khóa (keyslot) đã được kích hoạt %i.\n"
-
+#: src/utils_password.c:82
#, c-format
-#~ msgid "Progress: %5.1f%%, ETA %02llu:%02llu, %4llu MiB written, speed %5.1f MiB/s%s"
-#~ msgstr "Diễn biến: %5.1f%%, ETA %02llu:%02llu, đã ghi %4llu MiB, tốc độ %5.1f MiB/s%s"
-
-#~ msgid "Interrupted by a signal.\n"
-#~ msgstr "Bị ngắt bởi tín hiệu signal.\n"
+msgid "Password quality check failed: Bad passphrase (%s)\n"
+msgstr "Gặp lỗi khi kiểm tra chất lượng mật khẩu: mật khẩu sai (%s)\n"
#~ msgid "Cannot find a free loopback device.\n"
#~ msgstr "Không tìm thấy thiết bị vòng ngược (loopback) nào còn rảnh.\n"
#~ msgid "Enter any LUKS passphrase: "
#~ msgstr "Nhập mật khẩu LUKS vào: "
+#~ msgid "Failed to obtain device mapper directory."
+#~ msgstr "Lỗi lấy thư mục trình ánh xạ thiết bị."
+
#~ msgid "Backup file %s doesn't exist.\n"
#~ msgstr "Tập tin sao lưu %s không tồn tại.\n"
+#~ msgid "Cannot open file %s.\n"
+#~ msgstr "Không thể mở tập tin %s.\n"
+
#~ msgid "<name> <device>"
#~ msgstr "<tên> <thiết_bị>"
#~ msgid "Unable to obtain sector size for %s"
#~ msgstr "Không thể lấy kích cỡ cung từ cho %s"
+#~ msgid "Failed to write to key storage.\n"
+#~ msgstr "Lỗi ghi khóa vào kho lưu khóa.\n"
+
+#~ msgid "Failed to read from key storage.\n"
+#~ msgstr "Lỗi đọc từ kho lưu khóa.\n"
+
#~ msgid "Cannot use device %s (crypt segments overlaps or in use by another device).\n"
#~ msgstr "Không thể sử dụng thiết bị %s (các đoạn crypt chồng lên nhau hay đang sử dụng bởi thiết bị khác).\n"
#~ msgid "Cannot find compatible device-mapper kernel modules.\n"
#~ msgstr "Không tìm thấy mô-đun hạt nhân ánh xạ thiết bị tương thích.\n"
+#~ msgid "Key slot %d verified.\n"
+#~ msgstr "Khe khóa %d được thẩm định.\n"
+
+#~ msgid "Invalid key size %d.\n"
+#~ msgstr "Kích cỡ khóa không đúng %d.\n"
+
#~ msgid "Warning: exhausting read requested, but key file %s is not a regular file, function might never return.\n"
#~ msgstr "Cảnh báo: yêu cầu một hàm đọc vét kiệt mà tập tin khóa %s không phải là một tập tin thông thường thì có thể là hàm chưa bao giờ trả lại.\n"
msgstr ""
"Project-Id-Version: cryptsetup 2.0.3.1\n"
"Report-Msgid-Bugs-To: dm-crypt@saout.de\n"
-"POT-Creation-Date: 2022-01-13 10:34+0100\n"
+"POT-Creation-Date: 2018-04-26 22:11+0200\n"
"PO-Revision-Date: 2018-04-27 22:41+0800\n"
"Last-Translator: Boyuan Yang <073plan@gmail.com>\n"
"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
"X-Generator: Poedit 2.0.6\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-#: lib/libdevmapper.c:408
+#: lib/libdevmapper.c:331
msgid "Cannot initialize device-mapper, running as non-root user."
msgstr "无法初始化设备映射器,正作为非 root 用户运行。"
-#: lib/libdevmapper.c:411
+#: lib/libdevmapper.c:334
msgid "Cannot initialize device-mapper. Is dm_mod kernel module loaded?"
msgstr "无法初始化设备映射器。dm_mod 内核模块装载了吗?"
-#: lib/libdevmapper.c:1180
+#: lib/libdevmapper.c:938
msgid "Requested deferred flag is not supported."
msgstr "不支持请求的推迟(deferred)标记。"
-#: lib/libdevmapper.c:1249
+#: lib/libdevmapper.c:1003
#, c-format
msgid "DM-UUID for device %s was truncated."
msgstr "设备 %s 的 DM-UUID 被截断。"
-#: lib/libdevmapper.c:1580
-#, fuzzy
-msgid "Unknown dm target type."
-msgstr "未知的 PBKDF 类型 %s。"
-
-#: lib/libdevmapper.c:1701 lib/libdevmapper.c:1706 lib/libdevmapper.c:1766
-#: lib/libdevmapper.c:1769
+#: lib/libdevmapper.c:1223
msgid "Requested dm-crypt performance options are not supported."
msgstr "不支持请求的 dm-crypt 性能选项。"
-#: lib/libdevmapper.c:1713 lib/libdevmapper.c:1717
+#: lib/libdevmapper.c:1230
msgid "Requested dm-verity data corruption handling options are not supported."
msgstr "不支持请求的 dm-verity 数据损坏处理选项。"
-#: lib/libdevmapper.c:1721
+#: lib/libdevmapper.c:1234
msgid "Requested dm-verity FEC options are not supported."
msgstr "不支持请求的 dm-verity FEC 选项。"
-#: lib/libdevmapper.c:1725
+#: lib/libdevmapper.c:1238
msgid "Requested data integrity options are not supported."
msgstr "不支持请求的数据完整性选项。"
-#: lib/libdevmapper.c:1727
+#: lib/libdevmapper.c:1240
msgid "Requested sector_size option is not supported."
msgstr "不支持请求的 sector_size 选项。"
-#: lib/libdevmapper.c:1732
-#, fuzzy
-msgid "Requested automatic recalculation of integrity tags is not supported."
-msgstr "不支持请求的数据完整性选项。"
-
-#: lib/libdevmapper.c:1736 lib/libdevmapper.c:1772 lib/libdevmapper.c:1775
-#: lib/luks2/luks2_json_metadata.c:2347
-#, fuzzy
-msgid "Discard/TRIM is not supported."
-msgstr "不支持哈希算法 %s。"
-
-#: lib/libdevmapper.c:1740
-#, fuzzy
-msgid "Requested dm-integrity bitmap mode is not supported."
-msgstr "不支持请求的数据完整性选项。"
-
-#: lib/libdevmapper.c:2713
-#, c-format
-msgid "Failed to query dm-%s segment."
-msgstr ""
-
-#: lib/random.c:75
+#: lib/random.c:80
msgid ""
"System is out of entropy while generating volume key.\n"
"Please move mouse or type some text in another window to gather some random events.\n"
"系统在生成卷密钥时熵不足。\n"
"请随意移动鼠标或是在别的窗口打字,以便生成随机事件让系统使用。\n"
-#: lib/random.c:79
+#: lib/random.c:84
#, c-format
msgid "Generating key (%d%% done).\n"
msgstr "正生成密钥(%d%% 已完成)\n"
-#: lib/random.c:165
+#: lib/random.c:170
msgid "Running in FIPS mode."
msgstr "在 FIPS 模式下运行。"
-#: lib/random.c:171
+#: lib/random.c:176
msgid "Fatal error during RNG initialisation."
msgstr "随机数生成器初始化时发生致命错误。"
-#: lib/random.c:208
+#: lib/random.c:213
msgid "Unknown RNG quality requested."
msgstr "未知的随机数生成器质量请求。"
-#: lib/random.c:213
+#: lib/random.c:218
msgid "Error reading from RNG."
msgstr "从随机数生成器(RNG)读取时出错。"
-#: lib/setup.c:229
+#: lib/setup.c:203
msgid "Cannot initialize crypto RNG backend."
msgstr "无法初始化加密随机数生成器后端。"
-#: lib/setup.c:235
+#: lib/setup.c:209
msgid "Cannot initialize crypto backend."
msgstr "无法初始化加密后端。"
-#: lib/setup.c:266 lib/setup.c:2046 lib/verity/verity.c:120
+#: lib/setup.c:240 lib/setup.c:1766 lib/verity/verity.c:123
#, c-format
msgid "Hash algorithm %s not supported."
msgstr "不支持哈希算法 %s。"
-#: lib/setup.c:269 lib/loopaes/loopaes.c:90
+#: lib/setup.c:243 lib/loopaes/loopaes.c:90
#, c-format
msgid "Key processing error (using hash %s)."
msgstr "密钥处理错误(使用散列 %s)。"
-#: lib/setup.c:335 lib/setup.c:362
+#: lib/setup.c:304 lib/setup.c:331
msgid "Cannot determine device type. Incompatible activation of device?"
msgstr "无法确定设备类型。不兼容的设备激活?"
-#: lib/setup.c:341 lib/setup.c:3058
+#: lib/setup.c:310 lib/setup.c:2326
msgid "This operation is supported only for LUKS device."
msgstr "此操作只适用 LUKS 设备。"
-#: lib/setup.c:368
+#: lib/setup.c:337
msgid "This operation is supported only for LUKS2 device."
msgstr "此操作只适用 LUKS2 设备。"
-#: lib/setup.c:423 lib/luks2/luks2_reencrypt.c:2457
+#: lib/setup.c:382
msgid "All key slots full."
msgstr "密钥槽全都满了。"
-#: lib/setup.c:434
+#: lib/setup.c:393
#, c-format
msgid "Key slot %d is invalid, please select between 0 and %d."
msgstr "密钥槽 %d 无效,请选择 0 到 %d 间的数字。"
-#: lib/setup.c:440
+#: lib/setup.c:399
#, c-format
msgid "Key slot %d is full, please select another one."
msgstr "密钥槽 %d 满了,请选择另一个。"
-#: lib/setup.c:525 lib/setup.c:2832
-#, fuzzy
-msgid "Device size is not aligned to device logical block size."
-msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
-
-#: lib/setup.c:624
+#: lib/setup.c:597
#, c-format
msgid "Header detected but device %s is too small."
msgstr "检测到标头但设备 %s 太小。"
-#: lib/setup.c:661 lib/setup.c:2777 lib/setup.c:4114
-#: lib/luks2/luks2_reencrypt.c:3154 lib/luks2/luks2_reencrypt.c:3520
+#: lib/setup.c:616
msgid "This operation is not supported for this device type."
msgstr "不支持在这类设备上执行此操作。"
-#: lib/setup.c:666
-#, fuzzy
-msgid "Illegal operation with reencryption in-progress."
-msgstr "正在进行离线重加密。中止。"
-
-#: lib/setup.c:832 lib/luks1/keymanage.c:482
-#, c-format
-msgid "Unsupported LUKS version %d."
-msgstr "不支持的 LUKS 版本 %d。"
-
-#: lib/setup.c:1427 lib/setup.c:2547 lib/setup.c:2619 lib/setup.c:2631
-#: lib/setup.c:2785 lib/setup.c:4570
+#: lib/setup.c:1239 lib/setup.c:2066 lib/setup.c:3300
#, c-format
msgid "Device %s is not active."
msgstr "设备 %s 未激活。"
-#: lib/setup.c:1444
+#: lib/setup.c:1256
#, c-format
msgid "Underlying device for crypt device %s disappeared."
msgstr "加密设备 %s 下层的设备消失了。"
-#: lib/setup.c:1524
+#: lib/setup.c:1336
msgid "Invalid plain crypt parameters."
msgstr "无效的纯加密选项。"
-#: lib/setup.c:1529 lib/setup.c:1949
+#: lib/setup.c:1341 lib/setup.c:1680 src/integritysetup.c:68
msgid "Invalid key size."
msgstr "无效的密钥大小。"
-#: lib/setup.c:1534 lib/setup.c:1954 lib/setup.c:2157
+#: lib/setup.c:1346 lib/setup.c:1685 lib/setup.c:1876
msgid "UUID is not supported for this crypt type."
msgstr "此加密类型不支持 UUID。"
-#: lib/setup.c:1539 lib/setup.c:1959
-#, fuzzy
-msgid "Detached metadata device is not supported for this crypt type."
-msgstr "此加密类型不支持 UUID。"
-
-#: lib/setup.c:1549 lib/setup.c:1739 lib/luks2/luks2_reencrypt.c:2418
-#: src/cryptsetup.c:1346 src/cryptsetup.c:4087
+#: lib/setup.c:1356 lib/setup.c:1500 src/cryptsetup.c:950
msgid "Unsupported encryption sector size."
msgstr "不支持的加密扇区大小。"
-#: lib/setup.c:1557 lib/setup.c:1864 lib/setup.c:2826
-#, fuzzy
-msgid "Device size is not aligned to requested sector size."
-msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
-
-#: lib/setup.c:1608 lib/setup.c:1727
+#: lib/setup.c:1402 lib/setup.c:1494
msgid "Can't format LUKS without device."
msgstr "无法在没有设备的情况下格式化 LUKS。"
-#: lib/setup.c:1614 lib/setup.c:1733
-msgid "Requested data alignment is not compatible with data offset."
-msgstr ""
-
-#: lib/setup.c:1682 lib/setup.c:1851
-msgid "WARNING: Data offset is outside of currently available data device.\n"
-msgstr ""
-
-#: lib/setup.c:1692 lib/setup.c:1879 lib/setup.c:1900 lib/setup.c:2169
+#: lib/setup.c:1464 lib/setup.c:1617 lib/setup.c:1888
#, c-format
msgid "Cannot wipe header on device %s."
msgstr "无法将设备 %s 上的标头擦除。"
-#: lib/setup.c:1744
-msgid "WARNING: The device activation will fail, dm-crypt is missing support for requested encryption sector size.\n"
-msgstr ""
-
-#: lib/setup.c:1766
+#: lib/setup.c:1523
msgid "Volume key is too small for encryption with integrity extensions."
msgstr "卷密钥对于带完整性校验扩展的加密而言过小。"
-#: lib/setup.c:1821
-#, fuzzy, c-format
-msgid "Cipher %s-%s (key size %zd bits) is not available."
-msgstr "密文 %s 不可用。\n"
-
-#: lib/setup.c:1854
-#, c-format
-msgid "WARNING: LUKS2 metadata size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1858
-#, c-format
-msgid "WARNING: LUKS2 keyslots area size changed to %<PRIu64> bytes.\n"
-msgstr ""
-
-#: lib/setup.c:1882 lib/utils_device.c:852 lib/luks1/keyencryption.c:255
-#: lib/luks2/luks2_reencrypt.c:2468 lib/luks2/luks2_reencrypt.c:3609
+#: lib/setup.c:1530 lib/utils_device.c:599
#, c-format
-msgid "Device %s is too small."
-msgstr "设备 %s 太小。"
+msgid "Cannot use device %s which is in use (already mapped or mounted)."
+msgstr "无法使用正被使用的设备 %s(已被映射或挂载)。"
-#: lib/setup.c:1893 lib/setup.c:1919
+#: lib/setup.c:1610
#, c-format
-msgid "Cannot format device %s in use."
+msgid "Cannot format device %s which is still in use."
msgstr "无法格式化正在使用的设备 %s。"
-#: lib/setup.c:1896 lib/setup.c:1922
+#: lib/setup.c:1613 lib/setup.c:1648
#, c-format
msgid "Cannot format device %s, permission denied."
msgstr "无法格式化设备 %s,权限被拒绝。"
-#: lib/setup.c:1908 lib/setup.c:2229
+#: lib/setup.c:1625 lib/luks2/luks2_json_metadata.c:863
+#: lib/luks2/luks2_json_metadata.c:1141 lib/luks2/luks2_keyslot.c:429
+#: lib/luks2/luks2_keyslot_luks2.c:40 lib/luks2/luks2_keyslot_luks2.c:69
+#, c-format
+msgid "Failed to acquire write lock on device %s."
+msgstr "无法获取设备 %s 上的写入锁。"
+
+#: lib/setup.c:1633 lib/setup.c:1940
#, fuzzy, c-format
+#| msgid "Cannot write device %s.\n"
msgid "Cannot format integrity for device %s."
msgstr "无法写入设备 %s。\n"
-#: lib/setup.c:1926
+#: lib/setup.c:1645
+#, c-format
+msgid "Cannot format device %s in use."
+msgstr "无法格式化正在使用的设备 %s。"
+
+#: lib/setup.c:1652
#, c-format
msgid "Cannot format device %s."
msgstr "无法格式化设备 %s。"
-#: lib/setup.c:1944
+#: lib/setup.c:1675
msgid "Can't format LOOPAES without device."
msgstr "无法在没有设备的情况下格式化 LOOPAES。"
-#: lib/setup.c:1989
+#: lib/setup.c:1715
msgid "Can't format VERITY without device."
msgstr "无法在没有设备的情况下格式化 VERIFY。"
-#: lib/setup.c:2000 lib/verity/verity.c:103
+#: lib/setup.c:1723 lib/verity/verity.c:106
#, c-format
msgid "Unsupported VERITY hash type %d."
msgstr "不支持的 VERITY 哈希类型 %d。"
-#: lib/setup.c:2006 lib/verity/verity.c:111
+#: lib/setup.c:1729 lib/verity/verity.c:114
msgid "Unsupported VERITY block size."
msgstr "不支持的 VERITY 块大小。"
-#: lib/setup.c:2011 lib/verity/verity.c:75
+#: lib/setup.c:1734 lib/verity/verity.c:75
msgid "Unsupported VERITY hash offset."
msgstr "不支持的 VERITY 哈希偏移量。"
-#: lib/setup.c:2016
+#: lib/setup.c:1739
msgid "Unsupported VERITY FEC offset."
msgstr "不支持的 VERITY 哈希偏移量。"
-#: lib/setup.c:2040
+#: lib/setup.c:1760
msgid "Data area overlaps with hash area."
msgstr "数据区域重叠覆盖了哈希区域。"
-#: lib/setup.c:2065
+#: lib/setup.c:1785
msgid "Hash area overlaps with FEC area."
msgstr "哈希区域重叠覆盖了 FEC 区域。"
-#: lib/setup.c:2072
+#: lib/setup.c:1792
msgid "Data area overlaps with FEC area."
msgstr "数据区域重叠覆盖了 FEC 区域。"
-#: lib/setup.c:2208
-#, c-format
-msgid "WARNING: Requested tag size %d bytes differs from %s size output (%d bytes).\n"
-msgstr ""
-
-#: lib/setup.c:2286
+#: lib/setup.c:1997
#, c-format
msgid "Unknown crypt device type %s requested."
msgstr "请求了未知的加密设备类型 %s。"
-#: lib/setup.c:2553 lib/setup.c:2625 lib/setup.c:2638
-#, fuzzy, c-format
-msgid "Unsupported parameters on device %s."
-msgstr "无法将设备 %s 上的标头擦除。"
-
-#: lib/setup.c:2559 lib/setup.c:2644 lib/luks2/luks2_reencrypt.c:2524
-#: lib/luks2/luks2_reencrypt.c:2876
-#, fuzzy, c-format
-msgid "Mismatching parameters on device %s."
-msgstr "无法将设备 %s 上的标头擦除。"
-
-#: lib/setup.c:2664
-msgid "Crypt devices mismatch."
-msgstr ""
-
-#: lib/setup.c:2701 lib/setup.c:2706 lib/luks2/luks2_reencrypt.c:2164
-#: lib/luks2/luks2_reencrypt.c:3366
-#, fuzzy, c-format
-msgid "Failed to reload device %s."
-msgstr "无法获取设备 %s 的读取锁。"
-
-#: lib/setup.c:2711 lib/setup.c:2716 lib/luks2/luks2_reencrypt.c:2135
-#: lib/luks2/luks2_reencrypt.c:2142
-#, fuzzy, c-format
-msgid "Failed to suspend device %s."
-msgstr "无法获取设备 %s 的读取锁。"
-
-#: lib/setup.c:2721 lib/luks2/luks2_reencrypt.c:2149
-#: lib/luks2/luks2_reencrypt.c:3301 lib/luks2/luks2_reencrypt.c:3370
-#, fuzzy, c-format
-msgid "Failed to resume device %s."
-msgstr "打开临时密钥存储设备失败。\n"
-
-#: lib/setup.c:2735
-#, c-format
-msgid "Fatal error while reloading device %s (on top of device %s)."
-msgstr ""
-
-#: lib/setup.c:2738 lib/setup.c:2740
-#, fuzzy, c-format
-msgid "Failed to switch device %s to dm-error."
-msgstr "无法获取设备 %s 上的写入锁。"
-
-#: lib/setup.c:2817
+#: lib/setup.c:2098
msgid "Cannot resize loop device."
msgstr "无法改变回环设备大小。"
-#: lib/setup.c:2890
+#: lib/setup.c:2107
+#, c-format
+msgid "Device %s size is not aligned to requested sector size (%u bytes)."
+msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
+
+#: lib/setup.c:2161
msgid "Do you really want to change UUID of device?"
msgstr "你真的想改变设备的 UUID 吗?"
-#: lib/setup.c:2966
+#: lib/setup.c:2237
msgid "Header backup file does not contain compatible LUKS header."
msgstr "标头备份文件不包含兼容的 LUKS 标头。"
-#: lib/setup.c:3066
+#: lib/setup.c:2334
#, c-format
msgid "Volume %s is not active."
msgstr "卷 %s 未激活。"
-#: lib/setup.c:3077
+#: lib/setup.c:2345
#, c-format
msgid "Volume %s is already suspended."
msgstr "卷 %s 已挂起。"
-#: lib/setup.c:3090
+#: lib/setup.c:2359
#, c-format
msgid "Suspend is not supported for device %s."
msgstr "设备 %s 不支持挂起。"
-#: lib/setup.c:3092
+#: lib/setup.c:2361
#, c-format
msgid "Error during suspending device %s."
msgstr "挂起设备 %s 时出错。"
-#: lib/setup.c:3128
+#: lib/setup.c:2394 lib/setup.c:2461
+#, c-format
+msgid "Volume %s is not suspended."
+msgstr "卷 %s 未挂起。"
+
+#: lib/setup.c:2423
#, c-format
msgid "Resume is not supported for device %s."
msgstr "设备 %s 不支持恢复。"
-#: lib/setup.c:3130
+#: lib/setup.c:2425 lib/setup.c:2493
#, c-format
msgid "Error during resuming device %s."
msgstr "恢复设备 %s 时出错。"
-#: lib/setup.c:3164 lib/setup.c:3212 lib/setup.c:3282
-#, c-format
-msgid "Volume %s is not suspended."
-msgstr "卷 %s 未挂起。"
-
-#: lib/setup.c:3297 lib/setup.c:3652 lib/setup.c:4363 lib/setup.c:4376
-#: lib/setup.c:4384 lib/setup.c:4397 lib/setup.c:4751 lib/setup.c:5900
-msgid "Volume key does not match the volume."
-msgstr "卷密钥与卷不匹配。"
-
-#: lib/setup.c:3344 lib/setup.c:3535
+#: lib/setup.c:2561 lib/setup.c:2754
msgid "Cannot add key slot, all slots disabled and no volume key provided."
msgstr "无法添加密钥槽,所有密钥槽已禁用且未提供卷密钥。"
-#: lib/setup.c:3487
+#: lib/setup.c:2698
+#, c-format
+msgid "Key slot %d changed."
+msgstr "密钥槽 %d 已改变。"
+
+#: lib/setup.c:2701
+#, c-format
+msgid "Replaced with key slot %d."
+msgstr "替换为密钥槽 %d。"
+
+#: lib/setup.c:2706
msgid "Failed to swap new key slot."
msgstr "交换新密钥槽失败。"
-#: lib/setup.c:3673
+#: lib/setup.c:2871 lib/setup.c:3145 lib/setup.c:3158 lib/setup.c:3166
+#: lib/setup.c:3179 lib/setup.c:3453 lib/setup.c:4370
+msgid "Volume key does not match the volume."
+msgstr "卷密钥与卷不匹配。"
+
+#: lib/setup.c:2892
#, c-format
msgid "Key slot %d is invalid."
msgstr "密钥槽 %d 无效。"
-#: lib/setup.c:3679 src/cryptsetup.c:1684 src/cryptsetup.c:2029
-#, fuzzy, c-format
-msgid "Keyslot %d is not active."
-msgstr "密钥槽 %d 未使用。\n"
-
-#: lib/setup.c:3698
-#, fuzzy
-msgid "Device header overlaps with data area."
-msgstr "数据区域重叠覆盖了哈希区域。"
-
-#: lib/setup.c:3992
-#, fuzzy
-msgid "Reencryption in-progress. Cannot activate device."
-msgstr "重加密已在进行中。"
-
-#: lib/setup.c:3994 lib/luks2/luks2_json_metadata.c:2430
-#: lib/luks2/luks2_reencrypt.c:2975
-#, fuzzy
-msgid "Failed to get reencryption lock."
-msgstr "无法获取写入设备锁。"
-
-#: lib/setup.c:4007 lib/luks2/luks2_reencrypt.c:2994
-#, fuzzy
-msgid "LUKS2 reencryption recovery failed."
-msgstr "不支持的加密扇区大小。"
+#: lib/setup.c:2898
+#, c-format
+msgid "Key slot %d is not used."
+msgstr "密钥槽 %d 未使用。"
-#: lib/setup.c:4175 lib/setup.c:4437
-#, fuzzy
-msgid "Device type is not properly initialized."
+#: lib/setup.c:2968 lib/setup.c:3232
+msgid "Device type is not properly initialised."
msgstr "设备类型未正确初始化。"
-#: lib/setup.c:4223
-#, c-format
-msgid "Device %s already exists."
-msgstr "设备 %s 已存在。"
-
-#: lib/setup.c:4230
+#: lib/setup.c:3010
#, c-format
msgid "Cannot use device %s, name is invalid or still in use."
msgstr "无法使用设备 %s,名称无效或它正被使用。"
-#: lib/setup.c:4350
+#: lib/setup.c:3013
+#, c-format
+msgid "Device %s already exists."
+msgstr "设备 %s 已存在。"
+
+#: lib/setup.c:3132
msgid "Incorrect volume key specified for plain device."
msgstr "为普通设备指定的卷密钥有误。"
-#: lib/setup.c:4463
+#: lib/setup.c:3198
msgid "Incorrect root hash specified for verity device."
msgstr "为 verity 设备指定的根 hash 不正确。"
-#: lib/setup.c:4470
-msgid "Root hash signature required."
-msgstr ""
-
-#: lib/setup.c:4479
-#, fuzzy
-msgid "Kernel keyring missing: required for passing signature to kernel."
-msgstr "该内核不支持内核密钥环。"
-
-#: lib/setup.c:4496 lib/setup.c:5976
-msgid "Failed to load key in kernel keyring."
-msgstr "在内核密钥环中加载密钥失败。"
-
-#: lib/setup.c:4549 lib/setup.c:4565 lib/luks2/luks2_json_metadata.c:2483
-#: src/cryptsetup.c:2794
+#: lib/setup.c:3274 lib/setup.c:3289
#, c-format
msgid "Device %s is still in use."
msgstr "设备 %s 仍在使用。"
-#: lib/setup.c:4574
+#: lib/setup.c:3304
#, c-format
msgid "Invalid device %s."
msgstr "设备 %s 无效。"
-#: lib/setup.c:4690
+#: lib/setup.c:3389
+msgid "Function not available in FIPS mode."
+msgstr "功能在 FIPS 模式无效。"
+
+#: lib/setup.c:3403
msgid "Volume key buffer too small."
msgstr "卷密钥缓冲区太小。"
-#: lib/setup.c:4698
+#: lib/setup.c:3411
msgid "Cannot retrieve volume key for plain device."
msgstr "无法获取普通设备的卷密钥。"
-#: lib/setup.c:4715
-#, fuzzy
-msgid "Cannot retrieve root hash for verity device."
-msgstr "为 verity 设备指定的根 hash 不正确。"
-
-#: lib/setup.c:4717
+#: lib/setup.c:3422
#, c-format
msgid "This operation is not supported for %s crypt device."
msgstr "不支持在 %s 加密设备上执行此操作。"
-#: lib/setup.c:4923
+#: lib/setup.c:3609
msgid "Dump operation is not supported for this device type."
msgstr "不支持在此类设备上执行导出操作。"
-#: lib/setup.c:5251
-#, c-format
-msgid "Data offset is not multiple of %u bytes."
-msgstr ""
-
-#: lib/setup.c:5536
+#: lib/setup.c:4018
#, c-format
msgid "Cannot convert device %s which is still in use."
msgstr "无法转换正在使用的设备 %s。"
-#: lib/setup.c:5833
+#: lib/setup.c:4301
#, c-format
msgid "Failed to assign keyslot %u as the new volume key."
msgstr "将密钥槽 %u 指定为新卷密钥的操作失败。"
-#: lib/setup.c:5906
-#, fuzzy
-msgid "Failed to initialize default LUKS2 keyslot parameters."
+#: lib/setup.c:4364
+msgid "Failed to initialise default LUKS2 keyslot parameters."
msgstr "初始化默认 LUKS2 密钥槽参数失败。"
-#: lib/setup.c:5912
+#: lib/setup.c:4376
#, fuzzy, c-format
+#| msgid "Failed to swap new key slot.\n"
msgid "Failed to assign keyslot %d to digest."
msgstr "交换新密钥槽失败。\n"
-#: lib/setup.c:6043
+#: lib/setup.c:4460
+msgid "Failed to load key in kernel keyring."
+msgstr "在内核密钥环中加载密钥失败。"
+
+#: lib/setup.c:4515
msgid "Kernel keyring is not supported by the kernel."
msgstr "该内核不支持内核密钥环。"
-#: lib/setup.c:6053 lib/luks2/luks2_reencrypt.c:3179
+#: lib/setup.c:4525
#, c-format
msgid "Failed to read passphrase from keyring (error %d)."
msgstr "从密钥环读取口令失败(错误 %d)。"
-#: lib/setup.c:6077
-msgid "Failed to acquire global memory-hard access serialization lock."
-msgstr ""
-
-#: lib/utils.c:80
+#: lib/utils.c:81
msgid "Cannot get process priority."
msgstr "无法获取进程优先级。"
-#: lib/utils.c:94
+#: lib/utils.c:95
msgid "Cannot unlock memory."
msgstr "无法解锁内存。"
-#: lib/utils.c:168 lib/tcrypt/tcrypt.c:497
+#: lib/utils.c:169 lib/tcrypt/tcrypt.c:475
msgid "Failed to open key file."
msgstr "打开 (open) 密钥文件失败。"
-#: lib/utils.c:173
+#: lib/utils.c:174
msgid "Cannot read keyfile from a terminal."
msgstr "无法从终端读取密钥文件。"
# stat() 主要就是出来一个各种文件信息……
-#: lib/utils.c:190
+#: lib/utils.c:191
msgid "Failed to stat key file."
msgstr "获取 (stat) 密钥文件信息失败。"
-#: lib/utils.c:198 lib/utils.c:219
+#: lib/utils.c:199 lib/utils.c:220
msgid "Cannot seek to requested keyfile offset."
msgstr "无法寻找 (seek) 到请求的密钥文件偏移量。"
-#: lib/utils.c:213 lib/utils.c:228 src/utils_password.c:223
-#: src/utils_password.c:235
+#: lib/utils.c:214 lib/utils.c:229 src/utils_password.c:207
+#: src/utils_password.c:220
msgid "Out of memory while reading passphrase."
msgstr "读取密码时内存耗尽。"
-#: lib/utils.c:248
+#: lib/utils.c:249
msgid "Error reading passphrase."
msgstr "读取口令出错。"
-#: lib/utils.c:265
-msgid "Nothing to read on input."
-msgstr ""
-
-#: lib/utils.c:272
+#: lib/utils.c:273
msgid "Maximum keyfile size exceeded."
msgstr "超出最大密钥文件大小。"
-#: lib/utils.c:277
+#: lib/utils.c:278
msgid "Cannot read requested amount of data."
msgstr "无法读取请求量的数据。"
-#: lib/utils_device.c:190 lib/utils_storage_wrappers.c:110
-#: lib/luks1/keyencryption.c:91
-#, fuzzy, c-format
-msgid "Device %s does not exist or access denied."
-msgstr "设备 %s 不存在或访问被拒绝。"
-
-#: lib/utils_device.c:200
-#, fuzzy, c-format
-msgid "Device %s is not compatible."
-msgstr "设备 %s 未激活。"
-
-#: lib/utils_device.c:544
-#, c-format
-msgid "Ignoring bogus optimal-io size for data device (%u bytes)."
-msgstr ""
-
-#: lib/utils_device.c:666
-#, fuzzy, c-format
-msgid "Device %s is too small. Need at least %<PRIu64> bytes."
-msgstr "设备 %s 过小。(LUKS1 需要至少 %<PRIu64> 字节。)"
-
-#: lib/utils_device.c:747
+#: lib/utils_device.c:184 lib/luks1/keyencryption.c:101
#, c-format
-msgid "Cannot use device %s which is in use (already mapped or mounted)."
-msgstr "无法使用正被使用的设备 %s(已被映射或挂载)。"
+msgid "Device %s doesn't exist or access denied."
+msgstr "设备 %s 不存在或访问被拒绝。"
-#: lib/utils_device.c:751
+#: lib/utils_device.c:603
#, c-format
msgid "Cannot use device %s, permission denied."
msgstr "无法使用设备 %s,权限被拒绝。"
-#: lib/utils_device.c:754
+#: lib/utils_device.c:606
#, c-format
msgid "Cannot get info about device %s."
msgstr "无法获取有关设备 %s 的信息。"
-#: lib/utils_device.c:777
+#: lib/utils_device.c:628
msgid "Cannot use a loopback device, running as non-root user."
msgstr "无法使用回环设备,正作为非 root 用户运行。"
-#: lib/utils_device.c:787
+#: lib/utils_device.c:638
msgid "Attaching loopback device failed (loop device with autoclear flag is required)."
msgstr "连接回环设备失败(需要有 autoclear 旗标的回环设备)。"
-#: lib/utils_device.c:833
+#: lib/utils_device.c:684
#, c-format
msgid "Requested offset is beyond real size of device %s."
msgstr "请求的偏移量超出设备 %s 的真实大小。"
-#: lib/utils_device.c:841
+#: lib/utils_device.c:692
#, c-format
msgid "Device %s has zero size."
msgstr "设备 %s 大小为零。"
-#: lib/utils_pbkdf.c:100
-#, fuzzy
-msgid "Requested PBKDF target time cannot be zero."
-msgstr "请æ±\82ç\9a\84 PBKDF ç\9b®æ \87æ\97¶é\97´ä¸\8dè\83½ä¸ºé\9b¶。"
+#: lib/utils_device.c:703
+#, c-format
+msgid "Device %s is too small."
+msgstr "设å¤\87 %s 太å°\8f。"
-#: lib/utils_pbkdf.c:106
+#: lib/utils_pbkdf.c:74
#, c-format
msgid "Unknown PBKDF type %s."
msgstr "未知的 PBKDF 类型 %s。"
-#: lib/utils_pbkdf.c:111
-#, fuzzy, c-format
-msgid "Requested hash %s is not supported."
-msgstr "不支持请求的 LUKS 哈希 %s。"
-
-#: lib/utils_pbkdf.c:122
+#: lib/utils_pbkdf.c:85
msgid "Requested PBKDF type is not supported for LUKS1."
msgstr "请求的 PBKDF 类型不被 LUKS1 支持。"
-#: lib/utils_pbkdf.c:128
+#: lib/utils_pbkdf.c:91
msgid "PBKDF max memory or parallel threads must not be set with pbkdf2."
msgstr ""
-#: lib/utils_pbkdf.c:133 lib/utils_pbkdf.c:143
+#: lib/utils_pbkdf.c:96 lib/utils_pbkdf.c:106
#, c-format
msgid "Forced iteration count is too low for %s (minimum is %u)."
msgstr ""
-#: lib/utils_pbkdf.c:148
+#: lib/utils_pbkdf.c:111
#, c-format
msgid "Forced memory cost is too low for %s (minimum is %u kilobytes)."
msgstr ""
-#: lib/utils_pbkdf.c:155
+#: lib/utils_pbkdf.c:118
#, c-format
msgid "Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."
msgstr "请求的最大 PBKDF 内存开销过大(最大为 %d 千字节)。"
-#: lib/utils_pbkdf.c:160
-#, fuzzy
-msgid "Requested maximum PBKDF memory cannot be zero."
+#: lib/utils_pbkdf.c:123
+msgid "Requested maximum PBKDF memory can not be zero."
msgstr "请求的最大 PBKDF 内存使用量不能为零。"
-#: lib/utils_pbkdf.c:164
-#, fuzzy
-msgid "Requested PBKDF parallel threads cannot be zero."
+#: lib/utils_pbkdf.c:127
+msgid "Requested PBKDF parallel threads can not be zero."
msgstr "请求的 PBKDF 并行线程数不能为零。"
-#: lib/utils_pbkdf.c:184
-msgid "Only PBKDF2 is supported in FIPS mode."
-msgstr ""
+#: lib/utils_pbkdf.c:131
+msgid "Requested PBKDF target time can not be zero."
+msgstr "请求的 PBKDF 目标时间不能为零。"
-#: lib/utils_benchmark.c:172
+#: lib/utils_benchmark.c:304
msgid "PBKDF benchmark disabled but iterations not set."
msgstr ""
-#: lib/utils_benchmark.c:191
+#: lib/utils_benchmark.c:326
#, c-format
msgid "Not compatible PBKDF2 options (using hash algorithm %s)."
msgstr "PBKDF2 选项不兼容(正在使用哈希算法 %s)。"
-#: lib/utils_benchmark.c:211
+#: lib/utils_benchmark.c:340
msgid "Not compatible PBKDF options."
msgstr "PBKDF2 选项不兼容。"
-#: lib/utils_device_locking.c:102
+#: lib/utils_device_locking.c:80
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."
msgstr "锁定中止。锁定路径 %s/%s 不可用(不是一个目录或缺失)。"
-#: lib/utils_device_locking.c:109
+#: lib/utils_device_locking.c:87
#, c-format
-msgid "Locking directory %s/%s will be created with default compiled-in permissions."
-msgstr ""
+msgid "WARNING: Locking directory %s/%s is missing!\n"
+msgstr "警告:锁定目录 %s/%s 缺失!\n"
-#: lib/utils_device_locking.c:119
+#: lib/utils_device_locking.c:97
#, c-format
msgid "Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."
msgstr "锁定中止。锁定路径 %s/%s 不可用(%s 不是目录)。"
-#: lib/utils_wipe.c:184 src/cryptsetup_reencrypt.c:959
-#: src/cryptsetup_reencrypt.c:1043
-msgid "Cannot seek to device offset."
-msgstr "无法寻找到设备偏移位置。"
-
-#: lib/utils_wipe.c:208
-#, c-format
-msgid "Device wipe error, offset %<PRIu64>."
-msgstr ""
-
#: lib/luks1/keyencryption.c:39
#, c-format
msgid ""
msgid "Cipher specification should be in [cipher]-[mode]-[iv] format."
msgstr ""
-#: lib/luks1/keyencryption.c:97 lib/luks1/keymanage.c:344
-#: lib/luks1/keymanage.c:642 lib/luks1/keymanage.c:1094
-#: lib/luks2/luks2_json_metadata.c:1347 lib/luks2/luks2_keyslot.c:740
+#: lib/luks1/keyencryption.c:107 lib/luks1/keymanage.c:362
+#: lib/luks1/keymanage.c:658 lib/luks1/keymanage.c:1094
+#: lib/luks2/luks2_json_metadata.c:1149 lib/luks2/luks2_keyslot.c:446
#, c-format
msgid "Cannot write to device %s, permission denied."
msgstr "无法写入到设备 %s,访问被拒绝。"
-#: lib/luks1/keyencryption.c:120
+#: lib/luks1/keyencryption.c:122
msgid "Failed to open temporary keystore device."
msgstr "打开临时密钥存储设备失败。"
-#: lib/luks1/keyencryption.c:127
+#: lib/luks1/keyencryption.c:129
msgid "Failed to access temporary keystore device."
msgstr "访问临时密钥存储设备失败。"
-#: lib/luks1/keyencryption.c:200 lib/luks2/luks2_keyslot_luks2.c:60
-#: lib/luks2/luks2_keyslot_luks2.c:78 lib/luks2/luks2_keyslot_reenc.c:134
+#: lib/luks1/keyencryption.c:199 lib/luks2/luks2_keyslot_luks2.c:89
msgid "IO error while encrypting keyslot."
msgstr "加密密钥槽时发生输入输出错误。"
-#: lib/luks1/keyencryption.c:246 lib/luks1/keymanage.c:347
-#: lib/luks1/keymanage.c:595 lib/luks1/keymanage.c:645 lib/tcrypt/tcrypt.c:670
-#: lib/verity/verity.c:81 lib/verity/verity.c:194 lib/verity/verity_hash.c:286
-#: lib/verity/verity_hash.c:295 lib/verity/verity_hash.c:315
-#: lib/verity/verity_fec.c:250 lib/verity/verity_fec.c:262
-#: lib/verity/verity_fec.c:267 lib/luks2/luks2_json_metadata.c:1350
-#: src/cryptsetup_reencrypt.c:218 src/cryptsetup_reencrypt.c:230
-#, c-format
-msgid "Cannot open device %s."
-msgstr "无法打开设备 %s。"
-
-#: lib/luks1/keyencryption.c:257 lib/luks2/luks2_keyslot_luks2.c:137
+#: lib/luks1/keyencryption.c:261 lib/luks2/luks2_keyslot_luks2.c:150
msgid "IO error while decrypting keyslot."
msgstr "解密密钥槽时发生输入输出错误。"
-#: lib/luks1/keymanage.c:110
+#: lib/luks1/keymanage.c:128
#, c-format
msgid "Device %s is too small. (LUKS1 requires at least %<PRIu64> bytes.)"
msgstr "设备 %s 过小。(LUKS1 需要至少 %<PRIu64> 字节。)"
-#: lib/luks1/keymanage.c:131 lib/luks1/keymanage.c:139
-#: lib/luks1/keymanage.c:151 lib/luks1/keymanage.c:162
-#: lib/luks1/keymanage.c:174
+#: lib/luks1/keymanage.c:149 lib/luks1/keymanage.c:157
+#: lib/luks1/keymanage.c:169 lib/luks1/keymanage.c:180
+#: lib/luks1/keymanage.c:192
#, c-format
msgid "LUKS keyslot %u is invalid."
msgstr "LUKS 密钥槽 %u 无效。"
-#: lib/luks1/keymanage.c:228 lib/luks1/keymanage.c:479
-#: lib/luks2/luks2_json_metadata.c:1193 src/cryptsetup.c:1545
-#: src/cryptsetup.c:1671 src/cryptsetup.c:1728 src/cryptsetup.c:1784
-#: src/cryptsetup.c:1851 src/cryptsetup.c:1954 src/cryptsetup.c:2018
-#: src/cryptsetup.c:2248 src/cryptsetup.c:2459 src/cryptsetup.c:2521
-#: src/cryptsetup.c:2587 src/cryptsetup.c:2751 src/cryptsetup.c:3427
-#: src/cryptsetup.c:3436 src/cryptsetup_reencrypt.c:1406
+#: lib/luks1/keymanage.c:245 lib/luks1/keymanage.c:494
+#: lib/luks2/luks2_json_metadata.c:983 src/cryptsetup_reencrypt.c:1396
#, c-format
msgid "Device %s is not a valid LUKS device."
msgstr "%s 不是有效的 LUKS 设备。"
-#: lib/luks1/keymanage.c:246 lib/luks2/luks2_json_metadata.c:1210
+#: lib/luks1/keymanage.c:264 lib/luks2/luks2_json_metadata.c:1002
#, c-format
msgid "Requested header backup file %s already exists."
msgstr "请求的标头备份文件 %s 已存在。"
-#: lib/luks1/keymanage.c:248 lib/luks2/luks2_json_metadata.c:1212
+#: lib/luks1/keymanage.c:266 lib/luks2/luks2_json_metadata.c:1004
#, c-format
msgid "Cannot create header backup file %s."
msgstr "无法创建标头备份文件 %s。"
-#: lib/luks1/keymanage.c:255 lib/luks2/luks2_json_metadata.c:1219
+#: lib/luks1/keymanage.c:271 lib/luks2/luks2_json_metadata.c:1009
#, c-format
msgid "Cannot write header backup file %s."
msgstr "无法写入标头备份文件 %s。"
-#: lib/luks1/keymanage.c:286 lib/luks2/luks2_json_metadata.c:1256
-#, fuzzy
-msgid "Backup file does not contain valid LUKS header."
+#: lib/luks1/keymanage.c:304 lib/luks2/luks2_json_metadata.c:1058
+msgid "Backup file doesn't contain valid LUKS header."
msgstr "备份文件不包含有效 LUKS 标头。"
-#: lib/luks1/keymanage.c:299 lib/luks1/keymanage.c:556
-#: lib/luks2/luks2_json_metadata.c:1277
+#: lib/luks1/keymanage.c:317 lib/luks1/keymanage.c:571
+#: lib/luks2/luks2_json_metadata.c:1079
#, c-format
msgid "Cannot open header backup file %s."
msgstr "无法打开备份标头文件 %s。"
-#: lib/luks1/keymanage.c:307 lib/luks2/luks2_json_metadata.c:1285
+#: lib/luks1/keymanage.c:323 lib/luks2/luks2_json_metadata.c:1085
#, c-format
msgid "Cannot read header backup file %s."
msgstr "无法读取标头备份文件 %s。"
-#: lib/luks1/keymanage.c:317
+#: lib/luks1/keymanage.c:335
#, fuzzy
+#| msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgid "Data offset or key size differs on device and backup, restore failed."
msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n"
-#: lib/luks1/keymanage.c:325
+#: lib/luks1/keymanage.c:343
#, c-format
msgid "Device %s %s%s"
msgstr "设备 %s %s%s"
-#: lib/luks1/keymanage.c:326
+#: lib/luks1/keymanage.c:344
msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgstr "不包含 LUKS 标头。替换标头可能损毁设备上的数据。"
-#: lib/luks1/keymanage.c:327
+#: lib/luks1/keymanage.c:345
msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgstr "已包含 LUKS 标头。替换标头将损毁已存在的密钥槽。"
-#: lib/luks1/keymanage.c:328 lib/luks2/luks2_json_metadata.c:1319
+#: lib/luks1/keymanage.c:346 lib/luks2/luks2_json_metadata.c:1121
msgid ""
"\n"
"WARNING: real device header has different UUID than backup!"
"\n"
"警告: 真实设备标头 UUID 和备份不符!"
-#: lib/luks1/keymanage.c:375
+#: lib/luks1/keymanage.c:365 lib/luks1/keymanage.c:610
+#: lib/luks1/keymanage.c:661 lib/tcrypt/tcrypt.c:640 lib/verity/verity.c:81
+#: lib/verity/verity.c:182 lib/verity/verity_hash.c:308
+#: lib/verity/verity_hash.c:319 lib/verity/verity_hash.c:339
+#: lib/verity/verity_fec.c:241 lib/verity/verity_fec.c:253
+#: lib/verity/verity_fec.c:258 lib/luks2/luks2_json_metadata.c:1152
+#: src/cryptsetup_reencrypt.c:207
+#, c-format
+msgid "Cannot open device %s."
+msgstr "无法打开设备 %s。"
+
+#: lib/luks1/keymanage.c:396
msgid "Non standard key size, manual repair required."
msgstr "不标准的密钥大小,需要手动修复。"
-#: lib/luks1/keymanage.c:385
+#: lib/luks1/keymanage.c:401
msgid "Non standard keyslots alignment, manual repair required."
msgstr "不标准的密钥槽对齐,需要手动修复。"
-#: lib/luks1/keymanage.c:397
+#: lib/luks1/keymanage.c:411
msgid "Repairing keyslots."
msgstr "正在修复密钥槽。"
-#: lib/luks1/keymanage.c:416
+#: lib/luks1/keymanage.c:431
#, c-format
msgid "Keyslot %i: offset repaired (%u -> %u)."
msgstr "密钥槽 %i: 偏移已修复 (%u -> %u)。"
-#: lib/luks1/keymanage.c:424
+#: lib/luks1/keymanage.c:439
#, c-format
msgid "Keyslot %i: stripes repaired (%u -> %u)."
msgstr "密钥槽 %i:已修复条带(%u -> %u)。"
-#: lib/luks1/keymanage.c:433
+#: lib/luks1/keymanage.c:448
#, c-format
msgid "Keyslot %i: bogus partition signature."
msgstr "密钥槽 %i:虚假的分区签名。"
-#: lib/luks1/keymanage.c:438
+#: lib/luks1/keymanage.c:453
#, c-format
msgid "Keyslot %i: salt wiped."
msgstr "密钥槽 %i: 已清除盐。"
-#: lib/luks1/keymanage.c:455
+#: lib/luks1/keymanage.c:470
msgid "Writing LUKS header to disk."
msgstr "正在将 LUKS 标头写入磁盘。"
-#: lib/luks1/keymanage.c:460
+#: lib/luks1/keymanage.c:475
msgid "Repair failed."
msgstr "修复失败。"
-#: lib/luks1/keymanage.c:488 lib/luks1/keymanage.c:757
+#: lib/luks1/keymanage.c:497
+#, c-format
+msgid "Unsupported LUKS version %d."
+msgstr "不支持的 LUKS 版本 %d。"
+
+#: lib/luks1/keymanage.c:503 lib/luks1/keymanage.c:749
#, c-format
msgid "Requested LUKS hash %s is not supported."
msgstr "不支持请求的 LUKS 哈希 %s。"
-#: lib/luks1/keymanage.c:516 src/cryptsetup.c:1237
+#: lib/luks1/keymanage.c:531 src/cryptsetup.c:869
msgid "No known problems detected for LUKS header."
msgstr "未在 LUKS 标头发现已知问题。"
-#: lib/luks1/keymanage.c:667
+#: lib/luks1/keymanage.c:683
#, c-format
msgid "Error during update of LUKS header on device %s."
msgstr "更新设备 %s 上的 LUKS 标头时出错。"
-#: lib/luks1/keymanage.c:675
+#: lib/luks1/keymanage.c:690
#, c-format
msgid "Error re-reading LUKS header after update on device %s."
msgstr "在更新设备 %s 后重新读取 LUKS 标头失败。"
-#: lib/luks1/keymanage.c:751
-#, fuzzy
-msgid "Data offset for LUKS header must be either 0 or higher than header size."
+#: lib/luks1/keymanage.c:742
+#, c-format
+msgid "Data offset for detached LUKS header must be either 0 or higher than header size (%d sectors)."
msgstr "分离的 LUKS 标头的数据偏移量必须为零或高于标头大小(%d 扇区)。"
-#: lib/luks1/keymanage.c:762 lib/luks1/keymanage.c:832
-#: lib/luks2/luks2_json_format.c:284 lib/luks2/luks2_json_metadata.c:1101
-#: src/cryptsetup.c:2914
+#: lib/luks1/keymanage.c:754 lib/luks1/keymanage.c:840
+#: lib/luks2/luks2_json_format.c:145 lib/luks2/luks2_json_metadata.c:894
msgid "Wrong LUKS UUID format provided."
msgstr "提供了错误的 LUKS UUID 格式。"
-#: lib/luks1/keymanage.c:785
+#: lib/luks1/keymanage.c:779
msgid "Cannot create LUKS header: reading random salt failed."
msgstr "无法创建 LUKS 标头:读取随机盐失败。"
-#: lib/luks1/keymanage.c:811
+#: lib/luks1/keymanage.c:800
#, c-format
msgid "Cannot create LUKS header: header digest failed (using hash %s)."
msgstr "无法创建 LUKS 标头:标头摘要失败(正在使用哈希 %s)。"
-#: lib/luks1/keymanage.c:855
+#: lib/luks1/keymanage.c:863
#, c-format
msgid "Key slot %d active, purge first."
msgstr "密钥槽 %d 已激活,请先清除。"
-#: lib/luks1/keymanage.c:861
+#: lib/luks1/keymanage.c:869
#, fuzzy, c-format
+#| msgid "Key slot %d material includes too few stripes. Header manipulation?\n"
msgid "Key slot %d material includes too few stripes. Header manipulation?"
msgstr "密钥槽 %d 条带数过少。标头修改?\n"
-#: lib/luks1/keymanage.c:1002
-#, fuzzy, c-format
-msgid "Cannot open keyslot (using hash %s)."
-msgstr "密钥处理错误(使用散列 %s)。"
+#: lib/luks1/keymanage.c:1028
+#, c-format
+msgid "Key slot %d unlocked."
+msgstr "密钥槽 %d 已解锁。"
#: lib/luks1/keymanage.c:1080
#, fuzzy, c-format
+#| msgid "Key slot %d is invalid, please select keyslot between 0 and %d.\n"
msgid "Key slot %d is invalid, please select keyslot between 0 and %d."
msgstr "密钥槽 %d 无效,请选择标号 0 到 %d 间的密钥槽。\n"
-#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:744
+#: lib/luks1/keymanage.c:1098 lib/luks2/luks2_keyslot.c:450
#, c-format
msgid "Cannot wipe device %s."
msgstr "无法擦除设备 %s。"
#: lib/loopaes/loopaes.c:146
-#, fuzzy
-msgid "Detected not yet supported GPG encrypted keyfile."
+msgid "Detected not yet supported GPG encrypted keyfile.\n"
msgstr "探测到未支持的 GPG 加密密钥文件。\n"
#: lib/loopaes/loopaes.c:147
msgid "Incompatible loop-AES keyfile detected."
msgstr "探测到不兼容的 loop-AES 密钥文件。"
-#: lib/loopaes/loopaes.c:245
+#: lib/loopaes/loopaes.c:246
#, fuzzy
-msgid "Kernel does not support loop-AES compatible mapping."
+#| msgid "Kernel doesn't support loop-AES compatible mapping.\n"
+msgid "Kernel doesn't support loop-AES compatible mapping."
msgstr "内核不支持 loop-AES 兼容映射。\n"
-#: lib/tcrypt/tcrypt.c:504
+#: lib/tcrypt/tcrypt.c:482
#, c-format
msgid "Error reading keyfile %s."
msgstr "读取密钥文件 %s 出错。"
-#: lib/tcrypt/tcrypt.c:554
-#, fuzzy, c-format
-msgid "Maximum TCRYPT passphrase length (%zu) exceeded."
+#: lib/tcrypt/tcrypt.c:522
+#, c-format
+msgid "Maximum TCRYPT passphrase length (%d) exceeded."
msgstr "超出 TCRYPT 口令最大长度限制 (%d)。"
-#: lib/tcrypt/tcrypt.c:595
+#: lib/tcrypt/tcrypt.c:563
#, c-format
msgid "PBKDF2 hash algorithm %s not available, skipping."
msgstr "PBKDF2 哈希算法 %s 不可用,将跳过。"
-#: lib/tcrypt/tcrypt.c:611 src/cryptsetup.c:1059
+#: lib/tcrypt/tcrypt.c:581 src/cryptsetup.c:820
msgid "Required kernel crypto interface not available."
msgstr "无法找到所需的内核加密接口。"
-#: lib/tcrypt/tcrypt.c:613 src/cryptsetup.c:1061
+#: lib/tcrypt/tcrypt.c:583 src/cryptsetup.c:822
msgid "Ensure you have algif_skcipher kernel module loaded."
msgstr "请确定您已载入内核模块 algif_skcipher。"
-#: lib/tcrypt/tcrypt.c:753
+#: lib/tcrypt/tcrypt.c:729
#, c-format
msgid "Activation is not supported for %d sector size."
msgstr "扇区大小为 %d 时不支持激活。"
-#: lib/tcrypt/tcrypt.c:759
-#, fuzzy
-msgid "Kernel does not support activation for this TCRYPT legacy mode."
+#: lib/tcrypt/tcrypt.c:735
+msgid "Kernel doesn't support activation for this TCRYPT legacy mode."
msgstr "内核不支持激活此处的旧 TCRYPT 模式。"
-#: lib/tcrypt/tcrypt.c:790
+#: lib/tcrypt/tcrypt.c:769
#, c-format
msgid "Activating TCRYPT system encryption for partition %s."
msgstr "正在为分区 %s 激活 TCRYPT 系统加密。"
-#: lib/tcrypt/tcrypt.c:868
-#, fuzzy
-msgid "Kernel does not support TCRYPT compatible mapping."
+#: lib/tcrypt/tcrypt.c:837
+msgid "Kernel doesn't support TCRYPT compatible mapping."
msgstr "内核不支持 TCRYPT 兼容映射。"
-#: lib/tcrypt/tcrypt.c:1090
+#: lib/tcrypt/tcrypt.c:1052
msgid "This function is not supported without TCRYPT header load."
msgstr "未载入 TCRYPT 标头时不支持此功能。"
-#: lib/bitlk/bitlk.c:350
+#: lib/verity/verity.c:69 lib/verity/verity.c:175
#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing supported Volume Master Key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:397
-msgid "Invalid string found when parsing Volume Master Key."
-msgstr ""
+msgid "Verity device %s doesn't use on-disk header."
+msgstr "Verity 设备 %s 未使用磁盘上的标头。"
-#: lib/bitlk/bitlk.c:402
+#: lib/verity/verity.c:94
#, c-format
-msgid "Unexpected string ('%s') found when parsing supported Volume Master Key."
-msgstr ""
+msgid "Device %s is not a valid VERITY device."
+msgstr "%s 不是有效的 VERITY 设备。"
-#: lib/bitlk/bitlk.c:419
+#: lib/verity/verity.c:101
#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing supported Volume Master Key."
-msgstr ""
+msgid "Unsupported VERITY version %d."
+msgstr "不支持的 VERITY 版本 %d。"
+
+#: lib/verity/verity.c:132
+msgid "VERITY header corrupted."
+msgstr "VERITY 标头损坏。"
-#: lib/bitlk/bitlk.c:502
+#: lib/verity/verity.c:169
#, fuzzy, c-format
-msgid "Failed to read BITLK signature from %s."
-msgstr "读取 LUKS2 需求时失败。"
+#| msgid "Wrong VERITY UUID format provided on device %s.\n"
+msgid "Wrong VERITY UUID format provided on device %s."
+msgstr "为设备 %s 提供的 VERITY UUID 错误。\n"
-#: lib/bitlk/bitlk.c:514
-msgid "Invalid or unknown signature for BITLK device."
-msgstr ""
+#: lib/verity/verity.c:202
+#, fuzzy, c-format
+#| msgid "Error during update of verity header on device %s.\n"
+msgid "Error during update of verity header on device %s."
+msgstr "更新设备 %s 上的 VERITY 标头时出错。\n"
-#: lib/bitlk/bitlk.c:520
-msgid "BITLK version 1 is currently not supported."
+#: lib/verity/verity.c:259
+msgid "Errors cannot be repaired with FEC device."
msgstr ""
-#: lib/bitlk/bitlk.c:526
-msgid "Invalid or unknown boot signature for BITLK device."
+#: lib/verity/verity.c:261
+#, c-format
+msgid "Found %u repairable errors with FEC device."
msgstr ""
-#: lib/bitlk/bitlk.c:538
-#, fuzzy, c-format
-msgid "Unsupported sector size %<PRIu16>."
-msgstr "不支持的加密扇区大小。"
+#: lib/verity/verity.c:305
+msgid "Kernel doesn't support dm-verity mapping."
+msgstr "内核不支持 dm-verity 映射。"
-#: lib/bitlk/bitlk.c:546
-#, fuzzy, c-format
-msgid "Failed to read BITLK header from %s."
-msgstr "读取 LUKS2 需求时失败。"
+#: lib/verity/verity.c:316
+#, fuzzy
+#| msgid "Verity device detected corruption after activation.\n"
+msgid "Verity device detected corruption after activation."
+msgstr "在 VERITY 设备激活后探测到损坏。\n"
-#: lib/bitlk/bitlk.c:571
+#: lib/verity/verity_hash.c:59
#, fuzzy, c-format
-msgid "Failed to read BITLK FVE metadata from %s."
-msgstr "读取 LUKS2 需求时失败。"
+#| msgid "Spare area is not zeroed at position %<PRIu64>.\n"
+msgid "Spare area is not zeroed at position %<PRIu64>."
+msgstr "备用区位置 %<PRIu64> 未清零。\n"
-#: lib/bitlk/bitlk.c:622
-#, fuzzy
-msgid "Unknown or unsupported encryption type."
-msgstr "不支持的加密扇区大小。"
+#: lib/verity/verity_hash.c:160 lib/verity/verity_hash.c:287
+#: lib/verity/verity_hash.c:300
+msgid "Device offset overflow."
+msgstr "设备偏移量溢出。"
-#: lib/bitlk/bitlk.c:655
-#, fuzzy, c-format
-msgid "Failed to read BITLK metadata entries from %s."
-msgstr "读取 LUKS2 需求时失败。"
-
-#: lib/bitlk/bitlk.c:897
-#, c-format
-msgid "Unexpected metadata entry type '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:912
-#, c-format
-msgid "Unexpected metadata entry value '%u' found when parsing external key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:980
-msgid "Unexpected metadata entry found when parsing startup key."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1071
-#, fuzzy
-msgid "This operation is not supported."
-msgstr "不支持在 %s 加密设备上执行此操作。"
-
-#: lib/bitlk/bitlk.c:1079
-msgid "Unexpected key data size."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1133
-msgid "This BITLK device is in an unsupported state and cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1139
-#, c-format
-msgid "BITLK devices with type '%s' cannot be activated."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1234
-#, fuzzy
-msgid "Activation of partially decrypted BITLK device is not supported."
-msgstr "激活临时设备失败。"
-
-#: lib/bitlk/bitlk.c:1370
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK IV."
-msgstr ""
-
-#: lib/bitlk/bitlk.c:1374
-msgid "Cannot activate device, kernel dm-crypt is missing support for BITLK Elephant diffuser."
-msgstr ""
-
-#: lib/verity/verity.c:69 lib/verity/verity.c:180
-#, fuzzy, c-format
-msgid "Verity device %s does not use on-disk header."
-msgstr "Verity 设备 %s 未使用磁盘上的标头。"
-
-#: lib/verity/verity.c:91
-#, c-format
-msgid "Device %s is not a valid VERITY device."
-msgstr "%s 不是有效的 VERITY 设备。"
-
-#: lib/verity/verity.c:98
-#, c-format
-msgid "Unsupported VERITY version %d."
-msgstr "不支持的 VERITY 版本 %d。"
-
-#: lib/verity/verity.c:129
-msgid "VERITY header corrupted."
-msgstr "VERITY 标头损坏。"
-
-#: lib/verity/verity.c:174
-#, fuzzy, c-format
-msgid "Wrong VERITY UUID format provided on device %s."
-msgstr "为设备 %s 提供的 VERITY UUID 错误。\n"
-
-#: lib/verity/verity.c:218
-#, fuzzy, c-format
-msgid "Error during update of verity header on device %s."
-msgstr "更新设备 %s 上的 VERITY 标头时出错。\n"
-
-#: lib/verity/verity.c:276
-#, fuzzy
-msgid "Root hash signature verification is not supported."
-msgstr "不支持请求的 sector_size 选项。"
-
-#: lib/verity/verity.c:288
-msgid "Errors cannot be repaired with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:290
-#, c-format
-msgid "Found %u repairable errors with FEC device."
-msgstr ""
-
-#: lib/verity/verity.c:333
-#, fuzzy
-msgid "Kernel does not support dm-verity mapping."
-msgstr "内核不支持 dm-verity 映射。"
-
-#: lib/verity/verity.c:337
-#, fuzzy
-msgid "Kernel does not support dm-verity signature option."
-msgstr "内核不支持 dm-verity 映射。"
-
-#: lib/verity/verity.c:348
-#, fuzzy
-msgid "Verity device detected corruption after activation."
-msgstr "在 VERITY 设备激活后探测到损坏。\n"
-
-#: lib/verity/verity_hash.c:59
-#, fuzzy, c-format
-msgid "Spare area is not zeroed at position %<PRIu64>."
-msgstr "备用区位置 %<PRIu64> 未清零。\n"
-
-#: lib/verity/verity_hash.c:154 lib/verity/verity_hash.c:266
-#: lib/verity/verity_hash.c:277
-msgid "Device offset overflow."
-msgstr "设备偏移量溢出。"
-
-#: lib/verity/verity_hash.c:194
+#: lib/verity/verity_hash.c:200
#, fuzzy, c-format
+#| msgid "Verification failed at position %<PRIu64>.\n"
msgid "Verification failed at position %<PRIu64>."
msgstr "在 %<PRIu64> 上发生检验错误。\n"
#: lib/verity/verity_hash.c:273
+#, fuzzy
+#| msgid "Invalid size parameters for verity device.\n"
+msgid "Invalid size parameters for verity device."
+msgstr "为 VERITY 设备提供的大小指标无效。\n"
+
+#: lib/verity/verity_hash.c:293
msgid "Hash area overflow."
msgstr "哈希区域溢出。"
-#: lib/verity/verity_hash.c:346
+#: lib/verity/verity_hash.c:370
msgid "Verification of data area failed."
msgstr "数据区检验失败。"
-#: lib/verity/verity_hash.c:351
+#: lib/verity/verity_hash.c:375
msgid "Verification of root hash failed."
msgstr "根哈希值检验失败。"
-#: lib/verity/verity_hash.c:357
+#: lib/verity/verity_hash.c:381
#, fuzzy
+#| msgid "Input/output error while creating hash area.\n"
msgid "Input/output error while creating hash area."
msgstr "创建哈希数据区时发生输入/输出错误。\n"
-#: lib/verity/verity_hash.c:359
+#: lib/verity/verity_hash.c:383
msgid "Creation of hash area failed."
msgstr "创建哈希区失败。"
-#: lib/verity/verity_hash.c:394
+#: lib/verity/verity_hash.c:430
#, fuzzy, c-format
+#| msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u).\n"
msgid "WARNING: Kernel cannot activate device if data block size exceeds page size (%u)."
msgstr "警告:如数据块大小超过内存分页大小,内核将无法激活设备 (%u)。\n"
-#: lib/verity/verity_fec.c:131
+#: lib/verity/verity_fec.c:132
#, fuzzy
+#| msgid "Failed to open key file.\n"
msgid "Failed to allocate RS context."
msgstr "打开 (open) 密钥文件失败。\n"
# stat() 主要就是出来一个各种文件信息……
-#: lib/verity/verity_fec.c:149
+#: lib/verity/verity_fec.c:147
#, fuzzy
+#| msgid "Failed to stat key file.\n"
msgid "Failed to allocate buffer."
msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-#: lib/verity/verity_fec.c:159
+#: lib/verity/verity_fec.c:157
#, fuzzy, c-format
+#| msgid "Failed to access temporary keystore device.\n"
msgid "Failed to read RS block %<PRIu64> byte %d."
msgstr "无法访问临时密钥存储设备。\n"
-#: lib/verity/verity_fec.c:172
+#: lib/verity/verity_fec.c:170
#, fuzzy, c-format
+#| msgid "Failed to access temporary keystore device.\n"
msgid "Failed to read parity for RS block %<PRIu64>."
msgstr "无法访问临时密钥存储设备。\n"
-#: lib/verity/verity_fec.c:180
+#: lib/verity/verity_fec.c:177
#, fuzzy, c-format
+#| msgid "Failed to access temporary keystore device.\n"
msgid "Failed to repair parity for block %<PRIu64>."
msgstr "无法访问临时密钥存储设备。\n"
-#: lib/verity/verity_fec.c:191
+#: lib/verity/verity_fec.c:188
#, fuzzy, c-format
+#| msgid "Failed to access temporary keystore device.\n"
msgid "Failed to write parity for RS block %<PRIu64>."
msgstr "无法访问临时密钥存储设备。\n"
-#: lib/verity/verity_fec.c:227
+#: lib/verity/verity_fec.c:223
msgid "Block sizes must match for FEC."
msgstr ""
-#: lib/verity/verity_fec.c:233
+#: lib/verity/verity_fec.c:229
msgid "Invalid number of parity bytes."
msgstr ""
-#: lib/verity/verity_fec.c:238
-msgid "Invalid FEC segment length."
-msgstr ""
-
-#: lib/verity/verity_fec.c:302
+#: lib/verity/verity_fec.c:265
#, fuzzy, c-format
+#| msgid "Failed to open temporary keystore device.\n"
msgid "Failed to determine size for device %s."
msgstr "打开临时密钥存储设备失败。\n"
-#: lib/integrity/integrity.c:272 lib/integrity/integrity.c:355
-#, fuzzy
-msgid "Kernel does not support dm-integrity mapping."
-msgstr "内核不支持 dm-verity 映射。\n"
-
-#: lib/integrity/integrity.c:278
+#: lib/integrity/integrity.c:219 lib/integrity/integrity.c:270
#, fuzzy
-msgid "Kernel does not support dm-integrity fixed metadata alignment."
+#| msgid "Kernel doesn't support dm-verity mapping.\n"
+msgid "Kernel doesn't support dm-integrity mapping."
msgstr "内核不支持 dm-verity 映射。\n"
-#: lib/integrity/integrity.c:287
-msgid "Kernel refuses to activate insecure recalculate option (see legacy activation options to override)."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:383 lib/luks2/luks2_json_metadata.c:1059
-#: lib/luks2/luks2_json_metadata.c:1339
+#: lib/luks2/luks2_disk_metadata.c:364
#, c-format
-msgid "Failed to acquire write lock on device %s."
-msgstr "无法获取设备 %s 上的写入锁。"
+msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)"
+msgstr "设备 %s 过小。(LUKS2 需要至少 %<PRIu64> 字节。)"
-#: lib/luks2/luks2_disk_metadata.c:392
-msgid "Detected attempt for concurrent LUKS2 metadata update. Aborting operation."
-msgstr ""
-
-#: lib/luks2/luks2_disk_metadata.c:691 lib/luks2/luks2_disk_metadata.c:712
-msgid ""
-"Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
-"Please run \"cryptsetup repair\" for recovery."
-msgstr ""
+#: lib/luks2/luks2_disk_metadata.c:428
+msgid "Failed to acquire write device lock."
+msgstr "无法获取写入设备锁。"
-#: lib/luks2/luks2_json_format.c:227
+#: lib/luks2/luks2_json_format.c:99
#, fuzzy
-msgid "Requested data offset is too small."
-msgstr "设备 %s 太小。"
-
-#: lib/luks2/luks2_json_format.c:272
-#, c-format
-msgid "WARNING: keyslots area (%<PRIu64> bytes) is very small, available LUKS2 keyslot count is very limited.\n"
-msgstr ""
+#| msgid "Failed to swap new key slot.\n"
+msgid "No space for new keyslot."
+msgstr "交换新密钥槽失败。\n"
-#: lib/luks2/luks2_json_metadata.c:1046 lib/luks2/luks2_json_metadata.c:1184
-#: lib/luks2/luks2_json_metadata.c:1245 lib/luks2/luks2_keyslot_luks2.c:92
-#: lib/luks2/luks2_keyslot_luks2.c:114
+#: lib/luks2/luks2_json_metadata.c:851 lib/luks2/luks2_json_metadata.c:974
+#: lib/luks2/luks2_json_metadata.c:1047 lib/luks2/luks2_keyslot_luks2.c:103
+#: lib/luks2/luks2_keyslot_luks2.c:126
#, c-format
msgid "Failed to acquire read lock on device %s."
msgstr "无法获取设备 %s 的读取锁。"
-#: lib/luks2/luks2_json_metadata.c:1262
+#: lib/luks2/luks2_json_metadata.c:1064
#, c-format
msgid "Forbidden LUKS2 requirements detected in backup %s."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1303
+#: lib/luks2/luks2_json_metadata.c:1105
#, fuzzy
+#| msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgid "Data offset differ on device and backup, restore failed."
msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n"
-#: lib/luks2/luks2_json_metadata.c:1309
+#: lib/luks2/luks2_json_metadata.c:1111
#, fuzzy
+#| msgid "Data offset or key size differs on device and backup, restore failed.\n"
msgid "Binary header with keyslot areas size differ on device and backup, restore failed."
msgstr "源设备和备份上的数据偏移或密钥大小不符,恢复失败。\n"
-#: lib/luks2/luks2_json_metadata.c:1316
+#: lib/luks2/luks2_json_metadata.c:1118
#, c-format
msgid "Device %s %s%s%s%s"
msgstr "设备 %s %s%s%s%s"
-#: lib/luks2/luks2_json_metadata.c:1317
+#: lib/luks2/luks2_json_metadata.c:1119
#, fuzzy
+#| msgid "does not contain LUKS header. Replacing header can destroy data on that device."
msgid "does not contain LUKS2 header. Replacing header can destroy data on that device."
msgstr "不包含 LUKS 标头。替换标头可能损毁设备上的数据。"
-#: lib/luks2/luks2_json_metadata.c:1318
+#: lib/luks2/luks2_json_metadata.c:1120
#, fuzzy
+#| msgid "already contains LUKS header. Replacing header will destroy existing keyslots."
msgid "already contains LUKS2 header. Replacing header will destroy existing keyslots."
msgstr "已包含 LUKS 标头。替换标头将损毁已存在的密钥槽。"
-#: lib/luks2/luks2_json_metadata.c:1320
+#: lib/luks2/luks2_json_metadata.c:1122
msgid ""
"\n"
"WARNING: unknown LUKS2 requirements detected in real device header!\n"
"Replacing header with backup may corrupt the data on that device!"
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1322
+#: lib/luks2/luks2_json_metadata.c:1124
msgid ""
"\n"
"WARNING: Unfinished offline reencryption detected on the device!\n"
"Replacing header with backup may corrupt data."
msgstr ""
-#: lib/luks2/luks2_json_metadata.c:1420
+#: lib/luks2/luks2_json_metadata.c:1226
#, c-format
msgid "Ignored unknown flag %s."
msgstr "已忽略未知旗标 %s。"
-#: lib/luks2/luks2_json_metadata.c:2197 lib/luks2/luks2_reencrypt.c:1856
-#, c-format
-msgid "Missing key for dm-crypt segment %u"
-msgstr ""
-
-# stat() 主要就是出来一个各种文件信息……
-#: lib/luks2/luks2_json_metadata.c:2209 lib/luks2/luks2_reencrypt.c:1874
-#, fuzzy
-msgid "Failed to set dm-crypt segment."
-msgstr "设置 pbkdf 参数失败。"
-
-# stat() 主要就是出来一个各种文件信息……
-#: lib/luks2/luks2_json_metadata.c:2215 lib/luks2/luks2_reencrypt.c:1880
-#, fuzzy
-msgid "Failed to set dm-linear segment."
-msgstr "设置 pbkdf 参数失败。"
-
-#: lib/luks2/luks2_json_metadata.c:2342
-msgid "Unsupported device integrity configuration."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2428
-msgid "Reencryption in-progress. Cannot deactivate device."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2439 lib/luks2/luks2_reencrypt.c:3416
-#, c-format
-msgid "Failed to replace suspended device %s with dm-error target."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2519
+#: lib/luks2/luks2_json_metadata.c:1923
msgid "Failed to read LUKS2 requirements."
msgstr "读取 LUKS2 需求时失败。"
-#: lib/luks2/luks2_json_metadata.c:2526
+#: lib/luks2/luks2_json_metadata.c:1930
msgid "Unmet LUKS2 requirements detected."
msgstr "探测到未满足的 LUKS2 需求。"
-#: lib/luks2/luks2_json_metadata.c:2534
-msgid "Operation incompatible with device marked for legacy reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_json_metadata.c:2536
-msgid "Operation incompatible with device marked for LUKS2 reencryption. Aborting."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:556 lib/luks2/luks2_keyslot.c:593
-msgid "Not enough available memory to open a keyslot."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot.c:558 lib/luks2/luks2_keyslot.c:595
-#, fuzzy
-msgid "Keyslot open failed."
-msgstr "密钥槽 %i: 已清除盐。"
-
-#: lib/luks2/luks2_keyslot_luks2.c:53 lib/luks2/luks2_keyslot_luks2.c:108
-#, c-format
-msgid "Cannot use %s-%s cipher for keyslot encryption."
-msgstr ""
-
-#: lib/luks2/luks2_keyslot_luks2.c:480
-#, fuzzy
-msgid "No space for new keyslot."
-msgstr "交换新密钥槽失败。\n"
+#: lib/luks2/luks2_json_metadata.c:1938
+msgid "Offline reencryption in progress. Aborting."
+msgstr "正在进行离线重加密。中止。"
-#: lib/luks2/luks2_luks1_convert.c:482
+#: lib/luks2/luks2_luks1_convert.c:477
#, fuzzy, c-format
-msgid "Cannot check status of device with uuid: %s."
+#| msgid "Cannot check password quality: %s\n"
+msgid "Can not check status of device with uuid: %s."
msgstr "无法检查密码质量:%s\n"
-#: lib/luks2/luks2_luks1_convert.c:508
+#: lib/luks2/luks2_luks1_convert.c:503
msgid "Unable to convert header with LUKSMETA additional metadata."
msgstr ""
-#: lib/luks2/luks2_luks1_convert.c:548
+#: lib/luks2/luks2_luks1_convert.c:540
msgid "Unable to move keyslot area. Not enough space."
msgstr "无法移动密钥槽区域。空间不足。"
-#: lib/luks2/luks2_luks1_convert.c:599
-#, fuzzy
-msgid "Unable to move keyslot area. LUKS2 keyslots area too small."
-msgstr "无法移动密钥槽区域。空间不足。"
-
-#: lib/luks2/luks2_luks1_convert.c:605 lib/luks2/luks2_luks1_convert.c:889
+#: lib/luks2/luks2_luks1_convert.c:580 lib/luks2/luks2_luks1_convert.c:846
msgid "Unable to move keyslot area."
msgstr "无法移动密钥槽区域。"
-#: lib/luks2/luks2_luks1_convert.c:697
-#, fuzzy
-msgid "Cannot convert to LUKS1 format - default segment encryption sector size is not 512 bytes."
-msgstr "LUKS 密钥槽 %u 无效。\n"
-
-#: lib/luks2/luks2_luks1_convert.c:705
+#: lib/luks2/luks2_luks1_convert.c:668
#, fuzzy
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_luks1_convert.c:717
+#: lib/luks2/luks2_luks1_convert.c:677
#, fuzzy, c-format
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - device uses wrapped key cipher %s."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_luks1_convert.c:725
+#: lib/luks2/luks2_luks1_convert.c:685
#, fuzzy, c-format
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_luks1_convert.c:739
+#: lib/luks2/luks2_luks1_convert.c:699
#, fuzzy, c-format
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - keyslot %u is in invalid state."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_luks1_convert.c:744
+#: lib/luks2/luks2_luks1_convert.c:704
#, fuzzy, c-format
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_luks1_convert.c:749
+#: lib/luks2/luks2_luks1_convert.c:709
#, fuzzy, c-format
+#| msgid "LUKS keyslot %u is invalid.\n"
msgid "Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."
msgstr "LUKS 密钥槽 %u 无效。\n"
-#: lib/luks2/luks2_reencrypt.c:1002
-#, c-format
-msgid "Hotzone size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:1007
-#, fuzzy, c-format
-msgid "Device size must be multiple of calculated zone alignment (%zu bytes)."
-msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
-
-#: lib/luks2/luks2_reencrypt.c:1051
-#, fuzzy, c-format
-msgid "Unsupported resilience mode %s"
-msgstr "不支持的 LUKS 版本 %d。"
-
-#: lib/luks2/luks2_reencrypt.c:1268 lib/luks2/luks2_reencrypt.c:1423
-#: lib/luks2/luks2_reencrypt.c:1506 lib/luks2/luks2_reencrypt.c:1540
-#: lib/luks2/luks2_reencrypt.c:3251
-#, fuzzy
-msgid "Failed to initialize old segment storage wrapper."
-msgstr "初始化默认 LUKS2 密钥槽参数失败。"
-
-#: lib/luks2/luks2_reencrypt.c:1282 lib/luks2/luks2_reencrypt.c:1401
-#, fuzzy
-msgid "Failed to initialize new segment storage wrapper."
-msgstr "初始化默认 LUKS2 密钥槽参数失败。"
-
-#: lib/luks2/luks2_reencrypt.c:1450
-#, fuzzy
-msgid "Failed to read checksums for current hotzone."
-msgstr "从备份标头读取需求失败。"
-
-#: lib/luks2/luks2_reencrypt.c:1457 lib/luks2/luks2_reencrypt.c:3259
-#, fuzzy, c-format
-msgid "Failed to read hotzone area starting at %<PRIu64>."
-msgstr "无法访问临时密钥存储设备。\n"
-
-# stat() 主要就是出来一个各种文件信息……
-#: lib/luks2/luks2_reencrypt.c:1476
-#, fuzzy, c-format
-msgid "Failed to decrypt sector %zu."
-msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:1482
-#, fuzzy, c-format
-msgid "Failed to recover sector %zu."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:1977
-#, c-format
-msgid "Source and target device sizes don't match. Source %<PRIu64>, target: %<PRIu64>."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2075
-#, fuzzy, c-format
-msgid "Failed to activate hotzone device %s."
-msgstr "无法获取设备 %s 上的写入锁。"
-
-#: lib/luks2/luks2_reencrypt.c:2092
-#, c-format
-msgid "Failed to activate overlay device %s with actual origin table."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2099
-#, fuzzy, c-format
-msgid "Failed to load new mapping for device %s."
-msgstr "打开临时密钥存储设备失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:2170
-#, fuzzy
-msgid "Failed to refresh reencryption devices stack."
-msgstr "无法获取设备 %s 的读取锁。"
-
-#: lib/luks2/luks2_reencrypt.c:2326
-#, fuzzy
-msgid "Failed to set new keyslots area size."
-msgstr "交换新密钥槽失败。"
-
-#: lib/luks2/luks2_reencrypt.c:2430
-#, fuzzy, c-format
-msgid "Data shift is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
-
-#: lib/luks2/luks2_reencrypt.c:2451
-#, fuzzy, c-format
-msgid "Data device is not aligned to requested encryption sector size (%<PRIu32> bytes)."
-msgstr "设备 %s 的大小没有和请求的扇区大小对齐(%u 字节)。"
-
-#: lib/luks2/luks2_reencrypt.c:2472
-#, c-format
-msgid "Data shift (%<PRIu64> sectors) is less than future data offset (%<PRIu64> sectors)."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2478 lib/luks2/luks2_reencrypt.c:2918
-#: lib/luks2/luks2_reencrypt.c:2939
-#, fuzzy, c-format
-msgid "Failed to open %s in exclusive mode (already mapped or mounted)."
-msgstr "无法使用正被使用的设备 %s(已被映射或挂载)。"
-
-#: lib/luks2/luks2_reencrypt.c:2647
-msgid "Device not marked for LUKS2 reencryption."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2664 lib/luks2/luks2_reencrypt.c:3536
-#, fuzzy
-msgid "Failed to load LUKS2 reencryption context."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:2744
-#, fuzzy
-msgid "Failed to get reencryption state."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:2748 lib/luks2/luks2_reencrypt.c:3032
-#, fuzzy
-msgid "Device is not in reencryption."
-msgstr "设备 %s 未激活。"
-
-#: lib/luks2/luks2_reencrypt.c:2755 lib/luks2/luks2_reencrypt.c:3039
-#, fuzzy
-msgid "Reencryption process is already running."
-msgstr "重加密已在进行中。"
-
-#: lib/luks2/luks2_reencrypt.c:2757 lib/luks2/luks2_reencrypt.c:3041
-#, fuzzy
-msgid "Failed to acquire reencryption lock."
-msgstr "无法获取写入设备锁。"
-
-#: lib/luks2/luks2_reencrypt.c:2775
-msgid "Cannot proceed with reencryption. Run reencryption recovery first."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2889
-msgid "Active device size and requested reencryption size don't match."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2903
-msgid "Illegal device size requested in reencryption parameters."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:2973
-#, fuzzy
-msgid "Reencryption in-progress. Cannot perform recovery."
-msgstr "重加密已在进行中。"
-
-#: lib/luks2/luks2_reencrypt.c:3129
-msgid "LUKS2 reencryption already initialized in metadata."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3136
-#, fuzzy
-msgid "Failed to initialize LUKS2 reencryption in metadata."
-msgstr "初始化默认 LUKS2 密钥槽参数失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3225
-msgid "Failed to set device segments for next reencryption hotzone."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3267
-#, fuzzy
-msgid "Failed to write reencryption resilience metadata."
-msgstr "向新表头写入活动旗标失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3274
-#, fuzzy
-msgid "Decryption failed."
-msgstr "修复失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3279
-#, fuzzy, c-format
-msgid "Failed to write hotzone area starting at %<PRIu64>."
-msgstr "无法访问临时密钥存储设备。\n"
-
-# stat() 主要就是出来一个各种文件信息……
-#: lib/luks2/luks2_reencrypt.c:3284
-#, fuzzy
-msgid "Failed to sync data."
-msgstr "获取 (stat) 密钥文件信息失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3292
-msgid "Failed to update metadata after current reencryption hotzone completed."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3359
-#, fuzzy
-msgid "Failed to write LUKS2 metadata."
-msgstr "读取 LUKS2 需求时失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3382
-#, fuzzy
-msgid "Failed to wipe backup segment data."
-msgstr "交换新密钥槽失败。"
-
-#: lib/luks2/luks2_reencrypt.c:3388
-#, fuzzy, c-format
-msgid "Failed to remove unused (unbound) keyslot %d."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:3398
-#, fuzzy
-msgid "Failed to remove reencryption keyslot."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt.c:3408
-#, c-format
-msgid "Fatal error while reencrypting chunk starting at %<PRIu64>, %<PRIu64> sectors long."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3417
-msgid "Do not resume the device unless replaced with error target manually."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3467
-msgid "Cannot proceed with reencryption. Unexpected reencryption status."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3473
-msgid "Missing or invalid reencrypt context."
-msgstr ""
-
-#: lib/luks2/luks2_reencrypt.c:3480
-#, fuzzy
-msgid "Failed to initialize reencryption device stack."
-msgstr "无法获取设备 %s 的读取锁。"
-
-#: lib/luks2/luks2_reencrypt.c:3508 lib/luks2/luks2_reencrypt.c:3549
-#, fuzzy
-msgid "Failed to update reencryption context."
-msgstr "打开 (open) 密钥文件失败。\n"
-
-#: lib/luks2/luks2_reencrypt_digest.c:376
-#, fuzzy
-msgid "Reencryption metadata is invalid."
-msgstr "密钥槽 %d 无效。"
-
-#: lib/luks2/luks2_token.c:263
+#: lib/luks2/luks2_token.c:266
#, fuzzy
+#| msgid "Failed to swap new key slot.\n"
msgid "No free token slot."
msgstr "交换新密钥槽失败。\n"
# stat() 主要就是出来一个各种文件信息……
-#: lib/luks2/luks2_token.c:270
+#: lib/luks2/luks2_token.c:274
#, fuzzy, c-format
+#| msgid "Failed to stat key file.\n"
msgid "Failed to create builtin token %s."
msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-#: src/cryptsetup.c:198
+#: src/cryptsetup.c:132
#, fuzzy
+#| msgid "Can't do passphrase verification on non-tty inputs.\n"
msgid "Can't do passphrase verification on non-tty inputs."
msgstr "无法从非 TTY 输入验证密码。\n"
-#: src/cryptsetup.c:261
-#, fuzzy
-msgid "Keyslot encryption parameters can be set only for LUKS2 device."
-msgstr "此操作只适用 LUKS2 设备。"
-
-#: src/cryptsetup.c:291 src/cryptsetup.c:1006 src/cryptsetup.c:1389
-#: src/cryptsetup.c:3295 src/cryptsetup_reencrypt.c:741
-#: src/cryptsetup_reencrypt.c:811
+#: src/cryptsetup.c:185 src/cryptsetup.c:760 src/cryptsetup.c:995
+#: src/cryptsetup_reencrypt.c:743 src/cryptsetup_reencrypt.c:817
#, fuzzy
+#| msgid "No known cipher specification pattern detected.\n"
msgid "No known cipher specification pattern detected."
msgstr "未探测到已知的密文特征。\n"
-#: src/cryptsetup.c:299
+#: src/cryptsetup.c:193
msgid "WARNING: The --hash parameter is being ignored in plain mode with keyfile specified.\n"
msgstr "警告:在纯文本模式下指定密钥文件时将忽略参数 --hash。\n"
-#: src/cryptsetup.c:307
+#: src/cryptsetup.c:201
msgid "WARNING: The --keyfile-size option is being ignored, the read size is the same as the encryption key size.\n"
msgstr "警告:将忽略参数 --keyfile-size,读取大小应与加密密钥大小一致。\n"
-#: src/cryptsetup.c:347
-#, c-format
-msgid "Detected device signature(s) on %s. Proceeding further may damage existing data."
-msgstr ""
-
-#: src/cryptsetup.c:353 src/cryptsetup.c:1137 src/cryptsetup.c:1184
-#: src/cryptsetup.c:1246 src/cryptsetup.c:1366 src/cryptsetup.c:1439
-#: src/cryptsetup.c:2086 src/cryptsetup.c:2812 src/cryptsetup.c:2936
-#: src/integritysetup.c:242
-msgid "Operation aborted.\n"
-msgstr "操作中止。\n"
-
-#: src/cryptsetup.c:421
+#: src/cryptsetup.c:263
msgid "Option --key-file is required."
msgstr "需要选项 --key-file。"
-#: src/cryptsetup.c:474
+#: src/cryptsetup.c:308
msgid "Enter VeraCrypt PIM: "
msgstr "输入 VeraCrypt PIM: "
-#: src/cryptsetup.c:483
+#: src/cryptsetup.c:317
msgid "Invalid PIM value: parse error."
msgstr "无效的 PIM 值:解析错误。"
-#: src/cryptsetup.c:486
+#: src/cryptsetup.c:320
msgid "Invalid PIM value: 0."
msgstr "无效的 PIM 值:0。"
-#: src/cryptsetup.c:489
+#: src/cryptsetup.c:323
msgid "Invalid PIM value: outside of range."
msgstr "无效的 PIM 值:超出范围。"
-#: src/cryptsetup.c:512
+#: src/cryptsetup.c:346
#, fuzzy
+#| msgid "No device header detected with this passphrase.\n"
msgid "No device header detected with this passphrase."
msgstr "未从此密码中探测到设备标头。\n"
-#: src/cryptsetup.c:582
-#, fuzzy, c-format
-msgid "Device %s is not a valid BITLK device."
-msgstr "%s 不是有效的 LUKS 设备。"
-
-#: src/cryptsetup.c:617
+#: src/cryptsetup.c:408 src/cryptsetup.c:1587
msgid ""
"Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"This dump should be always stored encrypted on safe place."
msgstr ""
-#: src/cryptsetup.c:714
+#: src/cryptsetup.c:487
#, c-format
msgid "Device %s is still active and scheduled for deferred removal.\n"
msgstr ""
-#: src/cryptsetup.c:742
+#: src/cryptsetup.c:515
msgid "Resize of active device requires volume key in keyring but --disable-keyring option is set."
msgstr ""
-#: src/cryptsetup.c:885
+#: src/cryptsetup.c:638
#, fuzzy
+#| msgid "benchmark cipher"
msgid "Benchmark interrupted."
msgstr "测试密文"
-#: src/cryptsetup.c:906
+#: src/cryptsetup.c:659
#, c-format
msgid "PBKDF2-%-9s N/A\n"
msgstr ""
-#: src/cryptsetup.c:908
+#: src/cryptsetup.c:661
#, c-format
msgid "PBKDF2-%-9s %7u iterations per second for %zu-bit key\n"
msgstr ""
-#: src/cryptsetup.c:922
+#: src/cryptsetup.c:675
#, c-format
msgid "%-10s N/A\n"
msgstr ""
-#: src/cryptsetup.c:924
+#: src/cryptsetup.c:677
#, c-format
msgid "%-10s %4u iterations, %5u memory, %1u parallel threads (CPUs) for %zu-bit key (requested %u ms time)\n"
msgstr ""
-#: src/cryptsetup.c:948
+#: src/cryptsetup.c:701
#, fuzzy
+#| msgid "Result of benchmark is not reliable.\n"
msgid "Result of benchmark is not reliable."
msgstr "测试结果不可靠。\n"
-#: src/cryptsetup.c:998
+#: src/cryptsetup.c:752
msgid "# Tests are approximate using memory only (no storage IO).\n"
msgstr "# 测试仅使用内存(无存储 IO)。\n"
#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1018
-#, fuzzy, c-format
-msgid "#%*s Algorithm | Key | Encryption | Decryption\n"
+#: src/cryptsetup.c:780 src/cryptsetup.c:804
+#, fuzzy
+#| msgid "# Algorithm | Key | Encryption | Decryption\n"
+msgid "# Algorithm | Key | Encryption | Decryption\n"
msgstr "# 算法 | 密钥 | 加密 | 解密\n"
-#: src/cryptsetup.c:1022
+#: src/cryptsetup.c:784
#, fuzzy, c-format
-msgid "Cipher %s (with %i bits key) is not available."
+#| msgid "Cipher %s is not available.\n"
+msgid "Cipher %s is not available."
msgstr "密文 %s 不可用。\n"
-#. TRANSLATORS: The string is header of a table and must be exactly (right side) aligned.
-#: src/cryptsetup.c:1041
-#, fuzzy
-msgid "# Algorithm | Key | Encryption | Decryption\n"
-msgstr "# 算法 | 密钥 | 加密 | 解密\n"
-
-#: src/cryptsetup.c:1052
+#: src/cryptsetup.c:813
msgid "N/A"
msgstr "不可用"
-#: src/cryptsetup.c:1134
-msgid ""
-"Unprotected LUKS2 reencryption metadata detected. Please verify the reencryption operation is desirable (see luksDump output)\n"
-"and continue (upgrade metadata) only if you acknowledge the operation as genuine."
-msgstr ""
-
-#: src/cryptsetup.c:1140
-#, fuzzy
-msgid "Enter passphrase to protect and uppgrade reencryption metadata: "
-msgstr "输入要移除的口令: "
-
-#: src/cryptsetup.c:1183
-msgid "Really proceed with LUKS2 reencryption recovery?"
-msgstr ""
-
-#: src/cryptsetup.c:1193
-#, fuzzy
-msgid "Enter passphrase to verify reencryption metadata digest: "
-msgstr "输入要移除的口令: "
-
-#: src/cryptsetup.c:1195
-#, fuzzy
-msgid "Enter passphrase for reencryption recovery: "
-msgstr "输入密钥槽 %u 的密码:"
-
-#: src/cryptsetup.c:1245
+#: src/cryptsetup.c:873
msgid "Really try to repair LUKS device header?"
msgstr "确定要尝试修复 LUKS 设备标头吗?"
-#: src/cryptsetup.c:1265 src/integritysetup.c:157
+#: src/cryptsetup.c:874 src/cryptsetup.c:965 src/cryptsetup.c:987
+#: src/cryptsetup.c:1560
+msgid "Operation aborted.\n"
+msgstr "操作中止。\n"
+
+#: src/cryptsetup.c:889 src/integritysetup.c:140
msgid ""
"Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).\n"
msgstr ""
-#: src/cryptsetup.c:1287 src/integritysetup.c:179
+#: src/cryptsetup.c:911 src/integritysetup.c:162
#, fuzzy, c-format
+#| msgid "Cannot open temporary LUKS device.\n"
msgid "Cannot deactivate temporary device %s."
msgstr "无法打开临时 LUKS 设备。\n"
-#: src/cryptsetup.c:1351
+#: src/cryptsetup.c:955
msgid "Integrity option can be used only for LUKS2 format."
msgstr ""
-#: src/cryptsetup.c:1356 src/cryptsetup.c:1416
-#, fuzzy
-msgid "Unsupported LUKS2 metadata size options."
-msgstr "不支持的 LUKS 版本 %d。"
-
-#: src/cryptsetup.c:1365
-msgid "Header file does not exist, do you want to create it?"
-msgstr ""
-
-#: src/cryptsetup.c:1373
+#: src/cryptsetup.c:971
#, c-format
msgid "Cannot create header file %s."
msgstr "无法创建标头文件 %s。"
-#: src/cryptsetup.c:1396 src/integritysetup.c:205 src/integritysetup.c:213
-#: src/integritysetup.c:222 src/integritysetup.c:295 src/integritysetup.c:303
-#: src/integritysetup.c:313
+#: src/cryptsetup.c:982
+#, c-format
+msgid "This will overwrite data on %s irrevocably."
+msgstr "这将覆盖 %s 上的数据,该动作不可取消。"
+
+#: src/cryptsetup.c:1002 src/integritysetup.c:187 src/integritysetup.c:196
+#: src/integritysetup.c:205 src/integritysetup.c:252 src/integritysetup.c:261
+#: src/integritysetup.c:271
#, fuzzy
+#| msgid "No known cipher specification pattern detected.\n"
msgid "No known integrity specification pattern detected."
msgstr "未探测到已知的密文特征。\n"
-#: src/cryptsetup.c:1409
+#: src/cryptsetup.c:1015
#, c-format
msgid "Cannot use %s as on-disk header."
msgstr "无法将 %s 作为磁盘上的标头使用。"
-#: src/cryptsetup.c:1433 src/integritysetup.c:236
-#, c-format
-msgid "This will overwrite data on %s irrevocably."
-msgstr "这将覆盖 %s 上的数据,该动作不可取消。"
-
# stat() 主要就是出来一个各种文件信息……
-#: src/cryptsetup.c:1466 src/cryptsetup.c:1800 src/cryptsetup.c:1867
-#: src/cryptsetup.c:1969 src/cryptsetup.c:2035 src/cryptsetup_reencrypt.c:571
+#: src/cryptsetup.c:1040 src/cryptsetup.c:1314 src/cryptsetup.c:1373
+#: src/cryptsetup.c:1459 src/cryptsetup.c:1510
msgid "Failed to set pbkdf parameters."
msgstr "设置 pbkdf 参数失败。"
-#: src/cryptsetup.c:1551
+#: src/cryptsetup.c:1092
#, fuzzy
+#| msgid "Reduced data offset is allowed only for detached LUKS header.\n"
msgid "Reduced data offset is allowed only for detached LUKS header."
msgstr "仅已脱离的 LUKS 数据头可以使用缩减的数据偏移。\n"
-#: src/cryptsetup.c:1562 src/cryptsetup.c:1873
-msgid "Cannot determine volume key size for LUKS without keyslots, please use --key-size option."
-msgstr ""
-
-#: src/cryptsetup.c:1600
+#: src/cryptsetup.c:1131
msgid "Device activated but cannot make flags persistent."
msgstr ""
-#: src/cryptsetup.c:1681 src/cryptsetup.c:1751
+#: src/cryptsetup.c:1209
#, fuzzy, c-format
+#| msgid "Key slot %d selected for deletion.\n"
msgid "Keyslot %d is selected for deletion."
msgstr "已选中密钥槽 %d 以删除。\n"
-#: src/cryptsetup.c:1693 src/cryptsetup.c:1754
+#: src/cryptsetup.c:1212
+#, fuzzy, c-format
+#| msgid "Key slot %d is not used.\n"
+msgid "Keyslot %d is not active."
+msgstr "密钥槽 %d 未使用。\n"
+
+#: src/cryptsetup.c:1221 src/cryptsetup.c:1276
msgid "This is the last keyslot. Device will become unusable after purging this key."
msgstr "这是最后一个密钥槽。设备在清空此密钥后将不可用。"
-#: src/cryptsetup.c:1694
+#: src/cryptsetup.c:1222
msgid "Enter any remaining passphrase: "
msgstr "输入任意剩余的口令: "
-#: src/cryptsetup.c:1695 src/cryptsetup.c:1756
+#: src/cryptsetup.c:1223 src/cryptsetup.c:1278
msgid "Operation aborted, the keyslot was NOT wiped.\n"
msgstr ""
-#: src/cryptsetup.c:1733
+#: src/cryptsetup.c:1256
msgid "Enter passphrase to be deleted: "
msgstr "输入要移除的口令: "
-#: src/cryptsetup.c:1814 src/cryptsetup.c:1888 src/cryptsetup.c:1922
+#: src/cryptsetup.c:1273
+#, c-format
+msgid "Key slot %d selected for deletion."
+msgstr "已选中密钥槽 %d 以供删除。"
+
+#: src/cryptsetup.c:1328 src/cryptsetup.c:1387 src/cryptsetup.c:1420
msgid "Enter new passphrase for key slot: "
msgstr "输入密钥槽的新口令: "
-#: src/cryptsetup.c:1905 src/cryptsetup_reencrypt.c:1361
+#: src/cryptsetup.c:1404 src/cryptsetup_reencrypt.c:1351
#, c-format
msgid "Enter any existing passphrase: "
msgstr "输入任意已存在的口令: "
-#: src/cryptsetup.c:1973
+#: src/cryptsetup.c:1463
msgid "Enter passphrase to be changed: "
msgstr "输入要更改的口令: "
-#: src/cryptsetup.c:1989 src/cryptsetup_reencrypt.c:1347
+#: src/cryptsetup.c:1478 src/cryptsetup_reencrypt.c:1336
msgid "Enter new passphrase: "
msgstr "输入新口令: "
-#: src/cryptsetup.c:2039
+#: src/cryptsetup.c:1514
#, fuzzy
+#| msgid "Enter passphrase for key slot %u: "
msgid "Enter passphrase for keyslot to be converted: "
msgstr "输入密钥槽 %u 的密码:"
-#: src/cryptsetup.c:2063
+#: src/cryptsetup.c:1537
#, fuzzy
+#| msgid "Only one device argument for isLuks operation is supported.\n"
msgid "Only one device argument for isLuks operation is supported."
msgstr "isLuks 操作仅支持一个设备参数。\n"
-#: src/cryptsetup.c:2113
-msgid ""
-"The header dump with volume key is sensitive information\n"
-"that allows access to encrypted partition without a passphrase.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-
-#: src/cryptsetup.c:2178
-#, fuzzy, c-format
-msgid "Keyslot %d does not contain unbound key."
-msgstr "密钥槽 %d 未使用。\n"
-
-#: src/cryptsetup.c:2184
-msgid ""
-"The header dump with unbound key is sensitive information.\n"
-"This dump should be stored encrypted in a safe place."
-msgstr ""
-
-#: src/cryptsetup.c:2273 src/cryptsetup.c:2302
-#, fuzzy, c-format
-msgid "%s is not active %s device name."
-msgstr "显示已激活的设备信息"
-
-#: src/cryptsetup.c:2297
-#, c-format
-msgid "%s is not active LUKS device name or header is missing."
-msgstr ""
-
-#: src/cryptsetup.c:2335 src/cryptsetup.c:2356
+#: src/cryptsetup.c:1716 src/cryptsetup.c:1737
#, fuzzy
+#| msgid "Option --header-backup-file is required.\n"
msgid "Option --header-backup-file is required."
msgstr "必须指定 --header-backup-file 选项。\n"
-#: src/cryptsetup.c:2386
-#, c-format
-msgid "%s is not cryptsetup managed device."
-msgstr ""
-
-#: src/cryptsetup.c:2397
-#, fuzzy, c-format
-msgid "Refresh is not supported for device type %s"
-msgstr "设备 %s 不支持恢复。"
-
-#: src/cryptsetup.c:2439
+#: src/cryptsetup.c:1776
#, fuzzy, c-format
+#| msgid "Unrecognized metadata device type %s.\n"
msgid "Unrecognized metadata device type %s."
msgstr "无法识别的元数据设备类型 %s。\n"
-#: src/cryptsetup.c:2442
+#: src/cryptsetup.c:1779
#, fuzzy
+#| msgid "Command requires device and mapped name as arguments.\n"
msgid "Command requires device and mapped name as arguments."
msgstr "命令需要设备及映射名作为参数。\n"
-#: src/cryptsetup.c:2464
+#: src/cryptsetup.c:1798
#, c-format
msgid ""
"This operation will erase all keyslots on device %s.\n"
"该操作将清空设备 %s 上所有的密钥槽。\n"
"设备在此操作后将不可用。"
-#: src/cryptsetup.c:2471
+#: src/cryptsetup.c:1805
msgid "Operation aborted, keyslots were NOT wiped.\n"
msgstr "操作已中止,密钥槽没有被擦除。\n"
-#: src/cryptsetup.c:2510
-msgid "Invalid LUKS type, only luks1 and luks2 are supported."
+#: src/cryptsetup.c:1841
+msgid "Missing LUKS target type, option --type is required."
msgstr ""
-#: src/cryptsetup.c:2528
+#: src/cryptsetup.c:1857
#, c-format
msgid "Device is already %s type."
msgstr "设备已为 %s 类型。"
-#: src/cryptsetup.c:2533
+#: src/cryptsetup.c:1862
#, fuzzy, c-format
+#| msgid "This operation is not supported for %s crypt device.\n"
msgid "This operation will convert %s to %s format.\n"
msgstr "不支持在 %s 加密设备上执行此操作。\n"
-#: src/cryptsetup.c:2539
+#: src/cryptsetup.c:1868
msgid "Operation aborted, device was NOT converted.\n"
msgstr ""
-#: src/cryptsetup.c:2579
+#: src/cryptsetup.c:1908
msgid "Option --priority, --label or --subsystem is missing."
msgstr "选项 --priority、--label 或 --subsystem 缺失。"
-#: src/cryptsetup.c:2613 src/cryptsetup.c:2646 src/cryptsetup.c:2669
+#: src/cryptsetup.c:1939
#, fuzzy, c-format
+#| msgid "Key slot %d is invalid.\n"
msgid "Token %d is invalid."
msgstr "密钥槽 %d 无效。\n"
-#: src/cryptsetup.c:2616 src/cryptsetup.c:2672
+#: src/cryptsetup.c:1942
#, fuzzy, c-format
+#| msgid "Key slot %d is not used.\n"
msgid "Token %d in use."
msgstr "密钥槽 %d 未使用。\n"
-# stat() 主要就是出来一个各种文件信息……
-#: src/cryptsetup.c:2623
-#, fuzzy, c-format
-msgid "Failed to add luks2-keyring token %d."
-msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-
-#: src/cryptsetup.c:2632 src/cryptsetup.c:2694
+#: src/cryptsetup.c:1955
#, fuzzy, c-format
+#| msgid "Failed to swap new key slot.\n"
msgid "Failed to assign token %d to keyslot %d."
msgstr "交换新密钥槽失败。\n"
-#: src/cryptsetup.c:2649
-#, fuzzy, c-format
-msgid "Token %d is not in use."
-msgstr "密钥槽 %d 未使用。\n"
-
-#: src/cryptsetup.c:2684
-#, fuzzy
-msgid "Failed to import token from file."
-msgstr "打开 (open) 密钥文件失败。"
-
-#: src/cryptsetup.c:2709
-#, fuzzy, c-format
-msgid "Failed to get token %d for export."
-msgstr "交换新密钥槽失败。\n"
-
-#: src/cryptsetup.c:2724
+#: src/cryptsetup.c:1969
msgid "--key-description parameter is mandatory for token add action."
msgstr ""
-#: src/cryptsetup.c:2730 src/cryptsetup.c:2738
-msgid "Action requires specific token. Use --token-id parameter."
+#: src/cryptsetup.c:1975
+msgid "Missing --token option specifying token for removal."
msgstr ""
-#: src/cryptsetup.c:2743
+#: src/cryptsetup.c:1980
#, fuzzy, c-format
+#| msgid "Invalid device %s.\n"
msgid "Invalid token operation %s."
msgstr "设备 %s 无效。\n"
-#: src/cryptsetup.c:2798
-#, c-format
-msgid "Auto-detected active dm device '%s' for data device %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2802
-#, fuzzy, c-format
-msgid "Device %s is not a block device.\n"
-msgstr "%s 不是有效的 LUKS 设备。"
-
-#: src/cryptsetup.c:2804
-#, fuzzy, c-format
-msgid "Failed to auto-detect device %s holders."
-msgstr "无法获取设备 %s 上的写入锁。"
-
-#: src/cryptsetup.c:2806
-#, c-format
-msgid ""
-"Unable to decide if device %s is activated or not.\n"
-"Are you sure you want to proceed with reencryption in offline mode?\n"
-"It may lead to data corruption if the device is actually activated.\n"
-"To run reencryption in online mode, use --active-name parameter instead.\n"
-msgstr ""
-
-#: src/cryptsetup.c:2886
-#, fuzzy
-msgid "Invalid LUKS device type."
-msgstr "设备 %s 无效。"
-
-#: src/cryptsetup.c:2891
-msgid "Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."
-msgstr ""
-
-#: src/cryptsetup.c:2896
-msgid "Requested data offset must be less than or equal to half of --reduce-device-size parameter."
-msgstr ""
-
-#: src/cryptsetup.c:2905
-#, c-format
-msgid "Adjusting --reduce-device-size value to twice the --offset %<PRIu64> (sectors).\n"
-msgstr ""
-
-#: src/cryptsetup.c:2909
-#, fuzzy
-msgid "Encryption is supported only for LUKS2 format."
-msgstr "此操作只适用 LUKS2 设备。"
-
-#: src/cryptsetup.c:2932
-#, c-format
-msgid "Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"
-msgstr ""
-
-#: src/cryptsetup.c:2950
-#, fuzzy, c-format
-msgid "Temporary header file %s already exists. Aborting."
-msgstr "请求的标头备份文件 %s 已存在。"
-
-#: src/cryptsetup.c:2952 src/cryptsetup.c:2959
+# stat() 主要就是出来一个各种文件信息……
+#: src/cryptsetup.c:1995
#, fuzzy, c-format
-msgid "Cannot create temporary header file %s."
-msgstr "无法创建标头文件 %s。"
-
-#: src/cryptsetup.c:3026
-#, c-format
-msgid "%s/%s is now active and ready for online encryption.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3063
-msgid "LUKS2 decryption is supported with detached header device only."
-msgstr ""
-
-#: src/cryptsetup.c:3196 src/cryptsetup.c:3202
-#, fuzzy
-msgid "Not enough free keyslots for reencryption."
-msgstr "不要更改密钥,无数据区重加密"
-
-#: src/cryptsetup.c:3222 src/cryptsetup_reencrypt.c:1312
-msgid "Key file can be used only with --key-slot or with exactly one key slot active."
-msgstr "密钥文件只能在指定 --key-slot 时或有且只有一个槽启用时使用。"
+#| msgid "Failed to stat key file.\n"
+msgid "Failed to add keyring token %d."
+msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-#: src/cryptsetup.c:3231 src/cryptsetup_reencrypt.c:1359
-#: src/cryptsetup_reencrypt.c:1370
+#: src/cryptsetup.c:1997
#, fuzzy, c-format
-msgid "Enter passphrase for key slot %d: "
-msgstr "输入密钥槽 %u 的口令: "
-
-#: src/cryptsetup.c:3240
-#, c-format
-msgid "Enter passphrase for key slot %u: "
-msgstr "输入密钥槽 %u 的口令: "
-
-#: src/cryptsetup.c:3286
-#, c-format
-msgid "Switching data encryption cipher to %s.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3419
-#, fuzzy
-msgid "Command requires device as argument."
-msgstr "命令需要设备及映射名作为参数。\n"
-
-#: src/cryptsetup.c:3441
-msgid "Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."
-msgstr ""
-
-#: src/cryptsetup.c:3453
-msgid "Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."
-msgstr ""
-
-#: src/cryptsetup.c:3463 src/cryptsetup_reencrypt.c:196
-msgid "Reencryption of device with integrity profile is not supported."
-msgstr "不支持带有完整性 profile 信息的设备的重加密。"
-
-#: src/cryptsetup.c:3471
-msgid "LUKS2 reencryption already initialized. Aborting operation."
-msgstr ""
-
-#: src/cryptsetup.c:3475
-#, fuzzy
-msgid "LUKS2 device is not in reencryption."
-msgstr "日志文件 %s 存在,继续重加密。\n"
+#| msgid "Failed to open key file.\n"
+msgid "Failed to remove token %d."
+msgstr "打开 (open) 密钥文件失败。\n"
-#: src/cryptsetup.c:3502
+#: src/cryptsetup.c:2013
msgid "<device> [--type <type>] [<name>]"
msgstr "<设备> [--type <类型>] [<名称>]"
-#: src/cryptsetup.c:3502 src/veritysetup.c:408 src/integritysetup.c:493
-msgid "open device as <name>"
-msgstr "以 <名称> 打开设备"
+#: src/cryptsetup.c:2013
+msgid "open device as mapping <name>"
+msgstr "以映射 <名称> 打开设备"
-#: src/cryptsetup.c:3503 src/cryptsetup.c:3504 src/cryptsetup.c:3505
-#: src/veritysetup.c:409 src/veritysetup.c:410 src/integritysetup.c:494
-#: src/integritysetup.c:495
+#: src/cryptsetup.c:2014 src/cryptsetup.c:2015 src/cryptsetup.c:2016
+#: src/veritysetup.c:366 src/veritysetup.c:367 src/integritysetup.c:427
+#: src/integritysetup.c:428
msgid "<name>"
msgstr "<名称>"
-#: src/cryptsetup.c:3503 src/veritysetup.c:409 src/integritysetup.c:494
+#: src/cryptsetup.c:2014
msgid "close device (remove mapping)"
msgstr "关闭设备(移除映射)"
-#: src/cryptsetup.c:3504
+#: src/cryptsetup.c:2015
msgid "resize active device"
msgstr "改变活动设备大小。"
-#: src/cryptsetup.c:3505
+#: src/cryptsetup.c:2016
msgid "show device status"
msgstr "显示设备状态"
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2017
msgid "[--cipher <cipher>]"
msgstr ""
-#: src/cryptsetup.c:3506
+#: src/cryptsetup.c:2017
msgid "benchmark cipher"
msgstr "测试密文"
-#: src/cryptsetup.c:3507 src/cryptsetup.c:3508 src/cryptsetup.c:3509
-#: src/cryptsetup.c:3510 src/cryptsetup.c:3511 src/cryptsetup.c:3518
-#: src/cryptsetup.c:3519 src/cryptsetup.c:3520 src/cryptsetup.c:3521
-#: src/cryptsetup.c:3522 src/cryptsetup.c:3523 src/cryptsetup.c:3524
-#: src/cryptsetup.c:3525 src/cryptsetup.c:3526
+#: src/cryptsetup.c:2018 src/cryptsetup.c:2019 src/cryptsetup.c:2020
+#: src/cryptsetup.c:2021 src/cryptsetup.c:2028 src/cryptsetup.c:2029
+#: src/cryptsetup.c:2030 src/cryptsetup.c:2031 src/cryptsetup.c:2032
+#: src/cryptsetup.c:2033 src/cryptsetup.c:2034 src/cryptsetup.c:2035
msgid "<device>"
msgstr "<设备>"
-#: src/cryptsetup.c:3507
+#: src/cryptsetup.c:2018
msgid "try to repair on-disk metadata"
msgstr "尝试修复磁盘上的元数据"
-#: src/cryptsetup.c:3508
-#, fuzzy
-msgid "reencrypt LUKS2 device"
-msgstr "向 LUKS 设备添加密钥"
-
-#: src/cryptsetup.c:3509
+#: src/cryptsetup.c:2019
msgid "erase all keyslots (remove encryption key)"
msgstr "清空所有密钥槽(移除加密密钥)"
-#: src/cryptsetup.c:3510
+#: src/cryptsetup.c:2020
msgid "convert LUKS from/to LUKS2 format"
msgstr "在 LUKS 和 LUKS2 格式之间转换"
-#: src/cryptsetup.c:3511
+#: src/cryptsetup.c:2021
msgid "set permanent configuration options for LUKS2"
msgstr ""
-#: src/cryptsetup.c:3512 src/cryptsetup.c:3513
+#: src/cryptsetup.c:2022 src/cryptsetup.c:2023
msgid "<device> [<new key file>]"
msgstr "<设备> [<新密钥文件>]"
-#: src/cryptsetup.c:3512
+#: src/cryptsetup.c:2022
msgid "formats a LUKS device"
msgstr "格式化一个 LUKS 设备"
-#: src/cryptsetup.c:3513
+#: src/cryptsetup.c:2023
msgid "add key to LUKS device"
msgstr "向 LUKS 设备添加密钥"
-#: src/cryptsetup.c:3514 src/cryptsetup.c:3515 src/cryptsetup.c:3516
+#: src/cryptsetup.c:2024 src/cryptsetup.c:2025 src/cryptsetup.c:2026
msgid "<device> [<key file>]"
msgstr "<设备> [<密钥文件>]"
-#: src/cryptsetup.c:3514
+#: src/cryptsetup.c:2024
msgid "removes supplied key or key file from LUKS device"
msgstr "移除 LUKS 设备中指定的密钥或密钥文件"
-#: src/cryptsetup.c:3515
+#: src/cryptsetup.c:2025
msgid "changes supplied key or key file of LUKS device"
msgstr "更改 LUKS 设备中指定的密钥或密钥文件"
# stat() 主要就是出来一个各种文件信息……
-#: src/cryptsetup.c:3516
+#: src/cryptsetup.c:2026
#, fuzzy
+#| msgid "Failed to stat key file.\n"
msgid "converts a key to new pbkdf parameters"
msgstr "获取 (stat) 密钥文件统计数据失败。\n"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2027
msgid "<device> <key slot>"
msgstr "<设备> <密钥槽>"
-#: src/cryptsetup.c:3517
+#: src/cryptsetup.c:2027
msgid "wipes key with number <key slot> from LUKS device"
msgstr "从 LUKS 设备清理标号为 <key slot> 的密钥"
-#: src/cryptsetup.c:3518
+#: src/cryptsetup.c:2028
msgid "print UUID of LUKS device"
msgstr "输出 LUKS 设备的 UUID(唯一标识符)"
-#: src/cryptsetup.c:3519
+#: src/cryptsetup.c:2029
msgid "tests <device> for LUKS partition header"
msgstr "从 <device> 探测 LUKS 分区标头"
-#: src/cryptsetup.c:3520
+#: src/cryptsetup.c:2030
msgid "dump LUKS partition information"
msgstr "调出 LUKS 分区信息"
-#: src/cryptsetup.c:3521
+#: src/cryptsetup.c:2031
msgid "dump TCRYPT device information"
msgstr "调出 TCRYPT 设备信息"
-#: src/cryptsetup.c:3522
-#, fuzzy
-msgid "dump BITLK device information"
-msgstr "调出 TCRYPT 设备信息"
-
-#: src/cryptsetup.c:3523
+#: src/cryptsetup.c:2032
#, fuzzy
+#| msgid "Suspend LUKS device and wipe key (all IOs are frozen)."
msgid "Suspend LUKS device and wipe key (all IOs are frozen)"
msgstr "挂起 LUKS 设备并清除密钥(冻结所有 IO 操作)。"
-#: src/cryptsetup.c:3524
+#: src/cryptsetup.c:2033
msgid "Resume suspended LUKS device"
msgstr "恢复已挂起的 LUKS 设备"
-#: src/cryptsetup.c:3525
+#: src/cryptsetup.c:2034
msgid "Backup LUKS device header and keyslots"
msgstr "备份 LUKS 设备标头和密钥槽"
-#: src/cryptsetup.c:3526
+#: src/cryptsetup.c:2035
msgid "Restore LUKS device header and keyslots"
msgstr "恢复 LUKS 设备标头和密钥槽"
-#: src/cryptsetup.c:3527
-msgid "<add|remove|import|export> <device>"
+#: src/cryptsetup.c:2036
+msgid "<add|remove> <device>"
msgstr ""
-#: src/cryptsetup.c:3527
-msgid "Manipulate LUKS2 tokens"
+#: src/cryptsetup.c:2036
+msgid "Add or remove keyring token"
msgstr ""
-#: src/cryptsetup.c:3545 src/veritysetup.c:426 src/integritysetup.c:511
+#: src/cryptsetup.c:2054 src/veritysetup.c:383 src/integritysetup.c:444
msgid ""
"\n"
"<action> is one of:\n"
"\n"
"<动作> 为其中之一:\n"
-#: src/cryptsetup.c:3551
-#, fuzzy
+#: src/cryptsetup.c:2060
msgid ""
"\n"
"You can also use old <action> syntax aliases:\n"
-"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
-"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"
+"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
+"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
msgstr ""
"\n"
"你亦可使用老的 <动作> 语法别名:\n"
"\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen\n"
"\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose\n"
-#: src/cryptsetup.c:3555
+#: src/cryptsetup.c:2064
#, c-format
msgid ""
"\n"
"<key slot> 为需要更改的 LUKS 密钥槽\n"
"<key file> 提供给 luksAddKey 动作的密钥文件\n"
-#: src/cryptsetup.c:3562
+#: src/cryptsetup.c:2071
#, c-format
msgid ""
"\n"
"Default compiled-in metadata format is %s (for luksFormat action).\n"
msgstr ""
-#: src/cryptsetup.c:3567
+#: src/cryptsetup.c:2076
#, fuzzy, c-format
+#| msgid ""
+#| "\n"
+#| "Default compiled-in key and passphrase parameters:\n"
+#| "\tMaximum keyfile size: %dkB, Maximum interactive passphrase length %d (characters)\n"
+#| "Default PBKDF2 iteration time for LUKS: %d (ms)\n"
msgid ""
"\n"
"Default compiled-in key and passphrase parameters:\n"
"\t密钥文件的最大大小:%dkB, 交互式密码的最大长度:%d (字符)\n"
"LUKS 的默认 PBKDF2 迭代时间:%d (毫秒)\n"
-#: src/cryptsetup.c:3578
-#, fuzzy, c-format
+#: src/cryptsetup.c:2087
+#, c-format
msgid ""
"\n"
"Default compiled-in device cipher parameters:\n"
"\tloop-AES: %s, Key %d bits\n"
"\tplain: %s, Key: %d bits, Password hashing: %s\n"
-"\tLUKS: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
+"\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"
msgstr ""
"\n"
"默认集成的设备密文参数:\n"
"\tplain:%s, 密钥:%d 位, 密码哈希:%s\n"
"\tLUKS1:%s, 密钥:%d bits, LUKS 数据头哈希:%s, RNG:%s\n"
-#: src/cryptsetup.c:3587
-msgid "\tLUKS: Default keysize with XTS mode (two internal keys) will be doubled.\n"
-msgstr ""
-
-#: src/cryptsetup.c:3605 src/veritysetup.c:587 src/integritysetup.c:665
+#: src/cryptsetup.c:2104 src/veritysetup.c:540 src/integritysetup.c:581
#, c-format
msgid "%s: requires %s as arguments"
msgstr "%s: 需要 %s 作为参数"
-#: src/cryptsetup.c:3637 src/veritysetup.c:472 src/integritysetup.c:553
-#: src/cryptsetup_reencrypt.c:1627
+#: src/cryptsetup.c:2137 src/veritysetup.c:423 src/integritysetup.c:478
+#: src/cryptsetup_reencrypt.c:1608
msgid "Show this help message"
msgstr "显示此帮助"
-#: src/cryptsetup.c:3638 src/veritysetup.c:473 src/integritysetup.c:554
-#: src/cryptsetup_reencrypt.c:1628
+#: src/cryptsetup.c:2138 src/veritysetup.c:424 src/integritysetup.c:479
+#: src/cryptsetup_reencrypt.c:1609
msgid "Display brief usage"
msgstr "显示简短用法"
-#: src/cryptsetup.c:3639 src/veritysetup.c:474 src/integritysetup.c:555
-#: src/cryptsetup_reencrypt.c:1629
-msgid "Print package version"
-msgstr "打印软件包版本"
-
-#: src/cryptsetup.c:3643 src/veritysetup.c:478 src/integritysetup.c:559
-#: src/cryptsetup_reencrypt.c:1633
+#: src/cryptsetup.c:2142 src/veritysetup.c:428 src/integritysetup.c:483
+#: src/cryptsetup_reencrypt.c:1613
msgid "Help options:"
msgstr "帮助选项:"
-#: src/cryptsetup.c:3644 src/veritysetup.c:479 src/integritysetup.c:560
-#: src/cryptsetup_reencrypt.c:1634
+#: src/cryptsetup.c:2143 src/veritysetup.c:429 src/integritysetup.c:484
+#: src/cryptsetup_reencrypt.c:1614
+msgid "Print package version"
+msgstr "打印软件包版本"
+
+#: src/cryptsetup.c:2144 src/veritysetup.c:430 src/integritysetup.c:485
+#: src/cryptsetup_reencrypt.c:1615
msgid "Shows more detailed error messages"
msgstr "显示更详细的错误信息"
-#: src/cryptsetup.c:3645 src/veritysetup.c:480 src/integritysetup.c:561
-#: src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup.c:2145 src/veritysetup.c:431 src/integritysetup.c:486
+#: src/cryptsetup_reencrypt.c:1616
msgid "Show debug messages"
msgstr "显示调试信息"
-#: src/cryptsetup.c:3646
-#, fuzzy
-msgid "Show debug messages including JSON metadata"
-msgstr "显示调试信息"
-
-#: src/cryptsetup.c:3647 src/cryptsetup_reencrypt.c:1637
+#: src/cryptsetup.c:2146 src/cryptsetup_reencrypt.c:1618
msgid "The cipher used to encrypt the disk (see /proc/crypto)"
msgstr "用于加密磁盘的密文(参见 /proc/crypto)"
-#: src/cryptsetup.c:3648 src/cryptsetup_reencrypt.c:1639
+#: src/cryptsetup.c:2147 src/cryptsetup_reencrypt.c:1620
msgid "The hash used to create the encryption key from the passphrase"
msgstr "用于从密码创建加密密钥的哈希值"
-#: src/cryptsetup.c:3649
+#: src/cryptsetup.c:2148
msgid "Verifies the passphrase by asking for it twice"
msgstr "两次询问密码以进行验证"
-#: src/cryptsetup.c:3650 src/cryptsetup_reencrypt.c:1641
+#: src/cryptsetup.c:2149 src/cryptsetup_reencrypt.c:1622
msgid "Read the key from a file"
msgstr "从文件读取密钥"
-#: src/cryptsetup.c:3651
+#: src/cryptsetup.c:2150
msgid "Read the volume (master) key from file."
msgstr "从文件读取卷(主)密钥。"
-#: src/cryptsetup.c:3652
+#: src/cryptsetup.c:2151
#, fuzzy
+#| msgid "Dump volume (master) key instead of keyslots info."
msgid "Dump volume (master) key instead of keyslots info"
msgstr "转储卷(主)密钥而不是键槽信息。"
-#: src/cryptsetup.c:3653 src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2152 src/cryptsetup_reencrypt.c:1619
msgid "The size of the encryption key"
msgstr "加密密钥大小"
-#: src/cryptsetup.c:3653 src/cryptsetup.c:3716 src/integritysetup.c:579
-#: src/integritysetup.c:583 src/integritysetup.c:587
-#: src/cryptsetup_reencrypt.c:1638
+#: src/cryptsetup.c:2152 src/integritysetup.c:500 src/integritysetup.c:504
+#: src/integritysetup.c:508 src/cryptsetup_reencrypt.c:1619
msgid "BITS"
msgstr "位"
-#: src/cryptsetup.c:3654 src/cryptsetup_reencrypt.c:1654
+#: src/cryptsetup.c:2153 src/cryptsetup_reencrypt.c:1635
msgid "Limits the read from keyfile"
msgstr "限制从密钥文件读取"
-#: src/cryptsetup.c:3654 src/cryptsetup.c:3655 src/cryptsetup.c:3656
-#: src/cryptsetup.c:3657 src/cryptsetup.c:3660 src/cryptsetup.c:3713
-#: src/cryptsetup.c:3714 src/cryptsetup.c:3722 src/cryptsetup.c:3723
-#: src/veritysetup.c:483 src/veritysetup.c:484 src/veritysetup.c:485
-#: src/veritysetup.c:488 src/veritysetup.c:489 src/integritysetup.c:568
-#: src/integritysetup.c:574 src/integritysetup.c:575
-#: src/cryptsetup_reencrypt.c:1653 src/cryptsetup_reencrypt.c:1654
-#: src/cryptsetup_reencrypt.c:1655 src/cryptsetup_reencrypt.c:1656
+#: src/cryptsetup.c:2153 src/cryptsetup.c:2154 src/cryptsetup.c:2155
+#: src/cryptsetup.c:2156 src/veritysetup.c:434 src/veritysetup.c:435
+#: src/veritysetup.c:436 src/veritysetup.c:439 src/veritysetup.c:440
+#: src/integritysetup.c:491 src/integritysetup.c:495 src/integritysetup.c:496
+#: src/cryptsetup_reencrypt.c:1634 src/cryptsetup_reencrypt.c:1635
+#: src/cryptsetup_reencrypt.c:1636 src/cryptsetup_reencrypt.c:1637
msgid "bytes"
msgstr "字节"
-#: src/cryptsetup.c:3655 src/cryptsetup_reencrypt.c:1653
+#: src/cryptsetup.c:2154 src/cryptsetup_reencrypt.c:1634
msgid "Number of bytes to skip in keyfile"
msgstr "要从密钥文件跳过的字节数"
-#: src/cryptsetup.c:3656
+#: src/cryptsetup.c:2155
msgid "Limits the read from newly added keyfile"
msgstr "限制从新增密钥文件的读取"
-#: src/cryptsetup.c:3657
+#: src/cryptsetup.c:2156
msgid "Number of bytes to skip in newly added keyfile"
msgstr "要从新增密钥文件跳过的字节数"
-#: src/cryptsetup.c:3658
+#: src/cryptsetup.c:2157
msgid "Slot number for new key (default is first free)"
msgstr "新密钥的槽号(默认为第一个可用的)"
-#: src/cryptsetup.c:3659
+#: src/cryptsetup.c:2158
msgid "The size of the device"
msgstr "设备大小"
-#: src/cryptsetup.c:3659 src/cryptsetup.c:3661 src/cryptsetup.c:3662
-#: src/cryptsetup.c:3668 src/integritysetup.c:569 src/integritysetup.c:576
+#: src/cryptsetup.c:2158 src/cryptsetup.c:2159 src/cryptsetup.c:2160
+#: src/cryptsetup.c:2166 src/integritysetup.c:492 src/integritysetup.c:497
msgid "SECTORS"
msgstr "扇区"
-#: src/cryptsetup.c:3660 src/cryptsetup_reencrypt.c:1656
-msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
-msgstr "只使用指定的设备大小(忽略设备其余部分)。危险!"
-
-#: src/cryptsetup.c:3661
+#: src/cryptsetup.c:2159
msgid "The start offset in the backend device"
msgstr "后端设备的起始偏移量"
-#: src/cryptsetup.c:3662
+#: src/cryptsetup.c:2160
msgid "How many sectors of the encrypted data to skip at the beginning"
msgstr "从开头要跳过的加密数据扇区数量"
-#: src/cryptsetup.c:3663
+#: src/cryptsetup.c:2161
msgid "Create a readonly mapping"
msgstr "创建只读映射"
-#: src/cryptsetup.c:3664 src/integritysetup.c:562
-#: src/cryptsetup_reencrypt.c:1644
+#: src/cryptsetup.c:2162 src/integritysetup.c:487
+#: src/cryptsetup_reencrypt.c:1625
msgid "Do not ask for confirmation"
msgstr "不要请求确认"
-#: src/cryptsetup.c:3665
+#: src/cryptsetup.c:2163
msgid "Timeout for interactive passphrase prompt (in seconds)"
msgstr "交互式密码提示符超时长度(秒)"
-#: src/cryptsetup.c:3665 src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2163 src/cryptsetup.c:2164 src/integritysetup.c:488
+#: src/cryptsetup_reencrypt.c:1626
msgid "secs"
msgstr "秒"
-#: src/cryptsetup.c:3666 src/integritysetup.c:563
-#: src/cryptsetup_reencrypt.c:1645
+#: src/cryptsetup.c:2164 src/integritysetup.c:488
+#: src/cryptsetup_reencrypt.c:1626
msgid "Progress line update (in seconds)"
msgstr ""
-#: src/cryptsetup.c:3667 src/cryptsetup_reencrypt.c:1646
+#: src/cryptsetup.c:2165 src/cryptsetup_reencrypt.c:1627
msgid "How often the input of the passphrase can be retried"
msgstr "输入密码的最大重试频率"
-#: src/cryptsetup.c:3668
+#: src/cryptsetup.c:2166
msgid "Align payload at <n> sector boundaries - for luksFormat"
msgstr "于 <n> 个扇区边界处对其载荷数据 - 供 luks 格式用"
-#: src/cryptsetup.c:3669
+#: src/cryptsetup.c:2167
#, fuzzy
+#| msgid "File with LUKS header and keyslots backup."
msgid "File with LUKS header and keyslots backup"
msgstr "带有 LUKS 数据头和密钥槽备份的文件。"
-#: src/cryptsetup.c:3670 src/cryptsetup_reencrypt.c:1647
+#: src/cryptsetup.c:2168 src/cryptsetup_reencrypt.c:1628
msgid "Use /dev/random for generating volume key"
msgstr "使用 /dev/random 生成卷密钥"
-#: src/cryptsetup.c:3671 src/cryptsetup_reencrypt.c:1648
+#: src/cryptsetup.c:2169 src/cryptsetup_reencrypt.c:1629
msgid "Use /dev/urandom for generating volume key"
msgstr "使用 /dev/urandom 生成卷密钥"
-#: src/cryptsetup.c:3672
+#: src/cryptsetup.c:2170
#, fuzzy
+#| msgid "Share device with another non-overlapping crypt segment."
msgid "Share device with another non-overlapping crypt segment"
msgstr "与另一个不重合的加密段共享设备。"
-#: src/cryptsetup.c:3673 src/veritysetup.c:492
+#: src/cryptsetup.c:2171 src/veritysetup.c:443
#, fuzzy
+#| msgid "UUID for device to use."
msgid "UUID for device to use"
msgstr "设备使用的 UUID 已占用。"
-#: src/cryptsetup.c:3674 src/integritysetup.c:599
+#: src/cryptsetup.c:2172
#, fuzzy
+#| msgid "Allow discards (aka TRIM) requests for device."
msgid "Allow discards (aka TRIM) requests for device"
msgstr "允许设备的 discard(或称 TRIM)请求。"
-#: src/cryptsetup.c:3675 src/cryptsetup_reencrypt.c:1665
+#: src/cryptsetup.c:2173 src/cryptsetup_reencrypt.c:1646
#, fuzzy
+#| msgid "Device or file with separated LUKS header."
msgid "Device or file with separated LUKS header"
msgstr "带有分离 LUKS 数据头的设备或文件。"
-#: src/cryptsetup.c:3676
+#: src/cryptsetup.c:2174
#, fuzzy
+#| msgid "Do not activate device, just check passphrase."
msgid "Do not activate device, just check passphrase"
msgstr "不要激活设备,仅检查密码。"
-#: src/cryptsetup.c:3677
+#: src/cryptsetup.c:2175
#, fuzzy
+#| msgid "Use hidden header (hidden TCRYPT device)."
msgid "Use hidden header (hidden TCRYPT device)"
msgstr "使用隐藏数据头(隐藏 TCRYPT 设备)"
-#: src/cryptsetup.c:3678
+#: src/cryptsetup.c:2176
#, fuzzy
+#| msgid "Device is system TCRYPT drive (with bootloader)."
msgid "Device is system TCRYPT drive (with bootloader)"
msgstr "设备为系统 TCRYPT 驱动器(带有引导器)。"
-#: src/cryptsetup.c:3679
+#: src/cryptsetup.c:2177
msgid "Use backup (secondary) TCRYPT header"
msgstr "使用备份(次级)TCRYPT 标头"
-#: src/cryptsetup.c:3680
+#: src/cryptsetup.c:2178
#, fuzzy
+#| msgid "Scan also for VeraCrypt compatible device."
msgid "Scan also for VeraCrypt compatible device"
msgstr "同时扫描 VeraCrypt 兼容的设备。"
-#: src/cryptsetup.c:3681
+#: src/cryptsetup.c:2179
#, fuzzy
+#| msgid "Scan also for VeraCrypt compatible device."
msgid "Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "同时扫描 VeraCrypt 兼容的设备。"
-#: src/cryptsetup.c:3682
+#: src/cryptsetup.c:2180
#, fuzzy
+#| msgid "Scan also for VeraCrypt compatible device."
msgid "Query Personal Iteration Multiplier for VeraCrypt compatible device"
msgstr "同时扫描 VeraCrypt 兼容的设备。"
-#: src/cryptsetup.c:3683
+#: src/cryptsetup.c:2181
#, fuzzy
-msgid "Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"
+#| msgid "Type of device metadata: luks, plain, loopaes, tcrypt."
+msgid "Type of device metadata: luks, plain, loopaes, tcrypt"
msgstr "设备元数据类型:luks, 纯粹 (plain), loopaes, tcrypt."
-#: src/cryptsetup.c:3684
+#: src/cryptsetup.c:2182
#, fuzzy
+#| msgid "Disable password quality check (if enabled)."
msgid "Disable password quality check (if enabled)"
msgstr "禁用密码质量检查 (如果已启用)。"
-#: src/cryptsetup.c:3685
+#: src/cryptsetup.c:2183
#, fuzzy
+#| msgid "Use dm-crypt same_cpu_crypt performance compatibility option."
msgid "Use dm-crypt same_cpu_crypt performance compatibility option"
msgstr "使用 dm-crypt same_cpu_crypt 性能兼容性选项。"
-#: src/cryptsetup.c:3686
+#: src/cryptsetup.c:2184
#, fuzzy
+#| msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option."
msgid "Use dm-crypt submit_from_crypt_cpus performance compatibility option"
msgstr "使用 dm-crypt submit_from_crypt_cpus 性能兼容性选项。"
-#: src/cryptsetup.c:3687
-msgid "Bypass dm-crypt workqueue and process read requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3688
-msgid "Bypass dm-crypt workqueue and process write requests synchronously"
-msgstr ""
-
-#: src/cryptsetup.c:3689
+#: src/cryptsetup.c:2185
msgid "Device removal is deferred until the last user closes it"
msgstr ""
-#: src/cryptsetup.c:3690
-msgid "Use global lock to serialize memory hard PBKDF (OOM workaround)"
-msgstr ""
-
-#: src/cryptsetup.c:3691
+#: src/cryptsetup.c:2186
msgid "PBKDF iteration time for LUKS (in ms)"
msgstr "LUKS 默认 PBKDF 迭代时间(毫秒)"
-#: src/cryptsetup.c:3691 src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup.c:2186 src/cryptsetup_reencrypt.c:1624
msgid "msecs"
msgstr "毫秒"
-#: src/cryptsetup.c:3692 src/cryptsetup_reencrypt.c:1661
+#: src/cryptsetup.c:2187 src/cryptsetup_reencrypt.c:1642
msgid "PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"
msgstr ""
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2188 src/cryptsetup_reencrypt.c:1643
msgid "PBKDF memory cost limit"
msgstr "PBKDF 内存开销限制"
-#: src/cryptsetup.c:3693 src/cryptsetup_reencrypt.c:1662
+#: src/cryptsetup.c:2188 src/cryptsetup_reencrypt.c:1643
msgid "kilobytes"
msgstr "千字节"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2189 src/cryptsetup_reencrypt.c:1644
msgid "PBKDF parallel cost"
msgstr "PBKDF 并行开销"
-#: src/cryptsetup.c:3694 src/cryptsetup_reencrypt.c:1663
+#: src/cryptsetup.c:2189 src/cryptsetup_reencrypt.c:1644
msgid "threads"
msgstr "线程"
-#: src/cryptsetup.c:3695 src/cryptsetup_reencrypt.c:1664
+#: src/cryptsetup.c:2190 src/cryptsetup_reencrypt.c:1645
msgid "PBKDF iterations cost (forced, disables benchmark)"
msgstr ""
-#: src/cryptsetup.c:3696
-msgid "Keyslot priority: ignore, normal, prefer"
+#: src/cryptsetup.c:2191
+msgid "Keyslot priority: ignore, normal, prefer)"
msgstr ""
-#: src/cryptsetup.c:3697
+#: src/cryptsetup.c:2192
#, fuzzy
+#| msgid "try to repair on-disk metadata"
msgid "Disable locking of on-disk metadata"
msgstr "尝试修复磁盘上的元数据"
-#: src/cryptsetup.c:3698
+#: src/cryptsetup.c:2193
msgid "Disable loading volume keys via kernel keyring"
msgstr ""
-#: src/cryptsetup.c:3699
+#: src/cryptsetup.c:2194
msgid "Data integrity algorithm (LUKS2 only)"
msgstr ""
-#: src/cryptsetup.c:3700 src/integritysetup.c:590
+#: src/cryptsetup.c:2195 src/integritysetup.c:511
#, fuzzy
+#| msgid "Invalid size parameters for verity device.\n"
msgid "Disable journal for integrity device"
msgstr "为 VERITY 设备提供的大小指标无效。\n"
-#: src/cryptsetup.c:3701 src/integritysetup.c:564
+#: src/cryptsetup.c:2196 src/integritysetup.c:489
msgid "Do not wipe device after format"
msgstr ""
-#: src/cryptsetup.c:3702 src/integritysetup.c:594
-msgid "Use inefficient legacy padding (old kernels)"
-msgstr ""
-
-#: src/cryptsetup.c:3703
+#: src/cryptsetup.c:2197
msgid "Do not ask for passphrase if activation by token fails"
msgstr ""
-#: src/cryptsetup.c:3704
+#: src/cryptsetup.c:2198
msgid "Token number (default: any)"
msgstr ""
-#: src/cryptsetup.c:3705
+#: src/cryptsetup.c:2199
msgid "Key description"
msgstr ""
-#: src/cryptsetup.c:3706
+#: src/cryptsetup.c:2200
msgid "Encryption sector size (default: 512 bytes)"
msgstr ""
-#: src/cryptsetup.c:3707
-msgid "Use IV counted in sector size (not in 512 bytes)"
-msgstr ""
-
-#: src/cryptsetup.c:3708
+#: src/cryptsetup.c:2201
msgid "Set activation flags persistent for device"
msgstr ""
-#: src/cryptsetup.c:3709
+#: src/cryptsetup.c:2202
#, fuzzy
+#| msgid "formats a LUKS device"
msgid "Set label for the LUKS2 device"
msgstr "格式化一个 LUKS 设备"
-#: src/cryptsetup.c:3710
+#: src/cryptsetup.c:2203
#, fuzzy
+#| msgid "formats a LUKS device"
msgid "Set subsystem label for the LUKS2 device"
msgstr "格式化一个 LUKS 设备"
-#: src/cryptsetup.c:3711
-msgid "Create or dump unbound (no assigned data segment) LUKS2 keyslot"
-msgstr ""
-
-#: src/cryptsetup.c:3712
-#, fuzzy
-msgid "Read or write the json from or to a file"
-msgstr "从文件读取密钥"
-
-#: src/cryptsetup.c:3713
-msgid "LUKS2 header metadata area size"
-msgstr ""
-
-#: src/cryptsetup.c:3714
-#, fuzzy
-msgid "LUKS2 header keyslots area size"
-msgstr "带有 LUKS 数据头和密钥槽备份的文件。"
-
-#: src/cryptsetup.c:3715
-msgid "Refresh (reactivate) device with new parameters"
-msgstr ""
-
-#: src/cryptsetup.c:3716
-#, fuzzy
-msgid "LUKS2 keyslot: The size of the encryption key"
-msgstr "加密密钥大小"
-
-#: src/cryptsetup.c:3717
-msgid "LUKS2 keyslot: The cipher used for keyslot encryption"
-msgstr ""
-
-#: src/cryptsetup.c:3718
-#, fuzzy
-msgid "Encrypt LUKS2 device (in-place encryption)."
-msgstr "永久解密设备(移除加密)"
-
-#: src/cryptsetup.c:3719
-#, fuzzy
-msgid "Decrypt LUKS2 device (remove encryption)."
-msgstr "永久解密设备(移除加密)"
-
-#: src/cryptsetup.c:3720
-msgid "Initialize LUKS2 reencryption in metadata only."
-msgstr ""
-
-#: src/cryptsetup.c:3721
-msgid "Resume initialized LUKS2 reencryption only."
-msgstr ""
-
-#: src/cryptsetup.c:3722 src/cryptsetup_reencrypt.c:1655
-msgid "Reduce data device size (move data offset). DANGEROUS!"
-msgstr "减少数据设备大小(移动数据偏移量)。危险!"
-
-#: src/cryptsetup.c:3723
-#, fuzzy
-msgid "Maximal reencryption hotzone size."
-msgstr "重加密块大小"
-
-#: src/cryptsetup.c:3724
-msgid "Reencryption hotzone resilience type (checksum,journal,none)"
-msgstr ""
-
-#: src/cryptsetup.c:3725
-#, fuzzy
-msgid "Reencryption hotzone checksums hash"
-msgstr "重加密块大小"
-
-#: src/cryptsetup.c:3726
-msgid "Override device autodetection of dm device to be reencrypted"
+#: src/cryptsetup.c:2204
+msgid "Create unbound (no assigned data segment) LUKS2 keyslot"
msgstr ""
-#: src/cryptsetup.c:3742 src/veritysetup.c:515 src/integritysetup.c:615
+#: src/cryptsetup.c:2220 src/veritysetup.c:464 src/integritysetup.c:528
msgid "[OPTION...] <action> <action-specific>"
msgstr "[选项…] <动作> <动作特定参数>"
-#: src/cryptsetup.c:3797 src/veritysetup.c:551 src/integritysetup.c:626
+#: src/cryptsetup.c:2277 src/veritysetup.c:504 src/integritysetup.c:545
msgid "Argument <action> missing."
msgstr "缺失参数 <动作>。"
-#: src/cryptsetup.c:3867 src/veritysetup.c:582 src/integritysetup.c:660
+#: src/cryptsetup.c:2333 src/veritysetup.c:535 src/integritysetup.c:576
msgid "Unknown action."
msgstr "未知动作。"
-#: src/cryptsetup.c:3877
-msgid "Options --refresh and --test-passphrase are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:3882
+#: src/cryptsetup.c:2343
#, fuzzy
-msgid "Option --deferred is allowed only for close command."
+#| msgid "Option --shared is allowed only for open of plain device.\n"
+msgid "Option --deferred is allowed only for close command.\n"
msgstr "选项 --shared 只适用于打开纯设备。\n"
-#: src/cryptsetup.c:3887
-#, fuzzy
-msgid "Option --shared is allowed only for open of plain device."
+#: src/cryptsetup.c:2348
+msgid "Option --shared is allowed only for open of plain device.\n"
msgstr "选项 --shared 只适用于打开纯设备。\n"
-#: src/cryptsetup.c:3892 src/integritysetup.c:677
-#, fuzzy
-msgid "Option --allow-discards is allowed only for open operation."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
-
-#: src/cryptsetup.c:3897
-#, fuzzy
-msgid "Option --persistent is allowed only for open operation."
+#: src/cryptsetup.c:2353
+msgid "Option --allow-discards is allowed only for open operation.\n"
msgstr "选项 --allow-discards 只适用于打开操作。\n"
-#: src/cryptsetup.c:3902
+#: src/cryptsetup.c:2358
#, fuzzy
-msgid "Option --serialize-memory-hard-pbkdf is allowed only for open operation."
+#| msgid "Option --allow-discards is allowed only for open operation.\n"
+msgid "Option --persistent is allowed only for open operation.\n"
msgstr "选项 --allow-discards 只适用于打开操作。\n"
-#: src/cryptsetup.c:3907
-#, fuzzy
-msgid "Option --persistent is not allowed with --test-passphrase."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
+#: src/cryptsetup.c:2363
+msgid "Option --persistent is not allowed with --test-passphrase.\n"
+msgstr ""
-#: src/cryptsetup.c:3917
+#: src/cryptsetup.c:2372
#, fuzzy
+#| msgid ""
+#| "Option --key-size is allowed only for luksFormat, open and benchmark.\n"
+#| "To limit read from keyfile use --keyfile-size=(bytes)."
msgid ""
-"Option --key-size is allowed only for luksFormat, luksAddKey,\n"
+"Option --key-size is allowed only for luksFormat, luksAddKey (with --unbound),\n"
"open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."
msgstr ""
"选项 --key-size 只能用于 luksFormat, 打开和性能测试。\n"
"要限制密钥文件读取请使用 --keyfile-size=(字节数)。"
-#: src/cryptsetup.c:3923
+#: src/cryptsetup.c:2378
#, fuzzy
-msgid "Option --integrity is allowed only for luksFormat (LUKS2)."
+#| msgid "Option --align-payload is allowed only for luksFormat."
+msgid "Option --integrity is allowed only for luksFormat (LUKS2).\n"
msgstr "选项 --align-payload 只允许用于 luksFormat。"
-#: src/cryptsetup.c:3928
-msgid "Option --integrity-no-wipe can be used only for format action with integrity extension."
+#: src/cryptsetup.c:2383
+msgid "Option --integrity-no-wipe can be used only for format action with integrity extension.\n"
msgstr ""
-#: src/cryptsetup.c:3934
+#: src/cryptsetup.c:2389
#, fuzzy
-msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."
+#| msgid "Option --uuid is allowed only for luksFormat and luksUUID."
+msgid "Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations.\n"
msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。"
-#: src/cryptsetup.c:3940
-#, fuzzy
-msgid "Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."
+#: src/cryptsetup.c:2395
+msgid "Option --test-passphrase is allowed only for open of LUKS and TCRYPT devices.\n"
msgstr "选项 --test-passphrase 只能用于打开 LUKS 和 TCRYPT 设备。\n"
-#: src/cryptsetup.c:3945 src/cryptsetup_reencrypt.c:1728
+#: src/cryptsetup.c:2400 src/cryptsetup_reencrypt.c:1717
msgid "Key size must be a multiple of 8 bits"
msgstr "密钥尺寸必须是 8 的倍数"
-#: src/cryptsetup.c:3951 src/cryptsetup_reencrypt.c:1412
-#: src/cryptsetup_reencrypt.c:1733
+#: src/cryptsetup.c:2406 src/cryptsetup_reencrypt.c:1402
+#: src/cryptsetup_reencrypt.c:1722
msgid "Key slot is invalid."
msgstr "密钥槽无效。"
-#: src/cryptsetup.c:3958
+#: src/cryptsetup.c:2413
#, fuzzy
+#| msgid "Option --key-file takes precedence over specified key file argument.\n"
msgid "Option --key-file takes precedence over specified key file argument."
msgstr "选项 --key-file 优先使用指定的密钥文件参数。\n"
-#: src/cryptsetup.c:3965 src/veritysetup.c:594 src/integritysetup.c:686
-#: src/cryptsetup_reencrypt.c:1707
+#: src/cryptsetup.c:2420 src/veritysetup.c:547 src/integritysetup.c:595
+#: src/cryptsetup_reencrypt.c:1696
msgid "Negative number for option not permitted."
msgstr "不允许在选项中填入负数。"
-#: src/cryptsetup.c:3969
+#: src/cryptsetup.c:2424
msgid "Only one --key-file argument is allowed."
msgstr "只允许存在一个 --key-file 选项。"
-#: src/cryptsetup.c:3973 src/cryptsetup_reencrypt.c:1699
-#: src/cryptsetup_reencrypt.c:1737
+#: src/cryptsetup.c:2428 src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1726
msgid "Only one of --use-[u]random options is allowed."
msgstr "--use-[u]random 选项只能用一处。"
-#: src/cryptsetup.c:3977
+#: src/cryptsetup.c:2432
msgid "Option --use-[u]random is allowed only for luksFormat."
msgstr "选项 --use-[u]random 只适用于 luksFormat。"
-#: src/cryptsetup.c:3981
+#: src/cryptsetup.c:2436
msgid "Option --uuid is allowed only for luksFormat and luksUUID."
msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。"
-#: src/cryptsetup.c:3985
+#: src/cryptsetup.c:2440
msgid "Option --align-payload is allowed only for luksFormat."
msgstr "选项 --align-payload 只允许用于 luksFormat。"
-#: src/cryptsetup.c:3989
-#, fuzzy
-msgid "Options --luks2-metadata-size and --opt-luks2-keyslots-size are allowed only for luksFormat with LUKS2."
-msgstr "选项 --uuid 只允许用于 luksFormat 和 luksUUID。"
-
-#: src/cryptsetup.c:3994
-#, fuzzy
-msgid "Invalid LUKS2 metadata size specification."
-msgstr "无效的设备大小指标。"
-
-#: src/cryptsetup.c:3998
-#, fuzzy
-msgid "Invalid LUKS2 keyslots size specification."
-msgstr "无效的设备大小指标。"
-
-#: src/cryptsetup.c:4002
-#, fuzzy
-msgid "Options --align-payload and --offset cannot be combined."
-msgstr "选项 --align-payload 只允许用于 luksFormat。"
-
-#: src/cryptsetup.c:4008
-#, fuzzy
-msgid "Option --skip is supported only for open of plain and loopaes devices."
+#: src/cryptsetup.c:2446
+msgid "Option --skip is supported only for open of plain and loopaes devices.\n"
msgstr "选项 --skip 只适用于打开纯设备和 loopaes 设备。\n"
-#: src/cryptsetup.c:4015
-#, fuzzy
-msgid "Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."
+#: src/cryptsetup.c:2452
+msgid "Option --offset is supported only for open of plain and loopaes devices.\n"
msgstr "选项 --offset 只适用于打开纯设备和 loopaes 设备。\n"
-#: src/cryptsetup.c:4021
-#, fuzzy
-msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."
+#: src/cryptsetup.c:2458
+msgid "Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.\n"
msgstr "选项 --tcrypt-hidden, --tcrypt-system 或 --tcrypt-backup 只支持 TCRYPT 设备。\n"
-#: src/cryptsetup.c:4026
-#, fuzzy
-msgid "Option --tcrypt-hidden cannot be combined with --allow-discards."
+#: src/cryptsetup.c:2463
+msgid "Option --tcrypt-hidden cannot be combined with --allow-discards.\n"
msgstr "选项 --tcrypt-hidden 不能与 --allow-discards 共用。\n"
-#: src/cryptsetup.c:4031
-#, fuzzy
-msgid "Option --veracrypt is supported only for TCRYPT device type."
-msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-
-#: src/cryptsetup.c:4037
-msgid "Invalid argument for parameter --veracrypt-pim supplied."
-msgstr ""
-
-#: src/cryptsetup.c:4041
-#, fuzzy
-msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices."
-msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-
-#: src/cryptsetup.c:4049
-#, fuzzy
-msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."
-msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-
-#: src/cryptsetup.c:4053
-msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."
-msgstr ""
-
-#: src/cryptsetup.c:4060
-msgid "Option --priority can be only ignore/normal/prefer."
-msgstr ""
-
-#: src/cryptsetup.c:4065 src/cryptsetup.c:4103
-msgid "Keyslot specification is required."
-msgstr ""
-
-#: src/cryptsetup.c:4070 src/cryptsetup_reencrypt.c:1713
-msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."
-msgstr ""
-
-#: src/cryptsetup.c:4075 src/cryptsetup_reencrypt.c:1718
-msgid "PBKDF forced iterations cannot be combined with iteration time option."
-msgstr ""
-
-#: src/cryptsetup.c:4081
-#, fuzzy
-msgid "Sector size option is not supported for this command."
-msgstr "不支持在这类设备上执行此操作。\n"
-
-#: src/cryptsetup.c:4093
-msgid "Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."
-msgstr ""
-
-#: src/cryptsetup.c:4098
-msgid "Key size is required with --unbound option."
-msgstr ""
-
-#: src/cryptsetup.c:4108
-#, fuzzy
-msgid "Option --unbound may be used only with luksAddKey and luksDump actions."
-msgstr "选项 --new 不可与 --decrypt 共用。"
-
-#: src/cryptsetup.c:4113
-#, fuzzy
-msgid "Option --refresh may be used only with open action."
-msgstr "选项 --new 不可与 --decrypt 共用。"
-
-#: src/cryptsetup.c:4124
-#, fuzzy
-msgid "Cannot disable metadata locking."
-msgstr "无法禁用元数据锁定。\n"
-
-#: src/cryptsetup.c:4135
-#, fuzzy
-msgid "Invalid max reencryption hotzone size specification."
-msgstr "无效的设备大小指标。"
-
-#: src/cryptsetup.c:4143 src/cryptsetup_reencrypt.c:1742
-#: src/cryptsetup_reencrypt.c:1747
-msgid "Invalid device size specification."
-msgstr "无效的设备大小指标。"
-
-#: src/cryptsetup.c:4146
-#, fuzzy
-msgid "Maximum device reduce size is 1 GiB."
-msgstr "最大设备缩减大小为 64 MiB。"
+#: src/cryptsetup.c:2468
+msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
+msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-#: src/cryptsetup.c:4149 src/cryptsetup_reencrypt.c:1753
-msgid "Reduce size must be multiple of 512 bytes sector."
-msgstr "缩减大小必须为 512 字节扇区的倍数。"
+#: src/cryptsetup.c:2474
+msgid "Invalid argument for parameter --veracrypt-pim supplied.\n"
+msgstr ""
-#: src/cryptsetup.c:4154
+#: src/cryptsetup.c:2478
#, fuzzy
-msgid "Invalid data size specification."
-msgstr "无效的设备大小指标。"
+#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
+msgid "Option --veracrypt-pim is supported only for VeraCrypt compatible devices.\n"
+msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-#: src/cryptsetup.c:4159
+#: src/cryptsetup.c:2486
#, fuzzy
-msgid "Reduce size overflow."
-msgstr "设备偏移量溢出。"
+#| msgid "Option --veracrypt is supported only for TCRYPT device type.\n"
+msgid "Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.\n"
+msgstr "选项 --veracrypt 只支持 TCRYPT 设备类型。\n"
-#: src/cryptsetup.c:4163
-msgid "LUKS2 decryption requires option --header."
+#: src/cryptsetup.c:2490
+msgid "The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.\n"
msgstr ""
-#: src/cryptsetup.c:4167
-#, fuzzy
-msgid "Device size must be multiple of 512 bytes sector."
-msgstr "缩减大小必须为 512 字节扇区的倍数。"
+#: src/cryptsetup.c:2497
+msgid "Option --priority can be only ignore/normal/prefer.\n"
+msgstr ""
+
+#: src/cryptsetup.c:2502
+msgid "Keyslot specification is required.\n"
+msgstr ""
-#: src/cryptsetup.c:4171
-msgid "Options --reduce-device-size and --data-size cannot be combined."
+#: src/cryptsetup.c:2507 src/cryptsetup_reencrypt.c:1702
+msgid "Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id.\n"
msgstr ""
-#: src/cryptsetup.c:4175
-msgid "Options --device-size and --size cannot be combined."
+#: src/cryptsetup.c:2512 src/cryptsetup_reencrypt.c:1707
+msgid "PBKDF forced iterations cannot be combined with iteration time option.\n"
msgstr ""
-#: src/cryptsetup.c:4179
-msgid "Options --keyslot-cipher and --keyslot-key-size must be used together."
+#: src/cryptsetup.c:2518
+#, fuzzy
+#| msgid "This operation is not supported for this device type.\n"
+msgid "Sector size option is not supported for this command.\n"
+msgstr "不支持在这类设备上执行此操作。\n"
+
+#: src/cryptsetup.c:2524
+msgid "Unsupported encryption sector size.\n"
+msgstr "不支持的加密扇区大小。\n"
+
+#: src/cryptsetup.c:2529
+msgid "Key size is required with --unbound option.\n"
msgstr ""
-#: src/veritysetup.c:76
+#: src/cryptsetup.c:2534
+#, fuzzy
+#| msgid "Option --new cannot be used together with --decrypt."
+msgid "Option --unbound may be used only with luksAddKey action.\n"
+msgstr "选项 --new 不可与 --decrypt 共用。"
+
+#: src/cryptsetup.c:2544
+msgid "Cannot disable metadata locking.\n"
+msgstr "无法禁用元数据锁定。\n"
+
+#: src/veritysetup.c:67
msgid "Invalid salt string specified."
msgstr "指定了无效的盐字串。"
-#: src/veritysetup.c:107
+#: src/veritysetup.c:98
#, fuzzy, c-format
+#| msgid "Cannot create hash image %s for writing.\n"
msgid "Cannot create hash image %s for writing."
msgstr "无法为创建哈希映像 %s 以供写入。\n"
-#: src/veritysetup.c:117
+#: src/veritysetup.c:108
#, fuzzy, c-format
+#| msgid "Cannot create hash image %s for writing.\n"
msgid "Cannot create FEC image %s for writing."
msgstr "无法为创建哈希映像 %s 以供写入。\n"
-#: src/veritysetup.c:191
+#: src/veritysetup.c:181
#, fuzzy
+#| msgid "Invalid root hash string specified.\n"
msgid "Invalid root hash string specified."
msgstr "指定了无效的根哈希值字串。\n"
-#: src/veritysetup.c:199
-#, fuzzy, c-format
-msgid "Invalid signature file %s."
-msgstr "设备 %s 无效。"
-
-#: src/veritysetup.c:206
-#, fuzzy, c-format
-msgid "Cannot read signature file %s."
-msgstr ""
-"无法读取密钥文件 %s。\n"
-"\n"
-
-#: src/veritysetup.c:406
+#: src/veritysetup.c:363
msgid "<data_device> <hash_device>"
msgstr "<数据设备> <哈希设备>"
-#: src/veritysetup.c:406 src/integritysetup.c:492
+#: src/veritysetup.c:363 src/integritysetup.c:425
msgid "format device"
msgstr "格式化设备"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:364
msgid "<data_device> <hash_device> <root_hash>"
msgstr "<数据设备> <哈希设备> <根哈希值>"
-#: src/veritysetup.c:407
+#: src/veritysetup.c:364
msgid "verify device"
msgstr "验证设备"
-#: src/veritysetup.c:408
+#: src/veritysetup.c:365
#, fuzzy
+#| msgid "<data_device> <hash_device> <root_hash>"
msgid "<data_device> <name> <hash_device> <root_hash>"
msgstr "<数据设备> <哈希设备> <根哈希值>"
-#: src/veritysetup.c:410 src/integritysetup.c:495
+#: src/veritysetup.c:365 src/integritysetup.c:426
+msgid "open device as <name>"
+msgstr "以 <名称> 打开设备"
+
+#: src/veritysetup.c:366 src/integritysetup.c:427
+#, fuzzy
+#| msgid "close device (remove mapping)"
+msgid "close device (deactivate and remove mapping)"
+msgstr "关闭设备(移除映射)"
+
+#: src/veritysetup.c:367 src/integritysetup.c:428
msgid "show active device status"
msgstr "显示已激活的设备信息"
-#: src/veritysetup.c:411
+#: src/veritysetup.c:368
msgid "<hash_device>"
msgstr "<哈希设备>"
-#: src/veritysetup.c:411 src/integritysetup.c:496
+#: src/veritysetup.c:368 src/integritysetup.c:429
msgid "show on-disk information"
msgstr "显示磁盘上的信息"
-#: src/veritysetup.c:430
+#: src/veritysetup.c:387
#, c-format
msgid ""
"\n"
"<哈希设备> 是含有验证信息的设备\n"
"<根哈希值> 是 <哈希设备> 根节点的哈希值\n"
-#: src/veritysetup.c:437
+#: src/veritysetup.c:394
#, c-format
msgid ""
"\n"
"编译时决定的默认 dm-verify 参数:\n"
"\t哈希: %s, 数据块 (字节): %u, 哈希块 (字节): %u, 盐大小: %u, 哈希格式: %u\n"
-#: src/veritysetup.c:481
+#: src/veritysetup.c:432
msgid "Do not use verity superblock"
msgstr "不使用真理超级块"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:433
msgid "Format type (1 - normal, 0 - original Chrome OS)"
msgstr "格式类型 (1 - 正常, 0 - 原版 Chrome OS)"
-#: src/veritysetup.c:482
+#: src/veritysetup.c:433
msgid "number"
msgstr "数字"
-#: src/veritysetup.c:483
+#: src/veritysetup.c:434
msgid "Block size on the data device"
msgstr "数据设备的块大小"
-#: src/veritysetup.c:484
+#: src/veritysetup.c:435
msgid "Block size on the hash device"
msgstr "哈希设备的块大小"
-#: src/veritysetup.c:485
+#: src/veritysetup.c:436
msgid "FEC parity bytes"
msgstr "FEC 校验字节"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:437
msgid "The number of blocks in the data file"
msgstr "数据文件的块数量"
-#: src/veritysetup.c:486
+#: src/veritysetup.c:437
msgid "blocks"
msgstr "块"
-#: src/veritysetup.c:487
+#: src/veritysetup.c:438
msgid "Path to device with error correction data"
msgstr ""
-#: src/veritysetup.c:487 src/integritysetup.c:566
+#: src/veritysetup.c:438
msgid "path"
msgstr ""
-#: src/veritysetup.c:488
+#: src/veritysetup.c:439
msgid "Starting offset on the hash device"
msgstr "哈希设备开始位置偏移量"
-#: src/veritysetup.c:489
+#: src/veritysetup.c:440
#, fuzzy
+#| msgid "Starting offset on the hash device"
msgid "Starting offset on the FEC device"
msgstr "哈希设备开始位置偏移量"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:441
msgid "Hash algorithm"
msgstr "哈希算法"
-#: src/veritysetup.c:490
+#: src/veritysetup.c:441
msgid "string"
msgstr "字符串"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:442
msgid "Salt"
msgstr "盐"
-#: src/veritysetup.c:491
+#: src/veritysetup.c:442
msgid "hex string"
msgstr "十六进制字符串"
-#: src/veritysetup.c:493
-#, fuzzy
-msgid "Path to root hash signature file"
-msgstr "创建哈希区失败。"
-
-#: src/veritysetup.c:494
+#: src/veritysetup.c:444
msgid "Restart kernel if corruption is detected"
msgstr ""
-#: src/veritysetup.c:495
-msgid "Panic kernel if corruption is detected"
-msgstr ""
-
-#: src/veritysetup.c:496
+#: src/veritysetup.c:445
msgid "Ignore corruption, log it only"
msgstr "忽略数据损坏,仅对其进行日志记录"
-#: src/veritysetup.c:497
+#: src/veritysetup.c:446
#, fuzzy
+#| msgid "Do not use verity superblock"
msgid "Do not verify zeroed blocks"
msgstr "不使用真理超级块"
-#: src/veritysetup.c:498
+#: src/veritysetup.c:447
msgid "Verify data block only the first time it is read"
msgstr ""
-#: src/veritysetup.c:600
-#, fuzzy
-msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
-
-#: src/veritysetup.c:605
-#, fuzzy
-msgid "Option --root-hash-signature can be used only for open operation."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
-
-#: src/veritysetup.c:610
+#: src/veritysetup.c:553
#, fuzzy
-msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together."
+#| msgid "Option --allow-discards is allowed only for open operation.\n"
+msgid "Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation.\n"
msgstr "选项 --allow-discards 只适用于打开操作。\n"
-#: src/veritysetup.c:615
-#, fuzzy
-msgid "Option --panic-on-corruption and --restart-on-corruption cannot be used together."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
-
-#: src/integritysetup.c:85
-#, fuzzy, c-format
-msgid "Invalid key size. Maximum is %u bytes."
-msgstr "无效的密钥大小。"
+#: src/veritysetup.c:558
+msgid "Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"
+msgstr ""
-#: src/integritysetup.c:95 src/utils_password.c:339
+#: src/integritysetup.c:78 src/utils_password.c:317
#, fuzzy, c-format
+#| msgid "Cannot read keyfile %s.\n"
msgid "Cannot read keyfile %s."
msgstr ""
"无法读取密钥文件 %s。\n"
"\n"
-#: src/integritysetup.c:99 src/utils_password.c:344
+#: src/integritysetup.c:82 src/utils_password.c:321
#, fuzzy, c-format
+#| msgid "Cannot read %d bytes from keyfile %s.\n"
msgid "Cannot read %d bytes from keyfile %s."
msgstr "无法从密钥文件 %2$s 读取 %1$d 字节。\n"
-#: src/integritysetup.c:266
+#: src/integritysetup.c:224
#, c-format
msgid "Formatted with tag size %u, internal integrity %s.\n"
msgstr ""
-#: src/integritysetup.c:492 src/integritysetup.c:496
+#: src/integritysetup.c:425 src/integritysetup.c:429
#, fuzzy
+#| msgid "verify device"
msgid "<integrity_device>"
msgstr "验证设备"
-#: src/integritysetup.c:493
+#: src/integritysetup.c:426
msgid "<integrity_device> <name>"
msgstr ""
-#: src/integritysetup.c:515
+#: src/integritysetup.c:448
#, fuzzy, c-format
+#| msgid ""
+#| "\n"
+#| "<name> is the device to create under %s\n"
+#| "<data_device> is the data device\n"
+#| "<hash_device> is the device containing verification data\n"
+#| "<root_hash> hash of the root node on <hash_device>\n"
msgid ""
"\n"
"<name> is the device to create under %s\n"
"<哈希设备> 是含有验证信息的设备\n"
"<根哈希值> 是 <哈希设备> 根节点的哈希值\n"
-#: src/integritysetup.c:520
+#: src/integritysetup.c:453
#, fuzzy, c-format
+#| msgid ""
+#| "\n"
+#| "Default compiled-in dm-verity parameters:\n"
+#| "\tHash: %s, Data block (bytes): %u, Hash block (bytes): %u, Salt size: %u, Hash format: %u\n"
msgid ""
"\n"
"Default compiled-in dm-integrity parameters:\n"
-"\tChecksum algorithm: %s\n"
-"\tMaximum keyfile size: %dkB\n"
+"\tTag size: %u bytes, Checksum algorithm: %s\n"
msgstr ""
"\n"
"编译时决定的默认 dm-verify 参数:\n"
"\t哈希: %s, 数据块 (字节): %u, 哈希块 (字节): %u, 盐大小: %u, 哈希格式: %u\n"
-#: src/integritysetup.c:566
-msgid "Path to data device (if separated)"
-msgstr ""
-
-#: src/integritysetup.c:568
+#: src/integritysetup.c:491
msgid "Journal size"
msgstr "日志大小"
-#: src/integritysetup.c:569
+#: src/integritysetup.c:492
msgid "Interleave sectors"
msgstr ""
-#: src/integritysetup.c:570
+#: src/integritysetup.c:493
msgid "Journal watermark"
msgstr ""
-#: src/integritysetup.c:570
+#: src/integritysetup.c:493
msgid "percent"
msgstr ""
-#: src/integritysetup.c:571
+#: src/integritysetup.c:494
msgid "Journal commit time"
msgstr "日志提交时间"
-#: src/integritysetup.c:571 src/integritysetup.c:573
+#: src/integritysetup.c:494
msgid "ms"
msgstr ""
-#: src/integritysetup.c:572
-msgid "Number of 512-byte sectors per bit (bitmap mode)."
-msgstr ""
-
-#: src/integritysetup.c:573
-msgid "Bitmap mode flush time"
-msgstr ""
-
-#: src/integritysetup.c:574
+#: src/integritysetup.c:495
msgid "Tag size (per-sector)"
msgstr ""
-#: src/integritysetup.c:575
+#: src/integritysetup.c:496
msgid "Sector size"
msgstr "扇区大小"
-#: src/integritysetup.c:576
+#: src/integritysetup.c:497
msgid "Buffers size"
msgstr "缓冲大小"
-#: src/integritysetup.c:578
+#: src/integritysetup.c:499
msgid "Data integrity algorithm"
msgstr "数据完整性校验算法"
-#: src/integritysetup.c:579
+#: src/integritysetup.c:500
#, fuzzy
+#| msgid "The size of the encryption key"
msgid "The size of the data integrity key"
msgstr "加密密钥大小"
-#: src/integritysetup.c:580
+#: src/integritysetup.c:501
#, fuzzy
+#| msgid "Read the key from a file."
msgid "Read the integrity key from a file"
msgstr "从文件读取密钥。"
-#: src/integritysetup.c:582
+#: src/integritysetup.c:503
msgid "Journal integrity algorithm"
msgstr ""
-#: src/integritysetup.c:583
+#: src/integritysetup.c:504
#, fuzzy
+#| msgid "The size of the encryption key"
msgid "The size of the journal integrity key"
msgstr "加密密钥大小"
-#: src/integritysetup.c:584
+#: src/integritysetup.c:505
#, fuzzy
+#| msgid "Read the key from a file."
msgid "Read the journal integrity key from a file"
msgstr "从文件读取密钥。"
-#: src/integritysetup.c:586
+#: src/integritysetup.c:507
msgid "Journal encryption algorithm"
msgstr "日志加密算法"
-#: src/integritysetup.c:587
+#: src/integritysetup.c:508
#, fuzzy
+#| msgid "The size of the encryption key"
msgid "The size of the journal encryption key"
msgstr "加密密钥大小"
-#: src/integritysetup.c:588
+#: src/integritysetup.c:509
#, fuzzy
+#| msgid "Read the key from a file."
msgid "Read the journal encryption key from a file"
msgstr "从文件读取密钥。"
-#: src/integritysetup.c:591
+#: src/integritysetup.c:512
msgid "Recovery mode (no journal, no tag checking)"
msgstr ""
-#: src/integritysetup.c:592
-#, fuzzy
-msgid "Use bitmap to track changes and disable journal for integrity device"
-msgstr "为 VERITY 设备提供的大小指标无效。\n"
-
-#: src/integritysetup.c:593
-msgid "Recalculate initial tags automatically."
-msgstr ""
-
-#: src/integritysetup.c:596
-msgid "Do not protect superblock with HMAC (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:597
-msgid "Allow recalculating of volumes with HMAC keys (old kernels)"
-msgstr ""
-
-#: src/integritysetup.c:672
-#, fuzzy
-msgid "Option --integrity-recalculate can be used only for open action."
-msgstr "选项 --allow-discards 只适用于打开操作。\n"
-
-#: src/integritysetup.c:692
-msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action."
+#: src/integritysetup.c:601
+msgid "Options --journal-size, --interleave-sectors, --sector-size, --tag-size and --no-wipe can be used only for format action.\n"
msgstr ""
-#: src/integritysetup.c:698
+#: src/integritysetup.c:607
msgid "Invalid journal size specification."
msgstr "无效的日志大小指标。"
-#: src/integritysetup.c:703
+#: src/integritysetup.c:612
msgid "Both key file and key size options must be specified."
msgstr "密钥文件和密钥大小选项均必须指定。"
-#: src/integritysetup.c:708
+#: src/integritysetup.c:615
+msgid "Integrity algorithm must be specified if integrity key is used."
+msgstr ""
+
+#: src/integritysetup.c:620
msgid "Both journal integrity key file and key size options must be specified."
msgstr ""
-#: src/integritysetup.c:711
+#: src/integritysetup.c:623
msgid "Journal integrity algorithm must be specified if journal integrity key is used."
msgstr "如果使用了日志加密密钥,则必须指定日志完整性校验算法。"
-#: src/integritysetup.c:716
+#: src/integritysetup.c:628
msgid "Both journal encryption key file and key size options must be specified."
msgstr "日志加密密钥文件和密钥大小选项均必须指定。"
-#: src/integritysetup.c:719
+#: src/integritysetup.c:631
msgid "Journal encryption algorithm must be specified if journal encryption key is used."
msgstr "如果使用了日志加密密钥,则必须指定日志加密算法。"
-#: src/integritysetup.c:723
-msgid "Recovery and bitmap mode options are mutually exclusive."
-msgstr ""
-
-#: src/integritysetup.c:727
-msgid "Journal options cannot be used in bitmap mode."
-msgstr ""
-
-#: src/integritysetup.c:731
-msgid "Bitmap options can be used only in bitmap mode."
-msgstr ""
-
-#: src/cryptsetup_reencrypt.c:190
+#: src/cryptsetup_reencrypt.c:174
msgid "Reencryption already in-progress."
msgstr "重加密已在进行中。"
-#: src/cryptsetup_reencrypt.c:226
+#: src/cryptsetup_reencrypt.c:180
+msgid "Reencryption of device with integrity profile is not supported."
+msgstr "不支持带有完整性 profile 信息的设备的重加密。"
+
+#: src/cryptsetup_reencrypt.c:203
#, c-format
msgid "Cannot exclusively open %s, device in use."
msgstr "无法独占打开 %s,设备正在使用中。"
-#: src/cryptsetup_reencrypt.c:240 src/cryptsetup_reencrypt.c:1153
+#: src/cryptsetup_reencrypt.c:217 src/cryptsetup_reencrypt.c:1147
msgid "Allocation of aligned memory failed."
msgstr "分配对齐内存失败。"
-#: src/cryptsetup_reencrypt.c:247
+#: src/cryptsetup_reencrypt.c:224
#, c-format
msgid "Cannot read device %s."
msgstr "无法读取设备 %s。"
-#: src/cryptsetup_reencrypt.c:258
+#: src/cryptsetup_reencrypt.c:235
#, c-format
msgid "Marking LUKS1 device %s unusable."
msgstr "正在标记 LUKS1 设备 %s 为不可用状态。"
-#: src/cryptsetup_reencrypt.c:262
+#: src/cryptsetup_reencrypt.c:239
#, c-format
msgid "Setting LUKS2 offline reencrypt flag on device %s."
msgstr "正在设备 %s 上设定 LUKS2 离线重加密旗标。"
-#: src/cryptsetup_reencrypt.c:279
+#: src/cryptsetup_reencrypt.c:256
#, c-format
msgid "Cannot write device %s."
msgstr "无法写入设备 %s。"
-#: src/cryptsetup_reencrypt.c:327
+#: src/cryptsetup_reencrypt.c:340
msgid "Cannot write reencryption log file."
msgstr "无法写入重加密日志文件。"
-#: src/cryptsetup_reencrypt.c:383
+#: src/cryptsetup_reencrypt.c:396
msgid "Cannot read reencryption log file."
msgstr "无法读取重加密日志文件。"
-#: src/cryptsetup_reencrypt.c:421
+#: src/cryptsetup_reencrypt.c:434
#, c-format
msgid "Log file %s exists, resuming reencryption.\n"
msgstr "日志文件 %s 存在,继续重加密。\n"
-#: src/cryptsetup_reencrypt.c:470
+#: src/cryptsetup_reencrypt.c:484
msgid "Activating temporary device using old LUKS header."
msgstr "正使用旧 LUKS 标头激活临时设备。"
-#: src/cryptsetup_reencrypt.c:480
+#: src/cryptsetup_reencrypt.c:495
msgid "Activating temporary device using new LUKS header."
msgstr "正使用新 LUKS 标头激活临时设备。"
-#: src/cryptsetup_reencrypt.c:490
+#: src/cryptsetup_reencrypt.c:505
msgid "Activation of temporary devices failed."
msgstr "激活临时设备失败。"
# stat() 主要就是出来一个各种文件信息……
-#: src/cryptsetup_reencrypt.c:577
-#, fuzzy
-msgid "Failed to set data offset."
-msgstr "获取 (stat) 密钥文件信息失败。"
-
-# stat() 主要就是出来一个各种文件信息……
-#: src/cryptsetup_reencrypt.c:583
-#, fuzzy
-msgid "Failed to set metadata size."
-msgstr "获取 (stat) 密钥文件信息失败。"
+#: src/cryptsetup_reencrypt.c:587
+msgid "Failed to set PBKDF parameters."
+msgstr "设置 pbkdf 参数失败。"
-#: src/cryptsetup_reencrypt.c:591
+#: src/cryptsetup_reencrypt.c:594
#, c-format
msgid "New LUKS header for device %s created."
msgstr "已创建设备 %s 的新 LUKS 标头。"
-#: src/cryptsetup_reencrypt.c:651
+#: src/cryptsetup_reencrypt.c:603
+#, c-format
+msgid "Activated keyslot %i."
+msgstr "已激活密钥槽 %i。"
+
+#: src/cryptsetup_reencrypt.c:653
#, c-format
msgid "This version of cryptsetup-reencrypt can't handle new internal token type %s."
msgstr "该版本的 cryptsetup-reencrypt 无法处理新的内部 token 类型 %s。"
-#: src/cryptsetup_reencrypt.c:673
+#: src/cryptsetup_reencrypt.c:675
msgid "Failed to read activation flags from backup header."
msgstr "从备份标头读取活动旗标失败。"
-#: src/cryptsetup_reencrypt.c:677
+#: src/cryptsetup_reencrypt.c:679
msgid "Failed to write activation flags to new header."
msgstr "向新表头写入活动旗标失败。"
-#: src/cryptsetup_reencrypt.c:681 src/cryptsetup_reencrypt.c:685
+#: src/cryptsetup_reencrypt.c:683 src/cryptsetup_reencrypt.c:687
msgid "Failed to read requirements from backup header."
msgstr "从备份标头读取需求失败。"
msgid "%s header backup of device %s created."
msgstr "已创建 %s 标头备份(对应设备 %s)。"
-#: src/cryptsetup_reencrypt.c:786
+#: src/cryptsetup_reencrypt.c:783
msgid "Creation of LUKS backup headers failed."
msgstr "LUKS 备份标头创建失败。"
-#: src/cryptsetup_reencrypt.c:919
+#: src/cryptsetup_reencrypt.c:917
#, c-format
msgid "Cannot restore %s header on device %s."
msgstr "无法恢复 %s 标头(在设备 %s 上)。"
-#: src/cryptsetup_reencrypt.c:921
+#: src/cryptsetup_reencrypt.c:919
#, c-format
msgid "%s header on device %s restored."
msgstr "已恢复 %s 标头(在设备 %s 上)。"
-#: src/cryptsetup_reencrypt.c:1125 src/cryptsetup_reencrypt.c:1131
+#: src/cryptsetup_reencrypt.c:957 src/cryptsetup_reencrypt.c:1037
+msgid "Cannot seek to device offset."
+msgstr "无法寻找到设备偏移位置。"
+
+#: src/cryptsetup_reencrypt.c:1080
+msgid "Cannot seek to device offset.\n"
+msgstr "无法寻找到设备偏移位置。\n"
+
+#: src/cryptsetup_reencrypt.c:1119 src/cryptsetup_reencrypt.c:1125
msgid "Cannot open temporary LUKS device."
msgstr "无法打开临时 LUKS 设备。"
-#: src/cryptsetup_reencrypt.c:1136 src/cryptsetup_reencrypt.c:1141
+#: src/cryptsetup_reencrypt.c:1130 src/cryptsetup_reencrypt.c:1135
msgid "Cannot get device size."
msgstr "无法获取设备大小。"
-#: src/cryptsetup_reencrypt.c:1176
+#: src/cryptsetup_reencrypt.c:1172
+msgid "Interrupted by a signal."
+msgstr "被信号中断。"
+
+#: src/cryptsetup_reencrypt.c:1174
msgid "IO error during reencryption."
msgstr "重加密时发生 IO 错误。"
-#: src/cryptsetup_reencrypt.c:1207
+#: src/cryptsetup_reencrypt.c:1205
msgid "Provided UUID is invalid."
msgstr "提供的 UUID 无效。"
-#: src/cryptsetup_reencrypt.c:1441
+#: src/cryptsetup_reencrypt.c:1307
+msgid "Key file can be used only with --key-slot or with exactly one key slot active."
+msgstr "密钥文件只能在指定 --key-slot 时或有且只有一个槽启用时使用。"
+
+#: src/cryptsetup_reencrypt.c:1349 src/cryptsetup_reencrypt.c:1360
+#, c-format
+msgid "Enter passphrase for key slot %u: "
+msgstr "输入密钥槽 %u 的口令: "
+
+#: src/cryptsetup_reencrypt.c:1431
msgid "Cannot open reencryption log file."
msgstr "无法打开重加密日志文件。"
-#: src/cryptsetup_reencrypt.c:1447
+#: src/cryptsetup_reencrypt.c:1437
msgid "No decryption in progress, provided UUID can be used only to resume suspended decryption process."
msgstr "没有正在进行中的解密操作,提供的 UUID 仅能用于继续已挂起的解密操作。"
-#: src/cryptsetup_reencrypt.c:1522
+#: src/cryptsetup_reencrypt.c:1512
#, c-format
msgid "Changed pbkdf parameters in keyslot %i."
msgstr "已在密钥槽 %i 更改 pbkdf 参数。"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1617
msgid "Reencryption block size"
msgstr "重加密块大小"
-#: src/cryptsetup_reencrypt.c:1636
+#: src/cryptsetup_reencrypt.c:1617
msgid "MiB"
msgstr "MiB"
-#: src/cryptsetup_reencrypt.c:1640
+#: src/cryptsetup_reencrypt.c:1621
msgid "Do not change key, no data area reencryption"
msgstr "不要更改密钥,无数据区重加密"
-#: src/cryptsetup_reencrypt.c:1642
+#: src/cryptsetup_reencrypt.c:1623
msgid "Read new volume (master) key from file"
msgstr "从文件读取卷(主)密钥"
-#: src/cryptsetup_reencrypt.c:1643
+#: src/cryptsetup_reencrypt.c:1624
msgid "PBKDF2 iteration time for LUKS (in ms)"
msgstr "LUKS 默认 PBKDF2 迭代时间(毫秒)"
-#: src/cryptsetup_reencrypt.c:1649
+#: src/cryptsetup_reencrypt.c:1630
msgid "Use direct-io when accessing devices"
msgstr "在访问设备时使用 direct-io"
-#: src/cryptsetup_reencrypt.c:1650
+#: src/cryptsetup_reencrypt.c:1631
msgid "Use fsync after each block"
msgstr "在每个数据块后使用 fsync"
-#: src/cryptsetup_reencrypt.c:1651
+#: src/cryptsetup_reencrypt.c:1632
msgid "Update log file after every block"
msgstr "在每个数据块后更新日志文件"
-#: src/cryptsetup_reencrypt.c:1652
+#: src/cryptsetup_reencrypt.c:1633
msgid "Use only this slot (others will be disabled)"
msgstr "仅使用这个密钥槽(其他的密钥槽将被禁用)"
-#: src/cryptsetup_reencrypt.c:1657
+#: src/cryptsetup_reencrypt.c:1636
+msgid "Reduce data device size (move data offset). DANGEROUS!"
+msgstr "减少数据设备大小(移动数据偏移量)。危险!"
+
+#: src/cryptsetup_reencrypt.c:1637
+msgid "Use only specified device size (ignore rest of device). DANGEROUS!"
+msgstr "只使用指定的设备大小(忽略设备其余部分)。危险!"
+
+#: src/cryptsetup_reencrypt.c:1638
msgid "Create new header on not encrypted device"
msgstr "在未加密的设备上创建新的标头"
-#: src/cryptsetup_reencrypt.c:1658
+#: src/cryptsetup_reencrypt.c:1639
msgid "Permanently decrypt device (remove encryption)"
msgstr "永久解密设备(移除加密)"
-#: src/cryptsetup_reencrypt.c:1659
+#: src/cryptsetup_reencrypt.c:1640
msgid "The UUID used to resume decryption"
msgstr "用于继续解密的 UUID"
-#: src/cryptsetup_reencrypt.c:1660
+#: src/cryptsetup_reencrypt.c:1641
msgid "Type of LUKS metadata: luks1, luks2"
msgstr "LUKS 元数据类型:luks1、luks2"
-#: src/cryptsetup_reencrypt.c:1679
+#: src/cryptsetup_reencrypt.c:1662
msgid "[OPTION...] <device>"
msgstr "[选项...] <设备>"
-#: src/cryptsetup_reencrypt.c:1687
+#: src/cryptsetup_reencrypt.c:1676
#, c-format
msgid "Reencryption will change: %s%s%s%s%s%s."
msgstr "重加密会改变:%s%s%s%s%s%s。"
-#: src/cryptsetup_reencrypt.c:1688
+#: src/cryptsetup_reencrypt.c:1677
msgid "volume key"
msgstr "卷密钥"
-#: src/cryptsetup_reencrypt.c:1690
+#: src/cryptsetup_reencrypt.c:1679
msgid "set hash to "
msgstr "设置哈希值为 "
-#: src/cryptsetup_reencrypt.c:1691
+#: src/cryptsetup_reencrypt.c:1680
msgid ", set cipher to "
msgstr ",设定密文为 "
-#: src/cryptsetup_reencrypt.c:1695
+#: src/cryptsetup_reencrypt.c:1684
msgid "Argument required."
msgstr "需要参数。"
-#: src/cryptsetup_reencrypt.c:1723
+#: src/cryptsetup_reencrypt.c:1712
msgid "Only values between 1 MiB and 64 MiB allowed for reencryption block size."
msgstr "重加密块大小只能是 1 MiB 到 64 MiB 之间的值。"
-#: src/cryptsetup_reencrypt.c:1750
+#: src/cryptsetup_reencrypt.c:1731 src/cryptsetup_reencrypt.c:1736
+msgid "Invalid device size specification."
+msgstr "无效的设备大小指标。"
+
+#: src/cryptsetup_reencrypt.c:1739
msgid "Maximum device reduce size is 64 MiB."
msgstr "最大设备缩减大小为 64 MiB。"
-#: src/cryptsetup_reencrypt.c:1757
+#: src/cryptsetup_reencrypt.c:1742
+msgid "Reduce size must be multiple of 512 bytes sector."
+msgstr "缩减大小必须为 512 字节扇区的倍数。"
+
+#: src/cryptsetup_reencrypt.c:1746
msgid "Option --new must be used together with --reduce-device-size or --header."
msgstr "选项 --new 必须与 --reduce-device-size 或 --header 共用。"
-#: src/cryptsetup_reencrypt.c:1761
+#: src/cryptsetup_reencrypt.c:1750
msgid "Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."
msgstr "选项 --keep-key 只能与 --hash、--iter-time 或 --pbkdf-force-iterations 共用。"
-#: src/cryptsetup_reencrypt.c:1765
+#: src/cryptsetup_reencrypt.c:1754
msgid "Option --new cannot be used together with --decrypt."
msgstr "选项 --new 不可与 --decrypt 共用。"
-#: src/cryptsetup_reencrypt.c:1769
+#: src/cryptsetup_reencrypt.c:1758
msgid "Option --decrypt is incompatible with specified parameters."
msgstr "选项 --decrypt 与选定参数不兼容。"
-#: src/cryptsetup_reencrypt.c:1773
+#: src/cryptsetup_reencrypt.c:1762
msgid "Option --uuid is allowed only together with --decrypt."
msgstr "选项 --uuid 不可与 --decrypt 共用。"
-#: src/cryptsetup_reencrypt.c:1777
+#: src/cryptsetup_reencrypt.c:1766
msgid "Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."
msgstr "无效的 luks 类型。请使用下列选项之一:'luks'、'luks1' 或 'luks2'。"
-#: src/utils_tools.c:151
+#: src/utils_tools.c:159
msgid "Error reading response from terminal."
msgstr "从终端读取响应时失败。"
-#: src/utils_tools.c:186
+#: src/utils_tools.c:184
msgid "Command successful.\n"
msgstr "命令成功。\n"
-#: src/utils_tools.c:194
+#: src/utils_tools.c:192
msgid "wrong or missing parameters"
msgstr "错误或缺失的参数"
-#: src/utils_tools.c:196
+#: src/utils_tools.c:194
msgid "no permission or bad passphrase"
msgstr "无权限或口令错误"
-#: src/utils_tools.c:198
+#: src/utils_tools.c:196
msgid "out of memory"
msgstr "内存耗尽"
-#: src/utils_tools.c:200
+#: src/utils_tools.c:198
msgid "wrong device or file specified"
msgstr "指定了错误的设备或文件"
-#: src/utils_tools.c:202
+#: src/utils_tools.c:200
msgid "device already exists or device is busy"
msgstr "设备已存在或设备正忙"
-#: src/utils_tools.c:204
+#: src/utils_tools.c:202
msgid "unknown error"
msgstr "未知错误"
-#: src/utils_tools.c:206
+#: src/utils_tools.c:204
#, c-format
msgid "Command failed with code %i (%s).\n"
msgstr "命令失败,代码 %i(%s)。\n"
-#: src/utils_tools.c:284
-#, fuzzy, c-format
-msgid "Key slot %i created."
-msgstr "密钥槽 %d 已改变。"
-
-#: src/utils_tools.c:286
-#, fuzzy, c-format
-msgid "Key slot %i unlocked."
-msgstr "密钥槽 %d 已解锁。"
-
-#: src/utils_tools.c:288
-#, fuzzy, c-format
-msgid "Key slot %i removed."
-msgstr "密钥槽 %d 已解锁。"
-
-#: src/utils_tools.c:297
-#, fuzzy, c-format
-msgid "Token %i created."
-msgstr "密钥槽 %d 未使用。\n"
-
-#: src/utils_tools.c:299
-#, fuzzy, c-format
-msgid "Token %i removed."
-msgstr "密钥槽 %d 未使用。\n"
-
-#: src/utils_tools.c:465
-#, fuzzy
-msgid ""
-"\n"
-"Wipe interrupted."
-msgstr "测试密文"
-
-#: src/utils_tools.c:476
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' partition signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:484
-#, c-format
-msgid "WARNING: Device %s already contains a '%s' superblock signature.\n"
-msgstr ""
-
-#: src/utils_tools.c:505 src/utils_tools.c:569
-#, fuzzy
-msgid "Failed to initialize device signature probes."
-msgstr "初始化默认 LUKS2 密钥槽参数失败。"
-
-# stat() 主要就是出来一个各种文件信息……
-#: src/utils_tools.c:549
-#, fuzzy, c-format
-msgid "Failed to stat device %s."
-msgstr "获取 (stat) 密钥文件信息失败。"
-
-#: src/utils_tools.c:562
-#, c-format
-msgid "Device %s is in use. Can not proceed with format operation."
-msgstr ""
-
-#: src/utils_tools.c:564
-#, fuzzy, c-format
-msgid "Failed to open file %s in read/write mode."
-msgstr "无法打开密钥文件 %s 以供写入。"
-
-#: src/utils_tools.c:578
-#, c-format
-msgid "Existing '%s' partition signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:581
-#, c-format
-msgid "Existing '%s' superblock signature (offset: %<PRIi64> bytes) on device %s will be wiped."
-msgstr ""
-
-#: src/utils_tools.c:584
-#, fuzzy
-msgid "Failed to wipe device signature."
-msgstr "无法获取写入设备锁。"
-
-#: src/utils_tools.c:591
-#, c-format
-msgid "Failed to probe device %s for a signature."
-msgstr ""
-
-#: src/utils_tools.c:622
-#, fuzzy
-msgid ""
-"\n"
-"Reencryption interrupted."
-msgstr "测试密文"
-
-#: src/utils_password.c:43 src/utils_password.c:76
+#: src/utils_password.c:43 src/utils_password.c:75
#, c-format
msgid "Cannot check password quality: %s"
msgstr "无法检查密码质量:%s"
msgid "Password quality check failed: Bad passphrase (%s)"
msgstr "密码质量检查失败:无效密码 (%s)"
-#: src/utils_password.c:228 src/utils_password.c:242
+#: src/utils_password.c:212 src/utils_password.c:227
msgid "Error reading passphrase from terminal."
msgstr "从终端读取口令时出错。"
-#: src/utils_password.c:240
+#: src/utils_password.c:225
msgid "Verify passphrase: "
msgstr "确认密码:"
-#: src/utils_password.c:247
+#: src/utils_password.c:232
msgid "Passphrases do not match."
msgstr "口令不匹配。"
-#: src/utils_password.c:284
+#: src/utils_password.c:269
msgid "Cannot use offset with terminal input."
msgstr "不能将偏移量用于终端输入。"
-#: src/utils_password.c:287
+#: src/utils_password.c:272
#, c-format
msgid "Enter passphrase: "
msgstr "输入口令:"
-#: src/utils_password.c:290
+#: src/utils_password.c:274
#, c-format
msgid "Enter passphrase for %s: "
msgstr "输入 %s 的口令:"
-#: src/utils_password.c:321
+#: src/utils_password.c:304
msgid "No key available with this passphrase."
msgstr "此口令无可用的密钥。"
-#: src/utils_password.c:323
-msgid "No usable keyslot is available."
-msgstr ""
-
-#: src/utils_password.c:365
+#: src/utils_password.c:339
#, c-format
msgid "Cannot open keyfile %s for write."
msgstr "无法打开密钥文件 %s 以供写入。"
-#: src/utils_password.c:372
+#: src/utils_password.c:346
#, c-format
msgid "Cannot write to keyfile %s."
msgstr "无法写入密钥文件 %s。"
-#: src/utils_luks2.c:47
-#, fuzzy, c-format
-msgid "Failed to open file %s in read-only mode."
-msgstr "打开 (open) 密钥文件失败。"
-
-#: src/utils_luks2.c:60
-msgid "Provide valid LUKS2 token JSON:\n"
-msgstr ""
-
-#: src/utils_luks2.c:67
-#, fuzzy
-msgid "Failed to read JSON file."
-msgstr "打开 (open) 密钥文件失败。"
-
-#: src/utils_luks2.c:72
-#, fuzzy
-msgid ""
-"\n"
-"Read interrupted."
-msgstr "测试密文"
-
-#: src/utils_luks2.c:113
-#, fuzzy, c-format
-msgid "Failed to open file %s in write mode."
-msgstr "无法打开密钥文件 %s 以供写入。"
-
-#: src/utils_luks2.c:122
-#, fuzzy
-msgid ""
-"\n"
-"Write interrupted."
-msgstr "测试密文"
-
-#: src/utils_luks2.c:126
-#, fuzzy
-msgid "Failed to write JSON file."
-msgstr "打开 (open) 密钥文件失败。"
-
-#, c-format
-#~ msgid "Cannot format device %s which is still in use."
-#~ msgstr "无法格式化正在使用的设备 %s。"
-
-#, c-format
-#~ msgid "Replaced with key slot %d."
-#~ msgstr "替换为密钥槽 %d。"
-
-#, c-format
-#~ msgid "Key slot %d is not used."
-#~ msgstr "密钥槽 %d 未使用。"
-
-#~ msgid "Function not available in FIPS mode."
-#~ msgstr "功能在 FIPS 模式无效。"
-
-#, c-format
-#~ msgid "WARNING: Locking directory %s/%s is missing!\n"
-#~ msgstr "警告:锁定目录 %s/%s 缺失!\n"
-
-#, fuzzy
-#~| msgid "Invalid size parameters for verity device.\n"
-#~ msgid "Invalid size parameters for verity device."
-#~ msgstr "为 VERITY 设备提供的大小指标无效。\n"
-
-#, c-format
-#~ msgid "Device %s is too small. (LUKS2 requires at least %<PRIu64> bytes.)"
-#~ msgstr "设备 %s 过小。(LUKS2 需要至少 %<PRIu64> 字节。)"
-
-#, c-format
-#~ msgid "Key slot %d selected for deletion."
-#~ msgstr "已选中密钥槽 %d 以供删除。"
-
-#~ msgid "open device as mapping <name>"
-#~ msgstr "以映射 <名称> 打开设备"
-
-#~ msgid "Unsupported encryption sector size.\n"
-#~ msgstr "不支持的加密扇区大小。\n"
-
-#, fuzzy
-#~| msgid "close device (remove mapping)"
-#~ msgid "close device (deactivate and remove mapping)"
-#~ msgstr "关闭设备(移除映射)"
-
-# stat() 主要就是出来一个各种文件信息……
-#~ msgid "Failed to set PBKDF parameters."
-#~ msgstr "设置 pbkdf 参数失败。"
-
-#, c-format
-#~ msgid "Activated keyslot %i."
-#~ msgstr "已激活密钥槽 %i。"
-
-#~ msgid "Cannot seek to device offset.\n"
-#~ msgstr "无法寻找到设备偏移位置。\n"
-
-#~ msgid "Interrupted by a signal."
-#~ msgstr "被信号中断。"
-
#~ msgid "memory allocation error in action_luksFormat"
#~ msgstr "在 action_luksFormat 中发生内存分配错误"
lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
+ src/utils_args.c \
src/utils_tools.c \
src/utils_password.c \
- src/utils_luks2.c \
+ src/utils_luks.c \
+ src/utils_luks.h \
src/utils_blockdev.c \
+ src/utils_arg_names.h \
+ src/utils_arg_macros.h \
+ src/utils_reencrypt.c \
+ src/utils_reencrypt_luks1.c \
+ src/utils_progress.c \
src/cryptsetup.c \
- src/cryptsetup.h
+ src/cryptsetup.h \
+ src/cryptsetup_args.h \
+ src/cryptsetup_arg_list.h
cryptsetup_LDADD = $(LDADD) \
libcryptsetup.la \
lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
+ src/utils_args.c \
+ src/utils_arg_names.h \
+ src/utils_arg_macros.h \
src/utils_tools.c \
- src/utils_password.c \
src/veritysetup.c \
+ src/veritysetup_args.h \
+ src/veritysetup_arg_list.h \
src/cryptsetup.h
veritysetup_LDADD = $(LDADD) \
libcryptsetup.la \
@POPT_LIBS@ \
- @PWQUALITY_LIBS@ \
- @PASSWDQC_LIBS@ \
@BLKID_LIBS@
sbin_PROGRAMS += veritysetup
veritysetup_static_LDADD = \
$(veritysetup_LDADD) \
@CRYPTO_STATIC_LIBS@ \
- @DEVMAPPER_STATIC_LIBS@ \
- @UUID_LIBS@
+ @DEVMAPPER_STATIC_LIBS@
endif
endif
lib/utils_loop.c \
lib/utils_io.c \
lib/utils_blkid.c \
+ src/utils_args.c \
+ src/utils_arg_names.h \
+ src/utils_arg_macros.h \
src/utils_tools.c \
+ src/utils_blockdev.c \
+ src/utils_progress.c \
src/integritysetup.c \
+ src/integritysetup_args.h \
+ src/integritysetup_arg_list.h \
src/cryptsetup.h
integritysetup_LDADD = $(LDADD) \
integritysetup_static_LDADD = \
$(integritysetup_LDADD) \
@CRYPTO_STATIC_LIBS@ \
- @DEVMAPPER_STATIC_LIBS@ \
- @UUID_LIBS@
-endif
-endif
-
-# reencrypt
-if REENCRYPT
-cryptsetup_reencrypt_SOURCES = \
- lib/utils_crypt.c \
- lib/utils_io.c \
- lib/utils_blkid.c \
- src/utils_tools.c \
- lib/utils_loop.c \
- src/utils_password.c \
- src/cryptsetup_reencrypt.c \
- src/cryptsetup.h
-
-cryptsetup_reencrypt_LDADD = $(LDADD) \
- libcryptsetup.la \
- @POPT_LIBS@ \
- @PWQUALITY_LIBS@ \
- @PASSWDQC_LIBS@ \
- @UUID_LIBS@ \
- @BLKID_LIBS@
-
-sbin_PROGRAMS += cryptsetup-reencrypt
-
-if STATIC_TOOLS
-sbin_PROGRAMS += cryptsetup-reencrypt.static
-cryptsetup_reencrypt_static_SOURCES = $(cryptsetup_reencrypt_SOURCES)
-cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static
-cryptsetup_reencrypt_static_LDADD = \
- $(cryptsetup_reencrypt_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
- @PWQUALITY_STATIC_LIBS@ \
@DEVMAPPER_STATIC_LIBS@
endif
endif
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include "cryptsetup.h"
#include <uuid/uuid.h>
-static char *opt_cipher = NULL;
-static char *opt_keyslot_cipher = NULL;
-static char *opt_hash = NULL;
-static char *opt_json_file = NULL;
-static char *opt_key_file = NULL;
-static char *opt_keyfile_stdin = NULL;
-static char *opt_keyfiles[MAX_KEYFILES];
-static char *opt_master_key_file = NULL;
-static char *opt_header_backup_file = NULL;
-static char *opt_uuid = NULL;
-static char *opt_header_device = NULL;
-static char *opt_type = NULL;
-static char *opt_pbkdf = NULL;
-static char *opt_priority = NULL; /* normal */
-static char *opt_integrity = NULL; /* none */
-static char *opt_key_description = NULL;
-static char *opt_label = NULL;
-static char *opt_subsystem = NULL;
-static char *opt_active_name = NULL;
-static char *opt_resilience_mode = NULL; /* default value "checksum" */
-static char *opt_resilience_hash = NULL; /* default value "sha256" */
-
-/* helper strings converted to uint64_t later */
-static char *opt_reduce_size_str = NULL;
-static char *opt_hotzone_size_str = NULL;
-static char *opt_device_size_str = NULL;
-static char *opt_luks2_metadata_size_str = NULL;
-static char *opt_luks2_keyslots_size_str = NULL;
-
-static uint64_t opt_reduce_size = 0;
-static uint64_t opt_hotzone_size = 0;
-static uint64_t opt_device_size = 0;
-static uint64_t opt_luks2_metadata_size = 0;
-static uint64_t opt_luks2_keyslots_size = 0;
-
-static int opt_keyfiles_count = 0;
-static int opt_verify_passphrase = 0;
-static int opt_key_size = 0;
-static int opt_keyslot_key_size = 0;
-static long opt_keyfile_size = 0;
-static long opt_new_keyfile_size = 0;
-static uint64_t opt_keyfile_offset = 0;
-static uint64_t opt_new_keyfile_offset = 0;
-static int opt_key_slot = CRYPT_ANY_SLOT;
-static int opt_token = CRYPT_ANY_TOKEN;
-static int opt_token_only = 0;
-static uint64_t opt_size = 0;
-static uint64_t opt_offset = 0;
-static uint64_t opt_skip = 0;
-static int opt_skip_valid = 0;
-static int opt_readonly = 0;
-static int opt_timeout = 0;
-static int opt_tries = 3;
-static int opt_align_payload = 0;
-static int opt_random = 0;
-static int opt_urandom = 0;
-static int opt_dump_master_key = 0;
-static int opt_shared = 0;
-static int opt_allow_discards = 0;
-static int opt_perf_same_cpu_crypt = 0;
-static int opt_perf_submit_from_crypt_cpus = 0;
-static int opt_perf_no_read_workqueue = 0;
-static int opt_perf_no_write_workqueue = 0;
-static int opt_test_passphrase = 0;
-static int opt_tcrypt_hidden = 0;
-static int opt_tcrypt_system = 0;
-static int opt_tcrypt_backup = 0;
-static int opt_veracrypt = 0;
-static int opt_veracrypt_pim = -1;
-static int opt_veracrypt_query_pim = 0;
-static int opt_deferred_remove = 0;
-static int opt_serialize_memory_hard_pbkdf = 0;
-//FIXME: check uint32 overflow for long type
-static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB;
-static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS;
-static long opt_pbkdf_iterations = 0;
-static int opt_iteration_time = 0;
-static int opt_disable_locks = 0;
-static int opt_disable_keyring = 0;
-static int opt_integrity_nojournal = 0;
-static int opt_integrity_no_wipe = 0;
-static int opt_integrity_legacy_padding = 0;
-static int opt_sector_size = 0;
-static int opt_iv_large_sectors = 0;
-static int opt_persistent = 0;
-static int opt_unbound = 0;
-static int opt_refresh = 0;
-
-/* LUKS2 reencryption parameters */
-static int opt_encrypt = 0;
-static int opt_reencrypt_init_only = 0;
-static int opt_reencrypt_resume_only = 0;
-static int opt_decrypt = 0;
-
-/* do not set from command line, use helpers above */
-static int64_t opt_data_shift;
-static const char *device_type = "luks";
-static const char *set_pbkdf = NULL;
+#include "cryptsetup.h"
+#include "cryptsetup_args.h"
+#include "utils_luks.h"
+
+static char *keyfiles[MAX_KEYFILES];
+static char *keyfile_stdin = NULL;
+
+static int keyfiles_count = 0;
+int64_t data_shift = 0;
+
+const char *device_type = "luks";
+const char *set_pbkdf = NULL;
static const char **action_argv;
static int action_argc;
static const char *null_action_argv[] = {NULL, NULL};
+static int total_keyfiles = 0;
-void tools_cleanup(void)
-{
- FREE_AND_NULL(opt_cipher);
- FREE_AND_NULL(opt_keyslot_cipher);
- FREE_AND_NULL(opt_hash);
- FREE_AND_NULL(opt_json_file);
- FREE_AND_NULL(opt_key_file);
- FREE_AND_NULL(opt_keyfile_stdin);
- FREE_AND_NULL(opt_master_key_file);
- FREE_AND_NULL(opt_header_backup_file);
- FREE_AND_NULL(opt_uuid);
- FREE_AND_NULL(opt_header_device);
- FREE_AND_NULL(opt_type);
- FREE_AND_NULL(opt_pbkdf);
- FREE_AND_NULL(opt_priority);
- FREE_AND_NULL(opt_integrity);
- FREE_AND_NULL(opt_key_description);
- FREE_AND_NULL(opt_label);
- FREE_AND_NULL(opt_subsystem);
- FREE_AND_NULL(opt_active_name);
- FREE_AND_NULL(opt_resilience_mode);
- FREE_AND_NULL(opt_resilience_hash);
- FREE_AND_NULL(opt_reduce_size_str);
- FREE_AND_NULL(opt_hotzone_size_str);
- FREE_AND_NULL(opt_device_size_str);
- FREE_AND_NULL(opt_luks2_metadata_size_str);
- FREE_AND_NULL(opt_luks2_keyslots_size_str);
-
- while (opt_keyfiles_count)
- free(opt_keyfiles[--opt_keyfiles_count]);
-}
-
-static const char *uuid_or_device_header(const char **data_device)
-{
- if (data_device)
- *data_device = opt_header_device ? action_argv[0] : NULL;
+static struct tools_log_params log_parms;
- return uuid_or_device(opt_header_device ?: action_argv[0]);
-}
+struct tools_arg tool_core_args[] = { { NULL, false, CRYPT_ARG_BOOL }, /* leave unused due to popt library */
+#define ARG(A, B, C, D, E, F, G, H) { A, false, F, G, H },
+#include "cryptsetup_arg_list.h"
+#undef ARG
+};
-static const char *luksType(const char *type)
+void tools_cleanup(void)
{
- if (type && !strcmp(type, "luks2"))
- return CRYPT_LUKS2;
-
- if (type && !strcmp(type, "luks1"))
- return CRYPT_LUKS1;
+ tools_args_free(tool_core_args, ARRAY_SIZE(tool_core_args));
- if (type && !strcmp(type, "luks"))
- return CRYPT_LUKS; /* NULL */
+ FREE_AND_NULL(keyfile_stdin);
- if (type && *type)
- return type;
+ while (keyfiles_count)
+ free(keyfiles[--keyfiles_count]);
- return CRYPT_LUKS; /* NULL */
+ total_keyfiles = 0;
}
-static int _verify_passphrase(int def)
-{
- /* Batch mode switch off verify - if not overridden by -y */
- if (opt_verify_passphrase)
- def = 1;
- else if (opt_batch_mode)
- def = 0;
-
- /* Non-tty input doesn't allow verify */
- if (def && !isatty(STDIN_FILENO)) {
- if (opt_verify_passphrase)
- log_err(_("Can't do passphrase verification on non-tty inputs."));
- def = 0;
- }
-
- return def;
-}
-
-static void _set_activation_flags(uint32_t *flags)
+static const char *uuid_or_device_header(const char **data_device)
{
- if (opt_readonly)
- *flags |= CRYPT_ACTIVATE_READONLY;
-
- if (opt_allow_discards)
- *flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
-
- if (opt_perf_same_cpu_crypt)
- *flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
-
- if (opt_perf_submit_from_crypt_cpus)
- *flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
-
- if (opt_perf_no_read_workqueue)
- *flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE;
-
- if (opt_perf_no_write_workqueue)
- *flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
-
- if (opt_integrity_nojournal)
- *flags |= CRYPT_ACTIVATE_NO_JOURNAL;
-
- /* In persistent mode, we use what is set on command line */
- if (opt_persistent)
- *flags |= CRYPT_ACTIVATE_IGNORE_PERSISTENT;
-
- /* Only for LUKS2 but ignored elsewhere */
- if (opt_test_passphrase)
- *flags |= CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY;
-
- if (opt_serialize_memory_hard_pbkdf)
- *flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
+ if (data_device)
+ *data_device = ARG_SET(OPT_HEADER_ID) ? action_argv[0] : NULL;
- /* Only for plain */
- if (opt_iv_large_sectors)
- *flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS;
+ return uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]);
}
-static void _set_reencryption_flags(uint32_t *flags)
+static bool isLUKS(const char *type)
{
- if (opt_reencrypt_init_only)
- *flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY;
-
- if (opt_reencrypt_resume_only)
- *flags |= CRYPT_REENCRYPT_RESUME_ONLY;
+ return isLUKS2(type) || isLUKS1(type);
}
static int _set_keyslot_encryption_params(struct crypt_device *cd)
{
const char *type = crypt_get_type(cd);
- if (!opt_keyslot_key_size && !opt_keyslot_cipher)
+ if (!ARG_SET(OPT_KEYSLOT_KEY_SIZE_ID) && !ARG_SET(OPT_KEYSLOT_CIPHER_ID))
return 0;
- if (!type || strcmp(type, CRYPT_LUKS2)) {
+ if (!isLUKS2(type)) {
log_err(_("Keyslot encryption parameters can be set only for LUKS2 device."));
return -EINVAL;
}
- return crypt_keyslot_set_encryption(cd, opt_keyslot_cipher, opt_keyslot_key_size / 8);
+ return crypt_keyslot_set_encryption(cd, ARG_STR(OPT_KEYSLOT_CIPHER_ID), ARG_UINT32(OPT_KEYSLOT_KEY_SIZE_ID) / 8);
+}
+
+static int _try_token_pin_unlock(struct crypt_device *cd,
+ int token_id,
+ const char *activated_name,
+ const char *token_type,
+ uint32_t activate_flags,
+ int tries,
+ bool activation)
+{
+ size_t pin_len;
+ char msg[64], *pin = NULL;
+ int r;
+
+ assert(tries >= 1);
+ assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN);
+
+ if (token_id == CRYPT_ANY_TOKEN)
+ r = snprintf(msg, sizeof(msg), _("Enter token PIN: "));
+ else
+ r = snprintf(msg, sizeof(msg), _("Enter token %d PIN: "), token_id);
+ if (r < 0 || (size_t)r >= sizeof(msg))
+ return -EINVAL;
+
+ do {
+ r = tools_get_key(msg, &pin, &pin_len, 0, 0, NULL,
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
+ if (r < 0)
+ break;
+
+ if (activation)
+ r = crypt_activate_by_token_pin(cd, activated_name, token_type,
+ token_id, pin, pin_len, NULL,
+ activate_flags);
+ else
+ r = crypt_resume_by_token_pin(cd, activated_name, token_type,
+ token_id, pin, pin_len, NULL);
+ crypt_safe_free(pin);
+ pin = NULL;
+ tools_keyslot_msg(r, UNLOCKED);
+ tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), token_id, true);
+ check_signal(&r);
+ } while (r == -ENOANO && (--tries > 0));
+
+ return r;
}
static int action_open_plain(void)
char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
struct crypt_active_device cad;
struct crypt_params_plain params = {
- .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
- .skip = opt_skip,
- .offset = opt_offset,
- .size = opt_size,
- .sector_size = opt_sector_size ?: SECTOR_SIZE
+ .hash = ARG_SET(OPT_HASH_ID) ? ARG_STR(OPT_HASH_ID) : DEFAULT_PLAIN_HASH,
+ .skip = ARG_UINT64(OPT_SKIP_ID),
+ .offset = ARG_UINT64(OPT_OFFSET_ID),
+ .sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID) ?: SECTOR_SIZE
};
char *password = NULL;
const char *activated_name = NULL;
size_t passwordLen, key_size_max, signatures = 0,
- key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
+ key_size = (ARG_UINT32(OPT_KEY_SIZE_ID) ?: DEFAULT_PLAIN_KEYBITS) / 8;
uint32_t activate_flags = 0;
int r;
- r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
+ r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID) ?: DEFAULT_CIPHER(PLAIN),
cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected."));
}
/* FIXME: temporary hack, no hashing for keyfiles in plain mode */
- if (opt_key_file && !tools_is_stdin(opt_key_file)) {
+ if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID))) {
params.hash = NULL;
- if (!opt_batch_mode && opt_hash)
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && ARG_SET(OPT_HASH_ID))
log_std(_("WARNING: The --hash parameter is being ignored "
"in plain mode with keyfile specified.\n"));
}
if (params.hash && !strcmp(params.hash, "plain"))
params.hash = NULL;
- if (!opt_batch_mode && !params.hash && opt_key_file && !tools_is_stdin(opt_key_file) && opt_keyfile_size)
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !params.hash && ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && ARG_SET(OPT_KEYFILE_SIZE_ID))
log_std(_("WARNING: The --keyfile-size option is being ignored, "
"the read size is the same as the encryption key size.\n"));
- if (opt_refresh) {
+ if (ARG_SET(OPT_REFRESH_ID)) {
activated_name = action_argc > 1 ? action_argv[1] : action_argv[0];
r = crypt_init_by_name_and_header(&cd1, activated_name, NULL);
if (r)
goto out;
/* Skip blkid scan when activating plain device with offset */
- if (!opt_offset) {
+ if (!ARG_UINT64(OPT_OFFSET_ID)) {
/* Print all present signatures in read-only mode */
- r = tools_detect_signatures(action_argv[0], 0, &signatures);
+ r = tools_detect_signatures(action_argv[0], PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID));
if (r < 0)
goto out;
}
- if (signatures) {
+ if (signatures && !ARG_SET(OPT_BATCH_MODE_ID)) {
r = asprintf(&msg, _("Detected device signature(s) on %s. Proceeding further may damage existing data."), action_argv[0]);
if (r == -1) {
r = -ENOMEM;
pmode = cipher_mode;
}
+ if (ARG_SET(OPT_DEVICE_SIZE_ID))
+ params.size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE;
+ else if (ARG_SET(OPT_SIZE_ID))
+ params.size = ARG_UINT64(OPT_SIZE_ID);
+
r = crypt_format(cd, CRYPT_PLAIN,
pcipher, pmode,
NULL, NULL,
if (r < 0)
goto out;
- if (opt_shared)
+ if (ARG_SET(OPT_SHARED_ID))
activate_flags |= CRYPT_ACTIVATE_SHARED;
- _set_activation_flags(&activate_flags);
+ set_activation_flags(&activate_flags);
- if (!tools_is_stdin(opt_key_file)) {
+ if (!tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID))) {
/* If no hash, key is read directly, read size is always key_size
- * (possible opt_keyfile_size is ignored.
- * If hash is specified, opt_keyfile_size is applied.
- * The opt_keyfile_offset is applied always.
+ * (possible --keyfile_size is ignored.
+ * If hash is specified, --keyfile_size is applied.
+ * The --keyfile_offset is applied always.
*/
- key_size_max = params.hash ? (size_t)opt_keyfile_size : key_size;
+ key_size_max = params.hash ? ARG_UINT32(OPT_KEYFILE_SIZE_ID) : key_size;
r = crypt_activate_by_keyfile_device_offset(cd, action_argv[1],
- CRYPT_ANY_SLOT, opt_key_file, key_size_max,
- opt_keyfile_offset, activate_flags);
+ CRYPT_ANY_SLOT, ARG_STR(OPT_KEY_FILE_ID), key_size_max,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), activate_flags);
} else {
- key_size_max = (opt_key_file && !params.hash) ? key_size : (size_t)opt_keyfile_size;
+ key_size_max = (ARG_SET(OPT_KEY_FILE_ID) && !params.hash) ? key_size : ARG_UINT32(OPT_KEYFILE_SIZE_ID);
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, key_size_max,
- opt_key_file, opt_timeout,
- _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), key_size_max,
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
{
struct crypt_device *cd = NULL;
struct crypt_params_loopaes params = {
- .hash = opt_hash ?: NULL,
- .offset = opt_offset,
- .skip = opt_skip_valid ? opt_skip : opt_offset,
+ .hash = ARG_STR(OPT_HASH_ID),
+ .offset = ARG_UINT64(OPT_OFFSET_ID),
+ .skip = ARG_SET(OPT_SKIP_ID) ? ARG_UINT64(OPT_SKIP_ID) : ARG_UINT64(OPT_OFFSET_ID)
};
- unsigned int key_size = (opt_key_size ?: DEFAULT_LOOPAES_KEYBITS) / 8;
+ unsigned int key_size = (ARG_UINT32(OPT_KEY_SIZE_ID) ?: DEFAULT_LOOPAES_KEYBITS) / 8;
uint32_t activate_flags = 0;
const char *activated_name = NULL;
int r;
- if (!opt_key_file) {
+ if (!ARG_SET(OPT_KEY_FILE_ID)) {
log_err(_("Option --key-file is required."));
return -EINVAL;
}
- if (opt_refresh) {
+ if (ARG_SET(OPT_REFRESH_ID)) {
activated_name = action_argc > 1 ? action_argv[1] : action_argv[0];
if ((r = crypt_init_by_name(&cd, activated_name)))
goto out;
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
- r = crypt_format(cd, CRYPT_LOOPAES, opt_cipher ?: DEFAULT_LOOPAES_CIPHER,
+ r = crypt_format(cd, CRYPT_LOOPAES, ARG_STR(OPT_CIPHER_ID) ?: DEFAULT_LOOPAES_CIPHER,
NULL, NULL, NULL, key_size, ¶ms);
check_signal(&r);
if (r < 0)
goto out;
}
- _set_activation_flags(&activate_flags);
+ set_activation_flags(&activate_flags);
r = crypt_activate_by_keyfile_device_offset(cd, activated_name, CRYPT_ANY_SLOT,
- tools_is_stdin(opt_key_file) ? "/dev/stdin" : opt_key_file, opt_keyfile_size,
- opt_keyfile_offset, activate_flags);
+ tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) ? "/dev/stdin" : ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), activate_flags);
out:
crypt_free(cd);
static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *params)
{
- int r, tries = opt_tries, eperm = 0;
-
- if (opt_keyfile_stdin)
- tries = 1;
+ int r, tries, eperm = 0;
+ tries = set_tries_tty();
do {
/* TCRYPT header is encrypted, get passphrase now */
r = tools_get_key(NULL, CONST_CAST(char**)¶ms->passphrase,
- ¶ms->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout,
- _verify_passphrase(0), 0, cd);
+ ¶ms->passphrase_size, 0, 0, keyfile_stdin, ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
if (r < 0)
continue;
- if (opt_veracrypt_query_pim) {
+ if (ARG_SET(OPT_VERACRYPT_QUERY_PIM_ID)) {
char *tmp_pim_nptr = NULL;
char *tmp_pim_end = NULL;
size_t tmp_pim_size = 0;
r = tools_get_key(_("Enter VeraCrypt PIM: "),
&tmp_pim_nptr,
- &tmp_pim_size, 0, 0, opt_keyfile_stdin, opt_timeout,
- _verify_passphrase(0), 0, cd);
+ &tmp_pim_size, 0, 0, keyfile_stdin, ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
if (r < 0)
continue;
crypt_safe_memzero(&tmp_pim_ull, sizeof(tmp_pim_ull));
}
- if (opt_tcrypt_hidden)
+ if (ARG_SET(OPT_TCRYPT_HIDDEN_ID))
params->flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
- if (opt_tcrypt_system)
+ if (ARG_SET(OPT_TCRYPT_SYSTEM_ID))
params->flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
- if (opt_tcrypt_backup)
+ if (ARG_SET(OPT_TCRYPT_BACKUP_ID))
params->flags |= CRYPT_TCRYPT_BACKUP_HEADER;
r = crypt_load(cd, CRYPT_TCRYPT, params);
{
struct crypt_device *cd = NULL;
struct crypt_params_tcrypt params = {
- .keyfiles = CONST_CAST(const char **)opt_keyfiles,
- .keyfiles_count = opt_keyfiles_count,
+ .keyfiles = CONST_CAST(const char **)keyfiles,
+ .keyfiles_count = keyfiles_count,
.flags = CRYPT_TCRYPT_LEGACY_MODES |
- (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0),
- .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0,
+ (ARG_SET(OPT_DISABLE_VERACRYPT_ID) ? 0 : CRYPT_TCRYPT_VERA_MODES),
+ .veracrypt_pim = ARG_UINT32(OPT_VERACRYPT_PIM_ID),
+ .hash_name = ARG_STR(OPT_HASH_ID),
+ .cipher = ARG_STR(OPT_CIPHER_ID),
};
const char *activated_name;
uint32_t activate_flags = 0;
int r;
- activated_name = opt_test_passphrase ? NULL : action_argv[1];
+ activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1];
- r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]);
+ r = crypt_init_data_device(&cd, ARG_STR(OPT_HEADER_ID) ?: action_argv[0], action_argv[0]);
if (r < 0)
goto out;
if (r < 0)
goto out;
- _set_activation_flags(&activate_flags);
+ set_activation_flags(&activate_flags);
if (activated_name)
r = crypt_activate_by_volume_key(cd, activated_name, NULL, 0, activate_flags);
struct crypt_device *cd = NULL;
const char *activated_name;
uint32_t activate_flags = 0;
- int r, tries;
+ int r, tries, keysize;
char *password = NULL;
+ char *key = NULL;
size_t passwordLen;
- activated_name = opt_test_passphrase ? NULL : action_argv[1];
+ activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1];
if ((r = crypt_init(&cd, action_argv[0])))
goto out;
log_err(_("Device %s is not a valid BITLK device."), action_argv[0]);
goto out;
}
- _set_activation_flags(&activate_flags);
+ set_activation_flags(&activate_flags);
- tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
- do {
- r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ keysize = crypt_get_volume_key_size(cd);
+ if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) {
+ log_err(_("Cannot determine volume key size for BITLK, please use --key-size option."));
+ r = -EINVAL;
+ goto out;
+ } else if (!keysize)
+ keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8;
+
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
goto out;
+ r = crypt_activate_by_volume_key(cd, activated_name,
+ key, keysize, activate_flags);
+ } else {
+ tries = set_tries_tty();
+ do {
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
+ if (r < 0)
+ goto out;
- r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT,
- password, passwordLen, activate_flags);
- tools_passphrase_msg(r);
- check_signal(&r);
- crypt_safe_free(password);
- password = NULL;
- } while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
+ r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT,
+ password, passwordLen, activate_flags);
+ tools_passphrase_msg(r);
+ check_signal(&r);
+ crypt_safe_free(password);
+ password = NULL;
+ } while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
+ }
out:
crypt_safe_free(password);
+ crypt_safe_free(key);
crypt_free(cd);
return r;
}
{
char *vk = NULL;
size_t vk_size;
- unsigned i;
int r;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
- if (!yesDialog(
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(
_("Header dump with volume key is sensitive information\n"
"which allows access to encrypted partition without passphrase.\n"
"This dump should be always stored encrypted on safe place."),
log_std("Payload offset:\t%d\n", (int)crypt_get_data_offset(cd));
log_std("MK bits: \t%d\n", (int)vk_size * 8);
log_std("MK dump:\t");
-
- for(i = 0; i < vk_size; i++) {
- if (i && !(i % 16))
- log_std("\n\t\t");
- log_std("%02hhx ", (char)vk[i]);
- }
+ crypt_log_hex(NULL, vk, vk_size, " ", 16, "\n\t\t");
log_std("\n");
out:
crypt_safe_free(vk);
{
struct crypt_device *cd = NULL;
struct crypt_params_tcrypt params = {
- .keyfiles = CONST_CAST(const char **)opt_keyfiles,
- .keyfiles_count = opt_keyfiles_count,
+ .keyfiles = CONST_CAST(const char **)keyfiles,
+ .keyfiles_count = keyfiles_count,
.flags = CRYPT_TCRYPT_LEGACY_MODES |
- (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0),
- .veracrypt_pim = (opt_veracrypt_pim > 0) ? opt_veracrypt_pim : 0,
+ (ARG_SET(OPT_DISABLE_VERACRYPT_ID) ? 0: CRYPT_TCRYPT_VERA_MODES),
+ .veracrypt_pim = ARG_UINT32(OPT_VERACRYPT_PIM_ID),
+ .hash_name = ARG_STR(OPT_HASH_ID),
+ .cipher = ARG_STR(OPT_CIPHER_ID),
};
int r;
- r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0], action_argv[0]);
+ r = crypt_init_data_device(&cd, ARG_STR(OPT_HEADER_ID) ?: action_argv[0], action_argv[0]);
if (r < 0)
goto out;
if (r < 0)
goto out;
- if (opt_dump_master_key)
+ if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
r = tcryptDump_with_volume_key(cd);
else
r = crypt_dump(cd);
return r;
}
+static int bitlkDump_with_volume_key(struct crypt_device *cd)
+{
+ char *vk = NULL, *password = NULL;
+ size_t passwordLen = 0;
+ size_t vk_size;
+ int r;
+
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(
+ _("The header dump with volume key is sensitive information\n"
+ "that allows access to encrypted partition without a passphrase.\n"
+ "This dump should be stored encrypted in a safe place."),
+ NULL))
+ return -EPERM;
+
+ vk_size = crypt_get_volume_key_size(cd);
+ vk = crypt_safe_alloc(vk_size);
+ if (!vk)
+ return -ENOMEM;
+
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd);
+ if (r < 0)
+ goto out;
+
+ r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
+ password, passwordLen);
+ tools_passphrase_msg(r);
+ check_signal(&r);
+ if (r < 0)
+ goto out;
+ tools_keyslot_msg(r, UNLOCKED);
+
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_write_mk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), vk, vk_size);
+ if (r < 0)
+ goto out;
+ }
+
+ log_std("BITLK header information for %s\n", crypt_get_device_name(cd));
+ log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
+ log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
+ log_std("UUID: \t%s\n", crypt_get_uuid(cd));
+ log_std("MK bits: \t%d\n", (int)vk_size * 8);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ log_std("Key stored to file %s.\n", ARG_STR(OPT_VOLUME_KEY_FILE_ID));
+ goto out;
+ }
+ log_std("MK dump:\t");
+ crypt_log_hex(NULL, vk, vk_size, " ", 16, "\n\t\t");
+ log_std("\n");
+out:
+ crypt_safe_free(password);
+ crypt_safe_free(vk);
+ return r;
+}
+
static int action_bitlkDump(void)
{
struct crypt_device *cd = NULL;
goto out;
r = crypt_load(cd, CRYPT_BITLK, NULL);
+ if (r < 0) {
+ log_err(_("Device %s is not a valid BITLK device."), action_argv[0]);
+ goto out;
+ }
+
+ if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
+ r = bitlkDump_with_volume_key(cd);
+ else
+ r = crypt_dump(cd);
+out:
+ crypt_free(cd);
+ return r;
+}
+
+static int fvault2Dump_with_volume_key(struct crypt_device *cd)
+{
+ char *vk = NULL;
+ char *password = NULL;
+ size_t vk_size = 0;
+ size_t pass_len = 0;
+ int r = 0;
+
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(
+ _("The header dump with volume key is sensitive information\n"
+ "that allows access to encrypted partition without a passphrase.\n"
+ "This dump should be stored encrypted in a safe place."),
+ NULL))
+ return -EPERM;
+
+ vk_size = crypt_get_volume_key_size(cd);
+ vk = crypt_safe_alloc(vk_size);
+ if (vk == NULL)
+ return -ENOMEM;
+
+ r = tools_get_key(NULL, &password, &pass_len,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd);
+ if (r < 0)
+ goto out;
+
+ r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size, password, pass_len);
+ tools_passphrase_msg(r);
+ check_signal(&r);
if (r < 0)
goto out;
+ tools_keyslot_msg(r, UNLOCKED);
+
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_write_mk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), vk, vk_size);
+ if (r < 0)
+ goto out;
+ }
+
r = crypt_dump(cd);
+ if (r < 0)
+ goto out;
+
+ log_std("Volume key: \t");
+ crypt_log_hex(cd, vk, vk_size, " ", 0, NULL);
+ log_std("\n");
+out:
+ crypt_safe_free(password);
+ crypt_safe_free(vk);
+ return r;
+}
+
+static int action_fvault2Dump(void)
+{
+ struct crypt_device *cd = NULL;
+ int r = 0;
+
+ r = crypt_init(&cd, action_argv[0]);
+ if (r < 0)
+ goto out;
+
+ r = crypt_load(cd, CRYPT_FVAULT2, NULL);
+ if (r < 0) {
+ log_err(_("Device %s is not a valid FVAULT2 device."), action_argv[0]);
+ goto out;
+ }
+
+ if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
+ r = fvault2Dump_with_volume_key(cd);
+ else
+ r = crypt_dump(cd);
out:
crypt_free(cd);
return r;
}
+static int action_open_fvault2(void)
+{
+ struct crypt_device *cd = NULL;
+ const char *activated_name;
+ uint32_t activate_flags = 0;
+ int r, tries, keysize;
+ char *password = NULL;
+ char *key = NULL;
+ size_t passwordLen;
+
+ activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1];
+
+ if ((r = crypt_init(&cd, action_argv[0])))
+ goto out;
+
+ r = crypt_load(cd, CRYPT_FVAULT2, NULL);
+ if (r < 0) {
+ log_err(_("Device %s is not a valid FVAULT2 device."), action_argv[0]);
+ goto out;
+ }
+ set_activation_flags(&activate_flags);
+
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ keysize = crypt_get_volume_key_size(cd);
+ if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) {
+ log_err(_("Cannot determine volume key size for FVAULT2, please use --key-size option."));
+ r = -EINVAL;
+ goto out;
+ } else if (!keysize)
+ keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8;
+
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
+ if (r < 0)
+ goto out;
+ r = crypt_activate_by_volume_key(cd, activated_name, key, keysize, activate_flags);
+ } else {
+ tries = set_tries_tty();
+ do {
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
+ if (r < 0)
+ goto out;
+
+ r = crypt_activate_by_passphrase(cd, activated_name, CRYPT_ANY_SLOT,
+ password, passwordLen, activate_flags);
+ tools_passphrase_msg(r);
+ check_signal(&r);
+ crypt_safe_free(password);
+ password = NULL;
+ } while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
+ }
+out:
+ crypt_safe_free(password);
+ crypt_safe_free(key);
+ crypt_free(cd);
+ return r;
+}
+
static int action_close(void)
{
struct crypt_device *cd = NULL;
uint32_t flags = 0;
int r;
- if (opt_deferred_remove)
+ if (ARG_SET(OPT_DEFERRED_ID))
flags |= CRYPT_DEACTIVATE_DEFERRED;
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID))
+ flags |= CRYPT_DEACTIVATE_DEFERRED_CANCEL;
- r = crypt_init_by_name(&cd, action_argv[0]);
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], ARG_STR(OPT_HEADER_ID));
if (r == 0)
r = crypt_deactivate_by_name(cd, action_argv[0], flags);
- if (!r && opt_deferred_remove) {
+ if (!r && ARG_SET(OPT_DEFERRED_ID)) {
ci = crypt_status(cd, action_argv[0]);
if (ci == CRYPT_ACTIVE || ci == CRYPT_BUSY)
log_std(_("Device %s is still active and scheduled for deferred removal.\n"),
int r;
size_t passwordLen;
struct crypt_active_device cad;
+ uint64_t dev_size = 0;
char *password = NULL;
struct crypt_device *cd = NULL;
- r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], ARG_STR(OPT_HEADER_ID));
if (r)
goto out;
if (r)
goto out;
+ if (ARG_SET(OPT_DEVICE_SIZE_ID))
+ dev_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE;
+ else if (ARG_SET(OPT_SIZE_ID))
+ dev_size = ARG_UINT64(OPT_SIZE_ID);
+
if (cad.flags & CRYPT_ACTIVATE_KEYRING_KEY) {
- if (opt_disable_keyring) {
+ if (ARG_SET(OPT_DISABLE_KEYRING_ID)) {
r = -EINVAL;
log_err(_("Resize of active device requires volume key "
"in keyring but --disable-keyring option is set."));
}
/* try load VK in kernel keyring using token */
- r = crypt_activate_by_token(cd, NULL, opt_token, NULL,
- CRYPT_ACTIVATE_KEYRING_KEY);
+ r = crypt_activate_by_token_pin(cd, NULL, ARG_STR(OPT_TOKEN_TYPE_ID),
+ ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL,
+ CRYPT_ACTIVATE_KEYRING_KEY);
tools_keyslot_msg(r, UNLOCKED);
- if (r >= 0)
- goto resize;
- else if (opt_token_only)
+ tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false);
+
+ /* Token requires PIN. Ask if there is evident preference for tokens */
+ if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) ||
+ ARG_SET(OPT_TOKEN_ID_ID)))
+ r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL, ARG_STR(OPT_TOKEN_TYPE_ID), CRYPT_ACTIVATE_KEYRING_KEY, 1, true);
+
+ if (r >= 0 || quit || ARG_SET(OPT_TOKEN_ONLY_ID))
goto out;
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
- r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
+ r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen,
CRYPT_ACTIVATE_KEYRING_KEY);
tools_passphrase_msg(r);
tools_keyslot_msg(r, UNLOCKED);
- crypt_safe_free(password);
}
-resize:
- if (opt_device_size)
- opt_size = opt_device_size / SECTOR_SIZE;
- if (r >= 0)
- r = crypt_resize(cd, action_argv[0], opt_size);
out:
+ if (r >= 0)
+ r = crypt_resize(cd, action_argv[0], dev_size);
+
+ crypt_safe_free(password);
crypt_free(cd);
return r;
}
log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
ci == CRYPT_BUSY ? " and is in use" : "");
- r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], ARG_STR(OPT_HEADER_ID));
if (r < 0)
goto out;
.time_ms = 1000,
};
- r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "bar", 3, key_size,
+ r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foobarfo", 8, "0123456789abcdef", 16, key_size,
&benchmark_callback, &pbkdf);
if (r < 0)
log_std(_("PBKDF2-%-9s N/A\n"), hash);
} else {
struct crypt_pbkdf_type pbkdf = {
.type = kdf,
- .time_ms = opt_iteration_time ?: DEFAULT_LUKS2_ITER_TIME,
- .max_memory_kb = opt_pbkdf_memory,
- .parallel_threads = opt_pbkdf_parallel,
+ .time_ms = ARG_UINT32(OPT_ITER_TIME_ID) ?: DEFAULT_LUKS2_ITER_TIME,
+ .max_memory_kb = ARG_UINT32(OPT_PBKDF_MEMORY_ID),
+ .parallel_threads = ARG_UINT32(OPT_PBKDF_PARALLEL_ID)
};
- r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3,
+ r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foobarfo", 8,
"0123456789abcdef0123456789abcdef", 32,
key_size, &benchmark_callback, &pbkdf);
if (r < 0)
};
char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
double enc_mbr = 0, dec_mbr = 0;
- int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
+ int key_size = (ARG_UINT32(OPT_KEY_SIZE_ID) ?: DEFAULT_PLAIN_KEYBITS) / 8;
int skipped = 0, width;
char *c;
int i, r;
log_std(_("# Tests are approximate using memory only (no storage IO).\n"));
- if (set_pbkdf || opt_hash) {
- if (!set_pbkdf && opt_hash)
+ if (set_pbkdf || ARG_SET(OPT_HASH_ID)) {
+ if (!set_pbkdf && ARG_SET(OPT_HASH_ID))
set_pbkdf = CRYPT_KDF_PBKDF2;
- r = action_benchmark_kdf(set_pbkdf, opt_hash, key_size);
- } else if (opt_cipher) {
- r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+ r = action_benchmark_kdf(set_pbkdf, ARG_STR(OPT_HASH_ID), key_size);
+ } else if (ARG_SET(OPT_CIPHER_ID)) {
+ r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID), cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected."));
return r;
log_std("%*s-%s %9db %10.1f MiB/s %10.1f MiB/s\n", width - (int)strlen(cipher_mode) - 1,
cipher, cipher_mode, key_size*8, enc_mbr, dec_mbr);
} else if (r < 0)
- log_err(_("Cipher %s (with %i bits key) is not available."), opt_cipher, key_size * 8);
+ log_err(_("Cipher %s (with %i bits key) is not available."), ARG_STR(OPT_CIPHER_ID), key_size * 8);
} else {
for (i = 0; bkdfs[i].type; i++) {
r = action_benchmark_kdf(bkdfs[i].type, bkdfs[i].hash, key_size);
return r;
}
-static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
+static int reencrypt_metadata_repair(struct crypt_device *cd)
{
- const struct crypt_pbkdf_type *pbkdf_default;
- struct crypt_pbkdf_type pbkdf = {};
+ char *password;
+ size_t passwordLen;
+ int r;
+ struct crypt_params_reencrypt params = {
+ .flags = CRYPT_REENCRYPT_REPAIR_NEEDED
+ };
- pbkdf_default = crypt_get_pbkdf_default(dev_type);
- if (!pbkdf_default)
+ if (!ARG_SET(OPT_BATCH_MODE_ID) &&
+ !yesDialog(_("Unprotected LUKS2 reencryption metadata detected. "
+ "Please verify the reencryption operation is desirable (see luksDump output)\n"
+ "and continue (upgrade metadata) only if you acknowledge the operation as genuine."),
+ _("Operation aborted.\n")))
return -EINVAL;
- pbkdf.type = set_pbkdf ?: pbkdf_default->type;
- pbkdf.hash = opt_hash ?: pbkdf_default->hash;
- pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms;
- if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) {
- pbkdf.max_memory_kb = (uint32_t)opt_pbkdf_memory ?: pbkdf_default->max_memory_kb;
- pbkdf.parallel_threads = (uint32_t)opt_pbkdf_parallel ?: pbkdf_default->parallel_threads;
- }
-
- if (opt_pbkdf_iterations) {
- pbkdf.iterations = opt_pbkdf_iterations;
- pbkdf.time_ms = 0;
- pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
- }
-
- return crypt_set_pbkdf_type(cd, &pbkdf);
-}
-
-static int set_keyslot_params(struct crypt_device *cd, int keyslot)
-{
- const char *cipher;
- struct crypt_pbkdf_type pbkdf;
- size_t key_size;
-
- cipher = crypt_keyslot_get_encryption(cd, keyslot, &key_size);
- if (!cipher)
- return -EINVAL;
-
- if (crypt_is_cipher_null(cipher)) {
- log_dbg("Keyslot %d uses cipher_null. Replacing with default encryption in new keyslot.", keyslot);
- cipher = DEFAULT_LUKS2_KEYSLOT_CIPHER;
- key_size = DEFAULT_LUKS2_KEYSLOT_KEYBITS / 8;
- }
-
- if (crypt_keyslot_set_encryption(cd, cipher, key_size))
- return -EINVAL;
-
- /* if requested any of those just reinitialize context pbkdf */
- if (set_pbkdf || opt_hash || opt_pbkdf_iterations || opt_iteration_time)
- return set_pbkdf_params(cd, CRYPT_LUKS2);
-
- if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf))
- return -EINVAL;
-
- pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
-
- return crypt_set_pbkdf_type(cd, &pbkdf);
-}
-
-static int reencrypt_metadata_repair(struct crypt_device *cd)
-{
- char *password;
- size_t passwordLen;
- int r;
- struct crypt_params_reencrypt params = {
- .flags = CRYPT_REENCRYPT_REPAIR_NEEDED
- };
-
- if (!opt_batch_mode &&
- !yesDialog(_("Unprotected LUKS2 reencryption metadata detected. "
- "Please verify the reencryption operation is desirable (see luksDump output)\n"
- "and continue (upgrade metadata) only if you acknowledge the operation as genuine."),
- _("Operation aborted.\n")))
- return -EINVAL;
-
- r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "),
- &password, &passwordLen, opt_keyfile_offset,
- opt_keyfile_size, opt_key_file, opt_timeout,
- _verify_passphrase(0), 0, cd);
- if (r < 0)
- return r;
+ r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "),
+ &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
+ if (r < 0)
+ return r;
r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen,
- opt_key_slot, opt_key_slot, NULL, NULL, ¶ms);
+ ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID), NULL, NULL, ¶ms);
tools_passphrase_msg(r);
if (r < 0)
goto out;
- r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
+ r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen, 0);
tools_passphrase_msg(r);
if (r >= 0)
case CRYPT_REENCRYPT_CLEAN:
break;
case CRYPT_REENCRYPT_CRASH:
- r = yesDialog(_("Really proceed with LUKS2 reencryption recovery?"),
- _("Operation aborted.\n"));
- if (!r)
+ if (!ARG_SET(OPT_BATCH_MODE_ID) &&
+ !yesDialog(_("Really proceed with LUKS2 reencryption recovery?"),
+ _("Operation aborted.\n")))
return -EINVAL;
break;
default:
else
msg = _("Enter passphrase for reencryption recovery: ");
- r = tools_get_key(msg, &password, &passwordLen, opt_keyfile_offset,
- opt_keyfile_size, opt_key_file, opt_timeout,
- _verify_passphrase(0), 0, cd);
+ r = tools_get_key(msg, &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
if (r < 0)
return r;
- r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
+ r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen, 0);
if (r < 0)
goto out;
}
r = crypt_reencrypt_init_by_passphrase(cd, NULL, password, passwordLen,
- opt_key_slot, opt_key_slot, NULL, NULL,
+ ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID), NULL, NULL,
&(struct crypt_params_reencrypt){ .flags = CRYPT_REENCRYPT_RECOVERY });
if (r > 0)
r = 0;
struct crypt_device *cd = NULL;
int r;
- if ((r = crypt_init_data_device(&cd, opt_header_device ?: action_argv[0],
+ if ((r = crypt_init_data_device(&cd, ARG_STR(OPT_HEADER_ID) ?: action_argv[0],
action_argv[0])))
goto out;
- crypt_set_log_callback(cd, quiet_log, NULL);
+ crypt_set_log_callback(cd, quiet_log, &log_parms);
r = crypt_load(cd, luksType(device_type), NULL);
- crypt_set_log_callback(cd, tool_log, NULL);
- if (r == 0) {
+ crypt_set_log_callback(cd, tool_log, &log_parms);
+ if (r == 0 && isLUKS2(crypt_get_type(cd))) {
+ /*
+ * LUKS2 triggers autorepair in crypt_load() above
+ * LUKS1 need to call crypt_repair() even if crypt_load() is ok
+ */
log_verbose(_("No known problems detected for LUKS header."));
- goto skip_repair;
+ goto out;
}
- r = tools_detect_signatures(action_argv[0], 1, NULL);
+ r = tools_detect_signatures(action_argv[0], PRB_FILTER_LUKS, NULL, ARG_SET(OPT_BATCH_MODE_ID));
if (r < 0)
goto out;
- r = yesDialog(_("Really try to repair LUKS device header?"),
- _("Operation aborted.\n")) ? 0 : -EINVAL;
- if (r == 0)
+ if (!ARG_SET(OPT_BATCH_MODE_ID) &&
+ !yesDialog(_("Really try to repair LUKS device header?"),
+ _("Operation aborted.\n")))
+ r = -EINVAL;
+ else
r = crypt_repair(cd, luksType(device_type), NULL);
-skip_repair:
+out:
/* Header is ok, check if reencryption metadata needs repair/recovery. */
- if (!r && crypt_get_type(cd) && !strcmp(crypt_get_type(cd), CRYPT_LUKS2))
+ if (!r && isLUKS2(crypt_get_type(cd)))
r = luks2_reencrypt_repair(cd);
-out:
+
crypt_free(cd);
return r;
}
{
char tmp_name[64], tmp_path[128], tmp_uuid[40];
uuid_t tmp_uuid_bin;
- int r;
+ int r = -EINVAL;
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nWipe interrupted."),
+ .device = tools_get_device_name(crypt_get_device_name(cd), &backing_file)
+ };
- if (!opt_batch_mode)
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
log_std(_("Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c "
"(rest of not wiped device will contain invalid checksum).\n"));
uuid_generate(tmp_uuid_bin);
uuid_unparse(tmp_uuid_bin, tmp_uuid);
if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0)
- return -EINVAL;
+ goto out;
if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0)
- return -EINVAL;
+ goto out;
r = crypt_activate_by_volume_key(cd, tmp_name, NULL, 0,
CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL);
if (r < 0)
- return r;
+ goto out;
/* Wipe the device */
set_int_handler(0);
r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK,
- 0, &tools_wipe_progress, NULL);
+ 0, &tools_progress, &prog_parms);
if (crypt_deactivate(cd, tmp_name))
log_err(_("Cannot deactivate temporary device %s."), tmp_path);
set_int_block(0);
+out:
+ free(backing_file);
return r;
}
return !str ? 0 : strcmp(str, expected);
}
-static int get_adjusted_key_size(const char *cipher_mode, uint32_t default_size_bits, int integrity_keysize)
-{
- uint32_t keysize_bits = opt_key_size;
-
-#ifdef ENABLE_LUKS_ADJUST_XTS_KEYSIZE
- if (!opt_key_size && !strncmp(cipher_mode, "xts-", 4)) {
- if (default_size_bits == 128)
- keysize_bits = 256;
- else if (default_size_bits == 256)
- keysize_bits = 512;
- }
-#endif
- return (keysize_bits ?: default_size_bits) / 8 + integrity_keysize;
-}
-
-static int _luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen)
+int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen)
{
int r = -EINVAL, keysize, integrity_keysize = 0, fd, created = 0;
struct stat st;
size_t passwordLen, signatures;
struct crypt_device *cd = NULL;
struct crypt_params_luks1 params1 = {
- .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
- .data_alignment = opt_align_payload,
- .data_device = opt_header_device ? action_argv[0] : NULL,
+ .hash = ARG_STR(OPT_HASH_ID) ?: DEFAULT_LUKS1_HASH,
+ .data_alignment = ARG_UINT32(OPT_ALIGN_PAYLOAD_ID),
+ .data_device = ARG_SET(OPT_HEADER_ID) ? action_argv[0] : NULL,
};
struct crypt_params_luks2 params2 = {
.data_alignment = params1.data_alignment,
.data_device = params1.data_device,
- .sector_size = opt_sector_size ?: SECTOR_SIZE,
- .label = opt_label,
- .subsystem = opt_subsystem
+ .sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID),
+ .label = ARG_STR(OPT_LABEL_ID),
+ .subsystem = ARG_STR(OPT_SUBSYSTEM_ID)
};
void *params;
if (!type)
type = crypt_get_default_type();
- if (!strcmp(type, CRYPT_LUKS2)) {
+ if (isLUKS2(type)) {
params = ¶ms2;
- } else if (!strcmp(type, CRYPT_LUKS1)) {
+ } else if (isLUKS1(type)) {
params = ¶ms1;
- if (opt_sector_size > SECTOR_SIZE) {
+ if (ARG_UINT32(OPT_SECTOR_SIZE_ID) > SECTOR_SIZE) {
log_err(_("Unsupported encryption sector size."));
return -EINVAL;
}
- if (opt_integrity) {
+ if (ARG_SET(OPT_INTEGRITY_ID)) {
log_err(_("Integrity option can be used only for LUKS2 format."));
return -EINVAL;
}
- if (opt_luks2_keyslots_size || opt_luks2_metadata_size) {
+ if (ARG_SET(OPT_LUKS2_KEYSLOTS_SIZE_ID) || ARG_SET(OPT_LUKS2_METADATA_SIZE_ID)) {
log_err(_("Unsupported LUKS2 metadata size options."));
return -EINVAL;
}
return -EINVAL;
/* Create header file (must contain at least one sector)? */
- if (opt_header_device && stat(opt_header_device, &st) < 0 && errno == ENOENT) {
- if (!opt_batch_mode &&
+ if (ARG_SET(OPT_HEADER_ID) && stat(ARG_STR(OPT_HEADER_ID), &st) < 0 && errno == ENOENT) {
+ if (!ARG_SET(OPT_BATCH_MODE_ID) &&
!yesDialog(_("Header file does not exist, do you want to create it?"),
_("Operation aborted.\n")))
return -EPERM;
log_dbg("Creating header file.");
/* coverity[toctou] */
- fd = open(opt_header_device, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
+ fd = open(ARG_STR(OPT_HEADER_ID), O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
if (fd == -1 || posix_fallocate(fd, 0, 4096))
- log_err(_("Cannot create header file %s."), opt_header_device);
+ log_err(_("Cannot create header file %s."), ARG_STR(OPT_HEADER_ID));
else {
r = 0;
created = 1;
return r;
}
- header_device = opt_header_device ?: action_argv[0];
+ header_device = ARG_STR(OPT_HEADER_ID) ?: action_argv[0];
- r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
+ r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID) ?: DEFAULT_CIPHER(LUKS1),
cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected."));
goto out;
}
- if (opt_integrity) {
- r = crypt_parse_integrity_mode(opt_integrity, integrity, &integrity_keysize);
+ if (ARG_SET(OPT_INTEGRITY_ID)) {
+ r = crypt_parse_integrity_mode(ARG_STR(OPT_INTEGRITY_ID), integrity, &integrity_keysize);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
goto out;
/* Never call pwquality if using null cipher */
if (crypt_is_cipher_null(cipher))
- opt_force_password = 1;
+ ARG_SET_TRUE(OPT_FORCE_PASSWORD_ID);
if ((r = crypt_init(&cd, header_device))) {
- if (opt_header_device)
+ if (ARG_SET(OPT_HEADER_ID))
log_err(_("Cannot use %s as on-disk header."), header_device);
return r;
}
- if (opt_luks2_keyslots_size || opt_luks2_metadata_size) {
- r = crypt_set_metadata_size(cd, opt_luks2_metadata_size, opt_luks2_keyslots_size);
+ if (ARG_SET(OPT_LUKS2_KEYSLOTS_SIZE_ID) || ARG_SET(OPT_LUKS2_METADATA_SIZE_ID)) {
+ r = crypt_set_metadata_size(cd, ARG_UINT64(OPT_LUKS2_METADATA_SIZE_ID), ARG_UINT64(OPT_LUKS2_KEYSLOTS_SIZE_ID));
if (r < 0) {
log_err(_("Unsupported LUKS2 metadata size options."));
goto out;
}
}
- if (opt_offset) {
- r = crypt_set_data_offset(cd, opt_offset);
+ if (ARG_SET(OPT_OFFSET_ID)) {
+ r = crypt_set_data_offset(cd, ARG_UINT64(OPT_OFFSET_ID));
if (r < 0)
goto out;
}
/* Print all present signatures in read-only mode */
- r = tools_detect_signatures(header_device, 0, &signatures);
+ r = tools_detect_signatures(header_device, PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID));
if (r < 0)
goto out;
- if (!created) {
+ if (!created && !ARG_SET(OPT_BATCH_MODE_ID)) {
r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device);
if (r == -1) {
r = -ENOMEM;
keysize = get_adjusted_key_size(cipher_mode, DEFAULT_LUKS1_KEYBITS, integrity_keysize);
- if (opt_random)
+ if (ARG_SET(OPT_USE_RANDOM_ID))
crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
- else if (opt_urandom)
+ else if (ARG_SET(OPT_USE_URANDOM_ID))
crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(1), 1, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
if (r < 0)
goto out;
- if (opt_master_key_file) {
- r = tools_read_mk(opt_master_key_file, &key, keysize);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
goto out;
}
}
/* Signature candidates found */
- if (signatures && ((r = tools_wipe_all_signatures(header_device)) < 0))
+ if (signatures && ((r = tools_wipe_all_signatures(header_device, true, false)) < 0))
goto out;
- if (opt_integrity_legacy_padding)
+ if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING);
r = crypt_format(cd, type, cipher, cipher_mode,
- opt_uuid, key, keysize, params);
+ ARG_STR(OPT_UUID_ID), key, keysize, params);
check_signal(&r);
if (r < 0)
goto out;
if (r < 0)
goto out;
- r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
+ r = crypt_keyslot_add_by_volume_key(cd, ARG_INT32(OPT_KEY_SLOT_ID),
key, keysize,
password, passwordLen);
if (r < 0) {
- (void) tools_wipe_all_signatures(header_device);
+ (void) tools_wipe_all_signatures(header_device, true, false);
goto out;
}
tools_keyslot_msg(r, CREATED);
- if (opt_integrity && !opt_integrity_no_wipe &&
+ if (ARG_SET(OPT_INTEGRITY_ID) && !ARG_SET(OPT_INTEGRITY_NO_WIPE_ID) &&
strcmp_or_null(params2.integrity, "none"))
r = _wipe_data_device(cd);
out:
static int action_luksFormat(void)
{
- return _luksFormat(NULL, NULL, NULL);
+ return luksFormat(NULL, NULL, NULL);
}
static int action_open_luks(void)
int r, keysize, tries;
char *password = NULL;
size_t passwordLen;
+ struct stat st;
- if (opt_refresh) {
+ if (ARG_SET(OPT_REFRESH_ID)) {
activated_name = action_argc > 1 ? action_argv[1] : action_argv[0];
- r = crypt_init_by_name_and_header(&cd, activated_name, opt_header_device);
+ r = crypt_init_by_name_and_header(&cd, activated_name, ARG_STR(OPT_HEADER_ID));
if (r)
goto out;
activate_flags |= CRYPT_ACTIVATE_REFRESH;
} else {
header_device = uuid_or_device_header(&data_device);
- activated_name = opt_test_passphrase ? NULL : action_argv[1];
+ activated_name = ARG_SET(OPT_TEST_PASSPHRASE_ID) ? NULL : action_argv[1];
if ((r = crypt_init_data_device(&cd, header_device, data_device)))
goto out;
goto out;
}
- if (!data_device && (crypt_get_data_offset(cd) < 8) && !opt_test_passphrase) {
+ if (!data_device && (crypt_get_data_offset(cd) < 8) && !ARG_SET(OPT_TEST_PASSPHRASE_ID)) {
log_err(_("Reduced data offset is allowed only for detached LUKS header."));
r = -EINVAL;
goto out;
}
+
+ if (activated_name && !stat(crypt_get_device_name(cd), &st) && S_ISREG(st.st_mode) &&
+ crypt_get_data_offset(cd) >= ((uint64_t)st.st_size / SECTOR_SIZE)) {
+ log_err(_("LUKS file container %s is too small for activation, there is no remaining space for data."),
+ crypt_get_device_name(cd));
+ r = -EINVAL;
+ goto out;
+ }
}
- _set_activation_flags(&activate_flags);
+ set_activation_flags(&activate_flags);
- if (opt_master_key_file) {
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
keysize = crypt_get_volume_key_size(cd);
- if (!keysize && !opt_key_size) {
+ if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) {
log_err(_("Cannot determine volume key size for LUKS without keyslots, please use --key-size option."));
r = -EINVAL;
goto out;
} else if (!keysize)
- keysize = opt_key_size / 8;
+ keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8;
- r = tools_read_mk(opt_master_key_file, &key, keysize);
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
goto out;
r = crypt_activate_by_volume_key(cd, activated_name,
key, keysize, activate_flags);
} else {
- r = crypt_activate_by_token(cd, activated_name, opt_token, NULL, activate_flags);
+ r = crypt_activate_by_token_pin(cd, activated_name, ARG_STR(OPT_TOKEN_TYPE_ID),
+ ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL, activate_flags);
tools_keyslot_msg(r, UNLOCKED);
- if (r >= 0 || opt_token_only)
+ tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false);
+
+ /* Token requires PIN. Ask if there is evident preference for tokens */
+ if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) ||
+ ARG_SET(OPT_TOKEN_ID_ID)))
+ r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), activated_name, ARG_STR(OPT_TOKEN_TYPE_ID), activate_flags, set_tries_tty(), true);
+
+ if (r >= 0 || r == -EEXIST || quit || ARG_SET(OPT_TOKEN_ONLY_ID))
goto out;
- tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
+ tries = set_tries_tty();
do {
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
r = crypt_activate_by_passphrase(cd, activated_name,
- opt_key_slot, password, passwordLen, activate_flags);
+ ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen, activate_flags);
tools_keyslot_msg(r, UNLOCKED);
tools_passphrase_msg(r);
check_signal(&r);
} while ((r == -EPERM || r == -ERANGE) && (--tries > 0));
}
out:
- if (r >= 0 && opt_persistent &&
+ if (r >= 0 && ARG_SET(OPT_PERSISTENT_ID) &&
(crypt_get_active_device(cd, activated_name, &cad) ||
crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, cad.flags & activate_flags)))
log_err(_("Device activated but cannot make flags persistent."));
size_t passwordLen;
int i, max, r;
- if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file &&
- msg_last && !yesDialog(msg_last, msg_fail))
+ if (ki == CRYPT_SLOT_ACTIVE_LAST && !ARG_SET(OPT_BATCH_MODE_ID) && !key_file &&
+ msg_last && !ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(msg_last, msg_fail))
return -EPERM;
r = tools_get_key(msg_pass, &password, &passwordLen,
- keyfile_offset, keyfile_size, key_file, opt_timeout,
- _verify_passphrase(0), 0, cd);
+ keyfile_offset, keyfile_size, key_file, ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, luksType(device_type), NULL))) {
log_err(_("Device %s is not a valid LUKS device."),
uuid_or_device_header(NULL));
goto out;
}
- ki = crypt_keyslot_status(cd, opt_key_slot);
+ ki = crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID));
switch (ki) {
case CRYPT_SLOT_ACTIVE_LAST:
case CRYPT_SLOT_ACTIVE:
case CRYPT_SLOT_UNBOUND:
- log_verbose(_("Keyslot %d is selected for deletion."), opt_key_slot);
+ log_verbose(_("Keyslot %d is selected for deletion."), ARG_INT32(OPT_KEY_SLOT_ID));
break;
case CRYPT_SLOT_INACTIVE:
- log_err(_("Keyslot %d is not active."), opt_key_slot);
+ log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
/* fall through */
case CRYPT_SLOT_INVALID:
r = -EINVAL;
goto out;
}
- if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) {
- r = verify_keyslot(cd, opt_key_slot, ki,
+ if (!ARG_SET(OPT_BATCH_MODE_ID) || ARG_SET(OPT_KEY_FILE_ID) || !isatty(STDIN_FILENO)) {
+ r = verify_keyslot(cd, ARG_INT32(OPT_KEY_SLOT_ID), ki,
_("This is the last keyslot. Device will become unusable after purging this key."),
_("Enter any remaining passphrase: "),
_("Operation aborted, the keyslot was NOT wiped.\n"),
- opt_key_file, opt_keyfile_offset, opt_keyfile_size);
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID));
tools_keyslot_msg(r, UNLOCKED);
- if (r == -EPIPE && (!opt_key_file || tools_is_stdin(opt_key_file))) {
+ if (r == -EPIPE && (!ARG_SET(OPT_KEY_FILE_ID) || tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)))) {
log_dbg("Failed read from input, ignoring passphrase.");
r = 0;
}
goto out;
}
- r = crypt_keyslot_destroy(cd, opt_key_slot);
- tools_keyslot_msg(opt_key_slot, REMOVED);
+ r = crypt_keyslot_destroy(cd, ARG_INT32(OPT_KEY_SLOT_ID));
+ tools_keyslot_msg(ARG_INT32(OPT_KEY_SLOT_ID), REMOVED);
out:
crypt_free(cd);
return r;
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, luksType(device_type), NULL))) {
log_err(_("Device %s is not a valid LUKS device."),
uuid_or_device_header(NULL));
r = tools_get_key(_("Enter passphrase to be deleted: "),
&password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout,
- _verify_passphrase(0), 0,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0,
cd);
if(r < 0)
goto out;
goto out;
tools_keyslot_msg(r, UNLOCKED);
- opt_key_slot = r;
- log_verbose(_("Keyslot %d is selected for deletion."), opt_key_slot);
+ ARG_SET_INT32(OPT_KEY_SLOT_ID, r);
+ log_verbose(_("Keyslot %d is selected for deletion."), ARG_INT32(OPT_KEY_SLOT_ID));
- if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
+ if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_ACTIVE_LAST &&
+ !ARG_SET(OPT_BATCH_MODE_ID) &&
!yesDialog(_("This is the last keyslot. "
- "Device will become unusable after purging this key."),
- _("Operation aborted, the keyslot was NOT wiped.\n"))) {
+ "Device will become unusable after purging this key."),
+ _("Operation aborted, the keyslot was NOT wiped.\n"))) {
r = -EPERM;
goto out;
}
- r = crypt_keyslot_destroy(cd, opt_key_slot);
- tools_keyslot_msg(opt_key_slot, REMOVED);
+ r = crypt_keyslot_destroy(cd, ARG_INT32(OPT_KEY_SLOT_ID));
+ tools_keyslot_msg(ARG_INT32(OPT_KEY_SLOT_ID), REMOVED);
out:
crypt_safe_free(password);
crypt_free(cd);
{
int r = -EINVAL, keysize = 0;
char *key = NULL;
- const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
+ const char *new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
char *password_new = NULL;
size_t password_new_size = 0;
struct crypt_device *cd = NULL;
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) {
- log_err(_("Device %s is not a valid LUKS device."),
+ log_err(_("Device %s is not a valid LUKS2 device."),
uuid_or_device_header(NULL));
goto out;
}
/* Never call pwquality if using null cipher */
if (crypt_is_cipher_null(crypt_get_cipher(cd)))
- opt_force_password = 1;
+ ARG_SET_TRUE(OPT_FORCE_PASSWORD_ID);
- keysize = opt_key_size / 8;
+ keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8;
r = set_pbkdf_params(cd, crypt_get_type(cd));
if (r) {
log_err(_("Failed to set pbkdf parameters."));
goto out;
}
- if (opt_master_key_file) {
- r = tools_read_mk(opt_master_key_file, &key, keysize);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
goto out;
r = tools_get_key(_("Enter new passphrase for key slot: "),
&password_new, &password_new_size,
- opt_new_keyfile_offset, opt_new_keyfile_size,
- opt_new_key_file, opt_timeout,
- _verify_passphrase(1), 1, cd);
+ ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID),
+ new_key_file, ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
if (r < 0)
goto out;
- r = crypt_keyslot_add_by_key(cd, opt_key_slot, key, keysize,
+ r = crypt_keyslot_add_by_key(cd, ARG_INT32(OPT_KEY_SLOT_ID), key, keysize,
password_new, password_new_size, CRYPT_VOLUME_KEY_NO_SEGMENT);
tools_keyslot_msg(r, CREATED);
out:
return r;
}
+static int _ask_for_pin(struct crypt_device *cd,
+ int token_id, char **r_pin, size_t *r_pin_size,
+ struct crypt_keyslot_context *kc)
+{
+ int r;
+ char msg[64];
+
+ assert(r_pin);
+ assert(r_pin_size);
+ assert(kc);
+ assert(token_id >= 0 || token_id == CRYPT_ANY_TOKEN);
+
+ if (crypt_keyslot_context_get_type(kc) != CRYPT_KC_TYPE_TOKEN)
+ return -EINVAL;
+
+ if (token_id == CRYPT_ANY_TOKEN)
+ r = snprintf(msg, sizeof(msg), _("Enter token PIN: "));
+ else
+ r = snprintf(msg, sizeof(msg), _("Enter token %d PIN: "), token_id);
+ if (r < 0 || (size_t)r >= sizeof(msg))
+ return -EINVAL;
+
+ r = tools_get_key(msg, r_pin, r_pin_size, 0, 0, NULL,
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
+ if (r < 0)
+ return r;
+
+ r = crypt_keyslot_context_set_pin(cd, *r_pin, *r_pin_size, kc);
+ if (r < 0) {
+ crypt_safe_free(*r_pin);
+ *r_pin = NULL;
+ *r_pin_size = 0;
+ }
+
+ return r;
+}
+
+static int try_keyslot_add(struct crypt_device *cd,
+ int keyslot_existing,
+ int keyslot_new,
+ struct crypt_keyslot_context *kc,
+ struct crypt_keyslot_context *kc_new,
+ bool pin_provided,
+ bool new_pin_provided)
+{
+ int r;
+
+ r = crypt_keyslot_add_by_keyslot_context(cd, keyslot_existing, kc, keyslot_new, kc_new, 0);
+ if (crypt_keyslot_context_get_type(kc) == CRYPT_KC_TYPE_TOKEN)
+ tools_token_error_msg(crypt_keyslot_context_get_error(kc), ARG_STR(OPT_TOKEN_TYPE_ID),
+ ARG_INT32(OPT_TOKEN_ID_ID), pin_provided);
+ if (crypt_keyslot_context_get_type(kc_new) == CRYPT_KC_TYPE_TOKEN)
+ tools_token_error_msg(crypt_keyslot_context_get_error(kc_new), NULL,
+ ARG_INT32(OPT_NEW_TOKEN_ID_ID), new_pin_provided);
+ return r;
+}
+
static int action_luksAddKey(void)
{
- int r = -EINVAL, keysize = 0;
- char *key = NULL;
- const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
- char *password = NULL, *password_new = NULL;
- size_t password_size = 0, password_new_size = 0;
+ int keyslot_old, keyslot_new, keysize = 0, r = -EINVAL;
+ const char *new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
+ char *key = NULL, *password = NULL, *password_new = NULL, *pin = NULL, *pin_new = NULL;
+ size_t pin_size, pin_size_new, password_size = 0, password_new_size = 0;
struct crypt_device *cd = NULL;
+ struct crypt_keyslot_context *p_kc_new = NULL, *kc = NULL, *kc_new = NULL;
/* Unbound keyslot (no assigned data segment) is special case */
- if (opt_unbound)
+ if (ARG_SET(OPT_UNBOUND_ID))
return luksAddUnboundKey();
+ /* maintain backward compatibility of luksAddKey action positional parameter */
+ if (!new_key_file)
+ new_key_file = ARG_STR(OPT_NEW_KEYFILE_ID);
+
+ keyslot_old = ARG_INT32(OPT_KEY_SLOT_ID);
+ keyslot_new = ARG_INT32(OPT_NEW_KEY_SLOT_ID);
+
+ /*
+ * maintain backward compatibility of --key-slot/-S as 'new keyslot number'
+ * unless --new-key-slot is used.
+ */
+ if (!ARG_SET(OPT_NEW_KEY_SLOT_ID) && ARG_SET(OPT_KEY_SLOT_ID)) {
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
+ log_std(_("WARNING: The --key-slot parameter is used for new keyslot number.\n"));
+ keyslot_old = CRYPT_ANY_SLOT;
+ keyslot_new = ARG_INT32(OPT_KEY_SLOT_ID);
+ }
+
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, luksType(device_type), NULL))) {
log_err(_("Device %s is not a valid LUKS device."),
uuid_or_device_header(NULL));
/* Never call pwquality if using null cipher */
if (crypt_is_cipher_null(crypt_get_cipher(cd)))
- opt_force_password = 1;
+ ARG_SET_TRUE(OPT_FORCE_PASSWORD_ID);
keysize = crypt_get_volume_key_size(cd);
r = set_pbkdf_params(cd, crypt_get_type(cd));
goto out;
}
- if (opt_master_key_file) {
- if (!keysize && !opt_key_size) {
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ if (!keysize && !ARG_SET(OPT_KEY_SIZE_ID)) {
log_err(_("Cannot determine volume key size for LUKS without keyslots, please use --key-size option."));
r = -EINVAL;
goto out;
} else if (!keysize)
- keysize = opt_key_size / 8;
+ keysize = ARG_UINT32(OPT_KEY_SIZE_ID) / 8;
- r = tools_read_mk(opt_master_key_file, &key, keysize);
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, keysize);
if (r < 0)
goto out;
r = crypt_volume_key_verify(cd, key, keysize);
+ if (r == -EPERM)
+ log_err(_("Volume key does not match the volume."));
check_signal(&r);
if (r < 0)
goto out;
-
- r = tools_get_key(_("Enter new passphrase for key slot: "),
- &password_new, &password_new_size,
- opt_new_keyfile_offset, opt_new_keyfile_size,
- opt_new_key_file, opt_timeout,
- _verify_passphrase(1), 1, cd);
- if (r < 0)
- goto out;
-
- r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize,
- password_new, password_new_size);
- } else if (opt_key_file && !tools_is_stdin(opt_key_file) &&
- opt_new_key_file && !tools_is_stdin(opt_new_key_file)) {
- r = crypt_keyslot_add_by_keyfile_device_offset(cd, opt_key_slot,
- opt_key_file, opt_keyfile_size, opt_keyfile_offset,
- opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
- tools_passphrase_msg(r);
+ r = crypt_keyslot_context_init_by_volume_key(cd, key, keysize, &kc);
+ } else if (ARG_SET(OPT_KEY_FILE_ID) && !tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)))
+ r = crypt_keyslot_context_init_by_keyfile(cd,
+ ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ &kc);
+ else if (ARG_SET(OPT_TOKEN_ID_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) || ARG_SET(OPT_TOKEN_ONLY_ID)) {
+ r = crypt_keyslot_context_init_by_token(cd,
+ ARG_INT32(OPT_TOKEN_ID_ID),
+ ARG_STR(OPT_TOKEN_TYPE_ID),
+ NULL, 0, NULL, &kc);
} else {
r = tools_get_key(_("Enter any existing passphrase: "),
&password, &password_size,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
goto out;
tools_keyslot_msg(r, UNLOCKED);
+ r = crypt_keyslot_context_init_by_passphrase(cd, password, password_size, &kc);
+ }
+
+ if (r < 0)
+ goto out;
+
+ if (new_key_file && !tools_is_stdin(new_key_file)) {
+ if (ARG_SET(OPT_KEY_FILE_ID) && !strcmp(ARG_STR(OPT_KEY_FILE_ID), new_key_file))
+ p_kc_new = kc;
+ else {
+ r = crypt_keyslot_context_init_by_keyfile(cd,
+ new_key_file,
+ ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID),
+ ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID),
+ &kc_new);
+ p_kc_new = kc_new;
+ }
+ } else if (ARG_SET(OPT_NEW_TOKEN_ID_ID)) {
+ if (ARG_INT32(OPT_NEW_TOKEN_ID_ID) == ARG_INT32(OPT_TOKEN_ID_ID))
+ p_kc_new = kc;
+ else {
+ r = crypt_keyslot_context_init_by_token(cd,
+ ARG_INT32(OPT_NEW_TOKEN_ID_ID),
+ NULL, NULL, 0, NULL, &kc_new);
+ p_kc_new = kc_new;
+ }
+ } else {
r = tools_get_key(_("Enter new passphrase for key slot: "),
- &password_new, &password_new_size,
- opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file,
- opt_timeout, _verify_passphrase(1), 1, cd);
+ &password_new, &password_new_size,
+ ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID), new_key_file,
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
+
+ if (r < 0)
+ goto out;
+ r = crypt_keyslot_context_init_by_passphrase(cd, password_new, password_new_size, &kc_new);
+ }
+
+ if (r < 0)
+ goto out;
+
+ if (!p_kc_new)
+ p_kc_new = kc_new;
+
+ r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new);
+ if (r >= 0 || r != -ENOANO)
+ goto out;
+
+ if (crypt_keyslot_context_get_error(kc) == -ENOANO) {
+ r = _ask_for_pin(cd, ARG_INT32(OPT_TOKEN_ID_ID), &pin, &pin_size, kc);
if (r < 0)
goto out;
- r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
- password, password_size,
- password_new, password_new_size);
+ r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new);
+ if (r >= 0 || r != -ENOANO)
+ goto out;
+ }
+
+ if (crypt_keyslot_context_get_error(p_kc_new) == -ENOANO) {
+ r = _ask_for_pin(cd, ARG_INT32(OPT_NEW_TOKEN_ID_ID), &pin_new, &pin_size_new, p_kc_new);
+ if (r < 0)
+ goto out;
+ r = try_keyslot_add(cd, keyslot_old, keyslot_new, kc, p_kc_new, pin, pin_new);
}
out:
tools_keyslot_msg(r, CREATED);
+ crypt_keyslot_context_free(kc);
+ crypt_keyslot_context_free(kc_new);
crypt_safe_free(password);
crypt_safe_free(password_new);
+ crypt_safe_free(pin);
+ crypt_safe_free(pin_new);
crypt_safe_free(key);
crypt_free(cd);
return r;
static int action_luksChangeKey(void)
{
- const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
+ const char *new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
struct crypt_device *cd = NULL;
char *password = NULL, *password_new = NULL;
size_t password_size = 0, password_new_size = 0;
/* Never call pwquality if using null cipher */
if (crypt_is_cipher_null(crypt_get_cipher(cd)))
- opt_force_password = 1;
+ ARG_SET_TRUE(OPT_FORCE_PASSWORD_ID);
r = set_pbkdf_params(cd, crypt_get_type(cd));
if (r) {
r = tools_get_key(_("Enter passphrase to be changed: "),
&password, &password_size,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
/* Check password before asking for new one */
- r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
+ r = crypt_activate_by_passphrase(cd, NULL, ARG_INT32(OPT_KEY_SLOT_ID),
password, password_size, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY);
tools_passphrase_msg(r);
check_signal(&r);
r = tools_get_key(_("Enter new passphrase: "),
&password_new, &password_new_size,
- opt_new_keyfile_offset, opt_new_keyfile_size,
- opt_new_key_file,
- opt_timeout, _verify_passphrase(1), 1, cd);
+ ARG_UINT64(OPT_NEW_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_NEW_KEYFILE_SIZE_ID),
+ new_key_file,
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(1), !ARG_SET(OPT_FORCE_PASSWORD_ID), cd);
if (r < 0)
goto out;
- r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
+ r = crypt_keyslot_change_by_passphrase(cd, ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID),
password, password_size, password_new, password_new_size);
tools_keyslot_msg(r, CREATED);
out:
goto out;
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) {
- log_err(_("Device %s is not a valid LUKS device."),
+ log_err(_("Device %s is not a valid LUKS2 device."),
uuid_or_device_header(NULL));
goto out;
}
if (r < 0)
goto out;
- if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_INACTIVE) {
+ if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_INACTIVE) {
r = -EINVAL;
- log_err(_("Keyslot %d is not active."), opt_key_slot);
+ log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
goto out;
}
r = tools_get_key(_("Enter passphrase for keyslot to be converted: "),
&password, &password_size,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
- r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
+ r = crypt_keyslot_change_by_passphrase(cd, ARG_INT32(OPT_KEY_SLOT_ID), ARG_INT32(OPT_KEY_SLOT_ID),
password, password_size, password, password_size);
tools_passphrase_msg(r);
tools_keyslot_msg(r, CREATED);
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_log_callback(cd, quiet_log, NULL);
+ crypt_set_log_callback(cd, quiet_log, &log_parms);
r = crypt_load(cd, luksType(device_type), NULL);
out:
crypt_free(cd);
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, _("Operation aborted.\n"));
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
+ crypt_set_confirm_callback(cd, yesDialog, _("Operation aborted.\n"));
if ((r = crypt_load(cd, luksType(device_type), NULL)))
goto out;
- if (opt_uuid)
- r = crypt_set_uuid(cd, opt_uuid);
+ if (ARG_SET(OPT_UUID_ID))
+ r = crypt_set_uuid(cd, ARG_STR(OPT_UUID_ID));
else {
existing_uuid = crypt_get_uuid(cd);
log_std("%s\n", existing_uuid ?: "");
char *vk = NULL, *password = NULL;
size_t passwordLen = 0;
size_t vk_size;
- unsigned i;
int r;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
- if (!yesDialog(
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(
_("The header dump with volume key is sensitive information\n"
"that allows access to encrypted partition without a passphrase.\n"
"This dump should be stored encrypted in a safe place."),
return -ENOMEM;
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, 0, 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd);
if (r < 0)
goto out;
goto out;
tools_keyslot_msg(r, UNLOCKED);
- if (opt_master_key_file) {
- r = tools_write_mk(opt_master_key_file, vk, vk_size);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_write_mk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), vk, vk_size);
if (r < 0)
goto out;
}
log_std("Payload offset:\t%d\n", (int)crypt_get_data_offset(cd));
log_std("UUID: \t%s\n", crypt_get_uuid(cd));
log_std("MK bits: \t%d\n", (int)vk_size * 8);
- if (opt_master_key_file) {
- log_std("Key stored to file %s.\n", opt_master_key_file);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ log_std("Key stored to file %s.\n", ARG_STR(OPT_VOLUME_KEY_FILE_ID));
goto out;
}
log_std("MK dump:\t");
-
- for(i = 0; i < vk_size; i++) {
- if (i && !(i % 16))
- log_std("\n\t\t");
- log_std("%02hhx ", (char)vk[i]);
- }
+ crypt_log_hex(NULL, vk, vk_size, " ", 16, "\n\t\t");
log_std("\n");
-
out:
crypt_safe_free(password);
crypt_safe_free(vk);
crypt_keyslot_info ki;
char *uk = NULL, *password = NULL;
size_t uk_size, passwordLen = 0;
- int i, r;
+ int r;
- ki = crypt_keyslot_status(cd, opt_key_slot);
+ ki = crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID));
if (ki != CRYPT_SLOT_UNBOUND) {
- log_err(_("Keyslot %d does not contain unbound key."), opt_key_slot);
+ log_err(_("Keyslot %d does not contain unbound key."), ARG_INT32(OPT_KEY_SLOT_ID));
return -EINVAL;
}
- crypt_set_confirm_callback(cd, yesDialog, NULL);
- if (!yesDialog(
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(
_("The header dump with unbound key is sensitive information.\n"
"This dump should be stored encrypted in a safe place."),
NULL))
return -EPERM;
- r = crypt_keyslot_get_key_size(cd, opt_key_slot);
+ r = crypt_keyslot_get_key_size(cd, ARG_INT32(OPT_KEY_SLOT_ID));
if (r < 0)
return -EINVAL;
uk_size = r;
return -ENOMEM;
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, 0, 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), 0, 0, cd);
if (r < 0)
goto out;
- r = crypt_volume_key_get(cd, opt_key_slot, uk, &uk_size,
+ r = crypt_volume_key_get(cd, ARG_INT32(OPT_KEY_SLOT_ID), uk, &uk_size,
password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r);
goto out;
tools_keyslot_msg(r, UNLOCKED);
- if (opt_master_key_file) {
- r = tools_write_mk(opt_master_key_file, uk, uk_size);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_write_mk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), uk, uk_size);
if (r < 0)
goto out;
}
log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
log_std("UUID: \t%s\n", crypt_get_uuid(cd));
- log_std("Keyslot: \t%d\n", opt_key_slot);
+ log_std("Keyslot: \t%d\n", ARG_INT32(OPT_KEY_SLOT_ID));
log_std("Key bits:\t%d\n", (int)uk_size * 8);
- if (opt_master_key_file) {
- log_std("Key stored to file %s.\n", opt_master_key_file);
+ if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ log_std("Key stored to file %s.\n", ARG_STR(OPT_VOLUME_KEY_FILE_ID));
goto out;
}
log_std("Unbound Key:\t");
-
- for(i = 0; i < (int)uk_size; i++) {
- if (i && !(i % 16))
- log_std("\n\t\t");
- log_std("%02hhx ", (char)uk[i]);
- }
+ crypt_log_hex(NULL, uk, uk_size, " ", 16, "\n\t\t");
log_std("\n");
out:
crypt_safe_free(password);
goto out;
}
- if (opt_dump_master_key)
+ if (ARG_SET(OPT_DUMP_VOLUME_KEY_ID))
r = luksDump_with_volume_key(cd);
- else if (opt_unbound)
+ else if (ARG_SET(OPT_UNBOUND_ID))
r = luksDump_with_unbound_key(cd);
+ else if (ARG_SET(OPT_DUMP_JSON_ID))
+ r = crypt_dump_json(cd, NULL, 0);
else
r = crypt_dump(cd);
out:
struct crypt_device *cd = NULL;
int r;
- r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device));
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(ARG_STR(OPT_HEADER_ID)));
if (!r) {
r = crypt_suspend(cd, action_argv[0]);
if (r == -ENODEV)
char *password = NULL;
size_t passwordLen;
int r, tries;
- const char *type, *req_type = luksType(device_type);
+ struct crypt_active_device cad;
+ const char *req_type = luksType(device_type);
- if (req_type && strcmp(req_type, CRYPT_LUKS1) && strcmp(req_type, CRYPT_LUKS2))
+ if (req_type && !isLUKS(req_type))
return -EINVAL;
- if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device))))
+ if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(ARG_STR(OPT_HEADER_ID)))))
return r;
r = -EINVAL;
- type = crypt_get_type(cd);
- if (!type || (strcmp(type, CRYPT_LUKS1) && strcmp(type, CRYPT_LUKS2))) {
+ if (!isLUKS(crypt_get_type(cd))) {
log_err(_("%s is not active LUKS device name or header is missing."), action_argv[0]);
goto out;
}
goto out;
}
- tries = (tools_is_stdin(opt_key_file) && isatty(STDIN_FILENO)) ? opt_tries : 1;
+ r = crypt_get_active_device(cd, action_argv[0], &cad);
+ if (r < 0)
+ goto out;
+
+ if (!(cad.flags & CRYPT_ACTIVATE_SUSPENDED)) {
+ log_err(_("Volume %s is not suspended."), action_argv[0]);
+ r = -EINVAL;
+ goto out;
+ }
+
+ /* try to resume LUKS2 device by token first */
+ r = crypt_resume_by_token_pin(cd, action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID),
+ ARG_INT32(OPT_TOKEN_ID_ID), NULL, 0, NULL);
+ tools_keyslot_msg(r, UNLOCKED);
+ tools_token_error_msg(r, ARG_STR(OPT_TOKEN_TYPE_ID), ARG_INT32(OPT_TOKEN_ID_ID), false);
+
+ /* Token requires PIN. Ask if there is evident preference for tokens */
+ if (r == -ENOANO && (ARG_SET(OPT_TOKEN_ONLY_ID) || ARG_SET(OPT_TOKEN_TYPE_ID) ||
+ ARG_SET(OPT_TOKEN_ID_ID)))
+ r = _try_token_pin_unlock(cd, ARG_INT32(OPT_TOKEN_ID_ID), action_argv[0], ARG_STR(OPT_TOKEN_TYPE_ID), 0, set_tries_tty(), false);
+
+ if (r >= 0 || quit || ARG_SET(OPT_TOKEN_ONLY_ID))
+ goto out;
+
+ tries = set_tries_tty();
do {
r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
if (r < 0)
goto out;
- r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
+ r = crypt_resume_by_passphrase(cd, action_argv[0], ARG_INT32(OPT_KEY_SLOT_ID),
password, passwordLen);
tools_passphrase_msg(r);
check_signal(&r);
struct crypt_device *cd = NULL;
int r;
- if (!opt_header_backup_file) {
+ if (!ARG_SET(OPT_HEADER_BACKUP_FILE_ID)) {
log_err(_("Option --header-backup-file is required."));
return -EINVAL;
}
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
- r = crypt_header_backup(cd, NULL, opt_header_backup_file);
+ r = crypt_header_backup(cd, NULL, ARG_STR(OPT_HEADER_BACKUP_FILE_ID));
out:
crypt_free(cd);
return r;
struct crypt_device *cd = NULL;
int r = 0;
- if (!opt_header_backup_file) {
+ if (!ARG_SET(OPT_HEADER_BACKUP_FILE_ID)) {
log_err(_("Option --header-backup-file is required."));
return -EINVAL;
}
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
- r = crypt_header_restore(cd, NULL, opt_header_backup_file);
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
+ crypt_set_confirm_callback(cd, yesDialog, NULL);
+ r = crypt_header_restore(cd, NULL, ARG_STR(OPT_HEADER_BACKUP_FILE_ID));
out:
crypt_free(cd);
return r;
else if (action_argc == 1)
name = action_argv[0];
- if (crypt_init_by_name_and_header(&cd, name, opt_header_device))
+ if (crypt_init_by_name_and_header(&cd, name, ARG_STR(OPT_HEADER_ID)))
return NULL;
type = crypt_get_type(cd);
static int action_open(void)
{
- if (opt_refresh && !device_type)
+ int r = -EINVAL;
+
+ if (ARG_SET(OPT_REFRESH_ID) && !device_type)
/* read device type from active mapping */
device_type = _get_device_type();
if (!strcmp(device_type, "luks") ||
!strcmp(device_type, "luks1") ||
!strcmp(device_type, "luks2")) {
- if (action_argc < 2 && (!opt_test_passphrase && !opt_refresh))
- goto args;
+ if (action_argc < 2 && (!ARG_SET(OPT_TEST_PASSPHRASE_ID) && !ARG_SET(OPT_REFRESH_ID)))
+ goto out;
return action_open_luks();
} else if (!strcmp(device_type, "plain")) {
- if (action_argc < 2 && !opt_refresh)
- goto args;
+ if (action_argc < 2 && !ARG_SET(OPT_REFRESH_ID))
+ goto out;
return action_open_plain();
} else if (!strcmp(device_type, "loopaes")) {
- if (action_argc < 2 && !opt_refresh)
- goto args;
+ if (action_argc < 2 && !ARG_SET(OPT_REFRESH_ID))
+ goto out;
return action_open_loopaes();
} else if (!strcmp(device_type, "tcrypt")) {
- if (action_argc < 2 && !opt_test_passphrase)
- goto args;
+ if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ goto out;
return action_open_tcrypt();
} else if (!strcmp(device_type, "bitlk")) {
- if (action_argc < 2 && !opt_test_passphrase)
- goto args;
+ if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ goto out;
return action_open_bitlk();
- }
+ } else if (!strcmp(device_type, "fvault2")) {
+ if (action_argc < 2 && !ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ goto out;
+ return action_open_fvault2();
+ } else
+ r = -ENOENT;
+out:
+ if (r == -ENOENT)
+ log_err(_("Unrecognized metadata device type %s."), device_type);
+ else
+ log_err(_("Command requires device and mapped name as arguments."));
- log_err(_("Unrecognized metadata device type %s."), device_type);
- return -EINVAL;
-args:
- log_err(_("Command requires device and mapped name as arguments."));
- return -EINVAL;
+ return r;
}
static int action_luksErase(void)
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
goto out;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, luksType(device_type), NULL))) {
log_err(_("Device %s is not a valid LUKS device."),
uuid_or_device_header(NULL));
goto out;
}
- if (!yesDialog(msg, _("Operation aborted, keyslots were NOT wiped.\n"))) {
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !yesDialog(msg, _("Operation aborted, keyslots were NOT wiped.\n"))) {
r = -EPERM;
goto out;
}
if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
return r;
- crypt_set_confirm_callback(cd, yesDialog, NULL);
-
if ((r = crypt_load(cd, CRYPT_LUKS, NULL)) ||
!(from_type = crypt_get_type(cd))) {
log_err(_("Device %s is not a valid LUKS device."),
return -EINVAL;
}
- if (asprintf(&msg, _("This operation will convert %s to %s format.\n"),
- uuid_or_device_header(NULL), to_type) == -1) {
- crypt_free(cd);
- return -ENOMEM;
+ r = 0;
+ if (!ARG_SET(OPT_BATCH_MODE_ID)) {
+ if (asprintf(&msg, _("This operation will convert %s to %s format.\n"),
+ uuid_or_device_header(NULL), to_type) == -1)
+ r = -ENOMEM;
+ else if (!yesDialog(msg, _("Operation aborted, device was NOT converted.\n")))
+ r = -EPERM;
}
- if (yesDialog(msg, _("Operation aborted, device was NOT converted.\n")))
- r = crypt_convert(cd, to_type, NULL);
- else
- r = -EPERM;
+ r = r ?: crypt_convert(cd, to_type, NULL);
free(msg);
crypt_free(cd);
crypt_keyslot_info cs;
crypt_keyslot_priority priority = CRYPT_SLOT_PRIORITY_INVALID;
- if (!strcmp("normal", opt_priority))
+ if (!strcmp("normal", ARG_STR(OPT_PRIORITY_ID)))
priority = CRYPT_SLOT_PRIORITY_NORMAL;
- else if (!strcmp("prefer", opt_priority))
+ else if (!strcmp("prefer", ARG_STR(OPT_PRIORITY_ID)))
priority = CRYPT_SLOT_PRIORITY_PREFER;
- else if (!strcmp("ignore", opt_priority))
+ else if (!strcmp("ignore", ARG_STR(OPT_PRIORITY_ID)))
priority = CRYPT_SLOT_PRIORITY_IGNORE;
- cs = crypt_keyslot_status(cd, opt_key_slot);
+ cs = crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID));
if (cs != CRYPT_SLOT_INVALID)
- return crypt_keyslot_set_priority(cd, opt_key_slot, priority);
-
+ return crypt_keyslot_set_priority(cd, ARG_INT32(OPT_KEY_SLOT_ID), priority);
return -EINVAL;
}
static int _config_labels(struct crypt_device *cd)
{
- return crypt_set_label(cd, opt_label, opt_subsystem);
+ return crypt_set_label(cd, ARG_STR(OPT_LABEL_ID), ARG_STR(OPT_SUBSYSTEM_ID));
}
static int action_luksConfig(void)
struct crypt_device *cd = NULL;
int r;
- if (!opt_priority && !opt_label && !opt_subsystem) {
+ if (!ARG_SET(OPT_PRIORITY_ID) && !ARG_SET(OPT_LABEL_ID) && !ARG_SET(OPT_SUBSYSTEM_ID)) {
log_err(_("Option --priority, --label or --subsystem is missing."));
return -EINVAL;
}
return r;
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) {
- log_err(_("Device %s is not a valid LUKS device."),
+ log_err(_("Device %s is not a valid LUKS2 device."),
uuid_or_device_header(NULL));
goto out;
}
- if (opt_priority && (r = _config_priority(cd)))
+ if (ARG_SET(OPT_PRIORITY_ID) && (r = _config_priority(cd)))
goto out;
- if ((opt_label || opt_subsystem) && (r = _config_labels(cd)))
+ if ((ARG_SET(OPT_LABEL_ID) || ARG_SET(OPT_SUBSYSTEM_ID)) && (r = _config_labels(cd)))
goto out;
out:
crypt_free(cd);
int r, token;
crypt_token_info token_info;
const struct crypt_token_params_luks2_keyring params = {
- .key_description = opt_key_description
+ .key_description = ARG_STR(OPT_KEY_DESCRIPTION_ID)
};
- if (opt_token != CRYPT_ANY_TOKEN) {
- token_info = crypt_token_status(cd, opt_token, NULL);
+ if (ARG_INT32(OPT_TOKEN_ID_ID) != CRYPT_ANY_TOKEN) {
+ token_info = crypt_token_status(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL);
if (token_info < CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d is invalid."), opt_token);
+ log_err(_("Token %d is invalid."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
- } else if (token_info > CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d in use."), opt_token);
+ } else if (token_info > CRYPT_TOKEN_INACTIVE && !ARG_SET(OPT_TOKEN_REPLACE_ID)) {
+ log_err(_("Token %d in use."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
}
}
- r = crypt_token_luks2_keyring_set(cd, opt_token, ¶ms);
+ if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_INACTIVE) {
+ log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
+ return -EINVAL;
+ }
+
+ r = crypt_token_luks2_keyring_set(cd, ARG_INT32(OPT_TOKEN_ID_ID), ¶ms);
if (r < 0) {
- log_err(_("Failed to add luks2-keyring token %d."), opt_token);
+ log_err(_("Failed to add luks2-keyring token %d."), ARG_INT32(OPT_TOKEN_ID_ID));
return r;
}
token = r;
- tools_token_msg(token, CREATED);
- r = crypt_token_assign_keyslot(cd, token, opt_key_slot);
+ if (ARG_SET(OPT_UNBOUND_ID))
+ return token;
+
+ r = crypt_token_assign_keyslot(cd, token, ARG_INT32(OPT_KEY_SLOT_ID));
if (r < 0) {
- log_err(_("Failed to assign token %d to keyslot %d."), token, opt_key_slot);
+ log_err(_("Failed to assign token %d to keyslot %d."), token, ARG_INT32(OPT_KEY_SLOT_ID));
(void) crypt_token_json_set(cd, token, NULL);
+ return r;
}
- return r;
+ return token;
}
static int _token_remove(struct crypt_device *cd)
{
crypt_token_info token_info;
- int r;
- token_info = crypt_token_status(cd, opt_token, NULL);
+ token_info = crypt_token_status(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL);
if (token_info < CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d is invalid."), opt_token);
+ log_err(_("Token %d is invalid."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
} else if (token_info == CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d is not in use."), opt_token);
+ log_err(_("Token %d is not in use."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
}
- r = crypt_token_json_set(cd, opt_token, NULL);
- tools_token_msg(r, REMOVED);
-
- return r;
+ return crypt_token_json_set(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL);
}
static int _token_import(struct crypt_device *cd)
crypt_token_info token_info;
int r, token;
- if (opt_token != CRYPT_ANY_TOKEN) {
- token_info = crypt_token_status(cd, opt_token, NULL);
+ if (ARG_INT32(OPT_TOKEN_ID_ID) != CRYPT_ANY_TOKEN) {
+ token_info = crypt_token_status(cd, ARG_INT32(OPT_TOKEN_ID_ID), NULL);
if (token_info < CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d is invalid."), opt_token);
+ log_err(_("Token %d is invalid."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
- } else if (token_info > CRYPT_TOKEN_INACTIVE) {
- log_err(_("Token %d in use."), opt_token);
+ } else if (token_info > CRYPT_TOKEN_INACTIVE && !ARG_SET(OPT_TOKEN_REPLACE_ID)) {
+ log_err(_("Token %d in use."), ARG_INT32(OPT_TOKEN_ID_ID));
return -EINVAL;
}
}
- r = tools_read_json_file(cd, opt_json_file, &json, &json_length);
+ if (crypt_keyslot_status(cd, ARG_INT32(OPT_KEY_SLOT_ID)) == CRYPT_SLOT_INACTIVE) {
+ log_err(_("Keyslot %d is not active."), ARG_INT32(OPT_KEY_SLOT_ID));
+ return -EINVAL;
+ }
+
+ r = tools_read_json_file(ARG_STR(OPT_JSON_FILE_ID), &json, &json_length, ARG_SET(OPT_BATCH_MODE_ID));
if (r)
return r;
- r = crypt_token_json_set(cd, opt_token, json);
+ r = crypt_token_json_set(cd, ARG_INT32(OPT_TOKEN_ID_ID), json);
free(json);
if (r < 0) {
log_err(_("Failed to import token from file."));
}
token = r;
- tools_token_msg(token, CREATED);
- if (opt_key_slot != CRYPT_ANY_SLOT) {
- r = crypt_token_assign_keyslot(cd, token, opt_key_slot);
+ if (ARG_INT32(OPT_KEY_SLOT_ID) != CRYPT_ANY_SLOT) {
+ r = crypt_token_assign_keyslot(cd, token, ARG_INT32(OPT_KEY_SLOT_ID));
if (r < 0) {
- log_err(_("Failed to assign token %d to keyslot %d."), token, opt_key_slot);
+ log_err(_("Failed to assign token %d to keyslot %d."), token, ARG_INT32(OPT_KEY_SLOT_ID));
(void) crypt_token_json_set(cd, token, NULL);
+ return r;
}
}
- return r;
+ return token;
}
static int _token_export(struct crypt_device *cd)
const char *json;
int r;
- r = crypt_token_json_get(cd, opt_token, &json);
+ r = crypt_token_json_get(cd, ARG_INT32(OPT_TOKEN_ID_ID), &json);
+ if (r < 0) {
+ log_err(_("Failed to get token %d for export."), ARG_INT32(OPT_TOKEN_ID_ID));
+ return r;
+ }
+
+ return tools_write_json_file(ARG_STR(OPT_JSON_FILE_ID), json);
+}
+
+static int _token_unassign(struct crypt_device *cd)
+{
+ int r = crypt_token_is_assigned(cd, ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID));
+
if (r < 0) {
- log_err(_("Failed to get token %d for export."), opt_token);
+ if (r == -ENOENT)
+ log_err(_("Token %d is not assigned to keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID));
+ else
+ log_err(_("Failed to unassign token %d from keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID));
+
return r;
}
- return tools_write_json_file(cd, opt_json_file, json);
+ r = crypt_token_unassign_keyslot(cd, ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID));
+ if (r < 0)
+ log_err(_("Failed to unassign token %d from keyslot %d."), ARG_INT32(OPT_TOKEN_ID_ID), ARG_INT32(OPT_KEY_SLOT_ID));
+
+ return r;
}
static int action_token(void)
{
int r;
struct crypt_device *cd = NULL;
- enum { ADD = 0, REMOVE, IMPORT, EXPORT } action;
-
- if (!strcmp(action_argv[0], "add")) {
- if (!opt_key_description) {
- log_err(_("--key-description parameter is mandatory for token add action."));
- return -EINVAL;
- }
- action = ADD;
- } else if (!strcmp(action_argv[0], "remove")) {
- if (opt_token == CRYPT_ANY_TOKEN) {
- log_err(_("Action requires specific token. Use --token-id parameter."));
- return -EINVAL;
- }
- action = REMOVE;
- } else if (!strcmp(action_argv[0], "import")) {
- action = IMPORT;
- } else if (!strcmp(action_argv[0], "export")) {
- if (opt_token == CRYPT_ANY_TOKEN) {
- log_err(_("Action requires specific token. Use --token-id parameter."));
- return -EINVAL;
- }
- action = EXPORT;
- } else {
- log_err(_("Invalid token operation %s."), action_argv[0]);
- return -EINVAL;
- }
- if ((r = crypt_init(&cd, uuid_or_device(opt_header_device ?: action_argv[1]))))
+ if ((r = crypt_init(&cd, uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[1]))))
return r;
if ((r = crypt_load(cd, CRYPT_LUKS2, NULL))) {
- log_err(_("Device %s is not a valid LUKS device."),
- uuid_or_device(opt_header_device ?: action_argv[1]));
+ log_err(_("Device %s is not a valid LUKS2 device."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[1]));
crypt_free(cd);
return r;
}
- if (action == ADD)
+ r = -EINVAL;
+
+ if (!strcmp(action_argv[0], "add")) {
r = _token_add(cd); /* adds only luks2-keyring type */
- else if (action == REMOVE)
+ tools_token_msg(r, CREATED);
+ } else if (!strcmp(action_argv[0], "remove")) {
r = _token_remove(cd);
- else if (action == IMPORT)
+ tools_token_msg(r, REMOVED);
+ } else if (!strcmp(action_argv[0], "import")) {
r = _token_import(cd);
- else if (action == EXPORT)
+ tools_token_msg(r, CREATED);
+ } else if (!strcmp(action_argv[0], "export"))
r = _token_export(cd);
- else {
- log_dbg("Internal token action error.");
- r = -EINVAL;
- }
+ else if (!strcmp(action_argv[0], "unassign"))
+ r = _token_unassign(cd);
crypt_free(cd);
return r;
}
-static int auto_detect_active_name(struct crypt_device *cd, const char *data_device, char *dm_name, size_t dm_name_len)
+static int action_reencrypt(void)
{
- int r;
-
- r = tools_lookup_crypt_device(cd, crypt_get_type(cd), data_device, dm_name, dm_name_len);
- if (r > 0)
- log_dbg("Device %s has %d active holders.", data_device, r);
-
- return r;
+ return reencrypt(action_argc, action_argv);
}
-static int _get_device_active_name(struct crypt_device *cd, const char *data_device, char *buffer, size_t buffer_size)
+static const char *verify_tcryptdump(void)
{
- char *msg;
- int r;
+ if ((ARG_SET(OPT_TCRYPT_HIDDEN_ID) || ARG_SET(OPT_TCRYPT_SYSTEM_ID) || ARG_SET(OPT_TCRYPT_BACKUP_ID)) && (!device_type || strcmp(device_type, "tcrypt")))
+ return _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device.");
- r = auto_detect_active_name(cd, action_argv[0], buffer, buffer_size);
- if (r > 0) {
- if (*buffer == '\0') {
- log_err(_("Device %s is still in use."), data_device);
- return -EINVAL;
- }
- if (!opt_batch_mode)
- log_std(_("Auto-detected active dm device '%s' for data device %s.\n"), buffer, data_device);
- }
- if (r < 0) {
- if (r == -ENOTBLK)
- log_std(_("Device %s is not a block device.\n"), data_device);
- else
- log_err(_("Failed to auto-detect device %s holders."), data_device);
+ if ((ARG_SET(OPT_VERACRYPT_ID) || ARG_SET(OPT_DISABLE_VERACRYPT_ID)) && (!device_type || strcmp(device_type, "tcrypt")))
+ return _("Option --veracrypt or --disable-veracrypt is supported only for TCRYPT device type.");
- r = asprintf(&msg, _("Unable to decide if device %s is activated or not.\n"
- "Are you sure you want to proceed with reencryption in offline mode?\n"
- "It may lead to data corruption if the device is actually activated.\n"
- "To run reencryption in online mode, use --active-name parameter instead.\n"), data_device);
- if (r < 0)
- return -ENOMEM;
- r = noDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
- free(msg);
+ if (ARG_SET(OPT_VERACRYPT_PIM_ID) && ARG_SET(OPT_DISABLE_VERACRYPT_ID))
+ return _("Option --veracrypt-pim is supported only for VeraCrypt compatible devices.");
+
+ if (ARG_SET(OPT_VERACRYPT_QUERY_PIM_ID)) {
+ if (ARG_SET(OPT_DISABLE_VERACRYPT_ID))
+ return _("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices.");
+ else if (ARG_SET(OPT_VERACRYPT_PIM_ID))
+ return _("The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive.");
}
- return r;
+ return NULL;
}
-static int action_reencrypt_load(struct crypt_device *cd)
+static const char * verify_open(void)
{
- int r;
- size_t passwordLen;
- char dm_name[PATH_MAX] = {}, *password = NULL;
- const char *active_name = NULL;
- struct crypt_params_reencrypt params = {
- .resilience = opt_resilience_mode ?: "checksum",
- .hash = opt_resilience_hash ?: "sha256",
- .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE,
- .device_size = opt_device_size / SECTOR_SIZE,
- .flags = CRYPT_REENCRYPT_RESUME_ONLY
- };
+ if (ARG_SET(OPT_PERSISTENT_ID) && ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ return _("Option --persistent is not allowed with --test-passphrase.");
- r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
- if (r < 0)
- return r;
-
- if (!opt_active_name) {
- r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name));
- if (r > 0)
- active_name = dm_name;
- if (r < 0) {
- crypt_safe_free(password);
- return -EINVAL;
- }
- } else
- active_name = opt_active_name;
-
- r = crypt_reencrypt_init_by_passphrase(cd, active_name, password, passwordLen, opt_key_slot, opt_key_slot, NULL, NULL, ¶ms);
-
- crypt_safe_free(password);
-
- return r;
-}
-
-static int action_encrypt_luks2(struct crypt_device **cd)
-{
- const char *type, *activated_name = NULL;
- int keyslot, r, fd;
- uuid_t uuid;
- size_t passwordLen;
- char *msg, uuid_str[37], header_file[PATH_MAX] = { 0 }, *password = NULL;
- uint32_t activate_flags = 0;
- const struct crypt_params_luks2 luks2_params = {
- .sector_size = opt_sector_size ?: SECTOR_SIZE
- };
- struct crypt_params_reencrypt params = {
- .mode = CRYPT_REENCRYPT_ENCRYPT,
- .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
- .resilience = opt_resilience_mode ?: "checksum",
- .hash = opt_resilience_hash ?: "sha256",
- .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE,
- .device_size = opt_device_size / SECTOR_SIZE,
- .luks2 = &luks2_params,
- .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY
- };
-
- _set_reencryption_flags(¶ms.flags);
-
- type = luksType(device_type);
- if (!type)
- type = crypt_get_default_type();
-
- if (strcmp(type, CRYPT_LUKS2)) {
- log_err(_("Invalid LUKS device type."));
- return -EINVAL;
- }
+ if (ARG_SET(OPT_REFRESH_ID) && ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ return _("Options --refresh and --test-passphrase are mutually exclusive.");
- if (!opt_data_shift && !opt_header_device) {
- log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."));
- return -ENOTSUP;
- }
-
- if (!opt_header_device && opt_offset && opt_data_shift && (opt_offset > (imaxabs(opt_data_shift) / (2 * SECTOR_SIZE)))) {
- log_err(_("Requested data offset must be less than or equal to half of --reduce-device-size parameter."));
- return -EINVAL;
- }
-
- /* TODO: ask user to confirm. It's useless to do data device reduction and than use smaller value */
- if (!opt_header_device && opt_offset && opt_data_shift && (opt_offset < (imaxabs(opt_data_shift) / (2 * SECTOR_SIZE)))) {
- opt_data_shift = -(opt_offset * 2 * SECTOR_SIZE);
- if (opt_data_shift >= 0)
- return -EINVAL;
- log_std(_("Adjusting --reduce-device-size value to twice the --offset %" PRIu64 " (sectors).\n"), opt_offset * 2);
- }
-
- if (strncmp(type, CRYPT_LUKS2, strlen(CRYPT_LUKS2))) {
- log_err(_("Encryption is supported only for LUKS2 format."));
- return -EINVAL;
- }
-
- if (opt_uuid && uuid_parse(opt_uuid, uuid) == -1) {
- log_err(_("Wrong LUKS UUID format provided."));
- return -EINVAL;
- }
-
- if (!opt_uuid) {
- uuid_generate(uuid);
- uuid_unparse(uuid, uuid_str);
- if (!(opt_uuid = strdup(uuid_str)))
- return -ENOMEM;
- }
-
- /* Check the data device is not LUKS device already */
- if ((r = crypt_init(cd, action_argv[0])))
- return r;
- r = crypt_load(*cd, CRYPT_LUKS, NULL);
- crypt_free(*cd);
- *cd = NULL;
- if (!r) {
- r = asprintf(&msg, _("Detected LUKS device on %s. Do you want to encrypt that LUKS device again?"), action_argv[0]);
- if (r == -1)
- return -ENOMEM;
-
- r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
- free(msg);
- if (r < 0)
- return r;
- }
-
- if (!opt_header_device) {
- r = snprintf(header_file, sizeof(header_file), "LUKS2-temp-%s.new", opt_uuid);
- if (r < 0 || (size_t)r >= sizeof(header_file))
- return -EINVAL;
-
- fd = open(header_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
- if (fd == -1) {
- if (errno == EEXIST)
- log_err(_("Temporary header file %s already exists. Aborting."), header_file);
- else
- log_err(_("Cannot create temporary header file %s."), header_file);
- return -EINVAL;
- }
+ if (ARG_SET(OPT_SHARED_ID) && strcmp_or_null(device_type, "plain"))
+ return _("Option --shared is allowed only for open of plain device.");
- r = posix_fallocate(fd, 0, 4096);
- close(fd);
- if (r) {
- log_err(_("Cannot create temporary header file %s."), header_file);
- r = -EINVAL;
- goto err;
- }
+ if (ARG_SET(OPT_SKIP_ID) && strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes"))
+ return _("Option --skip is supported only for open of plain and loopaes devices.");
- if (!(opt_header_device = strdup(header_file))) {
- r = -ENOMEM;
- goto err;
- }
- /*
- * FIXME: just override offset here, but we should support both.
- * offset and implicit offset via data shift (lvprepend?)
- */
- if (!opt_offset)
- opt_offset = imaxabs(opt_data_shift) / (2 * SECTOR_SIZE);
- opt_data_shift >>= 1;
- params.flags |= CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
- } else if (opt_data_shift < 0) {
- if (!opt_luks2_metadata_size)
- opt_luks2_metadata_size = 0x4000; /* missing default here */
- if (!opt_luks2_keyslots_size)
- opt_luks2_keyslots_size = -opt_data_shift - 2 * opt_luks2_metadata_size;
-
- if (2 * opt_luks2_metadata_size + opt_luks2_keyslots_size > (uint64_t)-opt_data_shift) {
- log_err("LUKS2 metadata size is larger than data shift value.");
- return -EINVAL;
- }
- }
+ if (ARG_SET(OPT_OFFSET_ID) && strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes"))
+ return _("Option --offset with open action is only supported for plain and loopaes devices.");
- r = _luksFormat(cd, &password, &passwordLen);
- if (r < 0)
- goto err;
+ if (ARG_SET(OPT_TCRYPT_HIDDEN_ID) && ARG_SET(OPT_ALLOW_DISCARDS_ID))
+ return _("Option --tcrypt-hidden cannot be combined with --allow-discards.");
- if (opt_data_shift) {
- params.data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE,
- params.resilience = "datashift";
- }
- keyslot = opt_key_slot < 0 ? 0 : opt_key_slot;
- r = crypt_reencrypt_init_by_passphrase(*cd, NULL, password, passwordLen,
- CRYPT_ANY_SLOT, keyslot, crypt_get_cipher(*cd),
- crypt_get_cipher_mode(*cd), ¶ms);
- if (r < 0) {
- crypt_keyslot_destroy(*cd, keyslot);
- goto err;
- }
+ if (ARG_SET(OPT_SECTOR_SIZE_ID) &&
+ (!device_type || strcmp(device_type, "plain")))
+ return _("Sector size option with open action is supported only for plain devices.");
- /* Restore temporary header in head of data device */
- if (*header_file) {
- crypt_free(*cd);
- *cd = NULL;
+ if (ARG_SET(OPT_IV_LARGE_SECTORS_ID) && (!device_type || strcmp(device_type, "plain") ||
+ ARG_UINT32(OPT_SECTOR_SIZE_ID) <= SECTOR_SIZE))
+ return _("Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes.");
- r = crypt_init(cd, action_argv[0]);
- if (!r)
- r = crypt_header_restore(*cd, CRYPT_LUKS2, header_file);
+ if (ARG_SET(OPT_TEST_PASSPHRASE_ID) && (!device_type ||
+ (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") &&
+ strcmp(device_type, "bitlk") && strcmp(device_type, "fvault2"))))
+ return _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT, BITLK and FVAULT2 devices.");
- if (r) {
- log_err("Failed to place new header at head of device %s.", action_argv[0]);
- goto err;
- }
- }
+ if (ARG_SET(OPT_DEVICE_SIZE_ID) && ARG_SET(OPT_SIZE_ID))
+ return _("Options --device-size and --size cannot be combined.");
- /* activate device */
- if (action_argc > 1) {
- activated_name = action_argv[1];
- _set_activation_flags(&activate_flags);
- r = crypt_activate_by_passphrase(*cd, activated_name, opt_key_slot, password, passwordLen, activate_flags);
- if (r >= 0)
- log_std(_("%s/%s is now active and ready for online encryption.\n"), crypt_get_dir(), activated_name);
- }
+ if (ARG_SET(OPT_UNBOUND_ID) && device_type && strncmp(device_type, "luks", 4))
+ return _("Option --unbound is allowed only for open of luks device.");
- if (r < 0)
- goto err;
+ if (ARG_SET(OPT_UNBOUND_ID) && !ARG_SET(OPT_TEST_PASSPHRASE_ID))
+ return _("Option --unbound cannot be used without --test-passphrase.");
- /* just load reencryption context to continue reencryption */
- if (!opt_reencrypt_init_only) {
- params.flags &= ~CRYPT_REENCRYPT_INITIALIZE_ONLY;
- r = crypt_reencrypt_init_by_passphrase(*cd, activated_name, password, passwordLen,
- CRYPT_ANY_SLOT, keyslot, NULL, NULL, ¶ms);
- }
-err:
- crypt_safe_free(password);
- if (*header_file)
- unlink(header_file);
- return r;
+ /* "open --type tcrypt" and "tcryptDump" checks are identical */
+ return verify_tcryptdump();
}
-static int action_decrypt_luks2(struct crypt_device *cd)
+static const char *verify_close(void)
{
- int r;
- char dm_name[PATH_MAX], *password = NULL;
- const char *active_name = NULL;
- struct crypt_params_reencrypt params = {
- .mode = CRYPT_REENCRYPT_DECRYPT,
- .direction = opt_data_shift > 0 ? CRYPT_REENCRYPT_FORWARD : CRYPT_REENCRYPT_BACKWARD,
- .resilience = opt_data_shift ? "datashift" : (opt_resilience_mode ?: "checksum"),
- .hash = opt_resilience_hash ?: "sha256",
- .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE,
- .device_size = opt_device_size / SECTOR_SIZE,
- .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE,
- };
- size_t passwordLen;
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID) && ARG_SET(OPT_DEFERRED_ID))
+ return _("Options --cancel-deferred and --deferred cannot be used at the same time.");
- if (!crypt_get_metadata_device_name(cd) || !crypt_get_device_name(cd) ||
- !strcmp(crypt_get_metadata_device_name(cd), crypt_get_device_name(cd))) {
- log_err(_("LUKS2 decryption is supported with detached header device only."));
- return -ENOTSUP;
- }
-
- _set_reencryption_flags(¶ms.flags);
-
- r = tools_get_key(NULL, &password, &passwordLen,
- opt_keyfile_offset, opt_keyfile_size, opt_key_file,
- opt_timeout, _verify_passphrase(0), 0, cd);
- if (r < 0)
- return r;
-
- if (!opt_active_name) {
- r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name));
- if (r > 0)
- active_name = dm_name;
- if (r < 0)
- goto err;
- } else
- active_name = opt_active_name;
-
- if (!active_name)
- log_dbg("Device %s seems unused. Proceeding with offline operation.", action_argv[0]);
-
- r = crypt_reencrypt_init_by_passphrase(cd, active_name, password,
- passwordLen, opt_key_slot, CRYPT_ANY_SLOT, NULL, NULL, ¶ms);
-err:
- crypt_safe_free(password);
- return r;
+ return NULL;
}
-struct keyslot_passwords {
- char *password;
- size_t passwordLen;
- int new;
-};
-
-static struct keyslot_passwords *init_keyslot_passwords(size_t count)
+static const char *verify_resize(void)
{
- size_t i;
- struct keyslot_passwords *tmp = calloc(count, sizeof(struct keyslot_passwords));
-
- if (!tmp)
- return tmp;
-
- for (i = 0; i < count; i++)
- tmp[i].new = -1;
+ if (ARG_SET(OPT_DEVICE_SIZE_ID) && ARG_SET(OPT_SIZE_ID))
+ return _("Options --device-size and --size cannot be combined.");
- return tmp;
+ return NULL;
}
-static int init_passphrase(struct keyslot_passwords *kp, size_t keyslot_passwords_length,
- struct crypt_device *cd, const char *msg, int slot_to_check)
+static const char *verify_reencrypt(void)
{
- crypt_keyslot_info ki;
- char *password;
- int r = -EINVAL, retry_count;
- size_t passwordLen;
+ if (ARG_SET(OPT_REDUCE_DEVICE_SIZE_ID) && ARG_SET(OPT_DEVICE_SIZE_ID))
+ return _("Options --reduce-device-size and --data-size cannot be combined.");
- if (slot_to_check != CRYPT_ANY_SLOT) {
- ki = crypt_keyslot_status(cd, slot_to_check);
- if (ki < CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_UNBOUND)
- return -ENOENT;
- }
+ if (isLUKS1(luksType(device_type)) && ARG_SET(OPT_ACTIVE_NAME_ID))
+ return _("Option --active-name can be set only for LUKS2 device.");
- retry_count = (opt_tries && !opt_key_file) ? opt_tries : 1;
- while (retry_count--) {
- r = tools_get_key(msg, &password, &passwordLen, 0, 0,
- opt_key_file, 0, 0, 0 /*pwquality*/, cd);
- if (r < 0)
- return r;
- if (quit) {
- crypt_safe_free(password);
- password = NULL;
- passwordLen = 0;
- return -EAGAIN;
- }
+ if (ARG_SET(OPT_ACTIVE_NAME_ID) && ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID))
+ return _("Options --active-name and --force-offline-reencrypt cannot be combined.");
- r = crypt_activate_by_passphrase(cd, NULL, slot_to_check,
- password, passwordLen, 0);
- if (r < 0) {
- crypt_safe_free(password);
- password = NULL;
- passwordLen = 0;
- }
- if (r < 0 && r != -EPERM)
- return r;
-
- if (r >= 0) {
- tools_keyslot_msg(r, UNLOCKED);
- if ((size_t)r >= keyslot_passwords_length) {
- crypt_safe_free(password);
- return -EINVAL;
- }
- kp[r].password = password;
- kp[r].passwordLen = passwordLen;
- break;
- }
- tools_passphrase_msg(r);
- }
-
- password = NULL;
- passwordLen = 0;
-
- return r;
+ return NULL;
}
-static int _check_luks2_keyslots(struct crypt_device *cd)
+static const char *verify_config(void)
{
- int i, max = crypt_keyslot_max(CRYPT_LUKS2), active = 0, unbound = 0;
-
- if (max < 0)
- return max;
-
- for (i = 0; i < max; i++) {
- switch (crypt_keyslot_status(cd, i)) {
- case CRYPT_SLOT_INVALID:
- return -EINVAL;
- case CRYPT_SLOT_ACTIVE:
- /* fall-through */
- case CRYPT_SLOT_ACTIVE_LAST:
- active++;
- break;
- case CRYPT_SLOT_UNBOUND:
- unbound++;
- /* fall-through */
- default:
- break;
- }
- }
-
- /* at least one keyslot for reencryption plus new volume key */
- if (active + unbound > max - 2) {
- log_err(_("Not enough free keyslots for reencryption."));
- return -EINVAL;
- }
-
- if ((opt_key_slot == CRYPT_ANY_SLOT) &&
- (2 * active + unbound > max - 1)) {
- log_err(_("Not enough free keyslots for reencryption."));
- return -EINVAL;
- }
+ if (ARG_SET(OPT_PRIORITY_ID) && ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT)
+ return _("Keyslot specification is required.");
- return 0;
+ return NULL;
}
-static int fill_keyslot_passwords(struct crypt_device *cd,
- struct keyslot_passwords *kp, size_t kp_size)
+static const char *verify_format(void)
{
- char msg[128];
- crypt_keyslot_info ki;
- int i, r = 0;
+ if (ARG_SET(OPT_ALIGN_PAYLOAD_ID) && ARG_SET(OPT_OFFSET_ID))
+ return _("Options --align-payload and --offset cannot be combined.");
- if (opt_key_slot == CRYPT_ANY_SLOT && opt_key_file) {
- for (i = 0; (size_t)i < kp_size; i++) {
- ki = crypt_keyslot_status(cd, i);
- if (ki == CRYPT_SLOT_INVALID)
- return -EINVAL;
- if (ki == CRYPT_SLOT_ACTIVE) {
- log_err(_("Key file can be used only with --key-slot or with "
- "exactly one key slot active."));
- return -EINVAL;
- }
- }
- }
+ if (ARG_SET(OPT_INTEGRITY_NO_WIPE_ID) && !ARG_SET(OPT_INTEGRITY_ID))
+ return _("Option --integrity-no-wipe can be used only for format action with integrity extension.");
- if (opt_key_slot == CRYPT_ANY_SLOT) {
- for (i = 0; (size_t)i < kp_size; i++) {
- if (snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %d: "), i) < 0)
- return -EINVAL;
- r = init_passphrase(kp, kp_size, cd, msg, i);
- if (r == -ENOENT)
- r = 0;
- if (r < 0)
- break;
- }
- } else {
- if (snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), opt_key_slot) < 0)
- return -EINVAL;
- r = init_passphrase(kp, kp_size, cd, msg, opt_key_slot);
- }
+ if (ARG_SET(OPT_USE_RANDOM_ID) && ARG_SET(OPT_USE_URANDOM_ID))
+ return _("Only one of --use-[u]random options is allowed.");
- return r < 0 ? r : 0;
+ return NULL;
}
-static int assign_tokens(struct crypt_device *cd, int keyslot_old, int keyslot_new)
+static const char *verify_addkey(void)
{
- int token = 0, r = crypt_token_is_assigned(cd, token, keyslot_old);
-
- while (r != -EINVAL) {
- if (!r && (token != crypt_token_assign_keyslot(cd, token, keyslot_new)))
- return -EINVAL;
- token++;
- r = crypt_token_is_assigned(cd, token, keyslot_old);
- }
+ if (ARG_SET(OPT_UNBOUND_ID) && !ARG_UINT32(OPT_KEY_SIZE_ID))
+ return _("Key size is required with --unbound option.");
- /* we reached max token number, exit */
- return 0;
+ return NULL;
}
-static int action_reencrypt_luks2(struct crypt_device *cd)
+static const char *verify_luksDump(void)
{
- size_t i, vk_size, kp_size;
- int r, keyslot_old = CRYPT_ANY_SLOT, keyslot_new = CRYPT_ANY_SLOT, key_size;
- char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk = NULL;
- const char *active_name = NULL;
- struct keyslot_passwords *kp;
- struct crypt_params_luks2 luks2_params = {};
- struct crypt_params_reencrypt params = {
- .mode = CRYPT_REENCRYPT_REENCRYPT,
- .direction = opt_data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
- .resilience = opt_data_shift ? "datashift" : (opt_resilience_mode ?: "checksum"),
- .hash = opt_resilience_hash ?: "sha256",
- .data_shift = imaxabs(opt_data_shift) / SECTOR_SIZE,
- .max_hotzone_size = opt_hotzone_size / SECTOR_SIZE,
- .device_size = opt_device_size / SECTOR_SIZE,
- .luks2 = &luks2_params,
- };
-
- _set_reencryption_flags(¶ms.flags);
-
- if (!opt_cipher && crypt_is_cipher_null(crypt_get_cipher(cd))) {
- opt_cipher = strdup(DEFAULT_CIPHER(LUKS1));
- log_std(_("Switching data encryption cipher to %s.\n"), opt_cipher);
- }
-
- if (!opt_cipher) {
- strncpy(cipher, crypt_get_cipher(cd), MAX_CIPHER_LEN - 1);
- strncpy(mode, crypt_get_cipher_mode(cd), MAX_CIPHER_LEN - 1);
- cipher[MAX_CIPHER_LEN-1] = '\0';
- mode[MAX_CIPHER_LEN-1] = '\0';
- } else if ((r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, mode))) {
- log_err(_("No known cipher specification pattern detected."));
- return r;
- }
-
- luks2_params.sector_size = opt_sector_size ?: crypt_get_sector_size(cd);
-
- r = _check_luks2_keyslots(cd);
- if (r)
- return r;
+ if (ARG_SET(OPT_UNBOUND_ID) && ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT)
+ return _("Keyslot specification is required.");
- if (opt_key_size || opt_cipher)
- key_size = get_adjusted_key_size(mode, DEFAULT_LUKS1_KEYBITS, 0);
- else
- key_size = crypt_get_volume_key_size(cd);
-
- if (!key_size)
- return -EINVAL;
- vk_size = key_size;
-
- r = crypt_keyslot_max(CRYPT_LUKS2);
- if (r < 0)
- return r;
- kp_size = r;
- kp = init_keyslot_passwords(kp_size);
-
- if (!kp)
- return -ENOMEM;
-
- r = fill_keyslot_passwords(cd, kp, kp_size);
- if (r)
- goto err;
-
- if (opt_master_key_file) {
- r = tools_read_mk(opt_master_key_file, &vk, key_size);
-
- if (r < 0)
- goto err;
- }
-
- r = -ENOENT;
-
- for (i = 0; i < kp_size; i++) {
- if (kp[i].password && keyslot_new < 0) {
- r = set_keyslot_params(cd, i);
- if (r < 0)
- break;
- r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
- kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT);
- tools_keyslot_msg(r, CREATED);
- if (r < 0)
- break;
-
- kp[i].new = r;
- keyslot_new = r;
- keyslot_old = i;
- if (!vk) {
- /* key generated in crypt_keyslot_add_by_key() call above */
- vk = crypt_safe_alloc(key_size);
- if (!vk) {
- r = -ENOMEM;
- break;
- }
- r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
- if (r < 0)
- break;
- }
- r = assign_tokens(cd, i, r);
- if (r < 0)
- break;
- } else if (kp[i].password) {
- r = set_keyslot_params(cd, i);
- if (r < 0)
- break;
- r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
- kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE);
- tools_keyslot_msg(r, CREATED);
- if (r < 0)
- break;
- kp[i].new = r;
- r = assign_tokens(cd, i, r);
- if (r < 0)
- break;
- }
- }
-
- if (r < 0)
- goto err;
-
- if (!opt_active_name && !opt_reencrypt_init_only) {
- r = _get_device_active_name(cd, action_argv[0], dm_name, sizeof(dm_name));
- if (r > 0)
- active_name = dm_name;
- if (r < 0)
- goto err;
- } else if (opt_active_name)
- active_name = opt_active_name;
-
- if (!active_name && !opt_reencrypt_init_only)
- log_dbg("Device %s seems unused. Proceeding with offline operation.", action_argv[0]);
-
- r = crypt_reencrypt_init_by_passphrase(cd, active_name, kp[keyslot_old].password,
- kp[keyslot_old].passwordLen, keyslot_old, kp[keyslot_old].new,
- cipher, mode, ¶ms);
-err:
- crypt_safe_free(vk);
- for (i = 0; i < kp_size; i++) {
- crypt_safe_free(kp[i].password);
- if (r < 0 && kp[i].new >= 0 &&
- crypt_reencrypt_status(cd, NULL) == CRYPT_REENCRYPT_NONE &&
- crypt_keyslot_destroy(cd, kp[i].new))
- log_dbg("Failed to remove keyslot %d with unbound key.", kp[i].new);
- }
- free(kp);
- return r;
+ return NULL;
}
-static int action_reencrypt(void)
+static const char *verify_token(void)
{
- uint32_t flags;
- struct crypt_device *cd = NULL;
- struct crypt_params_integrity ip = { 0 };
- int r = 0;
+ if (strcmp(action_argv[0], "add") &&
+ strcmp(action_argv[0], "remove") &&
+ strcmp(action_argv[0], "import") &&
+ strcmp(action_argv[0], "export") &&
+ strcmp(action_argv[0], "unassign"))
+ return _("Invalid token action.");
- if (action_argc < 1 && (!opt_active_name || opt_encrypt)) {
- log_err(_("Command requires device as argument."));
- return -EINVAL;
- }
-
- if (!opt_encrypt || opt_reencrypt_resume_only) {
- if (opt_active_name) {
- r = crypt_init_by_name_and_header(&cd, opt_active_name, opt_header_device);
- if (r || !crypt_get_type(cd) || strcmp(crypt_get_type(cd), CRYPT_LUKS2)) {
- log_err(_("Device %s is not a valid LUKS device."), opt_active_name);
- r = -EINVAL;
- goto out;
- }
- } else {
- if ((r = crypt_init_data_device(&cd, uuid_or_device(opt_header_device ?: action_argv[0]), action_argv[0])))
- return r;
+ if (!ARG_SET(OPT_KEY_DESCRIPTION_ID) && !strcmp(action_argv[0], "add"))
+ return _("--key-description parameter is mandatory for token add action.");
- if ((r = crypt_load(cd, CRYPT_LUKS, NULL))) {
- log_err(_("Device %s is not a valid LUKS device."),
- uuid_or_device(opt_header_device ?: action_argv[0]));
- goto out;
- }
- if (strcmp(crypt_get_type(cd), CRYPT_LUKS2)) {
- log_err(_("Only LUKS2 format is currently supported. Please use cryptsetup-reencrypt tool for LUKS1."));
- r = -EINVAL;
- goto out;
- }
- }
+ if (ARG_INT32(OPT_TOKEN_ID_ID) == CRYPT_ANY_TOKEN &&
+ (!strcmp(action_argv[0], "remove") || !strcmp(action_argv[0], "export")))
+ return _("Action requires specific token. Use --token-id parameter.");
- if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags)) {
- r = -EINVAL;
- goto out;
- }
-
- if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
- log_err(_("Legacy offline reencryption already in-progress. Use cryptsetup-reencrypt utility."));
- r = -EINVAL;
- goto out;
- }
-
- if (flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT)
- r = -EBUSY;
-
- /* raw integrity info is available since 2.0 */
- if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) {
- log_err(_("Reencryption of device with integrity profile is not supported."));
- r = -ENOTSUP;
- goto out;
- }
+ if (ARG_SET(OPT_UNBOUND_ID)) {
+ if (strcmp(action_argv[0], "add"))
+ return _("Option --unbound is valid only with token add action.");
+ if (ARG_SET(OPT_KEY_SLOT_ID))
+ return _("Options --key-slot and --unbound cannot be combined.");
}
- if (r == -EBUSY) {
- if (opt_reencrypt_init_only)
- log_err(_("LUKS2 reencryption already initialized. Aborting operation."));
- else
- r = action_reencrypt_load(cd);
- } else if (!r && opt_reencrypt_resume_only) {
- log_err(_("LUKS2 device is not in reencryption."));
- r = -EINVAL;
- } else if (opt_decrypt)
- r = action_decrypt_luks2(cd);
- else if (opt_encrypt && !opt_reencrypt_resume_only)
- r = action_encrypt_luks2(&cd);
- else
- r = action_reencrypt_luks2(cd);
-
- if (r >= 0 && !opt_reencrypt_init_only) {
- set_int_handler(0);
- r = crypt_reencrypt(cd, tools_reencrypt_progress);
+ if (!strcmp(action_argv[0], "unassign")) {
+ if (!ARG_SET(OPT_KEY_SLOT_ID))
+ return _("Action requires specific keyslot. Use --key-slot parameter.");
+ if (!ARG_SET(OPT_TOKEN_ID_ID))
+ return _("Action requires specific token. Use --token-id parameter.");
}
-out:
- crypt_free(cd);
- return r;
+ return NULL;
}
static struct action_type {
const char *type;
int (*handler)(void);
+ const char *(*verify)(void);
int required_action_argc;
- int required_memlock;
const char *arg_desc;
const char *desc;
} action_types[] = {
- { "open", action_open, 1, 1, N_("<device> [--type <type>] [<name>]"),N_("open device as <name>") },
- { "close", action_close, 1, 1, N_("<name>"), N_("close device (remove mapping)") },
- { "resize", action_resize, 1, 1, N_("<name>"), N_("resize active device") },
- { "status", action_status, 1, 0, N_("<name>"), N_("show device status") },
- { "benchmark", action_benchmark, 0, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
- { "repair", action_luksRepair, 1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
- { "reencrypt", action_reencrypt, 0, 0, N_("<device>"), N_("reencrypt LUKS2 device") },
- { "erase", action_luksErase , 1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
- { "convert", action_luksConvert, 1, 1, N_("<device>"), N_("convert LUKS from/to LUKS2 format") },
- { "config", action_luksConfig, 1, 1, N_("<device>"), N_("set permanent configuration options for LUKS2") },
- { "luksFormat", action_luksFormat, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
- { "luksAddKey", action_luksAddKey, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
- { "luksRemoveKey",action_luksRemoveKey,1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
- { "luksChangeKey",action_luksChangeKey,1, 1, N_("<device> [<key file>]"), N_("changes supplied key or key file of LUKS device") },
- { "luksConvertKey",action_luksConvertKey,1, 1, N_("<device> [<key file>]"), N_("converts a key to new pbkdf parameters") },
- { "luksKillSlot", action_luksKillSlot, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
- { "luksUUID", action_luksUUID, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
- { "isLuks", action_isLuks, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
- { "luksDump", action_luksDump, 1, 1, N_("<device>"), N_("dump LUKS partition information") },
- { "tcryptDump", action_tcryptDump, 1, 1, N_("<device>"), N_("dump TCRYPT device information") },
- { "bitlkDump", action_bitlkDump, 1, 1, N_("<device>"), N_("dump BITLK device information") },
- { "luksSuspend", action_luksSuspend, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen)") },
- { "luksResume", action_luksResume, 1, 1, N_("<device>"), N_("Resume suspended LUKS device") },
- { "luksHeaderBackup", action_luksBackup,1,1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
- { "luksHeaderRestore",action_luksRestore,1,1,N_("<device>"), N_("Restore LUKS device header and keyslots") },
- { "token", action_token, 2, 0, N_("<add|remove|import|export> <device>"), N_("Manipulate LUKS2 tokens") },
+ { OPEN_ACTION, action_open, verify_open, 1, N_("<device> [--type <type>] [<name>]"),N_("open device as <name>") },
+ { CLOSE_ACTION, action_close, verify_close, 1, N_("<name>"), N_("close device (remove mapping)") },
+ { RESIZE_ACTION, action_resize, verify_resize, 1, N_("<name>"), N_("resize active device") },
+ { STATUS_ACTION, action_status, NULL, 1, N_("<name>"), N_("show device status") },
+ { BENCHMARK_ACTION, action_benchmark, NULL, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
+ { REPAIR_ACTION, action_luksRepair, NULL, 1, N_("<device>"), N_("try to repair on-disk metadata") },
+ { REENCRYPT_ACTION, action_reencrypt, verify_reencrypt, 0, N_("<device>"), N_("reencrypt LUKS2 device") },
+ { ERASE_ACTION, action_luksErase, NULL, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
+ { CONVERT_ACTION, action_luksConvert, NULL, 1, N_("<device>"), N_("convert LUKS from/to LUKS2 format") },
+ { CONFIG_ACTION, action_luksConfig, verify_config, 1, N_("<device>"), N_("set permanent configuration options for LUKS2") },
+ { FORMAT_ACTION, action_luksFormat, verify_format, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
+ { ADDKEY_ACTION, action_luksAddKey, verify_addkey, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
+ { REMOVEKEY_ACTION, action_luksRemoveKey, NULL, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
+ { CHANGEKEY_ACTION, action_luksChangeKey, NULL, 1, N_("<device> [<key file>]"), N_("changes supplied key or key file of LUKS device") },
+ { CONVERTKEY_ACTION, action_luksConvertKey, NULL, 1, N_("<device> [<key file>]"), N_("converts a key to new pbkdf parameters") },
+ { KILLKEY_ACTION, action_luksKillSlot, NULL, 2, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
+ { UUID_ACTION, action_luksUUID, NULL, 1, N_("<device>"), N_("print UUID of LUKS device") },
+ { ISLUKS_ACTION, action_isLuks, NULL, 1, N_("<device>"), N_("tests <device> for LUKS partition header") },
+ { LUKSDUMP_ACTION, action_luksDump, verify_luksDump, 1, N_("<device>"), N_("dump LUKS partition information") },
+ { TCRYPTDUMP_ACTION, action_tcryptDump, verify_tcryptdump, 1, N_("<device>"), N_("dump TCRYPT device information") },
+ { BITLKDUMP_ACTION, action_bitlkDump, NULL, 1, N_("<device>"), N_("dump BITLK device information") },
+ { FVAULT2DUMP_ACTION, action_fvault2Dump, NULL, 1, N_("<device>"), N_("dump FVAULT2 device information") },
+ { SUSPEND_ACTION, action_luksSuspend, NULL, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen)") },
+ { RESUME_ACTION, action_luksResume, NULL, 1, N_("<device>"), N_("Resume suspended LUKS device") },
+ { HEADERBACKUP_ACTION, action_luksBackup, NULL, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
+ { HEADERRESTORE_ACTION, action_luksRestore, NULL, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
+ { TOKEN_ACTION, action_token, verify_token, 2, N_("<add|remove|import|export> <device>"), N_("Manipulate LUKS2 tokens") },
{}
};
const char *arg __attribute__((unused)),
void *data __attribute__((unused)))
{
+ const char *path;
+
if (key->shortName == '?') {
struct action_type *action;
const struct crypt_pbkdf_type *pbkdf_luks1, *pbkdf_luks2;
- log_std("%s\n",PACKAGE_STRING);
-
+ tools_package_version(PACKAGE_NAME, true);
poptPrintHelp(popt_context, stdout, 0);
log_std(_("\n"
log_std(_("\n"
"You can also use old <action> syntax aliases:\n"
- "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen\n"
- "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose\n"));
+ "\topen: create (plainOpen), luksOpen, loopaesOpen, tcryptOpen, bitlkOpen, fvault2Open\n"
+ "\tclose: remove (plainClose), luksClose, loopaesClose, tcryptClose, bitlkClose, fvault2Close\n"));
log_std(_("\n"
"<name> is the device to create under %s\n"
"<device> is the encrypted device\n"
log_std(_("\nDefault compiled-in metadata format is %s (for luksFormat action).\n"),
crypt_get_default_type());
+ path = crypt_token_external_path();
+ if (path) {
+ log_std(_("\nLUKS2 external token plugin support is %s.\n"), _("compiled-in"));
+ log_std(_("LUKS2 external token plugin path: %s.\n"), path);
+ } else
+ log_std(_("\nLUKS2 external token plugin support is %s.\n"), _("disabled"));
+
pbkdf_luks1 = crypt_get_pbkdf_default(CRYPT_LUKS1);
pbkdf_luks2 = crypt_get_pbkdf_default(CRYPT_LUKS2);
log_std(_("\nDefault compiled-in key and passphrase parameters:\n"
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
} else if (key->shortName == 'V') {
- log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
+ tools_package_version(PACKAGE_NAME, true);
tools_cleanup();
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
{
char buf[128];
- snprintf(buf, sizeof(buf), _("%s: requires %s as arguments"), action->type, action->arg_desc);
+ if (snprintf(buf, sizeof(buf), _("%s: requires %s as arguments"), action->type, action->arg_desc) < 0)
+ buf[0] = '\0';
usage(popt_context, EXIT_FAILURE, buf, poptGetInvocationName(popt_context));
}
log_dbg("Running command %s.", action->type);
- if (action->required_memlock)
- crypt_memory_lock(NULL, 1);
-
set_int_handler(0);
r = action->handler();
- if (action->required_memlock)
- crypt_memory_lock(NULL, 0);
-
/* Some functions returns keyslot # */
if (r > 0)
r = 0;
return translate_errno(r);
}
+static const char *verify_action(struct action_type *action)
+{
+ log_dbg("Verifying parameters for command %s.", action->type);
+
+ return action->verify ? action->verify() : NULL;
+}
+
+static bool needs_size_conversion(unsigned arg_id)
+{
+ return (arg_id == OPT_DEVICE_SIZE_ID || arg_id == OPT_HOTZONE_SIZE_ID ||
+ arg_id == OPT_LUKS2_KEYSLOTS_SIZE_ID || arg_id == OPT_LUKS2_METADATA_SIZE_ID ||
+ arg_id == OPT_REDUCE_DEVICE_SIZE_ID);
+}
+
+static void check_key_slot_value(poptContext popt_context)
+{
+ if (ARG_INT32(OPT_KEY_SLOT_ID) < 0)
+ usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
+ poptGetInvocationName(popt_context));
+}
+
+static void basic_options_cb(poptContext popt_context,
+ enum poptCallbackReason reason __attribute__((unused)),
+ struct poptOption *key,
+ const char *arg,
+ void *data __attribute__((unused)))
+{
+ tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, needs_size_conversion);
+
+ /* special cases additional handling */
+ switch (key->val) {
+ case OPT_DEBUG_JSON_ID:
+ /* fall through */
+ case OPT_DEBUG_ID:
+ log_parms.debug = true;
+ /* fall through */
+ case OPT_VERBOSE_ID:
+ log_parms.verbose = true;
+ break;
+ case OPT_DEVICE_SIZE_ID:
+ if (ARG_UINT64(OPT_DEVICE_SIZE_ID) == 0)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ if (ARG_UINT64(OPT_DEVICE_SIZE_ID) % SECTOR_SIZE)
+ usage(popt_context, EXIT_FAILURE, _("Device size must be multiple of 512 bytes sector."),
+ poptGetInvocationName(popt_context));
+ break;
+ case OPT_HOTZONE_SIZE_ID:
+ if (ARG_UINT64(OPT_HOTZONE_SIZE_ID) == 0)
+ usage(popt_context, EXIT_FAILURE, _("Invalid max reencryption hotzone size specification."),
+ poptGetInvocationName(popt_context));
+ break;
+ case OPT_KEY_FILE_ID:
+ if (tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID))) {
+ free(keyfile_stdin);
+ keyfile_stdin = strdup(ARG_STR(OPT_KEY_FILE_ID));
+ } else if (keyfiles_count < MAX_KEYFILES)
+ keyfiles[keyfiles_count++] = strdup(ARG_STR(OPT_KEY_FILE_ID));
+ total_keyfiles++;
+ break;
+ case OPT_KEY_SIZE_ID:
+ if (ARG_UINT32(OPT_KEY_SIZE_ID) % 8)
+ usage(popt_context, EXIT_FAILURE,
+ _("Key size must be a multiple of 8 bits"),
+ poptGetInvocationName(popt_context));
+ break;
+ case OPT_KEY_SLOT_ID:
+ check_key_slot_value(popt_context);
+ break;
+ case OPT_KEYSLOT_KEY_SIZE_ID:
+ if (ARG_UINT32(OPT_KEYSLOT_KEY_SIZE_ID) == 0)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ if (ARG_UINT32(OPT_KEYSLOT_KEY_SIZE_ID) % 8)
+ usage(popt_context, EXIT_FAILURE,
+ _("Key size must be a multiple of 8 bits"),
+ poptGetInvocationName(popt_context));
+ break;
+ case OPT_REDUCE_DEVICE_SIZE_ID:
+ if (ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID) > 1024 * 1024 * 1024)
+ usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 1 GiB."),
+ poptGetInvocationName(popt_context));
+ if (ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID) % SECTOR_SIZE)
+ usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."),
+ poptGetInvocationName(popt_context));
+ data_shift = -(int64_t)ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID);
+ break;
+ case OPT_SECTOR_SIZE_ID:
+ if (ARG_UINT32(OPT_SECTOR_SIZE_ID) < SECTOR_SIZE ||
+ ARG_UINT32(OPT_SECTOR_SIZE_ID) > MAX_SECTOR_SIZE ||
+ (ARG_UINT32(OPT_SECTOR_SIZE_ID) & (ARG_UINT32(OPT_SECTOR_SIZE_ID) - 1)))
+ usage(popt_context, EXIT_FAILURE,
+ _("Unsupported encryption sector size."),
+ poptGetInvocationName(popt_context));
+ break;
+ case OPT_PRIORITY_ID:
+ if (strcmp(ARG_STR(OPT_PRIORITY_ID), "normal") &&
+ strcmp(ARG_STR(OPT_PRIORITY_ID), "prefer") &&
+ strcmp(ARG_STR(OPT_PRIORITY_ID), "ignore"))
+ usage(popt_context, EXIT_FAILURE,
+ _("Option --priority can be only ignore/normal/prefer."),
+ poptGetInvocationName(popt_context));
+ break;
+ }
+}
+
+static void cryptsetup_init_arg_aliases(void)
+{
+ unsigned i;
+
+ for (i = 1; i < ARRAY_SIZE(tool_core_args); i++)
+ if (tool_core_args[i].type == CRYPT_ARG_ALIAS)
+ ARG_INIT_ALIAS(i);
+}
+
int main(int argc, const char **argv)
{
static struct poptOption popt_help_options[] = {
{ "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL },
POPT_TABLEEND
};
+ static struct poptOption popt_basic_options[] = {
+ { NULL, '\0', POPT_ARG_CALLBACK, basic_options_cb, 0, NULL, NULL },
+#define ARG(A, B, C, D, E, F, G, H) { A, B, C, NULL, A ## _ID, D, E },
+#include "cryptsetup_arg_list.h"
+#undef ARG
+ POPT_TABLEEND
+ };
static struct poptOption popt_options[] = {
- { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
- { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
- { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
- { "debug-json", '\0', POPT_ARG_NONE, &opt_debug_json, 0, N_("Show debug messages including JSON metadata"), NULL },
- { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
- { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
- { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
- { "key-file", 'd', POPT_ARG_STRING, NULL, 6, N_("Read the key from a file"), NULL },
- { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
- { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info"), NULL },
- { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
- { "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
- { "keyfile-offset", '\0', POPT_ARG_STRING, NULL, 4, N_("Number of bytes to skip in keyfile"), N_("bytes") },
- { "new-keyfile-size", '\0', POPT_ARG_LONG, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
- { "new-keyfile-offset",'\0', POPT_ARG_STRING, NULL, 5, N_("Number of bytes to skip in newly added keyfile"), N_("bytes") },
- { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
- { "size", 'b', POPT_ARG_STRING, NULL, 1, N_("The size of the device"), N_("SECTORS") },
- { "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
- { "offset", 'o', POPT_ARG_STRING, NULL, 2, N_("The start offset in the backend device"), N_("SECTORS") },
- { "skip", 'p', POPT_ARG_STRING, NULL, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
- { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
- { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
- { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
- { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") },
- { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
- { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
- { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup"), NULL },
- { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key"), NULL },
- { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key"), NULL },
- { "shared", '\0', POPT_ARG_NONE, &opt_shared, 0, N_("Share device with another non-overlapping crypt segment"), NULL },
- { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use"), NULL },
- { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL },
- { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header"), NULL },
- { "test-passphrase", '\0', POPT_ARG_NONE, &opt_test_passphrase, 0, N_("Do not activate device, just check passphrase"), NULL },
- { "tcrypt-hidden", '\0', POPT_ARG_NONE, &opt_tcrypt_hidden, 0, N_("Use hidden header (hidden TCRYPT device)"), NULL },
- { "tcrypt-system", '\0', POPT_ARG_NONE, &opt_tcrypt_system, 0, N_("Device is system TCRYPT drive (with bootloader)"), NULL },
- { "tcrypt-backup", '\0', POPT_ARG_NONE, &opt_tcrypt_backup, 0, N_("Use backup (secondary) TCRYPT header"), NULL },
- { "veracrypt", '\0', POPT_ARG_NONE, &opt_veracrypt, 0, N_("Scan also for VeraCrypt compatible device"), NULL },
- { "veracrypt-pim", '\0', POPT_ARG_INT, &opt_veracrypt_pim, 0, N_("Personal Iteration Multiplier for VeraCrypt compatible device"), NULL },
- { "veracrypt-query-pim", '\0', POPT_ARG_NONE, &opt_veracrypt_query_pim, 0, N_("Query Personal Iteration Multiplier for VeraCrypt compatible device"), NULL },
- { "type", 'M', POPT_ARG_STRING, &opt_type, 0, N_("Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"), NULL },
- { "force-password", '\0', POPT_ARG_NONE, &opt_force_password, 0, N_("Disable password quality check (if enabled)"), NULL },
- { "perf-same_cpu_crypt",'\0', POPT_ARG_NONE, &opt_perf_same_cpu_crypt, 0, N_("Use dm-crypt same_cpu_crypt performance compatibility option"), NULL },
- { "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option"), NULL },
- { "perf-no_read_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_read_workqueue,0,N_("Bypass dm-crypt workqueue and process read requests synchronously"), NULL },
- { "perf-no_write_workqueue",'\0', POPT_ARG_NONE, &opt_perf_no_write_workqueue,0,N_("Bypass dm-crypt workqueue and process write requests synchronously"), NULL },
- { "deferred", '\0', POPT_ARG_NONE, &opt_deferred_remove, 0, N_("Device removal is deferred until the last user closes it"), NULL },
- { "serialize-memory-hard-pbkdf", '\0', POPT_ARG_NONE, &opt_serialize_memory_hard_pbkdf, 0, N_("Use global lock to serialize memory hard PBKDF (OOM workaround)"), NULL },
- { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF iteration time for LUKS (in ms)"), N_("msecs") },
- { "pbkdf", '\0', POPT_ARG_STRING, &opt_pbkdf, 0, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL },
- { "pbkdf-memory", '\0', POPT_ARG_LONG, &opt_pbkdf_memory, 0, N_("PBKDF memory cost limit"), N_("kilobytes") },
- { "pbkdf-parallel", '\0', POPT_ARG_LONG, &opt_pbkdf_parallel, 0, N_("PBKDF parallel cost"), N_("threads") },
- { "pbkdf-force-iterations",'\0',POPT_ARG_LONG, &opt_pbkdf_iterations, 0, N_("PBKDF iterations cost (forced, disables benchmark)"), NULL },
- { "priority", '\0', POPT_ARG_STRING, &opt_priority, 0, N_("Keyslot priority: ignore, normal, prefer"), NULL },
- { "disable-locks", '\0', POPT_ARG_NONE, &opt_disable_locks, 0, N_("Disable locking of on-disk metadata"), NULL },
- { "disable-keyring", '\0', POPT_ARG_NONE, &opt_disable_keyring, 0, N_("Disable loading volume keys via kernel keyring"), NULL },
- { "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm (LUKS2 only)"), NULL },
- { "integrity-no-journal",'\0',POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL },
- { "integrity-no-wipe", '\0', POPT_ARG_NONE, &opt_integrity_no_wipe, 0, N_("Do not wipe device after format"), NULL },
- { "integrity-legacy-padding",'\0', POPT_ARG_NONE, &opt_integrity_legacy_padding,0, N_("Use inefficient legacy padding (old kernels)"), NULL },
- { "token-only", '\0', POPT_ARG_NONE, &opt_token_only, 0, N_("Do not ask for passphrase if activation by token fails"), NULL },
- { "token-id", '\0', POPT_ARG_INT, &opt_token, 0, N_("Token number (default: any)"), NULL },
- { "key-description", '\0', POPT_ARG_STRING, &opt_key_description, 0, N_("Key description"), NULL },
- { "sector-size", '\0', POPT_ARG_INT, &opt_sector_size, 0, N_("Encryption sector size (default: 512 bytes)"), NULL },
- { "iv-large-sectors", '\0', POPT_ARG_NONE, &opt_iv_large_sectors, 0, N_("Use IV counted in sector size (not in 512 bytes)"), NULL },
- { "persistent", '\0', POPT_ARG_NONE, &opt_persistent, 0, N_("Set activation flags persistent for device"), NULL },
- { "label", '\0', POPT_ARG_STRING, &opt_label, 0, N_("Set label for the LUKS2 device"), NULL },
- { "subsystem", '\0', POPT_ARG_STRING, &opt_subsystem, 0, N_("Set subsystem label for the LUKS2 device"), NULL },
- { "unbound", '\0', POPT_ARG_NONE, &opt_unbound, 0, N_("Create or dump unbound (no assigned data segment) LUKS2 keyslot"), NULL },
- { "json-file", '\0', POPT_ARG_STRING, &opt_json_file, 0, N_("Read or write the json from or to a file"), NULL },
- { "luks2-metadata-size",'\0',POPT_ARG_STRING,&opt_luks2_metadata_size_str,0,N_("LUKS2 header metadata area size"), N_("bytes") },
- { "luks2-keyslots-size",'\0',POPT_ARG_STRING,&opt_luks2_keyslots_size_str,0,N_("LUKS2 header keyslots area size"), N_("bytes") },
- { "refresh", '\0', POPT_ARG_NONE, &opt_refresh, 0, N_("Refresh (reactivate) device with new parameters"), NULL },
- { "keyslot-key-size", '\0', POPT_ARG_INT, &opt_keyslot_key_size, 0, N_("LUKS2 keyslot: The size of the encryption key"), N_("BITS") },
- { "keyslot-cipher", '\0', POPT_ARG_STRING, &opt_keyslot_cipher, 0, N_("LUKS2 keyslot: The cipher used for keyslot encryption"), NULL },
- { "encrypt", '\0', POPT_ARG_NONE, &opt_encrypt, 0, N_("Encrypt LUKS2 device (in-place encryption)."), NULL },
- { "decrypt", '\0', POPT_ARG_NONE, &opt_decrypt, 0, N_("Decrypt LUKS2 device (remove encryption)."), NULL },
- { "init-only", '\0', POPT_ARG_NONE, &opt_reencrypt_init_only, 0, N_("Initialize LUKS2 reencryption in metadata only."), NULL },
- { "resume-only", '\0', POPT_ARG_NONE, &opt_reencrypt_resume_only, 0, N_("Resume initialized LUKS2 reencryption only."), NULL },
- { "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") },
- { "hotzone-size", '\0', POPT_ARG_STRING, &opt_hotzone_size_str, 0, N_("Maximal reencryption hotzone size."), N_("bytes") },
- { "resilience", '\0', POPT_ARG_STRING, &opt_resilience_mode, 0, N_("Reencryption hotzone resilience type (checksum,journal,none)"), NULL },
- { "resilience-hash", '\0', POPT_ARG_STRING, &opt_resilience_hash, 0, N_("Reencryption hotzone checksums hash"), NULL },
- { "active-name", '\0', POPT_ARG_STRING, &opt_active_name, 0, N_("Override device autodetection of dm device to be reencrypted"), NULL },
+ { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
+ { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_basic_options, 0, NULL, NULL },
POPT_TABLEEND
};
poptContext popt_context;
struct action_type *action;
- const char *aname;
- int r, total_keyfiles = 0;
+ const char *aname, *error_message;
+ int r;
+
+ /* initialize aliases */
+ cryptsetup_init_arg_aliases();
- crypt_set_log_callback(NULL, tool_log, NULL);
+ crypt_set_log_callback(NULL, tool_log, &log_parms);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
poptSetOtherOptionHelp(popt_context,
_("[OPTION...] <action> <action-specific>"));
- while((r = poptGetNextOpt(popt_context)) > 0) {
- unsigned long long ull_value;
- char *endp, *str = poptGetOptArg(popt_context);
-
- if (r == 6) {
- free(opt_key_file);
- opt_key_file = str;
- if (tools_is_stdin(str)) {
- free(opt_keyfile_stdin);
- opt_keyfile_stdin = strdup(str);
- } else if (opt_keyfiles_count < MAX_KEYFILES)
- opt_keyfiles[opt_keyfiles_count++] = strdup(str);
- total_keyfiles++;
- continue;
- }
-
- errno = 0;
- ull_value = strtoull(str, &endp, 0);
- if (*endp || !*str || !isdigit(*str) ||
- (errno == ERANGE && ull_value == ULLONG_MAX) ||
- (errno != 0 && ull_value == 0))
- r = POPT_ERROR_BADNUMBER;
-
- free(str);
-
- switch(r) {
- case 1:
- opt_size = ull_value;
- break;
- case 2:
- opt_offset = ull_value;
- break;
- case 3:
- opt_skip = ull_value;
- opt_skip_valid = 1;
- break;
- case 4:
- opt_keyfile_offset = ull_value;
- break;
- case 5:
- opt_new_keyfile_offset = ull_value;
- break;
- }
-
- if (r < 0)
- break;
- }
+ while ((r = poptGetNextOpt(popt_context)) > 0) {}
if (r < -1)
usage(popt_context, EXIT_FAILURE, poptStrerror(r),
action_argv[0] = action_argv[1];
action_argv[1] = tmp;
}
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "plain";
} else if (!strcmp(aname, "plainOpen")) {
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "plain";
} else if (!strcmp(aname, "luksOpen")) {
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "luks";
} else if (!strcmp(aname, "loopaesOpen")) {
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "loopaes";
} else if (!strcmp(aname, "tcryptOpen")) {
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "tcrypt";
} else if (!strcmp(aname, "bitlkOpen")) {
- aname = "open";
+ aname = OPEN_ACTION;
device_type = "bitlk";
+ } else if (!strcmp(aname, "fvault2Open")) {
+ aname = OPEN_ACTION;
+ device_type = "fvault2";
} else if (!strcmp(aname, "tcryptDump")) {
device_type = "tcrypt";
} else if (!strcmp(aname, "bitlkDump")) {
device_type = "bitlk";
+ } else if (!strcmp(aname, "fvault2Dump")) {
+ device_type = "fvault2";
} else if (!strcmp(aname, "remove") ||
!strcmp(aname, "plainClose") ||
!strcmp(aname, "luksClose") ||
!strcmp(aname, "loopaesClose") ||
!strcmp(aname, "tcryptClose") ||
- !strcmp(aname, "bitlkClose")) {
- aname = "close";
+ !strcmp(aname, "bitlkClose") ||
+ !strcmp(aname, "fvault2Close")) {
+ aname = CLOSE_ACTION;
} else if (!strcmp(aname, "luksErase")) {
- aname = "erase";
+ aname = ERASE_ACTION;
device_type = "luks";
} else if (!strcmp(aname, "luksConfig")) {
- aname = "config";
+ aname = CONFIG_ACTION;
device_type = "luks2";
} else if (!strcmp(aname, "refresh")) {
- aname = "open";
- opt_refresh = 1;
- } else if (opt_type)
- device_type = opt_type;
+ aname = OPEN_ACTION;
+ ARG_SET_TRUE(OPT_REFRESH_ID);
+ } else if (ARG_SET(OPT_TYPE_ID))
+ device_type = ARG_STR(OPT_TYPE_ID);
/* ignore user supplied type and query device type instead */
- if (opt_refresh)
+ if (ARG_SET(OPT_REFRESH_ID))
device_type = NULL;
for(action = action_types; action->type; action++)
if (action_argc < action->required_action_argc)
help_args(action, popt_context);
- /* FIXME: rewrite this from scratch */
-
- if (opt_refresh && opt_test_passphrase)
- usage(popt_context, EXIT_FAILURE,
- _("Options --refresh and --test-passphrase are mutually exclusive."),
- poptGetInvocationName(popt_context));
-
- if (opt_deferred_remove && strcmp(aname, "close"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --deferred is allowed only for close command."),
- poptGetInvocationName(popt_context));
-
- if (opt_shared && (strcmp(aname, "open") || strcmp_or_null(device_type, "plain")))
- usage(popt_context, EXIT_FAILURE,
- _("Option --shared is allowed only for open of plain device."),
- poptGetInvocationName(popt_context));
-
- if (opt_allow_discards && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --allow-discards is allowed only for open operation."),
- poptGetInvocationName(popt_context));
-
- if (opt_persistent && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --persistent is allowed only for open operation."),
- poptGetInvocationName(popt_context));
-
- if (opt_serialize_memory_hard_pbkdf && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --serialize-memory-hard-pbkdf is allowed only for open operation."),
- poptGetInvocationName(popt_context));
-
- if (opt_persistent && opt_test_passphrase)
- usage(popt_context, EXIT_FAILURE,
- _("Option --persistent is not allowed with --test-passphrase."),
- poptGetInvocationName(popt_context));
-
- if (opt_key_size &&
- strcmp(aname, "reencrypt") &&
- strcmp(aname, "luksFormat") &&
- strcmp(aname, "open") &&
- strcmp(aname, "benchmark") &&
- strcmp(aname, "luksAddKey"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --key-size is allowed only for luksFormat, luksAddKey,\n"
- "open and benchmark actions. To limit read from keyfile use --keyfile-size=(bytes)."),
- poptGetInvocationName(popt_context));
-
- if (opt_integrity && strcmp(aname, "luksFormat"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --integrity is allowed only for luksFormat (LUKS2)."),
- poptGetInvocationName(popt_context));
-
- if (opt_integrity_no_wipe && !opt_integrity)
- usage(popt_context, EXIT_FAILURE,
- _("Option --integrity-no-wipe"
- " can be used only for format action with integrity extension."),
- poptGetInvocationName(popt_context));
-
- if ((opt_label || opt_subsystem) && strcmp(aname, "luksFormat") && strcmp(aname, "config"))
- usage(popt_context, EXIT_FAILURE,
- _("Options --label and --subsystem are allowed only for luksFormat and config LUKS2 operations."),
- poptGetInvocationName(popt_context));
-
- if (opt_test_passphrase && (strcmp(aname, "open") || !device_type ||
- (strncmp(device_type, "luks", 4) && strcmp(device_type, "tcrypt") && strcmp(device_type, "bitlk"))))
- usage(popt_context, EXIT_FAILURE,
- _("Option --test-passphrase is allowed only for open of LUKS, TCRYPT and BITLK devices."),
- poptGetInvocationName(popt_context));
+ /* this routine short circuits to exit() on error */
+ tools_check_args(action->type, tool_core_args, ARRAY_SIZE(tool_core_args), popt_context);
- if (opt_key_size % 8 || opt_keyslot_key_size % 8)
- usage(popt_context, EXIT_FAILURE,
- _("Key size must be a multiple of 8 bits"),
- poptGetInvocationName(popt_context));
-
- if (!strcmp(aname, "luksKillSlot") && action_argc > 1)
- opt_key_slot = atoi(action_argv[1]);
- if (opt_key_slot != CRYPT_ANY_SLOT && opt_key_slot < 0)
- usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
- poptGetInvocationName(popt_context));
+ if (!strcmp(aname, KILLKEY_ACTION) && action_argc > 1) {
+ ARG_SET_INT32(OPT_KEY_SLOT_ID, atoi(action_argv[1]));
+ check_key_slot_value(popt_context);
+ }
- if ((!strcmp(aname, "luksRemoveKey") ||
- !strcmp(aname, "luksFormat")) &&
+ if ((!strcmp(aname, REMOVEKEY_ACTION) ||
+ !strcmp(aname, FORMAT_ACTION)) &&
action_argc > 1) {
- if (opt_key_file)
+ if (ARG_SET(OPT_KEY_FILE_ID))
log_err(_("Option --key-file takes precedence over specified key file argument."));
else
- opt_key_file = strdup(action_argv[1]);
+ ARG_SET_STR(OPT_KEY_FILE_ID, strdup(action_argv[1]));
}
- if (opt_keyfile_size < 0 || opt_new_keyfile_size < 0 || opt_key_size < 0)
- usage(popt_context, EXIT_FAILURE,
- _("Negative number for option not permitted."),
- poptGetInvocationName(popt_context));
-
if (total_keyfiles > 1 && (strcmp_or_null(device_type, "tcrypt")))
usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."),
poptGetInvocationName(popt_context));
- if (opt_random && opt_urandom)
- usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
- poptGetInvocationName(popt_context));
-
- if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
- usage(popt_context, EXIT_FAILURE, _("Option --use-[u]random is allowed only for luksFormat."),
- poptGetInvocationName(popt_context));
-
- if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
- usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
- poptGetInvocationName(popt_context));
-
- if (opt_align_payload && strcmp(aname, "luksFormat"))
- usage(popt_context, EXIT_FAILURE, _("Option --align-payload is allowed only for luksFormat."),
- poptGetInvocationName(popt_context));
-
- if ((opt_luks2_metadata_size_str || opt_luks2_keyslots_size_str) && strcmp(aname, "luksFormat") && strcmp(aname, "reencrypt"))
- usage(popt_context, EXIT_FAILURE, _("Options --luks2-metadata-size and --opt-luks2-keyslots-size "
- "are allowed only for luksFormat with LUKS2."),
- poptGetInvocationName(popt_context));
- if (opt_luks2_metadata_size_str &&
- tools_string_to_size(NULL, opt_luks2_metadata_size_str, &opt_luks2_metadata_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid LUKS2 metadata size specification."),
- poptGetInvocationName(popt_context));
- if (opt_luks2_keyslots_size_str &&
- tools_string_to_size(NULL, opt_luks2_keyslots_size_str, &opt_luks2_keyslots_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid LUKS2 keyslots size specification."),
- poptGetInvocationName(popt_context));
-
- if (opt_align_payload && opt_offset)
- usage(popt_context, EXIT_FAILURE, _("Options --align-payload and --offset cannot be combined."),
- poptGetInvocationName(popt_context));
-
- if (opt_skip && (strcmp(aname, "open") ||
- (strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes"))))
- usage(popt_context, EXIT_FAILURE,
- _("Option --skip is supported only for open of plain and loopaes devices."),
- poptGetInvocationName(popt_context));
-
- if (opt_offset && ((strcmp(aname, "reencrypt") && strcmp(aname, "open") && strcmp(aname, "luksFormat")) ||
- (!strcmp(aname, "open") && strcmp_or_null(device_type, "plain") && strcmp(device_type, "loopaes")) ||
- (!strcmp(aname, "luksFormat") && device_type && strncmp(device_type, "luks", 4))))
- usage(popt_context, EXIT_FAILURE,
- _("Option --offset is supported only for open of plain and loopaes devices, luksFormat and device reencryption."),
- poptGetInvocationName(popt_context));
-
- if ((opt_tcrypt_hidden || opt_tcrypt_system || opt_tcrypt_backup) && strcmp(aname, "tcryptDump") &&
- (strcmp(aname, "open") || !device_type || strcmp(device_type, "tcrypt")))
- usage(popt_context, EXIT_FAILURE,
- _("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."),
- poptGetInvocationName(popt_context));
-
- if (opt_tcrypt_hidden && opt_allow_discards)
- usage(popt_context, EXIT_FAILURE,
- _("Option --tcrypt-hidden cannot be combined with --allow-discards."),
- poptGetInvocationName(popt_context));
-
- if (opt_veracrypt && (!device_type || strcmp(device_type, "tcrypt")))
- usage(popt_context, EXIT_FAILURE,
- _("Option --veracrypt is supported only for TCRYPT device type."),
- poptGetInvocationName(popt_context));
-
- if (opt_veracrypt_pim != -1) {
- if (opt_veracrypt_pim < -1) {
- usage(popt_context, EXIT_FAILURE,
- _("Invalid argument for parameter --veracrypt-pim supplied."),
- poptGetInvocationName(popt_context));
- } else if (!opt_veracrypt) {
- usage(popt_context, EXIT_FAILURE,
- _("Option --veracrypt-pim is supported only for VeraCrypt compatible devices."),
- poptGetInvocationName(popt_context));
- }
- }
-
- if (opt_veracrypt_query_pim) {
- if (!opt_veracrypt) {
- usage(popt_context, EXIT_FAILURE,
- _("Option --veracrypt-query-pim is supported only for VeraCrypt compatible devices."),
- poptGetInvocationName(popt_context));
- } else if (opt_veracrypt_pim != -1) {
- usage(popt_context, EXIT_FAILURE,
- _("The options --veracrypt-pim and --veracrypt-query-pim are mutually exclusive."),
- poptGetInvocationName(popt_context));
- }
- }
-
- if (opt_priority && strcmp(opt_priority, "normal") && strcmp(opt_priority, "prefer") && strcmp(opt_priority, "ignore"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --priority can be only ignore/normal/prefer."),
- poptGetInvocationName(popt_context));
-
- if (!strcmp(aname, "config") && opt_priority && opt_key_slot == CRYPT_ANY_SLOT)
- usage(popt_context, EXIT_FAILURE,
- _("Keyslot specification is required."),
- poptGetInvocationName(popt_context));
-
- if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &set_pbkdf))
+ if (ARG_SET(OPT_PBKDF_ID) && crypt_parse_pbkdf(ARG_STR(OPT_PBKDF_ID), &set_pbkdf))
usage(popt_context, EXIT_FAILURE,
_("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."),
poptGetInvocationName(popt_context));
- if (opt_pbkdf_iterations && opt_iteration_time)
+ if (ARG_SET(OPT_PBKDF_FORCE_ITERATIONS_ID) && ARG_SET(OPT_ITER_TIME_ID))
usage(popt_context, EXIT_FAILURE,
_("PBKDF forced iterations cannot be combined with iteration time option."),
poptGetInvocationName(popt_context));
- if (opt_sector_size && strcmp(aname, "reencrypt") && strcmp(aname, "luksFormat") &&
- (strcmp(aname, "open") || strcmp_or_null(device_type, "plain")))
- usage(popt_context, EXIT_FAILURE,
- _("Sector size option is not supported for this command."),
- poptGetInvocationName(popt_context));
-
- if (opt_sector_size && (opt_sector_size < SECTOR_SIZE || opt_sector_size > MAX_SECTOR_SIZE ||
- (opt_sector_size & (opt_sector_size - 1))))
- usage(popt_context, EXIT_FAILURE,
- _("Unsupported encryption sector size."),
- poptGetInvocationName(popt_context));
-
- if (opt_iv_large_sectors && (strcmp(aname, "open") || strcmp_or_null(opt_type, "plain") ||
- opt_sector_size <= SECTOR_SIZE))
- usage(popt_context, EXIT_FAILURE,
- _("Large IV sectors option is supported only for opening plain type device with sector size larger than 512 bytes."),
- poptGetInvocationName(popt_context));
-
- if (opt_unbound && !opt_key_size && !strcmp(aname, "luksAddKey"))
- usage(popt_context, EXIT_FAILURE,
- _("Key size is required with --unbound option."),
- poptGetInvocationName(popt_context));
-
- if (opt_unbound && !strcmp(aname, "luksDump") && opt_key_slot == CRYPT_ANY_SLOT)
- usage(popt_context, EXIT_FAILURE,
- _("Keyslot specification is required."),
- poptGetInvocationName(popt_context));
+ if (ARG_SET(OPT_DEBUG_ID) || ARG_SET(OPT_DEBUG_JSON_ID)) {
+ crypt_set_debug_level(ARG_SET(OPT_DEBUG_JSON_ID)? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL);
+ dbg_version_and_cmd(argc, argv);
+ }
- if (opt_unbound && strcmp(aname, "luksAddKey") && strcmp(aname, "luksDump"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --unbound may be used only with luksAddKey and luksDump actions."),
- poptGetInvocationName(popt_context));
+ /* reencrypt action specific check */
- if (opt_refresh && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --refresh may be used only with open action."),
+ if (ARG_SET(OPT_KEYSLOT_CIPHER_ID) != ARG_SET(OPT_KEYSLOT_KEY_SIZE_ID))
+ usage(popt_context, EXIT_FAILURE, _("Options --keyslot-cipher and --keyslot-key-size must be used together."),
poptGetInvocationName(popt_context));
- if (opt_debug || opt_debug_json) {
- opt_debug = 1;
- opt_verbose = 1;
- crypt_set_debug_level(opt_debug_json? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL);
- dbg_version_and_cmd(argc, argv);
- }
+ error_message = verify_action(action);
+ if (error_message)
+ usage(popt_context, EXIT_FAILURE, error_message, poptGetInvocationName(popt_context));
- if (opt_disable_locks && crypt_metadata_locking(NULL, 0)) {
- log_std(_("Cannot disable metadata locking."));
+ if (ARG_SET(OPT_TEST_ARGS_ID)) {
+ log_std(_("No action taken. Invoked with --test-args option.\n"));
tools_cleanup();
poptFreeContext(popt_context);
- exit(EXIT_FAILURE);
+ return 0;
}
- if (opt_disable_keyring)
+ if (ARG_SET(OPT_DISABLE_KEYRING_ID))
(void) crypt_volume_key_keyring(NULL, 0);
- if (opt_hotzone_size_str &&
- (tools_string_to_size(NULL, opt_hotzone_size_str, &opt_hotzone_size) || !opt_hotzone_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid max reencryption hotzone size specification."),
- poptGetInvocationName(popt_context));
-
- if (!opt_hotzone_size && opt_resilience_mode && !strcmp(opt_resilience_mode, "none"))
- opt_hotzone_size = 50 * 1024 * 1024;
-
- if (opt_reduce_size_str &&
- tools_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
- poptGetInvocationName(popt_context));
- if (opt_reduce_size > 1024 * 1024 * 1024)
- usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 1 GiB."),
- poptGetInvocationName(popt_context));
- if (opt_reduce_size % SECTOR_SIZE)
- usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."),
- poptGetInvocationName(popt_context));
-
- if (opt_device_size_str &&
- tools_string_to_size(NULL, opt_device_size_str, &opt_device_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid data size specification."),
- poptGetInvocationName(popt_context));
-
- opt_data_shift = -(int64_t)opt_reduce_size;
- if (opt_data_shift > 0)
- usage(popt_context, EXIT_FAILURE, _("Reduce size overflow."),
- poptGetInvocationName(popt_context));
-
- if (opt_decrypt && !opt_header_device)
- usage(popt_context, EXIT_FAILURE, _("LUKS2 decryption requires option --header."),
- poptGetInvocationName(popt_context));
-
- if (opt_device_size % SECTOR_SIZE)
- usage(popt_context, EXIT_FAILURE, _("Device size must be multiple of 512 bytes sector."),
- poptGetInvocationName(popt_context));
-
- if (opt_data_shift && opt_device_size)
- usage(popt_context, EXIT_FAILURE, _("Options --reduce-device-size and --data-size cannot be combined."),
- poptGetInvocationName(popt_context));
+ if (ARG_SET(OPT_DISABLE_EXTERNAL_TOKENS_ID))
+ (void) crypt_token_external_disable();
- if (opt_device_size && opt_size)
- usage(popt_context, EXIT_FAILURE, _("Options --device-size and --size cannot be combined."),
- poptGetInvocationName(popt_context));
-
- if ((opt_keyslot_cipher && !opt_keyslot_key_size) || (!opt_keyslot_cipher && opt_keyslot_key_size))
- usage(popt_context, EXIT_FAILURE, _("Options --keyslot-cipher and --keyslot-key-size must be used together."),
- poptGetInvocationName(popt_context));
+ if (ARG_SET(OPT_DISABLE_LOCKS_ID) && crypt_metadata_locking(NULL, 0)) {
+ log_std(_("Cannot disable metadata locking."));
+ r = EXIT_FAILURE;
+ } else {
+ r = run_action(action);
+ }
- r = run_action(action);
tools_cleanup();
poptFreeContext(popt_context);
return r;
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <sys/time.h>
#include "lib/nls.h"
+#include "lib/bitops.h"
#include "lib/utils_crypt.h"
#include "lib/utils_loop.h"
-#include "lib/utils_fips.h"
#include "lib/utils_io.h"
#include "lib/utils_blkid.h"
+#include "lib/libcryptsetup_macros.h"
#include "libcryptsetup.h"
-#define CONST_CAST(x) (x)(uintptr_t)
#define DEFAULT_CIPHER(type) (DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE)
-#define SECTOR_SIZE 512
-#define MAX_SECTOR_SIZE 4096
-#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)
#define DEFAULT_WIPE_BLOCK 1048576 /* 1 MiB */
-
-extern int opt_debug;
-extern int opt_debug_json;
-extern int opt_verbose;
-extern int opt_batch_mode;
-extern int opt_force_password;
-extern int opt_progress_frequency;
+#define MAX_ACTIONS 16
/* Common tools */
-void clogger(struct crypt_device *cd, int level, const char *file, int line,
- const char *format, ...) __attribute__ ((format (printf, 5, 6)));
void tool_log(int level, const char *msg, void *usrptr __attribute__((unused)));
void quiet_log(int level, const char *msg, void *usrptr);
typedef enum { CREATED, UNLOCKED, REMOVED } crypt_object_op;
void tools_keyslot_msg(int keyslot, crypt_object_op op);
void tools_token_msg(int token, crypt_object_op op);
+void tools_token_error_msg(int error, const char *type, int token, bool pin_provided);
+void tools_package_version(const char *name, bool use_pwlibs);
extern volatile int quit;
void set_int_block(int block);
struct crypt_device *cd);
void tools_passphrase_msg(int r);
int tools_is_stdin(const char *key_file);
-int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
-
-void tools_clear_line(void);
-
-int tools_wipe_progress(uint64_t size, uint64_t offset, void *usrptr);
-int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr);
-
-int tools_read_mk(const char *file, char **key, int keysize);
+int tools_string_to_size(const char *s, uint64_t *size);
+
+struct tools_progress_params {
+ uint32_t frequency;
+ struct timeval start_time;
+ struct timeval end_time;
+ uint64_t start_offset;
+ bool batch_mode;
+ bool json_output;
+ const char *interrupt_message;
+ const char *device;
+};
+
+int tools_progress(uint64_t size, uint64_t offset, void *usrptr);
+const char *tools_get_device_name(const char *device, char **r_backing_file);
+
+int tools_read_vk(const char *file, char **key, int keysize);
int tools_write_mk(const char *file, const char *key, int keysize);
-int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size);
-int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json);
+int tools_read_json_file(const char *file, char **json, size_t *json_size, bool batch_mode);
+int tools_write_json_file(const char *file, const char *json);
-int tools_detect_signatures(const char *device, int ignore_luks, size_t *count);
-int tools_wipe_all_signatures(const char *path);
+typedef enum {
+ PRB_FILTER_NONE = 0,
+ PRB_FILTER_LUKS,
+ PRB_ONLY_LUKS
+} tools_probe_filter_info;
+
+int tools_detect_signatures(const char *device, tools_probe_filter_info filter, size_t *count, bool batch_mode);
+int tools_wipe_all_signatures(const char *path, bool exclusive, bool only_luks);
+int tools_superblock_block_size(const char *device, char *sb_name,
+ size_t sb_name_len, unsigned *r_block_size);
+bool tools_blkid_supported(void);
int tools_lookup_crypt_device(struct crypt_device *cd, const char *type,
- const char *data_device_path, char *name, size_t name_length);
+ const char *data_device_path, char **r_name);
+
/* each utility is required to implement it */
void tools_cleanup(void);
-#define FREE_AND_NULL(x) do { free(x); x = NULL; } while (0)
-
/* Log */
-#define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
-#define log_std(x...) clogger(NULL, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
-#define log_verbose(x...) clogger(NULL, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
-#define log_err(x...) clogger(NULL, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
+#define log_dbg(x...) crypt_logf(NULL, CRYPT_LOG_DEBUG, x)
+#define log_std(x...) crypt_logf(NULL, CRYPT_LOG_NORMAL, x)
+#define log_verbose(x...) crypt_logf(NULL, CRYPT_LOG_VERBOSE, x)
+#define log_err(x...) crypt_logf(NULL, CRYPT_LOG_ERROR, x)
+
+typedef enum {
+ CRYPT_ARG_BOOL = 0,
+ CRYPT_ARG_STRING,
+ CRYPT_ARG_INT32,
+ CRYPT_ARG_UINT32,
+ CRYPT_ARG_INT64,
+ CRYPT_ARG_UINT64,
+ CRYPT_ARG_ALIAS
+} crypt_arg_type_info;
+
+struct tools_arg {
+ const char *name;
+ bool set;
+ crypt_arg_type_info type;
+ union {
+ char *str_value;
+ uint64_t u64_value;
+ uint32_t u32_value;
+ int32_t i32_value;
+ int64_t i64_value;
+ union {
+ unsigned id;
+ struct tools_arg *ptr;
+ } o;
+ } u;
+ const char *actions_array[MAX_ACTIONS];
+};
+
+void tools_parse_arg_value(poptContext popt_context, crypt_arg_type_info type, struct tools_arg *arg, const char *popt_arg, int popt_val, bool(*needs_size_conv_fn)(unsigned arg_id));
+
+void tools_args_free(struct tools_arg *args, size_t args_count);
+
+void tools_check_args(const char *action, const struct tools_arg *args, size_t args_size, poptContext popt_context);
+
+struct tools_log_params {
+ bool verbose;
+ bool debug;
+};
#endif /* CRYPTSETUP_H */
--- /dev/null
+/*
+ * Cryptsetup command line arguments list
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* long name, short name, popt type, help description, units, internal argument type, default value, allowed actions (empty=global) */
+
+ARG(OPT_ACTIVE_NAME, '\0', POPT_ARG_STRING, N_("Override device autodetection of dm device to be reencrypted"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_ALIGN_PAYLOAD, '\0', POPT_ARG_STRING, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, OPT_ALIGN_PAYLOAD_ACTIONS)
+
+ARG(OPT_ALLOW_DISCARDS, '\0', POPT_ARG_NONE, N_("Allow discards (aka TRIM) requests for device"), NULL, CRYPT_ARG_BOOL, {}, OPT_ALLOW_DISCARDS_ACTIONS)
+
+ARG(OPT_BATCH_MODE, 'q', POPT_ARG_NONE, N_("Do not ask for confirmation"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_CANCEL_DEFERRED, '\0', POPT_ARG_NONE, N_("Cancel a previously set deferred device removal"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_CIPHER, 'c', POPT_ARG_STRING, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DEBUG_JSON, '\0', POPT_ARG_NONE, N_("Show debug messages including JSON metadata"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DEFERRED, '\0', POPT_ARG_NONE, N_("Device removal is deferred until the last user closes it"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS)
+
+ARG(OPT_DECRYPT, '\0', POPT_ARG_NONE, N_("Decrypt LUKS2 device (remove encryption)."), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DISABLE_EXTERNAL_TOKENS, '\0', POPT_ARG_NONE, N_("Disable loading of external LUKS2 token plugins"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DISABLE_KEYRING, '\0', POPT_ARG_NONE, N_("Disable loading volume keys via kernel keyring"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DISABLE_LOCKS, '\0', POPT_ARG_NONE, N_("Disable locking of on-disk metadata"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DISABLE_VERACRYPT, '\0', POPT_ARG_NONE, N_("Do not scan for VeraCrypt compatible device"), NULL, CRYPT_ARG_BOOL, {}, OPT_DISABLE_VERACRYPT_ACTIONS)
+
+ARG(OPT_DUMP_JSON, '\0', POPT_ARG_NONE, N_("Dump info in JSON format (LUKS2 only)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DUMP_VOLUME_KEY, '\0', POPT_ARG_NONE, N_("Dump volume key instead of keyslots info"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_ENCRYPT, '\0', POPT_ARG_NONE, N_("Encrypt LUKS2 device (in-place encryption)."), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_FORCE_PASSWORD, '\0', POPT_ARG_NONE, N_("Disable password quality check (if enabled)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_FORCE_OFFLINE_REENCRYPT, '\0', POPT_ARG_NONE, N_("Force offline LUKS2 reencryption and bypass active device detection."), NULL, CRYPT_ARG_BOOL, {}, OPT_FORCE_OFFLINE_REENCRYPT_ACTIONS)
+
+ARG(OPT_HASH, 'h', POPT_ARG_STRING, N_("The hash used to create the encryption key from the passphrase"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_HEADER, '\0', POPT_ARG_STRING, N_("Device or file with separated LUKS header"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_HEADER_BACKUP_FILE, '\0', POPT_ARG_STRING, N_("File with LUKS header and keyslots backup"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_HOTZONE_SIZE, '\0', POPT_ARG_STRING, N_("Maximal reencryption hotzone size."), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_HOTZONE_SIZE_ACTIONS)
+
+ARG(OPT_INIT_ONLY, '\0', POPT_ARG_NONE, N_("Initialize LUKS2 reencryption in metadata only."), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY, 'I', POPT_ARG_STRING, N_("Data integrity algorithm (LUKS2 only)"), NULL, CRYPT_ARG_STRING, {}, OPT_INTEGRITY_ACTIONS)
+
+ARG(OPT_INTEGRITY_LEGACY_PADDING,'\0', POPT_ARG_NONE, N_("Use inefficient legacy padding (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY_NO_JOURNAL, '\0', POPT_ARG_NONE, N_("Disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY_NO_WIPE, '\0', POPT_ARG_NONE, N_("Do not wipe device after format"), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_NO_WIPE_ACTIONS)
+
+ARG(OPT_ITER_TIME, 'i', POPT_ARG_STRING, N_("PBKDF iteration time for LUKS (in ms)"), N_("msecs"), CRYPT_ARG_UINT32, {}, OPT_ITER_TIME_ACTIONS)
+
+ARG(OPT_IV_LARGE_SECTORS, '\0', POPT_ARG_NONE, N_("Use IV counted in sector size (not in 512 bytes)"), NULL , CRYPT_ARG_BOOL, {}, OPT_IV_LARGE_SECTORS_ACTIONS)
+
+ARG(OPT_JSON_FILE, '\0', POPT_ARG_STRING, N_("Read or write the json from or to a file"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_KEEP_KEY, '\0', POPT_ARG_NONE, N_("Do not change volume key."), NULL, CRYPT_ARG_BOOL, {}, OPT_KEEP_KEY_ACTIONS)
+
+ARG(OPT_KEY_DESCRIPTION, '\0', POPT_ARG_STRING, N_("Key description"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_KEY_FILE, 'd', POPT_ARG_STRING, N_("Read the key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_KEY_SIZE, 's', POPT_ARG_STRING, N_("The size of the encryption key"), N_("BITS"), CRYPT_ARG_UINT32, {}, OPT_KEY_SIZE_ACTIONS)
+
+ARG(OPT_KEY_SLOT, 'S', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_KEY_SLOT_ACTIONS)
+
+ARG(OPT_KEYFILE_OFFSET, '\0', POPT_ARG_STRING, N_("Number of bytes to skip in keyfile"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_KEYFILE_SIZE, 'l', POPT_ARG_STRING, N_("Limits the read from keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_KEYSLOT_CIPHER, '\0', POPT_ARG_STRING, N_("LUKS2 keyslot: The cipher used for keyslot encryption"), NULL, CRYPT_ARG_STRING, {}, OPT_KEYSLOT_CIPHER_ACTIONS)
+
+ARG(OPT_KEYSLOT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 keyslot: The size of the encryption key"), N_("BITS"), CRYPT_ARG_UINT32, {}, OPT_KEYSLOT_KEY_SIZE_ACTIONS)
+
+ARG(OPT_LABEL, '\0', POPT_ARG_STRING, N_("Set label for the LUKS2 device"), NULL, CRYPT_ARG_STRING, {}, OPT_LABEL_ACTIONS)
+
+ARG(OPT_LUKS2_KEYSLOTS_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 header keyslots area size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS)
+
+ARG(OPT_LUKS2_METADATA_SIZE, '\0', POPT_ARG_STRING, N_("LUKS2 header metadata area size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_LUKS2_METADATA_SIZE_ACTIONS)
+
+ARG(OPT_VOLUME_KEY_FILE, '\0', POPT_ARG_STRING, N_("Use the volume key from file."), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_NEW_KEYFILE, '\0', POPT_ARG_STRING, N_("Read the key for a new slot from a file"), NULL, CRYPT_ARG_STRING, {}, OPT_NEW_KEYFILE_ACTIONS)
+
+ARG(OPT_NEW_KEY_SLOT, '\0', POPT_ARG_STRING, N_("Slot number for new key (default is first free)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_SLOT }, OPT_NEW_KEY_SLOT_ACTIONS)
+
+ARG(OPT_NEW_KEYFILE_OFFSET , '\0', POPT_ARG_STRING, N_("Number of bytes to skip in newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_NEW_KEYFILE_SIZE, '\0', POPT_ARG_STRING, N_("Limits the read from newly added keyfile"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_NEW_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, OPT_NEW_TOKEN_ID_ACTIONS)
+
+ARG(OPT_OFFSET, 'o', POPT_ARG_STRING, N_("The start offset in the backend device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_OFFSET_ACTIONS)
+
+ARG(OPT_PBKDF, '\0', POPT_ARG_STRING, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL, CRYPT_ARG_STRING, {}, OPT_PBKDF_ACTIONS)
+
+ARG(OPT_PBKDF_FORCE_ITERATIONS, '\0', POPT_ARG_STRING, N_("PBKDF iterations cost (forced, disables benchmark)"), "LONG", CRYPT_ARG_UINT32, {}, OPT_PBKDF_FORCE_ITERATIONS_ACTIONS)
+
+ARG(OPT_PBKDF_MEMORY, '\0', POPT_ARG_STRING, N_("PBKDF memory cost limit"), N_("kilobytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_LUKS2_MEMORY_KB }, {})
+
+ARG(OPT_PBKDF_PARALLEL, '\0', POPT_ARG_STRING, N_("PBKDF parallel cost"), N_("threads"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_LUKS2_PARALLEL_THREADS }, {})
+
+ARG(OPT_PERF_NO_READ_WORKQUEUE, '\0', POPT_ARG_NONE, N_("Bypass dm-crypt workqueue and process read requests synchronously"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_PERF_NO_WRITE_WORKQUEUE, '\0', POPT_ARG_NONE, N_("Bypass dm-crypt workqueue and process write requests synchronously"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_PERF_SAME_CPU_CRYPT, '\0', POPT_ARG_NONE, N_("Use dm-crypt same_cpu_crypt performance compatibility option"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_PERF_SUBMIT_FROM_CRYPT_CPUS, '\0', POPT_ARG_NONE, N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_PERSISTENT, '\0', POPT_ARG_NONE, N_("Set activation flags persistent for device"), NULL, CRYPT_ARG_BOOL, {}, OPT_PERSISTENT_ACTIONS)
+
+ARG(OPT_PRIORITY, '\0', POPT_ARG_STRING, N_("Keyslot priority: ignore, normal, prefer"), NULL, CRYPT_ARG_STRING, {}, OPT_PRIORITY_ACTIONS)
+
+ARG(OPT_PROGRESS_JSON, '\0', POPT_ARG_NONE, N_("Print progress data in json format (suitable for machine processing)"), NULL, CRYPT_ARG_BOOL, {}, OPT_PROGRESS_JSON_ACTIONS)
+
+ARG(OPT_PROGRESS_FREQUENCY, '\0', POPT_ARG_STRING, N_("Progress line update (in seconds)"), N_("secs"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_READONLY, 'r', POPT_ARG_NONE, N_("Create a readonly mapping"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_REDUCE_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_REFRESH, '\0', POPT_ARG_NONE, N_("Refresh (reactivate) device with new parameters"), NULL, CRYPT_ARG_BOOL, {}, OPT_REFRESH_ACTIONS)
+
+ARG(OPT_RESILIENCE, '\0', POPT_ARG_STRING, N_("Reencryption hotzone resilience type (checksum,journal,none)"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_RESILIENCE_HASH, '\0', POPT_ARG_STRING, N_("Reencryption hotzone checksums hash"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_RESUME_ONLY, '\0', POPT_ARG_NONE, N_("Resume initialized LUKS2 reencryption only."), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_SECTOR_SIZE, '\0', POPT_ARG_STRING, N_("Encryption sector size (default: 512 bytes)"), "INT", CRYPT_ARG_UINT32, {}, OPT_SECTOR_SIZE_ACTIONS)
+
+ARG(OPT_SERIALIZE_MEMORY_HARD_PBKDF, '\0', POPT_ARG_NONE, N_("Use global lock to serialize memory hard PBKDF (OOM workaround)"), NULL, CRYPT_ARG_BOOL, {}, OPT_SERIALIZE_MEMORY_HARD_PBKDF_ACTIONS)
+
+ARG(OPT_SHARED, '\0', POPT_ARG_NONE, N_("Share device with another non-overlapping crypt segment"), NULL, CRYPT_ARG_BOOL, {}, OPT_SHARED_ACTIONS )
+
+ARG(OPT_SIZE, 'b', POPT_ARG_STRING, N_("The size of the device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_SIZE_ACTIONS)
+
+ARG(OPT_SKIP, 'p', POPT_ARG_STRING, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_SKIP_ACTIONS)
+
+ARG(OPT_SUBSYSTEM, '\0', POPT_ARG_STRING, N_("Set subsystem label for the LUKS2 device"), NULL, CRYPT_ARG_STRING, {}, OPT_SUBSYSTEM_ACTIONS)
+
+ARG(OPT_TCRYPT_BACKUP, '\0', POPT_ARG_NONE, N_("Use backup (secondary) TCRYPT header"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_BACKUP_ACTIONS)
+
+ARG(OPT_TCRYPT_HIDDEN, '\0', POPT_ARG_NONE, N_("Use hidden header (hidden TCRYPT device)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_HIDDEN_ACTIONS)
+
+ARG(OPT_TCRYPT_SYSTEM, '\0', POPT_ARG_NONE, N_("Device is system TCRYPT drive (with bootloader)"), NULL, CRYPT_ARG_BOOL, {}, OPT_TCRYPT_SYSTEM_ACTIONS)
+
+ARG(OPT_TEST_ARGS, '\0', POPT_ARG_NONE, N_("Do not run action, just validate all command line parameters"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_TEST_PASSPHRASE, '\0', POPT_ARG_NONE, N_("Do not activate device, just check passphrase"), NULL, CRYPT_ARG_BOOL, {}, OPT_TEST_PASSPHRASE_ACTIONS)
+
+ARG(OPT_TIMEOUT, 't', POPT_ARG_STRING, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_TOKEN_ID, '\0', POPT_ARG_STRING, N_("Token number (default: any)"), "INT", CRYPT_ARG_INT32, { .i32_value = CRYPT_ANY_TOKEN }, {})
+
+ARG(OPT_TOKEN_ONLY, '\0', POPT_ARG_NONE, N_("Do not ask for passphrase if activation by token fails"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_TOKEN_REPLACE, '\0', POPT_ARG_NONE, N_("Replace the current token"), NULL, CRYPT_ARG_BOOL, {}, OPT_TOKEN_REPLACE_ACTIONS)
+
+ARG(OPT_TOKEN_TYPE, '\0', POPT_ARG_STRING, N_("Restrict allowed token types used to retrieve LUKS2 key"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_TRIES, 'T', POPT_ARG_STRING, N_("How often the input of the passphrase can be retried"), "INT", CRYPT_ARG_UINT32, { .u32_value = 3 }, {})
+
+ARG(OPT_TYPE, 'M', POPT_ARG_STRING, N_("Type of device metadata: luks, luks1, luks2, plain, loopaes, tcrypt, bitlk"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_UNBOUND, '\0', POPT_ARG_NONE, N_("Create or dump unbound LUKS2 keyslot (unassigned to data segment) or LUKS2 token (unassigned to keyslot)"), NULL, CRYPT_ARG_BOOL, {}, OPT_UNBOUND_ACTIONS)
+
+ARG(OPT_USE_RANDOM, '\0', POPT_ARG_NONE, N_("Use /dev/random for generating volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_RANDOM_ACTIONS)
+
+ARG(OPT_USE_URANDOM, '\0', POPT_ARG_NONE, N_("Use /dev/urandom for generating volume key"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_URANDOM_ACTIONS)
+
+ARG(OPT_UUID, '\0', POPT_ARG_STRING, N_("UUID for device to use"), NULL, CRYPT_ARG_STRING, {}, OPT_UUID_ACTIONS)
+
+ARG(OPT_VERACRYPT, '\0', POPT_ARG_NONE, N_("Scan also for VeraCrypt compatible device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_VERACRYPT_PIM, '\0', POPT_ARG_STRING, N_("Personal Iteration Multiplier for VeraCrypt compatible device"), "INT", CRYPT_ARG_UINT32, {}, OPT_VERACRYPT_PIM_ACTIONS)
+
+ARG(OPT_VERACRYPT_QUERY_PIM, '\0', POPT_ARG_NONE, N_("Query Personal Iteration Multiplier for VeraCrypt compatible device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_VERIFY_PASSPHRASE, 'y', POPT_ARG_NONE, N_("Verifies the passphrase by asking for it twice"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+/* added for reencryption */
+
+ARG(OPT_BLOCK_SIZE, 'B', POPT_ARG_STRING, N_("Reencryption block size"), N_("MiB"), CRYPT_ARG_UINT32, { .u32_value = 4 }, {})
+
+ARG(OPT_NEW, 'N', POPT_ARG_NONE, N_("Create new header on not encrypted device"), NULL, CRYPT_ARG_ALIAS, { .o.id = OPT_ENCRYPT_ID }, {})
+
+ARG(OPT_USE_DIRECTIO, '\0', POPT_ARG_NONE, N_("Use direct-io when accessing devices"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_USE_FSYNC, '\0', POPT_ARG_NONE, N_("Use fsync after each block"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_WRITE_LOG, '\0', POPT_ARG_NONE, N_("Update log file after every block"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+/* aliases */
+
+ARG(OPT_DUMP_MASTER_KEY, '\0', POPT_ARG_NONE, N_("Alias for --dump-volume-key"), NULL, CRYPT_ARG_ALIAS, { .o.id = OPT_DUMP_VOLUME_KEY_ID}, {})
+
+ARG(OPT_MASTER_KEY_FILE, '\0', POPT_ARG_STRING, N_("Alias for --dump-volume-key-file"), NULL, CRYPT_ARG_ALIAS, { .o.id = OPT_VOLUME_KEY_FILE_ID}, {})
--- /dev/null
+/*
+ * Command line arguments helpers
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef CRYPTSETUP_ARGS_H
+#define CRYPTSETUP_ARGS_H
+
+#include "utils_arg_names.h"
+#include "utils_arg_macros.h"
+
+#define BITLKDUMP_ACTION "bitlkDump"
+#define BENCHMARK_ACTION "benchmark"
+#define CLOSE_ACTION "close"
+#define CONFIG_ACTION "config"
+#define CONVERT_ACTION "convert"
+#define ERASE_ACTION "erase"
+#define FVAULT2DUMP_ACTION "fvault2Dump"
+#define ISLUKS_ACTION "isLuks"
+#define ADDKEY_ACTION "luksAddKey"
+#define CHANGEKEY_ACTION "luksChangeKey"
+#define CONVERTKEY_ACTION "luksConvertKey"
+#define LUKSDUMP_ACTION "luksDump"
+#define FORMAT_ACTION "luksFormat"
+#define HEADERBACKUP_ACTION "luksHeaderBackup"
+#define HEADERRESTORE_ACTION "luksHeaderRestore"
+#define KILLKEY_ACTION "luksKillSlot"
+#define REMOVEKEY_ACTION "luksRemoveKey"
+#define RESUME_ACTION "luksResume"
+#define SUSPEND_ACTION "luksSuspend"
+#define UUID_ACTION "luksUUID"
+#define OPEN_ACTION "open"
+#define REENCRYPT_ACTION "reencrypt"
+#define REPAIR_ACTION "repair"
+#define RESIZE_ACTION "resize"
+#define STATUS_ACTION "status"
+#define TCRYPTDUMP_ACTION "tcryptDump"
+#define TOKEN_ACTION "token"
+
+/* avoid unshielded commas in ARG() macros later */
+#define OPT_ALIGN_PAYLOAD_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_ALLOW_DISCARDS_ACTIONS { OPEN_ACTION }
+#define OPT_DEFERRED_ACTIONS { CLOSE_ACTION }
+#define OPT_DEVICE_SIZE_ACTIONS { OPEN_ACTION, RESIZE_ACTION, REENCRYPT_ACTION }
+#define OPT_DISABLE_VERACRYPT_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+#define OPT_HOTZONE_SIZE_ACTIONS { REENCRYPT_ACTION }
+#define OPT_FORCE_OFFLINE_REENCRYPT_ACTIONS { REENCRYPT_ACTION }
+#define OPT_INTEGRITY_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_INTEGRITY_NO_WIPE_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_ITER_TIME_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
+#define OPT_IV_LARGE_SECTORS_ACTIONS { OPEN_ACTION }
+#define OPT_KEEP_KEY_ACTIONS { REENCRYPT_ACTION }
+#define OPT_KEY_SIZE_ACTIONS { OPEN_ACTION, BENCHMARK_ACTION, FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION }
+#define OPT_KEY_SLOT_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, CONFIG_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, LUKSDUMP_ACTION, TOKEN_ACTION, RESUME_ACTION }
+#define OPT_KEYSLOT_CIPHER_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION }
+#define OPT_KEYSLOT_KEY_SIZE_ACTIONS OPT_KEYSLOT_CIPHER_ACTIONS
+#define OPT_NEW_KEYFILE_ACTIONS { ADDKEY_ACTION }
+#define OPT_NEW_KEY_SLOT_ACTIONS { ADDKEY_ACTION }
+#define OPT_NEW_TOKEN_ID_ACTIONS { ADDKEY_ACTION }
+#define OPT_LABEL_ACTIONS { CONFIG_ACTION, FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_LUKS2_KEYSLOTS_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION }
+#define OPT_LUKS2_METADATA_SIZE_ACTIONS { REENCRYPT_ACTION, FORMAT_ACTION }
+#define OPT_OFFSET_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, FORMAT_ACTION }
+#define OPT_PBKDF_ACTIONS { BENCHMARK_ACTION, FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
+#define OPT_PBKDF_FORCE_ITERATIONS_ACTIONS { FORMAT_ACTION, ADDKEY_ACTION, CHANGEKEY_ACTION, CONVERTKEY_ACTION, REENCRYPT_ACTION }
+#define OPT_PERSISTENT_ACTIONS { OPEN_ACTION }
+#define OPT_PRIORITY_ACTIONS { CONFIG_ACTION }
+#define OPT_PROGRESS_JSON_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_REFRESH_ACTIONS { OPEN_ACTION }
+#define OPT_SECTOR_SIZE_ACTIONS { OPEN_ACTION, REENCRYPT_ACTION, FORMAT_ACTION }
+#define OPT_SERIALIZE_MEMORY_HARD_PBKDF_ACTIONS { OPEN_ACTION }
+#define OPT_SHARED_ACTIONS { OPEN_ACTION }
+#define OPT_SIZE_ACTIONS { OPEN_ACTION, RESIZE_ACTION }
+#define OPT_SKIP_ACTIONS { OPEN_ACTION }
+#define OPT_SUBSYSTEM_ACTIONS { CONFIG_ACTION, FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_TCRYPT_BACKUP_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+#define OPT_TCRYPT_HIDDEN_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+#define OPT_TCRYPT_SYSTEM_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+#define OPT_TEST_PASSPHRASE_ACTIONS { OPEN_ACTION }
+#define OPT_TOKEN_REPLACE_ACTIONS { TOKEN_ACTION }
+#define OPT_UNBOUND_ACTIONS { ADDKEY_ACTION, LUKSDUMP_ACTION, OPEN_ACTION, TOKEN_ACTION }
+#define OPT_USE_RANDOM_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_USE_URANDOM_ACTIONS { FORMAT_ACTION, REENCRYPT_ACTION }
+#define OPT_UUID_ACTIONS { FORMAT_ACTION, UUID_ACTION, REENCRYPT_ACTION }
+#define OPT_VERACRYPT_PIM_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+#define OPT_VERACRYPT_QUERY_PIM_ACTIONS { OPEN_ACTION, TCRYPTDUMP_ACTION }
+
+enum {
+OPT_UNUSED_ID = 0, /* leave unused due to popt library */
+#define ARG(A, B, C, D, E, F, G, H) A ## _ID,
+#include "cryptsetup_arg_list.h"
+#undef ARG
+};
+
+extern struct tools_arg tool_core_args[];
+
+#endif
/*
* integritysetup - setup integrity protected volumes for dm-integrity
*
- * Copyright (C) 2017-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2017-2021 Milan Broz
+ * Copyright (C) 2017-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2017-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include "cryptsetup.h"
#include <uuid/uuid.h>
-#define PACKAGE_INTEGRITY "integritysetup"
-
#define DEFAULT_ALG_NAME "crc32c"
-static char *opt_data_device = NULL;
-static char *opt_integrity = NULL; /* DEFAULT_ALG_NAME */
-static char *opt_integrity_key_file = NULL;
-static char *opt_journal_integrity = NULL; /* none */
-static char *opt_journal_integrity_key_file = NULL;
-static char *opt_journal_crypt = NULL; /* none */
-static char *opt_journal_crypt_key_file = NULL;
-
-/* helper strings converted to uint64_t later */
-static char *opt_journal_size_str = NULL;
-
-static uint64_t opt_journal_size = 0;
-
-static int opt_interleave_sectors = 0;
-static int opt_journal_watermark = 0;
-static int opt_bitmap_sectors_per_bit = 0;
-static int opt_journal_commit_time = 0;
-static int opt_bitmap_flush_time = 0;
-static int opt_tag_size = 0;
-static int opt_sector_size = 0;
-static int opt_buffer_sectors = 0;
-static int opt_no_wipe = 0;
-static int opt_integrity_key_size = 0;
-static int opt_journal_integrity_key_size = 0;
-static int opt_journal_crypt_key_size = 0;
-static int opt_integrity_nojournal = 0;
-static int opt_integrity_recovery = 0;
-static int opt_integrity_bitmap = 0;
-static int opt_integrity_legacy_padding = 0;
-static int opt_integrity_legacy_hmac = 0;
-static int opt_integrity_legacy_recalculate = 0;
-static int opt_integrity_recalculate = 0;
-static int opt_allow_discards = 0;
-
-static const char *integrity_alg = DEFAULT_ALG_NAME;
+#include "cryptsetup.h"
+#include "integritysetup_args.h"
+
+#define PACKAGE_INTEGRITY "integritysetup"
+
static const char **action_argv;
static int action_argc;
+static struct tools_log_params log_parms;
void tools_cleanup(void)
{
- FREE_AND_NULL(opt_data_device);
- FREE_AND_NULL(opt_integrity);
- FREE_AND_NULL(opt_integrity_key_file);
- FREE_AND_NULL(opt_journal_integrity);
- FREE_AND_NULL(opt_journal_integrity_key_file);
- FREE_AND_NULL(opt_journal_crypt);
- FREE_AND_NULL(opt_journal_crypt_key_file);
- FREE_AND_NULL(opt_journal_size_str);
-}
-
-// FIXME: move this to tools and handle EINTR
-static int _read_mk(const char *file, char **key, int keysize)
-{
- int fd;
-
- if (keysize <= 0 || keysize > (DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024)) {
- log_err(_("Invalid key size. Maximum is %u bytes."), DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024);
- return -EINVAL;
- }
-
- *key = crypt_safe_alloc(keysize);
- if (!*key)
- return -ENOMEM;
-
- fd = open(file, O_RDONLY);
- if (fd == -1) {
- log_err(_("Cannot read keyfile %s."), file);
- goto fail;
- }
- if ((read(fd, *key, keysize) != keysize)) {
- log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
- close(fd);
- goto fail;
- }
- close(fd);
- return 0;
-fail:
- crypt_safe_free(*key);
- *key = NULL;
- return -EINVAL;
+ tools_args_free(tool_core_args, ARRAY_SIZE(tool_core_args));
}
static int _read_keys(char **integrity_key, struct crypt_params_integrity *params)
char *int_key = NULL, *journal_integrity_key = NULL, *journal_crypt_key = NULL;
int r;
- if (integrity_key && opt_integrity_key_file) {
- r = _read_mk(opt_integrity_key_file, &int_key, opt_integrity_key_size);
+ if (integrity_key && ARG_SET(OPT_INTEGRITY_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_INTEGRITY_KEY_FILE_ID), &int_key, ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID));
if (r < 0)
return r;
- params->integrity_key_size = opt_integrity_key_size;
+ params->integrity_key_size = ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID);
}
- if (opt_journal_integrity_key_file) {
- r = _read_mk(opt_journal_integrity_key_file, &journal_integrity_key, opt_journal_integrity_key_size);
+ if (ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID), &journal_integrity_key, ARG_UINT32(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID));
if (r < 0) {
crypt_safe_free(int_key);
return r;
}
params->journal_integrity_key = journal_integrity_key;
- params->journal_integrity_key_size = opt_journal_integrity_key_size;
+ params->journal_integrity_key_size = ARG_UINT32(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID);
}
- if (opt_journal_crypt_key_file) {
- r = _read_mk(opt_journal_crypt_key_file, &journal_crypt_key, opt_journal_crypt_key_size);
+ if (ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_JOURNAL_CRYPT_KEY_FILE_ID), &journal_crypt_key, ARG_UINT32(OPT_JOURNAL_CRYPT_KEY_SIZE_ID));
if (r < 0) {
crypt_safe_free(int_key);
crypt_safe_free(journal_integrity_key);
return r;
}
params->journal_crypt_key = journal_crypt_key;
- params->journal_crypt_key_size = opt_journal_crypt_key_size;
+ params->journal_crypt_key_size = ARG_UINT32(OPT_JOURNAL_CRYPT_KEY_SIZE_ID);
}
if (integrity_key)
{
char tmp_name[64], tmp_path[128], tmp_uuid[40];
uuid_t tmp_uuid_bin;
- int r;
+ int r = -EINVAL;
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nWipe interrupted."),
+ .device = tools_get_device_name(crypt_get_device_name(cd), &backing_file)
+ };
- if (!opt_batch_mode)
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
log_std(_("Wiping device to initialize integrity checksum.\n"
"You can interrupt this by pressing CTRL+c "
"(rest of not wiped device will contain invalid checksum).\n"));
uuid_generate(tmp_uuid_bin);
uuid_unparse(tmp_uuid_bin, tmp_uuid);
if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0)
- return -EINVAL;
+ goto out;
if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0)
- return -EINVAL;
+ goto out;
r = crypt_activate_by_volume_key(cd, tmp_name, integrity_key,
- opt_integrity_key_size, CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL);
+ ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID), CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL);
if (r < 0)
- return r;
+ goto out;
/* Wipe the device */
set_int_handler(0);
r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK,
- 0, &tools_wipe_progress, NULL);
+ 0, &tools_progress, &prog_parms);
if (crypt_deactivate(cd, tmp_name))
log_err(_("Cannot deactivate temporary device %s."), tmp_path);
set_int_block(0);
+out:
+ free(backing_file);
return r;
}
-static int action_format(int arg)
+static int action_format(void)
{
struct crypt_device *cd = NULL;
struct crypt_params_integrity params = {
- .journal_size = opt_journal_size,
- .interleave_sectors = opt_interleave_sectors,
+ .journal_size = ARG_UINT64(OPT_JOURNAL_SIZE_ID),
+ .interleave_sectors = ARG_UINT32(OPT_INTERLEAVE_SECTORS_ID),
/* in bitmap mode we have to overload these values... */
- .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark,
- .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time,
- .buffer_sectors = opt_buffer_sectors,
- .tag_size = opt_tag_size,
- .sector_size = opt_sector_size ?: SECTOR_SIZE,
+ .journal_watermark = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_SECTORS_PER_BIT_ID) : ARG_UINT32(OPT_JOURNAL_WATERMARK_ID),
+ .journal_commit_time = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_FLUSH_TIME_ID) : ARG_UINT32(OPT_JOURNAL_COMMIT_TIME_ID),
+ .buffer_sectors = ARG_UINT32(OPT_BUFFER_SECTORS_ID),
+ .tag_size = ARG_UINT32(OPT_TAG_SIZE_ID),
+ .sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID),
}, params2;
char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
char *integrity_key = NULL, *msg = NULL;
int r;
size_t signatures;
- r = crypt_parse_hash_integrity_mode(integrity_alg, integrity);
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_INTEGRITY_ID), integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
}
params.integrity = integrity;
- if (opt_journal_integrity) {
- r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity);
+ if (ARG_SET(OPT_JOURNAL_INTEGRITY_ID)) {
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_INTEGRITY_ID), journal_integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
params.journal_integrity = journal_integrity;
}
- if (opt_journal_crypt) {
- r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt);
+ if (ARG_SET(OPT_JOURNAL_CRYPT_ID)) {
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_CRYPT_ID), journal_crypt);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
if (r)
goto out;
- r = crypt_init_data_device(&cd, action_argv[0], opt_data_device);
+ r = crypt_init_data_device(&cd, action_argv[0], ARG_STR(OPT_DATA_DEVICE_ID));
if (r < 0)
goto out;
- r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]);
- if (r == -1) {
- r = -ENOMEM;
- goto out;
- }
+ if (!ARG_SET(OPT_BATCH_MODE_ID)) {
+ if (ARG_SET(OPT_DATA_DEVICE_ID) && !ARG_SET(OPT_NO_WIPE_ID))
+ r = asprintf(&msg, _("This will overwrite data on %s and %s irrevocably.\n"
+ "To preserve data device use --no-wipe option (and then activate with --integrity-recalculate)."),
+ action_argv[0], ARG_STR(OPT_DATA_DEVICE_ID));
+ else
+ r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]);
+ if (r == -1) {
+ r = -ENOMEM;
+ goto out;
+ }
- r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
- free(msg);
- if (r < 0)
- goto out;
+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ if (r < 0)
+ goto out;
+ }
- r = tools_detect_signatures(action_argv[0], 0, &signatures);
+ r = tools_detect_signatures(action_argv[0], PRB_FILTER_NONE, &signatures, ARG_SET(OPT_BATCH_MODE_ID));
if (r < 0)
goto out;
/* Signature candidates found */
- if (signatures && ((r = tools_wipe_all_signatures(action_argv[0])) < 0))
+ if (signatures && ((r = tools_wipe_all_signatures(action_argv[0], true, false)) < 0))
goto out;
- if (opt_integrity_legacy_padding)
+ if (ARG_SET(OPT_INTEGRITY_LEGACY_PADDING_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING);
- if (opt_integrity_legacy_hmac)
+ if (ARG_SET(OPT_INTEGRITY_LEGACY_HMAC_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC);
r = crypt_format(cd, CRYPT_INTEGRITY, NULL, NULL, NULL, NULL, 0, ¶ms);
if (r < 0) /* FIXME: call wipe signatures again */
goto out;
- if (!opt_batch_mode && !crypt_get_integrity_info(cd, ¶ms2))
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !crypt_get_integrity_info(cd, ¶ms2))
log_std(_("Formatted with tag size %u, internal integrity %s.\n"),
params2.tag_size, params2.integrity);
- if (!opt_no_wipe)
+ if (!ARG_SET(OPT_NO_WIPE_ID))
r = _wipe_data_device(cd, integrity_key);
out:
crypt_safe_free(integrity_key);
return r;
}
-static int action_open(int arg)
+static int action_resize(void)
+{
+ int r;
+ struct crypt_device *cd = NULL;
+ struct crypt_active_device cad;
+ uint64_t new_dev_size = 0;
+ uint64_t old_dev_size;
+ char path[PATH_MAX];
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nWipe interrupted."),
+ .device = tools_get_device_name(crypt_get_device_name(cd), &backing_file)
+ };
+
+ if (ARG_SET(OPT_DEVICE_SIZE_ID))
+ new_dev_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE;
+ else if (ARG_SET(OPT_SIZE_ID))
+ new_dev_size = ARG_UINT64(OPT_SIZE_ID);
+
+ r = crypt_init_by_name_and_header(&cd, action_argv[0], NULL);
+ if (r)
+ goto out;
+
+ r = crypt_get_active_device(cd, action_argv[0], &cad);
+ if (r)
+ goto out;
+ old_dev_size = cad.size;
+
+ r = snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), action_argv[0]);
+ if (r < 0)
+ goto out;
+ r = crypt_resize(cd, action_argv[0], new_dev_size);
+ if (r)
+ goto out;
+
+ if (!new_dev_size) {
+ r = crypt_get_active_device(cd, action_argv[0], &cad);
+ if (r)
+ goto out;
+ new_dev_size = cad.size;
+ }
+
+ if (new_dev_size > old_dev_size) {
+ if (ARG_SET(OPT_WIPE_ID)) {
+ if (ARG_SET(OPT_BATCH_MODE_ID))
+ log_dbg("Wiping the end of the resized device");
+ else
+ log_std(_("Wiping device to initialize integrity checksum.\n"
+ "You can interrupt this by pressing CTRL+c "
+ "(rest of not wiped device will contain invalid checksum).\n"));
+
+ set_int_handler(0);
+ r = crypt_wipe(cd, path, CRYPT_WIPE_ZERO, old_dev_size * SECTOR_SIZE,
+ (new_dev_size - old_dev_size) * SECTOR_SIZE, DEFAULT_WIPE_BLOCK,
+ 0, &tools_progress, &prog_parms);
+ set_int_block(0);
+ } else {
+ log_dbg("Setting recalculate flag");
+ r = crypt_activate_by_volume_key(cd, action_argv[0], NULL, 0, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_RECALCULATE);
+
+ if (r == -ENOTSUP)
+ log_err(_("Setting recalculate flag is not supported, you may consider using --wipe instead."));
+ }
+ }
+out:
+ if (backing_file)
+ free(backing_file);
+ crypt_free(cd);
+ return r;
+}
+
+static int action_open(void)
{
struct crypt_device *cd = NULL;
struct crypt_params_integrity params = {
/* in bitmap mode we have to overload these values... */
- .journal_watermark = opt_integrity_bitmap ? opt_bitmap_sectors_per_bit : opt_journal_watermark,
- .journal_commit_time = opt_integrity_bitmap ? opt_bitmap_flush_time : opt_journal_commit_time,
- .buffer_sectors = opt_buffer_sectors,
+ .journal_watermark = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_SECTORS_PER_BIT_ID) : ARG_UINT32(OPT_JOURNAL_WATERMARK_ID),
+ .journal_commit_time = ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) ? ARG_UINT32(OPT_BITMAP_FLUSH_TIME_ID) : ARG_UINT32(OPT_JOURNAL_COMMIT_TIME_ID),
+ .buffer_sectors = ARG_UINT32(OPT_BUFFER_SECTORS_ID),
};
uint32_t activate_flags = 0;
char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
char *integrity_key = NULL;
int r;
- r = crypt_parse_hash_integrity_mode(integrity_alg, integrity);
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_INTEGRITY_ID), integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
}
params.integrity = integrity;
- if (opt_journal_integrity) {
- r = crypt_parse_hash_integrity_mode(opt_journal_integrity, journal_integrity);
+ if (ARG_SET(OPT_JOURNAL_INTEGRITY_ID)) {
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_INTEGRITY_ID), journal_integrity);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
params.journal_integrity = journal_integrity;
}
- if (opt_journal_crypt) {
- r = crypt_parse_hash_integrity_mode(opt_journal_crypt, journal_crypt);
+ if (ARG_SET(OPT_JOURNAL_CRYPT_ID)) {
+ r = crypt_parse_hash_integrity_mode(ARG_STR(OPT_JOURNAL_CRYPT_ID), journal_crypt);
if (r < 0) {
log_err(_("No known integrity specification pattern detected."));
return r;
params.journal_crypt = journal_crypt;
}
- if (opt_integrity_nojournal || opt_integrity_bitmap)
+ if (ARG_SET(OPT_INTEGRITY_NO_JOURNAL_ID) || ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL;
- if (opt_integrity_recovery)
+ if (ARG_SET(OPT_INTEGRITY_RECOVERY_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_RECOVERY;
- if (opt_integrity_bitmap)
+ if (ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
activate_flags |= CRYPT_ACTIVATE_NO_JOURNAL_BITMAP;
- if (opt_integrity_recalculate || opt_integrity_legacy_recalculate)
+ if (ARG_SET(OPT_INTEGRITY_RECALCULATE_ID) || ARG_SET(OPT_INTEGRITY_LEGACY_RECALC_ID))
activate_flags |= CRYPT_ACTIVATE_RECALCULATE;
- if (opt_allow_discards)
+
+ if (ARG_SET(OPT_INTEGRITY_RECALCULATE_RESET_ID))
+ activate_flags |= CRYPT_ACTIVATE_RECALCULATE_RESET;
+
+ if (ARG_SET(OPT_ALLOW_DISCARDS_ID))
activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
r = _read_keys(&integrity_key, ¶ms);
if (r)
goto out;
- if ((r = crypt_init_data_device(&cd, action_argv[0], opt_data_device)))
+ if ((r = crypt_init_data_device(&cd, action_argv[0], ARG_STR(OPT_DATA_DEVICE_ID))))
goto out;
r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms);
- if (r)
+ if (r) {
+ log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
goto out;
+ }
- if (opt_integrity_legacy_recalculate)
+ if (ARG_SET(OPT_INTEGRITY_LEGACY_RECALC_ID))
crypt_set_compatibility(cd, CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC);
r = crypt_activate_by_volume_key(cd, action_argv[1], integrity_key,
- opt_integrity_key_size, activate_flags);
+ ARG_UINT32(OPT_INTEGRITY_KEY_SIZE_ID), activate_flags);
out:
crypt_safe_free(integrity_key);
crypt_safe_free(CONST_CAST(void*)params.journal_integrity_key);
return r;
}
-static int action_close(int arg)
+static int action_close(void)
{
struct crypt_device *cd = NULL;
+ crypt_status_info ci;
+ uint32_t flags = 0;
int r;
+ if (ARG_SET(OPT_DEFERRED_ID))
+ flags |= CRYPT_DEACTIVATE_DEFERRED;
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID))
+ flags |= CRYPT_DEACTIVATE_DEFERRED_CANCEL;
+
r = crypt_init_by_name(&cd, action_argv[0]);
if (r == 0)
- r = crypt_deactivate(cd, action_argv[0]);
+ r = crypt_deactivate_by_name(cd, action_argv[0], flags);
+
+ if (!r && ARG_SET(OPT_DEFERRED_ID)) {
+ ci = crypt_status(cd, action_argv[0]);
+ if (ci == CRYPT_ACTIVE || ci == CRYPT_BUSY)
+ log_std(_("Device %s is still active and scheduled for deferred removal.\n"),
+ action_argv[0]);
+ }
crypt_free(cd);
return r;
}
-static int action_status(int arg)
+static int action_status(void)
{
crypt_status_info ci;
struct crypt_active_device cad;
return -EINVAL;
}
-static int action_dump(int arg)
+static int action_dump(void)
{
struct crypt_device *cd = NULL;
struct crypt_params_integrity params = {};
r = crypt_load(cd, CRYPT_INTEGRITY, ¶ms);
if (!r)
crypt_dump(cd);
+ else
+ log_err(_("Device %s is not a valid INTEGRITY device."), action_argv[0]);
crypt_free(cd);
return r;
static struct action_type {
const char *type;
- int (*handler)(int);
+ int (*handler)(void);
int required_action_argc;
const char *arg_desc;
const char *desc;
} action_types[] = {
- { "format", action_format, 1, N_("<integrity_device>"),N_("format device") },
- { "open", action_open, 2, N_("<integrity_device> <name>"),N_("open device as <name>") },
- { "close", action_close, 1, N_("<name>"),N_("close device (remove mapping)") },
- { "status", action_status, 1, N_("<name>"),N_("show active device status") },
- { "dump", action_dump, 1, N_("<integrity_device>"),N_("show on-disk information") },
- { NULL, NULL, 0, NULL, NULL }
+ { FORMAT_ACTION,action_format, 1, N_("<integrity_device>"),N_("format device") },
+ { OPEN_ACTION, action_open, 2, N_("<integrity_device> <name>"),N_("open device as <name>") },
+ { CLOSE_ACTION, action_close, 1, N_("<name>"),N_("close device (remove mapping)") },
+ { STATUS_ACTION,action_status, 1, N_("<name>"),N_("show active device status") },
+ { DUMP_ACTION, action_dump, 1, N_("<integrity_device>"),N_("show on-disk information") },
+ { RESIZE_ACTION,action_resize, 1, N_("<name>"), N_("resize active device") },
+ {}
};
static void help(poptContext popt_context,
struct action_type *action;
if (key->shortName == '?') {
- log_std("%s %s\n", PACKAGE_INTEGRITY, PACKAGE_VERSION);
+ tools_package_version(PACKAGE_INTEGRITY, false);
poptPrintHelp(popt_context, stdout, 0);
log_std(_("\n"
"<action> is one of:\n"));
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
} else if (key->shortName == 'V') {
- log_std("%s %s\n", PACKAGE_INTEGRITY, PACKAGE_VERSION);
+ tools_package_version(PACKAGE_INTEGRITY, false);
tools_cleanup();
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
log_dbg("Running command %s.", action->type);
- r = action->handler(0);
+ r = action->handler();
show_status(r);
return translate_errno(r);
}
+static bool needs_size_conversion(unsigned int arg_id)
+{
+ return (arg_id == OPT_JOURNAL_SIZE_ID || arg_id == OPT_DEVICE_SIZE_ID);
+}
+
+static void basic_options_cb(poptContext popt_context,
+ enum poptCallbackReason reason __attribute__((unused)),
+ struct poptOption *key,
+ const char *arg,
+ void *data __attribute__((unused)))
+{
+ char msg[256];
+
+ tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, needs_size_conversion);
+
+ /* special cases additional handling */
+ switch (key->val) {
+ case OPT_DEBUG_ID:
+ log_parms.debug = true;
+ /* fall through */
+ case OPT_VERBOSE_ID:
+ log_parms.verbose = true;
+ break;
+ case OPT_INTEGRITY_KEY_SIZE_ID:
+ /* fall through */
+ case OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID:
+ /* fall through */
+ case OPT_JOURNAL_CRYPT_KEY_SIZE_ID:
+ if (ARG_UINT32(key->val) > (DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024)) {
+ if (snprintf(msg, sizeof(msg), _("Invalid --%s size. Maximum is %u bytes."),
+ key->longName, DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024) < 0)
+ msg[0] = '\0';
+ usage(popt_context, EXIT_FAILURE, msg,
+ poptGetInvocationName(popt_context));
+ }
+ }
+}
+
int main(int argc, const char **argv)
{
static const char *null_action_argv[] = {NULL};
{ "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL },
POPT_TABLEEND
};
+ static struct poptOption popt_basic_options[] = {
+ { NULL, '\0', POPT_ARG_CALLBACK, basic_options_cb, 0, NULL, NULL },
+#define ARG(A, B, C, D, E, F, G, H) { A, B, C, NULL, A ## _ID, D, E },
+#include "integritysetup_arg_list.h"
+#undef ARG
+ POPT_TABLEEND
+ };
static struct poptOption popt_options[] = {
- { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
- { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
- { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
- { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
- { "progress-frequency", '\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") },
- { "no-wipe", '\0', POPT_ARG_NONE, &opt_no_wipe, 0, N_("Do not wipe device after format"), NULL },
-
- { "data-device", '\0', POPT_ARG_STRING, &opt_data_device, 0, N_("Path to data device (if separated)"), N_("path") },
-
- { "journal-size", 'j', POPT_ARG_STRING,&opt_journal_size_str, 0, N_("Journal size"), N_("bytes") },
- { "interleave-sectors", '\0', POPT_ARG_INT, &opt_interleave_sectors, 0, N_("Interleave sectors"), N_("SECTORS") },
- { "journal-watermark", '\0', POPT_ARG_INT, &opt_journal_watermark, 0, N_("Journal watermark"),N_("percent") },
- { "journal-commit-time",'\0', POPT_ARG_INT, &opt_journal_commit_time,0, N_("Journal commit time"), N_("ms") },
- { "bitmap-sectors-per-bit",'\0', POPT_ARG_INT,&opt_bitmap_sectors_per_bit, 0, N_("Number of 512-byte sectors per bit (bitmap mode)."), NULL },
- { "bitmap-flush-time", '\0', POPT_ARG_INT, &opt_bitmap_flush_time, 0, N_("Bitmap mode flush time"), N_("ms") },
- { "tag-size", 't', POPT_ARG_INT, &opt_tag_size, 0, N_("Tag size (per-sector)"), N_("bytes") },
- { "sector-size", 's', POPT_ARG_INT, &opt_sector_size, 0, N_("Sector size"), N_("bytes") },
- { "buffer-sectors", '\0', POPT_ARG_INT, &opt_buffer_sectors, 0, N_("Buffers size"), N_("SECTORS") },
-
- { "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm"), NULL },
- { "integrity-key-size", '\0', POPT_ARG_INT, &opt_integrity_key_size, 0, N_("The size of the data integrity key"), N_("BITS") },
- { "integrity-key-file", '\0', POPT_ARG_STRING, &opt_integrity_key_file, 0, N_("Read the integrity key from a file"), NULL },
-
- { "journal-integrity", '\0', POPT_ARG_STRING, &opt_journal_integrity, 0, N_("Journal integrity algorithm"), NULL },
- { "journal-integrity-key-size",'\0', POPT_ARG_INT, &opt_journal_integrity_key_size,0, N_("The size of the journal integrity key"), N_("BITS") },
- { "journal-integrity-key-file",'\0', POPT_ARG_STRING, &opt_journal_integrity_key_file,0, N_("Read the journal integrity key from a file"), NULL },
-
- { "journal-crypt", '\0', POPT_ARG_STRING, &opt_journal_crypt, 0, N_("Journal encryption algorithm"), NULL },
- { "journal-crypt-key-size", '\0', POPT_ARG_INT, &opt_journal_crypt_key_size, 0, N_("The size of the journal encryption key"), N_("BITS") },
- { "journal-crypt-key-file", '\0', POPT_ARG_STRING, &opt_journal_crypt_key_file, 0, N_("Read the journal encryption key from a file"), NULL },
-
- { "integrity-no-journal", 'D', POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL },
- { "integrity-recovery-mode", 'R', POPT_ARG_NONE, &opt_integrity_recovery, 0, N_("Recovery mode (no journal, no tag checking)"), NULL },
- { "integrity-bitmap-mode", 'B', POPT_ARG_NONE, &opt_integrity_bitmap, 0, N_("Use bitmap to track changes and disable journal for integrity device"), NULL },
- { "integrity-recalculate", '\0', POPT_ARG_NONE, &opt_integrity_recalculate, 0, N_("Recalculate initial tags automatically."), NULL },
- { "integrity-legacy-padding", '\0', POPT_ARG_NONE, &opt_integrity_legacy_padding, 0, N_("Use inefficient legacy padding (old kernels)"), NULL },
-
- { "integrity-legacy-hmac", '\0', POPT_ARG_NONE, &opt_integrity_legacy_hmac, 0, N_("Do not protect superblock with HMAC (old kernels)"), NULL },
- { "integrity-legacy-recalculate",'\0',POPT_ARG_NONE, &opt_integrity_legacy_recalculate, 0, N_("Allow recalculating of volumes with HMAC keys (old kernels)"), NULL },
-
- { "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device"), NULL },
+ { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
+ { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_basic_options, 0, NULL, NULL },
POPT_TABLEEND
};
poptContext popt_context;
const char *aname;
int r;
- crypt_set_log_callback(NULL, tool_log, NULL);
+ crypt_set_log_callback(NULL, tool_log, &log_parms);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
aname = "close";
}
- if (opt_integrity)
- integrity_alg = opt_integrity;
-
for (action = action_types; action->type; action++)
if (strcmp(action->type, aname) == 0)
break;
if (action_argc < action->required_action_argc) {
char buf[128];
- snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
+ if (snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc) < 0)
+ buf[0] ='\0';
usage(popt_context, EXIT_FAILURE, buf,
poptGetInvocationName(popt_context));
}
- if (opt_integrity_recalculate && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --integrity-recalculate can be used only for open action."),
- poptGetInvocationName(popt_context));
+ tools_check_args(action->type, tool_core_args, ARRAY_SIZE(tool_core_args), popt_context);
- if (opt_allow_discards && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --allow-discards is allowed only for open operation."),
- poptGetInvocationName(popt_context));
-
- if (opt_interleave_sectors < 0 || opt_journal_watermark < 0 ||
- opt_journal_commit_time < 0 || opt_tag_size < 0 ||
- opt_sector_size < 0 || opt_buffer_sectors < 0 ||
- opt_integrity_key_size < 0 || opt_journal_integrity_key_size < 0 ||
- opt_journal_crypt_key_size < 0 || opt_bitmap_flush_time < 0 || opt_bitmap_sectors_per_bit < 0)
- usage(popt_context, EXIT_FAILURE,
- _("Negative number for option not permitted."),
- poptGetInvocationName(popt_context));
-
- if (strcmp(aname, "format") && (opt_journal_size_str || opt_interleave_sectors ||
- opt_sector_size || opt_tag_size || opt_no_wipe ))
- usage(popt_context, EXIT_FAILURE,
- _("Options --journal-size, --interleave-sectors, --sector-size, --tag-size"
- " and --no-wipe can be used only for format action."),
- poptGetInvocationName(popt_context));
-
- if (opt_journal_size_str &&
- tools_string_to_size(NULL, opt_journal_size_str, &opt_journal_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid journal size specification."),
- poptGetInvocationName(popt_context));
-
- if ((opt_integrity_key_file && !opt_integrity_key_size) ||
- (!opt_integrity_key_file && opt_integrity_key_size))
+ if (ARG_SET(OPT_INTEGRITY_KEY_FILE_ID) != ARG_SET(OPT_INTEGRITY_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both key file and key size options must be specified."),
poptGetInvocationName(popt_context));
- if ((opt_journal_integrity_key_file && !opt_journal_integrity_key_size) ||
- (!opt_journal_integrity_key_file && opt_journal_integrity_key_size))
+ if (ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID) != ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both journal integrity key file and key size options must be specified."),
poptGetInvocationName(popt_context));
- if (!opt_journal_integrity && opt_journal_integrity_key_file)
+ if (!ARG_SET(OPT_JOURNAL_INTEGRITY_ID) && ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID))
usage(popt_context, EXIT_FAILURE, _("Journal integrity algorithm must be specified if journal integrity key is used."),
poptGetInvocationName(popt_context));
- if ((opt_journal_crypt_key_file && !opt_journal_crypt_key_size) ||
- (!opt_journal_crypt_key_file && opt_journal_crypt_key_size))
+ if (ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID) != ARG_SET(OPT_JOURNAL_CRYPT_KEY_SIZE_ID))
usage(popt_context, EXIT_FAILURE, _("Both journal encryption key file and key size options must be specified."),
poptGetInvocationName(popt_context));
- if (!opt_journal_crypt && opt_journal_crypt_key_file)
+ if (!ARG_SET(OPT_JOURNAL_CRYPT_ID) && ARG_SET(OPT_JOURNAL_CRYPT_KEY_FILE_ID))
usage(popt_context, EXIT_FAILURE, _("Journal encryption algorithm must be specified if journal encryption key is used."),
poptGetInvocationName(popt_context));
- if (opt_integrity_recovery && opt_integrity_bitmap)
+ if (ARG_SET(OPT_INTEGRITY_RECOVERY_MODE_ID) && ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID))
usage(popt_context, EXIT_FAILURE, _("Recovery and bitmap mode options are mutually exclusive."),
poptGetInvocationName(popt_context));
- if (opt_integrity_bitmap && (opt_journal_integrity_key_file || opt_journal_crypt || opt_journal_watermark || opt_journal_commit_time))
+ if (ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) &&
+ (ARG_SET(OPT_JOURNAL_INTEGRITY_KEY_FILE_ID) ||
+ ARG_SET(OPT_JOURNAL_CRYPT_ID) || ARG_SET(OPT_JOURNAL_WATERMARK_ID) ||
+ ARG_SET(OPT_JOURNAL_COMMIT_TIME_ID)))
usage(popt_context, EXIT_FAILURE, _("Journal options cannot be used in bitmap mode."),
poptGetInvocationName(popt_context));
- if (!opt_integrity_bitmap && (opt_bitmap_flush_time || opt_bitmap_sectors_per_bit))
+ if (!ARG_SET(OPT_INTEGRITY_BITMAP_MODE_ID) &&
+ (ARG_SET(OPT_BITMAP_FLUSH_TIME_ID) || ARG_SET(OPT_BITMAP_SECTORS_PER_BIT_ID)))
usage(popt_context, EXIT_FAILURE, _("Bitmap options can be used only in bitmap mode."),
poptGetInvocationName(popt_context));
- if (opt_debug) {
- opt_verbose = 1;
- crypt_set_debug_level(-1);
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID) && ARG_SET(OPT_DEFERRED_ID))
+ usage(popt_context, EXIT_FAILURE,
+ _("Options --cancel-deferred and --deferred cannot be used at the same time."),
+ poptGetInvocationName(popt_context));
+
+ if (ARG_SET(OPT_DEBUG_ID)) {
+ crypt_set_debug_level(CRYPT_DEBUG_ALL);
dbg_version_and_cmd(argc, argv);
}
--- /dev/null
+/*
+ * Integritysetup command line arguments list
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* long name, short name, popt type, help description, units, internal argument type, default value */
+
+ARG(OPT_ALLOW_DISCARDS, '\0', POPT_ARG_NONE, N_("Allow discards (aka TRIM) requests for device"), NULL, CRYPT_ARG_BOOL, {}, OPT_ALLOW_DISCARDS_ACTIONS)
+
+ARG(OPT_BATCH_MODE, 'q', POPT_ARG_NONE, N_("Do not ask for confirmation"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_BUFFER_SECTORS, '\0', POPT_ARG_STRING, N_("Buffers size"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_BITMAP_FLUSH_TIME, '\0', POPT_ARG_STRING, N_("Bitmap mode flush time"), N_("ms"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_BITMAP_SECTORS_PER_BIT, '\0', POPT_ARG_STRING, N_("Number of 512-byte sectors per bit (bitmap mode)."), "INT", CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_CANCEL_DEFERRED, '\0', POPT_ARG_NONE, N_("Cancel a previously set deferred device removal"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_DATA_DEVICE, '\0', POPT_ARG_STRING, N_("Path to data device (if separated)"), N_("path"), CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DEFERRED, '\0', POPT_ARG_NONE, N_("Device removal is deferred until the last user closes it"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_INTEGRITY, 'I', POPT_ARG_STRING, N_("Data integrity algorithm"), NULL, CRYPT_ARG_STRING, { .str_value = CONST_CAST(void *)DEFAULT_ALG_NAME }, {})
+
+ARG(OPT_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the data integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_INTEGRITY_LEGACY_PADDING, '\0', POPT_ARG_NONE, N_("Use inefficient legacy padding (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY_LEGACY_HMAC, '\0', POPT_ARG_NONE, N_("Do not protect superblock with HMAC (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY_LEGACY_RECALC, '\0', POPT_ARG_NONE, N_("Allow recalculating of volumes with HMAC keys (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS)
+
+ARG(OPT_INTEGRITY_NO_JOURNAL, 'D', POPT_ARG_NONE, N_("Disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTERLEAVE_SECTORS, '\0', POPT_ARG_STRING, N_("Interleave sectors"), N_("SECTORS"), CRYPT_ARG_UINT32, {}, OPT_INTERLEAVE_SECTORS_ACTIONS)
+
+ARG(OPT_JOURNAL_COMMIT_TIME, '\0', POPT_ARG_STRING, N_("Journal commit time"), N_("ms"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_JOURNAL_INTEGRITY, '\0', POPT_ARG_STRING, N_("Journal integrity algorithm"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_JOURNAL_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_JOURNAL_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_JOURNAL_CRYPT, '\0', POPT_ARG_STRING, N_("Journal encryption algorithm"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_JOURNAL_CRYPT_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal encryption key from a file"), NULL, CRYPT_ARG_STRING,{}, {})
+
+ARG(OPT_JOURNAL_CRYPT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal encryption key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_JOURNAL_SIZE, 'j', POPT_ARG_STRING, N_("Journal size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_JOURNAL_SIZE_ACTIONS)
+
+ARG(OPT_JOURNAL_WATERMARK, '\0', POPT_ARG_STRING, N_("Journal watermark"), N_("percent"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_NO_WIPE, '\0', POPT_ARG_NONE, N_("Do not wipe device after format"), NULL, CRYPT_ARG_BOOL, {}, OPT_NO_WIPE_ACTIONS)
+
+ARG(OPT_WIPE, '\0', POPT_ARG_NONE, N_("Wipe the end of the device after resize"), NULL, CRYPT_ARG_BOOL, {}, OPT_WIPE_ACTIONS)
+
+ARG(OPT_PROGRESS_FREQUENCY, '\0', POPT_ARG_STRING, N_("Progress line update (in seconds)"), N_("secs"), CRYPT_ARG_UINT32, {}, {})
+
+ARG(OPT_PROGRESS_JSON, '\0', POPT_ARG_NONE, N_("Print wipe progress data in json format (suitable for machine processing)"), NULL, CRYPT_ARG_BOOL, {}, OPT_PROGRESS_JSON_ACTIONS)
+
+ARG(OPT_INTEGRITY_BITMAP_MODE, 'B', POPT_ARG_NONE, N_("Use bitmap to track changes and disable journal for integrity device"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_INTEGRITY_RECALCULATE, '\0', POPT_ARG_NONE, N_("Recalculate initial tags automatically."), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS)
+
+ARG(OPT_INTEGRITY_RECALCULATE_RESET, '\0', POPT_ARG_NONE, N_("Reset automatic recalculate position."), NULL, CRYPT_ARG_BOOL, {}, OPT_INTEGRITY_RECALCULATE_ACTIONS)
+
+ARG(OPT_INTEGRITY_RECOVERY_MODE, 'R', POPT_ARG_NONE, N_("Recovery mode (no journal, no tag checking)"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_SECTOR_SIZE, 's', POPT_ARG_STRING, N_("Sector size"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = 512 }, OPT_SECTOR_SIZE_ACTIONS)
+
+ARG(OPT_TAG_SIZE, 't', POPT_ARG_STRING, N_("Tag size (per-sector)"), N_("bytes"), CRYPT_ARG_UINT32, {}, OPT_TAG_SIZE_ACTIONS)
+
+ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DEVICE_SIZE, '\0', POPT_ARG_STRING, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_DEVICE_SIZE_ACTIONS)
+
+ARG(OPT_SIZE, 'b', POPT_ARG_STRING, N_("The size of the device"), N_("SECTORS"), CRYPT_ARG_UINT64, {}, OPT_SIZE_ACTIONS)
--- /dev/null
+/*
+ * Command line arguments helpers
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef INTEGRITYSETUP_ARGS_H
+#define INTEGRITYSETUP_ARGS_H
+
+#include "utils_arg_names.h"
+#include "utils_arg_macros.h"
+
+#define FORMAT_ACTION "format"
+#define OPEN_ACTION "open"
+#define CLOSE_ACTION "close"
+#define STATUS_ACTION "status"
+#define DUMP_ACTION "dump"
+#define RESIZE_ACTION "resize"
+
+#define OPT_ALLOW_DISCARDS_ACTIONS { OPEN_ACTION }
+#define OPT_DEFERRED_ACTIONS { CLOSE_ACTION }
+#define OPT_INTEGRITY_RECALCULATE_ACTIONS { OPEN_ACTION }
+#define OPT_JOURNAL_SIZE_ACTIONS { FORMAT_ACTION }
+#define OPT_NO_WIPE_ACTIONS { FORMAT_ACTION }
+#define OPT_INTERLEAVE_SECTORS_ACTIONS { FORMAT_ACTION }
+#define OPT_PROGRESS_JSON_ACTIONS { FORMAT_ACTION, RESIZE_ACTION }
+#define OPT_SECTOR_SIZE_ACTIONS { FORMAT_ACTION }
+#define OPT_TAG_SIZE_ACTIONS { FORMAT_ACTION }
+#define OPT_DEVICE_SIZE_ACTIONS { RESIZE_ACTION }
+#define OPT_SIZE_ACTIONS { RESIZE_ACTION }
+#define OPT_WIPE_ACTIONS { RESIZE_ACTION }
+
+enum {
+OPT_UNUSED_ID = 0,
+#define ARG(A, B, C, D, E, F, G, H) A ## _ID,
+#include "integritysetup_arg_list.h"
+#undef ARG
+};
+
+static struct tools_arg tool_core_args[] = { { NULL, false, CRYPT_ARG_BOOL }, // UNUSED
+#define ARG(A, B, C, D, E, F, G, H) { A, false, F, G, H },
+#include "integritysetup_arg_list.h"
+#undef ARG
+};
+
+#endif
--- /dev/null
+/*
+ * Command line arguments parsing helpers
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef UTILS_ARG_MACROS_H
+#define UTILS_ARG_MACROS_H
+
+#include <assert.h>
+
+#define ARG_SET(X) !!tool_core_args[(X)].set
+
+#define ARG_STR(X) ({ \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_STRING); \
+ tool_core_args[(X)].u.str_value; \
+})
+
+#define ARG_INT32(X) ({ \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_INT32); \
+ tool_core_args[(X)].u.i32_value; \
+})
+
+#define ARG_UINT32(X) ({ \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_UINT32); \
+ tool_core_args[(X)].u.u32_value; \
+})
+
+#define ARG_INT64(X) ({ \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_INT64); \
+ tool_core_args[(X)].u.i64_value; \
+})
+
+#define ARG_UINT64(X) ({ \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_UINT64); \
+ tool_core_args[(X)].u.u64_value; \
+})
+
+#define ARG_SET_TRUE(X) do { \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+#define ARG_SET_STR(X, Y) \
+do { \
+ char *str; \
+ assert(tool_core_args[(X)].set == false && tool_core_args[(X)].type == CRYPT_ARG_STRING); \
+ str = (Y); \
+ assert(str != NULL); \
+ tool_core_args[(X)].u.str_value = str; \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+#define ARG_SET_INT32(X, Y) \
+do { \
+ assert(tool_core_args[(X)].set == false && tool_core_args[(X)].type == CRYPT_ARG_INT32); \
+ tool_core_args[(X)].u.i32_value = (Y); \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+#define ARG_SET_UINT32(X, Y) \
+do { \
+ assert(tool_core_args[(X)].set == false && tool_core_args[(X)].type == CRYPT_ARG_UINT32); \
+ tool_core_args[(X)].u.u32_value = (Y); \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+#define ARG_SET_INT64(X, Y) \
+do { \
+ assert(tool_core_args[(X)].set == false && tool_core_args[(X)].type == CRYPT_ARG_INT64); \
+ tool_core_args[(X)].u.i64_value = (Y); \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+#define ARG_SET_UINT64(X, Y) \
+do { \
+ assert(tool_core_args[(X)].set == false && tool_core_args[(X)].type == CRYPT_ARG_UINT64); \
+ tool_core_args[(X)].u.u64_value = (Y); \
+ tool_core_args[(X)].set = true; \
+} while (0)
+
+
+#define ARG_INIT_ALIAS(X) \
+do { \
+ assert(tool_core_args[(X)].type == CRYPT_ARG_ALIAS); \
+ tool_core_args[(X)].u.o.ptr = &tool_core_args[tool_core_args[(X)].u.o.id]; \
+} while (0)
+
+#endif
--- /dev/null
+/*
+ * Command line arguments name list
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef UTILS_ARG_NAMES_H
+#define UTILS_ARG_NAMES_H
+
+#define OPT_ACTIVE_NAME "active-name"
+#define OPT_ALIGN_PAYLOAD "align-payload"
+#define OPT_ALLOW_DISCARDS "allow-discards"
+#define OPT_BATCH_MODE "batch-mode"
+#define OPT_BITMAP_FLUSH_TIME "bitmap-flush-time"
+#define OPT_BITMAP_SECTORS_PER_BIT "bitmap-sectors-per-bit"
+#define OPT_BLOCK_SIZE "block-size"
+#define OPT_BUFFER_SECTORS "buffer-sectors"
+#define OPT_CANCEL_DEFERRED "cancel-deferred"
+#define OPT_CHECK_AT_MOST_ONCE "check-at-most-once"
+#define OPT_CIPHER "cipher"
+#define OPT_DATA_BLOCK_SIZE "data-block-size"
+#define OPT_DATA_BLOCKS "data-blocks"
+#define OPT_DATA_DEVICE "data-device"
+#define OPT_DEBUG "debug"
+#define OPT_DEBUG_JSON "debug-json"
+#define OPT_DEFERRED "deferred"
+#define OPT_DEVICE_SIZE "device-size"
+#define OPT_DECRYPT "decrypt"
+#define OPT_DISABLE_EXTERNAL_TOKENS "disable-external-tokens"
+#define OPT_DISABLE_KEYRING "disable-keyring"
+#define OPT_DISABLE_LOCKS "disable-locks"
+#define OPT_DISABLE_VERACRYPT "disable-veracrypt"
+#define OPT_DUMP_JSON "dump-json-metadata"
+#define OPT_DUMP_MASTER_KEY "dump-master-key"
+#define OPT_DUMP_VOLUME_KEY "dump-volume-key"
+#define OPT_ENCRYPT "encrypt"
+#define OPT_FEC_DEVICE "fec-device"
+#define OPT_FEC_OFFSET "fec-offset"
+#define OPT_FEC_ROOTS "fec-roots"
+#define OPT_FORCE_PASSWORD "force-password"
+#define OPT_FORCE_OFFLINE_REENCRYPT "force-offline-reencrypt"
+#define OPT_FORMAT "format"
+#define OPT_HASH "hash"
+#define OPT_HASH_BLOCK_SIZE "hash-block-size"
+#define OPT_HASH_OFFSET "hash-offset"
+#define OPT_HEADER "header"
+#define OPT_HEADER_BACKUP_FILE "header-backup-file"
+#define OPT_HOTZONE_SIZE "hotzone-size"
+#define OPT_IGNORE_CORRUPTION "ignore-corruption"
+#define OPT_IGNORE_ZERO_BLOCKS "ignore-zero-blocks"
+#define OPT_INIT_ONLY "init-only"
+#define OPT_INTEGRITY "integrity"
+#define OPT_INTEGRITY_BITMAP_MODE "integrity-bitmap-mode"
+#define OPT_INTEGRITY_KEY_FILE "integrity-key-file"
+#define OPT_INTEGRITY_KEY_SIZE "integrity-key-size"
+#define OPT_INTEGRITY_LEGACY_PADDING "integrity-legacy-padding"
+#define OPT_INTEGRITY_LEGACY_HMAC "integrity-legacy-hmac"
+#define OPT_INTEGRITY_LEGACY_RECALC "integrity-legacy-recalculate"
+#define OPT_INTEGRITY_NO_JOURNAL "integrity-no-journal"
+#define OPT_INTEGRITY_NO_WIPE "integrity-no-wipe"
+#define OPT_INTEGRITY_RECALCULATE "integrity-recalculate"
+#define OPT_INTEGRITY_RECALCULATE_RESET "integrity-recalculate-reset"
+#define OPT_INTEGRITY_RECOVERY_MODE "integrity-recovery-mode"
+#define OPT_INTERLEAVE_SECTORS "interleave-sectors"
+#define OPT_ITER_TIME "iter-time"
+#define OPT_IV_LARGE_SECTORS "iv-large-sectors"
+#define OPT_JSON_FILE "json-file"
+#define OPT_JOURNAL_COMMIT_TIME "journal-commit-time"
+#define OPT_JOURNAL_CRYPT "journal-crypt"
+#define OPT_JOURNAL_CRYPT_KEY_FILE "journal-crypt-key-file"
+#define OPT_JOURNAL_CRYPT_KEY_SIZE "journal-crypt-key-size"
+#define OPT_JOURNAL_INTEGRITY "journal-integrity"
+#define OPT_JOURNAL_INTEGRITY_KEY_FILE "journal-integrity-key-file"
+#define OPT_JOURNAL_INTEGRITY_KEY_SIZE "journal-integrity-key-size"
+#define OPT_JOURNAL_SIZE "journal-size"
+#define OPT_JOURNAL_WATERMARK "journal-watermark"
+#define OPT_KEEP_KEY "keep-key"
+#define OPT_KEY_DESCRIPTION "key-description"
+#define OPT_KEY_FILE "key-file"
+#define OPT_KEY_SIZE "key-size"
+#define OPT_KEY_SLOT "key-slot"
+#define OPT_KEYFILE_OFFSET "keyfile-offset"
+#define OPT_KEYFILE_SIZE "keyfile-size"
+#define OPT_KEYSLOT_CIPHER "keyslot-cipher"
+#define OPT_KEYSLOT_KEY_SIZE "keyslot-key-size"
+#define OPT_NO_SUPERBLOCK "no-superblock"
+#define OPT_NO_WIPE "no-wipe"
+#define OPT_WIPE "wipe"
+#define OPT_LABEL "label"
+#define OPT_LUKS2_KEYSLOTS_SIZE "luks2-keyslots-size"
+#define OPT_LUKS2_METADATA_SIZE "luks2-metadata-size"
+#define OPT_MASTER_KEY_FILE "master-key-file"
+#define OPT_VOLUME_KEY_FILE "volume-key-file"
+#define OPT_NEW "new"
+#define OPT_NEW_KEY_SLOT "new-key-slot"
+#define OPT_NEW_KEYFILE "new-keyfile"
+#define OPT_NEW_KEYFILE_OFFSET "new-keyfile-offset"
+#define OPT_NEW_KEYFILE_SIZE "new-keyfile-size"
+#define OPT_NEW_TOKEN_ID "new-token-id"
+#define OPT_OFFSET "offset"
+#define OPT_PANIC_ON_CORRUPTION "panic-on-corruption"
+#define OPT_PBKDF "pbkdf"
+#define OPT_PBKDF_FORCE_ITERATIONS "pbkdf-force-iterations"
+#define OPT_PBKDF_MEMORY "pbkdf-memory"
+#define OPT_PBKDF_PARALLEL "pbkdf-parallel"
+#define OPT_PERF_NO_READ_WORKQUEUE "perf-no_read_workqueue"
+#define OPT_PERF_NO_WRITE_WORKQUEUE "perf-no_write_workqueue"
+#define OPT_PERF_SAME_CPU_CRYPT "perf-same_cpu_crypt"
+#define OPT_PERF_SUBMIT_FROM_CRYPT_CPUS "perf-submit_from_crypt_cpus"
+#define OPT_PERSISTENT "persistent"
+#define OPT_PLUGIN "plugin"
+#define OPT_PRIORITY "priority"
+#define OPT_PROGRESS_JSON "progress-json"
+#define OPT_PROGRESS_FREQUENCY "progress-frequency"
+#define OPT_READONLY "readonly"
+#define OPT_REDUCE_DEVICE_SIZE "reduce-device-size"
+#define OPT_REFRESH "refresh"
+#define OPT_RESILIENCE "resilience"
+#define OPT_RESILIENCE_HASH "resilience-hash"
+#define OPT_RESTART_ON_CORRUPTION "restart-on-corruption"
+#define OPT_RESUME_ONLY "resume-only"
+#define OPT_ROOT_HASH_FILE "root-hash-file"
+#define OPT_ROOT_HASH_SIGNATURE "root-hash-signature"
+#define OPT_SALT "salt"
+#define OPT_SECTOR_SIZE "sector-size"
+#define OPT_SERIALIZE_MEMORY_HARD_PBKDF "serialize-memory-hard-pbkdf"
+#define OPT_SHARED "shared"
+#define OPT_SIZE "size"
+#define OPT_SKIP "skip"
+#define OPT_SUBSYSTEM "subsystem"
+#define OPT_TAG_SIZE "tag-size"
+#define OPT_TCRYPT_BACKUP "tcrypt-backup"
+#define OPT_TCRYPT_HIDDEN "tcrypt-hidden"
+#define OPT_TCRYPT_SYSTEM "tcrypt-system"
+#define OPT_TEST_ARGS "test-args"
+#define OPT_TEST_PASSPHRASE "test-passphrase"
+#define OPT_TIMEOUT "timeout"
+#define OPT_TOKEN_ID "token-id"
+#define OPT_TOKEN_ONLY "token-only"
+#define OPT_TOKEN_REPLACE "token-replace"
+#define OPT_TOKEN_TYPE "token-type"
+#define OPT_TRIES "tries"
+#define OPT_TYPE "type"
+#define OPT_UNBOUND "unbound"
+#define OPT_USE_DIRECTIO "use-directio"
+#define OPT_USE_FSYNC "use-fsync"
+#define OPT_USE_RANDOM "use-random"
+#define OPT_USE_URANDOM "use-urandom"
+#define OPT_USE_TASKLETS "use-tasklets"
+#define OPT_UUID "uuid"
+#define OPT_VERACRYPT "veracrypt"
+#define OPT_VERACRYPT_PIM "veracrypt-pim"
+#define OPT_VERACRYPT_QUERY_PIM "veracrypt-query-pim"
+#define OPT_VERBOSE "verbose"
+#define OPT_VERIFY_PASSPHRASE "verify-passphrase"
+#define OPT_WRITE_LOG "write-log"
+
+#endif
--- /dev/null
+/*
+ * Command line arguments parsing helpers
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "cryptsetup.h"
+
+void tools_parse_arg_value(poptContext popt_context, crypt_arg_type_info type, struct tools_arg *arg, const char *popt_arg, int popt_val, bool(*needs_size_conv_fn)(unsigned arg_id))
+{
+ char *end, msg[128];
+ long long int ll;
+ long long unsigned int ull;
+
+ errno = 0;
+
+ switch (type) {
+ case CRYPT_ARG_BOOL:
+ break;
+ case CRYPT_ARG_STRING:
+ if (arg->set)
+ free(arg->u.str_value);
+ arg->u.str_value = poptGetOptArg(popt_context);
+ break;
+ case CRYPT_ARG_INT32:
+ ll = strtoll(popt_arg, &end, 10);
+ if (*end || !*popt_arg || ll > INT32_MAX || ll < INT32_MIN || errno == ERANGE)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ arg->u.i32_value = (int32_t)ll;
+ break;
+ case CRYPT_ARG_UINT32:
+ ull = strtoull(popt_arg, &end, 10);
+ if (*end || !*popt_arg || ull > UINT32_MAX || errno == ERANGE)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ arg->u.u32_value = (uint32_t)ull;
+ break;
+ case CRYPT_ARG_INT64:
+ ll = strtoll(popt_arg, &end, 10);
+ if (*end || !*popt_arg || errno == ERANGE)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ arg->u.i64_value = ll;
+ break;
+ case CRYPT_ARG_UINT64:
+ /* special size strings with units converted to integers */
+ if (needs_size_conv_fn && needs_size_conv_fn(popt_val)) {
+ if (tools_string_to_size(popt_arg, &arg->u.u64_value)) {
+ if (snprintf(msg, sizeof(msg), _("Invalid size specification in parameter --%s."), arg->name) < 0)
+ msg[0] = '\0';
+ usage(popt_context, EXIT_FAILURE, msg,
+ poptGetInvocationName(popt_context));
+ }
+ } else {
+ ull = strtoull(popt_arg, &end, 10);
+ if (*end || !*popt_arg || errno == ERANGE)
+ usage(popt_context, EXIT_FAILURE, poptStrerror(POPT_ERROR_BADNUMBER),
+ poptGetInvocationName(popt_context));
+ arg->u.u64_value = ull;
+ }
+ break;
+ case CRYPT_ARG_ALIAS:
+ tools_parse_arg_value(popt_context, arg->u.o.ptr->type, arg->u.o.ptr, popt_arg, arg->u.o.id, needs_size_conv_fn);
+ break;
+ default:
+ /* this signals internal tools coding mistake */
+ abort();
+ }
+
+ arg->set = true;
+}
+
+void tools_args_free(struct tools_arg *args, size_t args_size)
+{
+ size_t i;
+
+ for (i = 0; i < args_size; i++) {
+ if (args[i].set && args[i].type == CRYPT_ARG_STRING)
+ free(args[i].u.str_value);
+ args[i].set = false;
+ }
+}
+
+static bool action_allowed(const char *action, const char * const* list, size_t list_size)
+{
+ size_t i;
+
+ if (!list[0])
+ return true;
+
+ for (i = 0; i < list_size && list[i]; i++) {
+ if (!strcmp(action, list[i]))
+ return true;
+ }
+
+ return false;
+}
+
+void tools_check_args(const char *action, const struct tools_arg *args, size_t args_size, poptContext popt_context)
+{
+ size_t i;
+ char msg[256];
+
+ for (i = 1; i < args_size; i++) {
+ if (args[i].set) {
+ if (action_allowed(action, args[i].actions_array, MAX_ACTIONS)) {
+ continue;
+ } else {
+ if (snprintf(msg, sizeof(msg), _("Option --%s is not allowed with %s action."), args[i].name, action) < 0)
+ msg[0] = '\0';
+ usage(popt_context, EXIT_FAILURE, msg, poptGetInvocationName(popt_context));
+ }
+ }
+ }
+}
/*
* Linux block devices helpers
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2021 Ondrej Kozina
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#endif
#include <uuid/uuid.h>
-#define DM_UUID_LEN 129
-#define DM_BY_ID_PREFIX "dm-uuid-"
-#define DM_BY_ID_PREFIX_LEN 8
-#define DM_UUID_PREFIX "CRYPT-"
-#define DM_UUID_PREFIX_LEN 6
#define UUID_LEN 37 /* 36 + \0, libuuid ... */
static int dm_prepare_uuid(const char *type, const char *uuid, char *buf, size_t buflen)
}
}
- snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s",
- type ?: "", type ? "-" : "",
- uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "");
+ if (snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s",
+ type ?: "", type ? "-" : "",
+ uuid2[0] ? uuid2 : "", uuid2[0] ? "-" : "") < 0)
+ return 0;
return 1;
}
/* return number of holders in general, if matched dm_uuid prefix it's returned via dm_name */
/* negative value is error */
-static int lookup_holder_dm_name(const char *dm_uuid, size_t max_len, dev_t devno, char *dm_name, size_t dm_name_length)
+static int lookup_holder_dm_name(const char *dm_uuid, dev_t devno, char **r_dm_name)
{
struct dirent *entry;
- char dm_subpath[PATH_MAX], data_dev_dir[PATH_MAX], uuid[max_len];
+ char dm_subpath[PATH_MAX], data_dev_dir[PATH_MAX], uuid[DM_UUID_LEN], dm_name[PATH_MAX] = {};
ssize_t s;
struct stat st;
int dmfd, fd, len, r = 0; /* not found */
DIR *dir;
- if (!dm_name || !dm_name_length)
+ if (!r_dm_name)
return -EINVAL;
- *dm_name = '\0';
-
len = snprintf(data_dev_dir, PATH_MAX, "/sys/dev/block/%u:%u/holders", major(devno), minor(devno));
if (len < 0 || len >= PATH_MAX)
return -EINVAL;
}
/* reads binary data */
- s = read_buffer(fd, uuid, max_len - 1);
+ s = read_buffer(fd, uuid, sizeof(uuid) - 1);
close(fd);
uuid[s > 0 ? s : 0] = '\0';
if (!strncmp(uuid, dm_uuid, strlen(dm_uuid)))
}
/* reads binary data */
- s = read_buffer(fd, dm_name, dm_name_length - 1);
+ s = read_buffer(fd, dm_name, sizeof(dm_name));
close(fd);
close(dmfd);
if (s > 1) {
dm_name[s-1] = '\0';
log_dbg("Found dm device %s", dm_name);
+ if (!(*r_dm_name = strdup(dm_name)))
+ return -ENOMEM;
}
}
}
int tools_lookup_crypt_device(struct crypt_device *cd, const char *type,
- const char *data_device_path, char *name, size_t name_length)
+ const char *data_device_path, char **r_name)
{
- int r;
char *c;
struct stat st;
char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX;
if (!S_ISBLK(st.st_mode))
return -ENOTBLK;
- r = lookup_holder_dm_name(dev_uuid + DM_BY_ID_PREFIX_LEN, DM_UUID_LEN,
- st.st_rdev, name, name_length);
+ return lookup_holder_dm_name(dev_uuid + DM_BY_ID_PREFIX_LEN, st.st_rdev, r_name);
+}
+
+static void report_partition(const char *value, const char *device, bool batch_mode)
+{
+ if (batch_mode)
+ log_dbg("Device %s already contains a '%s' partition signature.", device, value);
+ else
+ log_std(_("WARNING: Device %s already contains a '%s' partition signature.\n"), device, value);
+}
+
+static void report_superblock(const char *value, const char *device, bool batch_mode)
+{
+ if (batch_mode)
+ log_dbg("Device %s already contains a '%s' superblock signature.", device, value);
+ else
+ log_std(_("WARNING: Device %s already contains a '%s' superblock signature.\n"), device, value);
+}
+
+int tools_detect_signatures(const char *device, tools_probe_filter_info filter,
+ size_t *count,bool batch_mode)
+{
+ int r;
+ size_t tmp_count;
+ struct blkid_handle *h;
+ blk_probe_status pr;
+
+ if (!count)
+ count = &tmp_count;
+
+ *count = 0;
+
+ if (!blk_supported()) {
+ log_dbg("Blkid support disabled.");
+ return 0;
+ }
+
+ if ((r = blk_init_by_path(&h, device))) {
+ log_err(_("Failed to initialize device signature probes."));
+ return -EINVAL;
+ }
+
+ switch (filter) {
+ case PRB_FILTER_LUKS:
+ if (blk_superblocks_filter_luks(h)) {
+ r = -EINVAL;
+ goto out;
+ }
+ /* fall-through */
+ case PRB_FILTER_NONE:
+ blk_set_chains_for_full_print(h);
+ break;
+ case PRB_ONLY_LUKS:
+ blk_set_chains_for_fast_detection(h);
+ if (blk_superblocks_only_luks(h)) {
+ r = -EINVAL;
+ goto out;
+ }
+ }
+
+ while ((pr = blk_probe(h)) < PRB_EMPTY) {
+ if (blk_is_partition(h))
+ report_partition(blk_get_partition_type(h), device, batch_mode);
+ else if (blk_is_superblock(h))
+ report_superblock(blk_get_superblock_type(h), device, batch_mode);
+ else {
+ log_dbg("Internal tools_detect_signatures() error.");
+ r = -EINVAL;
+ goto out;
+ }
+ (*count)++;
+ }
+
+ if (pr == PRB_FAIL)
+ r = -EINVAL;
+out:
+ blk_free(h);
return r;
}
+
+int tools_wipe_all_signatures(const char *path, bool exclusive, bool only_luks)
+{
+ int fd, flags, r;
+ blk_probe_status pr;
+ struct stat st;
+ struct blkid_handle *h = NULL;
+
+ if (!blk_supported()) {
+ log_dbg("Blkid support disabled.");
+ return 0;
+ }
+
+ if (stat(path, &st)) {
+ log_err(_("Failed to stat device %s."), path);
+ return -EINVAL;
+ }
+
+ flags = O_RDWR;
+ if (S_ISBLK(st.st_mode) && exclusive)
+ flags |= O_EXCL;
+
+ /* better than opening regular file with O_EXCL (undefined) */
+ /* coverity[toctou] */
+ fd = open(path, flags); /* lgtm[cpp/toctou-race-condition] */
+ if (fd < 0) {
+ if (errno == EBUSY)
+ log_err(_("Cannot exclusively open %s, device in use."), path);
+ else
+ log_err(_("Failed to open file %s in read/write mode."), path);
+ return -EINVAL;
+ }
+
+ if ((r = blk_init_by_fd(&h, fd))) {
+ log_err(_("Failed to initialize device signature probes."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ blk_set_chains_for_wipes(h);
+ if (only_luks && (r = blk_superblocks_only_luks(h))) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ while ((pr = blk_probe(h)) < PRB_EMPTY) {
+ if (blk_is_partition(h))
+ log_verbose(_("Existing '%s' partition signature on device %s will be wiped."),
+ blk_get_partition_type(h), path);
+ if (blk_is_superblock(h))
+ log_verbose(_("Existing '%s' superblock signature on device %s will be wiped."),
+ blk_get_superblock_type(h), path);
+ if (blk_do_wipe(h) || fsync(fd)) {
+ log_err(_("Failed to wipe device signature."));
+ r = -EINVAL;
+ goto out;
+ }
+ }
+
+ if (pr != PRB_EMPTY) {
+ log_err(_("Failed to probe device %s for a signature."), path);
+ r = -EINVAL;
+ }
+out:
+ close(fd);
+ blk_free(h);
+ return r;
+}
+
+int tools_superblock_block_size(const char *device, char *sb_name, size_t sb_name_len, unsigned *r_block_size)
+{
+ struct blkid_handle *h;
+ const char *name;
+ int r = 0;
+
+ if (!r_block_size || !sb_name || sb_name_len < 1)
+ return -EINVAL;
+
+ if (!blk_supported()) {
+ log_dbg("Blkid support disabled.");
+ return 0;
+ }
+
+ if ((r = blk_init_by_path(&h, device))) {
+ log_err(_("Failed to initialize device signature probes."));
+ return -EINVAL;
+ }
+
+ blk_set_chains_for_superblocks(h);
+
+ switch (blk_probe(h)) {
+ case PRB_OK:
+ *r_block_size = blk_get_block_size(h);
+ if (!*r_block_size) /* same as not-found */
+ break;
+
+ if (!(name = blk_get_superblock_type(h))) {
+ r = -EINVAL;
+ break;
+ }
+
+ /* we don't mind truncating */
+ strncpy(sb_name, name, sb_name_len - 1);
+ sb_name[sb_name_len-1] = '\0';
+
+ log_dbg("Detected superblock %s on device %s (block size: %u).", sb_name, device, *r_block_size);
+ r = 1;
+ /* fall-through */
+ case PRB_EMPTY:
+ break;
+ default:
+ r = -EINVAL;
+ }
+
+ blk_free(h);
+
+ return r;
+}
+
+bool tools_blkid_supported(void)
+{
+ return blk_supported() != 0;
+}
--- /dev/null
+/*
+ * Helper utilities for LUKS2 features
+ *
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Milan Broz
+ * Copyright (C) 2018-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "cryptsetup.h"
+#include "cryptsetup_args.h"
+#include "utils_luks.h"
+
+extern const char *set_pbkdf;
+
+const char *luksType(const char *type)
+{
+ if (type && !strcmp(type, "luks2"))
+ return CRYPT_LUKS2;
+
+ if (type && !strcmp(type, "luks1"))
+ return CRYPT_LUKS1;
+
+ if (type && !strcmp(type, "luks"))
+ return CRYPT_LUKS; /* NULL */
+
+ if (type && *type)
+ return type;
+
+ return CRYPT_LUKS; /* NULL */
+}
+
+bool isLUKS1(const char *type)
+{
+ return type && !strcmp(type, CRYPT_LUKS1);
+}
+
+bool isLUKS2(const char *type)
+{
+ return type && !strcmp(type, CRYPT_LUKS2);
+}
+
+int verify_passphrase(int def)
+{
+ /* Batch mode switch off verify - if not overridden by -y */
+ if (ARG_SET(OPT_VERIFY_PASSPHRASE_ID))
+ def = 1;
+ else if (ARG_SET(OPT_BATCH_MODE_ID))
+ def = 0;
+
+ /* Non-tty input doesn't allow verify */
+ if (def && !isatty(STDIN_FILENO)) {
+ if (ARG_SET(OPT_VERIFY_PASSPHRASE_ID))
+ log_err(_("Can't do passphrase verification on non-tty inputs."));
+ def = 0;
+ }
+
+ return def;
+}
+
+void set_activation_flags(uint32_t *flags)
+{
+ if (ARG_SET(OPT_READONLY_ID))
+ *flags |= CRYPT_ACTIVATE_READONLY;
+
+ if (ARG_SET(OPT_ALLOW_DISCARDS_ID))
+ *flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+
+ if (ARG_SET(OPT_PERF_SAME_CPU_CRYPT_ID))
+ *flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
+
+ if (ARG_SET(OPT_PERF_SUBMIT_FROM_CRYPT_CPUS_ID))
+ *flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
+
+ if (ARG_SET(OPT_PERF_NO_READ_WORKQUEUE_ID))
+ *flags |= CRYPT_ACTIVATE_NO_READ_WORKQUEUE;
+
+ if (ARG_SET(OPT_PERF_NO_WRITE_WORKQUEUE_ID))
+ *flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
+
+ if (ARG_SET(OPT_INTEGRITY_NO_JOURNAL_ID))
+ *flags |= CRYPT_ACTIVATE_NO_JOURNAL;
+
+ /* In persistent mode, we use what is set on command line */
+ if (ARG_SET(OPT_PERSISTENT_ID))
+ *flags |= CRYPT_ACTIVATE_IGNORE_PERSISTENT;
+
+ /* Only for LUKS2 but ignored elsewhere */
+ if (ARG_SET(OPT_TEST_PASSPHRASE_ID) &&
+ (ARG_SET(OPT_KEY_SLOT_ID) || ARG_SET(OPT_UNBOUND_ID)))
+ *flags |= CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY;
+
+ if (ARG_SET(OPT_SERIALIZE_MEMORY_HARD_PBKDF_ID))
+ *flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
+
+ /* Only for plain */
+ if (ARG_SET(OPT_IV_LARGE_SECTORS_ID))
+ *flags |= CRYPT_ACTIVATE_IV_LARGE_SECTORS;
+}
+
+int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
+{
+ const struct crypt_pbkdf_type *pbkdf_default;
+ struct crypt_pbkdf_type pbkdf = {};
+
+ pbkdf_default = crypt_get_pbkdf_default(dev_type);
+ if (!pbkdf_default)
+ return -EINVAL;
+
+ pbkdf.type = set_pbkdf ?: pbkdf_default->type;
+ pbkdf.hash = ARG_STR(OPT_HASH_ID) ?: pbkdf_default->hash;
+ pbkdf.time_ms = ARG_UINT32(OPT_ITER_TIME_ID) ?: pbkdf_default->time_ms;
+ if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) {
+ pbkdf.max_memory_kb = ARG_UINT32(OPT_PBKDF_MEMORY_ID) ?: pbkdf_default->max_memory_kb;
+ pbkdf.parallel_threads = ARG_UINT32(OPT_PBKDF_PARALLEL_ID) ?: pbkdf_default->parallel_threads;
+ }
+
+ if (ARG_SET(OPT_PBKDF_FORCE_ITERATIONS_ID)) {
+ pbkdf.iterations = ARG_UINT32(OPT_PBKDF_FORCE_ITERATIONS_ID);
+ pbkdf.time_ms = 0;
+ pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
+ }
+
+ return crypt_set_pbkdf_type(cd, &pbkdf);
+}
+
+int set_tries_tty(void)
+{
+ return (tools_is_stdin(ARG_STR(OPT_KEY_FILE_ID)) && isatty(STDIN_FILENO)) ? ARG_UINT32(OPT_TRIES_ID) : 1;
+}
+
+int get_adjusted_key_size(const char *cipher_mode, uint32_t default_size_bits, int integrity_keysize)
+{
+ uint32_t keysize_bits = ARG_UINT32(OPT_KEY_SIZE_ID);
+
+#ifdef ENABLE_LUKS_ADJUST_XTS_KEYSIZE
+ if (!ARG_SET(OPT_KEY_SIZE_ID) && !strncmp(cipher_mode, "xts-", 4)) {
+ if (default_size_bits == 128)
+ keysize_bits = 256;
+ else if (default_size_bits == 256)
+ keysize_bits = 512;
+ }
+#endif
+ return (keysize_bits ?: default_size_bits) / 8 + integrity_keysize;
+}
+
+/*
+ * FIXME: 4MiBs is max LUKS2 mda length (including binary header).
+ * In future, read max allowed JSON size from config section.
+ */
+#define LUKS2_MAX_MDA_SIZE 0x400000
+int tools_read_json_file(const char *file, char **json, size_t *json_size, bool batch_mode)
+{
+ ssize_t ret;
+ int fd, block, r;
+ void *buf = NULL;
+
+ block = tools_signals_blocked();
+ if (block)
+ set_int_block(0);
+
+ if (tools_is_stdin(file)) {
+ fd = STDIN_FILENO;
+ log_dbg("STDIN descriptor JSON read requested.");
+ } else {
+ log_dbg("File descriptor JSON read requested.");
+ fd = open(file, O_RDONLY);
+ if (fd < 0) {
+ log_err(_("Failed to open file %s in read-only mode."), file);
+ r = -EINVAL;
+ goto out;
+ }
+ }
+
+ buf = malloc(LUKS2_MAX_MDA_SIZE);
+ if (!buf) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ if (isatty(fd) && !batch_mode)
+ log_std(_("Provide valid LUKS2 token JSON:\n"));
+
+ /* we expect JSON (string) */
+ r = 0;
+ ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
+ if (ret < 0) {
+ r = -EIO;
+ log_err(_("Failed to read JSON file."));
+ goto out;
+ }
+ check_signal(&r);
+ if (r) {
+ log_err(_("\nRead interrupted."));
+ goto out;
+ }
+
+ *json_size = (size_t)ret;
+ *json = buf;
+ *(*json + ret) = '\0';
+out:
+ if (block && !quit)
+ set_int_block(1);
+ if (fd >= 0 && fd != STDIN_FILENO)
+ close(fd);
+ if (r && buf) {
+ memset(buf, 0, LUKS2_MAX_MDA_SIZE);
+ free(buf);
+ }
+ return r;
+}
+
+int tools_write_json_file(const char *file, const char *json)
+{
+ int block, fd, r;
+ size_t json_len;
+ ssize_t ret;
+
+ if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE)
+ return -EINVAL;
+
+ block = tools_signals_blocked();
+ if (block)
+ set_int_block(0);
+
+ if (tools_is_stdin(file)) {
+ fd = STDOUT_FILENO;
+ log_dbg("STDOUT descriptor JSON write requested.");
+ } else {
+ log_dbg("File descriptor JSON write requested.");
+ fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
+ }
+
+ if (fd < 0) {
+ log_err(_("Failed to open file %s in write mode."), file ?: "");
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = 0;
+ ret = write_buffer_intr(fd, json, json_len, &quit);
+ check_signal(&r);
+ if (r) {
+ log_err(_("\nWrite interrupted."));
+ goto out;
+ }
+ if (ret < 0 || (size_t)ret != json_len) {
+ log_err(_("Failed to write JSON file."));
+ r = -EIO;
+ goto out;
+ }
+
+ if (isatty(fd))
+ (void) write_buffer_intr(fd, "\n", 1, &quit);
+out:
+ if (block && !quit)
+ set_int_block(1);
+ if (fd >=0 && fd != STDOUT_FILENO)
+ close(fd);
+ return r;
+}
--- /dev/null
+/*
+ * Helper utilities for LUKS in cryptsetup
+ *
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Milan Broz
+ * Copyright (C) 2018-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef UTILS_LUKS_H
+#define UTILS_LUKS_H
+
+#include <stdint.h>
+
+const char *luksType(const char *type);
+
+bool isLUKS1(const char *type);
+
+bool isLUKS2(const char *type);
+
+int verify_passphrase(int def);
+
+void set_activation_flags(uint32_t *flags);
+
+int set_pbkdf_params(struct crypt_device *cd, const char *dev_type);
+
+int set_tries_tty(void);
+
+int get_adjusted_key_size(const char *cipher_mode, uint32_t default_size_bits, int integrity_keysize);
+
+int luksFormat(struct crypt_device **r_cd, char **r_password, size_t *r_passwordLen);
+
+int reencrypt(int action_argc, const char **action_argv);
+
+int reencrypt_luks1(const char *device);
+
+int reencrypt_luks1_in_progress(const char *device);
+
+#endif /* UTILS_LUKS_H */
+++ /dev/null
-/*
- * Helper utilities for LUKS2 features
- *
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018-2021 Milan Broz
- * Copyright (C) 2018-2021 Ondrej Kozina
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include "cryptsetup.h"
-
-/*
- * FIXME: 4MiBs is max LUKS2 mda length (including binary header).
- * In future, read max allowed JSON size from config section.
- */
-#define LUKS2_MAX_MDA_SIZE 0x400000
-int tools_read_json_file(struct crypt_device *cd, const char *file, char **json, size_t *json_size)
-{
- ssize_t ret;
- int fd, block, r;
- void *buf = NULL;
-
- block = tools_signals_blocked();
- if (block)
- set_int_block(0);
-
- if (tools_is_stdin(file)) {
- fd = STDIN_FILENO;
- log_dbg("STDIN descriptor JSON read requested.");
- } else {
- log_dbg("File descriptor JSON read requested.");
- fd = open(file, O_RDONLY);
- if (fd < 0) {
- log_err(_("Failed to open file %s in read-only mode."), file);
- r = -EINVAL;
- goto out;
- }
- }
-
- buf = malloc(LUKS2_MAX_MDA_SIZE);
- if (!buf) {
- r = -ENOMEM;
- goto out;
- }
-
- if (isatty(fd) && !opt_batch_mode)
- log_std(_("Provide valid LUKS2 token JSON:\n"));
-
- /* we expect JSON (string) */
- r = 0;
- ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
- if (ret < 0) {
- r = -EIO;
- log_err(_("Failed to read JSON file."));
- goto out;
- }
- check_signal(&r);
- if (r) {
- log_err(_("\nRead interrupted."));
- goto out;
- }
-
- *json_size = (size_t)ret;
- *json = buf;
- *(*json + ret) = '\0';
-out:
- if (block && !quit)
- set_int_block(1);
- if (fd >= 0 && fd != STDIN_FILENO)
- close(fd);
- if (r && buf) {
- memset(buf, 0, LUKS2_MAX_MDA_SIZE);
- free(buf);
- }
- return r;
-}
-
-int tools_write_json_file(struct crypt_device *cd, const char *file, const char *json)
-{
- int block, fd, r;
- size_t json_len;
- ssize_t ret;
-
- if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE)
- return -EINVAL;
-
- block = tools_signals_blocked();
- if (block)
- set_int_block(0);
-
- if (tools_is_stdin(file)) {
- fd = STDOUT_FILENO;
- log_dbg("STDOUT descriptor JSON write requested.");
- } else {
- log_dbg("File descriptor JSON write requested.");
- fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
- }
-
- if (fd < 0) {
- log_err(_("Failed to open file %s in write mode."), file ?: "");
- r = -EINVAL;
- goto out;
- }
-
- r = 0;
- ret = write_buffer_intr(fd, json, json_len, &quit);
- check_signal(&r);
- if (r) {
- log_err(_("\nWrite interrupted."));
- goto out;
- }
- if (ret < 0 || (size_t)ret != json_len) {
- log_err(_("Failed to write JSON file."));
- r = -EIO;
- goto out;
- }
-
- if (isatty(fd))
- (void) write_buffer_intr(fd, "\n", 1, &quit);
-out:
- if (block && !quit)
- set_int_block(1);
- if (fd >=0 && fd != STDOUT_FILENO)
- close(fd);
- return r;
-}
/*
* Password quality check wrapper
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include "cryptsetup.h"
#include <termios.h>
-int opt_force_password = 0;
-
#if defined ENABLE_PWQUALITY
#include <pwquality.h>
{
int r;
void *auxerror;
- pwquality_settings_t *pwq;
+ pwquality_settings_t *pwq;
log_dbg("Checking new password using default pwquality settings.");
pwq = pwquality_default_settings();
log_err(_("Password quality check failed:\n %s"),
pwquality_strerror(NULL, 0, r, auxerror));
r = -EPERM;
- } else {
- log_dbg("New password libpwquality score is %d.", r);
+ } else
r = 0;
- }
pwquality_free_settings(pwq);
return r;
/* Password reading helpers */
+/* coverity[ -taint_source : arg-1 ] */
static ssize_t read_tty_eol(int fd, char *pass, size_t maxlen)
{
bool eol = false;
}
/* The pass buffer is zeroed and has trailing \0 already " */
-static int untimed_read(int fd, char *pass, size_t maxlen)
+static int untimed_read(int fd, char *pass, size_t maxlen, size_t *realsize)
{
ssize_t i;
i = read_tty_eol(fd, pass, maxlen);
if (i > 0) {
- if (pass[i-1] == '\n')
+ if (pass[i-1] == '\n') {
pass[i-1] = '\0';
+ *realsize = i - 1;
+ } else
+ *realsize = i;
i = 0;
} else if (i == 0) /* empty input */
i = -1;
return i;
}
-static int timed_read(int fd, char *pass, size_t maxlen, long timeout)
+static int timed_read(int fd, char *pass, size_t maxlen, size_t *realsize, long timeout)
{
struct timeval t;
fd_set fds = {}; /* Just to avoid scan-build false report for FD_SET */
t.tv_usec = 0;
if (select(fd+1, &fds, NULL, NULL, &t) > 0)
- failed = untimed_read(fd, pass, maxlen);
+ failed = untimed_read(fd, pass, maxlen, realsize);
return failed;
}
struct termios orig, tmp;
int failed = -1;
int infd, outfd;
+ size_t realsize = 0;
if (maxlen < 1)
return failed;
outfd = infd;
if (tcgetattr(infd, &orig))
- goto out_err;
+ goto out;
memcpy(&tmp, &orig, sizeof(tmp));
tmp.c_lflag &= ~ECHO;
if (prompt && write(outfd, prompt, strlen(prompt)) < 0)
- goto out_err;
+ goto out;
tcsetattr(infd, TCSAFLUSH, &tmp);
if (timeout)
- failed = timed_read(infd, pass, maxlen, timeout);
+ failed = timed_read(infd, pass, maxlen, &realsize, timeout);
else
- failed = untimed_read(infd, pass, maxlen);
+ failed = untimed_read(infd, pass, maxlen, &realsize);
tcsetattr(infd, TCSAFLUSH, &orig);
-
-out_err:
+out:
if (!failed && write(outfd, "\n", 1)) {};
+ if (realsize == maxlen)
+ log_dbg("Read stopped at maximal interactive input length, passphrase can be trimmed.");
+
if (infd != STDIN_FILENO)
close(infd);
return failed;
static int crypt_get_key_tty(const char *prompt,
char **key, size_t *key_size,
- int timeout, int verify,
- struct crypt_device *cd)
+ int timeout, int verify)
{
int key_size_max = DEFAULT_PASSPHRASE_SIZE_MAX;
int r = -EINVAL;
if (interactive_pass(prompt, pass, key_size_max, timeout)) {
log_err(_("Error reading passphrase from terminal."));
- goto out_err;
+ goto out;
}
if (verify) {
if (!pass_verify) {
log_err(_("Out of memory while reading passphrase."));
r = -ENOMEM;
- goto out_err;
+ goto out;
}
if (interactive_pass(_("Verify passphrase: "),
pass_verify, key_size_max, timeout)) {
log_err(_("Error reading passphrase from terminal."));
- goto out_err;
+ goto out;
}
if (strncmp(pass, pass_verify, key_size_max)) {
log_err(_("Passphrases do not match."));
r = -EPERM;
- goto out_err;
+ goto out;
}
}
*key = pass;
+ /* coverity[string_null] (crypt_safe_alloc wipes string with additional \0) */
*key_size = strlen(pass);
r = 0;
-out_err:
+out:
crypt_safe_free(pass_verify);
if (r)
crypt_safe_free(pass);
if (keyfile_offset) {
log_err(_("Cannot use offset with terminal input."));
} else {
+ r = 0;
if (!prompt && !crypt_get_device_name(cd))
- snprintf(tmp, sizeof(tmp), _("Enter passphrase: "));
+ r = snprintf(tmp, sizeof(tmp), _("Enter passphrase: "));
else if (!prompt) {
backing_file = crypt_loop_backing_file(crypt_get_device_name(cd));
- snprintf(tmp, sizeof(tmp), _("Enter passphrase for %s: "), backing_file ?: crypt_get_device_name(cd));
+ r = snprintf(tmp, sizeof(tmp), _("Enter passphrase for %s: "), backing_file ?: crypt_get_device_name(cd));
free(backing_file);
}
- r = crypt_get_key_tty(prompt ?: tmp, key, key_size, timeout, verify, cd);
+ if (r >= 0)
+ r = crypt_get_key_tty(prompt ?: tmp, key, key_size, timeout, verify);
+ else
+ r = -EINVAL;
}
} else {
log_dbg("STDIN descriptor passphrase entry requested.");
set_int_block(1);
/* Check pwquality for password (not keyfile) */
- if (pwquality && !opt_force_password && !key_file && !r)
+ if (pwquality && !key_file && !r)
r = tools_check_password(*key);
return r;
else if (r == -ENOENT)
log_err(_("No usable keyslot is available."));
}
-
-int tools_read_mk(const char *file, char **key, int keysize)
-{
- int fd;
-
- if (keysize <= 0 || !key)
- return -EINVAL;
-
- *key = crypt_safe_alloc(keysize);
- if (!*key)
- return -ENOMEM;
-
- fd = open(file, O_RDONLY);
- if (fd == -1) {
- log_err(_("Cannot read keyfile %s."), file);
- goto fail;
- }
-
- if (read_buffer(fd, *key, keysize) != keysize) {
- log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
- close(fd);
- goto fail;
- }
- close(fd);
- return 0;
-fail:
- crypt_safe_free(*key);
- *key = NULL;
- return -EINVAL;
-}
-
-int tools_write_mk(const char *file, const char *key, int keysize)
-{
- int fd, r = -EINVAL;
-
- if (keysize <= 0 || !key)
- return -EINVAL;
-
- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
- if (fd < 0) {
- log_err(_("Cannot open keyfile %s for write."), file);
- return r;
- }
-
- if (write_buffer(fd, key, keysize) == keysize)
- r = 0;
- else
- log_err(_("Cannot write to keyfile %s."), file);
-
- close(fd);
- return r;
-}
--- /dev/null
+/*
+ * cryptsetup - progress output utilities
+ *
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <assert.h>
+#include "cryptsetup.h"
+
+#define MINUTES_90 UINT64_C(5400000000) /* 90 minutes in microseconds */
+#define HOURS_36 UINT64_C(129600000000) /* 36 hours in microseconds */
+
+#define MINUTES(A) (A) / UINT64_C(60000000) /* microseconds to minutes */
+#define SECONDS(A) (A) / UINT64_C(1000000) /* microseconds to seconds */
+#define HOURS(A) (A) / UINT64_C(3600000000) /* microseconds to hours */
+#define DAYS(A) (A) / UINT64_C(86400000000) /* microseconds to days */
+
+#define REMAIN_SECONDS(A) (SECONDS((A))) % 60
+#define REMAIN_MINUTES(A) (MINUTES((A))) % 60
+
+/* The difference in microseconds between two times in "timeval" format. */
+static uint64_t time_diff(struct timeval *start, struct timeval *end)
+{
+ return (end->tv_sec - start->tv_sec) * UINT64_C(1000000)
+ + (end->tv_usec - start->tv_usec);
+}
+
+static void tools_clear_line(void)
+{
+ /* vt100 code clear line */
+ log_std("\33[2K\r");
+}
+
+static void bytes_to_units(uint64_t *bytes, const char **units)
+{
+ if (*bytes < (UINT64_C(1) << 32)) { /* less than 4 GiBs */
+ *units = "MiB";
+ *bytes >>= 20;
+ } else if (*bytes < (UINT64_C(1) << 42)) { /* less than 4 TiBs */
+ *units = "GiB";
+ *bytes >>= 30;
+ } else if (*bytes < (UINT64_C(1) << 52)) { /* less than 4 PiBs */
+ *units = "TiB";
+ *bytes >>= 40;
+ } else if (*bytes < (UINT64_C(1) << 62)) { /* less than 4 EiBs */
+ *units = "PiB";
+ *bytes >>= 50;
+ } else {
+ *units = "EiB";
+ *bytes >>= 60;
+ }
+}
+
+static bool time_to_human_string(uint64_t usecs, char *buf, size_t buf_len)
+{
+ ssize_t r;
+
+ if (usecs < MINUTES_90)
+ r = snprintf(buf, buf_len, _("%02" PRIu64 "m%02" PRIu64 "s"), MINUTES(usecs), REMAIN_SECONDS(usecs));
+ else if (usecs < HOURS_36)
+ r = snprintf(buf, buf_len, _("%02" PRIu64 "h%02" PRIu64 "m%02" PRIu64 "s"), HOURS(usecs), REMAIN_MINUTES(usecs), REMAIN_SECONDS(usecs));
+ else
+ r = snprintf(buf, buf_len, _("%02" PRIu64 " days"), DAYS(usecs));
+
+ if (r < 0 || (size_t)r >= buf_len)
+ return false;
+
+ return true;
+}
+
+static void log_progress(uint64_t bytes, uint64_t device_size, uint64_t eta, double uib, const char *ustr, const char *eol)
+{
+ double progress;
+ int r;
+ const char *units;
+ char time[128], written[128], speed[128];
+
+ /*
+ * TRANSLATORS: 'time' string with examples:
+ * "12m44s" : meaning 12 minutes 44 seconds
+ * "26h12m44s" : meaning 26 hours 12 minutes 44 seconds
+ * "3 days"
+ */
+ if (!time_to_human_string(eta, time, sizeof(time)))
+ return;
+
+ progress = (double)bytes / device_size * 100.0;
+
+ bytes_to_units(&bytes, &units);
+ r = snprintf(written, sizeof(written), _("%4" PRIu64 " %s written"), bytes, units);
+ if (r < 0 || (size_t)r >= sizeof(written))
+ return;
+
+ r = snprintf(speed, sizeof(speed), _("speed %5.1f %s/s"), uib, ustr);
+ if (r < 0 || (size_t)r >= sizeof(speed))
+ return;
+
+ /*
+ * TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+ * to get translated as well. 'eol' is always new-line or empty.
+ * See above.
+ */
+ log_std(_("Progress: %5.1f%%, ETA %s, %s, %s%s"),
+ progress, time, written, speed, eol);
+}
+
+static void log_progress_final(uint64_t time_spent, uint64_t bytes, double uib, const char *ustr)
+{
+ int r;
+ const char *units;
+ char time[128], written[128], speed[128];
+
+ /*
+ * TRANSLATORS: 'time' string with examples:
+ * "12m44s" : meaning 12 minutes 44 seconds
+ * "26h12m44s" : meaning 26 hours 12 minutes 44 seconds
+ * "3 days"
+ */
+ if (!time_to_human_string(time_spent, time, sizeof(time)))
+ return;
+
+ bytes_to_units(&bytes, &units);
+ r = snprintf(written, sizeof(written) - 1, _("%4" PRIu64 " %s written"), bytes, units);
+ if (r < 0 || (size_t)r >= sizeof(written))
+ return;
+
+ r = snprintf(speed, sizeof(speed) - 1, _("speed %5.1f %s/s"), uib, ustr);
+ if (r < 0 || (size_t)r >= sizeof(speed))
+ return;
+
+ /*
+ * TRANSLATORS: 'time', 'written' and 'speed' string are supposed
+ * to get translated as well. See above
+ */
+ log_std(_("Finished, time %s, %s, %s\n"), time, written, speed);
+}
+
+static bool calculate_tdiff(bool final, uint64_t bytes, struct tools_progress_params *parms, double *r_tdiff)
+{
+ uint64_t frequency;
+ struct timeval now_time;
+
+ assert(r_tdiff);
+
+ gettimeofday(&now_time, NULL);
+ if (parms->start_time.tv_sec == 0 && parms->start_time.tv_usec == 0) {
+ parms->start_time = now_time;
+ parms->end_time = now_time;
+ parms->start_offset = bytes;
+ return false;
+ }
+
+ if (parms->frequency)
+ frequency = parms->frequency * UINT64_C(1000000);
+ else
+ frequency = 500000;
+
+ if (!final && time_diff(&parms->end_time, &now_time) < frequency)
+ return false;
+
+ parms->end_time = now_time;
+
+ *r_tdiff = time_diff(&parms->start_time, &parms->end_time) / 1E6;
+ if (!*r_tdiff)
+ return false;
+
+ return true;
+}
+
+static void tools_time_progress(uint64_t device_size, uint64_t bytes, struct tools_progress_params *parms)
+{
+ uint64_t eta;
+ double tdiff, uib;
+ const char *eol, *ustr;
+ bool final = (bytes == device_size);
+
+ if (!calculate_tdiff(final, bytes, parms, &tdiff))
+ return;
+
+ if (parms->frequency)
+ eol = "\n";
+ else
+ eol = "";
+
+ uib = (double)(bytes - parms->start_offset) / tdiff;
+
+ eta = (uint64_t)((device_size / uib - tdiff) * 1E6);
+
+ if (uib > 1073741824.0f) {
+ uib /= 1073741824.0f;
+ ustr = "GiB";
+ } else if (uib > 1048576.0f) {
+ uib /= 1048576.0f;
+ ustr = "MiB";
+ } else if (uib > 1024.0f) {
+ uib /= 1024.0f;
+ ustr = "KiB";
+ } else
+ ustr = "B";
+
+ if (!parms->frequency)
+ tools_clear_line();
+
+ if (final)
+ log_progress_final((uint64_t)(tdiff * 1E6), bytes, uib, ustr);
+ else
+ log_progress(bytes, device_size, eta, uib, ustr, eol);
+
+ fflush(stdout);
+}
+
+static void log_progress_json(const char *device, uint64_t bytes, uint64_t device_size, uint64_t eta, uint64_t uib, uint64_t time_spent)
+{
+ int r;
+ char json[PATH_MAX+256];
+
+ r = snprintf(json, sizeof(json) - 1,
+ "{\"device\":\"%s\","
+ "\"device_bytes\":\"%" PRIu64 "\"," /* in bytes */
+ "\"device_size\":\"%" PRIu64 "\"," /* in bytes */
+ "\"speed\":\"%" PRIu64 "\"," /* in bytes per second */
+ "\"eta_ms\":\"%" PRIu64 "\"," /* in milliseconds */
+ "\"time_ms\":\"%" PRIu64 "\"}\n", /* in milliseconds */
+ device, bytes, device_size, uib, eta, time_spent);
+
+ if (r < 0 || (size_t)r >= sizeof(json) - 1)
+ return;
+
+ log_std("%s", json);
+}
+
+static void tools_time_progress_json(uint64_t device_size, uint64_t bytes, struct tools_progress_params *parms)
+{
+ double tdiff, uib;
+ bool final = (bytes == device_size);
+
+ if (!calculate_tdiff(final, bytes, parms, &tdiff))
+ return;
+
+ uib = (double)(bytes - parms->start_offset) / tdiff;
+
+ log_progress_json(parms->device,
+ bytes,
+ device_size,
+ final ? UINT64_C(0) : (uint64_t)((device_size / uib - tdiff) * 1E3),
+ (uint64_t)uib,
+ (uint64_t)(tdiff * 1E3));
+
+ fflush(stdout);
+}
+
+int tools_progress(uint64_t size, uint64_t offset, void *usrptr)
+{
+ int r = 0;
+ struct tools_progress_params *parms = (struct tools_progress_params *)usrptr;
+
+ if (parms && parms->json_output)
+ tools_time_progress_json(size, offset, parms);
+ else if (parms && !parms->batch_mode)
+ tools_time_progress(size, offset, parms);
+
+ check_signal(&r);
+ if (r) {
+ if (!parms || (!parms->frequency && !parms->json_output))
+ tools_clear_line();
+ if (parms && parms->interrupt_message)
+ log_err("%s", parms->interrupt_message);
+ }
+
+ return r;
+}
+
+const char *tools_get_device_name(const char *device, char **r_backing_file)
+{
+ char *bfile;
+
+ assert(r_backing_file);
+
+ bfile = crypt_loop_backing_file(device);
+ if (bfile) {
+ *r_backing_file = bfile;
+ return bfile;
+ }
+
+ return device;
+}
--- /dev/null
+/*
+ * cryptsetup - action re-encryption utilities
+ *
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2021-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <uuid/uuid.h>
+
+#include "cryptsetup.h"
+#include "cryptsetup_args.h"
+#include "utils_luks.h"
+
+extern int64_t data_shift;
+extern const char *device_type;
+extern const char *set_pbkdf;
+
+enum device_status_info {
+ DEVICE_LUKS2 = 0, /* LUKS2 device */
+ DEVICE_LUKS2_REENCRYPT, /* LUKS2 device in reencryption */
+ DEVICE_LUKS1, /* LUKS1 device */
+ DEVICE_LUKS1_UNUSABLE, /* LUKS1 device in reencryption (legacy) */
+ DEVICE_NOT_LUKS, /* device is not LUKS type */
+ DEVICE_INVALID /* device is invalid */
+};
+
+static void _set_reencryption_flags(uint32_t *flags)
+{
+ if (ARG_SET(OPT_INIT_ONLY_ID))
+ *flags |= CRYPT_REENCRYPT_INITIALIZE_ONLY;
+
+ if (ARG_SET(OPT_RESUME_ONLY_ID))
+ *flags |= CRYPT_REENCRYPT_RESUME_ONLY;
+}
+
+static int reencrypt_check_passphrase(struct crypt_device *cd,
+ int keyslot,
+ const char *passphrase,
+ size_t passphrase_len)
+{
+ int r;
+
+ assert(cd);
+
+ r = crypt_activate_by_passphrase(cd, NULL, keyslot,
+ passphrase, passphrase_len, 0);
+ check_signal(&r);
+ tools_passphrase_msg(r);
+ tools_keyslot_msg(r, UNLOCKED);
+
+ return r;
+}
+
+static int set_keyslot_params(struct crypt_device *cd, int keyslot)
+{
+ const char *cipher;
+ struct crypt_pbkdf_type pbkdf;
+ size_t key_size;
+
+ cipher = crypt_keyslot_get_encryption(cd, keyslot, &key_size);
+ if (!cipher)
+ return -EINVAL;
+
+ if (crypt_is_cipher_null(cipher)) {
+ log_dbg("Keyslot %d uses cipher_null. "
+ "Replacing with default encryption in new keyslot.", keyslot);
+ cipher = DEFAULT_LUKS2_KEYSLOT_CIPHER;
+ key_size = DEFAULT_LUKS2_KEYSLOT_KEYBITS / 8;
+ }
+
+ if (crypt_keyslot_set_encryption(cd, cipher, key_size))
+ return -EINVAL;
+
+ /* if requested any of those just reinitialize context pbkdf */
+ if (set_pbkdf || ARG_SET(OPT_HASH_ID) || ARG_SET(OPT_PBKDF_FORCE_ITERATIONS_ID) ||
+ ARG_SET(OPT_ITER_TIME_ID))
+ return set_pbkdf_params(cd, CRYPT_LUKS2);
+
+ if (crypt_keyslot_get_pbkdf(cd, keyslot, &pbkdf))
+ return -EINVAL;
+
+ pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
+
+ return crypt_set_pbkdf_type(cd, &pbkdf);
+}
+
+static int get_active_device_name(struct crypt_device *cd,
+ const char *data_device,
+ char **r_active_name)
+{
+ char *msg;
+ int r;
+
+ assert(data_device);
+
+ r = tools_lookup_crypt_device(cd, crypt_get_type(cd), data_device, r_active_name);
+ if (r > 0) {
+ log_dbg("Device %s has %d active holders.", data_device, r);
+
+ if (!*r_active_name) {
+ log_err(_("Device %s is still in use."), data_device);
+ return -EINVAL;
+ }
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
+ log_std(_("Auto-detected active dm device '%s' for data device %s.\n"),
+ *r_active_name, data_device);
+ } else if (r < 0) {
+ if (r != -ENOTBLK) {
+ log_err(_("Failed to auto-detect device %s holders."), data_device);
+ return -EINVAL;
+ }
+
+ r = -EINVAL;
+ if (!ARG_SET(OPT_BATCH_MODE_ID)) {
+ log_std(_("Device %s is not a block device.\n"), data_device);
+
+ r = asprintf(&msg, _("Unable to decide if device %s is activated or not.\n"
+ "Are you sure you want to proceed with reencryption in offline mode?\n"
+ "It may lead to data corruption if the device is actually activated.\n"
+ "To run reencryption in online mode, use --active-name parameter instead.\n"), data_device);
+ if (r < 0)
+ return -ENOMEM;
+ r = noDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ } else {
+ log_err(_("Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+ "Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."), data_device);
+ }
+ } else {
+ *r_active_name = NULL;
+ log_dbg("Device %s is unused. Proceeding with offline reencryption.", data_device);
+ }
+
+ return r;
+}
+
+static int reencrypt_get_active_name(struct crypt_device *cd,
+ const char *data_device,
+ char **r_active_name)
+{
+ assert(cd);
+ assert(r_active_name);
+
+ if (ARG_SET(OPT_ACTIVE_NAME_ID))
+ return (*r_active_name = strdup(ARG_STR(OPT_ACTIVE_NAME_ID))) ? 0 : -ENOMEM;
+
+ return get_active_device_name(cd, data_device, r_active_name);
+}
+
+static int decrypt_verify_and_set_params(struct crypt_params_reencrypt *params)
+{
+ const char *resilience;
+
+ assert(params);
+
+ if (!ARG_SET(OPT_RESILIENCE_ID))
+ return 0;
+
+ resilience = ARG_STR(OPT_RESILIENCE_ID);
+
+ if (!strcmp(resilience, "datashift") ||
+ !strcmp(resilience, "none")) {
+ log_err(_("Requested --resilience option cannot be applied "
+ "to current reencryption operation."));
+ return -EINVAL;
+ } else if (!strcmp(resilience, "journal"))
+ params->resilience = "datashift-journal";
+ else if (!strcmp(resilience, "checksum"))
+ params->resilience = "datashift-checksum";
+ else if (!strcmp(resilience, "datashift-checksum") ||
+ !strcmp(resilience, "datashift-journal"))
+ params->resilience = resilience;
+ else {
+ log_err(_("Unsupported resilience mode %s"), resilience);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int reencrypt_verify_and_update_params(struct crypt_params_reencrypt *params,
+ char **r_hash)
+{
+ assert(params);
+ assert(r_hash);
+
+ if (ARG_SET(OPT_ENCRYPT_ID) && params->mode != CRYPT_REENCRYPT_ENCRYPT) {
+ log_err(_("Device is not in LUKS2 encryption. Conflicting option --encrypt."));
+ return -EINVAL;
+ }
+
+ if (ARG_SET(OPT_DECRYPT_ID) && params->mode != CRYPT_REENCRYPT_DECRYPT) {
+ log_err(_("Device is not in LUKS2 decryption. Conflicting option --decrypt."));
+ return -EINVAL;
+ }
+
+ if (ARG_SET(OPT_RESILIENCE_ID)) {
+ if (!strcmp(params->resilience, "datashift") &&
+ strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) {
+ log_err(_("Device is in reencryption using datashift resilience. "
+ "Requested --resilience option cannot be applied."));
+ return -EINVAL;
+ }
+ if (strcmp(params->resilience, "datashift") &&
+ !strcmp(ARG_STR(OPT_RESILIENCE_ID), "datashift")) {
+ log_err(_("Requested --resilience option cannot be applied "
+ "to current reencryption operation."));
+ return -EINVAL;
+ }
+
+ if (!strncmp(params->resilience, "datashift-", 10)) {
+ /* decryption with datashift in progress */
+ if (decrypt_verify_and_set_params(params))
+ return -EINVAL;
+ } else if (!strncmp(ARG_STR(OPT_RESILIENCE_ID), "datashift-", 10)) {
+ log_err(_("Requested --resilience option cannot be applied "
+ "to current reencryption operation."));
+ return -EINVAL;
+ } else
+ params->resilience = ARG_STR(OPT_RESILIENCE_ID);
+
+ /* we have to copy hash string returned by API */
+ if (params->hash && !ARG_SET(OPT_RESILIENCE_HASH_ID)) {
+ /* r_hash owns the memory. Freed by caller */
+ *r_hash = strdup(params->hash);
+ if (!*r_hash)
+ return -ENOMEM;
+ params->hash = *r_hash;
+ }
+
+ /* Add default hash when switching to checksum based resilience */
+ if (!params->hash && !ARG_SET(OPT_RESILIENCE_HASH_ID) &&
+ (!strcmp(params->resilience, "checksum") ||
+ !strcmp(params->resilience, "datashift-checksum")))
+ params->hash = "sha256";
+
+ if (ARG_SET(OPT_RESILIENCE_HASH_ID))
+ params->hash = ARG_STR(OPT_RESILIENCE_HASH_ID);
+ } else
+ params->resilience = NULL;
+
+ params->max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE;
+ params->device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE;
+ params->flags = CRYPT_REENCRYPT_RESUME_ONLY;
+
+ return 0;
+}
+
+static int reencrypt_hint_force_offline_reencrypt(const char *data_device)
+{
+ struct stat st;
+
+ if (ARG_SET(OPT_ACTIVE_NAME_ID) ||
+ !ARG_SET(OPT_BATCH_MODE_ID) ||
+ ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID))
+ return 0;
+
+ if (stat(data_device, &st) == 0 && S_ISREG(st.st_mode)) {
+ log_err(_("Device %s is not a block device. Can not auto-detect if it is active or not.\n"
+ "Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!)."), data_device);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int reencrypt_luks2_load(struct crypt_device *cd, const char *data_device)
+{
+ char *msg;
+ crypt_reencrypt_info ri;
+ int r;
+ size_t passwordLen;
+ char *active_name = NULL, *hash = NULL, *password = NULL;
+ struct crypt_params_reencrypt params = {};
+
+ ri = crypt_reencrypt_status(cd, ¶ms);
+ if (ri == CRYPT_REENCRYPT_CRASH)
+ log_err(_("Device requires reencryption recovery. Run repair first."));
+
+ if (ri != CRYPT_REENCRYPT_CLEAN)
+ return -EINVAL;
+
+ r = reencrypt_verify_and_update_params(¶ms, &hash);
+ if (r < 0)
+ return r;
+
+ r = reencrypt_hint_force_offline_reencrypt(data_device);
+ if (r < 0)
+ goto out;
+
+ if (!ARG_SET(OPT_BATCH_MODE_ID) && !ARG_SET(OPT_RESUME_ONLY_ID)) {
+ r = asprintf(&msg, _("Device %s is already in LUKS2 reencryption. "
+ "Do you wish to resume previously initialised operation?"),
+ crypt_get_metadata_device_name(cd) ?: data_device);
+ if (r < 0) {
+ r = -ENOMEM;
+ goto out;
+ }
+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ if (r < 0)
+ goto out;
+ }
+
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, cd);
+ if (r < 0)
+ goto out;
+
+ if (!ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID))
+ r = reencrypt_get_active_name(cd, data_device, &active_name);
+ if (r >= 0)
+ r = crypt_reencrypt_init_by_passphrase(cd, active_name, password,
+ passwordLen, ARG_INT32(OPT_KEY_SLOT_ID),
+ ARG_INT32(OPT_KEY_SLOT_ID), NULL, NULL, ¶ms);
+out:
+ free(hash);
+ crypt_safe_free(password);
+ free(active_name);
+ return r;
+}
+
+/*
+ * 1: in-progress
+ * 0: clean luks2 device
+ * < 0: error
+ */
+static int luks2_reencrypt_in_progress(struct crypt_device *cd)
+{
+ uint32_t flags;
+
+ if (crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags))
+ return -EINVAL;
+
+ if (flags & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
+ log_err(_("Legacy LUKS2 reencryption is no longer supported."));
+ return -EINVAL;
+ }
+
+ return flags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT;
+}
+
+/*
+ * Returns crypt context for:
+ * DEVICE_LUKS2
+ * DEVICE_LUKS2_REENCRYPT
+ * DEVICE_LUKS1
+ */
+static enum device_status_info load_luks(struct crypt_device **r_cd,
+ const char *header_device,
+ const char *data_device)
+{
+ int r;
+ struct crypt_device *cd;
+ struct stat st;
+
+ assert(r_cd);
+ assert(data_device);
+
+ if (header_device && stat(header_device, &st) < 0 && errno == ENOENT)
+ return DEVICE_NOT_LUKS;
+
+ if (crypt_init_data_device(&cd, uuid_or_device(header_device ?: data_device), data_device))
+ return DEVICE_INVALID;
+
+ if ((r = crypt_load(cd, CRYPT_LUKS, NULL))) {
+ crypt_free(cd);
+
+ if (r == -EBUSY) /* luks2 locking error (message printed by libcryptsetup) */
+ return DEVICE_INVALID;
+
+ r = reencrypt_luks1_in_progress(uuid_or_device(header_device ?: data_device));
+ if (!r)
+ return DEVICE_LUKS1_UNUSABLE;
+
+ return DEVICE_NOT_LUKS;
+ }
+
+ if (isLUKS2(crypt_get_type(cd))) {
+ r = luks2_reencrypt_in_progress(cd);
+ if (r < 0) {
+ crypt_free(cd);
+ return DEVICE_INVALID;
+ }
+ }
+
+ *r_cd = cd;
+
+ if (r > 0)
+ return DEVICE_LUKS2_REENCRYPT;
+
+ return isLUKS2(crypt_get_type(cd)) ? DEVICE_LUKS2 : DEVICE_LUKS1;
+}
+
+static bool luks2_reencrypt_eligible(struct crypt_device *cd)
+{
+ struct crypt_params_integrity ip = { 0 };
+
+ /* raw integrity info is available since 2.0 */
+ if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) {
+ log_err(_("Reencryption of device with integrity profile is not supported."));
+ return false;
+ }
+
+ return true;
+}
+
+static enum device_status_info check_luks_device(const char *device)
+{
+ enum device_status_info dev_st;
+ struct crypt_device *cd = NULL;
+
+ dev_st = load_luks(&cd, NULL, device);
+ crypt_free(cd);
+
+ return dev_st;
+}
+
+static int reencrypt_check_data_sb_block_size(const char *data_device, uint32_t new_sector_size)
+{
+ int r;
+ char sb_name[32];
+ unsigned block_size;
+
+ assert(data_device);
+
+ r = tools_superblock_block_size(data_device, sb_name, sizeof(sb_name), &block_size);
+ if (r <= 0)
+ return r;
+
+ if (new_sector_size > block_size) {
+ log_err(_("Requested --sector-size %" PRIu32 " is incompatible with %s superblock\n"
+ "(block size: %" PRIu32 " bytes) detected on device %s."),
+ new_sector_size, sb_name, block_size, data_device);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int reencrypt_check_active_device_sb_block_size(const char *active_device, uint32_t new_sector_size)
+{
+ int r;
+ char dm_device[PATH_MAX];
+
+ r = snprintf(dm_device, sizeof(dm_device), "%s/%s", crypt_get_dir(), active_device);
+ if (r < 0 || (size_t)r >= sizeof(dm_device))
+ return -EINVAL;
+
+ return reencrypt_check_data_sb_block_size(dm_device, new_sector_size);
+}
+
+static int reencrypt_is_header_detached(const char *header_device, const char *data_device)
+{
+ int r;
+ struct stat st;
+ struct crypt_device *cd;
+
+ if (!header_device)
+ return 0;
+
+ if (header_device && stat(header_device, &st) < 0 && errno == ENOENT)
+ return 1;
+
+ if ((r = crypt_init_data_device(&cd, header_device, data_device)))
+ return r;
+
+ r = crypt_header_is_detached(cd);
+ crypt_free(cd);
+ return r;
+}
+
+static int encrypt_luks2_init(struct crypt_device **cd, const char *data_device, const char *device_name)
+{
+ int keyslot, r, fd;
+ uuid_t uuid;
+ size_t passwordLen;
+ char *tmp, uuid_str[37], header_file[PATH_MAX] = { 0 }, *password = NULL;
+ uint32_t activate_flags = 0;
+ const struct crypt_params_luks2 luks2_params = {
+ .sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID) ?: SECTOR_SIZE
+ };
+ struct crypt_params_reencrypt params = {
+ .mode = CRYPT_REENCRYPT_ENCRYPT,
+ .direction = data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
+ .resilience = ARG_STR(OPT_RESILIENCE_ID) ?: "checksum",
+ .hash = ARG_STR(OPT_RESILIENCE_HASH_ID) ?: "sha256",
+ .max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE,
+ .device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE,
+ .luks2 = &luks2_params,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY
+ };
+
+ _set_reencryption_flags(¶ms.flags);
+
+ if (!data_shift) {
+ r = reencrypt_is_header_detached(ARG_STR(OPT_HEADER_ID), data_device);
+ if (r < 0)
+ return r;
+ if (!r) {
+ log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."));
+ return -ENOTSUP;
+ }
+ }
+
+ if (!ARG_SET(OPT_HEADER_ID) && ARG_UINT64(OPT_OFFSET_ID) &&
+ data_shift && (ARG_UINT64(OPT_OFFSET_ID) > (uint64_t)(imaxabs(data_shift) / (2 * SECTOR_SIZE)))) {
+ log_err(_("Requested data offset must be less than or equal to half of --reduce-device-size parameter."));
+ return -EINVAL;
+ }
+
+ /* TODO: ask user to confirm. It's useless to do data device reduction and than use smaller value */
+ if (!ARG_SET(OPT_HEADER_ID) && ARG_UINT64(OPT_OFFSET_ID) &&
+ data_shift && (ARG_UINT64(OPT_OFFSET_ID) < (uint64_t)(imaxabs(data_shift) / (2 * SECTOR_SIZE)))) {
+ data_shift = -(ARG_UINT64(OPT_OFFSET_ID) * 2 * SECTOR_SIZE);
+ if (data_shift >= 0)
+ return -EINVAL;
+ log_std(_("Adjusting --reduce-device-size value to twice the --offset %" PRIu64 " (sectors).\n"), ARG_UINT64(OPT_OFFSET_ID) * 2);
+ }
+
+ if (ARG_SET(OPT_UUID_ID) && uuid_parse(ARG_STR(OPT_UUID_ID), uuid) == -1) {
+ log_err(_("Wrong LUKS UUID format provided."));
+ return -EINVAL;
+ }
+
+ if (ARG_SET(OPT_SECTOR_SIZE_ID)) {
+ r = reencrypt_check_data_sb_block_size(data_device, ARG_UINT32(OPT_SECTOR_SIZE_ID));
+ if (r < 0)
+ return r;
+ }
+
+ if (!ARG_SET(OPT_UUID_ID)) {
+ uuid_generate(uuid);
+ uuid_unparse(uuid, uuid_str);
+ if (!(tmp = strdup(uuid_str)))
+ return -ENOMEM;
+ ARG_SET_STR(OPT_UUID_ID, tmp);
+ }
+
+ if (!ARG_SET(OPT_HEADER_ID)) {
+ r = snprintf(header_file, sizeof(header_file), "LUKS2-temp-%s.new", ARG_STR(OPT_UUID_ID));
+ if (r < 0 || (size_t)r >= sizeof(header_file))
+ return -EINVAL;
+
+ fd = open(header_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
+ if (fd == -1) {
+ if (errno == EEXIST)
+ log_err(_("Temporary header file %s already exists. Aborting."), header_file);
+ else
+ log_err(_("Cannot create temporary header file %s."), header_file);
+ return -EINVAL;
+ }
+
+ r = posix_fallocate(fd, 0, 4096);
+ close(fd);
+ if (r) {
+ log_err(_("Cannot create temporary header file %s."), header_file);
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (!(tmp = strdup(header_file))) {
+ r = -ENOMEM;
+ goto out;
+ }
+ ARG_SET_STR(OPT_HEADER_ID, tmp);
+
+ /*
+ * FIXME: just override offset here, but we should support both.
+ * offset and implicit offset via data shift (lvprepend?)
+ */
+ if (!ARG_UINT64(OPT_OFFSET_ID))
+ ARG_SET_UINT64(OPT_OFFSET_ID, imaxabs(data_shift) / (2 * SECTOR_SIZE));
+ data_shift >>= 1;
+ params.flags |= CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT;
+ } else if (data_shift < 0) {
+ if (!ARG_SET(OPT_LUKS2_METADATA_SIZE_ID))
+ ARG_SET_UINT64(OPT_LUKS2_METADATA_SIZE_ID, 0x4000); /* missing default here */
+ if (!ARG_SET(OPT_LUKS2_KEYSLOTS_SIZE_ID))
+ ARG_SET_UINT64(OPT_LUKS2_KEYSLOTS_SIZE_ID, -data_shift - 2 * ARG_UINT64(OPT_LUKS2_METADATA_SIZE_ID));
+ if (2 * ARG_UINT64(OPT_LUKS2_METADATA_SIZE_ID) + ARG_UINT64(OPT_LUKS2_KEYSLOTS_SIZE_ID) > (uint64_t)-data_shift) {
+ log_err(_("LUKS2 metadata size is larger than data shift value."));
+ return -EINVAL;
+ }
+ }
+
+ r = luksFormat(cd, &password, &passwordLen);
+ if (r < 0)
+ goto out;
+
+ if (!luks2_reencrypt_eligible(*cd)) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (data_shift) {
+ params.data_shift = imaxabs(data_shift) / SECTOR_SIZE,
+ params.resilience = "datashift";
+ }
+ keyslot = !ARG_SET(OPT_KEY_SLOT_ID) ? 0 : ARG_INT32(OPT_KEY_SLOT_ID);
+ r = crypt_reencrypt_init_by_passphrase(*cd, NULL, password, passwordLen,
+ CRYPT_ANY_SLOT, keyslot, crypt_get_cipher(*cd),
+ crypt_get_cipher_mode(*cd), ¶ms);
+ if (r < 0) {
+ crypt_keyslot_destroy(*cd, keyslot);
+ goto out;
+ }
+
+ /* Restore temporary header in head of data device */
+ if (*header_file) {
+ crypt_free(*cd);
+ *cd = NULL;
+
+ r = crypt_init(cd, data_device);
+ if (!r)
+ r = crypt_header_restore(*cd, CRYPT_LUKS2, header_file);
+
+ if (r) {
+ log_err(_("Failed to place new header at head of device %s."), data_device);
+ goto out;
+ }
+ }
+
+ /* activate device */
+ if (device_name) {
+ set_activation_flags(&activate_flags);
+ r = crypt_activate_by_passphrase(*cd, device_name, ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen, activate_flags);
+ if (r >= 0)
+ log_std(_("%s/%s is now active and ready for online encryption.\n"), crypt_get_dir(), device_name);
+ }
+
+ if (r < 0)
+ goto out;
+
+ /* just load reencryption context to continue reencryption */
+ if (!ARG_SET(OPT_INIT_ONLY_ID)) {
+ params.flags &= ~CRYPT_REENCRYPT_INITIALIZE_ONLY;
+ r = crypt_reencrypt_init_by_passphrase(*cd, device_name, password, passwordLen,
+ CRYPT_ANY_SLOT, keyslot, NULL, NULL, ¶ms);
+ }
+out:
+ crypt_safe_free(password);
+ if (*header_file)
+ unlink(header_file);
+ return r;
+}
+
+static enum device_status_info load_luks2_by_name(struct crypt_device **r_cd, const char *active_name, const char *header_device)
+{
+ int r;
+ struct crypt_device *cd;
+ struct stat st;
+
+ assert(r_cd);
+ assert(active_name);
+
+ if (header_device && stat(header_device, &st) < 0 && errno == ENOENT)
+ return DEVICE_NOT_LUKS;
+
+ r = crypt_init_by_name_and_header(&cd, active_name, header_device);
+ if (r)
+ return DEVICE_INVALID;
+
+ if (!isLUKS2(crypt_get_type(cd))) {
+ log_err(_("Active device %s is not LUKS2."), active_name);
+ crypt_free(cd);
+ return DEVICE_INVALID;
+ }
+
+ r = luks2_reencrypt_in_progress(cd);
+ if (r < 0) {
+ crypt_free(cd);
+ return DEVICE_INVALID;
+ }
+
+ *r_cd = cd;
+
+ return !r ? DEVICE_LUKS2 : DEVICE_LUKS2_REENCRYPT;
+}
+
+static int reencrypt_restore_header(struct crypt_device **cd,
+ const char *data_device, const char *header)
+{
+ int r;
+
+ assert(cd);
+ assert(data_device);
+ assert(header);
+
+ crypt_free(*cd);
+ *cd = NULL;
+
+ log_verbose(_("Restoring original LUKS2 header."));
+
+ r = crypt_init(cd, data_device);
+ if (r < 0)
+ return r;
+
+ r = crypt_header_restore(*cd, CRYPT_LUKS2, header);
+ if (r < 0)
+ log_err(_("Original LUKS2 header restore failed."));
+
+ return r;
+}
+
+static int decrypt_luks2_datashift_init(struct crypt_device **cd,
+ const char *data_device,
+ const char *expheader)
+{
+ int fd, r;
+ size_t passwordLen;
+ struct stat hdr_st;
+ bool remove_header = false;
+ char *msg, *active_name = NULL, *password = NULL;
+ struct crypt_params_reencrypt params = {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = ARG_STR(OPT_RESILIENCE_HASH_ID) ?: "sha256",
+ .data_shift = crypt_get_data_offset(*cd),
+ .device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE,
+ .max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE,
+ .flags = CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ if (!ARG_SET(OPT_BATCH_MODE_ID)) {
+ r = asprintf(&msg, _("Header file %s does not exist. Do you want to initialize LUKS2 "
+ "decryption of device %s and export LUKS2 header to file %s?"),
+ expheader, data_device, expheader);
+ if (r < 0)
+ return -ENOMEM;
+ r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
+ free(msg);
+ if (r < 0)
+ return r;
+ }
+
+ if ((r = decrypt_verify_and_set_params(¶ms)))
+ return r;
+
+ r = reencrypt_hint_force_offline_reencrypt(data_device);
+ if (r < 0)
+ return r;
+
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID),
+ ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ verify_passphrase(0), 0, *cd);
+ if (r < 0)
+ return r;
+
+ r = reencrypt_check_passphrase(*cd, ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen);
+ if (r < 0)
+ goto out;
+
+ r = crypt_header_backup(*cd, CRYPT_LUKS2, expheader);
+ if (r < 0)
+ goto out;
+
+ remove_header = true;
+
+ fd = open(expheader, O_RDONLY);
+ if (fd < 0)
+ goto out;
+
+ if (fstat(fd, &hdr_st)) {
+ close(fd);
+ r = -EINVAL;
+ goto out;
+ }
+
+ r = fchmod(fd, hdr_st.st_mode | S_IRUSR | S_IWUSR);
+ close(fd);
+ if (r) {
+ log_err(_("Failed to add read/write permissions to exported header file."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ crypt_free(*cd);
+ *cd = NULL;
+
+ /* reload with exported header */
+ if (ARG_SET(OPT_ACTIVE_NAME_ID)) {
+ if (load_luks2_by_name(cd, ARG_STR(OPT_ACTIVE_NAME_ID), expheader) != DEVICE_LUKS2) {
+ r = -EINVAL;
+ goto out;
+ }
+ } else {
+ if ((r = crypt_init_data_device(cd, expheader, data_device)))
+ goto out;
+ if ((r = crypt_load(*cd, CRYPT_LUKS2, NULL)))
+ goto out;
+ }
+
+ _set_reencryption_flags(¶ms.flags);
+
+ if (!ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID))
+ r = reencrypt_get_active_name(*cd, data_device, &active_name);
+
+ if (r < 0)
+ goto out;
+
+ r = tools_wipe_all_signatures(data_device, active_name == NULL, true);
+ if (r < 0) {
+ /* if header restore fails keep original header backup */
+ if (reencrypt_restore_header(cd, data_device, expheader) < 0)
+ remove_header = false;
+ goto out;
+ }
+
+ remove_header = false;
+
+ r = crypt_reencrypt_init_by_passphrase(*cd, active_name, password,
+ passwordLen, ARG_INT32(OPT_KEY_SLOT_ID), CRYPT_ANY_SLOT,
+ NULL, NULL, ¶ms);
+
+ if (r < 0 && crypt_reencrypt_status(*cd, NULL) == CRYPT_REENCRYPT_NONE) {
+ /* if restore is successful we can remove header backup */
+ if (!reencrypt_restore_header(cd, data_device, expheader))
+ remove_header = true;
+ }
+out:
+ free(active_name);
+ crypt_safe_free(password);
+
+ if (r < 0 && !remove_header && !stat(expheader, &hdr_st) && S_ISREG(hdr_st.st_mode))
+ log_err(_("Reencryption initialization failed. Header backup is available in %s."),
+ expheader);
+ if (remove_header)
+ unlink(expheader);
+
+ return r;
+}
+
+static int decrypt_luks2_init(struct crypt_device *cd, const char *data_device)
+{
+ int r;
+ size_t passwordLen;
+ char *active_name = NULL, *password = NULL;
+ struct crypt_params_reencrypt params = {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = data_shift > 0 ? CRYPT_REENCRYPT_FORWARD : CRYPT_REENCRYPT_BACKWARD,
+ .resilience = data_shift ? "datashift" : (ARG_STR(OPT_RESILIENCE_ID) ?: "checksum"),
+ .hash = ARG_STR(OPT_RESILIENCE_HASH_ID) ?: "sha256",
+ .data_shift = imaxabs(data_shift) / SECTOR_SIZE,
+ .device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE,
+ .max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE,
+ };
+
+ if (!luks2_reencrypt_eligible(cd))
+ return -EINVAL;
+
+ if ((!crypt_get_metadata_device_name(cd) || crypt_header_is_detached(cd) <= 0 ||
+ crypt_get_data_offset(cd) > 0)) {
+ log_err(_("LUKS2 decryption is supported with detached header device only (with data offset set to 0)."));
+ return -ENOTSUP;
+ }
+
+ r = reencrypt_hint_force_offline_reencrypt(data_device);
+ if (r < 0)
+ return r;
+
+ _set_reencryption_flags(¶ms.flags);
+
+ r = tools_get_key(NULL, &password, &passwordLen,
+ ARG_UINT64(OPT_KEYFILE_OFFSET_ID), ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+ ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
+ if (r < 0)
+ return r;
+
+ r = reencrypt_check_passphrase(cd, ARG_INT32(OPT_KEY_SLOT_ID), password, passwordLen);
+ if (r < 0)
+ goto out;
+
+ if (!ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID))
+ r = reencrypt_get_active_name(cd, data_device, &active_name);
+ if (r >= 0)
+ r = crypt_reencrypt_init_by_passphrase(cd, active_name, password,
+ passwordLen, ARG_INT32(OPT_KEY_SLOT_ID), CRYPT_ANY_SLOT, NULL, NULL, ¶ms);
+
+out:
+ free(active_name);
+ crypt_safe_free(password);
+ return r;
+}
+
+struct keyslot_passwords {
+ char *password;
+ size_t passwordLen;
+ int new;
+};
+
+static struct keyslot_passwords *init_keyslot_passwords(size_t count)
+{
+ size_t i;
+ struct keyslot_passwords *tmp = calloc(count, sizeof(struct keyslot_passwords));
+
+ if (!tmp)
+ return tmp;
+
+ for (i = 0; i < count; i++)
+ tmp[i].new = -1;
+
+ return tmp;
+}
+
+static int init_passphrase(struct keyslot_passwords *kp, size_t keyslot_passwords_length,
+ struct crypt_device *cd, const char *msg, int slot_to_check)
+{
+ crypt_keyslot_info ki;
+ char *password;
+ int r = -EINVAL, retry_count;
+ size_t passwordLen;
+
+ if (slot_to_check != CRYPT_ANY_SLOT) {
+ ki = crypt_keyslot_status(cd, slot_to_check);
+ if (ki < CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_UNBOUND)
+ return -ENOENT;
+ }
+
+ retry_count = set_tries_tty();
+
+ while (retry_count--) {
+ r = tools_get_key(msg, &password, &passwordLen, 0, 0,
+ ARG_STR(OPT_KEY_FILE_ID), 0, 0, 0 /*pwquality*/, cd);
+ if (r < 0)
+ return r;
+ if (quit) {
+ crypt_safe_free(password);
+ password = NULL;
+ passwordLen = 0;
+ return -EAGAIN;
+ }
+
+ r = crypt_activate_by_passphrase(cd, NULL, slot_to_check,
+ password, passwordLen, 0);
+ if (r < 0) {
+ crypt_safe_free(password);
+ password = NULL;
+ passwordLen = 0;
+ }
+ if (r < 0 && r != -EPERM)
+ return r;
+
+ if (r >= 0) {
+ tools_keyslot_msg(r, UNLOCKED);
+ if ((size_t)r >= keyslot_passwords_length) {
+ crypt_safe_free(password);
+ return -EINVAL;
+ }
+ kp[r].password = password;
+ kp[r].passwordLen = passwordLen;
+ break;
+ }
+ tools_passphrase_msg(r);
+ }
+
+ password = NULL;
+ passwordLen = 0;
+
+ return r;
+}
+
+static int _check_luks2_keyslots(struct crypt_device *cd, bool vk_change)
+{
+ int i, new_vk_slot = (vk_change ? 1 : 0), max = crypt_keyslot_max(CRYPT_LUKS2), active = 0, unbound = 0;
+
+ if (max < 0)
+ return max;
+
+ for (i = 0; i < max; i++) {
+ switch (crypt_keyslot_status(cd, i)) {
+ case CRYPT_SLOT_INVALID:
+ return -EINVAL;
+ case CRYPT_SLOT_ACTIVE:
+ /* fall-through */
+ case CRYPT_SLOT_ACTIVE_LAST:
+ active++;
+ break;
+ case CRYPT_SLOT_UNBOUND:
+ unbound++;
+ /* fall-through */
+ default:
+ break;
+ }
+ }
+
+ /* at least one keyslot for reencryption plus new volume key (if needed) */
+ if (active + unbound + new_vk_slot + 1 > max) {
+ log_err(_("Not enough free keyslots for reencryption."));
+ return -EINVAL;
+ }
+
+ if (!vk_change)
+ return 0;
+
+ if ((ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT) &&
+ (2 * active + unbound + 1 > max)) {
+ log_err(_("Not enough free keyslots for reencryption."));
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int fill_keyslot_passwords(struct crypt_device *cd,
+ struct keyslot_passwords *kp, size_t kp_size,
+ bool vk_change)
+{
+ char msg[128];
+ crypt_keyslot_info ki;
+ int i, r = 0;
+
+ if (vk_change && ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT && ARG_SET(OPT_KEY_FILE_ID)) {
+ for (i = 0; (size_t)i < kp_size; i++) {
+ ki = crypt_keyslot_status(cd, i);
+ if (ki == CRYPT_SLOT_INVALID)
+ return -EINVAL;
+ if (ki == CRYPT_SLOT_ACTIVE) {
+ log_err(_("Key file can be used only with --key-slot or with "
+ "exactly one key slot active."));
+ return -EINVAL;
+ }
+ }
+ }
+
+ if (ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT) {
+ for (i = 0; (size_t)i < kp_size; i++) {
+ if (snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %d: "), i) < 0)
+ return -EINVAL;
+ r = init_passphrase(kp, kp_size, cd, msg, i);
+ /* no need to initialize all keyslots with --keep-key */
+ if (r >= 0 && !vk_change)
+ break;
+ if (r == -ENOENT)
+ r = 0;
+ if (r < 0)
+ break;
+ }
+ } else {
+ if (snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), ARG_INT32(OPT_KEY_SLOT_ID)) < 0)
+ return -EINVAL;
+ r = init_passphrase(kp, kp_size, cd, msg, ARG_INT32(OPT_KEY_SLOT_ID));
+ }
+
+ return r < 0 ? r : 0;
+}
+
+static int assign_tokens(struct crypt_device *cd, int keyslot_old, int keyslot_new)
+{
+ int token = 0, r = crypt_token_is_assigned(cd, token, keyslot_old);
+
+ while (r != -EINVAL) {
+ if (!r && (token != crypt_token_assign_keyslot(cd, token, keyslot_new)))
+ return -EINVAL;
+ token++;
+ r = crypt_token_is_assigned(cd, token, keyslot_old);
+ }
+
+ /* we reached max token number, exit */
+ return 0;
+}
+
+static int reencrypt_luks2_init(struct crypt_device *cd, const char *data_device)
+{
+ bool vk_size_change, sector_size_change, sector_size_increase, vk_change;
+ size_t i, vk_size, kp_size;
+ int r, keyslot_old = CRYPT_ANY_SLOT, keyslot_new = CRYPT_ANY_SLOT, key_size;
+ char cipher[MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk = NULL, *active_name = NULL;
+ const char *new_cipher = NULL;
+ struct keyslot_passwords *kp = NULL;
+ struct crypt_params_luks2 luks2_params = {};
+ struct crypt_params_reencrypt params = {
+ .mode = CRYPT_REENCRYPT_REENCRYPT,
+ .direction = data_shift < 0 ? CRYPT_REENCRYPT_BACKWARD : CRYPT_REENCRYPT_FORWARD,
+ .resilience = data_shift ? "datashift" : (ARG_STR(OPT_RESILIENCE_ID) ?: "checksum"),
+ .hash = ARG_STR(OPT_RESILIENCE_HASH_ID) ?: "sha256",
+ .data_shift = imaxabs(data_shift) / SECTOR_SIZE,
+ .max_hotzone_size = ARG_UINT64(OPT_HOTZONE_SIZE_ID) / SECTOR_SIZE,
+ .device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID) / SECTOR_SIZE,
+ .luks2 = &luks2_params,
+ };
+
+ if (!luks2_reencrypt_eligible(cd))
+ return -EINVAL;
+
+ _set_reencryption_flags(¶ms.flags);
+
+ /* cipher */
+ if (ARG_SET(OPT_CIPHER_ID))
+ new_cipher = ARG_STR(OPT_CIPHER_ID);
+ else if (!ARG_SET(OPT_CIPHER_ID) && crypt_is_cipher_null(crypt_get_cipher(cd))) {
+ log_std(_("Switching data encryption cipher to %s.\n"), DEFAULT_CIPHER(LUKS1));
+ new_cipher = DEFAULT_CIPHER(LUKS1);
+ }
+
+ if (!new_cipher) {
+ strncpy(cipher, crypt_get_cipher(cd), MAX_CIPHER_LEN - 1);
+ strncpy(mode, crypt_get_cipher_mode(cd), MAX_CIPHER_LEN - 1);
+ cipher[MAX_CIPHER_LEN-1] = '\0';
+ mode[MAX_CIPHER_LEN-1] = '\0';
+ } else {
+ if ((r = crypt_parse_name_and_mode(new_cipher, cipher, NULL, mode))) {
+ log_err(_("No known cipher specification pattern detected."));
+ return r;
+ }
+
+ /* the segment cipher is identical with existing one */
+ if (!strcmp(cipher, crypt_get_cipher(cd)) && !strcmp(mode, crypt_get_cipher_mode(cd)))
+ new_cipher = NULL;
+ }
+
+ /* sector size */
+ luks2_params.sector_size = ARG_UINT32(OPT_SECTOR_SIZE_ID) ?: (uint32_t)crypt_get_sector_size(cd);
+ sector_size_change = luks2_params.sector_size != (uint32_t)crypt_get_sector_size(cd);
+ sector_size_increase = luks2_params.sector_size > (uint32_t)crypt_get_sector_size(cd);
+
+ /* key size */
+ if (ARG_SET(OPT_KEY_SIZE_ID) || new_cipher)
+ key_size = get_adjusted_key_size(mode, DEFAULT_LUKS1_KEYBITS, 0);
+ else
+ key_size = crypt_get_volume_key_size(cd);
+
+ if (!key_size)
+ return -EINVAL;
+ vk_size = key_size;
+
+ vk_size_change = key_size != crypt_get_volume_key_size(cd);
+
+ /* volume key */
+ vk_change = !ARG_SET(OPT_KEEP_KEY_ID);
+
+ if (vk_change && ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &vk, key_size);
+ if (r < 0)
+ goto out;
+
+ if (!crypt_volume_key_verify(cd, vk, key_size)) {
+ /* passed key was valid volume key */
+ vk_change = false;
+ crypt_safe_free(vk);
+ vk = NULL;
+ }
+ }
+
+ if (!vk_change && !vk_size_change && !new_cipher && !sector_size_change) {
+ log_err(_("No data segment parameters changed. Reencryption aborted."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (!ARG_SET(OPT_INIT_ONLY_ID) || (tools_blkid_supported() && sector_size_increase)) {
+ r = reencrypt_hint_force_offline_reencrypt(data_device);
+ if (r < 0)
+ goto out;
+ }
+
+ r = _check_luks2_keyslots(cd, vk_change);
+ if (r)
+ goto out;
+
+ r = crypt_keyslot_max(CRYPT_LUKS2);
+ if (r < 0)
+ goto out;
+ kp_size = r;
+
+ kp = init_keyslot_passwords(kp_size);
+ if (!kp) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ /* coverity[overrun-call] */
+ r = fill_keyslot_passwords(cd, kp, kp_size, vk_change);
+ if (r)
+ goto out;
+
+ r = -ENOENT;
+
+ for (i = 0; i < kp_size; i++) {
+ if (!vk_change) {
+ if (kp[i].password) {
+ r = keyslot_old = kp[i].new = i;
+ break;
+ }
+ continue;
+ }
+
+ if (kp[i].password && keyslot_new < 0) {
+ r = set_keyslot_params(cd, i);
+ if (r < 0)
+ break;
+ r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
+ kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT);
+ tools_keyslot_msg(r, CREATED);
+ if (r < 0)
+ break;
+
+ kp[i].new = r;
+ keyslot_new = r;
+ keyslot_old = i;
+ if (!vk) {
+ /* key generated in crypt_keyslot_add_by_key() call above */
+ vk = crypt_safe_alloc(key_size);
+ if (!vk) {
+ r = -ENOMEM;
+ break;
+ }
+ r = crypt_volume_key_get(cd, keyslot_new, vk, &vk_size, kp[i].password, kp[i].passwordLen);
+ if (r < 0)
+ break;
+ }
+ r = assign_tokens(cd, i, r);
+ if (r < 0)
+ break;
+ } else if (kp[i].password) {
+ r = set_keyslot_params(cd, i);
+ if (r < 0)
+ break;
+ r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, vk, key_size,
+ kp[i].password, kp[i].passwordLen, CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE);
+ tools_keyslot_msg(r, CREATED);
+ if (r < 0)
+ break;
+ kp[i].new = r;
+ r = assign_tokens(cd, i, r);
+ if (r < 0)
+ break;
+ }
+ }
+
+ if (r < 0)
+ goto out;
+
+ /*
+ * with --init-only lookup active device only if
+ * blkid probes are allowed and sector size increase
+ * is requested.
+ */
+ if (!ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID) &&
+ (!ARG_SET(OPT_INIT_ONLY_ID) || (tools_blkid_supported() && sector_size_increase))) {
+ r = reencrypt_get_active_name(cd, data_device, &active_name);
+ if (r < 0)
+ goto out;
+ }
+
+ if (sector_size_increase && !active_name && tools_blkid_supported() &&
+ !ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID)) {
+ log_err(_("Encryption sector size increase on offline device is not supported.\n"
+ "Activate the device first or use --force-offline-reencrypt option (dangerous!)."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (sector_size_increase && active_name) {
+ r = reencrypt_check_active_device_sb_block_size(active_name, luks2_params.sector_size);
+ if (r < 0)
+ goto out;
+ }
+
+ r = crypt_reencrypt_init_by_passphrase(cd,
+ ARG_SET(OPT_INIT_ONLY_ID) ? NULL : active_name,
+ kp[keyslot_old].password, kp[keyslot_old].passwordLen,
+ keyslot_old, kp[keyslot_old].new, cipher, mode, ¶ms);
+out:
+ crypt_safe_free(vk);
+ if (kp) {
+ for (i = 0; i < kp_size; i++) {
+ crypt_safe_free(kp[i].password);
+ if (r < 0 && kp[i].new >= 0 && kp[i].new != (int)i &&
+ crypt_reencrypt_status(cd, NULL) == CRYPT_REENCRYPT_NONE &&
+ crypt_keyslot_destroy(cd, kp[i].new))
+ log_dbg("Failed to remove keyslot %d with unbound key.", kp[i].new);
+ }
+ free(kp);
+ }
+ free(active_name);
+ return r;
+}
+
+static int reencrypt_luks2_resume(struct crypt_device *cd)
+{
+ int r;
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nReencryption interrupted."),
+ .device = tools_get_device_name(crypt_get_device_name(cd), &backing_file)
+ };
+
+ if (ARG_SET(OPT_FORCE_OFFLINE_REENCRYPT_ID) && !ARG_SET(OPT_BATCH_MODE_ID))
+ log_std(_("Resuming LUKS reencryption in forced offline mode.\n"));
+
+ set_int_handler(0);
+ r = crypt_reencrypt_run(cd, tools_progress, &prog_parms);
+ free(backing_file);
+ return r;
+}
+
+static int check_broken_luks_signature(const char *device)
+{
+ int r;
+ size_t count;
+
+ r = tools_detect_signatures(device, PRB_ONLY_LUKS, &count, ARG_SET(OPT_BATCH_MODE_ID));
+ if (r < 0)
+ return -EINVAL;
+ if (count) {
+ log_err(_("Device %s contains broken LUKS metadata. Aborting operation."), device);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int _encrypt(struct crypt_device *cd, const char *type, enum device_status_info dev_st, int action_argc, const char **action_argv)
+{
+ const char *device_ptr;
+ enum device_status_info data_dev_st;
+ struct stat st;
+ struct crypt_device *encrypt_cd = NULL;
+ int r = -EINVAL;
+
+ if (dev_st == DEVICE_LUKS2 || dev_st == DEVICE_LUKS1) {
+ log_err(_("Device %s is already LUKS device. Aborting operation."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]));
+ return -EINVAL;
+ }
+
+ if (dev_st == DEVICE_NOT_LUKS &&
+ (!ARG_SET(OPT_HEADER_ID) || !stat(ARG_STR(OPT_HEADER_ID), &st))) {
+ device_ptr = ARG_SET(OPT_HEADER_ID) ? ARG_STR(OPT_HEADER_ID) : action_argv[0];
+ r = check_broken_luks_signature(device_ptr);
+ if (r < 0)
+ return r;
+ }
+
+ /* check data device type/state */
+ if (ARG_SET(OPT_HEADER_ID)) {
+ device_ptr = cd ? crypt_get_device_name(cd) : action_argv[0];
+ data_dev_st = check_luks_device(device_ptr);
+
+ if (data_dev_st == DEVICE_INVALID)
+ return -EINVAL;
+
+ if (data_dev_st == DEVICE_LUKS2 || data_dev_st == DEVICE_LUKS1) {
+ log_err(_("Device %s is already LUKS device. Aborting operation."),
+ device_ptr);
+ return -EINVAL;
+ }
+
+ if (data_dev_st == DEVICE_LUKS2_REENCRYPT || data_dev_st == DEVICE_LUKS1_UNUSABLE) {
+ log_err(_("Device %s is already in LUKS reencryption. Aborting operation."),
+ device_ptr);
+ return -EINVAL;
+ }
+
+ r = check_broken_luks_signature(device_ptr);
+ if (r < 0)
+ return r;
+ }
+
+ if (!type)
+ type = crypt_get_default_type();
+
+ if (dev_st == DEVICE_LUKS1_UNUSABLE || isLUKS1(type)) {
+ r = reencrypt_is_header_detached(ARG_STR(OPT_HEADER_ID), action_argv[0]);
+ if (r < 0)
+ return r;
+ if (!r && !ARG_SET(OPT_REDUCE_DEVICE_SIZE_ID)) {
+ log_err(_("Encryption without detached header (--header) is not possible without data device size reduction (--reduce-device-size)."));
+ return -ENOTSUP;
+ }
+ return reencrypt_luks1(action_argv[0]);
+ } else if (dev_st == DEVICE_NOT_LUKS) {
+ r = encrypt_luks2_init(&encrypt_cd, action_argv[0], action_argc > 1 ? action_argv[1] : NULL);
+ if (r < 0 || ARG_SET(OPT_INIT_ONLY_ID)) {
+ crypt_free(encrypt_cd);
+ return r;
+ }
+ cd = encrypt_cd;
+ dev_st = DEVICE_LUKS2_REENCRYPT;
+ } else if (dev_st == DEVICE_LUKS2_REENCRYPT &&
+ (r = reencrypt_luks2_load(cd, action_argv[0])) < 0)
+ return r;
+
+ if (dev_st != DEVICE_LUKS2_REENCRYPT)
+ return -EINVAL;
+
+ r = reencrypt_luks2_resume(cd);
+
+ crypt_free(encrypt_cd);
+ return r;
+}
+
+static int _decrypt(struct crypt_device **cd, enum device_status_info dev_st, const char *data_device)
+{
+ int r;
+ struct stat st;
+ bool export_header = false;
+
+ assert(cd);
+
+ if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE)
+ return reencrypt_luks1(data_device);
+
+ /* header file does not exist, try loading device type from data device */
+ if (dev_st == DEVICE_NOT_LUKS && ARG_SET(OPT_HEADER_ID) &&
+ (stat(ARG_STR(OPT_HEADER_ID), &st) < 0) && errno == ENOENT) {
+ if (ARG_SET(OPT_ACTIVE_NAME_ID))
+ dev_st = load_luks2_by_name(cd, ARG_STR(OPT_ACTIVE_NAME_ID), NULL);
+ else
+ dev_st = load_luks(cd, NULL, uuid_or_device(data_device));
+
+ /*
+ * If data device is not LUKS2 report 'header is missing' error
+ * message user would get originally.
+ */
+ if (dev_st != DEVICE_LUKS2) {
+ log_err(_("Device %s does not exist or access denied."),
+ ARG_STR(OPT_HEADER_ID));
+ return -EINVAL;
+ }
+
+ export_header = true;
+ }
+
+ if (dev_st == DEVICE_LUKS2_REENCRYPT) {
+ if ((r = reencrypt_luks2_load(*cd, data_device)) < 0)
+ return r;
+ } else if (dev_st == DEVICE_LUKS2) {
+ if (!ARG_SET(OPT_HEADER_ID)) {
+ log_err(_("LUKS2 decryption requires --header option."));
+ return -EINVAL;
+ }
+
+ if (export_header)
+ r = decrypt_luks2_datashift_init(cd, data_device, ARG_STR(OPT_HEADER_ID));
+ else
+ r = decrypt_luks2_init(*cd, data_device);
+
+ if (r < 0 || ARG_SET(OPT_INIT_ONLY_ID))
+ return r;
+ } else if (dev_st == DEVICE_NOT_LUKS) {
+ log_err(_("Device %s is not a valid LUKS device."),
+ ARG_STR(OPT_HEADER_ID) ?: uuid_or_device(data_device));
+ return -EINVAL;
+ }
+
+ r = reencrypt_luks2_resume(*cd);
+ return r;
+}
+
+static int _reencrypt(struct crypt_device *cd, enum device_status_info dev_st, const char *data_device)
+{
+ int r;
+
+ if (dev_st == DEVICE_LUKS1 || dev_st == DEVICE_LUKS1_UNUSABLE)
+ return reencrypt_luks1(data_device);
+ else if (dev_st == DEVICE_LUKS2_REENCRYPT) {
+ if ((r = reencrypt_luks2_load(cd, data_device)) < 0)
+ return r;
+ } else if (dev_st == DEVICE_LUKS2) {
+ r = reencrypt_luks2_init(cd, data_device);
+ if (r < 0|| ARG_SET(OPT_INIT_ONLY_ID))
+ return r;
+ } else
+ return -EINVAL;
+
+ return reencrypt_luks2_resume(cd);
+}
+
+int reencrypt(int action_argc, const char **action_argv)
+{
+ enum device_status_info dev_st;
+ int r = -EINVAL;
+ struct crypt_device *cd = NULL;
+ const char *type = luksType(device_type);
+
+ if (action_argc < 1 && (!ARG_SET(OPT_ACTIVE_NAME_ID) || ARG_SET(OPT_ENCRYPT_ID))) {
+ log_err(_("Command requires device as argument."));
+ return r;
+ }
+
+ if (ARG_SET(OPT_ACTIVE_NAME_ID))
+ dev_st = load_luks2_by_name(&cd, ARG_STR(OPT_ACTIVE_NAME_ID), ARG_STR(OPT_HEADER_ID));
+ else
+ dev_st = load_luks(&cd, ARG_STR(OPT_HEADER_ID), uuid_or_device(action_argv[0]));
+
+ if (dev_st == DEVICE_INVALID)
+ return r;
+
+ if (dev_st == DEVICE_LUKS1 && isLUKS2(type)) {
+ log_err(_("Conflicting versions. Device %s is LUKS1."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]));
+ goto out;
+ }
+
+ if (dev_st == DEVICE_LUKS1_UNUSABLE && isLUKS2(type)) {
+ log_err(_("Conflicting versions. Device %s is in LUKS1 reencryption."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]));
+ goto out;
+ }
+
+ if (dev_st == DEVICE_LUKS2 && isLUKS1(type)) {
+ log_err(_("Conflicting versions. Device %s is LUKS2."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]));
+ goto out;
+ }
+
+ if (dev_st == DEVICE_LUKS2_REENCRYPT && isLUKS1(type)) {
+ log_err(_("Conflicting versions. Device %s is in LUKS2 reencryption."),
+ uuid_or_device(ARG_STR(OPT_HEADER_ID) ?: action_argv[0]));
+ goto out;
+ }
+
+ if (dev_st == DEVICE_LUKS2_REENCRYPT && ARG_SET(OPT_INIT_ONLY_ID)) {
+ log_err(_("LUKS2 reencryption already initialized. Aborting operation."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (ARG_SET(OPT_RESUME_ONLY_ID) &&
+ (dev_st == DEVICE_LUKS2 || dev_st == DEVICE_LUKS1 || dev_st == DEVICE_NOT_LUKS)) {
+ log_err(_("Device reencryption not in progress."));
+ r = -EINVAL;
+ goto out;
+ }
+
+ if (ARG_SET(OPT_ENCRYPT_ID))
+ r = _encrypt(cd, type, dev_st, action_argc, action_argv);
+ else if (ARG_SET(OPT_DECRYPT_ID))
+ r = _decrypt(&cd, dev_st, action_argv[0]);
+ else
+ r = _reencrypt(cd, dev_st, action_argv[0]);
+
+out:
+ crypt_free(cd);
+ return r;
+}
/*
- * cryptsetup-reencrypt - crypt utility for offline re-encryption
+ * cryptsetup - LUKS1 utility for offline re-encryption
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz All rights reserved.
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-#include "cryptsetup.h"
#include <sys/ioctl.h>
#include <linux/fs.h>
-#include <arpa/inet.h>
#include <uuid/uuid.h>
-#define PACKAGE_REENC "cryptsetup-reencrypt"
+#include "cryptsetup.h"
+#include "cryptsetup_args.h"
+#include "utils_luks.h"
#define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee"
-static char *opt_cipher = NULL;
-static char *opt_hash = NULL;
-static char *opt_key_file = NULL;
-static char *opt_master_key_file = NULL;
-static char *opt_uuid = NULL;
-static char *opt_type = NULL;
-static char *opt_pbkdf = NULL;
-static char *opt_header_device = NULL;
-
-/* helper strings converted to uint64_t later */
-static char *opt_reduce_size_str = NULL;
-static char *opt_device_size_str = NULL;
-
-static uint64_t opt_reduce_size = 0;
-static uint64_t opt_device_size = 0;
-
-static long opt_keyfile_size = 0;
-static long opt_keyfile_offset = 0;
-static int opt_iteration_time = 0;
-static long opt_pbkdf_memory = DEFAULT_LUKS2_MEMORY_KB;
-static long opt_pbkdf_parallel = DEFAULT_LUKS2_PARALLEL_THREADS;
-static long opt_pbkdf_iterations = 0;
-static int opt_random = 0;
-static int opt_urandom = 0;
-static int opt_bsize = 4;
-static int opt_directio = 0;
-static int opt_fsync = 0;
-static int opt_write_log = 0;
-static int opt_tries = 3;
-static int opt_key_slot = CRYPT_ANY_SLOT;
-static int opt_key_size = 0;
-static int opt_new = 0;
-static int opt_keep_key = 0;
-static int opt_decrypt = 0;
-
-static const char **action_argv;
-
-static const char *set_pbkdf = NULL;
-
-#define MAX_SLOT 32
-#define MAX_TOKEN 32
+extern int64_t data_shift;
+
+#define MAX_SLOT 8
+
struct reenc_ctx {
char *device;
char *device_header;
uint64_t device_shift;
uint64_t data_offset;
- unsigned int stained:1;
- unsigned int in_progress:1;
+ bool stained;
+ bool in_progress;
enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;
char header_file_org[PATH_MAX];
- char header_file_tmp[PATH_MAX];
char header_file_new[PATH_MAX];
char log_file[PATH_MAX];
CHECK_OPEN,
} header_magic;
-void tools_cleanup(void)
-{
- FREE_AND_NULL(opt_cipher);
- FREE_AND_NULL(opt_hash);
- FREE_AND_NULL(opt_key_file);
- FREE_AND_NULL(opt_master_key_file);
- FREE_AND_NULL(opt_uuid);
- FREE_AND_NULL(opt_type);
- FREE_AND_NULL(opt_pbkdf);
- FREE_AND_NULL(opt_header_device);
- FREE_AND_NULL(opt_reduce_size_str);
- FREE_AND_NULL(opt_device_size_str);
-}
-
static void _quiet_log(int level, const char *msg, void *usrptr)
{
- if (!opt_debug)
+ if (!ARG_SET(OPT_DEBUG_ID))
return;
tool_log(level, msg, usrptr);
}
return r < 0 ? 4096 : (size_t)r;
}
-static const char *luksType(const char *type)
-{
- if (type && !strcmp(type, "luks2"))
- return CRYPT_LUKS2;
-
- if (type && !strcmp(type, "luks1"))
- return CRYPT_LUKS1;
-
- if (!type || !strcmp(type, "luks"))
- return crypt_get_default_type();
-
- return NULL;
-}
-
static const char *hdr_device(const struct reenc_ctx *rc)
{
return rc->device_header ?: rc->device;
}
-static int set_reencrypt_requirement(const struct reenc_ctx *rc)
-{
- uint32_t reqs;
- int r = -EINVAL;
- struct crypt_device *cd = NULL;
- struct crypt_params_integrity ip = { 0 };
-
- if (crypt_init(&cd, hdr_device(rc)) ||
- crypt_load(cd, CRYPT_LUKS2, NULL) ||
- crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &reqs))
- goto out;
-
- /* reencrypt already in-progress */
- if (reqs & CRYPT_REQUIREMENT_OFFLINE_REENCRYPT) {
- log_err(_("Reencryption already in-progress."));
- goto out;
- }
-
- /* raw integrity info is available since 2.0 */
- if (crypt_get_integrity_info(cd, &ip) || ip.tag_size) {
- log_err(_("Reencryption of device with integrity profile is not supported."));
- r = -ENOTSUP;
- goto out;
- }
-
- r = crypt_persistent_flags_set(cd, CRYPT_FLAGS_REQUIREMENTS, reqs | CRYPT_REQUIREMENT_OFFLINE_REENCRYPT);
-out:
- crypt_free(cd);
- return r;
-}
-
/* Depends on the first two fields of LUKS1 header format, magic and version */
-static int device_check(struct reenc_ctx *rc, const char *device, header_magic set_magic)
+static int device_check(struct reenc_ctx *rc, const char *device, header_magic set_magic, bool exclusive)
{
char *buf = NULL;
int r, devfd;
}
/* coverity[toctou] */
- devfd = open(device, O_RDWR | (S_ISBLK(st.st_mode) ? O_EXCL : 0));
+ devfd = open(device, O_RDWR | ((S_ISBLK(st.st_mode) && exclusive) ? O_EXCL : 0)); /* lgtm[cpp/toctou-race-condition] */
if (devfd == -1) {
if (errno == EBUSY) {
log_err(_("Cannot exclusively open %s, device in use."),
/* Be sure that we do not process new version of header */
memcpy((void*)&version, &buf[MAGIC_L], sizeof(uint16_t));
- version = ntohs(version);
+ version = be16_to_cpu(version);
if (set_magic == MAKE_UNUSABLE && !memcmp(buf, MAGIC, MAGIC_L) &&
version == 1) {
log_verbose(_("Marking LUKS1 device %s unusable."), device);
memcpy(buf, NOMAGIC, MAGIC_L);
r = 0;
- } else if (set_magic == MAKE_UNUSABLE && version == 2) {
- log_verbose(_("Setting LUKS2 offline reencrypt flag on device %s."), device);
- r = set_reencrypt_requirement(rc);
- if (!r)
- rc->stained = 1;
} else if (set_magic == CHECK_UNUSABLE && version == 1) {
r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0;
- if (!r)
+ if (rc && !r)
rc->device_uuid = strndup(&buf[0xa8], 40);
goto out;
} else
log_err(_("Cannot write device %s."), device);
r = -EIO;
}
- if (s > 0 && set_magic == MAKE_UNUSABLE)
- rc->stained = 1;
+ if (rc && s > 0 && set_magic == MAKE_UNUSABLE)
+ rc->stained = true;
}
if (r)
log_dbg("LUKS signature check failed for %s.", device);
ssize_t r;
memset(rc->log_buf, 0, SECTOR_SIZE);
- snprintf(rc->log_buf, SECTOR_SIZE, "# LUKS reencryption log, DO NOT EDIT OR DELETE.\n"
- "version = %d\nUUID = %s\ndirection = %d\nmode = %d\n"
- "offset = %" PRIu64 "\nshift = %" PRIu64 "\n# EOF\n",
- 2, rc->device_uuid, rc->reencrypt_direction, rc->reencrypt_mode,
- rc->device_offset, rc->device_shift);
+ if (snprintf(rc->log_buf, SECTOR_SIZE, "# LUKS reencryption log, DO NOT EDIT OR DELETE.\n"
+ "version = %d\nUUID = %s\ndirection = %d\nmode = %d\n"
+ "offset = %" PRIu64 "\nshift = %" PRIu64 "\n# EOF\n",
+ 2, rc->device_uuid, rc->reencrypt_direction, rc->reencrypt_mode,
+ rc->device_offset, rc->device_shift) < 0)
+ return -EINVAL;
if (lseek(rc->log_fd, 0, SEEK_SET) == -1)
return -EIO;
if (end) {
*end++ = '\0';
if (parse_line_log(rc, start)) {
- log_err("Wrong log format.");
+ log_err(_("Wrong log format."));
return -EINVAL;
}
}
static int open_log(struct reenc_ctx *rc)
{
- int flags = opt_fsync ? O_SYNC : 0;
+ int flags = ARG_SET(OPT_USE_FSYNC_ID) ? O_SYNC : 0;
rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
if (rc->log_fd != -1) {
} else if (errno == EEXIST) {
log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
rc->log_fd = open(rc->log_file, O_RDWR|flags);
- rc->in_progress = 1;
+ rc->in_progress = true;
}
if (rc->log_fd == -1)
return -EINVAL;
if ((r = crypt_init_data_device(&cd, rc->header_file_org, rc->device)) ||
- (r = crypt_load(cd, CRYPT_LUKS, NULL)))
+ (r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out;
log_verbose(_("Activating temporary device using old LUKS header."));
if ((r = crypt_activate_by_passphrase(cd, rc->header_file_org,
- opt_key_slot, pwd_old, pwd_old_len,
+ ARG_INT32(OPT_KEY_SLOT_ID), pwd_old, pwd_old_len,
CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_PRIVATE)) < 0)
goto out;
if ((r = crypt_init_data_device(&cd_new, rc->header_file_new, rc->device)) ||
- (r = crypt_load(cd_new, CRYPT_LUKS, NULL)))
+ (r = crypt_load(cd_new, CRYPT_LUKS1, NULL)))
goto out;
log_verbose(_("Activating temporary device using new LUKS header."));
if ((r = crypt_activate_by_passphrase(cd_new, rc->header_file_new,
- opt_key_slot, pwd_new, pwd_new_len,
+ ARG_INT32(OPT_KEY_SLOT_ID), pwd_new, pwd_new_len,
CRYPT_ACTIVATE_SHARED|CRYPT_ACTIVATE_PRIVATE)) < 0)
goto out;
r = 0;
return r;
}
-static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
-{
- const struct crypt_pbkdf_type *pbkdf_default;
- struct crypt_pbkdf_type pbkdf = {};
-
- pbkdf_default = crypt_get_pbkdf_default(dev_type);
- if (!pbkdf_default)
- return -EINVAL;
-
- pbkdf.type = set_pbkdf ?: pbkdf_default->type;
- pbkdf.hash = opt_hash ?: pbkdf_default->hash;
- pbkdf.time_ms = (uint32_t)opt_iteration_time ?: pbkdf_default->time_ms;
- if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) {
- pbkdf.max_memory_kb = (uint32_t)opt_pbkdf_memory ?: pbkdf_default->max_memory_kb;
- pbkdf.parallel_threads = (uint32_t)opt_pbkdf_parallel ?: pbkdf_default->parallel_threads;
- }
-
- if (opt_pbkdf_iterations) {
- pbkdf.iterations = opt_pbkdf_iterations;
- pbkdf.time_ms = 0;
- pbkdf.flags |= CRYPT_PBKDF_NO_BENCHMARK;
- }
-
- return crypt_set_pbkdf_type(cd, &pbkdf);
-}
-
static int create_new_keyslot(struct reenc_ctx *rc, int keyslot,
struct crypt_device *cd_old,
struct crypt_device *cd_new)
const char *cipher, const char *cipher_mode,
const char *uuid,
const char *key, int key_size,
- const char *type,
uint64_t metadata_size,
uint64_t keyslots_size,
void *params)
if ((r = crypt_init(&cd_new, rc->header_file_new)))
goto out;
- if (opt_random)
+ if (ARG_SET(OPT_USE_RANDOM_ID))
crypt_set_rng_type(cd_new, CRYPT_RNG_RANDOM);
- else if (opt_urandom)
+ else if (ARG_SET(OPT_USE_URANDOM_ID))
crypt_set_rng_type(cd_new, CRYPT_RNG_URANDOM);
- r = set_pbkdf_params(cd_new, type);
+ r = set_pbkdf_params(cd_new, CRYPT_LUKS1);
if (r) {
log_err(_("Failed to set pbkdf parameters."));
goto out;
goto out;
}
- r = crypt_format(cd_new, type, cipher, cipher_mode, uuid, key, key_size, params);
+ r = crypt_format(cd_new, CRYPT_LUKS1, cipher, cipher_mode, uuid, key, key_size, params);
check_signal(&r);
if (r < 0)
goto out;
log_verbose(_("New LUKS header for device %s created."), rc->device);
- for (i = 0; i < crypt_keyslot_max(type); i++) {
+ for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
if (!rc->p[i].password)
continue;
return r;
}
-static int isLUKS2(const char *type)
-{
- return (type && !strcmp(type, CRYPT_LUKS2));
-}
-
-static int luks2_metadata_copy(struct reenc_ctx *rc)
-{
- const char *json, *type;
- crypt_token_info ti;
- uint32_t flags;
- int i, r = -EINVAL;
- struct crypt_device *cd_old = NULL, *cd_new = NULL;
-
- if (crypt_init(&cd_old, rc->header_file_tmp) ||
- crypt_load(cd_old, CRYPT_LUKS2, NULL))
- goto out;
-
- if (crypt_init(&cd_new, rc->header_file_new) ||
- crypt_load(cd_new, CRYPT_LUKS2, NULL))
- goto out;
-
- /*
- * we have to erase keyslots missing in new header so that we can
- * transfer tokens from old header to new one
- */
- for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++)
- if (!rc->p[i].password && crypt_keyslot_status(cd_old, i) == CRYPT_SLOT_ACTIVE) {
- r = crypt_keyslot_destroy(cd_old, i);
- if (r < 0)
- goto out;
- }
-
- for (i = 0; i < MAX_TOKEN; i++) {
- ti = crypt_token_status(cd_old, i, &type);
- switch (ti) {
- case CRYPT_TOKEN_INVALID:
- log_dbg("Internal error.");
- r = -EINVAL;
- goto out;
- case CRYPT_TOKEN_INACTIVE:
- break;
- case CRYPT_TOKEN_INTERNAL_UNKNOWN:
- log_err(_("This version of cryptsetup-reencrypt can't handle new internal token type %s."), type);
- r = -EINVAL;
- goto out;
- case CRYPT_TOKEN_INTERNAL:
- /* fallthrough */
- case CRYPT_TOKEN_EXTERNAL:
- /* fallthrough */
- case CRYPT_TOKEN_EXTERNAL_UNKNOWN:
- if (crypt_token_json_get(cd_old, i, &json) != i) {
- log_dbg("Failed to get %s token (%d).", type, i);
- r = -EINVAL;
- goto out;
- }
- if (crypt_token_json_set(cd_new, i, json) != i) {
- log_dbg("Failed to create %s token (%d).", type, i);
- r = -EINVAL;
- goto out;
- }
- }
- }
-
- if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_ACTIVATION, &flags))) {
- log_err(_("Failed to read activation flags from backup header."));
- goto out;
- }
- if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_ACTIVATION, flags))) {
- log_err(_("Failed to write activation flags to new header."));
- goto out;
- }
- if ((r = crypt_persistent_flags_get(cd_old, CRYPT_FLAGS_REQUIREMENTS, &flags))) {
- log_err(_("Failed to read requirements from backup header."));
- goto out;
- }
- if ((r = crypt_persistent_flags_set(cd_new, CRYPT_FLAGS_REQUIREMENTS, flags)))
- log_err(_("Failed to read requirements from backup header."));
-out:
- crypt_free(cd_old);
- crypt_free(cd_new);
- unlink(rc->header_file_tmp);
-
- return r;
-}
-
static int backup_luks_headers(struct reenc_ctx *rc)
{
struct crypt_device *cd = NULL;
struct crypt_params_luks1 params = {0};
- struct crypt_params_luks2 params2 = {0};
- struct stat st;
char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
char *key = NULL;
size_t key_size;
log_dbg("Creating LUKS header backup for device %s.", hdr_device(rc));
if ((r = crypt_init(&cd, hdr_device(rc))) ||
- (r = crypt_load(cd, CRYPT_LUKS, NULL)))
+ (r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out;
- if ((r = crypt_header_backup(cd, CRYPT_LUKS, rc->header_file_org)))
+ if ((r = crypt_header_backup(cd, CRYPT_LUKS1, rc->header_file_org)))
goto out;
- if (isLUKS2(rc->type)) {
- if ((r = crypt_header_backup(cd, CRYPT_LUKS2, rc->header_file_tmp)))
- goto out;
- if ((r = stat(rc->header_file_tmp, &st)))
- goto out;
- /* coverity[toctou] */
- if ((r = chmod(rc->header_file_tmp, st.st_mode | S_IWUSR)))
- goto out;
- }
- log_verbose(_("%s header backup of device %s created."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", rc->device);
+
+ log_verbose(_("%s header backup of device %s created."), "LUKS1", rc->device);
/* For decrypt, new header will be fake one, so we are done here. */
if (rc->reencrypt_mode == DECRYPT)
goto out;
- rc->data_offset = crypt_get_data_offset(cd) + ROUND_SECTOR(opt_reduce_size);
+ rc->data_offset = crypt_get_data_offset(cd) + ROUND_SECTOR(ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID));
if ((r = create_empty_header(rc->header_file_new)))
goto out;
- params.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
- params2.data_device = params.data_device = rc->device;
- params2.sector_size = crypt_get_sector_size(cd);
+ params.hash = ARG_STR(OPT_HASH_ID) ?: DEFAULT_LUKS1_HASH;
+ params.data_device = rc->device;
- if (opt_cipher) {
- r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+ if (ARG_SET(OPT_CIPHER_ID)) {
+ r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID), cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected."));
goto out;
}
}
- key_size = opt_key_size ? opt_key_size / 8 : crypt_get_volume_key_size(cd);
+ key_size = ARG_SET(OPT_KEY_SIZE_ID) ? ARG_UINT32(OPT_KEY_SIZE_ID) / 8 : (uint32_t)crypt_get_volume_key_size(cd);
- if (opt_keep_key) {
+ if (ARG_SET(OPT_KEEP_KEY_ID)) {
log_dbg("Keeping key from old header.");
key_size = crypt_get_volume_key_size(cd);
key = crypt_safe_alloc(key_size);
}
r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size,
rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen);
- } else if (opt_master_key_file) {
+ } else if (ARG_SET(OPT_VOLUME_KEY_FILE_ID)) {
log_dbg("Loading new key from file.");
- r = tools_read_mk(opt_master_key_file, &key, key_size);
+ r = tools_read_vk(ARG_STR(OPT_VOLUME_KEY_FILE_ID), &key, key_size);
}
if (r < 0)
goto out;
- if (isLUKS2(crypt_get_type(cd)) && crypt_get_metadata_size(cd, &mdata_size, &keyslots_size))
- goto out;
-
r = create_new_header(rc, cd,
- opt_cipher ? cipher : crypt_get_cipher(cd),
- opt_cipher ? cipher_mode : crypt_get_cipher_mode(cd),
+ ARG_SET(OPT_CIPHER_ID) ? cipher : crypt_get_cipher(cd),
+ ARG_SET(OPT_CIPHER_ID) ? cipher_mode : crypt_get_cipher_mode(cd),
crypt_get_uuid(cd),
key,
key_size,
- rc->type,
mdata_size,
keyslots_size,
- isLUKS2(rc->type) ? (void*)¶ms2 : (void*)¶ms);
+ (void*)¶ms);
- if (!r && isLUKS2(rc->type))
- r = luks2_metadata_copy(rc);
out:
crypt_free(cd);
crypt_safe_free(key);
{
struct crypt_device *cd_new = NULL;
struct crypt_params_luks1 params = {0};
- struct crypt_params_luks2 params2 = {0};
char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
const char *header_file_fake;
int r;
header_file_fake = (rc->reencrypt_mode == DECRYPT) ? rc->header_file_new : rc->header_file_org;
- if (!opt_key_size)
- opt_key_size = DEFAULT_LUKS1_KEYBITS;
+ if (!ARG_SET(OPT_KEY_SIZE_ID))
+ ARG_SET_UINT32(OPT_KEY_SIZE_ID, DEFAULT_LUKS1_KEYBITS);
- if (opt_cipher) {
- r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
+ if (ARG_SET(OPT_CIPHER_ID)) {
+ r = crypt_parse_name_and_mode(ARG_STR(OPT_CIPHER_ID), cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected."));
goto out;
if (r < 0)
return r;
- params.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
- params2.data_alignment = params.data_alignment = 0;
- params2.data_device = params.data_device = rc->device;
- params2.sector_size = crypt_get_sector_size(NULL);
- params2.pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2);
+ params.hash = ARG_STR(OPT_HASH_ID) ?: DEFAULT_LUKS1_HASH;
+ params.data_alignment = 0;
+ params.data_device = rc->device;
r = crypt_init(&cd_new, header_file_fake);
if (r < 0)
return r;
r = crypt_format(cd_new, CRYPT_LUKS1, "cipher_null", "ecb",
- NO_UUID, NULL, opt_key_size / 8, ¶ms);
+ NO_UUID, NULL, ARG_UINT32(OPT_KEY_SIZE_ID) / 8, ¶ms);
check_signal(&r);
if (r < 0)
goto out;
if (r < 0)
goto out;
- params2.data_alignment = params.data_alignment = ROUND_SECTOR(opt_reduce_size);
+ params.data_alignment = ROUND_SECTOR(ARG_UINT64(OPT_REDUCE_DEVICE_SIZE_ID));
r = create_new_header(rc, NULL,
- opt_cipher ? cipher : DEFAULT_LUKS1_CIPHER,
- opt_cipher ? cipher_mode : DEFAULT_LUKS1_MODE,
+ ARG_SET(OPT_CIPHER_ID) ? cipher : DEFAULT_LUKS1_CIPHER,
+ ARG_SET(OPT_CIPHER_ID) ? cipher_mode : DEFAULT_LUKS1_MODE,
NULL, NULL,
- (opt_key_size ? opt_key_size : DEFAULT_LUKS1_KEYBITS) / 8,
- rc->type,
+ ARG_UINT32(OPT_KEY_SIZE_ID) / 8,
0,
0,
- isLUKS2(rc->type) ? (void*)¶ms2 : (void*)¶ms);
+ (void*)¶ms);
out:
crypt_free(cd_new);
return r;
* For new encryption and new detached header in file just move it.
* For existing file try to ensure we have preallocated space for restore.
*/
- if (opt_new && rc->device_header) {
+ if (ARG_SET(OPT_ENCRYPT_ID) && rc->device_header) {
r = stat(rc->device_header, &st);
if (r == -1) {
r = rename(rc->header_file_new, rc->device_header);
r = crypt_init(&cd, hdr_device(rc));
if (r == 0) {
- r = crypt_header_restore(cd, rc->type, rc->header_file_new);
+ r = crypt_header_restore(cd, CRYPT_LUKS1, rc->header_file_new);
}
crypt_free(cd);
out:
if (r)
- log_err(_("Cannot restore %s header on device %s."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", hdr_device(rc));
+ log_err(_("Cannot restore %s header on device %s."), "LUKS1", hdr_device(rc));
else {
- log_verbose(_("%s header on device %s restored."), isLUKS2(rc->type) ? "LUKS2" : "LUKS1", hdr_device(rc));
- rc->stained = 0;
+ log_verbose(_("%s header on device %s restored."), "LUKS1", hdr_device(rc));
+ rc->stained = false;
}
return r;
}
size_t block_size, void *buf, uint64_t *bytes)
{
ssize_t s1, s2;
+ int r = -EIO;
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nReencryption interrupted."),
+ .device = tools_get_device_name(rc->device, &backing_file)
+ };
log_dbg("Reencrypting in forward direction.");
- if (lseek64(fd_old, rc->device_offset, SEEK_SET) < 0 ||
- lseek64(fd_new, rc->device_offset, SEEK_SET) < 0) {
+ if (lseek(fd_old, rc->device_offset, SEEK_SET) < 0 ||
+ lseek(fd_new, rc->device_offset, SEEK_SET) < 0) {
log_err(_("Cannot seek to device offset."));
- return -EIO;
+ goto out;
}
rc->resume_bytes = *bytes = rc->device_offset;
- tools_reencrypt_progress(rc->device_size, *bytes, NULL);
+ tools_progress(rc->device_size, *bytes, &prog_parms);
if (write_log(rc) < 0)
- return -EIO;
+ goto out;
while (!quit && rc->device_offset < rc->device_size) {
+ if ((rc->device_size - rc->device_offset) < (uint64_t)block_size)
+ block_size = rc->device_size - rc->device_offset;
s1 = read_buf(fd_old, buf, block_size);
if (s1 < 0 || ((size_t)s1 != block_size &&
(rc->device_offset + s1) != rc->device_size)) {
log_dbg("Read error, expecting %zu, got %zd.",
block_size, s1);
- return -EIO;
+ goto out;
}
/* If device_size is forced, never write more than limit */
if (s2 < 0) {
log_dbg("Write error, expecting %zu, got %zd.",
block_size, s2);
- return -EIO;
+ goto out;
}
rc->device_offset += s1;
- if (opt_write_log && write_log(rc) < 0)
- return -EIO;
+ if (ARG_SET(OPT_WRITE_LOG_ID) && write_log(rc) < 0)
+ goto out;
- if (opt_fsync && fsync(fd_new) < 0) {
+ if (ARG_SET(OPT_USE_FSYNC_ID) && fsync(fd_new) < 0) {
log_dbg("Write error, fsync.");
- return -EIO;
+ goto out;
}
*bytes += (uint64_t)s2;
- tools_reencrypt_progress(rc->device_size, *bytes, NULL);
+ tools_progress(rc->device_size, *bytes, &prog_parms);
}
- return quit ? -EAGAIN : 0;
+ r = 0;
+out:
+ free(backing_file);
+ return quit ? -EAGAIN : r;
}
static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
size_t block_size, void *buf, uint64_t *bytes)
{
ssize_t s1, s2, working_block;
- off64_t working_offset;
+ off_t working_offset;
+ int r = -EIO;
+ char *backing_file = NULL;
+ struct tools_progress_params prog_parms = {
+ .frequency = ARG_UINT32(OPT_PROGRESS_FREQUENCY_ID),
+ .batch_mode = ARG_SET(OPT_BATCH_MODE_ID),
+ .json_output = ARG_SET(OPT_PROGRESS_JSON_ID),
+ .interrupt_message = _("\nReencryption interrupted."),
+ .device = tools_get_device_name(rc->device, &backing_file)
+ };
log_dbg("Reencrypting in backward direction.");
*bytes = rc->resume_bytes;
}
- tools_reencrypt_progress(rc->device_size, *bytes, NULL);
+ tools_progress(rc->device_size, *bytes, &prog_parms);
if (write_log(rc) < 0)
- return -EIO;
+ goto out;
/* dirty the device during ENCRYPT mode */
- rc->stained = 1;
+ rc->stained = true;
while (!quit && rc->device_offset) {
if (rc->device_offset < block_size) {
working_block = block_size;
}
- if (lseek64(fd_old, working_offset, SEEK_SET) < 0 ||
- lseek64(fd_new, working_offset, SEEK_SET) < 0) {
+ if (lseek(fd_old, working_offset, SEEK_SET) < 0 ||
+ lseek(fd_new, working_offset, SEEK_SET) < 0) {
log_err(_("Cannot seek to device offset."));
- return -EIO;
+ goto out;
}
s1 = read_buf(fd_old, buf, working_block);
if (s1 < 0 || (s1 != working_block)) {
log_dbg("Read error, expecting %zu, got %zd.",
block_size, s1);
- return -EIO;
+ goto out;
}
s2 = write(fd_new, buf, working_block);
if (s2 < 0) {
log_dbg("Write error, expecting %zu, got %zd.",
block_size, s2);
- return -EIO;
+ goto out;
}
rc->device_offset -= s1;
- if (opt_write_log && write_log(rc) < 0)
- return -EIO;
+ if (ARG_SET(OPT_WRITE_LOG_ID) && write_log(rc) < 0)
+ goto out;
- if (opt_fsync && fsync(fd_new) < 0) {
+ if (ARG_SET(OPT_USE_FSYNC_ID) && fsync(fd_new) < 0) {
log_dbg("Write error, fsync.");
- return -EIO;
+ goto out;
}
*bytes += (uint64_t)s2;
- tools_reencrypt_progress(rc->device_size, *bytes, NULL);
+ tools_progress(rc->device_size, *bytes, &prog_parms);
}
- return quit ? -EAGAIN : 0;
+ r = 0;
+out:
+ free(backing_file);
+ return quit ? -EAGAIN : r;
}
static void zero_rest_of_device(int fd, size_t block_size, void *buf,
log_dbg("Zeroing rest of device.");
- if (lseek64(fd, offset, SEEK_SET) < 0) {
+ if (lseek(fd, offset, SEEK_SET) < 0) {
log_dbg("Cannot seek to device offset.");
return;
}
return;
}
- if (opt_fsync && fsync(fd) < 0) {
+ if (ARG_SET(OPT_USE_FSYNC_ID) && fsync(fd) < 0) {
log_dbg("Write error, fsync.");
return;
}
static int copy_data(struct reenc_ctx *rc)
{
- size_t block_size = opt_bsize * 1024 * 1024;
+ size_t block_size = ARG_UINT32(OPT_BLOCK_SIZE_ID) * 1024 * 1024;
int fd_old = -1, fd_new = -1;
int r = -EINVAL;
void *buf = NULL;
log_dbg("Data copy preparation.");
- fd_old = open(rc->crypt_path_org, O_RDONLY | (opt_directio ? O_DIRECT : 0));
+ fd_old = open(rc->crypt_path_org, O_RDONLY | (ARG_SET(OPT_USE_DIRECTIO_ID) ? O_DIRECT : 0));
if (fd_old == -1) {
log_err(_("Cannot open temporary LUKS device."));
goto out;
}
- fd_new = open(rc->crypt_path_new, O_WRONLY | (opt_directio ? O_DIRECT : 0));
+ fd_new = open(rc->crypt_path_new, O_WRONLY | (ARG_SET(OPT_USE_DIRECTIO_ID) ? O_DIRECT : 0));
if (fd_new == -1) {
log_err(_("Cannot open temporary LUKS device."));
goto out;
goto out;
}
- if (opt_device_size)
- rc->device_size = opt_device_size;
+ if (ARG_SET(OPT_DEVICE_SIZE_ID))
+ rc->device_size = ARG_UINT64(OPT_DEVICE_SIZE_ID);
else if (rc->reencrypt_mode == DECRYPT)
rc->device_size = rc->device_size_org_real;
else
log_dbg("Initialising UUID.");
- if (opt_new) {
+ if (ARG_SET(OPT_ENCRYPT_ID)) {
rc->device_uuid = strdup(NO_UUID);
- rc->type = luksType(opt_type);
return 0;
}
- if (opt_decrypt && opt_uuid) {
- r = uuid_parse(opt_uuid, device_uuid);
+ if (ARG_SET(OPT_DECRYPT_ID) && ARG_SET(OPT_UUID_ID)) {
+ r = uuid_parse(ARG_STR(OPT_UUID_ID), device_uuid);
if (!r)
- rc->device_uuid = strdup(opt_uuid);
+ rc->device_uuid = strdup(ARG_STR(OPT_UUID_ID));
else
log_err(_("Provided UUID is invalid."));
if ((r = crypt_init(&cd, hdr_device(rc))))
return r;
crypt_set_log_callback(cd, _quiet_log, NULL);
- r = crypt_load(cd, CRYPT_LUKS, NULL);
+ r = crypt_load(cd, CRYPT_LUKS1, NULL);
if (!r)
rc->device_uuid = strdup(crypt_get_uuid(cd));
else
/* Reencryption already in progress - magic header? */
- r = device_check(rc, hdr_device(rc), CHECK_UNUSABLE);
-
- if (!r)
- rc->type = isLUKS2(crypt_get_type(cd)) ? CRYPT_LUKS2 : CRYPT_LUKS1;
+ r = device_check(rc, hdr_device(rc), CHECK_UNUSABLE, true);
crypt_free(cd);
return r;
} else
ki = CRYPT_SLOT_ACTIVE;
- retry_count = opt_tries ?: 1;
+ retry_count = ARG_UINT32(OPT_TRIES_ID) ?: 1;
while (retry_count--) {
r = tools_get_key(msg, &password, &passwordLen, 0, 0,
NULL /*opt_key_file*/, 0, verify, 0 /*pwquality*/, cd);
int r;
size_t passwordLen;
- r = tools_get_key(NULL, &password, &passwordLen, opt_keyfile_offset,
- opt_keyfile_size, opt_key_file, 0, 0, 0, cd);
+ r = tools_get_key(NULL, &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), 0, 0, 0, cd);
if (r < 0)
return r;
* Allow keyslot only if it is last slot or if user explicitly
* specify which slot to use (IOW others will be disabled).
*/
- if (r >= 0 && opt_key_slot == CRYPT_ANY_SLOT &&
+ if (r >= 0 && ARG_INT32(OPT_KEY_SLOT_ID) == CRYPT_ANY_SLOT &&
crypt_keyslot_status(cd, r) != CRYPT_SLOT_ACTIVE_LAST) {
log_err(_("Key file can be used only with --key-slot or with "
"exactly one key slot active."));
log_dbg("Passphrases initialization.");
if (rc->reencrypt_mode == ENCRYPT && !rc->in_progress) {
- if (opt_key_file)
- r = init_keyfile(rc, NULL, opt_key_slot);
+ if (ARG_SET(OPT_KEY_FILE_ID))
+ r = init_keyfile(rc, NULL, ARG_INT32(OPT_KEY_SLOT_ID));
else
- r = init_passphrase1(rc, NULL, _("Enter new passphrase: "), opt_key_slot, 0, 1);
+ r = init_passphrase1(rc, NULL, _("Enter new passphrase: "), ARG_INT32(OPT_KEY_SLOT_ID), 0, 1);
return r > 0 ? 0 : r;
}
if ((r = crypt_init_data_device(&cd, device, rc->device)) ||
- (r = crypt_load(cd, CRYPT_LUKS, NULL))) {
+ (r = crypt_load(cd, CRYPT_LUKS1, NULL))) {
crypt_free(cd);
return r;
}
- if (opt_key_slot != CRYPT_ANY_SLOT)
+ if (ARG_INT32(OPT_KEY_SLOT_ID) != CRYPT_ANY_SLOT)
snprintf(msg, sizeof(msg),
- _("Enter passphrase for key slot %d: "), opt_key_slot);
+ _("Enter passphrase for key slot %d: "), ARG_INT32(OPT_KEY_SLOT_ID));
else
snprintf(msg, sizeof(msg), _("Enter any existing passphrase: "));
- if (opt_key_file) {
- r = init_keyfile(rc, cd, opt_key_slot);
+ if (ARG_SET(OPT_KEY_FILE_ID)) {
+ r = init_keyfile(rc, cd, ARG_INT32(OPT_KEY_SLOT_ID));
} else if (rc->in_progress ||
- opt_key_slot != CRYPT_ANY_SLOT ||
+ ARG_INT32(OPT_KEY_SLOT_ID) != CRYPT_ANY_SLOT ||
rc->reencrypt_mode == DECRYPT) {
- r = init_passphrase1(rc, cd, msg, opt_key_slot, 1, 0);
- } else for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++) {
+ r = init_passphrase1(rc, cd, msg, ARG_INT32(OPT_KEY_SLOT_ID), 1, 0);
+ } else for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %d: "), i);
r = init_passphrase1(rc, cd, msg, i, 1, 0);
if (r == -ENOENT) {
{
log_dbg("Initialising reencryption context.");
- rc->log_fd = -1;
+ memset(rc, 0, sizeof(*rc));
- /* FIXME: replace MAX_KEYSLOT with crypt_keyslot_max(CRYPT_LUKS2) */
- if (crypt_keyslot_max(CRYPT_LUKS2) > MAX_SLOT) {
- log_dbg("Internal error");
- return -EINVAL;
- }
+ rc->in_progress = false;
+ rc->stained = true;
+ rc->log_fd = -1;
if (!(rc->device = strndup(device, PATH_MAX)))
return -ENOMEM;
- if (opt_header_device && !(rc->device_header = strndup(opt_header_device, PATH_MAX)))
+ if (ARG_SET(OPT_HEADER_ID) && !(rc->device_header = strndup(ARG_STR(OPT_HEADER_ID), PATH_MAX)))
return -ENOMEM;
- if (device_check(rc, rc->device, CHECK_OPEN) < 0)
+ if (device_check(rc, rc->device, CHECK_OPEN, true) < 0)
return -EINVAL;
if (initialize_uuid(rc)) {
return -EINVAL;
}
- if (opt_key_slot != CRYPT_ANY_SLOT &&
- opt_key_slot >= crypt_keyslot_max(rc->type)) {
+ if (ARG_INT32(OPT_KEY_SLOT_ID) != CRYPT_ANY_SLOT &&
+ ARG_INT32(OPT_KEY_SLOT_ID) >= crypt_keyslot_max(CRYPT_LUKS1)) {
log_err(_("Key slot is invalid."));
return -EINVAL;
}
if (snprintf(rc->header_file_new, PATH_MAX,
"LUKS-%s.new", rc->device_uuid) < 0)
return -ENOMEM;
- if (snprintf(rc->header_file_tmp, PATH_MAX,
- "LUKS-%s.tmp", rc->device_uuid) < 0)
- return -ENOMEM;
/* Paths to encrypted devices */
if (snprintf(rc->crypt_path_org, PATH_MAX,
}
if (!rc->in_progress) {
- if (opt_uuid) {
+ if (ARG_SET(OPT_UUID_ID)) {
log_err(_("No decryption in progress, provided UUID can "
"be used only to resume suspended decryption process."));
return -EINVAL;
}
- if (!opt_reduce_size)
+ if (!ARG_SET(OPT_REDUCE_DEVICE_SIZE_ID))
rc->reencrypt_direction = FORWARD;
else {
rc->reencrypt_direction = BACKWARD;
rc->device_offset = (uint64_t)~0;
}
- if (opt_new)
+ if (ARG_SET(OPT_ENCRYPT_ID))
rc->reencrypt_mode = ENCRYPT;
- else if (opt_decrypt)
+ else if (ARG_SET(OPT_DECRYPT_ID))
rc->reencrypt_mode = DECRYPT;
else
rc->reencrypt_mode = REENCRYPT;
unlink(rc->log_file);
unlink(rc->header_file_org);
unlink(rc->header_file_new);
- unlink(rc->header_file_tmp);
}
for (i = 0; i < MAX_SLOT; i++)
free(rc->device_uuid);
}
-static int luks2_change_pbkdf_params(struct reenc_ctx *rc)
+int reencrypt_luks1(const char *device)
{
- int i, r;
- struct crypt_device *cd = NULL;
-
- if ((r = initialize_passphrase(rc, hdr_device(rc))))
- return r;
-
- if (crypt_init(&cd, hdr_device(rc)) ||
- crypt_load(cd, CRYPT_LUKS2, NULL)) {
- r = -EINVAL;
- goto out;
- }
-
- if ((r = set_pbkdf_params(cd, CRYPT_LUKS2)))
- goto out;
-
- log_dbg("LUKS2 keyslot pbkdf params change.");
-
- r = -EINVAL;
-
- for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++) {
- if (!rc->p[i].password)
- continue;
- if ((r = crypt_keyslot_change_by_passphrase(cd, i, i,
- rc->p[i].password, rc->p[i].passwordLen,
- rc->p[i].password, rc->p[i].passwordLen)) < 0)
- goto out;
- log_verbose(_("Changed pbkdf parameters in keyslot %i."), r);
- r = 0;
- }
-
- if (r)
- goto out;
+ int r = -EINVAL;
+ struct reenc_ctx *rc;
- /* see create_new_header */
- for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS2); i++)
- if (!rc->p[i].password)
- (void)crypt_keyslot_destroy(cd, i);
-out:
- crypt_free(cd);
- return r;
-}
+ rc = malloc(sizeof(*rc));
+ if (!rc)
+ return -ENOMEM;
-static int run_reencrypt(const char *device)
-{
- int r = -EINVAL;
- static struct reenc_ctx rc = {
- .stained = 1
- };
+ if (!ARG_SET(OPT_BATCH_MODE_ID))
+ log_verbose(_("Reencryption will change: %s%s%s%s%s%s."),
+ ARG_SET(OPT_KEEP_KEY_ID) ? "" : _("volume key"),
+ (!ARG_SET(OPT_KEEP_KEY_ID) && ARG_SET(OPT_HASH_ID)) ? ", " : "",
+ ARG_SET(OPT_HASH_ID) ? _("set hash to ") : "", ARG_STR(OPT_HASH_ID) ?: "",
+ ARG_SET(OPT_CIPHER_ID) ? _(", set cipher to "): "", ARG_STR(OPT_CIPHER_ID) ?: "");
+ /* FIXME: block all non pbkdf2 pkdfs */
set_int_handler(0);
- if (initialize_context(&rc, device))
- goto out;
-
- /* short-circuit LUKS2 keyslot parameters change */
- if (opt_keep_key && isLUKS2(rc.type)) {
- r = luks2_change_pbkdf_params(&rc);
+ if (initialize_context(rc, device))
goto out;
- }
log_dbg("Running reencryption.");
- if (!rc.in_progress) {
- if ((r = initialize_passphrase(&rc, hdr_device(&rc))))
+ if (!rc->in_progress) {
+ if ((r = initialize_passphrase(rc, hdr_device(rc))))
goto out;
log_dbg("Storing backup of LUKS headers.");
- if (rc.reencrypt_mode == ENCRYPT) {
+ if (rc->reencrypt_mode == ENCRYPT) {
/* Create fake header for existing device */
- if ((r = backup_fake_header(&rc)))
+ if ((r = backup_fake_header(rc)))
goto out;
} else {
- if ((r = backup_luks_headers(&rc)))
+ if ((r = backup_luks_headers(rc)))
goto out;
/* Create fake header for decrypted device */
- if (rc.reencrypt_mode == DECRYPT &&
- (r = backup_fake_header(&rc)))
+ if (rc->reencrypt_mode == DECRYPT &&
+ (r = backup_fake_header(rc)))
goto out;
- if ((r = device_check(&rc, hdr_device(&rc), MAKE_UNUSABLE)))
+ if ((r = device_check(rc, hdr_device(rc), MAKE_UNUSABLE, true)))
goto out;
}
} else {
- if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new)))
+ if ((r = initialize_passphrase(rc, ARG_SET(OPT_DECRYPT_ID) ? rc->header_file_org : rc->header_file_new)))
goto out;
}
- if (!opt_keep_key) {
+ if (!ARG_SET(OPT_KEEP_KEY_ID)) {
log_dbg("Running data area reencryption.");
- if ((r = activate_luks_headers(&rc)))
+ if ((r = activate_luks_headers(rc)))
goto out;
- if ((r = copy_data(&rc)))
+ if ((r = copy_data(rc)))
goto out;
} else
log_dbg("Keeping existing key, skipping data area reencryption.");
// FIXME: fix error path above to not skip this
- if (rc.reencrypt_mode != DECRYPT)
- r = restore_luks_header(&rc);
+ if (rc->reencrypt_mode != DECRYPT)
+ r = restore_luks_header(rc);
else
- rc.stained = 0;
+ rc->stained = false;
out:
- destroy_context(&rc);
- return r;
-}
+ destroy_context(rc);
+ free(rc);
-static void help(poptContext popt_context,
- enum poptCallbackReason reason __attribute__((unused)),
- struct poptOption *key,
- const char *arg __attribute__((unused)),
- void *data __attribute__((unused)))
-{
- if (key->shortName == '?') {
- log_std("%s %s\n", PACKAGE_REENC, PACKAGE_VERSION);
- poptPrintHelp(popt_context, stdout, 0);
- tools_cleanup();
- poptFreeContext(popt_context);
- exit(EXIT_SUCCESS);
- } else if (key->shortName == 'V') {
- log_std("%s %s\n", PACKAGE_REENC, PACKAGE_VERSION);
- tools_cleanup();
- poptFreeContext(popt_context);
- exit(EXIT_SUCCESS);
- } else
- usage(popt_context, EXIT_SUCCESS, NULL, NULL);
+ return r;
}
-int main(int argc, const char **argv)
+int reencrypt_luks1_in_progress(const char *device)
{
- static struct poptOption popt_help_options[] = {
- { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
- { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
- { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
- { "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL },
- POPT_TABLEEND
- };
- static struct poptOption popt_options[] = {
- { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
- { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
- { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
- { "block-size", 'B', POPT_ARG_INT, &opt_bsize, 0, N_("Reencryption block size"), N_("MiB") },
- { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
- { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
- { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
- { "keep-key", '\0', POPT_ARG_NONE, &opt_keep_key, 0, N_("Do not change key, no data area reencryption"), NULL },
- { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file"), NULL },
- { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read new volume (master) key from file"), NULL },
- { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
- { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
- { "progress-frequency",'\0', POPT_ARG_INT, &opt_progress_frequency, 0, N_("Progress line update (in seconds)"), N_("secs") },
- { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
- { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key"), NULL },
- { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key"), NULL },
- { "use-directio", '\0', POPT_ARG_NONE, &opt_directio, 0, N_("Use direct-io when accessing devices"), NULL },
- { "use-fsync", '\0', POPT_ARG_NONE, &opt_fsync, 0, N_("Use fsync after each block"), NULL },
- { "write-log", '\0', POPT_ARG_NONE, &opt_write_log, 0, N_("Update log file after every block"), NULL },
- { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Use only this slot (others will be disabled)"), NULL },
- { "keyfile-offset", '\0', POPT_ARG_LONG, &opt_keyfile_offset, 0, N_("Number of bytes to skip in keyfile"), N_("bytes") },
- { "keyfile-size", 'l', POPT_ARG_LONG, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
- { "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str, 0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") },
- { "device-size", '\0', POPT_ARG_STRING, &opt_device_size_str, 0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
- { "new", 'N', POPT_ARG_NONE, &opt_new, 0, N_("Create new header on not encrypted device"), NULL },
- { "decrypt", '\0', POPT_ARG_NONE, &opt_decrypt, 0, N_("Permanently decrypt device (remove encryption)"), NULL },
- { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("The UUID used to resume decryption"), NULL },
- { "type", '\0', POPT_ARG_STRING, &opt_type, 0, N_("Type of LUKS metadata: luks1, luks2"), NULL },
- { "pbkdf", '\0', POPT_ARG_STRING, &opt_pbkdf, 0, N_("PBKDF algorithm (for LUKS2): argon2i, argon2id, pbkdf2"), NULL },
- { "pbkdf-memory", '\0', POPT_ARG_LONG, &opt_pbkdf_memory, 0, N_("PBKDF memory cost limit"), N_("kilobytes") },
- { "pbkdf-parallel", '\0', POPT_ARG_LONG, &opt_pbkdf_parallel, 0, N_("PBKDF parallel cost"), N_("threads") },
- { "pbkdf-force-iterations",'\0',POPT_ARG_LONG, &opt_pbkdf_iterations, 0, N_("PBKDF iterations cost (forced, disables benchmark)"), NULL },
- { "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header"), NULL },
- POPT_TABLEEND
- };
- poptContext popt_context;
- int r;
-
- crypt_set_log_callback(NULL, tool_log, NULL);
-
- setlocale(LC_ALL, "");
- bindtextdomain(PACKAGE, LOCALEDIR);
- textdomain(PACKAGE);
-
- popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
- poptSetOtherOptionHelp(popt_context,
- _("[OPTION...] <device>"));
-
- while((r = poptGetNextOpt(popt_context)) > 0) ;
- if (r < -1)
- usage(popt_context, EXIT_FAILURE, poptStrerror(r),
- poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
-
- if (!opt_batch_mode)
- log_verbose(_("Reencryption will change: %s%s%s%s%s%s."),
- opt_keep_key ? "" : _("volume key"),
- (!opt_keep_key && opt_hash) ? ", " : "",
- opt_hash ? _("set hash to ") : "", opt_hash ?: "",
- opt_cipher ? _(", set cipher to "): "", opt_cipher ?: "");
-
- action_argv = poptGetArgs(popt_context);
- if(!action_argv)
- usage(popt_context, EXIT_FAILURE, _("Argument required."),
- poptGetInvocationName(popt_context));
-
- if (opt_random && opt_urandom)
- usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
- poptGetInvocationName(popt_context));
-
- if (opt_bsize < 0 || opt_key_size < 0 || opt_iteration_time < 0 ||
- opt_tries < 0 || opt_keyfile_offset < 0 || opt_key_size < 0 ||
- opt_pbkdf_iterations < 0 || opt_pbkdf_memory < 0 ||
- opt_pbkdf_parallel < 0) {
- usage(popt_context, EXIT_FAILURE,
- _("Negative number for option not permitted."),
- poptGetInvocationName(popt_context));
- }
+ struct stat st;
- if (opt_pbkdf && crypt_parse_pbkdf(opt_pbkdf, &set_pbkdf))
- usage(popt_context, EXIT_FAILURE,
- _("Password-based key derivation function (PBKDF) can be only pbkdf2 or argon2i/argon2id."),
- poptGetInvocationName(popt_context));
-
- if (opt_pbkdf_iterations && opt_iteration_time)
- usage(popt_context, EXIT_FAILURE,
- _("PBKDF forced iterations cannot be combined with iteration time option."),
- poptGetInvocationName(popt_context));
-
- if (opt_bsize < 1 || opt_bsize > 64)
- usage(popt_context, EXIT_FAILURE,
- _("Only values between 1 MiB and 64 MiB allowed for reencryption block size."),
- poptGetInvocationName(popt_context));
-
- if (opt_key_size % 8)
- usage(popt_context, EXIT_FAILURE,
- _("Key size must be a multiple of 8 bits"),
- poptGetInvocationName(popt_context));
-
- if (opt_key_slot != CRYPT_ANY_SLOT &&
- (opt_key_slot < 0 || opt_key_slot >= crypt_keyslot_max(CRYPT_LUKS2)))
- usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
- poptGetInvocationName(popt_context));
-
- if (opt_random && opt_urandom)
- usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
- poptGetInvocationName(popt_context));
-
- if (opt_device_size_str &&
- tools_string_to_size(NULL, opt_device_size_str, &opt_device_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
- poptGetInvocationName(popt_context));
-
- if (opt_reduce_size_str &&
- tools_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
- usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
- poptGetInvocationName(popt_context));
- if (opt_reduce_size > 64 * 1024 * 1024)
- usage(popt_context, EXIT_FAILURE, _("Maximum device reduce size is 64 MiB."),
- poptGetInvocationName(popt_context));
- if (opt_reduce_size % SECTOR_SIZE)
- usage(popt_context, EXIT_FAILURE, _("Reduce size must be multiple of 512 bytes sector."),
- poptGetInvocationName(popt_context));
-
- if (opt_new && (!opt_reduce_size && !opt_header_device))
- usage(popt_context, EXIT_FAILURE, _("Option --new must be used together with --reduce-device-size or --header."),
- poptGetInvocationName(popt_context));
-
- if (opt_keep_key && (opt_cipher || opt_new || opt_master_key_file))
- usage(popt_context, EXIT_FAILURE, _("Option --keep-key can be used only with --hash, --iter-time or --pbkdf-force-iterations."),
- poptGetInvocationName(popt_context));
-
- if (opt_new && opt_decrypt)
- usage(popt_context, EXIT_FAILURE, _("Option --new cannot be used together with --decrypt."),
- poptGetInvocationName(popt_context));
-
- if (opt_decrypt && (opt_cipher || opt_hash || opt_reduce_size || opt_keep_key || opt_device_size))
- usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."),
- poptGetInvocationName(popt_context));
-
- if (opt_uuid && !opt_decrypt)
- usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."),
- poptGetInvocationName(popt_context));
-
- if (!luksType(opt_type))
- usage(popt_context, EXIT_FAILURE, _("Invalid luks type. Use one of these: 'luks', 'luks1' or 'luks2'."),
- poptGetInvocationName(popt_context));
-
- if (opt_debug) {
- opt_verbose = 1;
- crypt_set_debug_level(-1);
- dbg_version_and_cmd(argc, argv);
- }
+ if (stat(device, &st) || (size_t)st.st_size < pagesize())
+ return -EINVAL;
- r = run_reencrypt(action_argv[0]);
- tools_cleanup();
- poptFreeContext(popt_context);
- return translate_errno(r);
+ return device_check(NULL, device, CHECK_UNUSABLE, false);
}
*
* Copyright (C) 2004 Jana Saout <jana@saout.de>
* Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
#include "cryptsetup.h"
-#include <math.h>
#include <signal.h>
-int opt_verbose = 0;
-int opt_debug = 0;
-int opt_debug_json = 0;
-int opt_batch_mode = 0;
-int opt_progress_frequency = 0;
-
/* interrupt handling */
volatile int quit = 0;
static int signals_blocked = 0;
*r = -EINTR;
}
-#define LOG_MAX_LEN 4096
-
-__attribute__((format(printf, 5, 6)))
-void clogger(struct crypt_device *cd, int level, const char *file, int line,
- const char *format, ...)
+void tool_log(int level, const char *msg, void *usrptr)
{
- va_list argp;
- char target[LOG_MAX_LEN + 2];
-
- va_start(argp, format);
-
- if (vsnprintf(&target[0], LOG_MAX_LEN, format, argp) > 0) {
- /* All verbose and error messages in tools end with EOL. */
- if (level == CRYPT_LOG_VERBOSE || level == CRYPT_LOG_ERROR ||
- level == CRYPT_LOG_DEBUG || level == CRYPT_LOG_DEBUG_JSON)
- strncat(target, "\n", LOG_MAX_LEN);
-
- crypt_log(cd, level, target);
- }
-
- va_end(argp);
-}
+ struct tools_log_params *params = (struct tools_log_params *)usrptr;
-void tool_log(int level, const char *msg, void *usrptr __attribute__((unused)))
-{
- switch(level) {
+ switch (level) {
case CRYPT_LOG_NORMAL:
fprintf(stdout, "%s", msg);
break;
case CRYPT_LOG_VERBOSE:
- if (opt_verbose)
+ if (params && params->verbose)
fprintf(stdout, "%s", msg);
break;
case CRYPT_LOG_ERROR:
break;
case CRYPT_LOG_DEBUG_JSON:
case CRYPT_LOG_DEBUG:
- if (opt_debug)
+ if (params && params->debug)
fprintf(stdout, "# %s", msg);
break;
}
void quiet_log(int level, const char *msg, void *usrptr)
{
- if (!opt_verbose && (level == CRYPT_LOG_ERROR || level == CRYPT_LOG_NORMAL))
- level = CRYPT_LOG_VERBOSE;
+ struct tools_log_params *params = (struct tools_log_params *)usrptr;
+
+ if ((!params || !params->verbose) && (level == CRYPT_LOG_ERROR || level == CRYPT_LOG_NORMAL))
+ return;
tool_log(level, msg, usrptr);
}
if (block)
set_int_block(0);
- if (isatty(STDIN_FILENO) && !opt_batch_mode) {
- log_std("\nWARNING!\n========\n");
- log_std("%s\n\nAre you sure? (Type 'yes' in capital letters): ", msg);
+ if (isatty(STDIN_FILENO)) {
+ log_std(_("\nWARNING!\n========\n"));
+ /* TRANSLATORS: User must type "YES" (in capital letters), do not translate this word. */
+ log_std(_("%s\n\nAre you sure? (Type 'yes' in capital letters): "), msg);
fflush(stdout);
if(getline(&answer, &size, stdin) == -1) {
r = 0;
{
char *crypt_error;
- if(!opt_verbose)
- return;
-
- if(!errcode) {
- log_std(_("Command successful.\n"));
+ if (!errcode) {
+ log_verbose(_("Command successful."));
return;
}
else
crypt_error = _("unknown error");
- log_std(_("Command failed with code %i (%s).\n"), -errcode, crypt_error);
+ log_verbose(_("Command failed with code %i (%s)."), -errcode, crypt_error);
}
const char *uuid_or_device(const char *spec)
log_verbose(_("Token %i removed."), token);
}
+void tools_token_error_msg(int error, const char *type, int token, bool pin_provided)
+{
+ if (error >= 0)
+ return;
+
+ if (error == -ENOANO) {
+ if (pin_provided)
+ log_verbose(_("No token could be unlocked with this PIN."));
+ else if (token != CRYPT_ANY_TOKEN)
+ log_verbose(_("Token %i requires PIN."), token);
+ else if (type)
+ log_verbose(_("Token (type %s) requires PIN."), type);
+ } else if (error == -EPERM) {
+ if (token != CRYPT_ANY_TOKEN)
+ log_verbose(_("Token %i cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."), token);
+ else if (type)
+ log_verbose(_("Token (type %s) cannot unlock assigned keyslot(s) (wrong keyslot passphrase)."), type);
+ } if (error == -EAGAIN) {
+ if (token != CRYPT_ANY_TOKEN)
+ log_verbose(_("Token %i requires additional missing resource."), token);
+ else if (type)
+ log_verbose(_("Token (type %s) requires additional missing resource."), type);
+ } if (error == -ENOENT) {
+ if (type)
+ log_verbose(_("No usable token (type %s) is available."), type);
+ else
+ log_verbose(_("No usable token is available."));
+ }
+}
+
/*
* Device size string parsing, suffixes:
* s|S - 512 bytes sectors
* kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base
* kb |KB |mM |MB |gB |GB |tB |TB - 1000 base
*/
-int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
+int tools_string_to_size(const char *s, uint64_t *size)
{
char *endp = NULL;
size_t len;
return 0;
}
-/* Time progress helper */
-
-/* The difference in seconds between two times in "timeval" format. */
-static double time_diff(struct timeval *start, struct timeval *end)
-{
- return (end->tv_sec - start->tv_sec)
- + (end->tv_usec - start->tv_usec) / 1E6;
-}
-
-void tools_clear_line(void)
-{
- if (opt_progress_frequency)
- return;
- /* vt100 code clear line */
- log_std("\33[2K\r");
-}
-
-static void tools_time_progress(uint64_t device_size, uint64_t bytes, uint64_t *start_bytes,
- struct timeval *start_time, struct timeval *end_time)
-{
- struct timeval now_time;
- unsigned long long mbytes, eta;
- double tdiff, uib, frequency;
- int final = (bytes == device_size);
- const char *eol, *ustr = "";
-
- if (opt_batch_mode)
- return;
-
- gettimeofday(&now_time, NULL);
- if (start_time->tv_sec == 0 && start_time->tv_usec == 0) {
- *start_time = now_time;
- *end_time = now_time;
- *start_bytes = bytes;
- return;
- }
-
- if (opt_progress_frequency) {
- frequency = (double)opt_progress_frequency;
- eol = "\n";
- } else {
- frequency = 0.5;
- eol = "";
- }
-
- if (!final && time_diff(end_time, &now_time) < frequency)
- return;
-
- *end_time = now_time;
-
- tdiff = time_diff(start_time, end_time);
- if (!tdiff)
- return;
-
- mbytes = bytes / 1024 / 1024;
- uib = (double)(bytes - *start_bytes) / tdiff;
-
- /* FIXME: calculate this from last minute only. */
- eta = (unsigned long long)(device_size / uib - tdiff);
-
- if (uib > 1073741824.0f) {
- uib /= 1073741824.0f;
- ustr = "Gi";
- } else if (uib > 1048576.0f) {
- uib /= 1048576.0f;
- ustr = "Mi";
- } else if (uib > 1024.0f) {
- uib /= 1024.0f;
- ustr = "Ki";
- }
-
- tools_clear_line();
- if (final)
- log_std("Finished, time %02llu:%02llu.%03llu, "
- "%4llu MiB written, speed %5.1f %sB/s\n",
- (unsigned long long)tdiff / 60,
- (unsigned long long)tdiff % 60,
- (unsigned long long)((tdiff - floor(tdiff)) * 1000.0),
- mbytes, uib, ustr);
- else
- log_std("Progress: %5.1f%%, ETA %02llu:%02llu, "
- "%4llu MiB written, speed %5.1f %sB/s%s",
- (double)bytes / device_size * 100,
- eta / 60, eta % 60, mbytes, uib, ustr, eol);
- fflush(stdout);
-}
-
-int tools_wipe_progress(uint64_t size, uint64_t offset, void *usrptr)
-{
- static struct timeval start_time = {}, end_time = {};
- static uint64_t start_offset = 0;
- int r = 0;
-
- tools_time_progress(size, offset, &start_offset, &start_time, &end_time);
-
- check_signal(&r);
- if (r) {
- tools_clear_line();
- log_err(_("\nWipe interrupted."));
- }
-
- return r;
-}
-
-static void report_partition(const char *value, const char *device)
+/*
+ * Keyfile - is standard input treated as a binary file (no EOL handling).
+ */
+int tools_is_stdin(const char *key_file)
{
- if (opt_batch_mode)
- log_dbg("Device %s already contains a '%s' partition signature.", device, value);
- else
- log_std(_("WARNING: Device %s already contains a '%s' partition signature.\n"), device, value);
-}
+ if (!key_file)
+ return 1;
-static void report_superblock(const char *value, const char *device)
-{
- if (opt_batch_mode)
- log_dbg("Device %s already contains a '%s' superblock signature.", device, value);
- else
- log_std(_("WARNING: Device %s already contains a '%s' superblock signature.\n"), device, value);
+ return strcmp(key_file, "-") ? 0 : 1;
}
-int tools_detect_signatures(const char *device, int ignore_luks, size_t *count)
+int tools_read_vk(const char *file, char **key, int keysize)
{
- int r;
- size_t tmp_count;
- struct blkid_handle *h;
- blk_probe_status pr;
-
- if (!count)
- count = &tmp_count;
+ int fd = -1, r = -EINVAL;
- *count = 0;
+ if (keysize <= 0 || !key)
+ return -EINVAL;
- if (!blk_supported()) {
- log_dbg("Blkid support disabled.");
- return 0;
- }
+ *key = crypt_safe_alloc(keysize);
+ if (!*key)
+ return -ENOMEM;
- if ((r = blk_init_by_path(&h, device))) {
- log_err(_("Failed to initialize device signature probes."));
- return -EINVAL;
+ fd = open(file, O_RDONLY);
+ if (fd == -1) {
+ log_err(_("Cannot read keyfile %s."), file);
+ goto out;
}
- blk_set_chains_for_full_print(h);
-
- if (ignore_luks && blk_superblocks_filter_luks(h)) {
- r = -EINVAL;
+ if (read_buffer(fd, *key, keysize) != keysize) {
+ log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
goto out;
}
+ r = 0;
+out:
+ if (fd != -1)
+ close(fd);
- while ((pr = blk_probe(h)) < PRB_EMPTY) {
- if (blk_is_partition(h))
- report_partition(blk_get_partition_type(h), device);
- else if (blk_is_superblock(h))
- report_superblock(blk_get_superblock_type(h), device);
- else {
- log_dbg("Internal tools_detect_signatures() error.");
- r = -EINVAL;
- goto out;
- }
- (*count)++;
+ if (r) {
+ crypt_safe_free(*key);
+ *key = NULL;
}
- if (pr == PRB_FAIL)
- r = -EINVAL;
-out:
- blk_free(h);
return r;
}
-int tools_wipe_all_signatures(const char *path)
+int tools_write_mk(const char *file, const char *key, int keysize)
{
- int fd, flags, r;
- blk_probe_status pr;
- struct stat st;
- struct blkid_handle *h = NULL;
+ int fd, r = -EINVAL;
- if (!blk_supported()) {
- log_dbg("Blkid support disabled.");
- return 0;
- }
-
- if (stat(path, &st)) {
- log_err(_("Failed to stat device %s."), path);
+ if (keysize <= 0 || !key)
return -EINVAL;
- }
-
- flags = O_RDWR;
- if (S_ISBLK(st.st_mode))
- flags |= O_EXCL;
- /* better than opening regular file with O_EXCL (undefined) */
- /* coverity[toctou] */
- fd = open(path, flags);
+ fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
if (fd < 0) {
- if (errno == EBUSY)
- log_err(_("Device %s is in use. Can not proceed with format operation."), path);
- else
- log_err(_("Failed to open file %s in read/write mode."), path);
- return -EINVAL;
+ log_err(_("Cannot open keyfile %s for write."), file);
+ return r;
}
- if ((r = blk_init_by_fd(&h, fd))) {
- log_err(_("Failed to initialize device signature probes."));
- r = -EINVAL;
- goto out;
- }
-
- blk_set_chains_for_wipes(h);
-
- while ((pr = blk_probe(h)) < PRB_EMPTY) {
- if (blk_is_partition(h))
- log_verbose(_("Existing '%s' partition signature (offset: %" PRIi64 " bytes) on device %s will be wiped."),
- blk_get_partition_type(h), blk_get_offset(h), path);
- if (blk_is_superblock(h))
- log_verbose(_("Existing '%s' superblock signature (offset: %" PRIi64 " bytes) on device %s will be wiped."),
- blk_get_superblock_type(h), blk_get_offset(h), path);
- if (blk_do_wipe(h)) {
- log_err(_("Failed to wipe device signature."));
- r = -EINVAL;
- goto out;
- }
- }
+ if (write_buffer(fd, key, keysize) == keysize)
+ r = 0;
+ else
+ log_err(_("Cannot write to keyfile %s."), file);
- if (pr != PRB_EMPTY) {
- log_err(_("Failed to probe device %s for a signature."), path);
- r = -EINVAL;
- }
-out:
close(fd);
- blk_free(h);
return r;
}
-/*
- * Keyfile - is standard input treated as a binary file (no EOL handling).
- */
-int tools_is_stdin(const char *key_file)
+void tools_package_version(const char *name, bool use_pwlibs)
{
- if (!key_file)
- return 1;
-
- return strcmp(key_file, "-") ? 0 : 1;
-}
-
-int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr)
-{
- static struct timeval start_time = {}, end_time = {};
- static uint64_t start_offset = 0;
- int r = 0;
-
- tools_time_progress(size, offset, &start_offset, &start_time, &end_time);
-
- check_signal(&r);
- if (r) {
- tools_clear_line();
- log_err(_("\nReencryption interrupted."));
- }
-
- return r;
+ bool udev = false, blkid = false, keyring = false, fips = false;
+ bool kernel_capi = false, pwquality = false, passwdqc = false;
+#ifdef USE_UDEV
+ udev = true;
+#endif
+#ifdef HAVE_BLKID
+ blkid = true;
+#endif
+#ifdef KERNEL_KEYRING
+ keyring = true;
+#endif
+#ifdef ENABLE_FIPS
+ fips = true;
+#endif
+#ifdef ENABLE_AF_ALG
+ kernel_capi = true;
+#endif
+#if defined(ENABLE_PWQUALITY)
+ pwquality = true;
+#elif defined(ENABLE_PASSWDQC)
+ passwdqc = true;
+#endif
+ log_std("%s %s flags: %s%s%s%s%s%s%s\n", name, PACKAGE_VERSION,
+ udev ? "UDEV " : "",
+ blkid ? "BLKID " : "",
+ keyring ? "KEYRING " : "",
+ fips ? "FIPS " : "",
+ kernel_capi ? "KERNEL_CAPI " : "",
+ pwquality && use_pwlibs ? "PWQUALITY " : "",
+ passwdqc && use_pwlibs ? "PASSWDQC " : "");
}
/*
* veritysetup - setup cryptographic volumes for dm-verity
*
- * Copyright (C) 2012-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2021 Milan Broz
+ * Copyright (C) 2012-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*/
#include "cryptsetup.h"
+#include "veritysetup_args.h"
#define PACKAGE_VERITY "veritysetup"
-static char *opt_fec_device = NULL;
-static char *opt_hash_algorithm = NULL;
-static char *opt_salt = NULL;
-static char *opt_uuid = NULL;
-static char *opt_root_hash_signature = NULL;
-
-static int opt_use_superblock = 1;
-static int opt_fec_roots = DEFAULT_VERITY_FEC_ROOTS;
-static int opt_hash_type = 1;
-static int opt_data_block_size = DEFAULT_VERITY_DATA_BLOCK;
-static int opt_hash_block_size = DEFAULT_VERITY_HASH_BLOCK;
-static uint64_t data_blocks = 0;
-static uint64_t hash_offset = 0;
-static uint64_t fec_offset = 0;
-static int opt_restart_on_corruption = 0;
-static int opt_panic_on_corruption = 0;
-static int opt_ignore_corruption = 0;
-static int opt_ignore_zero_blocks = 0;
-static int opt_check_at_most_once = 0;
-
static const char **action_argv;
static int action_argc;
+static struct tools_log_params log_parms;
void tools_cleanup(void)
{
- FREE_AND_NULL(opt_fec_device);
- FREE_AND_NULL(opt_hash_algorithm);
- FREE_AND_NULL(opt_salt);
- FREE_AND_NULL(opt_uuid);
- FREE_AND_NULL(opt_root_hash_signature);
+ tools_args_free(tool_core_args, ARRAY_SIZE(tool_core_args));
}
static int _prepare_format(struct crypt_params_verity *params,
char *salt = NULL;
int len;
- params->hash_name = opt_hash_algorithm ?: DEFAULT_VERITY_HASH;
+ params->hash_name = ARG_STR(OPT_HASH_ID);
params->data_device = data_device;
- params->fec_device = opt_fec_device;
- params->fec_roots = opt_fec_roots;
+ params->fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
+ params->fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
- if (opt_salt && !strcmp(opt_salt, "-")) {
+ if (ARG_STR(OPT_SALT_ID) && !strcmp(ARG_STR(OPT_SALT_ID), "-")) {
params->salt_size = 0;
params->salt = NULL;
- } else if (opt_salt) {
- len = crypt_hex_to_bytes(opt_salt, &salt, 0);
+ } else if (ARG_SET(OPT_SALT_ID)) {
+ len = crypt_hex_to_bytes(ARG_STR(OPT_SALT_ID), &salt, 0);
if (len < 0) {
log_err(_("Invalid salt string specified."));
return -EINVAL;
params->salt = NULL;
}
- params->data_block_size = opt_data_block_size;
- params->hash_block_size = opt_hash_block_size;
- params->data_size = data_blocks;
- params->hash_area_offset = hash_offset;
- params->fec_area_offset = fec_offset;
- params->hash_type = opt_hash_type;
+ params->data_block_size = ARG_UINT32(OPT_DATA_BLOCK_SIZE_ID);
+ params->hash_block_size = ARG_UINT32(OPT_HASH_BLOCK_SIZE_ID);
+ params->data_size = ARG_UINT64(OPT_DATA_BLOCKS_ID);
+ params->hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+ params->fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
+ params->hash_type = ARG_UINT32(OPT_FORMAT_ID);
params->flags = flags;
return 0;
}
-static int action_format(int arg)
+static int action_format(void)
{
struct crypt_device *cd = NULL;
struct crypt_params_verity params = {};
uint32_t flags = CRYPT_VERITY_CREATE_HASH;
- int r;
+ char *root_hash_bytes = NULL;
+ size_t root_hash_size;
+ int root_hash_fd = -1, i, r;
/* Try to create hash image if doesn't exist */
r = open(action_argv[1], O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
close(r);
}
/* Try to create FEC image if doesn't exist */
- if (opt_fec_device) {
- r = open(opt_fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
+ if (ARG_SET(OPT_FEC_DEVICE_ID)) {
+ r = open(ARG_STR(OPT_FEC_DEVICE_ID), O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
if (r < 0 && errno != EEXIST) {
- log_err(_("Cannot create FEC image %s for writing."), opt_fec_device);
+ log_err(_("Cannot create FEC image %s for writing."), ARG_STR(OPT_FEC_DEVICE_ID));
return -EINVAL;
} else if (r >= 0) {
- log_dbg("Created FEC image %s.", opt_fec_device);
+ log_dbg("Created FEC image %s.", ARG_STR(OPT_FEC_DEVICE_ID));
close(r);
}
}
if ((r = crypt_init(&cd, action_argv[1])))
goto out;
- if (!opt_use_superblock)
+ if (ARG_SET(OPT_NO_SUPERBLOCK_ID))
flags |= CRYPT_VERITY_NO_HEADER;
r = _prepare_format(¶ms, action_argv[0], flags);
if (r < 0)
goto out;
- r = crypt_format(cd, CRYPT_VERITY, NULL, NULL, opt_uuid, NULL, 0, ¶ms);
- if (!r)
- crypt_dump(cd);
+ r = crypt_format(cd, CRYPT_VERITY, NULL, NULL, ARG_STR(OPT_UUID_ID), NULL, 0, ¶ms);
+ if (r < 0)
+ goto out;
+
+ crypt_dump(cd);
+
+ /* Create or overwrite the root hash file */
+ if (ARG_SET(OPT_ROOT_HASH_FILE_ID)) {
+ root_hash_size = crypt_get_volume_key_size(cd);
+ root_hash_bytes = malloc(root_hash_size);
+ if (!root_hash_bytes) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_bytes, &root_hash_size, NULL, 0);
+ if (r < 0)
+ goto out;
+
+ root_hash_fd = open(ARG_STR(OPT_ROOT_HASH_FILE_ID), O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
+ if (root_hash_fd == -1) {
+ log_err(_("Cannot create root hash file %s for writing."), ARG_STR(OPT_ROOT_HASH_FILE_ID));
+ r = -EINVAL;
+ goto out;
+ }
+
+ for (i = 0; i < (int)root_hash_size; i++)
+ if (dprintf(root_hash_fd, "%02hhx", root_hash_bytes[i]) != 2) {
+ log_err(_("Cannot write to root hash file %s."), ARG_STR(OPT_ROOT_HASH_FILE_ID));
+ r = -EIO;
+ goto out;
+ }
+
+ log_dbg("Created root hash file %s.", ARG_STR(OPT_ROOT_HASH_FILE_ID));
+ }
out:
crypt_free(cd);
free(CONST_CAST(char*)params.salt);
+ free(root_hash_bytes);
+ if (root_hash_fd != -1)
+ close(root_hash_fd);
return r;
}
struct crypt_device *cd = NULL;
struct crypt_params_verity params = {};
uint32_t activate_flags = CRYPT_ACTIVATE_READONLY;
- char *root_hash_bytes = NULL;
- ssize_t hash_size;
+ char *root_hash_bytes = NULL, *root_hash_from_file = NULL;
+ ssize_t hash_size, hash_size_hex;
struct stat st;
char *signature = NULL;
- int signature_size = 0, r;
+ int signature_size = 0, root_hash_fd = -1, r;
if ((r = crypt_init_data_device(&cd, hash_device, data_device)))
goto out;
- if (opt_ignore_corruption)
+ if (ARG_SET(OPT_IGNORE_CORRUPTION_ID))
activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
- if (opt_restart_on_corruption)
+ if (ARG_SET(OPT_RESTART_ON_CORRUPTION_ID))
activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
- if (opt_panic_on_corruption)
+ if (ARG_SET(OPT_PANIC_ON_CORRUPTION_ID))
activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
- if (opt_ignore_zero_blocks)
+ if (ARG_SET(OPT_IGNORE_ZERO_BLOCKS_ID))
activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
- if (opt_check_at_most_once)
+ if (ARG_SET(OPT_CHECK_AT_MOST_ONCE_ID))
activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE;
+ if (ARG_SET(OPT_USE_TASKLETS_ID))
+ activate_flags |= CRYPT_ACTIVATE_TASKLETS;
- if (opt_use_superblock) {
+ if (!ARG_SET(OPT_NO_SUPERBLOCK_ID)) {
params.flags = flags;
- params.hash_area_offset = hash_offset;
- params.fec_area_offset = fec_offset;
- params.fec_device = opt_fec_device;
- params.fec_roots = opt_fec_roots;
+ params.hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+ params.fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
+ params.fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
+ params.fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
+ if (r)
+ log_err(_("Device %s is not a valid VERITY device."), hash_device);
+
} else {
r = _prepare_format(¶ms, data_device, flags | CRYPT_VERITY_NO_HEADER);
if (r < 0)
goto out;
hash_size = crypt_get_volume_key_size(cd);
+ hash_size_hex = 2 * hash_size;
+
+ if (!root_hash) {
+ root_hash_fd = open(ARG_STR(OPT_ROOT_HASH_FILE_ID), O_RDONLY);
+ if (root_hash_fd == -1) {
+ log_err(_("Cannot read root hash file %s."), ARG_STR(OPT_ROOT_HASH_FILE_ID));
+ goto out;
+ }
+
+ if (fstat(root_hash_fd, &st) || !S_ISREG(st.st_mode) || st.st_size < hash_size_hex) {
+ log_err(_("Invalid root hash file %s."), ARG_STR(OPT_ROOT_HASH_FILE_ID));
+ r = -EINVAL;
+ goto out;
+ }
+
+ root_hash_from_file = malloc(hash_size_hex + 1);
+ if (!root_hash_from_file) {
+ r = -ENOMEM;
+ goto out;
+ }
+
+ if (read_buffer(root_hash_fd, root_hash_from_file, hash_size_hex) != hash_size_hex) {
+ log_err(_("Cannot read root hash file %s."), root_hash_from_file);
+ goto out;
+ }
+
+ root_hash_from_file[hash_size_hex] = '\0';
+ root_hash = root_hash_from_file;
+ }
+
if (crypt_hex_to_bytes(root_hash, &root_hash_bytes, 0) != hash_size) {
log_err(_("Invalid root hash string specified."));
r = -EINVAL;
goto out;
}
- if (opt_root_hash_signature) {
+ if (ARG_SET(OPT_ROOT_HASH_SIGNATURE_ID)) {
// FIXME: check max file size
- if (stat(opt_root_hash_signature, &st) || !S_ISREG(st.st_mode) || !st.st_size) {
- log_err(_("Invalid signature file %s."), opt_root_hash_signature);
+ if (stat(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &st) || !S_ISREG(st.st_mode) || !st.st_size) {
+ log_err(_("Invalid signature file %s."), ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID));
r = -EINVAL;
goto out;
}
signature_size = st.st_size;
- r = tools_read_mk(opt_root_hash_signature, &signature, signature_size);
+ r = tools_read_vk(ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID), &signature, signature_size);
if (r < 0) {
- log_err(_("Cannot read signature file %s."), opt_root_hash_signature);
+ log_err(_("Cannot read signature file %s."), ARG_STR(OPT_ROOT_HASH_SIGNATURE_ID));
goto out;
}
}
out:
crypt_safe_free(signature);
crypt_free(cd);
+ free(root_hash_from_file);
free(root_hash_bytes);
free(CONST_CAST(char*)params.salt);
+ if (root_hash_fd != -1)
+ close(root_hash_fd);
return r;
}
-static int action_open(int arg)
+static int action_open(void)
{
+ if (action_argc < 4 && !ARG_SET(OPT_ROOT_HASH_FILE_ID)) {
+ log_err(_("Command requires <root_hash> or --root-hash-file option as argument."));
+ return -EINVAL;
+ }
+
return _activate(action_argv[1],
action_argv[0],
action_argv[2],
- action_argv[3],
- opt_root_hash_signature ? CRYPT_VERITY_ROOT_HASH_SIGNATURE : 0);
+ ARG_SET(OPT_ROOT_HASH_FILE_ID) ? NULL : action_argv[3],
+ ARG_SET(OPT_ROOT_HASH_SIGNATURE_ID) ? CRYPT_VERITY_ROOT_HASH_SIGNATURE : 0);
}
-static int action_verify(int arg)
+static int action_verify(void)
{
+ if (action_argc < 3 && !ARG_SET(OPT_ROOT_HASH_FILE_ID)) {
+ log_err(_("Command requires <root_hash> or --root-hash-file option as argument."));
+ return -EINVAL;
+ }
+
return _activate(NULL,
action_argv[0],
action_argv[1],
- action_argv[2],
+ ARG_SET(OPT_ROOT_HASH_FILE_ID) ? NULL : action_argv[2],
CRYPT_VERITY_CHECK_HASH);
}
-static int action_close(int arg)
+static int action_close(void)
{
struct crypt_device *cd = NULL;
+ crypt_status_info ci;
+ uint32_t flags = 0;
int r;
+ if (ARG_SET(OPT_DEFERRED_ID))
+ flags |= CRYPT_DEACTIVATE_DEFERRED;
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID))
+ flags |= CRYPT_DEACTIVATE_DEFERRED_CANCEL;
+
r = crypt_init_by_name(&cd, action_argv[0]);
if (r == 0)
- r = crypt_deactivate(cd, action_argv[0]);
+ r = crypt_deactivate_by_name(cd, action_argv[0], flags);
+
+ if (!r && ARG_SET(OPT_DEFERRED_ID)) {
+ ci = crypt_status(cd, action_argv[0]);
+ if (ci == CRYPT_ACTIVE || ci == CRYPT_BUSY)
+ log_std(_("Device %s is still active and scheduled for deferred removal.\n"),
+ action_argv[0]);
+ }
crypt_free(cd);
return r;
}
-static int action_status(int arg)
+static int action_status(void)
{
crypt_status_info ci;
struct crypt_active_device cad;
struct stat st;
char *backing_file, *root_hash;
size_t root_hash_size;
- unsigned i, path = 0;
+ unsigned path = 0;
int r = 0;
/* perhaps a path, not a dm device name */
log_std(" hash name: %s\n", vp.hash_name);
log_std(" salt: ");
if (vp.salt_size)
- for(i = 0; i < vp.salt_size; i++)
- log_std("%02hhx", (const char)vp.salt[i]);
+ crypt_log_hex(NULL, vp.salt, vp.salt_size, "", 0, NULL);
else
log_std("-");
log_std("\n");
if (vp.fec_device) {
log_std(" FEC device: %s\n", vp.fec_device);
- if ((backing_file = crypt_loop_backing_file(opt_fec_device))) {
+ if ((backing_file = crypt_loop_backing_file(ARG_STR(OPT_FEC_DEVICE_ID)))) {
log_std(" FEC loop: %s\n", backing_file);
free(backing_file);
}
r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash, &root_hash_size, NULL, 0);
if (!r) {
log_std(" root hash: ");
- for (i = 0; i < root_hash_size; i++)
- log_std("%02hhx", (const char)root_hash[i]);
+ crypt_log_hex(NULL, root_hash, root_hash_size, "", 0, NULL);
log_std("\n");
}
free(root_hash);
CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
CRYPT_ACTIVATE_PANIC_ON_CORRUPTION|
CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
- CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE))
- log_std(" flags: %s%s%s%s%s\n",
+ CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE|
+ CRYPT_ACTIVATE_TASKLETS))
+ log_std(" flags: %s%s%s%s%s%s\n",
(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
(cad.flags & CRYPT_ACTIVATE_PANIC_ON_CORRUPTION) ? "panic_on_corruption " : "",
(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks " : "",
- (cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : "");
+ (cad.flags & CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) ? "check_at_most_once" : "",
+ (cad.flags & CRYPT_ACTIVATE_TASKLETS) ? "try_verify_in_tasklet" : "");
}
out:
crypt_free(cd);
return r;
}
-static int action_dump(int arg)
+static int action_dump(void)
{
struct crypt_device *cd = NULL;
struct crypt_params_verity params = {};
if ((r = crypt_init(&cd, action_argv[0])))
return r;
- params.hash_area_offset = hash_offset;
- params.fec_area_offset = fec_offset;
+ params.hash_area_offset = ARG_UINT64(OPT_HASH_OFFSET_ID);
+ params.fec_area_offset = ARG_UINT64(OPT_FEC_OFFSET_ID);
+ params.fec_device = ARG_STR(OPT_FEC_DEVICE_ID);
+ params.fec_roots = ARG_UINT32(OPT_FEC_ROOTS_ID);
+
r = crypt_load(cd, CRYPT_VERITY, ¶ms);
if (!r)
crypt_dump(cd);
+ else
+ log_err(_("Device %s is not a valid VERITY device."), action_argv[0]);
+
crypt_free(cd);
return r;
}
static struct action_type {
const char *type;
- int (*handler)(int);
+ int (*handler)(void);
int required_action_argc;
const char *arg_desc;
const char *desc;
} action_types[] = {
{ "format", action_format, 2, N_("<data_device> <hash_device>"),N_("format device") },
- { "verify", action_verify, 3, N_("<data_device> <hash_device> <root_hash>"),N_("verify device") },
- { "open", action_open, 4, N_("<data_device> <name> <hash_device> <root_hash>"),N_("open device as <name>") },
+ { "verify", action_verify, 2, N_("<data_device> <hash_device> [<root_hash>]"),N_("verify device") },
+ { "open", action_open, 3, N_("<data_device> <name> <hash_device> [<root_hash>]"),N_("open device as <name>") },
{ "close", action_close, 1, N_("<name>"),N_("close device (remove mapping)") },
{ "status", action_status, 1, N_("<name>"),N_("show active device status") },
{ "dump", action_dump, 1, N_("<hash_device>"),N_("show on-disk information") },
struct action_type *action;
if (key->shortName == '?') {
- log_std("%s %s\n", PACKAGE_VERITY, PACKAGE_VERSION);
+ tools_package_version(PACKAGE_VERITY, false);
poptPrintHelp(popt_context, stdout, 0);
log_std(_("\n"
"<action> is one of:\n"));
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
} else if (key->shortName == 'V') {
- log_std("%s %s\n", PACKAGE_VERITY, PACKAGE_VERSION);
+ tools_package_version(PACKAGE_VERITY, false);
tools_cleanup();
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
log_dbg("Running command %s.", action->type);
- r = action->handler(0);
+ r = action->handler();
show_status(r);
return translate_errno(r);
}
+static void basic_options_cb(poptContext popt_context,
+ enum poptCallbackReason reason __attribute__((unused)),
+ struct poptOption *key,
+ const char *arg,
+ void *data __attribute__((unused)))
+{
+ tools_parse_arg_value(popt_context, tool_core_args[key->val].type, tool_core_args + key->val, arg, key->val, NULL);
+
+ switch (key->val) {
+ case OPT_DEBUG_ID:
+ log_parms.debug = true;
+ /* fall through */
+ case OPT_VERBOSE_ID:
+ log_parms.verbose = true;
+ }
+}
+
int main(int argc, const char **argv)
{
static const char *null_action_argv[] = {NULL};
{ "version",'V', POPT_ARG_NONE, NULL, 0, N_("Print package version"), NULL },
POPT_TABLEEND
};
+ static struct poptOption popt_basic_options[] = {
+ { NULL, '\0', POPT_ARG_CALLBACK, basic_options_cb, 0, NULL, NULL },
+#define ARG(A, B, C, D, E, F, G, H) { A, B, C, NULL, A ## _ID, D, E },
+#include "veritysetup_arg_list.h"
+#undef ARG
+ POPT_TABLEEND
+ };
static struct poptOption popt_options[] = {
{ NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
- { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
- { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
- { "no-superblock", 0, POPT_ARG_VAL, &opt_use_superblock, 0, N_("Do not use verity superblock"), NULL },
- { "format", 0, POPT_ARG_INT, &opt_hash_type, 0, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number") },
- { "data-block-size", 0, POPT_ARG_INT, &opt_data_block_size, 0, N_("Block size on the data device"), N_("bytes") },
- { "hash-block-size", 0, POPT_ARG_INT, &opt_hash_block_size, 0, N_("Block size on the hash device"), N_("bytes") },
- { "fec-roots", 0, POPT_ARG_INT, &opt_fec_roots, 0, N_("FEC parity bytes"), N_("bytes") },
- { "data-blocks", 0, POPT_ARG_STRING, NULL, 1, N_("The number of blocks in the data file"), N_("blocks") },
- { "fec-device", 0, POPT_ARG_STRING, &opt_fec_device, 0, N_("Path to device with error correction data"), N_("path") },
- { "hash-offset", 0, POPT_ARG_STRING, NULL, 2, N_("Starting offset on the hash device"), N_("bytes") },
- { "fec-offset", 0, POPT_ARG_STRING, NULL, 3, N_("Starting offset on the FEC device"), N_("bytes") },
- { "hash", 'h', POPT_ARG_STRING, &opt_hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
- { "salt", 's', POPT_ARG_STRING, &opt_salt, 0, N_("Salt"), N_("hex string") },
- { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use"), NULL },
- { "root-hash-signature",'\0', POPT_ARG_STRING, &opt_root_hash_signature, 0, N_("Path to root hash signature file"), NULL },
- { "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
- { "panic-on-corruption", 0,POPT_ARG_NONE, &opt_panic_on_corruption, 0, N_("Panic kernel if corruption is detected"), NULL },
- { "ignore-corruption", 0, POPT_ARG_NONE, &opt_ignore_corruption, 0, N_("Ignore corruption, log it only"), NULL },
- { "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
- { "check-at-most-once", 0, POPT_ARG_NONE, &opt_check_at_most_once, 0, N_("Verify data block only the first time it is read"), NULL },
+ { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_basic_options, 0, NULL, NULL },
POPT_TABLEEND
};
const char *aname;
int r;
- crypt_set_log_callback(NULL, tool_log, NULL);
+ crypt_set_log_callback(NULL, tool_log, &log_parms);
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
poptSetOtherOptionHelp(popt_context,
_("[OPTION...] <action> <action-specific>"));
- while((r = poptGetNextOpt(popt_context)) > 0) {
- unsigned long long ull_value;
- char *endp, *str = poptGetOptArg(popt_context);
-
- errno = 0;
- ull_value = strtoull(str, &endp, 10);
- if (*endp || !*str || !isdigit(*str) ||
- (errno == ERANGE && ull_value == ULLONG_MAX) ||
- (errno != 0 && ull_value == 0))
- r = POPT_ERROR_BADNUMBER;
-
- free(str);
-
- switch(r) {
- case 1:
- data_blocks = ull_value;
- break;
- case 2:
- hash_offset = ull_value;
- break;
- case 3:
- fec_offset = ull_value;
- break;
- }
-
- if (r < 0)
- break;
- }
+ while((r = poptGetNextOpt(popt_context)) > 0) {}
if (r < -1)
usage(popt_context, EXIT_FAILURE, poptStrerror(r),
if (action_argc < action->required_action_argc) {
char buf[128];
- snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
+ if (snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc) < 0)
+ buf[0] = '\0';
usage(popt_context, EXIT_FAILURE, buf,
poptGetInvocationName(popt_context));
}
- if (opt_data_block_size < 0 || opt_hash_block_size < 0 || opt_hash_type < 0) {
- usage(popt_context, EXIT_FAILURE,
- _("Negative number for option not permitted."),
- poptGetInvocationName(popt_context));
- }
-
- if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for open operation."),
- poptGetInvocationName(popt_context));
-
- if (opt_root_hash_signature && strcmp(aname, "open"))
- usage(popt_context, EXIT_FAILURE,
- _("Option --root-hash-signature can be used only for open operation."),
- poptGetInvocationName(popt_context));
+ tools_check_args(action->type, tool_core_args, ARRAY_SIZE(tool_core_args), popt_context);
- if (opt_ignore_corruption && opt_restart_on_corruption)
+ if (ARG_SET(OPT_IGNORE_CORRUPTION_ID) && ARG_SET(OPT_RESTART_ON_CORRUPTION_ID))
usage(popt_context, EXIT_FAILURE,
_("Option --ignore-corruption and --restart-on-corruption cannot be used together."),
poptGetInvocationName(popt_context));
- if (opt_panic_on_corruption && opt_restart_on_corruption)
+ if (ARG_SET(OPT_PANIC_ON_CORRUPTION_ID) && ARG_SET(OPT_RESTART_ON_CORRUPTION_ID))
usage(popt_context, EXIT_FAILURE,
_("Option --panic-on-corruption and --restart-on-corruption cannot be used together."),
poptGetInvocationName(popt_context));
- if (opt_debug) {
- opt_verbose = 1;
- crypt_set_debug_level(-1);
+ if (ARG_SET(OPT_CANCEL_DEFERRED_ID) && ARG_SET(OPT_DEFERRED_ID))
+ usage(popt_context, EXIT_FAILURE,
+ _("Options --cancel-deferred and --deferred cannot be used at the same time."),
+ poptGetInvocationName(popt_context));
+
+ if (ARG_SET(OPT_DEBUG_ID)) {
+ crypt_set_debug_level(CRYPT_DEBUG_ALL);
dbg_version_and_cmd(argc, argv);
}
--- /dev/null
+/*
+ * Veritysetup command line arguments list
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+/* long name, short name, popt type, help description, units, internal argument type, default value, allowed actions (empty=global) */
+
+ARG(OPT_CANCEL_DEFERRED, '\0', POPT_ARG_NONE, N_("Cancel a previously set deferred device removal"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_CHECK_AT_MOST_ONCE, '\0', POPT_ARG_NONE, N_("Verify data block only the first time it is read"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DATA_BLOCK_SIZE, '\0', POPT_ARG_STRING, N_("Block size on the data device"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_DATA_BLOCK }, {})
+
+ARG(OPT_DATA_BLOCKS, '\0', POPT_ARG_STRING, N_("The number of blocks in the data file"), N_("blocks"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_DEBUG, '\0', POPT_ARG_NONE, N_("Show debug messages"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_DEFERRED, '\0', POPT_ARG_NONE, N_("Device removal is deferred until the last user closes it"), NULL, CRYPT_ARG_BOOL, {}, OPT_DEFERRED_ACTIONS)
+
+ARG(OPT_FEC_DEVICE, '\0', POPT_ARG_STRING, N_("Path to device with error correction data"), N_("path"), CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_FEC_OFFSET, '\0', POPT_ARG_STRING, N_("Starting offset on the FEC device"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_FEC_ROOTS, '\0', POPT_ARG_STRING, N_("FEC parity bytes"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_FEC_ROOTS }, {})
+
+ARG(OPT_FORMAT, '\0', POPT_ARG_STRING, N_("Format type (1 - normal, 0 - original Chrome OS)"), N_("number"), CRYPT_ARG_UINT32, { .u32_value = 1 }, {})
+
+ARG(OPT_HASH, 'h', POPT_ARG_STRING, N_("Hash algorithm"), N_("string"), CRYPT_ARG_STRING, { .str_value = CONST_CAST(void *)DEFAULT_VERITY_HASH }, {})
+
+ARG(OPT_HASH_BLOCK_SIZE, '\0', POPT_ARG_STRING, N_("Block size on the hash device"), N_("bytes"), CRYPT_ARG_UINT32, { .u32_value = DEFAULT_VERITY_HASH_BLOCK }, {})
+
+ARG(OPT_HASH_OFFSET, '\0', POPT_ARG_STRING, N_("Starting offset on the hash device"), N_("bytes"), CRYPT_ARG_UINT64, {}, {})
+
+ARG(OPT_IGNORE_CORRUPTION, '\0', POPT_ARG_NONE, N_("Ignore corruption, log it only"), NULL, CRYPT_ARG_BOOL, {}, OPT_IGNORE_CORRUPTION_ACTIONS)
+
+ARG(OPT_IGNORE_ZERO_BLOCKS, '\0', POPT_ARG_NONE, N_("Do not verify zeroed blocks"), NULL, CRYPT_ARG_BOOL, {}, OPT_IGNORE_ZERO_BLOCKS_ACTIONS)
+
+ARG(OPT_NO_SUPERBLOCK, '\0', POPT_ARG_NONE, N_("Do not use verity superblock"), NULL, CRYPT_ARG_BOOL, {}, {})
+
+ARG(OPT_PANIC_ON_CORRUPTION, '\0', POPT_ARG_NONE, N_("Panic kernel if corruption is detected"), NULL, CRYPT_ARG_BOOL, {}, OPT_PANIC_ON_CORRUPTION_ACTIONS)
+
+ARG(OPT_RESTART_ON_CORRUPTION, '\0', POPT_ARG_NONE, N_("Restart kernel if corruption is detected"), NULL, CRYPT_ARG_BOOL, {}, OPT_RESTART_ON_CORRUPTION_ACTIONS)
+
+ARG(OPT_ROOT_HASH_FILE, '\0', POPT_ARG_STRING, N_("Path to root hash file"), NULL, CRYPT_ARG_STRING, {}, OPT_ROOT_HASH_FILE_ACTIONS)
+
+ARG(OPT_ROOT_HASH_SIGNATURE, '\0', POPT_ARG_STRING, N_("Path to root hash signature file"), NULL, CRYPT_ARG_STRING, {}, OPT_ROOT_HASH_SIGNATURE_ACTIONS)
+
+ARG(OPT_SALT, 's', POPT_ARG_STRING, N_("Salt"), N_("hex string"), CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_USE_TASKLETS, '\0', POPT_ARG_NONE, N_("Use kernel tasklets for performance"), NULL, CRYPT_ARG_BOOL, {}, OPT_USE_TASKLETS_ACTIONS)
+
+ARG(OPT_UUID, '\0', POPT_ARG_STRING, N_("UUID for device to use"), NULL, CRYPT_ARG_STRING, {}, {})
+
+ARG(OPT_VERBOSE, 'v', POPT_ARG_NONE, N_("Shows more detailed error messages"), NULL, CRYPT_ARG_BOOL, {}, {})
--- /dev/null
+/*
+ * Command line arguments helpers
+ *
+ * Copyright (C) 2020-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2020-2023 Ondrej Kozina
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef VERITYSETUP_ARGS_H
+#define VERITYSETUP_ARGS_H
+
+#include "utils_arg_names.h"
+#include "utils_arg_macros.h"
+
+#define CLOSE_ACTION "close"
+#define DUMP_ACTION "dump"
+#define FORMAT_ACTION "format"
+#define OPEN_ACTION "open"
+#define STATUS_ACTION "status"
+#define VERIFY_ACTION "verify"
+
+#define OPT_DEFERRED_ACTIONS { CLOSE_ACTION }
+#define OPT_IGNORE_CORRUPTION_ACTIONS { OPEN_ACTION }
+#define OPT_IGNORE_ZERO_BLOCKS_ACTIONS { OPEN_ACTION }
+#define OPT_RESTART_ON_CORRUPTION_ACTIONS { OPEN_ACTION }
+#define OPT_PANIC_ON_CORRUPTION_ACTIONS { OPEN_ACTION }
+#define OPT_ROOT_HASH_FILE_ACTIONS { FORMAT_ACTION, OPEN_ACTION, VERIFY_ACTION }
+#define OPT_ROOT_HASH_SIGNATURE_ACTIONS { OPEN_ACTION }
+#define OPT_USE_TASKLETS_ACTIONS { OPEN_ACTION }
+
+enum {
+OPT_UNUSED_ID = 0,
+#define ARG(A, B, C, D, E, F, G, H) A ## _ID,
+#include "veritysetup_arg_list.h"
+#undef ARG
+};
+
+static struct tools_arg tool_core_args[] = { { NULL, false, CRYPT_ARG_BOOL }, // UNUSED
+#define ARG(A, B, C, D, E, F, G, H) { A, false, F, G, H },
+#include "veritysetup_arg_list.h"
+#undef ARG
+};
+
+#endif
fi
echo "Memory"
-free -h
+free -m
pversion cryptsetup
pversion veritysetup
pversion integritysetup
-pversion cryptsetup-reencrypt
+
+[ -x $CRYPTSETUP_PATH/cryptsetup ] && {
+ echo -e "Cryptsetup defaults:"
+ $CRYPTSETUP_PATH/cryptsetup --help | sed -n '/optional key file for/,$p' | tail -n +3
+}
[ $(id -u) != 0 ] && exit 77
TESTS = 00modules-test \
api-test \
api-test-2 \
+ compat-args-test \
compat-test \
compat-test2 \
loopaes-test \
luks2-validation-test \
luks2-integrity-test \
vectors-test \
- blockwise-compat \
- bitlk-compat-test
+ blockwise-compat-test \
+ bitlk-compat-test \
+ fvault2-compat-test \
+ run-all-symbols \
+ unit-utils-crypt-test \
+ unit-wipe-test \
+ reencryption-compat-test \
+ luks2-reencryption-test \
+ luks2-reencryption-mangle-test
if VERITYSETUP
TESTS += verity-compat-test
endif
-if REENCRYPT
-TESTS += reencryption-compat-test reencryption-compat-test2 luks2-reencryption-test luks2-reencryption-mangle-test
-endif
-
if INTEGRITYSETUP
TESTS += integrity-compat-test
endif
+if SSHPLUGIN_TOKEN
+TESTS += ssh-test-plugin
+endif
+
+if EXTERNAL_TOKENS
+TESTS += systemd-test-plugin
+endif
+
+ssh-test-plugin: fake_token_path.so
+systemd-test-plugin: fake_token_path.so fake_systemd_tpm_path.so
+
+# Do not use global CFLAGS here as the *.so link does not support sanitizers
+fake_token_path.so: fake_token_path.c
+ $(CC) $(LDFLAGS) -I $(top_srcdir)/lib -fPIC -shared -D_GNU_SOURCE \
+ -Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \
+ -o fake_token_path.so $(top_srcdir)/tests/fake_token_path.c \
+ -DBUILD_DIR=\"$(abs_top_srcdir)/.libs/\"
+
+fake_systemd_tpm_path.so: fake_systemd_tpm_path.c
+ $(CC) $(LDFLAGS) -fPIC -shared -D_GNU_SOURCE -o fake_systemd_tpm_path.so \
+ $(top_srcdir)/tests/fake_systemd_tpm_path.c
+
EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \
compatimage2.img.xz \
conversion_imgs.tar.xz \
luks2_keyslot_unassigned.img.xz \
img_fs_ext4.img.xz img_fs_vfat.img.xz img_fs_xfs.img.xz \
+ xfs_512_block_size.img.xz \
valid_header_file.xz \
luks2_valid_hdr.img.xz \
- luks2_header_requirements.xz \
- luks2_header_requirements_free.xz \
+ luks2_header_requirements.tar.xz \
luks2_mda_images.tar.xz \
evil_hdr-payload_overwrite.xz \
evil_hdr-stripes_payload_dmg.xz \
tcrypt-images.tar.xz \
luks1-images.tar.xz \
00modules-test \
+ compat-args-test \
compat-test \
compat-test2 \
loopaes-test align-test discards-test mode-test password-hash-test \
align-test2 verity-compat-test \
reencryption-compat-test \
- reencryption-compat-test2 \
luks2-reencryption-test \
luks2-reencryption-mangle-test \
tcrypt-compat-test \
keyring-compat-test \
integrity-compat-test \
cryptsetup-valg-supps valg.sh valg-api.sh \
- blockwise-compat \
+ blockwise-compat-test \
blkid-luks2-pv.img.xz \
Makefile.localtest \
bitlk-compat-test \
- bitlk-images.tar.xz
-
-CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log
+ bitlk-images.tar.xz \
+ fvault2-compat-test \
+ fvault2-images.tar.xz \
+ ssh-test-plugin \
+ generate-symbols-list \
+ run-all-symbols \
+ fake_token_path.c \
+ fake_systemd_tpm_path.c \
+ unit-wipe-test \
+ systemd-test-plugin
+
+CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log test-symbols-list.h fake_token_path.so fake_systemd_tpm_path.so
clean-local:
- -rm -rf tcrypt-images luks1-images luks2-images bitlk-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp
-
-LDADD = $(LTLIBINTL)
+ -rm -rf tcrypt-images luks1-images luks2-images bitlk-images fvault2-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp external-tokens
differ_SOURCES = differ.c
differ_CFLAGS = $(AM_CFLAGS) -Wall -O2
api_test_SOURCES = api-test.c api_test.h test_utils.c
-api_test_LDADD = $(LDADD) ../libcryptsetup.la
+api_test_LDADD = ../libcryptsetup.la
api_test_LDFLAGS = $(AM_LDFLAGS) -static
-api_test_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
+api_test_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib
api_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c
-api_test_2_LDADD = $(LDADD) ../libcryptsetup.la
+api_test_2_LDADD = ../libcryptsetup.la
api_test_2_LDFLAGS = $(AM_LDFLAGS) -static
-api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
+api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib
api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
vectors_test_SOURCES = crypto-vectors.c
vectors_test_LDADD = ../libcrypto_backend.la @CRYPTO_LIBS@ @LIBARGON2_LIBS@
vectors_test_LDFLAGS = $(AM_LDFLAGS) -static
-vectors_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib/crypto_backend/ @CRYPTO_CFLAGS@
+vectors_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib @CRYPTO_CFLAGS@
vectors_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
unit_utils_io_SOURCES = unit-utils-io.c
unit_utils_io_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib
unit_utils_io_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
-check_PROGRAMS = api-test api-test-2 differ vectors-test unit-utils-io
+unit_utils_crypt_test_SOURCES = unit-utils-crypt.c ../lib/utils_crypt.c ../lib/utils_crypt.h
+unit_utils_crypt_test_LDADD = ../libcryptsetup.la
+unit_utils_crypt_test_LDFLAGS = $(AM_LDFLAGS) -static
+unit_utils_crypt_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib
+unit_utils_crypt_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
+
+unit_wipe_SOURCES = unit-wipe.c
+unit_wipe_LDADD = ../libcryptsetup.la
+unit_wipe_LDFLAGS = $(AM_LDFLAGS) -static
+unit_wipe_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib
+unit_wipe_CPPFLAGS = $(AM_CPPFLAGS)
+
+BUILT_SOURCES = test-symbols-list.h
+
+test-symbols-list.h: $(top_srcdir)/lib/libcryptsetup.sym generate-symbols-list
+ $(srcdir)/generate-symbols-list $(top_srcdir)/lib/libcryptsetup.sym > $(builddir)/test-symbols-list.h
+
+all_symbols_test_SOURCES = all-symbols-test.c
+nodist_all_symbols_test_SOURCES = test-symbols-list.h
+all_symbols_test.$(OBJEXT): test-symbols-list.h
+all_symbols_test_LDFLAGS = $(AM_LDFLAGS) -ldl
+all_symbols_test_CFLAGS = $(AM_CFLAGS)
+all_symbols_test_CPPFLAGS = $(AM_CPPFLAGS) -D_GNU_SOURCE
+
+check_PROGRAMS = api-test api-test-2 differ vectors-test unit-utils-io unit-utils-crypt-test unit-wipe all-symbols-test
+
+check-programs: test-symbols-list.h $(check_PROGRAMS) fake_token_path.so fake_systemd_tpm_path.so
conversion_imgs:
@tar xJf conversion_imgs.tar.xz
@xz -k -d compatimage.img.xz
valgrind-check: api-test api-test-2 differ
+ @VALG=1 ./compat-args-test
@VALG=1 ./compat-test
@VALG=1 ./compat-test2
@VALG=1 ./luks2-validation-test
@VALG=1 ./luks2-reencryption-test
@VALG=1 ./luks2-reencryption-mangle-test
@VALG=1 ./bitlk-compat-test
- @grep -l "ERROR SUMMARY: [^0] errors" valglog* || echo "No leaks detected."
+ @VALG=1 ./tcrypt-compat-test
+ @VALG=1 ./align-test
+ @VALG=1 ./align-test2
+ @VALG=1 ./device-test
+ @VALG=1 ./discards-test
+ @VALG=1 ./keyring-compat-test
+ @VALG=1 ./loopaes-test
+ @VALG=1 ./luks1-compat-test
+ @VALG=1 ./luks2-integrity-test
+ @VALG=1 ./mode-test
+ @VALG=1 ./password-hash-test
+ @VALG=1 ./reencryption-compat-test
+ @VALG=1 ./fvault2-compat-test
+ @[ -z "$RUN_SSH_PLUGIN_TEST" ] || VALG=1 ./ssh-test-plugin
+ @INFOSTRING="unit-utils-crypt-test" ./valg-api.sh ./unit-utils-crypt-test
+ @INFOSTRING="vectors-test" ./valg-api.sh ./vectors-test
+ @grep -l "ERROR SUMMARY: [^0][0-9]* errors" valglog* || echo "No leaks detected."
.PHONY: valgrind-check
+++ /dev/null
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-TESTS = 00modules-test api-test$(EXEEXT) api-test-2$(EXEEXT) \
- compat-test compat-test2 loopaes-test align-test align-test2 \
- discards-test mode-test password-hash-test tcrypt-compat-test \
- luks1-compat-test device-test keyring-test keyring-compat-test \
- luks2-validation-test luks2-integrity-test \
- vectors-test$(EXEEXT) blockwise-compat bitlk-compat-test \
- $(am__append_1) $(am__append_2) $(am__append_3)
-@VERITYSETUP_TRUE@am__append_1 = verity-compat-test
-@REENCRYPT_TRUE@am__append_2 = reencryption-compat-test reencryption-compat-test2 luks2-reencryption-test luks2-reencryption-mangle-test
-@INTEGRITYSETUP_TRUE@am__append_3 = integrity-compat-test
-check_PROGRAMS = api-test$(EXEEXT) api-test-2$(EXEEXT) differ$(EXEEXT) \
- vectors-test$(EXEEXT) unit-utils-io$(EXEEXT)
-subdir = tests
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
- $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am_api_test_OBJECTS = api_test-api-test.$(OBJEXT) \
- api_test-test_utils.$(OBJEXT)
-api_test_OBJECTS = $(am_api_test_OBJECTS)
-am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
-api_test_DEPENDENCIES = $(am__DEPENDENCIES_2) ../libcryptsetup.la
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-api_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(api_test_CFLAGS) \
- $(CFLAGS) $(api_test_LDFLAGS) $(LDFLAGS) -o $@
-am_api_test_2_OBJECTS = api_test_2-api-test-2.$(OBJEXT) \
- api_test_2-test_utils.$(OBJEXT)
-api_test_2_OBJECTS = $(am_api_test_2_OBJECTS)
-api_test_2_DEPENDENCIES = $(am__DEPENDENCIES_2) ../libcryptsetup.la
-api_test_2_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(api_test_2_CFLAGS) \
- $(CFLAGS) $(api_test_2_LDFLAGS) $(LDFLAGS) -o $@
-am_differ_OBJECTS = differ-differ.$(OBJEXT)
-differ_OBJECTS = $(am_differ_OBJECTS)
-differ_LDADD = $(LDADD)
-differ_DEPENDENCIES = $(am__DEPENDENCIES_1)
-differ_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(differ_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_unit_utils_io_OBJECTS = unit_utils_io-unit-utils-io.$(OBJEXT)
-unit_utils_io_OBJECTS = $(am_unit_utils_io_OBJECTS)
-unit_utils_io_DEPENDENCIES = ../libutils_io.la
-unit_utils_io_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unit_utils_io_CFLAGS) \
- $(CFLAGS) $(unit_utils_io_LDFLAGS) $(LDFLAGS) -o $@
-am_vectors_test_OBJECTS = vectors_test-crypto-vectors.$(OBJEXT)
-vectors_test_OBJECTS = $(am_vectors_test_OBJECTS)
-vectors_test_DEPENDENCIES = ../libcrypto_backend.la
-vectors_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(vectors_test_CFLAGS) \
- $(CFLAGS) $(vectors_test_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/api_test-api-test.Po \
- ./$(DEPDIR)/api_test-test_utils.Po \
- ./$(DEPDIR)/api_test_2-api-test-2.Po \
- ./$(DEPDIR)/api_test_2-test_utils.Po \
- ./$(DEPDIR)/differ-differ.Po \
- ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po \
- ./$(DEPDIR)/vectors_test-crypto-vectors.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(api_test_SOURCES) $(api_test_2_SOURCES) $(differ_SOURCES) \
- $(unit_utils_io_SOURCES) $(vectors_test_SOURCES)
-DIST_SOURCES = $(api_test_SOURCES) $(api_test_2_SOURCES) \
- $(differ_SOURCES) $(unit_utils_io_SOURCES) \
- $(vectors_test_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red='\e[0;31m'; \
- grn='\e[0;32m'; \
- lgn='\e[1;32m'; \
- blu='\e[1;34m'; \
- mgn='\e[0;35m'; \
- brg='\e[1m'; \
- std='\e[m'; \
- fi; \
-}
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BLKID_CFLAGS = @BLKID_CFLAGS@
-BLKID_LIBS = @BLKID_LIBS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
-CRYPTO_LIBS = @CRYPTO_LIBS@
-CRYPTO_STATIC_LIBS = @CRYPTO_STATIC_LIBS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFAULT_LUKS2_LOCK_DIR_PERMS = @DEFAULT_LUKS2_LOCK_DIR_PERMS@
-DEFAULT_LUKS2_LOCK_PATH = @DEFAULT_LUKS2_LOCK_PATH@
-DEFAULT_TMPFILESDIR = @DEFAULT_TMPFILESDIR@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DEVMAPPER_CFLAGS = @DEVMAPPER_CFLAGS@
-DEVMAPPER_LIBS = @DEVMAPPER_LIBS@
-DEVMAPPER_STATIC_CFLAGS = @DEVMAPPER_STATIC_CFLAGS@
-DEVMAPPER_STATIC_LIBS = @DEVMAPPER_STATIC_LIBS@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-JSON_C_CFLAGS = @JSON_C_CFLAGS@
-JSON_C_LIBS = @JSON_C_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LIBARGON2_CFLAGS = @LIBARGON2_CFLAGS@
-LIBARGON2_LIBS = @LIBARGON2_LIBS@
-LIBCRYPTSETUP_VERSION = @LIBCRYPTSETUP_VERSION@
-LIBCRYPTSETUP_VERSION_INFO = @LIBCRYPTSETUP_VERSION_INFO@
-LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
-LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
-LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSS_CFLAGS = @NSS_CFLAGS@
-NSS_LIBS = @NSS_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
-OPENSSL_LIBS = @OPENSSL_LIBS@
-OPENSSL_STATIC_CFLAGS = @OPENSSL_STATIC_CFLAGS@
-OPENSSL_STATIC_LIBS = @OPENSSL_STATIC_LIBS@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PASSWDQC_LIBS = @PASSWDQC_LIBS@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POPT_LIBS = @POPT_LIBS@
-POSUB = @POSUB@
-PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@
-PWQUALITY_LIBS = @PWQUALITY_LIBS@
-PWQUALITY_STATIC_LIBS = @PWQUALITY_STATIC_LIBS@
-RANLIB = @RANLIB@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-USE_NLS = @USE_NLS@
-UUID_LIBS = @UUID_LIBS@
-VERSION = @VERSION@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-systemd_tmpfilesdir = @systemd_tmpfilesdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = compatimage.img.xz compatv10image.img.xz \
- compatimage2.img.xz \
- conversion_imgs.tar.xz \
- luks2_keyslot_unassigned.img.xz \
- img_fs_ext4.img.xz img_fs_vfat.img.xz img_fs_xfs.img.xz \
- valid_header_file.xz \
- luks2_valid_hdr.img.xz \
- luks2_header_requirements.xz \
- luks2_header_requirements_free.xz \
- luks2_mda_images.tar.xz \
- evil_hdr-payload_overwrite.xz \
- evil_hdr-stripes_payload_dmg.xz \
- evil_hdr-luks_hdr_damage.xz \
- evil_hdr-small_luks_device.xz \
- evil_hdr-keyslot_overlap.xz \
- tcrypt-images.tar.xz \
- luks1-images.tar.xz \
- 00modules-test \
- compat-test \
- compat-test2 \
- loopaes-test align-test discards-test mode-test password-hash-test \
- align-test2 verity-compat-test \
- reencryption-compat-test \
- reencryption-compat-test2 \
- luks2-reencryption-test \
- luks2-reencryption-mangle-test \
- tcrypt-compat-test \
- luks1-compat-test \
- luks2-validation-test generators \
- luks2-integrity-test \
- device-test \
- keyring-test \
- keyring-compat-test \
- integrity-compat-test \
- cryptsetup-valg-supps valg.sh valg-api.sh \
- blockwise-compat \
- blkid-luks2-pv.img.xz \
- Makefile.localtest \
- bitlk-compat-test \
- bitlk-images.tar.xz
-
-CLEANFILES = cryptsetup-tst* valglog* *-fail-*.log
-LDADD = $(LTLIBINTL)
-differ_SOURCES = differ.c
-differ_CFLAGS = $(AM_CFLAGS) -Wall -O2
-api_test_SOURCES = api-test.c api_test.h test_utils.c
-api_test_LDADD = $(LDADD) ../libcryptsetup.la
-api_test_LDFLAGS = $(AM_LDFLAGS) -static
-api_test_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
-api_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
-api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c
-api_test_2_LDADD = $(LDADD) ../libcryptsetup.la
-api_test_2_LDFLAGS = $(AM_LDFLAGS) -static
-api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
-api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
-vectors_test_SOURCES = crypto-vectors.c
-vectors_test_LDADD = ../libcrypto_backend.la @CRYPTO_LIBS@ @LIBARGON2_LIBS@
-vectors_test_LDFLAGS = $(AM_LDFLAGS) -static
-vectors_test_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib/crypto_backend/ @CRYPTO_CFLAGS@
-vectors_test_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
-unit_utils_io_SOURCES = unit-utils-io.c
-unit_utils_io_LDADD = ../libutils_io.la
-unit_utils_io_LDFLAGS = $(AM_LDFLAGS) -static
-unit_utils_io_CFLAGS = $(AM_CFLAGS) -I$(top_srcdir)/lib
-unit_utils_io_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu tests/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-api-test$(EXEEXT): $(api_test_OBJECTS) $(api_test_DEPENDENCIES) $(EXTRA_api_test_DEPENDENCIES)
- @rm -f api-test$(EXEEXT)
- $(AM_V_CCLD)$(api_test_LINK) $(api_test_OBJECTS) $(api_test_LDADD) $(LIBS)
-
-api-test-2$(EXEEXT): $(api_test_2_OBJECTS) $(api_test_2_DEPENDENCIES) $(EXTRA_api_test_2_DEPENDENCIES)
- @rm -f api-test-2$(EXEEXT)
- $(AM_V_CCLD)$(api_test_2_LINK) $(api_test_2_OBJECTS) $(api_test_2_LDADD) $(LIBS)
-
-differ$(EXEEXT): $(differ_OBJECTS) $(differ_DEPENDENCIES) $(EXTRA_differ_DEPENDENCIES)
- @rm -f differ$(EXEEXT)
- $(AM_V_CCLD)$(differ_LINK) $(differ_OBJECTS) $(differ_LDADD) $(LIBS)
-
-unit-utils-io$(EXEEXT): $(unit_utils_io_OBJECTS) $(unit_utils_io_DEPENDENCIES) $(EXTRA_unit_utils_io_DEPENDENCIES)
- @rm -f unit-utils-io$(EXEEXT)
- $(AM_V_CCLD)$(unit_utils_io_LINK) $(unit_utils_io_OBJECTS) $(unit_utils_io_LDADD) $(LIBS)
-
-vectors-test$(EXEEXT): $(vectors_test_OBJECTS) $(vectors_test_DEPENDENCIES) $(EXTRA_vectors_test_DEPENDENCIES)
- @rm -f vectors-test$(EXEEXT)
- $(AM_V_CCLD)$(vectors_test_LINK) $(vectors_test_OBJECTS) $(vectors_test_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-api-test.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test-test_utils.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test_2-api-test-2.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_test_2-test_utils.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/differ-differ.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unit_utils_io-unit-utils-io.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vectors_test-crypto-vectors.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-api_test-api-test.o: api-test.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-api-test.o -MD -MP -MF $(DEPDIR)/api_test-api-test.Tpo -c -o api_test-api-test.o `test -f 'api-test.c' || echo '$(srcdir)/'`api-test.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-api-test.Tpo $(DEPDIR)/api_test-api-test.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test.c' object='api_test-api-test.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-api-test.o `test -f 'api-test.c' || echo '$(srcdir)/'`api-test.c
-
-api_test-api-test.obj: api-test.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-api-test.obj -MD -MP -MF $(DEPDIR)/api_test-api-test.Tpo -c -o api_test-api-test.obj `if test -f 'api-test.c'; then $(CYGPATH_W) 'api-test.c'; else $(CYGPATH_W) '$(srcdir)/api-test.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-api-test.Tpo $(DEPDIR)/api_test-api-test.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test.c' object='api_test-api-test.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-api-test.obj `if test -f 'api-test.c'; then $(CYGPATH_W) 'api-test.c'; else $(CYGPATH_W) '$(srcdir)/api-test.c'; fi`
-
-api_test-test_utils.o: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-test_utils.o -MD -MP -MF $(DEPDIR)/api_test-test_utils.Tpo -c -o api_test-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-test_utils.Tpo $(DEPDIR)/api_test-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test-test_utils.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
-
-api_test-test_utils.obj: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -MT api_test-test_utils.obj -MD -MP -MF $(DEPDIR)/api_test-test_utils.Tpo -c -o api_test-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test-test_utils.Tpo $(DEPDIR)/api_test-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test-test_utils.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_CPPFLAGS) $(CPPFLAGS) $(api_test_CFLAGS) $(CFLAGS) -c -o api_test-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
-
-api_test_2-api-test-2.o: api-test-2.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-api-test-2.o -MD -MP -MF $(DEPDIR)/api_test_2-api-test-2.Tpo -c -o api_test_2-api-test-2.o `test -f 'api-test-2.c' || echo '$(srcdir)/'`api-test-2.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-api-test-2.Tpo $(DEPDIR)/api_test_2-api-test-2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test-2.c' object='api_test_2-api-test-2.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-api-test-2.o `test -f 'api-test-2.c' || echo '$(srcdir)/'`api-test-2.c
-
-api_test_2-api-test-2.obj: api-test-2.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-api-test-2.obj -MD -MP -MF $(DEPDIR)/api_test_2-api-test-2.Tpo -c -o api_test_2-api-test-2.obj `if test -f 'api-test-2.c'; then $(CYGPATH_W) 'api-test-2.c'; else $(CYGPATH_W) '$(srcdir)/api-test-2.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-api-test-2.Tpo $(DEPDIR)/api_test_2-api-test-2.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='api-test-2.c' object='api_test_2-api-test-2.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-api-test-2.obj `if test -f 'api-test-2.c'; then $(CYGPATH_W) 'api-test-2.c'; else $(CYGPATH_W) '$(srcdir)/api-test-2.c'; fi`
-
-api_test_2-test_utils.o: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-test_utils.o -MD -MP -MF $(DEPDIR)/api_test_2-test_utils.Tpo -c -o api_test_2-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-test_utils.Tpo $(DEPDIR)/api_test_2-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test_2-test_utils.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c
-
-api_test_2-test_utils.obj: test_utils.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -MT api_test_2-test_utils.obj -MD -MP -MF $(DEPDIR)/api_test_2-test_utils.Tpo -c -o api_test_2-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/api_test_2-test_utils.Tpo $(DEPDIR)/api_test_2-test_utils.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='api_test_2-test_utils.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(api_test_2_CPPFLAGS) $(CPPFLAGS) $(api_test_2_CFLAGS) $(CFLAGS) -c -o api_test_2-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi`
-
-differ-differ.o: differ.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -MT differ-differ.o -MD -MP -MF $(DEPDIR)/differ-differ.Tpo -c -o differ-differ.o `test -f 'differ.c' || echo '$(srcdir)/'`differ.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/differ-differ.Tpo $(DEPDIR)/differ-differ.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='differ.c' object='differ-differ.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -c -o differ-differ.o `test -f 'differ.c' || echo '$(srcdir)/'`differ.c
-
-differ-differ.obj: differ.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -MT differ-differ.obj -MD -MP -MF $(DEPDIR)/differ-differ.Tpo -c -o differ-differ.obj `if test -f 'differ.c'; then $(CYGPATH_W) 'differ.c'; else $(CYGPATH_W) '$(srcdir)/differ.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/differ-differ.Tpo $(DEPDIR)/differ-differ.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='differ.c' object='differ-differ.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(differ_CFLAGS) $(CFLAGS) -c -o differ-differ.obj `if test -f 'differ.c'; then $(CYGPATH_W) 'differ.c'; else $(CYGPATH_W) '$(srcdir)/differ.c'; fi`
-
-unit_utils_io-unit-utils-io.o: unit-utils-io.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -MT unit_utils_io-unit-utils-io.o -MD -MP -MF $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo -c -o unit_utils_io-unit-utils-io.o `test -f 'unit-utils-io.c' || echo '$(srcdir)/'`unit-utils-io.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo $(DEPDIR)/unit_utils_io-unit-utils-io.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unit-utils-io.c' object='unit_utils_io-unit-utils-io.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -c -o unit_utils_io-unit-utils-io.o `test -f 'unit-utils-io.c' || echo '$(srcdir)/'`unit-utils-io.c
-
-unit_utils_io-unit-utils-io.obj: unit-utils-io.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -MT unit_utils_io-unit-utils-io.obj -MD -MP -MF $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo -c -o unit_utils_io-unit-utils-io.obj `if test -f 'unit-utils-io.c'; then $(CYGPATH_W) 'unit-utils-io.c'; else $(CYGPATH_W) '$(srcdir)/unit-utils-io.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unit_utils_io-unit-utils-io.Tpo $(DEPDIR)/unit_utils_io-unit-utils-io.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unit-utils-io.c' object='unit_utils_io-unit-utils-io.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(unit_utils_io_CPPFLAGS) $(CPPFLAGS) $(unit_utils_io_CFLAGS) $(CFLAGS) -c -o unit_utils_io-unit-utils-io.obj `if test -f 'unit-utils-io.c'; then $(CYGPATH_W) 'unit-utils-io.c'; else $(CYGPATH_W) '$(srcdir)/unit-utils-io.c'; fi`
-
-vectors_test-crypto-vectors.o: crypto-vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -MT vectors_test-crypto-vectors.o -MD -MP -MF $(DEPDIR)/vectors_test-crypto-vectors.Tpo -c -o vectors_test-crypto-vectors.o `test -f 'crypto-vectors.c' || echo '$(srcdir)/'`crypto-vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/vectors_test-crypto-vectors.Tpo $(DEPDIR)/vectors_test-crypto-vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto-vectors.c' object='vectors_test-crypto-vectors.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -c -o vectors_test-crypto-vectors.o `test -f 'crypto-vectors.c' || echo '$(srcdir)/'`crypto-vectors.c
-
-vectors_test-crypto-vectors.obj: crypto-vectors.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -MT vectors_test-crypto-vectors.obj -MD -MP -MF $(DEPDIR)/vectors_test-crypto-vectors.Tpo -c -o vectors_test-crypto-vectors.obj `if test -f 'crypto-vectors.c'; then $(CYGPATH_W) 'crypto-vectors.c'; else $(CYGPATH_W) '$(srcdir)/crypto-vectors.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/vectors_test-crypto-vectors.Tpo $(DEPDIR)/vectors_test-crypto-vectors.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto-vectors.c' object='vectors_test-crypto-vectors.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(vectors_test_CPPFLAGS) $(CPPFLAGS) $(vectors_test_CFLAGS) $(CFLAGS) -c -o vectors_test-crypto-vectors.obj `if test -f 'crypto-vectors.c'; then $(CYGPATH_W) 'crypto-vectors.c'; else $(CYGPATH_W) '$(srcdir)/crypto-vectors.c'; fi`
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-TESTS: $(TESTS)
- @failed=0; all=0; xfail=0; xpass=0; skip=0; \
- srcdir=$(srcdir); export srcdir; \
- list=' $(TESTS) '; \
- $(am__tty_colors); \
- if test -n "$$list"; then \
- for tst in $$list; do \
- if test -f ./$$tst; then dir=./; \
- elif test -f $$tst; then dir=; \
- else dir="$(srcdir)/"; fi; \
- if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xpass=`expr $$xpass + 1`; \
- failed=`expr $$failed + 1`; \
- col=$$red; res=XPASS; \
- ;; \
- *) \
- col=$$grn; res=PASS; \
- ;; \
- esac; \
- elif test $$? -ne 77; then \
- all=`expr $$all + 1`; \
- case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$tst[\ \ ]*) \
- xfail=`expr $$xfail + 1`; \
- col=$$lgn; res=XFAIL; \
- ;; \
- *) \
- failed=`expr $$failed + 1`; \
- col=$$red; res=FAIL; \
- ;; \
- esac; \
- else \
- skip=`expr $$skip + 1`; \
- col=$$blu; res=SKIP; \
- fi; \
- echo "$${col}$$res$${std}: $$tst"; \
- done; \
- if test "$$all" -eq 1; then \
- tests="test"; \
- All=""; \
- else \
- tests="tests"; \
- All="All "; \
- fi; \
- if test "$$failed" -eq 0; then \
- if test "$$xfail" -eq 0; then \
- banner="$$All$$all $$tests passed"; \
- else \
- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \
- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \
- fi; \
- else \
- if test "$$xpass" -eq 0; then \
- banner="$$failed of $$all $$tests failed"; \
- else \
- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \
- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \
- fi; \
- fi; \
- dashes="$$banner"; \
- skipped=""; \
- if test "$$skip" -ne 0; then \
- if test "$$skip" -eq 1; then \
- skipped="($$skip test was not run)"; \
- else \
- skipped="($$skip tests were not run)"; \
- fi; \
- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$skipped"; \
- fi; \
- report=""; \
- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \
- report="Please report to $(PACKAGE_BUGREPORT)"; \
- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \
- dashes="$$report"; \
- fi; \
- dashes=`echo "$$dashes" | sed s/./=/g`; \
- if test "$$failed" -eq 0; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- fi; \
- echo "$${col}$$dashes$${std}"; \
- echo "$${col}$$banner$${std}"; \
- test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \
- test -z "$$report" || echo "$${col}$$report$${std}"; \
- echo "$${col}$$dashes$${std}"; \
- test "$$failed" -eq 0; \
- else :; fi
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libtool clean-local \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/api_test-api-test.Po
- -rm -f ./$(DEPDIR)/api_test-test_utils.Po
- -rm -f ./$(DEPDIR)/api_test_2-api-test-2.Po
- -rm -f ./$(DEPDIR)/api_test_2-test_utils.Po
- -rm -f ./$(DEPDIR)/differ-differ.Po
- -rm -f ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po
- -rm -f ./$(DEPDIR)/vectors_test-crypto-vectors.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/api_test-api-test.Po
- -rm -f ./$(DEPDIR)/api_test-test_utils.Po
- -rm -f ./$(DEPDIR)/api_test_2-api-test-2.Po
- -rm -f ./$(DEPDIR)/api_test_2-test_utils.Po
- -rm -f ./$(DEPDIR)/differ-differ.Po
- -rm -f ./$(DEPDIR)/unit_utils_io-unit-utils-io.Po
- -rm -f ./$(DEPDIR)/vectors_test-crypto-vectors.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
- check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
- clean-local cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-clean-local:
- -rm -rf tcrypt-images luks1-images luks2-images bitlk-images conversion_imgs luks2_valid_hdr.img blkid-luks2-pv-img blkid-luks2-pv-img.bcp
-
-conversion_imgs:
- @tar xJf conversion_imgs.tar.xz
-
-compatimage.img:
- @xz -k -d compatimage.img.xz
-
-valgrind-check: api-test api-test-2 differ
- @VALG=1 ./compat-test
- @VALG=1 ./compat-test2
- @VALG=1 ./luks2-validation-test
- @VALG=1 ./verity-compat-test
- @VALG=1 ./integrity-compat-test
- @INFOSTRING="api-test-000" ./valg-api.sh ./api-test
- @INFOSTRING="api-test-002" ./valg-api.sh ./api-test-2
- @VALG=1 ./luks2-reencryption-test
- @VALG=1 ./luks2-reencryption-mangle-test
- @VALG=1 ./bitlk-compat-test
- @grep -l "ERROR SUMMARY: [^0] errors" valglog* || echo "No leaks detected."
-
-.PHONY: valgrind-check
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
#
# Makefile to run tests with system binaries
# USE: make -f Makefile.localtest tests CRYPTSETUP_PATH=/sbin
+# (append TESTSUITE_NOSKIP=y to avoid treating skipped tests as success)
#
-CPPFLAGS=-I../lib/ -I../lib/luks1 -DHAVE_DECL_DM_TASK_RETRY_REMOVE -DKERNEL_KEYRING -DHAVE_SYS_SYSMACROS_H -DNO_CRYPTSETUP_PATH
-CFLAGS=-O2 -g -Wall
+CPPFLAGS=-I../lib/ -I../lib/luks1 -DHAVE_DECL_DM_TASK_RETRY_REMOVE -DKERNEL_KEYRING \
+ -DHAVE_SYS_SYSMACROS_H -DNO_CRYPTSETUP_PATH
+CFLAGS=-O2 -g -Wall -D_GNU_SOURCE
LDLIBS=-lcryptsetup -ldevmapper
-TESTS=$(wildcard *-test *-test2) api-test api-test-2
+TESTS=$(wildcard *-test *-test2) api-test api-test-2 all-symbols-test unit-utils-crypt-test
+TESTS_UTILS=differ unit-utils-io unit-wipe
+
+ifneq ($(RUN_SSH_PLUGIN_TEST),)
+TESTS += ssh-test-plugin
+endif
+
+ifneq ($(RUN_SYSTEMD_PLUGIN_TEST),)
+TESTS += systemd-test-plugin
+TESTS_UTILS += fake_systemd_tpm_path.so
+endif
+
+check-programs: $(TESTS_UTILS) $(TESTS)
differ: differ.o
$(CC) -o $@ $^
api-test-2: api-test-2.o test_utils.o
$(CC) -o $@ $^ $(LDLIBS)
-tests: differ $(TESTS)
+unit-wipe: unit-wipe.o
+ $(CC) -o $@ $^ $(LDLIBS)
+
+unit-utils-io: unit-utils-io.o ../lib/utils_io.o
+ $(CC) -o $@ $^
+
+unit-utils-crypt-test: unit-utils-crypt.o ../lib/utils_crypt.o
+ $(CC) -o $@ $^ $(LDLIBS)
+
+test-symbols-list.h: generate-symbols-list
+ ./generate-symbols-list ../lib/libcryptsetup.sym > test-symbols-list.h
+
+all-symbols-test.o: test-symbols-list.h
+ $(CC) -c $*.c
+
+all-symbols-test: all-symbols-test.o
+ $(CC) -o $@ $^ -ldl
+
+fake_systemd_tpm_path.so: fake_systemd_tpm_path.c
+ $(CC) -fPIC -shared -D_GNU_SOURCE -o fake_systemd_tpm_path.so fake_systemd_tpm_path.c
+
+tests: $(TESTS_UTILS) $(TESTS)
@for test in $(sort $(TESTS)); do \
echo [$$test]; \
./$$test; \
- [ $$? -ne 77 -a $$? -ne 0 ] && exit 1; \
+ [ $(if $(TESTSUITE_NOSKIP),,$$? -ne 77 -a) $$? -ne 0 ] && exit 1; \
true; \
done;
clean:
- rm -f *.o differ api-test api-test-2
+ rm -f *.o $(TESTS_UTILS) api-test api-test-2 unit-utils-crypt-test \
+ all-symbols-test test-symbols-list.h
.PHONY: clean
PWD2="mymJeD8ivEhE"
FAST_PBKDF="--pbkdf-force-iterations 1000"
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+function fips_mode()
+{
+ [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
+}
+
cleanup() {
udevadm settle >/dev/null 2>&1
if [ -d "$MNT_DIR" ] ; then
- umount -f $MNT_DIR 2>/dev/null
- rmdir $MNT_DIR 2>/dev/null
+ umount -f $MNT_DIR 2>/dev/null
+ rmdir $MNT_DIR 2>/dev/null
fi
[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove --retry $DEV_STACKED >/dev/null 2>&1
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
# FIXME scsi_debug sometimes in-use here
sleep 1
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
sleep 1
}
{
echo "TEST SKIPPED: $1"
cleanup
- exit 0
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
function dm_crypt_features()
}
add_device() {
- modprobe scsi_debug $@ delay=0
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 77
[ $ALIGN -ne $2 ] && fail "Expected alignment differs: expected $2 != detected $ALIGN"
# test some operation, just in case
- echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1
+ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --new-key-slot 1
[ $? -ne 0 ] && fail "Keyslot add failed."
$CRYPTSETUP -q luksKillSlot $DEV 1
[ $POFF != $2 ] && fail "Expected data offset differs: expected $2 != detected $POFF"
if [ -n "$4" ] ; then
for j in 1 2 3 4 5 6 7 ; do
- echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q $FAST_PBKDF --key-slot $j -c null $PARAMS
+ echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q $FAST_PBKDF --new-key-slot $j -c null $PARAMS
echo -n $j
[ $? -ne 0 ] && fail
done
fi
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 77
fi
dm_crypt_features
-modprobe --dry-run scsi_debug || exit 77
+modprobe --dry-run scsi_debug >/dev/null 2>&1 || skip "This kernel seems to not support proper scsi_debug module, test skipped."
cleanup
+if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+fi
echo "# Create desktop-class 4K drive"
echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)"
format_plain_fail 4096
cleanup
+# skip tests using empty passphrase (LUKS1 cipher_null)
+if [ ! fips_mode ]; then
echo "# Offset check: 512B sector drive"
add_device dev_size_mb=16 sector_size=512 num_tgts=1
# |k| expO reqO expected slot offsets
-format_null 64 2048 0 8:72:136:200:264:328:392:456
-format_null 64 520 1
-format_null 64 520 8
-format_null 64 640 128
-format_null 64 2048 2048
format_null 128 2048 0 8:136:264:392:520:648:776:904
format_null 128 1032 1
format_null 128 1032 8
echo "# Offset check: 4096B sector drive"
add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
-format_null 64 2048 0 8:72:136:200:264:328:392:456
-format_null 64 520 1
-format_null 64 520 8
-format_null 64 640 128
-format_null 64 2048 2048
format_null 128 2048 0 8:136:264:392:520:648:776:904
format_null 128 1032 1
format_null 128 1032 8
format_null 512 4096 128
format_null 512 4096 2048
cleanup
+fi
echo "# Create enterprise-class 4K drive with fs and LUKS images."
# loop device here presents 512 block but images have 4k block
# cryptsetup should properly use 4k block on direct-io
add_device dev_size_mb=32 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
for file in $(ls img_fs_*.img.xz) ; do
- echo "Format using fs image $file."
- xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
- [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
- mount $DEV $MNT_DIR || skip "Mounting image is not available."
- echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img || fail
- echo $PWD2 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail
- umount $MNT_DIR
+ echo "Format using fs image $file."
+ xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
+ [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
+ mount $DEV $MNT_DIR || skip "Mounting image is not available."
+ echo $PWD1 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img || fail
+ echo $PWD2 | $CRYPTSETUP luksFormat --type luks1 --key-size 256 $FAST_PBKDF $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail
+ umount $MNT_DIR
done
cleanup
DEV=""
DEV_STACKED="luks0xbabe"
DEV_NAME="dummyalign"
+HDR="test_luks2_hdr"
MNT_DIR="./mnt_luks"
PWD1="93R4P4pIqAH8"
PWD2="mymJeD8ivEhE"
FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
cleanup() {
udevadm settle >/dev/null 2>&1
if [ -d "$MNT_DIR" ] ; then
- umount -f $MNT_DIR 2>/dev/null
- rmdir $MNT_DIR 2>/dev/null
+ umount -f $MNT_DIR 2>/dev/null
+ rmdir $MNT_DIR 2>/dev/null
fi
[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove --retry $DEV_STACKED >/dev/null 2>&1
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
# FIXME scsi_debug sometimes in-use here
sleep 1
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
sleep 1
+ rm -f $HDR 2>/dev/null
}
fail()
{
echo "TEST SKIPPED: $1"
cleanup
- exit 0
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
function dm_crypt_features()
[ $VER_MIN -lt 14 ] && return
DM_PERF_CPU=1
- if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then
+ if [ $VER_MIN -ge 17 ]; then
DM_SECTOR_SIZE=1
fi
}
add_device() {
- modprobe scsi_debug $@ delay=0
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 77
$CRYPTSETUP close $DEV_NAME || fail
fi
- ALIGN=$($CRYPTSETUP luksDump $DEV | tee /tmp/last_dump | grep -A1 "0: crypt" | grep "offset:" | cut -d ' ' -f2)
+ ALIGN=$($CRYPTSETUP luksDump $DEV | grep -A1 "0: crypt" | grep "offset:" | cut -d ' ' -f2)
# echo "ALIGN = $ALIGN"
[ -z "$ALIGN" ] && fail
[ $ALIGN -ne $_exp ] && fail "Expected alignment differs: expected $_exp != detected $ALIGN"
# test some operation, just in case
- echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --key-slot 1
+ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV $FAST_PBKDF --new-key-slot 1
[ $? -ne 0 ] && fail "Keyslot add failed."
$CRYPTSETUP -q luksKillSlot $DEV 1
echo "PASSED"
}
+auto_sector() # expected device header
+{
+ local _exp=$1
+ local _dev=$2
+ local _hdr=$2
+ local _hdrstr=""
+ local _hdrmsg=""
+
+ if [ -n "$3" ]; then
+ _hdrstr="--header $3"
+ _hdr=$3
+ _hdrmsg=" detached header"
+ fi
+
+ echo -n "Formatting$_hdrmsg using optimal encryption sector size (expecting $_exp)..."
+
+ if [ -z "$DM_SECTOR_SIZE" -a $_exp -ne 512 ]; then
+ echo "SKIPPED"
+ return
+ fi
+
+ echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $_hdrstr $_dev -q >/dev/null 2>&1 || fail
+
+ # check the device can be activated
+ echo $PWD1 | $CRYPTSETUP luksOpen $_hdrstr $_dev $DEV_NAME || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+
+ SECTOR=$($CRYPTSETUP luksDump $_hdr | grep -A4 "0: crypt" | grep "sector:" | cut -d ' ' -f2)
+
+ [ -z "$SECTOR" ] && fail
+ [ $SECTOR -ne $_exp ] && fail "Expected sector size differs: expected $_exp != detected $SECTOR"
+
+ echo "PASSED"
+}
+
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 77
fi
dm_crypt_features
-modprobe --dry-run scsi_debug || exit 77
+modprobe --dry-run scsi_debug >/dev/null 2>&1 || skip "This kernel seems to not support proper scsi_debug module, test skipped."
cleanup
+if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+fi
add_device dev_size_mb=32
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $DEV -q >/dev/null || fail
# cryptsetup should properly use 4k block on direct-io
add_device dev_size_mb=32 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
for file in $(ls img_fs_*.img.xz) ; do
- echo "Format using fs image $file."
- xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
- [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
- mount $DEV $MNT_DIR || skip "Mounting image is not available."
- echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --offset 8192 || fail
- echo $PWD2 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail
- umount $MNT_DIR
+ echo "Format using fs image $file."
+ xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
+ [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
+ mount $DEV $MNT_DIR || skip "Mounting image is not available."
+ echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --offset 8192 || fail
+ echo $PWD2 | $CRYPTSETUP luksFormat $FAST_PBKDF --type luks2 $MNT_DIR/luks.img --header $MNT_DIR/luks_header.img || fail
+ umount $MNT_DIR
done
cleanup
+
+echo "# Create classic 512B drive"
+echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0)"
+add_device dev_size_mb=32 sector_size=512 num_tgts=1
+auto_sector 512 $DEV
+auto_sector 512 $DEV $HDR
+cleanup
+echo "# Create desktop-class 4K drive"
+echo "# (logical_block_size=512, physical_block_size=4096, alignment_offset=0)"
+add_device dev_size_mb=32 sector_size=512 physblk_exp=3 num_tgts=1
+auto_sector 4096 $DEV
+auto_sector 4096 $DEV $HDR
+DEV2=$DEV
+DEV=/dev/mapper/$DEV_STACKED
+dmsetup create $DEV_STACKED --table "0 $((`blockdev --getsz $DEV2`-1)) linear $DEV2 0"
+auto_sector 512 $DEV
+auto_sector 512 $DEV $HDR
+cleanup
+echo "# Create enterprise-class 4K drive"
+echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
+add_device dev_size_mb=32 sector_size=4096 num_tgts=1 opt_blks=64
+auto_sector 4096 $DEV
+auto_sector 4096 $DEV $HDR
+cleanup
--- /dev/null
+/*
+ * Test utility checking symbol versions in libcryptsetup.
+ *
+ * Copyright (C) 2021-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <dlfcn.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define UNUSED(expr) do { (void)(expr); } while (0)
+
+static int _debug;
+static const char *libfile = "libcryptsetup.so.12";
+
+#define LOG_MAX_LEN 256
+
+#define LOG_DEBUG 1
+#define LOG_NORMAL 2
+#define LOG_ERROR 3
+
+__attribute__((format(printf, 2, 3)))
+static void test_logf(int level, const char *format, ...)
+{
+ va_list argp;
+ char target[LOG_MAX_LEN + 2];
+ int len;
+
+ va_start(argp, format);
+
+ len = vsnprintf(&target[0], LOG_MAX_LEN, format, argp);
+ if (len > 0 && len < LOG_MAX_LEN) {
+ switch (level) {
+ case LOG_DEBUG:
+ if (!_debug)
+ break;
+ /* fall through */
+ case LOG_NORMAL:
+ fprintf(stdout, "%s", target);
+ break;
+ case LOG_ERROR:
+ fflush(stdout);
+ strcat(target, "\n");
+ fprintf(stderr, "%s", target);
+ }
+ }
+
+ va_end(argp);
+}
+
+#define log_dbg(x...) test_logf(LOG_DEBUG, x)
+#define log_std(x...) test_logf(LOG_NORMAL, x)
+#define log_err(x...) test_logf(LOG_ERROR, x)
+
+static int check_dlvsym(void *h, const char *symbol, const char *version)
+{
+#ifdef HAVE_DLVSYM
+ void *sym;
+ char *err;
+
+ log_dbg("Checking %s@%s...", symbol, version);
+ sym = dlvsym(h, symbol, version);
+ UNUSED(sym);
+ err = dlerror();
+
+ if (err) {
+ log_err("%s.", err);
+ return 1;
+ }
+
+ log_dbg("OK\n");
+#endif
+ return 0;
+}
+
+static int check_dlsym(void *h, const char *symbol)
+{
+ void *sym;
+ char *err;
+
+ log_dbg("Checking %s...", symbol);
+ sym = dlsym(h, symbol);
+ UNUSED(sym);
+ err = dlerror();
+
+ if (err) {
+ log_err("%s", err);
+ return 1;
+ }
+
+ log_dbg("OK\n");
+ return 0;
+}
+
+static int check_all_symbols(void *h)
+{
+ unsigned scount = 0;
+
+#define CHECK_SYMBOL(SYM, VER) \
+do { \
+ if (check_dlvsym(h, #SYM, #VER)) \
+ return 1; \
+ if (check_dlsym(h, #SYM)) \
+ return 1; \
+ scount++; \
+} while (0);
+
+#include "test-symbols-list.h"
+#undef CHECK_SYMBOL
+
+ if (!scount) {
+ log_err("test-symbols-list.h file is probably empty.");
+ return 1;
+ }
+
+ log_std("Performed %u symbol checks in total.\n", scount);
+
+ return 0;
+}
+
+static void usage(const char *app)
+{
+ log_std("usage:\n\t%s [-v|--verbose|--debug] [optional path to library so file]\n", app);
+
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+ int i, r;
+ void *h;
+
+ for (i = 1; i < argc; i++) {
+ if (*argv[i] != '-')
+ libfile = argv[i];
+ else if (!strcmp("-v", argv[i]) || !strcmp("--verbose", argv[i]) ||
+ !strcmp("--debug", argv[i]))
+ _debug = 1;
+ else if (!strcmp("-h", argv[i]) || !strcmp("--help", argv[i]))
+ usage(argv[0]);
+ }
+
+ log_std("Checking dlopen(%s)...", libfile);
+
+ h = dlopen(libfile, RTLD_NOW);
+ if (!h) {
+ log_err("dlopen(): %s.", dlerror());
+ return EXIT_FAILURE;
+ }
+ dlerror();
+ log_std("OK\n");
+
+ r = check_all_symbols(h);
+
+ if (dlclose(h)) {
+ log_err("Failed to dlclose %s: %s.", libfile, dlerror());
+ return EXIT_FAILURE;
+ }
+
+ return r ? EXIT_FAILURE : EXIT_SUCCESS;
+}
/*
* cryptsetup library LUKS2 API check functions
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#endif
#include "api_test.h"
-#include "luks.h"
+#include "luks1/luks.h"
#include "libcryptsetup.h"
-#define DMDIR "/dev/mapper/"
-
#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
#define DEVICE_EMPTY_name "crypt_zero"
#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
#define KEYFILE2 "key2.file"
#define KEY2 "0123456789abcdef"
-#define PASSPHRASE "blabla"
-#define PASSPHRASE1 "albalb"
+#define PASSPHRASE "blablabl"
+#define PASSPHRASE1 "albalbal"
#define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
#define CONV_L2_512_DET_FULL "l2_512b_det_full"
#define CONV_L1_256_LEGACY "l1_256b_legacy_offset"
#define CONV_L1_256_UNMOVABLE "l1_256b_unmovable"
-#define PASS0 "aaa"
-#define PASS1 "hhh"
-#define PASS2 "ccc"
-#define PASS3 "ddd"
-#define PASS4 "eee"
-#define PASS5 "fff"
-#define PASS6 "ggg"
-#define PASS7 "bbb"
-#define PASS8 "iii"
-
-/* Allow to run without config.h */
-#ifndef DEFAULT_LUKS1_HASH
- #define DEFAULT_LUKS1_HASH "sha256"
- #define DEFAULT_LUKS1_ITER_TIME 2000
- #define DEFAULT_LUKS2_ITER_TIME 2000
- #define DEFAULT_LUKS2_MEMORY_KB 1048576
- #define DEFAULT_LUKS2_PARALLEL_THREADS 4
- #define DEFAULT_LUKS2_PBKDF "argon2i"
-#endif
+#define PASS0 "aaablabl"
+#define PASS1 "hhhblabl"
+#define PASS2 "cccblabl"
+#define PASS3 "dddblabl"
+#define PASS4 "eeeblabl"
+#define PASS5 "fffblabl"
+#define PASS6 "gggblabl"
+#define PASS7 "bbbblabl"
+#define PASS8 "iiiblabl"
static int _fips_mode = 0;
struct crypt_device *cd = NULL, *cd2 = NULL;
+static const char *default_luks1_hash = NULL;
+static uint32_t default_luks1_iter_time = 0;
+
+static const char *default_luks2_pbkdf = NULL;
+static uint32_t default_luks2_iter_time = 0;
+static uint32_t default_luks2_memory_kb = 0;
+static uint32_t default_luks2_parallel_threads = 0;
+
+static struct crypt_pbkdf_type min_pbkdf2 = {
+ .type = "pbkdf2",
+ .iterations = 1000,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+}, min_argon2 = {
+ .type = "argon2id",
+ .iterations = 4,
+ .max_memory_kb = 32,
+ .parallel_threads = 1,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+};
+
// Helpers
static unsigned cpus_online(void)
uint64_t memory_kb;
if (pagesize <= 0 || pages <= 0)
- return DEFAULT_LUKS2_MEMORY_KB;
+ return default_luks2_memory_kb;
memory_kb = pagesize / 1024 * pages / 2;
- if (memory_kb < DEFAULT_LUKS2_MEMORY_KB)
+ if (memory_kb < default_luks2_memory_kb)
return (uint32_t)memory_kb;
- return DEFAULT_LUKS2_MEMORY_KB;
+ return default_luks2_memory_kb;
}
static unsigned _min(unsigned a, unsigned b)
struct crypt_device *cd = NULL;
static uint64_t default_header_size = 0;
+ if (r_header_size)
+ *r_header_size = 0;
+ if (r_payload_offset)
+ *r_payload_offset = 0;
+
if (!default_header_size) {
if (crypt_init(&cd, THE_LOOP_DEV))
return -EINVAL;
return 0;
}
+static bool get_luks_pbkdf_defaults(void)
+{
+ const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS1);
+
+ if (!pbkdf_defaults)
+ return false;
+
+ default_luks1_hash = pbkdf_defaults->hash;
+ default_luks1_iter_time = pbkdf_defaults->time_ms;
+
+ pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
+ if (!pbkdf_defaults)
+ return false;
+
+ default_luks2_pbkdf = pbkdf_defaults->type;
+ default_luks2_iter_time = pbkdf_defaults->time_ms;
+ default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
+ default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
+
+ return true;
+}
+
static void _remove_keyfiles(void)
{
remove(KEYFILE1);
char cmd[128];
test_loop_file = strdup(THE_LFILE_TEMPLATE);
+ if (!test_loop_file)
+ return 1;
+
if ((fd=mkstemp(test_loop_file)) == -1) {
printf("cannot create temporary file with template %s\n", test_loop_file);
return 1;
}
close(fd);
- snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
- test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE) < 0)
+ return 1;
if (_system(cmd, 1))
return 1;
close(fd);
tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
+ if (!tmp_file_1)
+ return 1;
+
if ((fd=mkstemp(tmp_file_1)) == -1) {
printf("cannot create temporary file with template %s\n", tmp_file_1);
return 1;
}
close(fd);
- snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
- tmp_file_1, SECTOR_SIZE, 10);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ tmp_file_1, TST_SECTOR_SIZE, 10) < 0)
+ return 1;
if (_system(cmd, 1))
return 1;
_system("dmsetup create " DEVICE_EMPTY_name " --table \"0 10000 zero\"", 1);
_system("dmsetup create " DEVICE_ERROR_name " --table \"0 10000 error\"", 1);
+ if (t_set_readahead(DEVICE_ERROR, 0))
+ printf("cannot set read ahead on device %s\n", DEVICE_ERROR);
+
_system(" [ ! -e " IMAGE1 " ] && xz -dk " IMAGE1 ".xz", 1);
fd = loop_attach(&DEVICE_1, IMAGE1, 0, 0, &ro);
close(fd);
_system("dd if=/dev/zero of=" IMAGE_EMPTY_SMALL_2 " bs=512 count=2050 2>/dev/null", 1);
- _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && xz -dk " NO_REQS_LUKS2_HEADER ".xz", 1);
+ _system(" [ ! -e " NO_REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1);
fd = loop_attach(&DEVICE_4, NO_REQS_LUKS2_HEADER, 0, 0, &ro);
close(fd);
- _system(" [ ! -e " REQS_LUKS2_HEADER " ] && xz -dk " REQS_LUKS2_HEADER ".xz", 1);
+ _system(" [ ! -e " REQS_LUKS2_HEADER " ] && tar xJf " REQS_LUKS2_HEADER ".tar.xz", 1);
fd = loop_attach(&DEVICE_5, REQS_LUKS2_HEADER, 0, 0, &ro);
close(fd);
_system(" [ ! -d " CONV_DIR " ] && tar xJf " CONV_DIR ".tar.xz 2>/dev/null", 1);
- if (_system("modprobe dm-crypt", 1))
+ if (_system("modprobe dm-crypt >/dev/null 2>&1", 1))
return 1;
if (t_dm_check_versions())
return 1;
- _system("rmmod dm-crypt", 0);
+ _system("rmmod dm-crypt >/dev/null 2>&1", 0);
_fips_mode = fips_mode();
if (_debug)
/* Use default log callback */
crypt_set_log_callback(NULL, &global_log_callback, NULL);
+ if (!get_luks_pbkdf_defaults())
+ return 1;
+
+ min_pbkdf2.hash = min_argon2.hash = default_luks1_hash;
+
return 0;
}
+static int set_fast_pbkdf(struct crypt_device *cd)
+{
+ const struct crypt_pbkdf_type *pbkdf = &min_argon2;
+
+ /* Cannot use Argon2 in FIPS */
+ if (_fips_mode)
+ pbkdf = &min_pbkdf2;
+
+ return crypt_set_pbkdf_type(cd, pbkdf);
+}
+
#ifdef KERNEL_KEYRING
static key_serial_t add_key(const char *type, const char *description, const void *payload, size_t plen, key_serial_t keyring)
{
}
#endif
-static int test_open(struct crypt_device *cd,
- int token,
- char **buffer,
- size_t *buffer_len,
- void *usrptr)
+static int test_open(struct crypt_device *cd __attribute__((unused)),
+ int token __attribute__((unused)),
+ char **buffer,
+ size_t *buffer_len,
+ void *usrptr)
{
const char *str = (const char *)usrptr;
return 0;
}
-static int test_validate(struct crypt_device *cd, const char *json)
+static int test_validate(struct crypt_device *cd __attribute__((unused)), const char *json)
{
return (strstr(json, "magic_string") == NULL);
}
size_t key_size;
int suspend_status;
uint64_t r_payload_offset;
- const struct crypt_pbkdf_type fast_pbkdf = {
- .type = "pbkdf2",
- .hash = "sha256",
- .iterations = 1000,
- .flags = CRYPT_PBKDF_NO_BENCHMARK
- };
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
/* Resume device with cipher_null */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
};
char key[128], key2[128], key3[128];
- const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *tmp_buf, *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size, r_size_1;
pbkdf.max_memory_kb = 0;
}
- crypt_decode_key(key, mk_hex, key_size);
- crypt_decode_key(key3, mk_hex2, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
// init test devices
OK_(get_luks2_offsets(0, 0, 0, &r_header_size, &r_payload_offset));
// test payload_offset = 0 for encrypted device with external header device
OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
EQ_(crypt_get_data_offset(cd), 0);
CRYPT_FREE(cd);
// test payload_offset = 0. format() should look up alignment offset from device topology
OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
OK_(!(crypt_get_data_offset(cd) > 0));
CRYPT_FREE(cd);
// set_data_offset has priority, alignment must be 0 or must be compatible
params.data_alignment = 0;
OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_set_data_offset(cd, OFFSET_8M));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
EQ_(crypt_get_data_offset(cd), OFFSET_8M);
params.data_alignment = OFFSET_4M;
OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
FAIL_(crypt_set_data_offset(cd, OFFSET_2M + 1), "Not aligned to 4096"); // must be aligned to 4k
OK_(crypt_set_data_offset(cd, OFFSET_2M));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Alignment not compatible");
// 1 sector less than required
OK_(crypt_init(&cd, DMDIR L_DEVICE_WRONG));
+ OK_(set_fast_pbkdf(cd));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Device too small");
CRYPT_FREE(cd);
// 0 sectors for encrypted area
OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Encrypted area too small");
CRYPT_FREE(cd);
// 1 sector for encrypted area
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
EQ_(crypt_get_data_offset(cd), r_payload_offset);
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
- EQ_(r_size_1, SECTOR_SIZE);
+ EQ_(r_size_1, TST_SECTOR_SIZE);
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// restrict format only to empty context
// generate keyslot material at the end of luks header
OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
EQ_((int)key_size, crypt_get_volume_key_size(cd));
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
CRYPT_FREE(cd);
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms), "Context is already formatted");
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
CRYPT_FREE(cd);
// test uuid mismatch and _init_by_name_and_header
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
params.data_alignment = 0;
params.data_device = DEVICE_2;
OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
CRYPT_FREE(cd);
// there we've got uuid mismatch
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_header_is_detached(cd), 1);
CRYPT_FREE(cd);
params.data_device = NULL;
OK_(crypt_init(&cd, DEVICE_2));
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
// even with no keyslots defined it can be activated by volume key
GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2));
- crypt_set_iteration_time(cd, 1);
EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
key[1] = ~key[1];
FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
key[1] = ~key[1];
- EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
+ EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase2, strlen(passphrase2)));
EQ_(CRYPT_SLOT_ACTIVE, crypt_keyslot_status(cd, 6));
FAIL_(crypt_keyslot_destroy(cd, 8), "invalid keyslot");
EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
+ EQ_(6, crypt_keyslot_change_by_passphrase(cd, 6, CRYPT_ANY_SLOT, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
+ EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));
EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
OK_(!(global_lines != 0));
reset_log();
+ FAIL_(crypt_dump_json(cd, NULL, 42), "flags be used later");
+ OK_(crypt_dump_json(cd, NULL, 0));
+ OK_(!(global_lines != 0));
+ reset_log();
+ OK_(crypt_dump_json(cd, &tmp_buf, 0));
+ OK_(!(tmp_buf && strlen(tmp_buf) != 0));
+
FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_2));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_2));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, NULL));
FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key3, key_size, 0), "VK doesn't match any digest assigned to segment 0");
* volume key size is unknown (no active keyslots).
*/
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
/* drop context copy of volume key */
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
OK_(crypt_keyslot_destroy(cd, 0));
+ OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
CRYPT_FREE(cd);
};
char key[128], tmp[128];
- const char *passphrase = "blabla";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_header_size, default_mdata_size, default_keyslots_size, mdata_size,
pbkdf.iterations = 1000;
}
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
// init test devices
OK_(get_luks2_offsets(0, 0, 0, &r_header_size, NULL));
OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(crypt_set_metadata_size(cd, 0x080000, 0x080000));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
- EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7);
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR H_DEVICE));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
// Dirty checks: device without UUID
// we should be able to remove it but not manipulate with it
- snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
"0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
- "%s 2048\"", CDEVICE_2, DEVICE_2);
+ "%s 2048\"", CDEVICE_2, DEVICE_2), 0);
_system(tmp, 1);
OK_(crypt_init_by_name(&cd, CDEVICE_2));
OK_(crypt_deactivate(cd, CDEVICE_2));
CRYPT_FREE(cd);
// Dirty checks: device with UUID but LUKS header key fingerprint must fail)
- snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
"0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
"%s 2048\" -u CRYPT-LUKS2-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
- CDEVICE_2, DEVICE_2);
+ CDEVICE_2, DEVICE_2), 0);
_system(tmp, 1);
OK_(crypt_init_by_name(&cd, CDEVICE_2));
OK_(crypt_deactivate(cd, CDEVICE_2));
.sector_size = 512
};
struct crypt_params_plain pl_params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
};
uint32_t flags = 0;
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset;
pbkdf.max_memory_kb = 0;
}
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
// do not allow restore over LUKS1 header on device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- crypt_set_iteration_time(cd, 1);
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, &luks1));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
.sector_size = 512
};
struct crypt_params_plain pl_params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
};
char key[128], cmd[256];
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size, img_size;
pbkdf.max_memory_kb = 0;
}
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
// hardcoded values for existing image IMAGE1
img_size = 8192;
// prepared header on a device too small to contain header and payload
//OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, img_size - 1));
- snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1);
+ GE_(snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32
+ " count=%" PRIu64 " 2>/dev/null", params.sector_size, img_size - 1), 0);
OK_(_system(cmd, 1));
// some device
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// repeat with init with two devices
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// bad header: device too small (payloadOffset > device_size)
char key[128];
int fd, ro = O_RDONLY;
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset;
pbkdf.max_memory_kb = 0;
}
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
OK_(get_luks2_offsets(1, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// exercise luksOpen using backup header in file
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, BACKUP_FILE));
};
char key[128];
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
- const char *cipher = "aes";
- const char *cipher_mode = "cbc-essiv:sha256";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes", *capi_cipher = "capi:cbc(aes)";
+ const char *cipher_mode = "cbc-essiv:sha256", *capi_cipher_mode = "essiv:sha256";
uint64_t r_payload_offset, r_header_size, r_size;
/* Cannot use Argon2 in FIPS */
pbkdf.max_memory_kb = 0;
}
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
// prepare env
OK_(get_luks2_offsets(0, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(crypt_resize(cd, CDEVICE_1, 0));
OK_(crypt_resize(cd, CDEVICE_1, 42));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(42, r_size >> SECTOR_SHIFT);
+ EQ_(42, r_size >> TST_SECTOR_SHIFT);
OK_(crypt_resize(cd, CDEVICE_1, 0));
// autodetect encrypted device area size
OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_resize(cd, CDEVICE_1, 666));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(666, r_size >> SECTOR_SHIFT);
+ EQ_(666, r_size >> TST_SECTOR_SHIFT);
// autodetect encrypted device size
OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
OK_(crypt_resize(cd, CDEVICE_1, 43));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(43, r_size >> SECTOR_SHIFT);
+ EQ_(43, r_size >> TST_SECTOR_SHIFT);
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
CRYPT_FREE(cd2);
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
- crypt_set_iteration_time(cd2, 1);
+ OK_(crypt_set_pbkdf_type(cd2, &min_pbkdf2));
OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, cipher_mode, crypt_get_uuid(cd), key, key_size, NULL));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, key_size, 0));
FAIL_(crypt_resize(cd2, CDEVICE_1, 1), "Device got resized by wrong device context.");
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
+ if (t_dm_capi_string_supported()) {
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS2, capi_cipher, capi_cipher_mode, NULL, key, key_size, NULL));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ OK_(crypt_resize(cd, CDEVICE_1, 8));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(8, r_size >> TST_SECTOR_SHIFT);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+ }
+
_cleanup_dmdevices();
}
.key_description = KEY_DESC_TEST0
}, params2 = {
.key_description = KEY_DESC_TEST1
- };
+ }, params_invalid = {};
uint64_t r_payload_offset;
if (!t_dm_crypt_keyring_support()) {
// prepare the device
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ FAIL_(crypt_token_luks2_keyring_set(cd, CRYPT_ANY_TOKEN, ¶ms_invalid), "Invalid key description property.");
EQ_(crypt_token_luks2_keyring_set(cd, 3, ¶ms), 3);
EQ_(crypt_token_assign_keyslot(cd, 3, 0), 3);
CRYPT_FREE(cd);
EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms2), 1);
FAIL_(crypt_token_assign_keyslot(cd, 1, 1), "Keyslot 1 doesn't exist");
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
EQ_(crypt_token_assign_keyslot(cd, 1, 1), 1);
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
OK_(crypt_keyslot_destroy(cd, 0));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
CRYPT_FREE(cd);
// 1st token being invalid (missing key in keyring)
// 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
"\"key_description\":" y ", \"some_field\":\"some_value\"}"
- int ks;
+ int ks, token_max;
const char *dummy;
const char *cipher = "aes";
const char *cipher_mode = "xts-plain64";
char passptr[] = PASSPHRASE;
char passptr1[] = PASSPHRASE1;
+ struct crypt_active_device cad;
static const crypt_token_handler th = {
.name = "test_token",
// basic token API tests
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
- crypt_set_iteration_time(cd, 1);
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
EQ_(crypt_token_status(cd, 32, NULL), CRYPT_TOKEN_INVALID);
ks = crypt_keyslot_change_by_passphrase(cd, 5, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1));
NOTFAIL_(ks, "Failed to change keyslot passphrase.");
OK_(crypt_token_is_assigned(cd, 10, ks));
+ CRYPT_FREE(cd);
+
+ // test token activation respects keyslot priorities
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
+ EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 5, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 5);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 12, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 12);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 31, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 31);
+
+ OK_(crypt_keyslot_set_priority(cd, 0, CRYPT_SLOT_PRIORITY_IGNORE));
+ OK_(crypt_keyslot_set_priority(cd, 3, CRYPT_SLOT_PRIORITY_PREFER));
+ OK_(crypt_keyslot_set_priority(cd, 8, CRYPT_SLOT_PRIORITY_PREFER));
+ OK_(crypt_keyslot_set_priority(cd, 12,CRYPT_SLOT_PRIORITY_PREFER));
+
+ // expected unusable with CRYPT_ANY_TOKEN
+ EQ_(crypt_token_json_set(cd, 1, TEST_TOKEN_JSON("\"0\", \"3\"")), 1);
+
+ // expected unusable (-EPERM)
+ EQ_(crypt_token_json_set(cd, 5, TEST_TOKEN_JSON("\"8\"")), 5);
+
+ // expected unusable (-EPERM)
+ EQ_(crypt_token_json_set(cd, 4, TEST_TOKEN_JSON("\"8\", \"3\"")), 4);
+ // expected unusable (-ENOENT)
+ EQ_(crypt_token_json_set(cd, 6, TEST_TOKEN_JSON("\"3\"")), 6);
+
+ // expected unusable (-ENOENT)
+ EQ_(crypt_token_json_set(cd, 11, TEST_TOKEN_JSON("")), 11);
+
+ token_max = crypt_token_max(CRYPT_LUKS2) - 1;
+ GE_(token_max, 0);
+
+ // expected to be used first with CRYPT_ANY_TOKEN (unlocks with high priority ks 12)
+ EQ_(crypt_token_json_set(cd, token_max, TEST_TOKEN_JSON("\"12\", \"0\", \"3\"")), token_max);
+
+ // expected usable with CRYPT_ANY_TOKEN
+ EQ_(crypt_token_json_set(cd, 8, TEST_TOKEN_JSON("\"5\", \"0\", \"3\"")), 8);
+
+ // of all tokens keyslot 12 has highest priority now
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 12);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ // with explicit token priority ignore may be used
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 1, NULL, 0, passptr, 0), 0);
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", 1, NULL, 0, passptr, 0), 0);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+
+ EQ_(crypt_token_json_set(cd, token_max, NULL), token_max);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 5, NULL, 0, passptr, 0), -EPERM);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 4, NULL, 0, passptr, 0), -EPERM);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, 0), -ENOENT);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 6, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 3);
+
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, 0), -ENOENT);
+ EQ_(crypt_activate_by_token_pin(cd, NULL, "test_token", 11, NULL, 0, passptr, CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), -ENOENT);
+
+ // test crypt_resume_by_token_pin
+ EQ_(crypt_activate_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr, 0), 5);
+ OK_(crypt_suspend(cd, CDEVICE_1));
+ EQ_(crypt_resume_by_token_pin(cd, CDEVICE_1, "test_token", CRYPT_ANY_TOKEN, NULL, 0, passptr), 5);
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
+ EQ_(crypt_token_max(CRYPT_LUKS2), 32);
+ FAIL_(crypt_token_max(CRYPT_LUKS1), "No token support in LUKS1");
+ FAIL_(crypt_token_max(NULL), "No LUKS format specified");
_cleanup_dmdevices();
}
.parallel_threads = 1
}, pbkdf2 = {
.type = CRYPT_KDF_PBKDF2,
- .hash = "sha1",
+ .hash = "sha256",
.time_ms = 1
};
// prepare the device
OK_(crypt_init(&cd, DEVICE_1));
- crypt_set_iteration_time(cd, 1);
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, NULL, 32, NULL));
offset = crypt_get_data_offset(cd);
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
// detached LUKS1 header upconversion
OK_(create_dmdevice_over_loop(H_DEVICE, 2050)); // default LUKS1 header should fit there
OK_(crypt_init(&cd, DMDIR H_DEVICE));
- crypt_set_iteration_time(cd, 1);
- //OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
FAIL_(crypt_convert(cd, CRYPT_LUKS2, NULL), "Unable to move keyslots. Not enough space.");
// 2050 sectors, empty file
OK_(crypt_init(&cd, IMAGE_EMPTY_SMALL_2));
- //OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
- crypt_set_iteration_time(cd, 1);
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, "aes", "xts-plain64", NULL, NULL, 32, &luks1));
EQ_(crypt_get_data_offset(cd), 0);
EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
const char *cipher = "aes", *mode="xts-plain64";
struct crypt_pbkdf_type argon2 = {
.type = CRYPT_KDF_ARGON2I,
- .hash = DEFAULT_LUKS1_HASH,
+ .hash = default_luks1_hash,
.time_ms = 6,
.max_memory_kb = 1024,
.parallel_threads = 1
}, pbkdf2 = {
.type = CRYPT_KDF_PBKDF2,
- .hash = DEFAULT_LUKS1_HASH,
+ .hash = default_luks1_hash,
.time_ms = 9
}, bad = {
.type = "hamster_pbkdf",
- .hash = DEFAULT_LUKS1_HASH
+ .hash = default_luks1_hash
};
struct crypt_params_plain params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
OK_(crypt_set_pbkdf_type(cd, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
+ EQ_(pbkdf->time_ms, default_luks1_iter_time);
CRYPT_FREE(cd);
// test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
EQ_(pbkdf->time_ms, 42);
// test crypt_get_pbkdf_type() returns expected values for LUKSv1
OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->max_memory_kb, 0);
EQ_(pbkdf->parallel_threads, 0);
crypt_set_iteration_time(cd, 43);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
- OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
- EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
// set and verify argon2 type
OK_(crypt_set_pbkdf_type(cd, &argon2));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
crypt_set_iteration_time(cd, 1); // it's supposed to override this call
OK_(crypt_set_pbkdf_type(cd, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
- OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
- EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
// try to pass illegal values
argon2.parallel_threads = 0;
FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
bad.hash = NULL;
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
bad.type = NULL;
- bad.hash = DEFAULT_LUKS1_HASH;
+ bad.hash = default_luks1_hash;
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
bad.hash = "hamster_hash";
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
- OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
- EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
crypt_set_iteration_time(cd, 1);
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
- OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->time_ms, 1);
EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
- EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
+ EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
CRYPT_FREE(cd);
// test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
pbkdf2.time_ms = 9;
pbkdf2.hash = NULL;
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
- pbkdf2.hash = "sha1";
+ pbkdf2.hash = "sha256";
OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
argon2.time_ms = 9;
- argon2.hash = "sha1"; // will be ignored
+ argon2.hash = "sha256"; // will be ignored
OK_(crypt_set_pbkdf_type(cd, &argon2));
argon2.hash = NULL;
OK_(crypt_set_pbkdf_type(cd, &argon2));
NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
+ EQ_(pbkdf->time_ms, default_luks1_iter_time);
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
EQ_(pbkdf->max_memory_kb, 0);
EQ_(pbkdf->parallel_threads, 0);
NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
- OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
- EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
- OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
- EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB);
- EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS);
+ OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
+ EQ_(pbkdf->time_ms, default_luks2_iter_time);
+ OK_(strcmp(pbkdf->hash, default_luks1_hash));
+ EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
+ EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
{
char key[128], key2[128], key_ret[128];
const char *cipher = "aes", *cipher_mode="xts-plain64";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
- size_t key_ret_len, key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_ret_len, key_size = strlen(vk_hex) / 2;
uint64_t r_payload_offset;
struct crypt_pbkdf_type pbkdf = {
.type = "argon2i",
};
struct crypt_params_luks2 params2 = {
.pbkdf = &pbkdf,
- .sector_size = SECTOR_SIZE
+ .sector_size = TST_SECTOR_SIZE
};
- crypt_decode_key(key, mk_hex, key_size);
- crypt_decode_key(key2, mk_hex2, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key2, vk_hex2, key_size);
/* Cannot use Argon2 in FIPS */
if (_fips_mode) {
char key[128], key2[128];
const char *cipher = "aes", *cipher_mode="xts-plain64";
const char *cipher_spec = "aes-xts-plain64", *cipher_keyslot = "aes-cbc-essiv:sha256";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
- size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size_ret, key_size = strlen(vk_hex) / 2, keyslot_key_size = 16;
uint64_t r_payload_offset;
- const struct crypt_pbkdf_type fast_pbkdf = {
- .type = "pbkdf2",
- .hash = "sha256",
- .iterations = 1000,
- .flags = CRYPT_PBKDF_NO_BENCHMARK
- };
- crypt_decode_key(key, mk_hex, key_size);
- crypt_decode_key(key2, mk_hex2, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key2, vk_hex2, key_size);
OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
EQ_(key_size, 2 * keyslot_key_size);
/* test crypt_keyslot_add_by_key */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 7, &key_size_ret), cipher_keyslot));
EQ_(key_size_ret, keyslot_key_size);
- OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
OK_(strcmp(crypt_keyslot_get_encryption(cd, 8, &key_size_ret), cipher_spec));
EQ_(key_size_ret, key_size);
/* LUKS1 compatible calls */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL));
NULL_(crypt_keyslot_get_encryption(cd, 0, &key_size_ret));
OK_(strcmp(crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size_ret), cipher_spec));
/* LUKS2 cipher null checks */
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- OK_(crypt_set_pbkdf_type(cd, &fast_pbkdf));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
OK_(crypt_format(cd, CRYPT_LUKS2, "cipher_null", "ecb", NULL, key, key_size, NULL));
FAIL_(crypt_keyslot_set_encryption(cd, "null", 32), "cipher null is not allowed");
FAIL_(crypt_keyslot_set_encryption(cd, "cipher_null", 32), "cipher null is not allowed");
// prepare the device
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- crypt_set_iteration_time(cd, 1);
+ OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
struct crypt_pbkdf_type argon2 = {
.type = CRYPT_KDF_ARGON2I,
- .hash = DEFAULT_LUKS1_HASH,
+ .hash = default_luks1_hash,
.time_ms = 6,
.max_memory_kb = 1024,
.parallel_threads = 1
}, pbkdf2 = {
.type = CRYPT_KDF_PBKDF2,
- .hash = DEFAULT_LUKS1_HASH,
+ .hash = default_luks1_hash,
.time_ms = 9
};
struct crypt_token_params_luks2_keyring params_get, params = {
.key_description = KEY_DESC_TEST0
};
- OK_(prepare_keyfile(KEYFILE1, "aaa", 3));
- OK_(prepare_keyfile(KEYFILE2, "xxx", 3));
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
/* crypt_load (unrestricted) */
OK_(crypt_init(&cd, DEVICE_5));
FAIL_((r = crypt_set_label(cd, "label", "subsystem")), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
+ /* crypt_get_label (unrestricted) */
+ NOTNULL_(crypt_get_label(cd));
+ OK_(strcmp("", crypt_get_label(cd)));
+ /* crypt_get_subsystem (unrestricted) */
+ NOTNULL_(crypt_get_subsystem(cd));
+ OK_(strcmp("", crypt_get_subsystem(cd)));
+
/* crypt_repair (with current repair capabilities it's unrestricted) */
OK_(crypt_repair(cd, CRYPT_LUKS2, NULL));
/* crypt_keyslot_add_passphrase (restricted) */
- FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
+ FAIL_((r = crypt_keyslot_add_by_passphrase(cd, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_keyslot_change_by_passphrase (restricted) */
- FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, "aaa", 3, "bbb", 3)), "Unmet requirements detected");
+ FAIL_((r = crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 9, PASSPHRASE, strlen(PASSPHRASE), "bbb", 3)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_keyslot_add_by_keyfile (restricted) */
EQ_(r, -ETXTBSY);
/* crypt_volume_key_get (unrestricted, but see below) */
- OK_(crypt_volume_key_get(cd, 0, key, &key_size, "aaa", 3));
+ OK_(crypt_volume_key_get(cd, 0, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)));
/* crypt_keyslot_add_by_volume_key (restricted) */
- FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3)), "Unmet requirements detected");
+ FAIL_((r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1))), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_keyslot_add_by_key (restricted) */
- FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, "xxx", 3, CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
+ FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_keyslot_add_by_key (restricted) */
- FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, "xxx", 3, 0)), "Unmet requirements detected");
+ FAIL_((r = crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), 0)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_persistent_flasgs_set (restricted) */
/* crypt_persistent_flasgs_get (unrestricted) */
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &flags));
- EQ_(flags, (uint32_t) CRYPT_REQUIREMENT_UNKNOWN);
+ EQ_(flags, CRYPT_REQUIREMENT_UNKNOWN);
/* crypt_activate_by_passphrase (restricted for activation only) */
- FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0)), "Unmet requirements detected");
+ FAIL_((r = crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
- OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, 0));
- OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
/* crypt_activate_by_keyfile (restricted for activation only) */
#ifdef KERNEL_KEYRING
if (t_dm_crypt_keyring_support()) {
- kid = add_key("user", KEY_DESC_TEST0, "aaa", 3, KEY_SPEC_THREAD_KEYRING);
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
NOTFAIL_(kid, "Test or kernel keyring are broken.");
/* crypt_activate_by_keyring (restricted for activation only) */
EQ_(r, t_dm_crypt_keyring_support() ? -ETXTBSY : -EINVAL);
OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0));
OK_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, CRYPT_ACTIVATE_KEYRING_KEY));
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
}
#endif
/* crypt_activate_by_token (restricted for activation only) */
#ifdef KERNEL_KEYRING
if (t_dm_crypt_keyring_support()) {
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+
FAIL_((r = crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0)), ""); // supposed to be silent
EQ_(r, -ETXTBSY);
OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
OK_(crypt_activate_by_token(cd, NULL, 1, NULL, CRYPT_ACTIVATE_KEYRING_KEY));
+
+ NOTFAIL_(keyctl_unlink(kid, KEY_SPEC_THREAD_KEYRING), "Test or kernel keyring are broken.");
}
#endif
OK_(get_luks2_offsets(0, 8192, 0, NULL, &r_payload_offset));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
/* replace header with no requirements */
OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
OK_(crypt_init_by_name(&cd, CDEVICE_1));
/* crypt_resume_by_passphrase (restricted) */
- FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3)), "Unmet requirements detected");
+ FAIL_((r = crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE))), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
/* crypt_resume_by_keyfile (restricted) */
OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
OK_(crypt_init_by_name(&cd, CDEVICE_1));
- OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3));
+ OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE)));
CRYPT_FREE(cd);
OK_(_system("dd if=" REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
OK_(crypt_init_by_name(&cd, CDEVICE_1));
/* load VK in keyring */
- OK_(crypt_activate_by_passphrase(cd, NULL, 0, "aaa", 3, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
+ OK_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
/* crypt_resize (restricted) */
FAIL_((r = crypt_resize(cd, CDEVICE_1, 1)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
.integrity = "hmac(sha256)"
};
size_t key_size = 32 + 32;
- const char *passphrase = "blabla";
const char *cipher = "aes";
const char *cipher_mode = "xts-random";
int ret;
return;
}
- EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7);
- EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7);
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 7);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, PASSPHRASE, strlen(PASSPHRASE) ,0), 7);
GE_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
CRYPT_FREE(cd);
CRYPT_FREE(cd);
}
-static int set_fast_pbkdf(struct crypt_device *cd)
-{
- struct crypt_pbkdf_type pbkdf = {
- .type = "argon2id",
- .hash = "sha256",
- .iterations = 4,
- .max_memory_kb = 32,
- .parallel_threads = 1,
- .flags = CRYPT_PBKDF_NO_BENCHMARK
- };
-
- /* Cannot use Argon2 in FIPS */
- if (_fips_mode) {
- pbkdf.type = CRYPT_KDF_PBKDF2;
- pbkdf.parallel_threads = 0;
- pbkdf.max_memory_kb = 0;
- pbkdf.iterations = 1000;
- }
- return crypt_set_pbkdf_type(cd, &pbkdf);
-}
-
static int check_flag(uint32_t flags, uint32_t flag)
{
return (flags & flag) ? 0 : -1;
uint64_t r_payload_offset;
char key[128], key1[128];
const char *cipher = "aes", *mode = "xts-plain64";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
- const char *mk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c645be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb22158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
struct crypt_params_luks2 params = {
.sector_size = 512,
.integrity = "aead"
};
struct crypt_active_device cad = {};
- crypt_decode_key(key, mk_hex, key_size);
- crypt_decode_key(key1, mk_hex2, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key1, vk_hex2, key_size);
OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(set_fast_pbkdf(cd));
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, key, 32, NULL));
- OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, 0));
+ OK_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0));
/* check we can refresh significant flags */
if (t_dm_crypt_discard_support()) {
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_ALLOW_DISCARDS));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_ALLOW_DISCARDS));
cad.flags = 0;
}
if (t_dm_crypt_cpu_switch_support()) {
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SAME_CPU_CRYPT));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SAME_CPU_CRYPT));
cad.flags = 0;
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
cad.flags = 0;
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
cad.flags = 0;
}
OK_(crypt_volume_key_keyring(cd, 0));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY), "Unexpected flag raised.");
cad.flags = 0;
#ifdef KERNEL_KEYRING
if (t_dm_crypt_keyring_support()) {
OK_(crypt_volume_key_keyring(cd, 1));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_KEYRING_KEY));
cad.flags = 0;
/* multiple flags at once */
if (t_dm_crypt_discard_support() && t_dm_crypt_cpu_switch_support()) {
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS | CRYPT_ACTIVATE_ALLOW_DISCARDS));
cad.flags = 0;
}
/* do not allow reactivation with read-only (and drop flag silently because activation behaves exactly same) */
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_READONLY));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY), "Reactivated with read-only flag.");
cad.flags = 0;
/* reload flag is dropped silently */
OK_(crypt_deactivate(cd, CDEVICE_1));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
/* check read-only flag is not lost after reload */
OK_(crypt_deactivate(cd, CDEVICE_1));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_READONLY));
- OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_READONLY));
+ OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_READONLY));
cad.flags = 0;
/* check LUKS2 with auth. enc. reload */
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
if (!crypt_format(cd2, CRYPT_LUKS2, "aes", "gcm-random", crypt_get_uuid(cd), key, 32, ¶ms)) {
- OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, "aaa", 3));
+ OK_(crypt_keyslot_add_by_volume_key(cd2, 0, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, 0));
OK_(crypt_activate_by_volume_key(cd2, CDEVICE_2, key, 32, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_NO_JOURNAL));
OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
OK_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS));
cad.flags = 0;
- OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH));
+ OK_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH));
OK_(crypt_get_active_device(cd2, CDEVICE_2, &cad));
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_NO_JOURNAL), "");
FAIL_(check_flag(cad.flags, CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS), "");
- FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS2/aead context");
OK_(crypt_deactivate(cd2, CDEVICE_2));
} else {
printf("WARNING: cannot format integrity device, skipping few reload tests.\n");
/* Use LUKS1 context on LUKS2 device */
OK_(crypt_init(&cd2, DMDIR L_DEVICE_1S));
OK_(crypt_format(cd2, CRYPT_LUKS1, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
- OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, "aaa", 3));
- FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
+ OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed LUKS2 device with LUKS1 context");
CRYPT_FREE(cd2);
/* Use PLAIN context on LUKS2 device */
OK_(crypt_init(&cd2, DMDIR L_DEVICE_WRONG));
OK_(set_fast_pbkdf(cd2));
OK_(crypt_format(cd2, CRYPT_LUKS2, cipher, mode, crypt_get_uuid(cd), key, 32, NULL));
- OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, "aaa", 3));
- FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, "aaa", 3, CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
+ OK_(crypt_keyslot_add_by_volume_key(cd2, CRYPT_ANY_SLOT, key, 32, PASSPHRASE, strlen(PASSPHRASE)));
+ FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_REFRESH), "Refreshed dm-crypt mapped over mismatching data device");
OK_(crypt_deactivate(cd, CDEVICE_1));
flags = CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
OK_(crypt_persistent_flags_set(cd, CRYPT_FLAGS_ACTIVATION, flags));
- flags = (uint32_t)~0;
+ flags = ~UINT32_C(0);
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_ACTIVATION, &flags));
EQ_(flags,CRYPT_ACTIVATE_ALLOW_DISCARDS | CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS);
+ /* label and subsystem (second label */
+ OK_(crypt_set_label(cd, "label", "subsystem"));
+ OK_(strcmp("label", crypt_get_label(cd)));
+ OK_(strcmp("subsystem", crypt_get_subsystem(cd)));
+
+ OK_(crypt_set_label(cd, NULL, NULL));
+ OK_(strcmp("", crypt_get_label(cd)));
+ OK_(strcmp("", crypt_get_subsystem(cd)));
+
CRYPT_FREE(cd);
}
#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
-static int test_progress(uint64_t size, uint64_t offset, void *usrptr)
+static int test_progress(uint64_t size __attribute__((unused)),
+ uint64_t offset __attribute__((unused)),
+ void *usrptr __attribute__((unused)))
{
while (--test_progress_steps)
return 0;
struct crypt_params_reencrypt retparams = {}, rparams = {
.direction = CRYPT_REENCRYPT_FORWARD,
.resilience = "checksum",
- .hash = "sha1",
+ .hash = "sha256",
.luks2 = ¶ms2,
};
+ dev_t devno;
- const char *mk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21babe733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
char key[128];
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
/* reencryption currently depends on kernel keyring support in dm-crypt */
if (!t_dm_crypt_keyring_support())
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
- FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.");
+ FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not initialized.");
rparams.flags &= ~CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
rparams.flags = 0;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
/* check keyslots are reassigned to segment after reencryption */
EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INACTIVE);
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment.");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
- FAIL_(crypt_reencrypt(cd, NULL), "Reencryption context not initialized.");
+ FAIL_(crypt_reencrypt_run(cd, NULL, NULL), "Reencryption context not initialized.");
rparams.device_size = 16;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, 0);
rparams.hash = "hamSter";
FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
- rparams.hash = "sha1";
+ rparams.hash = "sha256";
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
/* FIXME: this is a bug, but not critical (data shift parameter is ignored after initialization) */
//rparams.data_shift = 8;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
rparams.flags = 0;
FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
- FAIL_(crypt_reencrypt(cd2, NULL), "Invalid reencryption context.");
+ FAIL_(crypt_reencrypt_run(cd2, NULL, NULL), "Invalid reencryption context.");
OK_(crypt_persistent_flags_get(cd, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(getflags & CRYPT_REQUIREMENT_ONLINE_REENCRYPT, CRYPT_REQUIREMENT_ONLINE_REENCRYPT);
OK_(crypt_persistent_flags_get(cd2, CRYPT_FLAGS_REQUIREMENTS, &getflags));
EQ_(crypt_reencrypt_status(cd2, NULL), CRYPT_REENCRYPT_CLEAN);
FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
CRYPT_FREE(cd2);
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
/* interrupt reencryption after 'test_progress_steps' */
- test_progress_steps = 1;
- OK_(crypt_reencrypt(cd, &test_progress));
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption.");
rparams.device_size = 2;
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencryption.");
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(crypt_get_data_offset(cd), 32776);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_set_pbkdf_type(cd, &pbkdf));
EQ_(crypt_get_data_offset(cd), 32760);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
EQ_(cad.size, 8);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
EQ_(crypt_get_data_offset(cd), 8192);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
_cleanup_dmdevices();
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
- OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2+1));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 8*1024*2+1));
/* encryption with datashift and moved segment (data shift + 1 sector) */
OK_(crypt_init(&cd, DMDIR H_DEVICE));
EQ_(crypt_get_data_offset(cd), 8192);
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
_cleanup_dmdevices();
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
- OK_(create_dmdevice_over_loop(L_DEVICE_OK, 12*1024*2));
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 2*8200));
OK_(crypt_init(&cd, DMDIR H_DEVICE));
- /* encryption with datashift and moved segment (data shift + data offset > device size) */
+ /* encryption with datashift and moved segment (data shift + data offset <= device size) */
memset(&rparams, 0, sizeof(rparams));
params2.sector_size = 512;
params2.data_device = DMDIR L_DEVICE_OK;
rparams.resilience = "none";
rparams.max_hotzone_size = 2048;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
rparams.resilience = "none";
rparams.max_hotzone_size = 2048;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ /* decryption forward (online) */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ params2.data_device = NULL;
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
+ OK_(crypt_set_pbkdf_type(cd, &pbkdf));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
+ EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
+ memset(&rparams, 0, sizeof(rparams));
+ rparams.mode = CRYPT_REENCRYPT_DECRYPT;
+ rparams.direction = CRYPT_REENCRYPT_FORWARD;
+ rparams.resilience = "none";
+ rparams.max_hotzone_size = 2048;
+ OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
CRYPT_FREE(cd);
/* decryption with data shift */
rparams.data_shift = r_header_size;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
EQ_(crypt_get_data_offset(cd), 0);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
remove(BACKUP_FILE);
CRYPT_FREE(cd);
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
EQ_(r_size_1, 512);
+ // store devno for later size check
+ OK_(t_get_devno(CDEVICE_2, &devno));
// create placeholder device to block automatic deactivation after decryption
OK_(_system("dmsetup create " CDEVICE_1 " --table \"0 1 linear " DMDIR CDEVICE_2 " 0\"", 1));
remove(BACKUP_FILE);
rparams.data_shift = r_header_size;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
EQ_(crypt_get_data_offset(cd), 0);
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
remove(BACKUP_FILE);
- OK_(t_device_size(DMDIR CDEVICE_2, &r_size_1));
+ OK_(t_device_size_by_devno(devno, &r_size_1));
EQ_(r_size_1, 512);
OK_(_system("dmsetup remove " DM_RETRY CDEVICE_1 DM_NOSTDERR, 0));
CRYPT_FREE(cd);
rparams.luks2 = ¶ms2;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
OK_(crypt_load(cd2, CRYPT_LUKS2, NULL));
rparams.flags = 0;
rparams.max_hotzone_size = 8;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
- /* reencrypt 8 srectors of device */
- test_progress_steps = 1;
- OK_(crypt_reencrypt(cd, &test_progress));
+ /* reencrypt 8 sectors of device */
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
/* activate another data device with same LUKS2 header (this is wrong, but we can't detect such mistake) */
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
/* reencrypt yet another 8 sectors of first device */
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
- test_progress_steps = 1;
- OK_(crypt_reencrypt(cd, &test_progress));
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
/* Now active mapping for second data device does not match its metadata */
OK_(crypt_init_data_device(&cd2, IMAGE_EMPTY_SMALL, DMDIR L_DEVICE_OK));
rparams.flags = 0;
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
- test_progress_steps = 1;
- OK_(crypt_reencrypt(cd, &test_progress));
+ test_progress_steps = 2;
+ OK_(crypt_reencrypt_run(cd, &test_progress, NULL));
EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_CLEAN);
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
OK_(crypt_init_by_name(&cd, CDEVICE_1));
rparams.flags = CRYPT_REENCRYPT_RESUME_ONLY;
OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
EQ_(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS, CRYPT_ACTIVATE_ALLOW_DISCARDS);
EQ_(cad.flags & CRYPT_ACTIVATE_KEYRING_KEY, 0);
EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 3, 9, "aes", "xts-plain64", &rparams));
- OK_(crypt_reencrypt(cd, NULL));
+ OK_(crypt_reencrypt_run(cd, NULL, NULL));
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
OK_(crypt_keyslot_destroy(cd, 9));
OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
- crypt_free(cd);
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+ OK_(create_dmdevice_over_loop(L_DEVICE_OK, 2 * r_header_size));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+
+ params2.data_device = DMDIR L_DEVICE_OK;
+ params2.sector_size = 512;
+
+ /* create detached LUKS2 header (with data_offset == 0) */
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, ¶ms2));
+ EQ_(crypt_get_data_offset(cd), 0);
+ OK_(set_fast_pbkdf(cd));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ CRYPT_FREE(cd);
+
+ /* initiate LUKS2 decryption with datashift on bogus LUKS2 header (data_offset == 0) */
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Illegal data offset");
+ /* reencryption must not initialize */
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+ /* original data device must stay untouched */
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+
+ /* simulate read error at first segment beyond data offset*/
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, r_header_size, 8, ERR_RD));
+
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Could not read first data segment");
+ CRYPT_FREE(cd);
+
+ /* Device must not be in reencryption */
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ /* simulate write error in original LUKS2 header area */
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, 0, 8, ERR_WR));
+
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Could not write first data segment");
+ CRYPT_FREE(cd);
+
+ /* Device must not be in reencryption */
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+ CRYPT_FREE(cd);
+ remove(BACKUP_FILE);
+
+ /* remove error mapping */
+ OK_(dmdevice_error_io(L_DEVICE_OK, DMDIR L_DEVICE_OK, DEVICE_ERROR, 0, 0, 8, ERR_REMOVE));
+
+ /* test various bogus reencryption resilience parameters */
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "checksum", /* should have been datashift-checksum */
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "xts-plain64", NULL, NULL, 64, NULL));
+ EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)));
+ OK_(crypt_header_backup(cd, CRYPT_LUKS2, BACKUP_FILE));
+ CRYPT_FREE(cd);
+
+ OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
+ OK_(crypt_init_data_device(&cd, BACKUP_FILE, DMDIR L_DEVICE_OK));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ /* decryption on device with data offset and no datashift subvariant mode */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "journal"; /* should have been datashift-journal */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_DECRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = 0, /* must be non zero */
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY | CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT
+ };
+
+ /* datashift = 0 */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift-journal";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift"; /* datashift only is not supported in decryption mode with moved segment */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, "aes", "cbc-essiv:sha256", NULL, NULL, 32, ¶ms2));
+ EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
+
+ rparams = (struct crypt_params_reencrypt) {
+ .mode = CRYPT_REENCRYPT_REENCRYPT,
+ .direction = CRYPT_REENCRYPT_FORWARD,
+ .resilience = "datashift-checksum",
+ .hash = "sha256",
+ .data_shift = r_header_size,
+ .flags = CRYPT_REENCRYPT_INITIALIZE_ONLY
+ };
+
+ /* regular reencryption must not accept datashift subvariants */
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ rparams.resilience = "datashift-journal";
+ FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Invalid reencryption params");
+ EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
+
+ CRYPT_FREE(cd);
_cleanup_dmdevices();
}
#endif
+static void LuksKeyslotAdd(void)
+{
+ struct crypt_params_luks2 params = {
+ .sector_size = 512
+ };
+ char key[128], key3[128];
+#ifdef KERNEL_KEYRING
+ int ks;
+ key_serial_t kid;
+#endif
+ const struct crypt_token_params_luks2_keyring tparams = {
+ .key_description = KEY_DESC_TEST0
+ };
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ EQ_(crypt_keyslot_status(cd, 3), CRYPT_SLOT_ACTIVE_LAST);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // test add by volume key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE1, strlen(PASSPHRASE1), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, 0), 0);
+ EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // Add by same passphrase
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um1, 0), 1);
+ EQ_(crypt_keyslot_status(cd, 1), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+
+ // new passphrase can't be provided by key method
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 1, um1, CRYPT_ANY_SLOT, um2, 0), "Can't get passphrase via selected unlock method");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by keyfile
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
+ OK_(prepare_keyfile(KEYFILE2, KEY1, strlen(KEY1)));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 0, um1, 2, um2, 0), 2);
+ EQ_(crypt_keyslot_status(cd, 2), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by same keyfile
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 2, um1, 4, um1, 0), 4);
+ EQ_(crypt_keyslot_status(cd, 4), CRYPT_SLOT_ACTIVE);
+ crypt_keyslot_context_free(um1);
+
+ // keyslot already exists
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 0, um2, 0), "Keyslot already exists.");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // generate new unbound key
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, 9, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 10, um2, CRYPT_VOLUME_KEY_NO_SEGMENT), 10);
+ EQ_(crypt_keyslot_status(cd, 10), CRYPT_SLOT_UNBOUND);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ EQ_(crypt_token_luks2_keyring_set(cd, 3, &tparams), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 3, 1), 3);
+ EQ_(crypt_token_assign_keyslot(cd, 3, 3), 3);
+
+ // test unlocking/adding keyslot by LUKS2 token
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ // passphrase not in keyring
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
+#ifdef KERNEL_KEYRING
+ // wrong passphrase in keyring
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), "No token available.");
+
+ // token unlocks keyslot
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 13, um2, 0), 13);
+ EQ_(crypt_keyslot_status(cd, 13), CRYPT_SLOT_ACTIVE);
+
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // token provides passphrase for new keyslot
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 30, um2, 0), 30);
+ EQ_(crypt_keyslot_status(cd, 30), CRYPT_SLOT_ACTIVE);
+ OK_(crypt_token_is_assigned(cd, 3, 30));
+
+ // unlock and add by same token
+ crypt_keyslot_context_free(um1);
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ ks = crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um1, 0);
+ GE_(ks, 0);
+ EQ_(crypt_keyslot_status(cd, ks), CRYPT_SLOT_ACTIVE);
+ OK_(crypt_token_is_assigned(cd, 3, ks));
+#endif
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void VolumeKeyGet(void)
+{
+ struct crypt_params_luks2 params = {
+ .sector_size = 512
+ };
+ char key[256], key2[256];
+#ifdef KERNEL_KEYRING
+ key_serial_t kid;
+ const struct crypt_token_params_luks2_keyring tparams = {
+ .key_description = KEY_DESC_TEST0
+ };
+#endif
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a"
+ "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1b";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "xts-plain64";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
+
+#ifdef KERNEL_KEYRING
+ kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
+ NOTFAIL_(kid, "Test or kernel keyring are broken.");
+#endif
+
+ // init test devices
+ OK_(get_luks2_offsets(0, 0, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
+ key_size--;
+ FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL), "buffer too small");
+
+ // check cached generated volume key can be retrieved
+ key_size++;
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(crypt_volume_key_verify(cd, key2, key_size));
+ CRYPT_FREE(cd);
+
+ // check we can add keyslot via retrieved key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // check selected volume key can be retrieved and added
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(set_fast_pbkdf(cd));
+ OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ memset(key2, 0, key_size);
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(memcmp(key, key2, key_size));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 0, um2, 0), 0);
+ crypt_keyslot_context_free(um2);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1);
+ crypt_keyslot_context_free(um2);
+#ifdef KERNEL_KEYRING
+ EQ_(crypt_token_luks2_keyring_set(cd, 0, &tparams), 0);
+ EQ_(crypt_token_assign_keyslot(cd, 0, 1), 0);
+#endif
+ crypt_keyslot_context_free(um1);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
+ // check key context is not usable
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL);
+ crypt_keyslot_context_free(um1);
+
+ // by passphrase
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 0, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(um1);
+
+ // by keyfile
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1);
+ crypt_keyslot_context_free(um1);
+
+#ifdef KERNEL_KEYRING
+ // by token
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1);
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(um1);
+#endif
+ CRYPT_FREE(cd);
+
+ _remove_keyfiles();
+ _cleanup_dmdevices();
+}
+
+static int _crypt_load_check(struct crypt_device *cd)
+{
+#ifdef HAVE_BLKID
+ return crypt_load(cd, CRYPT_LUKS, NULL);
+#else
+ return -ENOTSUP;
+#endif
+}
+
static void Luks2Repair(void)
{
char rollback[256];
- snprintf(rollback, sizeof(rollback),
- "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null",
- DEVICE_6);
+ GE_(snprintf(rollback, sizeof(rollback),
+ "dd if=" IMAGE_PV_LUKS2_SEC ".bcp of=%s bs=1M 2>/dev/null", DEVICE_6), 0);
OK_(crypt_init(&cd, DEVICE_6));
- FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
/* check explicit LUKS2 repair works */
/* rollback */
OK_(_system(rollback, 1));
- FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
/* check repair with type detection works */
OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
OK_(crypt_init(&cd, DEVICE_6));
OK_(crypt_metadata_locking(cd, 0));
- FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
FAIL_(crypt_repair(cd, CRYPT_LUKS1, NULL), "Not a LUKS2 device");
/* check explicit LUKS2 repair works */
/* rollback */
OK_(_system(rollback, 1));
- FAIL_(crypt_load(cd, CRYPT_LUKS, NULL), "Ambiguous signature detected");
+ FAIL_(_crypt_load_check(cd), "Ambiguous signature detected");
/* check repair with type detection works */
OK_(crypt_repair(cd, CRYPT_LUKS, NULL));
#if KERNEL_KEYRING && USE_LUKS2_REENCRYPTION
RUN_(Luks2Reencryption, "LUKS2 reencryption");
#endif
+ RUN_(LuksKeyslotAdd, "Adding keyslot via new API");
+ RUN_(VolumeKeyGet, "Getting volume key via keyslot context API");
RUN_(Luks2Repair, "LUKS2 repair"); // test disables metadata locking. Run always last!
_cleanup();
/*
* cryptsetup library API check functions
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <sys/types.h>
#include "api_test.h"
-#include "luks.h"
+#include "luks1/luks.h"
#include "libcryptsetup.h"
-#define DMDIR "/dev/mapper/"
-
#define DEVICE_1_UUID "28632274-8c8a-493f-835b-da802e1c576b"
#define DEVICE_EMPTY_name "crypt_zero"
#define DEVICE_EMPTY DMDIR DEVICE_EMPTY_name
#define KEYFILE2 "key2.file"
#define KEY2 "0123456789abcdef"
-#define PASSPHRASE "blabla"
-#define PASSPHRASE1 "albalb"
+#define PASSPHRASE "blablabl"
+#define PASSPHRASE1 "albalbal"
#define DEVICE_TEST_UUID "12345678-1234-1234-1234-123456789abc"
return -1;
}
- sectors_per_stripes_set = DIV_ROUND_UP(keylength*LUKS_STRIPES, SECTOR_SIZE);
- current_sector = DIV_ROUND_UP_MODULO(DIV_ROUND_UP(LUKS_PHDR_SIZE_B, SECTOR_SIZE),
- LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+ sectors_per_stripes_set = DIV_ROUND_UP(keylength*LUKS_STRIPES, TST_SECTOR_SIZE);
+ current_sector = DIV_ROUND_UP_MODULO(DIV_ROUND_UP(LUKS_PHDR_SIZE_B, TST_SECTOR_SIZE),
+ LUKS_ALIGN_KEYSLOTS / TST_SECTOR_SIZE);
for (i=0; i < (LUKS_NUMKEYS - 1); i++)
current_sector = DIV_ROUND_UP_MODULO(current_sector + sectors_per_stripes_set,
- LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+ LUKS_ALIGN_KEYSLOTS / TST_SECTOR_SIZE);
if (r_header_size)
*r_header_size = current_sector + sectors_per_stripes_set;
current_sector = DIV_ROUND_UP_MODULO(current_sector + sectors_per_stripes_set,
- LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+ LUKS_ALIGN_KEYSLOTS / TST_SECTOR_SIZE);
if (r_payload_offset) {
if (metadata_device)
char cmd[128];
test_loop_file = strdup(THE_LFILE_TEMPLATE);
+ if (!test_loop_file)
+ return 1;
+
if ((fd=mkstemp(test_loop_file)) == -1) {
printf("cannot create temporary file with template %s\n", test_loop_file);
return 1;
}
close(fd);
- snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
- test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ test_loop_file, TST_SECTOR_SIZE, TST_LOOP_FILE_SIZE) < 0)
+ return 1;
if (_system(cmd, 1))
return 1;
close(fd);
tmp_file_1 = strdup(THE_LFILE_TEMPLATE);
+ if (!tmp_file_1)
+ return 1;
+
if ((fd=mkstemp(tmp_file_1)) == -1) {
printf("cannot create temporary file with template %s\n", tmp_file_1);
return 1;
}
close(fd);
- snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
- tmp_file_1, SECTOR_SIZE, 10);
+ if (snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
+ tmp_file_1, TST_SECTOR_SIZE, 10) < 0)
+ return 1;
if (_system(cmd, 1))
return 1;
/* Prepare tcrypt images */
_system("tar xJf tcrypt-images.tar.xz 2>/dev/null", 1);
- _system("modprobe dm-crypt", 0);
- _system("modprobe dm-verity", 0);
+ _system("modprobe dm-crypt >/dev/null 2>&1", 0);
+ _system("modprobe dm-verity >/dev/null 2>&1", 0);
+ _system("modprobe dm-integrity >/dev/null 2>&1", 0);
+
+ if (t_dm_check_versions())
+ return 1;
_fips_mode = fips_mode();
if (_debug)
static void AddDevicePlain(void)
{
struct crypt_params_plain params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
};
int fd;
char key[128], key2[128], path[128];
+ struct crypt_keyslot_context *kc = NULL;
- const char *passphrase = PASSPHRASE;
+ const char *passphrase = "blabla";
// hashed hex version of PASSPHRASE
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t size, r_size;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
FAIL_(crypt_init(&cd, ""), "empty device string");
FAIL_(crypt_init(&cd, DEVICE_WRONG), "nonexistent device name ");
FAIL_(crypt_init(&cd, DEVICE_CHAR), "character device as backing device");
t_device_size(DEVICE_1,&size);
params.hash = NULL;
// zero sectors length
- params.offset = size >> SECTOR_SHIFT;
+ params.offset = size >> TST_SECTOR_SHIFT;
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
EQ_(crypt_get_data_offset(cd),params.offset);
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0), "invalid device size (0 blocks)");
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// data part of crypt device is of 1 sector size
- params.offset = (size >> SECTOR_SHIFT) - 1;
+ params.offset = (size >> TST_SECTOR_SHIFT) - 1;
CRYPT_FREE(cd);
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
- snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);
+ GE_(snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1), 0);
if (t_device_size(path, &r_size) >= 0)
- EQ_(r_size>>SECTOR_SHIFT, 1);
+ EQ_(r_size >> TST_SECTOR_SHIFT, 1);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
// size > device_size
params.offset = 0;
- params.size = (size >> SECTOR_SHIFT) + 1;
+ params.size = (size >> TST_SECTOR_SHIFT) + 1;
crypt_init(&cd, DEVICE_1);
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small");
CRYPT_FREE(cd);
// offset == device_size (autodetect size)
- params.offset = (size >> SECTOR_SHIFT);
+ params.offset = (size >> TST_SECTOR_SHIFT);
params.size = 0;
crypt_init(&cd, DEVICE_1);
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
CRYPT_FREE(cd);
// offset == device_size (user defined size)
- params.offset = (size >> SECTOR_SHIFT);
+ params.offset = (size >> TST_SECTOR_SHIFT);
params.size = 123;
crypt_init(&cd, DEVICE_1);
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
// offset+size > device_size
params.offset = 42;
- params.size = (size >> SECTOR_SHIFT) - params.offset + 1;
+ params.size = (size >> TST_SECTOR_SHIFT) - params.offset + 1;
crypt_init(&cd, DEVICE_1);
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Offset and size are beyond device real size");
// offset+size == device_size
params.offset = 42;
- params.size = (size >> SECTOR_SHIFT) - params.offset;
+ params.size = (size >> TST_SECTOR_SHIFT) - params.offset;
crypt_init(&cd, DEVICE_1);
OK_(crypt_format(cd, CRYPT_PLAIN, cipher, cipher_mode, NULL, NULL, key_size, ¶ms));
OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
if (!t_device_size(path, &r_size))
- EQ_((r_size >> SECTOR_SHIFT),params.size);
+ EQ_((r_size >> TST_SECTOR_SHIFT),params.size);
OK_(crypt_deactivate(cd,CDEVICE_1));
CRYPT_FREE(cd);
- params.hash = "sha1";
+ params.hash = "sha256";
params.offset = 0;
params.size = 0;
params.skip = 0;
// device status check
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
- snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1);
+ GE_(snprintf(path, sizeof(path), "%s/%s", crypt_get_dir(), CDEVICE_1), 0);
fd = open(path, O_RDONLY);
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_BUSY);
FAIL_(crypt_deactivate(cd, CDEVICE_1), "Device is busy");
// crypt_set_data_device
FAIL_(crypt_set_data_device(cd,H_DEVICE),"can't set data device for plain device");
NULL_(crypt_get_metadata_device_name(cd));
+ FAIL_(crypt_header_is_detached(cd), "plain has no header");
// crypt_get_type
OK_(strcmp(crypt_get_type(cd),CRYPT_PLAIN));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
// crypt_resize()
- OK_(crypt_resize(cd,CDEVICE_1,size>>SECTOR_SHIFT)); // same size
+ OK_(crypt_resize(cd, CDEVICE_1, size >> TST_SECTOR_SHIFT)); // same size
if (!t_device_size(path,&r_size))
EQ_(r_size, size);
// size overlaps
FAIL_(crypt_resize(cd, CDEVICE_1, (uint64_t)-1),"Backing device is too small");
- FAIL_(crypt_resize(cd, CDEVICE_1, (size>>SECTOR_SHIFT)+1),"crypt device overlaps backing device");
+ FAIL_(crypt_resize(cd, CDEVICE_1, (size >> TST_SECTOR_SHIFT) + 1),"crypt device overlaps backing device");
// resize ok
OK_(crypt_resize(cd,CDEVICE_1, 123));
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, 123);
+ EQ_(r_size >> TST_SECTOR_SHIFT, 123);
OK_(crypt_resize(cd,CDEVICE_1,0)); // full size (autodetect)
if (!t_device_size(path,&r_size))
EQ_(r_size, size);
// offset tests
OK_(crypt_init(&cd,DEVICE_1));
params.offset = 42;
- params.size = (size>>SECTOR_SHIFT) - params.offset - 10;
+ params.size = (size >> TST_SECTOR_SHIFT) - params.offset - 10;
OK_(crypt_format(cd,CRYPT_PLAIN,cipher,cipher_mode,NULL,NULL,key_size,¶ms));
OK_(crypt_activate_by_volume_key(cd,CDEVICE_1,key,key_size,0));
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, params.size);
+ EQ_(r_size >> TST_SECTOR_SHIFT, params.size);
// resize to fill remaining capacity
OK_(crypt_resize(cd,CDEVICE_1,params.size + 10));
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, params.size + 10);
+ EQ_(r_size >> TST_SECTOR_SHIFT, params.size + 10);
// 1 sector beyond real size
FAIL_(crypt_resize(cd,CDEVICE_1,params.size + 11), "new device size overlaps backing device"); // with respect to offset
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, params.size + 10);
+ EQ_(r_size >> TST_SECTOR_SHIFT, params.size + 10);
GE_(crypt_status(cd,CDEVICE_1),CRYPT_ACTIVE);
fd = open(path, O_RDONLY);
NOTFAIL_(fd, "Bad loop device.");
// resize to minimal size
OK_(crypt_resize(cd,CDEVICE_1, 1)); // minimal device size
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, 1);
+ EQ_(r_size >> TST_SECTOR_SHIFT, 1);
// use size of backing device (autodetect with respect to offset)
OK_(crypt_resize(cd,CDEVICE_1,0));
if (!t_device_size(path,&r_size))
- EQ_(r_size>>SECTOR_SHIFT, (size >> SECTOR_SHIFT)- 42);
+ EQ_(r_size >> TST_SECTOR_SHIFT, (size >> TST_SECTOR_SHIFT)- 42);
OK_(crypt_deactivate(cd,CDEVICE_1));
CRYPT_FREE(cd);
key_size++;
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &kc));
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, kc));
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(kc);
OK_(strcmp(cipher, crypt_get_cipher(cd)));
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
FAIL_(crypt_keyslot_add_by_keyfile(cd,CRYPT_ANY_SLOT,KEYFILE1,strlen(KEY1),KEYFILE2,strlen(KEY2)),"can't add keyslot to plain device");
FAIL_(crypt_keyslot_destroy(cd,1),"can't manipulate keyslots on plain device");
EQ_(crypt_keyslot_status(cd, 0), CRYPT_SLOT_INVALID);
+ FAIL_(crypt_set_label(cd, "label", "subsystem"), "can't set labels for plain device");
+ NULL_(crypt_get_label(cd));
+ NULL_(crypt_get_subsystem(cd));
_remove_keyfiles();
CRYPT_FREE(cd);
static void CallbacksTest(void)
{
struct crypt_params_plain params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
};
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
+ /* skip tests using empty passphrase */
+ if(_fips_mode)
+ return;
+
OK_(get_luks_offsets(0, key_size, 1024*2, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
};
char key[128], key2[128], key3[128];
- const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- const char *mk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size, r_size_1;
struct crypt_pbkdf_type pbkdf;
- crypt_decode_key(key, mk_hex, key_size);
- crypt_decode_key(key3, mk_hex2, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
// init test devices
OK_(get_luks_offsets(1, key_size, 0, 0, &r_header_size, &r_payload_offset));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(t_device_size(DMDIR CDEVICE_1, &r_size_1));
- EQ_(r_size_1, SECTOR_SIZE);
+ EQ_(r_size_1, TST_SECTOR_SIZE);
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// restrict format only to empty context
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+ EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
params.data_alignment = 0;
params.data_device = DEVICE_2;
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(crypt_header_is_detached(cd), 1);
CRYPT_FREE(cd);
params.data_device = NULL;
OK_(crypt_dump(cd));
OK_(!(global_lines != 0));
reset_log();
+ FAIL_(crypt_dump_json(cd, NULL, 0), "LUKS1 not supported");
FAIL_(crypt_set_uuid(cd, "blah"), "wrong UUID format");
OK_(crypt_set_uuid(cd, DEVICE_TEST_UUID));
OK_(strcmp(DEVICE_TEST_UUID, crypt_get_uuid(cd)));
+ FAIL_(crypt_set_label(cd, "label", "subsystem"), "can't set labels for LUKS1 device");
+ NULL_(crypt_get_label(cd));
+ NULL_(crypt_get_subsystem(cd));
+
FAIL_(crypt_deactivate(cd, CDEVICE_2), "not active");
CRYPT_FREE(cd);
// Dirty checks: device without UUID
// we should be able to remove it but not manipulate with it
- snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
"0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
- "%s 2048\"", CDEVICE_2, DEVICE_2);
+ "%s 2048\"", CDEVICE_2, DEVICE_2), 0);
_system(tmp, 1);
OK_(crypt_init_by_name(&cd, CDEVICE_2));
OK_(crypt_deactivate(cd, CDEVICE_2));
CRYPT_FREE(cd);
// Dirty checks: device with UUID but LUKS header key fingerprint must fail)
- snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
+ GE_(snprintf(tmp, sizeof(tmp), "dmsetup create %s --table \""
"0 100 crypt aes-cbc-essiv:sha256 deadbabedeadbabedeadbabedeadbabe 0 "
"%s 2048\" -u CRYPT-LUKS1-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-ctest1",
- CDEVICE_2, DEVICE_2);
+ CDEVICE_2, DEVICE_2), 0);
_system(tmp, 1);
OK_(crypt_init_by_name(&cd, CDEVICE_2));
OK_(crypt_deactivate(cd, CDEVICE_2));
.data_alignment = 2048, // 4M, data offset will be 4096
};
struct crypt_params_plain pl_params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
};
char key[128], key2[128], cmd[256];
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_5), "Header corrupted");
OK_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER));
// wipe valid luks header
- snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=%" PRIu64 " 2>/dev/null", r_payload_offset);
+ GE_(snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=%" PRIu64 " 2>/dev/null", r_payload_offset), 0);
OK_(_system(cmd, 1));
FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_1), "Header corrupted");
FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_2), "Header corrupted");
.data_alignment = 2048,
};
struct crypt_params_plain pl_params = {
- .hash = "sha1",
+ .hash = "sha256",
.skip = 0,
.offset = 0,
.size = 0
};
char key[128], cmd[256];
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size;
uint64_t mdata_size, keyslots_size;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
// prepare test env
OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, &r_header_size, &r_payload_offset));
// prepared header on a device too small to contain header and payload
//OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, 2050 - 1)); //FIXME
- //snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%" PRIu64, r_payload_offset - 1);
- snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%d 2>/dev/null", 2050 - 1);
+ //GE_(snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%" PRIu64, r_payload_offset - 1), 0);
+ GE_(snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%d 2>/dev/null", 2050 - 1), 0);
OK_(_system(cmd, 1));
// some device
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// repeat with init with two devices
OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
OK_(!crypt_get_metadata_device_name(cd));
EQ_(strcmp(DMDIR H_DEVICE, crypt_get_metadata_device_name(cd)), 0);
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// bad header: device too small (payloadOffset > device_size)
FAIL_(crypt_set_metadata_size(cd, 0x004000, 0x004000), "Wrong context type");
OK_(crypt_get_metadata_size(cd, &mdata_size, &keyslots_size));
EQ_(mdata_size, LUKS_ALIGN_KEYSLOTS);
- EQ_(keyslots_size, r_header_size * SECTOR_SIZE - mdata_size);
+ EQ_(keyslots_size, r_header_size * TST_SECTOR_SIZE - mdata_size);
CRYPT_FREE(cd);
// load should be ok
OK_(crypt_init(&cd, DMDIR L_DEVICE_0S));
char key[128];
int fd, ro = O_RDONLY;
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset;
const char *passphrase = PASSPHRASE;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(0, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
// exercise luksOpen using backup header in file
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
+ EQ_(1, crypt_header_is_detached(cd));
CRYPT_FREE(cd);
OK_(crypt_init(&cd, BACKUP_FILE));
};
char key[128];
- const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
- size_t key_size = strlen(mk_hex) / 2;
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
const char *cipher = "aes";
const char *cipher_mode = "cbc-essiv:sha256";
uint64_t r_payload_offset, r_header_size, r_size;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
// prepare env
OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_resize(cd, CDEVICE_1, 42));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(42, r_size >> SECTOR_SHIFT);
+ EQ_(42, r_size >> TST_SECTOR_SHIFT);
// autodetect encrypted device area size
OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
OK_(crypt_resize(cd, CDEVICE_1, 666));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(666, r_size >> SECTOR_SHIFT);
+ EQ_(666, r_size >> TST_SECTOR_SHIFT);
// autodetect encrypted device size
OK_(crypt_resize(cd, CDEVICE_1, 0));
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
if (!t_device_size(DMDIR CDEVICE_1, &r_size))
- EQ_(1000, r_size >> SECTOR_SHIFT);
+ EQ_(1000, r_size >> TST_SECTOR_SHIFT);
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
};
size_t key_size;
- const char *mk_hex, *keystr;
+ const char *vk_hex, *keystr;
char key[256];
OK_(crypt_init(&cd, DEVICE_1));
// hash PLAIN, exact key
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
- mk_hex = "caffeecaffeecaffeecaffeecaffee88";
+ vk_hex = "caffeecaffeecaffeecaffeecaffee88";
key_size = 16;
- crypt_decode_key(key, mk_hex, key_size);
+ crypt_decode_key(key, vk_hex, key_size);
OK_(prepare_keyfile(KEYFILE1, key, key_size));
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
// Limit plain key
- mk_hex = "caffeecaffeecaffeecaffeeca000000";
+ vk_hex = "caffeecaffeecaffeecaffeeca000000";
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size - 3, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
_remove_keyfiles();
// hash PLAIN, long key
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
- mk_hex = "caffeecaffeecaffeecaffeecaffee88babebabe";
+ vk_hex = "caffeecaffeecaffeecaffeecaffee88babebabe";
key_size = 16;
- crypt_decode_key(key, mk_hex, key_size);
- OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2));
+ crypt_decode_key(key, vk_hex, key_size);
+ OK_(prepare_keyfile(KEYFILE1, key, strlen(vk_hex) / 2));
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- FAIL_(strcmp(key, mk_hex), "only key length used");
- OK_(strncmp(key, mk_hex, key_size));
+ FAIL_(strcmp(key, vk_hex), "only key length used");
+ OK_(strncmp(key, vk_hex, key_size));
OK_(crypt_deactivate(cd, CDEVICE_1));
// Now without explicit limit
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- FAIL_(strcmp(key, mk_hex), "only key length used");
- OK_(strncmp(key, mk_hex, key_size));
+ FAIL_(strcmp(key, vk_hex), "only key length used");
+ OK_(strncmp(key, vk_hex, key_size));
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
// Handling of legacy "plain" hash (no hash)
params.hash = "plain";
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
- mk_hex = "aabbcaffeecaffeecaffeecaffeecaff";
+ vk_hex = "aabbcaffeecaffeecaffeecaffeecaff";
key_size = 16;
- crypt_decode_key(key, mk_hex, key_size);
- OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2));
+ crypt_decode_key(key, vk_hex, key_size);
+ OK_(prepare_keyfile(KEYFILE1, key, strlen(vk_hex) / 2));
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, ¶ms));
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, ¶ms));
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
- mk_hex = "c62e4615bd39e222572f3a1bf7c2132e";
+ vk_hex = "c62e4615bd39e222572f3a1bf7c2132e";
keystr = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
key_size = strlen(keystr); // 32
OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr)));
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
// Read full keyfile
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
_remove_keyfiles();
OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr)));
OK_(crypt_activate_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, key_size, 0));
OK_(get_key_dm(CDEVICE_1, key, sizeof(key)));
- OK_(strcmp(key, mk_hex));
+ OK_(strcmp(key, vk_hex));
OK_(crypt_deactivate(cd, CDEVICE_1));
// Full keyfile
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_out, &root_hash_out_size, NULL, 0));
EQ_(32, root_hash_out_size);
OK_(memcmp(root_hash, root_hash_out, root_hash_out_size));
+ memset(root_hash_out, 0, root_hash_out_size);
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, root_hash_out, &root_hash_out_size, NULL));
+ EQ_(32, root_hash_out_size);
+ OK_(memcmp(root_hash, root_hash_out, root_hash_out_size));
OK_(crypt_deactivate(cd, CDEVICE_1));
/* hash fail */
const char *tcrypt_dev = "tcrypt-images/tck_5-sha512-xts-aes";
const char *tcrypt_dev2 = "tcrypt-images/tc_5-sha512-xts-serpent-twofish-aes";
size_t key_size = 64;
- char key[key_size], key_def[key_size];
+ char key[64], key_def[64];
const char *key_hex =
"98dee64abe44bbf41d171c1f7b3e8eacda6d6b01f459097459a167f8c2872a96"
"3979531d1cdc18af62757cf22286f16f8583d848524f128d7594ac2082668c73";
key_size++;
OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0));
OK_(memcmp(key, key_def, key_size));
+ memset(key, 0, key_size);
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key, &key_size, NULL));
+ OK_(memcmp(key, key_def, key_size));
reset_log();
OK_(crypt_dump(cd));
GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "Need crypt_load");
+ FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key, &key_size, NULL), "Need crypt_load");
// check params after init_by_name
OK_(strcmp("xts-plain64", crypt_get_cipher_mode(cd)));
EQ_(crypt_status(NULL, CDEVICE_1 "_1"), CRYPT_INACTIVE);
}
+static void ResizeIntegrity(void)
+{
+ struct crypt_params_integrity params = {
+ .tag_size = 4,
+ .integrity = "crc32c",
+ .sector_size = 4096,
+ };
+ int ret;
+ uint64_t r_size, whole_device_size = 0;
+
+ if (!t_dm_integrity_resize_support()) {
+ printf("WARNING: integrity device resize not supported, skipping test.\n");
+ return;
+ }
+
+ OK_(crypt_init(&cd, DEVICE_2));
+ ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms);
+ if (ret < 0) {
+ printf("WARNING: cannot format integrity device, skipping test.\n");
+ CRYPT_FREE(cd);
+ return;
+ }
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, 0));
+ t_device_size(DMDIR CDEVICE_1, &whole_device_size);
+ // shrink the device
+ OK_(crypt_resize(cd, CDEVICE_1, 1024 * 1024 / 512));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1024 * 1024 / 512, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ // fill the whole device again (size = 0)
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(whole_device_size, r_size);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // detached metadata
+ OK_(create_dmdevice_over_loop(H_DEVICE, 1024 * 1024 / 512));
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DEVICE_2));
+ OK_(crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &whole_device_size))
+ EQ_(10 * 1024 * 1024 / 512, whole_device_size >> TST_SECTOR_SHIFT);
+ // shrink the device
+ OK_(crypt_resize(cd, CDEVICE_1, 1024 * 1024 / 512));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1024 * 1024 / 512, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ // fill the whole device again (size = 0)
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(whole_device_size, r_size);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void ResizeIntegrityWithKey(void)
+{
+ struct crypt_params_integrity params = {
+ .tag_size = 4,
+ .integrity = "hmac(sha256)",
+ .journal_integrity = "hmac(sha256)",
+ .journal_crypt = "cbc(aes)",
+ .sector_size = 4096,
+ };
+ int ret;
+ uint64_t r_size, whole_device_size = 0;
+
+ const char *key_integrity_hex = "41b06f3968ff10783edf3dd8c31d0d6e";
+ const char *key_journal_integrity_hex = "9a3f924d03ab4a3307b148f844628f59";
+ const char *key_journal_crypt_hex = "087a6943383f6c344cef03695b4f7277";
+
+ char integrity_key[128], journal_integrity_key[128], journal_crypt_key[128];
+
+ size_t integrity_key_size = strlen(key_integrity_hex) / 2;
+ size_t journal_integrity_key_size = strlen(key_journal_integrity_hex) / 2;
+ size_t journal_crypt_key_size = strlen(key_journal_crypt_hex) / 2;
+
+ crypt_decode_key(integrity_key, key_integrity_hex, integrity_key_size);
+ crypt_decode_key(journal_integrity_key, key_journal_integrity_hex, journal_integrity_key_size);
+ crypt_decode_key(journal_crypt_key, key_journal_crypt_hex, journal_crypt_key_size);
+
+ params.integrity_key_size = integrity_key_size;
+
+ params.journal_integrity_key_size = journal_integrity_key_size;
+ params.journal_integrity_key = journal_integrity_key;
+
+ params.journal_crypt_key_size = journal_crypt_key_size;
+ params.journal_crypt_key = journal_crypt_key;
+
+ if (!t_dm_integrity_resize_support()) {
+ printf("WARNING: integrity device resize not supported, skipping test.\n");
+ return;
+ }
+
+ OK_(crypt_init(&cd, DEVICE_2));
+ ret = crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms);
+ if (ret < 0) {
+ printf("WARNING: cannot format integrity device, skipping test.\n");
+ CRYPT_FREE(cd);
+ return;
+ }
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, integrity_key, integrity_key_size, 0));
+ t_device_size(DMDIR CDEVICE_1, &whole_device_size);
+ // shrink the device
+ OK_(crypt_resize(cd, CDEVICE_1, 1024*1024/512));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1024*1024/512, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ // fill the whole device again (size = 0)
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(whole_device_size, r_size);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ // detached metadata
+ OK_(create_dmdevice_over_loop(H_DEVICE, 1024 * 1024 / 512));
+ OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DEVICE_2));
+ OK_(crypt_format(cd,CRYPT_INTEGRITY,NULL,NULL,NULL,NULL,0,¶ms));
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, integrity_key, integrity_key_size, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &whole_device_size))
+ EQ_(10*1024*1024/512, whole_device_size >> TST_SECTOR_SHIFT);
+ // shrink the device
+ OK_(crypt_resize(cd, CDEVICE_1, 1024*1024/512));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(1024*1024/512, r_size >> TST_SECTOR_SHIFT);
+ FAIL_(crypt_resize(cd, CDEVICE_1, 1001), "Device too small");
+ // fill the whole device again (size = 0)
+ OK_(crypt_resize(cd, CDEVICE_1, 0));
+ if (!t_device_size(DMDIR CDEVICE_1, &r_size))
+ EQ_(whole_device_size, r_size);
+ GE_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
static void IntegrityTest(void)
{
struct crypt_params_integrity params = {
.integrity = "crc32c",
.sector_size = 4096,
}, ip = {};
+ struct crypt_active_device cad;
int ret;
// FIXME: this should be more detailed
EQ_(ip.interleave_sectors, params.interleave_sectors);
EQ_(ip.journal_size, params.journal_size);
EQ_(ip.journal_watermark, params.journal_watermark);
+ EQ_(ip.integrity_key_size, 0);
OK_(strcmp(ip.integrity,params.integrity));
FAIL_(crypt_set_uuid(cd,DEVICE_1_UUID),"can't set uuid to integrity device");
CRYPT_FREE(cd);
EQ_(ip.tag_size, params.tag_size);
OK_(strcmp(ip.integrity,params.integrity));
OK_(strcmp(CRYPT_INTEGRITY,crypt_get_type(cd)));
+
+ if (t_dm_integrity_recalculate_support()) {
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, 0);
+ OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_REFRESH | CRYPT_ACTIVATE_RECALCULATE));
+ OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+ EQ_(cad.flags & CRYPT_ACTIVATE_RECALCULATE, CRYPT_ACTIVATE_RECALCULATE);
+ }
+
OK_(crypt_deactivate(cd, CDEVICE_1));
CRYPT_FREE(cd);
}
+static void WipeTest(void)
+{
+ OK_(crypt_init(&cd, NULL));
+ FAIL_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 4096, 0, 0, NULL, NULL), "No device");
+ FAIL_(crypt_wipe(cd, DEVICE_WRONG, CRYPT_WIPE_ZERO, 0, 4096, 0, 0, NULL, NULL), "Wrong device");
+ OK_(crypt_wipe(cd, DEVICE_1, CRYPT_WIPE_ZERO, 0, 4096, 0, 0, NULL, NULL));
+ OK_(crypt_wipe(cd, DEVICE_1, CRYPT_WIPE_RANDOM, 0, 4096, 0, 0, NULL, NULL));
+ OK_(crypt_wipe(cd, DEVICE_1, CRYPT_WIPE_RANDOM, 0, 4096, 0, CRYPT_WIPE_NO_DIRECT_IO, NULL, NULL));
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DEVICE_1));
+ OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_ZERO, 0, 4096, 0, 0, NULL, NULL));
+ OK_(crypt_wipe(cd, NULL, CRYPT_WIPE_RANDOM, 0, 4096, TST_SECTOR_SIZE, 0, NULL, NULL));
+ FAIL_(crypt_wipe(cd, NULL, CRYPT_WIPE_RANDOM, 0, 4096, TST_SECTOR_SIZE-1, 0, NULL, NULL), "Sector size");
+ FAIL_(crypt_wipe(cd, NULL, CRYPT_WIPE_RANDOM, 0, 4096 - 1, 0, 0, NULL, NULL), "Length size not aligned");
+ FAIL_(crypt_wipe(cd, NULL, CRYPT_WIPE_RANDOM, 1, 4096, 0, 0, NULL, NULL), "Offset not aligned");
+ CRYPT_FREE(cd);
+}
+
+static void LuksKeyslotAdd(void)
+{
+ enum { OFFSET_1M = 2048 , OFFSET_2M = 4096, OFFSET_4M = 8192, OFFSET_8M = 16384 };
+ struct crypt_params_luks1 params = {
+ .hash = "sha512",
+ .data_alignment = OFFSET_1M, // 4M, data offset will be 4096
+ };
+ struct crypt_pbkdf_type min_pbkdf2 = {
+ .type = "pbkdf2",
+ .hash = "sha256",
+ .iterations = 1000,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+ };
+ char key[128], key3[128];
+
+ const char *passphrase = PASSPHRASE, *passphrase2 = "nsdkFI&Y#.sd";
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ const char *vk_hex2 = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1e";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+ crypt_decode_key(key3, vk_hex2, key_size);
+
+ // init test devices
+ OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, NULL, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // test add by volume key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase2, strlen(passphrase2), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, 0), 0);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // Add by same passphrase
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um1, 0), 1);
+ crypt_keyslot_context_free(um1);
+
+ // new passphrase can't be provided by key method
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase, strlen(passphrase), &um1));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 1, um1, CRYPT_ANY_SLOT, um2, 0), "Can't get passphrase via selected unlock method");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by keyfile
+ OK_(prepare_keyfile(KEYFILE1, passphrase2, strlen(passphrase2)));
+ OK_(prepare_keyfile(KEYFILE2, KEY1, strlen(KEY1)));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, 0, um1, 2, um2, 0), 2);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // add by same keyfile
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 4, um1, 0), 4);
+ crypt_keyslot_context_free(um1);
+
+ // keyslot already exists
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, passphrase2, strlen(passphrase2), &um1));
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 3, um1, 0, um2, 0), "Keyslot already exists.");
+ crypt_keyslot_context_free(um2);
+
+ // flags not supported with LUKS1
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, CRYPT_ANY_SLOT, um2, CRYPT_VOLUME_KEY_NO_SEGMENT), "Not supported with LUKS1.");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ // LUKS2 token not supported
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1));
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, 2, um1, CRYPT_ANY_SLOT, um2, 0), "Not supported with LUKS1.");
+ EQ_(crypt_keyslot_context_get_error(um2), -EINVAL);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE2, 0, 0, &um1));
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um2));
+ FAIL_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um2, CRYPT_ANY_SLOT, um1, 0), "Not supported with LUKS1.");
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+
+ CRYPT_FREE(cd);
+
+ _cleanup_dmdevices();
+}
+
+static void VolumeKeyGet(void)
+{
+ struct crypt_params_luks1 params = {
+ .hash = "sha512",
+ .data_alignment = 2048, // 2M, data offset will be 2048
+ };
+ struct crypt_pbkdf_type min_pbkdf2 = {
+ .type = "pbkdf2",
+ .hash = "sha256",
+ .iterations = 1000,
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
+ };
+ char key[128], key2[128];
+
+ const char *vk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
+ size_t key_size = strlen(vk_hex) / 2;
+ const char *cipher = "aes";
+ const char *cipher_mode = "cbc-essiv:sha256";
+ uint64_t r_payload_offset;
+ struct crypt_keyslot_context *um1, *um2;
+
+ crypt_decode_key(key, vk_hex, key_size);
+
+ OK_(prepare_keyfile(KEYFILE1, PASSPHRASE1, strlen(PASSPHRASE1)));
+
+ // init test devices
+ OK_(get_luks_offsets(0, key_size, params.data_alignment, 0, NULL, &r_payload_offset));
+ OK_(create_dmdevice_over_loop(H_DEVICE, r_payload_offset + 1));
+
+ // test support for embedded key (after crypt_format)
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ key_size--;
+ FAIL_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL), "buffer too small");
+
+ // check cached generated volume key can be retrieved
+ key_size++;
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(crypt_volume_key_verify(cd, key2, key_size));
+ CRYPT_FREE(cd);
+
+ // check we can add keyslot via retrieved key
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 3, um2, 0), 3);
+ crypt_keyslot_context_free(um1);
+ crypt_keyslot_context_free(um2);
+ CRYPT_FREE(cd);
+
+ // check selected volume key can be retrieved and added
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_set_pbkdf_type(cd, &min_pbkdf2));
+ OK_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, ¶ms));
+ memset(key2, 0, key_size);
+ OK_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, NULL));
+ OK_(memcmp(key, key2, key_size));
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key2, key_size, &um1));
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 0, um2, 0), 0);
+ crypt_keyslot_context_free(um2);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um2));
+ EQ_(crypt_keyslot_add_by_keyslot_context(cd, CRYPT_ANY_SLOT, um1, 1, um2, 0), 1);
+ crypt_keyslot_context_free(um2);
+ crypt_keyslot_context_free(um1);
+ CRYPT_FREE(cd);
+
+ OK_(crypt_init(&cd, DMDIR H_DEVICE));
+ OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+ // check key context is not usable
+ OK_(crypt_keyslot_context_init_by_volume_key(cd, key, key_size, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL);
+ crypt_keyslot_context_free(um1);
+
+ // check token context is not usable
+ OK_(crypt_keyslot_context_init_by_token(cd, CRYPT_ANY_TOKEN, NULL, NULL, 0, NULL, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), -EINVAL);
+ crypt_keyslot_context_free(um1);
+
+ // by passphrase
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_passphrase(cd, PASSPHRASE, strlen(PASSPHRASE), &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 0, key2, &key_size, um1), 0);
+ OK_(memcmp(key, key2, key_size));
+ crypt_keyslot_context_free(um1);
+
+ // by keyfile
+ memset(key2, 0, key_size);
+ OK_(crypt_keyslot_context_init_by_keyfile(cd, KEYFILE1, 0, 0, &um1));
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, CRYPT_ANY_SLOT, key2, &key_size, um1), 1);
+ OK_(memcmp(key, key2, key_size));
+ memset(key2, 0, key_size);
+ EQ_(crypt_volume_key_get_by_keyslot_context(cd, 1, key2, &key_size, um1), 1);
+ crypt_keyslot_context_free(um1);
+ CRYPT_FREE(cd);
+
+ _remove_keyfiles();
+ _cleanup_dmdevices();
+}
+
// Check that gcrypt is properly initialised in format
static void NonFIPSAlg(void)
{
RUN_(VerityTest, "DM verity");
RUN_(TcryptTest, "Tcrypt API");
RUN_(IntegrityTest, "Integrity API");
+ RUN_(ResizeIntegrity, "Integrity raw resize");
+ RUN_(ResizeIntegrityWithKey, "Integrity raw resize with key");
+ RUN_(WipeTest, "Wipe device");
+ RUN_(LuksKeyslotAdd, "Adding keyslot via new API");
+ RUN_(VolumeKeyGet, "Getting volume key via keyslot context API");
_cleanup();
return 0;
/*
* cryptsetup library API check functions
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
- * Copyright (C) 2016-2021 Ondrej Kozina
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ * Copyright (C) 2016-2023 Ondrej Kozina
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
int t_dm_crypt_keyring_support(void);
int t_dm_crypt_cpu_switch_support(void);
int t_dm_crypt_discard_support(void);
+int t_dm_integrity_resize_support(void);
+int t_dm_integrity_recalculate_support(void);
+int t_dm_capi_string_supported(void);
+int t_set_readahead(const char *device, unsigned value);
int fips_mode(void);
#define CRYPT_FREE(x) do { crypt_free(x); x = NULL; } while (0)
-#define SECTOR_SHIFT 9L
-#define SECTOR_SIZE 512
-#define TST_LOOP_FILE_SIZE (((1<<20)*100)>>SECTOR_SHIFT)
+/* to silent clang -Wcast-align when working with byte arrays */
+#define VOIDP_CAST(x) (x)(void*)
+
+#define DMDIR "/dev/mapper/"
+
+#define TST_SECTOR_SHIFT 9L
+#define TST_SECTOR_SIZE 512
+#define TST_LOOP_FILE_SIZE (((1 << 20) * 100) >> TST_SECTOR_SHIFT)
#define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d))
#define DIV_ROUND_UP_MODULO(n,d) (DIV_ROUND_UP(n,d)*(d))
#define T_DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */
#define T_DM_KERNEL_KEYRING_SUPPORTED (1 << 11) /* dm-crypt allows loading kernel keyring keys */
#define T_DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */
-//FIXME add T_DM_SECTOR_SIZE once we have version
+#define T_DM_SECTOR_SIZE_SUPPORTED (1 << 13) /* support for sector size setting in dm-crypt/dm-integrity */
+#define T_DM_CAPI_STRING_SUPPORTED (1 << 14) /* support for cryptoapi format cipher definition */
+#define T_DM_DEFERRED_SUPPORTED (1 << 15) /* deferred removal of device */
+#define T_DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */
+#define T_DM_INTEGRITY_BITMAP_SUPPORTED (1 << 17) /* dm-integrity bitmap mode supported */
+#define T_DM_GET_TARGET_VERSION_SUPPORTED (1 << 18) /* dm DM_GET_TARGET version ioctl supported */
+#define T_DM_INTEGRITY_FIX_PADDING_SUPPORTED (1 << 19) /* supports the parameter fix_padding that fixes a bug that caused excessive padding */
+#define T_DM_BITLK_EBOIV_SUPPORTED (1 << 20) /* EBOIV for BITLK supported */
+#define T_DM_BITLK_ELEPHANT_SUPPORTED (1 << 21) /* Elephant diffuser for BITLK supported */
+#define T_DM_VERITY_SIGNATURE_SUPPORTED (1 << 22) /* Verity option root_hash_sig_key_desc supported */
+#define T_DM_INTEGRITY_DISCARDS_SUPPORTED (1 << 23) /* dm-integrity discards/TRIM option is supported */
+#define T_DM_INTEGRITY_RESIZE_SUPPORTED (1 << 23) /* dm-integrity resize of the integrity device supported (introduced in the same version as discards)*/
+#define T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED (1 << 24) /* dm-verity panic on corruption */
+#define T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED (1 << 25) /* dm-crypt suppot for bypassing workqueues */
+#define T_DM_INTEGRITY_FIX_HMAC_SUPPORTED (1 << 26) /* hmac covers also superblock */
+#define T_DM_INTEGRITY_RESET_RECALC_SUPPORTED (1 << 27) /* dm-integrity automatic recalculation supported */
+#define T_DM_VERITY_TASKLETS_SUPPORTED (1 << 28) /* dm-verity tasklets supported */
/* loop helpers */
int loop_device(const char *loop);
int autoclear, int *readonly);
int loop_detach(const char *loop);
+int t_device_size_by_devno(dev_t devno, uint64_t *retval);
+int t_get_devno(const char *dev, dev_t *devno);
+
+typedef enum { ERR_RD = 0, ERR_WR, ERR_RW, ERR_REMOVE } error_io_info;
+
+int dmdevice_error_io(const char *dm_name,
+ const char *dm_device,
+ const char *error_device,
+ uint64_t data_offset,
+ uint64_t offset,
+ uint64_t length,
+ error_io_info ei);
+
#endif
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
TST_DIR=bitlk-images
MAP=bitlktst
+DUMP_VK_FILE=bitlk-test-vk
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
CRYPTSETUP_LIB_VALGRIND=../.libs
function remove_mapping()
{
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
+ rm -rf $TST_DIR
}
function fail()
{
[ -n "$1" ] && echo "$1"
echo "Test skipped."
+ remove_mapping
exit 77
}
function load_vars()
{
- local file=$(echo $1 | sed -e s/^$TST_DIR\\/// | sed -e s/\.img$//)
- source <(grep = <(grep -A8 "\[$file\]" $TST_DIR/images.conf))
+ local file=$(echo $1 | sed -e s/^$TST_DIR\\/// | sed -e s/\.img$//)
+ source <(grep = <(grep -A8 "\[$file\]" $TST_DIR/images.conf))
}
function check_dump()
{
- dump=$1
- file=$2
-
- # load variables for this image from config file
- load_vars $file
-
- # GUID
- dump_guid=$(echo "$dump" | grep Version -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ")
- [ ! -z "$GUID" -a "$dump_guid" = "$GUID" ] || fail " GUID check from dump failed."
-
- # cipher
- dump_cipher=$(echo "$dump" | grep "Cipher name" | cut -d: -f2 | tr -d "\t\n ")
- dump_mode=$(echo "$dump" | grep "Cipher mode" | cut -d: -f2 | tr -d "\t\n ")
- cipher=$(echo "$dump_cipher-$dump_mode")
- [ ! -z "$CIPHER" -a "$cipher" = "$CIPHER" ] || fail " cipher check from dump failed."
-
- if echo "$file" | grep -q -e "smart-card"; then
- # smart card protected VMK GUID
- dump_sc_vmk=$(echo "$dump" | grep "VMK protected with smart card" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
- [ ! -z "$SC_VMK_GUID" -a "$dump_sc_vmk" = "$SC_VMK_GUID" ] || fail " smart card protected VMK GUID check from dump failed."
+ dump=$1
+ file=$2
+
+ # load variables for this image from config file
+ load_vars $file
+
+ # volume size
+ dump_size=$(echo "$dump" | grep "Volume size:" | cut -d: -f2 | tr -d "\t\n ")
+ [ "$dump_size" = "104857600[bytes]" -o "$dump_size" = "134217728[bytes]" ] || fail " volume size check from dump failed."
+
+ # description
+ dump_desc=$(echo "$dump" | grep Description: | cut -d: -f2 | tr -d "\t\n ")
+ [ "${dump_desc:0:7}" = "DESKTOP" -o "${dump_desc:0:3}" = "WIN" ] || fail " Description check from dump failed."
+
+ # GUID
+ dump_guid=$(echo "$dump" | grep Version -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ")
+ [ ! -z "$GUID" -a "$dump_guid" = "$GUID" ] || fail " GUID check from dump failed."
+
+ # cipher
+ dump_cipher=$(echo "$dump" | grep "Cipher name" | cut -d: -f2 | tr -d "\t\n ")
+ dump_mode=$(echo "$dump" | grep "Cipher mode" | cut -d: -f2 | tr -d "\t\n ")
+ cipher=$(echo "$dump_cipher-$dump_mode")
+ [ ! -z "$CIPHER" -a "$cipher" = "$CIPHER" ] || fail " cipher check from dump failed."
+
+ if echo "$file" | grep -q -e "smart-card"; then
+ # smart card protected VMK GUID
+ dump_sc_vmk=$(echo "$dump" | grep "VMK protected with smart card" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$SC_VMK_GUID" -a "$dump_sc_vmk" = "$SC_VMK_GUID" ] || fail " smart card protected VMK GUID check from dump failed."
elif echo "$file" | grep -q -e "startup-key"; then
- # startup key protected VMK GUID
- dump_sk_vmk=$(echo "$dump" | grep "VMK protected with startup key" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
- [ ! -z "$SK_VMK_GUID" -a "$dump_sk_vmk" = "$SK_VMK_GUID" ] || fail " startup key protected VMK GUID check from dump failed."
- else
- # password protected VMK GUID
- dump_pw_vmk=$(echo "$dump" | grep "VMK protected with passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
- [ ! -z "$PW_VMK_GUID" -a "$dump_pw_vmk" = "$PW_VMK_GUID" ] || fail " password protected VMK GUID check from dump failed."
- fi
-
- # recovery password protected VMK GUID
- dump_rp_vmk=$(echo "$dump" | grep "VMK protected with recovery passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
- [ ! -z "$RP_VMK_GUID" -a "$dump_rp_vmk" = "$RP_VMK_GUID" ] || fail " recovery password protected VMK GUID check from dump failed."
+ # startup key protected VMK GUID
+ dump_sk_vmk=$(echo "$dump" | grep "VMK protected with startup key" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$SK_VMK_GUID" -a "$dump_sk_vmk" = "$SK_VMK_GUID" ] || fail " startup key protected VMK GUID check from dump failed."
+ else
+ # password protected VMK GUID
+ dump_pw_vmk=$(echo "$dump" | grep "VMK protected with passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$PW_VMK_GUID" -a "$dump_pw_vmk" = "$PW_VMK_GUID" ] || fail " password protected VMK GUID check from dump failed."
+ fi
+
+ # recovery password protected VMK GUID
+ dump_rp_vmk=$(echo "$dump" | grep "VMK protected with recovery passphrase" -B 1 | head -1 | cut -d: -f2 | tr -d "\t ")
+ [ ! -z "$RP_VMK_GUID" -a "$dump_rp_vmk" = "$RP_VMK_GUID" ] || fail " recovery password protected VMK GUID check from dump failed."
}
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
}
export LANG=C
-[ ! -d $TST_DIR ] && tar xJSf $srcdir/bitlk-images.tar.xz --no-same-owner
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ ! -d $TST_DIR ] && tar xJSf $srcdir/bitlk-images.tar.xz --no-same-owner 2>/dev/null || skip "Incompatible tar."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
for file in $(ls $TST_DIR/bitlk-*) ; do
echo -n " $file"
out=$($CRYPTSETUP bitlkDump $file)
- check_dump "$out" "$file"
+ check_dump "$out" "$file"
echo " [OK]"
done
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run activation part of test, test skipped."
+ remove_mapping
exit 0
fi
-remove_mapping
-
echo "ACTIVATION FS UUID CHECK"
for file in $(ls $TST_DIR/bitlk-*) ; do
# load variables for this image from config file
- load_vars $file
+ load_vars $file
# test with both passphrase and recovery passphrase
for PASSPHRASE in $PW $RP ; do
[ $ret -eq 0 ] || fail " failed to open $file ($ret)"
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
- uuid=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
$CRYPTSETUP remove $MAP || fail
[ "$uuid" = "$UUID" ] || fail " UUID check failed."
echo " [OK]"
done
+ # test with volume key
+ rm -f $DUMP_VK_FILE >/dev/null 2>&1
+ echo -n " $file"
+ echo $PASSPHRASE | $CRYPTSETUP bitlkDump -r $file --dump-volume-key --volume-key-file $DUMP_VK_FILE >/dev/null 2>&1
+ ret=$?
+ [ $ret -eq 0 ] || fail " failed to dump volume key"
+ $CRYPTSETUP bitlkOpen -r $file $MAP --volume-key-file $DUMP_VK_FILE >/dev/null 2>&1
+ ret=$?
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "aes-cbc-elephant" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "clearkey" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "eow" ) && echo " [N/A]" && continue
+ [ $ret -eq 1 ] && ( echo "$file" | grep -q -e "-4k.img" ) && echo " [N/A]" && continue
+ [ $ret -eq 0 ] || fail " failed to open $file using volume key ($ret)"
+ $CRYPTSETUP status $MAP >/dev/null || fail
+ $CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
+ uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
+ sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
+ $CRYPTSETUP remove $MAP || fail
+ [ "$uuid" = "$UUID" ] || fail " UUID check failed."
+ [ "$sha256sum" = "$SHA256SUM" ] || fail " SHA256 sum check failed."
+ echo " [OK]"
+ rm -f $DUMP_VK_FILE >/dev/null 2>&1
+
# startup key test -- we need to use BEK file from the archive
if echo "$file" | grep -q -e "startup-key"; then
echo -n " $file"
[ $ret -eq 0 ] || fail " failed to open $file ($ret)"
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
- uuid=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ uuid=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
sha256sum=$(sha256sum /dev/mapper/$MAP | cut -d" " -f1)
$CRYPTSETUP remove $MAP || fail
[ "$uuid" = "$UUID" ] || fail " UUID check failed."
fi
done
+
+remove_mapping
+exit 0
local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then
sleep .1
_tries=$((_tries-1))
fi
done
- test ! -b "$1" || rmmod scsi_debug
+ test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
}
cleanup() {
{
echo "TEST SKIPPED: $1"
cleanup
- exit 0
+ exit 77
}
add_device() {
- modprobe scsi_debug $@ delay=0
+ rmmod scsi_debug >/dev/null 2>&1
+ if [ -d /sys/module/scsi_debug ] ; then
+ skip "Cannot use scsi_debug module (in use or compiled-in)."
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
+ skip "This kernel seems to not support proper scsi_debug module."
fi
+ grep -q scsi_debug /sys/block/*/device/model || sleep 2
DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
DEV="/dev/$DEV"
[ -b $DEV ] || fail "Cannot find $DEV."
run_all_in_fs() {
for file in $(ls img_fs_*.img.xz) ; do
- echo "Run tests in $file put on top block device."
- xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
- [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
- mount $DEV $MNT_DIR
- if [ $? -ne 0 ]; then
- echo "Mounting image $file failed, skipped."
- continue;
- fi
- rm -rf $MNT_DIR/* 2>/dev/null
- local tfile=$MNT_DIR/bwunit_tstfile
- falloc $DEVSIZEMB $tfile || fail "enospc?"
- local iobsize=$(stat -c "%o" $tfile)
- test -n "$iobsize" -a $iobsize -gt 0 || fail
- local oldbsize=$BSIZE
- BSIZE=$iobsize
- run_all $tfile
- BSIZE=$oldbsize
- umount $MNT_DIR
+ echo "Run tests in $file put on top block device."
+ xz -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"
+ [ ! -d $MNT_DIR ] && mkdir $MNT_DIR
+ mount $DEV $MNT_DIR
+ if [ $? -ne 0 ]; then
+ echo "Mounting image $file failed, skipped."
+ continue;
+ fi
+ rm -rf $MNT_DIR/* 2>/dev/null
+ local tfile=$MNT_DIR/bwunit_tstfile
+ falloc $DEVSIZEMB $tfile || fail "enospc?"
+ local iobsize=$(stat -c "%o" $tfile)
+ test -n "$iobsize" -a $iobsize -gt 0 || fail
+ local oldbsize=$BSIZE
+ BSIZE=$iobsize
+ run_all $tfile
+ BSIZE=$oldbsize
+ umount $MNT_DIR
done
}
_fsize=$(stat -c "%s" $_dev)
}
- case "$_res" in
- P)
+ case "$_res" in
+ P)
MSG="Testing $_fn on $_type with params $@ [expecting TRUE]..."
$BW_UNIT $_dev $_fn $@
if [ $? -ne 0 ]; then
else
MSG="$MSG[OK]"
fi
- ;;
- F)
+ ;;
+ F)
MSG="Testing $_fn on $_type with params $@ [expecting FALSE]..."
$BW_UNIT $_dev $_fn $@ 2> /dev/null
if [ $? -eq 0 ]; then
else
MSG="$MSG[OK]"
fi
- ;;
- *)
- fail "Internal test error"
- ;;
- esac
+ ;;
+ *)
+ fail "Internal test error"
+ ;;
+ esac
trunc_file $_fsize $_dev
}
RUN "$BD_FAIL" $1 write_lseek_blockwise $((BSIZE+1)) $BSIZE $((DEVSIZE-BSIZE))
}
-[ -n "$CRYPTSETUP_PATH" ] && skip "Cannot run this test with CRYPTSETUP_PATH set."
-
-which $STRACE > /dev/null 2>&1 || unset STRACE
+command -v $STRACE >/dev/null || unset STRACE
test -x $BW_UNIT || skip "Run \"make `basename $BW_UNIT`\" first"
FAILS=0
--- /dev/null
+#!/bin/bash
+
+PS4='$LINENO:'
+[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+TEST_UUID="12345678-1234-1234-1234-123456789abc"
+
+TFILE=test-args.out
+
+function cleanup()
+{
+ rm -f $TFILE 2> /dev/null
+}
+
+function fail()
+{
+ [ -n "$1" ] && echo "$1"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ cleanup
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ echo "Test skipped."
+ cleanup
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+function xxx()
+{
+ $CRYPTSETUP --test-args $@ > $TFILE 2>&1
+ local ret=$?
+
+ grep -q -e ": unknown option\|Argument <action> missing" $TFILE && {
+ echo "'$CRYPTSETUP --test-args $@' command:"
+ cat $TFILE
+ fail "Probably typo in test"
+ }
+ test $ret -ne 0 || fail
+}
+
+function exp_fail()
+{
+ # xxx $@
+ $CRYPTSETUP --test-args $@ 2>/dev/null && fail
+}
+
+function exp_pass()
+{
+ $CRYPTSETUP --test-args $@ >/dev/null || fail
+}
+
+export LANG=C
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+
+# initial test constructed according to current cryptsetup content
+echo "[1] Current state"
+exp_fail resize NAME --test-passphrase
+exp_fail close NAME --test-passphrase
+exp_pass open DEV NAME --test-passphrase --type bitlk
+exp_pass open DEV NAME --test-passphrase --type luks
+exp_pass open DEV NAME --test-passphrase --type luks1
+exp_pass open DEV NAME --test-passphrase --type luks2
+exp_fail open DEV NAME --test-passphrase --type plain
+
+exp_fail open DEV NAME --deferred
+exp_pass close NAME --deferred
+
+exp_pass open DEV NAME --type plain --shared
+exp_fail open DEV NAME --type luks1 --shared
+exp_fail close NAME --shared
+
+exp_pass open DEV NAME --allow-discards
+exp_fail close NAME --allow-discards
+
+exp_fail close NAME --persistent
+exp_pass open DEV NAME --persistent
+exp_fail open DEV NAME --persistent --test-passphrase
+
+exp_fail luksFormat DEV --serialize-memory-hard-pbkdf
+exp_pass open DEV NAME --serialize-memory-hard-pbkdf
+
+exp_pass reencrypt DEV --key-size 32
+exp_fail reencrypt DEV --key-size 31
+exp_fail reencrypt DEV --key-size -32
+exp_pass luksFormat DEV --key-size 32
+exp_fail luksFormat DEV --key-size 31
+exp_fail luksFormat DEV --key-size -32
+exp_pass open DEV NAME --key-size 32 # --type plain -c aes-xts-plain64
+exp_fail open DEV NAME --key-size 31 # --type plain -c aes-xts-plain64
+exp_pass benchmark --key-size 32
+exp_fail benchmark --key-size 31
+exp_pass luksAddKey DEV --key-size 32 # --unbound
+exp_fail luksAddKey DEV --key-size 31 # --unbound
+
+exp_fail close NAME --key-size 32
+exp_fail luksUUID DEV --key-size 32
+
+# bug
+# exp_fail luksFormat DEV --type luks1 --integrity hmac-sha256
+exp_pass luksFormat DEV --type luks2 --integrity hmac-sha256
+exp_fail open DEV NAME --integrity hmac-sha256
+
+exp_pass luksFormat DEV --type luks2 --integrity hmac-sha256 --integrity-no-wipe
+exp_fail luksFormat DEV --type luks2 --integrity-no-wipe
+# bug
+# exp_fail luksFormat DEV --type luks1 --integrity hmac-sha256 --integrity-no-wipe
+exp_fail open DEV NAME --integrity-no-wipe
+exp_fail open DEV NAME --integrity-no-wipe --integrity hmac-sha256
+
+exp_pass luksFormat --label L --subsystem S DEV # --type luks2
+exp_pass luksFormat --label L DEV # --type luks2
+exp_pass luksFormat --subsystem S DEV # --type luks2
+exp_pass config --label L --subsystem S DEV
+exp_pass config --label L DEV
+exp_pass config --subsystem S DEV
+# bug
+#exp_fail luksFormat --label L --subsystem S DEV --type luks1
+#exp_fail luksFormat --label L DEV --type luks1
+#exp_fail luksFormat --subsystem S DEV --type luks1
+exp_fail open DEV NAME --label L --subsystem S
+exp_fail open DEV NAME --label L
+exp_fail open DEV NAME --subsystem S
+
+exp_fail luksFormat DEV -S-2
+# bug
+# exp_fail luksFormat DEV -S-1
+
+# prob. many bug: accepts --[new-]keyfile-size w/o --[new-]key-file
+exp_pass luksFormat DEV --keyfile-size 42 --key-file F
+exp_fail luksFormat DEV --keyfile-size -1 --key-file F
+# bug (is it? e.g. empty passphrase)
+# exp_fail luksFormat DEV --keyfile-size 0
+exp_pass luksAddKey DEV --keyfile-size 42 --key-file F --new-keyfile-size 42 NF
+exp_fail luksAddKey DEV --new-keyfile-size -42 NF
+exp_fail luksAddKey DEV --keyfile-size 42 --key-file F --new-keyfile-size -42 NF
+exp_fail luksFormat DEV --keyfile-size -1 --key-file F
+# bug (is it? e.g. empty passphrase)
+# exp_fail luksFormat DEV --keyfile-size 0
+
+exp_fail open DEV NAME --key-file F0 --key-file F1
+exp_pass open DEV NAME --key-file F0 --key-file F1 --type tcrypt
+
+# why? (luksAddKey fail)
+exp_fail luksAddKey DEV --use-random
+exp_fail luksAddKey DEV --use-urandom
+exp_fail luksAddKey DEV --use-urandom --use-random
+exp_fail luksFormat DEV --use-urandom --use-random
+exp_pass luksFormat DEV --use-random
+exp_pass luksFormat DEV --use-urandom
+
+exp_fail open DEV NAME --uuid $TEST_UUID
+exp_pass luksFormat DEV --uuid $TEST_UUID
+exp_pass luksUUID DEV --uuid $TEST_UUID
+
+exp_fail open DEV NAME --align-payload 8192
+exp_fail open DEV NAME --align-payload 8292 --type plain
+exp_pass luksFormat DEV --align-payload 8192
+exp_fail luksFormat DEV --align-payload 8192 --offset 16384
+exp_fail luksFormat DEV --align-payload 8192 --offset 8192
+
+exp_fail resize NAME --luks2-metadata-size 16k
+exp_fail resize NAME --luks2-keyslots-size 16m
+exp_pass luksFormat DEV --luks2-keyslots-size 16m
+exp_pass luksFormat DEV --luks2-metadata-size 16k
+exp_pass reencrypt DEV --luks2-keyslots-size 16m
+exp_pass reencrypt DEV --luks2-metadata-size 16k
+
+exp_fail luksFormat DEV --skip 8192
+exp_fail open DEV NAME --skip 8192
+exp_pass open DEV NAME --skip 8192 --type plain
+exp_pass open DEV NAME --skip 8192 --type loopaes
+
+exp_fail resize NAME --offset 8292
+exp_pass luksFormat DEV --offset 16384
+exp_fail open DEV NAME --offset 16384
+exp_pass open DEV NAME --offset 16384 --type plain
+exp_pass open DEV NAME --offset 16384 --type loopaes
+
+exp_fail open DEV NAME --tcrypt-hidden
+exp_fail open DEV NAME --tcrypt-system
+exp_fail open DEV NAME --tcrypt-backup
+# bug
+# exp_fail open DEV NAME --tcrypt-hidden --tcrypt-system --tcrypt-backup --type tcrypt
+exp_pass open DEV NAME --tcrypt-hidden --type tcrypt
+exp_pass open DEV NAME --tcrypt-backup --type tcrypt
+exp_pass open DEV NAME --tcrypt-system --type tcrypt
+exp_pass tcryptDump DEV NAME --tcrypt-hidden --type tcrypt
+exp_pass tcryptDump DEV NAME --tcrypt-backup --type tcrypt
+exp_pass tcryptDump DEV NAME --tcrypt-system --type tcrypt
+exp_fail tcryptDump DEV NAME --allow-discards --tcrypt-hidden --type tcrypt
+
+# bug
+# exp_fail close NAME --type tcrypt --veracrypt
+exp_fail open DEV NAME --veracrypt
+exp_pass open DEV NAME --type tcrypt --veracrypt
+exp_pass open DEV NAME --type tcrypt --veracrypt --veracrypt-pim 1
+exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -2
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-pim 1
+exp_fail open DEV NAME --type tcrypt --veracrypt --veracrypt-pim -1
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim
+exp_fail open DEV NAME --type tcrypt --disable-veracrypt --veracrypt-query-pim --veracrypt-pim 1
+exp_fail open DEV NAME --disable-veracrypt --veracrypt-query-pim
+
+# bug
+# exp_fail open DEV NAME --priority normal
+exp_fail config DEV --priority normal
+exp_fail config DEV -S1 --priority norma
+exp_pass config DEV -S1 --priority normal
+exp_pass config DEV -S1 --priority ignore
+exp_pass config DEV -S1 --priority prefer
+
+# bug
+# exp_fail open DEV NAME --pbkdf argon2i
+exp_fail luksFormat DEV --pbkdf blah
+exp_pass luksFormat DEV --pbkdf argon2i
+exp_pass luksFormat DEV --pbkdf pbkdf2
+exp_pass luksFormat DEV --pbkdf argon2id
+exp_fail luksFormat DEV --type luks2 --pbkdf-force-iterations 4 -i1
+exp_fail luksFormat DEV --type luks1 --pbkdf-force-iterations 1001 -i1
+
+exp_fail open DEV NAME --sector-size 1024
+exp_pass open DEV NAME --type plain --sector-size 1024
+# bug
+# exp_fail luksFormat DEV --sector-size 0
+exp_fail luksFormat DEV --sector-size 511
+exp_fail luksFormat DEV --sector-size 8192
+exp_pass reencrypt DEV --sector-size 1024
+exp_pass luksFormat DEV --sector-size 1024
+
+exp_fail luksFormat DEV --iv-large-sectors
+exp_fail open DEV --type tcrypt --iv-large-sectors
+exp_fail open DEV --type plain --iv-large-sectors --sector-size 512
+exp_pass open DEV --type plain --iv-large-sectors --sector-size 1024
+
+exp_fail luksAddKey DEV --unbound
+exp_fail luksAddKey DEV --unbound --key-size 0
+exp_pass luksAddKey DEV --unbound --key-size 8
+exp_pass luksDump DEV --unbound -S5
+exp_fail luksDump DEV --unbound
+exp_pass open DEV --unbound --test-passphrase
+exp_pass open DEV --unbound --test-passphrase -S5
+exp_fail open DEV --unbound NAME
+exp_fail open DEV --unbound -S5 NAME
+
+exp_fail resize NAME --refresh
+exp_fail open DEV NAME --test-passphrase --refresh
+exp_pass open DEV NAME --refresh
+exp_pass refresh DEV NAME
+exp_fail refresh DEV NAME --test-passphrase
+
+# bug
+# exp_fail luksFormat DEV --reduce-device-size 64m
+exp_fail reencrypt DEV --reduce-device-size 2G # max 1g
+exp_fail reencrypt DEV --reduce-device-size $((64*1024*1024+1))
+exp_fail reencrypt DEV --reduce-device-size -64m
+exp_pass reencrypt DEV --reduce-device-size 64m
+exp_fail reencrypt DEV --reduce-device-size 64m --device-size 100g
+# bugs
+# exp_fail open DEV --decrypt --header H
+# exp_fail open DEV --encrypt
+# exp_fail open DEV NAME --device-size 32m
+# exp_fail open DEV NAME --size 100
+exp_pass open DEV NAME --device-size 32m --type plain
+exp_fail open DEV NAME --device-size $((32*1024*1024+1)) --type plain
+exp_pass open DEV NAME --size 100 --type plain
+exp_fail open DEV NAME --size 100 --device-size $((512*100)) --type plain
+exp_fail reencrypt DEV --device-size $((32*1024*1024+1))
+exp_pass reencrypt DEV --device-size 32m
+
+exp_fail luksFormat DEV NAME --keyslot-cipher ks
+exp_fail luksFormat DEV NAME --keyslot-key-size 32
+exp_pass luksFormat DEV NAME --keyslot-cipher ks --keyslot-key-size 32
+# bugs
+# exp_fail open DEV NAME --keyslot-cipher ks --keyslot-key-size 32
+# exp_fail luksFormat --type luks1 DEV NAME --keyslot-cipher ks --keyslot-key-size 32
+
+cleanup
+exit 0
CRYPTSETUP_VALGRIND=../.libs/cryptsetup
CRYPTSETUP_LIB_VALGRIND=../.libs
+DIFFER=./differ
DEV_NAME=dummy
DEV_NAME2=dummy2
DEV_NAME3=dummy3
TEST_UUID="12345678-1234-1234-1234-123456789abc"
LOOPDEV=$(losetup -f 2>/dev/null)
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
function remove_mapping()
{
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME >/dev/null 2>&1
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $VK_FILE missing-file >/dev/null 2>&1
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
scsi_debug_teardown $DEV
}
function can_fail_fips()
{
- # Ignore this fail if running in FIPS mode
+ # Ignore this fail if running in FIPS mode
fips_mode || fail $1
}
{
[ -n "$1" ] && echo "$1"
remove_mapping
- [ -z "$2" ] && exit $2
+ [ -n "$2" ] && exit $2
exit 77
}
if [ ! -e $KEY1 ]; then
#dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
- echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1
- echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1
+ echo -n $'\x48\xc6\x74\x4f\x41\x4e\x50\xc0\x79\xc2\x2d\x5b\x5f\x68\x84\x17' >$KEY1
+ echo -n $'\x9c\x03\x5e\x1b\x4d\x0f\x9a\x75\xb3\x90\x70\x32\x0a\xf8\xae\xc4'>>$KEY1
fi
if [ ! -e $KEY2 ]; then
{
sync
[ -z "$1" ] && return
- ./differ $ORIG_IMG $IMG $1 || fail
+ $DIFFER $ORIG_IMG $IMG $1 || fail
}
function check_exists()
local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then
sleep .1
_tries=$((_tries-1))
fi
done
- test ! -b "$1" || rmmod scsi_debug 2> /dev/null
+ test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
}
function add_scsi_device() {
scsi_debug_teardown $DEV
- modprobe scsi_debug $@ delay=0
- if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
- fi
-
- sleep 1
- DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
- [ -b $DEV ] || fail "Cannot find $DEV."
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "This kernel seems to not support proper scsi_debug module, test skipped."
+ exit 77
+ fi
+
+ sleep 1
+ DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+ [ -b $DEV ] || fail "Cannot find $DEV."
}
function valgrind_setup()
{
[ -n "$VALG" ] || return
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
CRYPTSETUP=valgrind_run
}
export LANG=C
+
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
valgrind_setup
# LUKS non-root-tests
echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -d $KEY1 || fail
$CRYPTSETUP luksDump $IMG | grep -q "Key Slot 0: ENABLED" || fail
$CRYPTSETUP luksDump $IMG | grep -q $TEST_UUID || fail
+echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-volume-key 2>/dev/null && fail
echo $PWDW | $CRYPTSETUP luksDump $IMG --dump-master-key 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-volume-key | grep -q "MK dump:" || fail
echo $PWD1 | $CRYPTSETUP luksDump $IMG --dump-master-key | grep -q "MK dump:" || fail
-$CRYPTSETUP luksDump -q $IMG --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
+$CRYPTSETUP luksDump -q $IMG --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail
echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE >/dev/null || fail
-echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $IMG || fail
+rm -f $VK_FILE
+echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail
+echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $IMG || fail
echo "[10] uuid"
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --uuid $TEST_UUID $IMG || fail
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
+[ ! -x "$DIFFER" ] && skip "Cannot find $DIFFER, test skipped."
# LUKS root-tests
prepare "[1] open - compat image - acceptance check" new
echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
check_exists
-ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
-[ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
+ORG_SHA256=$(sha256sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+[ "$ORG_SHA256" = 7428e8f2436882a07eb32765086f5c899474c08b5576f556b573d2aabdf923e8 ] || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# Check it can be opened from header backup as well
$CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
# Repeat for V1.0 header - not aligned first keyslot
+if [ ! fips_mode ] ; then
echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
check_exists
ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
check_exists
$CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
prepare "[2] open - compat image - denial check" new
echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ "$tst"x = "$TEST_UUID"x ] || fail
prepare "[16] luksFormat" wipe
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
-$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
+$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# open by UUID
-force_uevent # some systems do not update loop by-uuid
-$CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
-$CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
-$CRYPTSETUP -q luksClose $DEV_NAME || fail
+if [ -d /dev/disk/by-uuid ] ; then
+ force_uevent # some systems do not update loop by-uuid
+ $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
+ $CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
+# skip tests using empty passphrase
+if [ ! fips_mode ]; then
# empty keyfile
$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEYE || fail
$CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
# open by volume key
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 $LOOPDEV || fail
-$CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
-$CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 $LOOPDEV || fail
+$CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP luksOpen --volume-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# unsupported pe-keyslot encryption
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-cipher "aes-cbc-plain" $LOOPDEV 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT -s 128 --keyslot-key-size 256 $LOOPDEV 2>/dev/null && fail
prepare "[17] AddKey volume key, passphrase and keyfile" wipe
-# masterkey
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
+# volumekey
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
-echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
+echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 3 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
-$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
# keyfile/keyfile
-$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
# passphrase/keyfile
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
# passphrase/passphrase
-echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
# keyfile/passphrase
-echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail
+echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
prepare "[18] RemoveKey passphrase and keyfile" reuse
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: DISABLED" || fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
-$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 3 2>/dev/null || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
$CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
prepare "[19] create & status & resize" wipe
echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
$CRYPTSETUP -q status $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
$CRYPTSETUP -q status $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
$CRYPTSETUP -q status $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME >/dev/null && fail
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 $LOOPDEV || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 --size 100 $LOOPDEV || fail
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
# 4k sector resize (if kernel supports it)
-echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1
+echo $PWD1 | $CRYPTSETUP -q open --type plain --hash sha256 $LOOPDEV $DEV_NAME --sector-size 4096 --size 8 >/dev/null 2>&1
if [ $? -eq 0 ] ; then
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail
$CRYPTSETUP -q resize $DEV_NAME --size 16 || fail
fi
# Resize not aligned to logical block size
add_scsi_device dev_size_mb=32 sector_size=4096
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV || fail
OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
$CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
test $OLD_SIZE -eq $NEW_SIZE || fail
$CRYPTSETUP close $DEV_NAME || fail
# Add check for unaligned plain crypt activation
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV -b 7 2>/dev/null && fail
$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
# verify is ignored on non-tty input
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --verify-passphrase 2>/dev/null || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
-echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail
-$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
-echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE > /dev/null || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail
+echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key | grep -q "MK dump:" || fail
+$CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail
+echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE > /dev/null || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $LOOPDEV || fail
prepare "[22] remove disappeared device" wipe
dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail
prepare "[23] ChangeKey passphrase and keyfile" wipe
# [0]$KEY1 [1]key0
$CRYPTSETUP -q luksFormat --type luks1 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
# keyfile [0] / keyfile [0]
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail
# passphrase [1] / passphrase [1]
dmsetup remove --retry $DEV_NAME2
prepare "[25] Create shared segments" wipe
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --offset 0 --size 256 || fail
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --offset 0 --size 256 || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 --shared || fail
$CRYPTSETUP -q remove $DEV_NAME2 || fail
$CRYPTSETUP -q remove $DEV_NAME || fail
prepare "[26] Suspend/Resume" wipe
# only LUKS is supported
-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
$CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP -q remove $DEV_NAME || fail
[ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
+# skip tests using empty passphrase
+if [ ! fips_mode ]; then
echo | $CRYPTSETUP -q luksFormat -c null $FAST_PBKDF_OPT --type luks1 $LOOPDEV || fail
echo | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksSuspend $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
echo | $CRYPTSETUP luksResume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
-prepare "[27] luksOpen with specified key slot number" wipe
+prepare "[27] luksOpen/luksResume with specified key slot number" wipe
# first, let's try passphrase option
echo $PWD3 | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT -S 5 $LOOPDEV || fail
check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
check_exists
+$CRYPTSETUP luksSuspend $DEV_NAME || fail
+echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
+echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
-echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
+echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles
$CRYPTSETUP luksFormat --type luks1 -q -S 5 -d $KEY5 $LOOPDEV || fail
check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists
+$CRYPTSETUP luksSuspend $DEV_NAME || fail
+$CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
+$CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
$CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
+# fix ecb-plain
+$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY1 --hash sha256 -c aes-ecb || fail
+echo -n "ecb-xxx" | dd of=$LOOPDEV bs=1 seek=40 >/dev/null 2>&1
+$CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
+$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
+$CRYPTSETUP luksClose $DEV_NAME || fail
+# fix uppercase hash
+echo -n "SHA256" | dd of=$LOOPDEV bs=1 seek=72 >/dev/null 2>&1
+$CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
+$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
+$CRYPTSETUP luksClose $DEV_NAME || fail
prepare "[30] LUKS erase" wipe
$CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV $KEY5 --key-slot 5 || fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksErase -q $LOOPDEV || fail
$CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
$CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
- dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
- $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
- $CRYPTSETUP close $DEV_NAME2 || fail
- $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
+ $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
+ $CRYPTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
+ $CRYPTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
+ $CRYPTSETUP close $DEV_NAME2 || fail
+ $CRYPTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
else
- $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1
- $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1
+ $CRYPTSETUP close $DEV_NAME2 >/dev/null 2>&1
+ $CRYPTSETUP close $DEV_NAME >/dev/null 2>&1
fi
# Interactive tests
# Do not remove sleep 0.1 below, the password query flushes TTY buffer (so the code is racy).
-which expect >/dev/null 2>&1 || skip "WARNING: expect tool missing, interactive test will be skipped." 0
+command -v expect >/dev/null || skip "WARNING: expect tool missing, interactive test will be skipped." 0
prepare "[32] Interactive password retry from terminal." new
EXPECT_DEV=$(losetup $LOOPDEV | sed -e "s/.*(\(.*\))/\1/")
-EXPECT_TIMEOUT=10
-[ -n "$VALG" ] && EXPECT_TIMEOUT=60
+EXPECT_TIMEOUT=60
expect_run - >/dev/null <<EOF
proc abort {} { send_error "Timeout. "; exit 2 }
send "$PWD1\n"
expect timeout abort "Command successful."
expect timeout abort eof
-eval spawn $CRYPTSETUP_RAW luksOpen $FAST_PBKDF_OPT -v $LOOPDEV --test-passphrase
+eval spawn $CRYPTSETUP_RAW luksOpen -v $LOOPDEV --test-passphrase
expect timeout abort "Enter passphrase"
sleep 0.1
send "$PWD1\n"
EOF
[ $? -eq 0 ] || fail "Expect script failed."
+prepare "[41] New luksAddKey options." file
+rm -f $VK_FILE
+echo "$PWD1" | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF_OPT $IMG || fail
+echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail
+
+# pass pass
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail
+echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail
+
+# pass file
+echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail
+$CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail
+
+# file pass
+echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail
+echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail
+
+# file file
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail
+$CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail
+
+# vk pass
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail
+echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail
+
+# vk file
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail
+$CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail
+
remove_mapping
exit 0
TEST_UUID="12345678-1234-1234-1234-123456789abc"
LOOPDEV=$(losetup -f 2>/dev/null)
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
function remove_mapping()
{
[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
unset TEST_KEYRING
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
scsi_debug_teardown $DEV
}
function can_fail_fips()
{
- # Ignore this fail if running in FIPS mode
+ # Ignore this fail if running in FIPS mode
fips_mode || fail $1
}
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
}
function test_and_prepare_keyring() {
- which keyctl > /dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
+ command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped"
keyctl list "@s" > /dev/null || skip "Current session keyring is unreachable, test skipped"
TEST_KEYRING=$(keyctl newring $TEST_KEYRING_NAME "@u" 2> /dev/null)
test -n "$TEST_KEYRING" || skip "Failed to create keyring in user keyring"
else
HAVE_KEYRING=0
fi
+ if $($CRYPTSETUP --version | grep -q "BLKID"); then
+ HAVE_BLKID=1
+ else
+ HAVE_BLKID=0
+ fi
$CRYPTSETUP close $DEV_NAME || fail
}
local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then
sleep .1
_tries=$((_tries-1))
fi
done
- test ! -b "$1" || rmmod scsi_debug 2> /dev/null
+ test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
}
function add_scsi_device() {
scsi_debug_teardown $DEV
- modprobe scsi_debug $@ delay=0
- if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
- fi
-
- sleep 1
- DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
- [ -b $DEV ] || fail "Cannot find $DEV."
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "This kernel seems to not support proper scsi_debug module, test skipped."
+ exit 77
+ fi
+
+ sleep 1
+ DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+ [ -b $DEV ] || fail "Cannot find $DEV."
}
export LANG=C
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."
prepare "[4] format using hash sha512" wipe
echo $PWD1 | $CRYPTSETUP $FAST_PBKDF_OPT -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat --type luks2 $LOOPDEV || fail
$CRYPTSETUP -q luksDump $LOOPDEV | grep "0: pbkdf2" -A2 | grep "Hash:" | grep -qe sha512 || fail
+# Check JSON dump for some mandatory section
+$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata | grep -q '"tokens":' || fail
prepare "[5] open"
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
[ "$tst"x = "$TEST_UUID"x ] || fail
prepare "[16] luksFormat" wipe
-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom --type luks2 $LOOPDEV || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom --type luks2 $LOOPDEV -d $KEY1 || fail
-$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom --type luks2 $LOOPDEV -d $KEY1 || fail
+$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --volume-key-file /dev/urandom -s 256 --uuid $TEST_UUID --type luks2 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
# open by UUID
-force_uevent # some systems do not update loop by-uuid
-$CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
-$CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
-$CRYPTSETUP -q luksClose $DEV_NAME || fail
+if [ -d /dev/disk/by-uuid ] ; then
+ force_uevent # some systems do not update loop by-uuid
+ $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
+ $CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
+# skip tests using empty passphrases
+if [ ! fips_mode ]; then
# empty keyfile
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEYE || fail
$CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
+fi
+
# open by volume key
-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --master-key-file $KEY1 --type luks2 $LOOPDEV || fail
-$CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
-$CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -s 256 --volume-key-file $KEY1 --type luks2 $LOOPDEV || fail
+$CRYPTSETUP luksOpen --volume-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP luksOpen --volume-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
prepare "[17] AddKey volume key, passphrase and keyfile" wipe
-# masterkey
-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
+# volumekey
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --volume-key-file /dev/zero --key-slot 3 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail
-echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
+echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 4 || fail
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/null --key-slot 5 2>/dev/null && fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --volume-key-file /dev/zero --key-slot 5 $KEY1 || fail
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 3 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2" || fail
-$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
# keyfile/keyfile
-$CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 4 || fail
$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "4: luks2" || fail
# passphrase/keyfile
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 --key-slot 0 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
# passphrase/passphrase
-echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-slot 1 || fail
echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
# keyfile/passphrase
-echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 3 || fail
+echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 8 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" || fail
prepare "[18] RemoveKey passphrase and keyfile" reuse
add_scsi_device dev_size_mb=32 sector_size=4096
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $DEV || fail
echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
-OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
+OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') #'
echo $PWD1 | $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
-NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
+NEW_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/') #'
test $OLD_SIZE -eq $NEW_SIZE || fail
$CRYPTSETUP close $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -d $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
-echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail
-$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
+echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-volume-key | grep -q "MK dump:" || fail
+$CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key -d $KEY1 | grep -q "MK dump:" || fail
echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE >/dev/null || fail
-echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key --master-key-file $VK_FILE 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE $LOOPDEV || fail
+rm -f $VK_FILE
+echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail
+echo $PWD1 | $CRYPTSETUP luksDump -q $LOOPDEV --dump-volume-key --volume-key-file $VK_FILE 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE $LOOPDEV || fail
# Use volume key file without keyslots
$CRYPTSETUP luksErase -q $LOOPDEV || fail
-$CRYPTSETUP luksOpen --master-key-file $VK_FILE --key-size 256 --test-passphrase $LOOPDEV || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --master-key-file $VK_FILE --key-size 256 $LOOPDEV || fail
+$CRYPTSETUP luksOpen --volume-key-file $VK_FILE --key-size 256 --test-passphrase $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --volume-key-file $VK_FILE --key-size 256 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP luksOpen --test-passphrase $LOOPDEV || fail
prepare "[22] remove disappeared device" wipe
prepare "[23] ChangeKey passphrase and keyfile" wipe
# [0]$KEY1 [1]key0
-$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
+$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --key-size 256 --luks2-keyslots-size 256k >/dev/null || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 --key-slot 1 || fail
# keyfile [0] / keyfile [0]
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 --key-slot 0 || fail
# passphrase [1] / passphrase [1]
echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT --key-slot 1 || fail
-# keyfile [0] / keyfile [new]
+# keyfile [0] / keyfile [new] - with LUKS2 it should stay
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 || fail
-$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
# passphrase [1] / passphrase [new]
echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
-$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" && fail
-# use all slots
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT || fail
-# still allows replace
-#FIXME
-#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
-#$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2" && fail
+# test out of raw area, change in-place (space only for 2 keyslots)
+$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 || fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "0: luks2" || fail
+$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY1 $KEY2 2>/dev/null && fail
prepare "[24] Keyfile limit" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME || fail
$CRYPTSETUP -q luksClose $DEV_NAME || fail
-prepare "[27] luksOpen with specified key slot number" wipe
+prepare "[27] luksOpen/Resume with specified key slot number" wipe
# first, let's try passphrase option
echo $PWD3 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT -S 5 --type luks2 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
check_exists
+$CRYPTSETUP luksSuspend $DEV_NAME || fail
+echo $PWD3 | $CRYPTSETUP luksResume -S 4 $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
+echo $PWD3 | $CRYPTSETUP luksResume -S 5 $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
-echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
+echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 0 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# second, try it with keyfiles
$CRYPTSETUP -q luksFormat -q -S 5 $FAST_PBKDF_OPT -d $KEY5 --type luks2 $LOOPDEV || fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
check_exists
+$CRYPTSETUP luksSuspend $DEV_NAME || fail
+$CRYPTSETUP luksResume -S 1 -d $KEY5 $DEV_NAME 2>/dev/null && fail
+$CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" || fail
+$CRYPTSETUP luksResume -S 5 -d $KEY5 $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
$CRYPTSETUP luksOpen -S 1 -d $KEY5 $LOOPDEV $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
# otoh it should be allowed to test for proper passphrase
prepare "" new
echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
-echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail
+echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail
echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
[ -b /dev/mapper/$DEV_NAME ] && fail
echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0
$CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail
echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
-echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail
+echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail
echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
prepare "[28] Detached LUKS header" wipe
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 8192 || fail
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 4096 >/dev/null || fail
$CRYPTSETUP luksDump $HEADER_IMG | grep -e "0: crypt" -A1 | grep -qe $((4096*512)) || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG --align-payload 0 --sector-size 512 || fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV-missing --header $HEADER_IMG $DEV_NAME 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP -q resize $DEV_NAME --size 100 --header $HEADER_IMG || fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
$CRYPTSETUP luksClose $DEV_NAME || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" || fail
$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "5: luks2" && fail
prepare "[29] Repair metadata" wipe
xz -dk $HEADER_LUKS2_PV.xz
-$CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
-$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
+if [ "$HAVE_BLKID" -gt 0 ]; then
+ $CRYPTSETUP isLuks --disable-locks $HEADER_LUKS2_PV && fail
+ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+ $CRYPTSETUP isLuks --disable-locks --type luks2 $HEADER_LUKS2_PV && fail
+ $CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV && fail
+fi
$CRYPTSETUP -q repair $HEADER_LUKS2_PV || fail
$CRYPTSETUP isLuks $HEADER_LUKS2_PV || fail
$CRYPTSETUP isLuks --type luks2 $HEADER_LUKS2_PV || fail
prepare "[30] LUKS erase" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
$CRYPTSETUP luksErase -q $LOOPDEV || fail
prepare "[31] LUKS convert" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks1 $LOOPDEV $KEY5 --key-slot 5 || fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP -q luksDump $LOOPDEV --dump-json-metadata >/dev/null 2>&1 && fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
# hash test
-$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha1 || fail
-$CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail
+$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha512 || fail
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
$CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
$CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail
+# keyslot 1 area offset is higher than keyslot 0 area
+echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --key-slot 0 $LOOPDEV || fail
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_OPT --key-slot 1 $LOOPDEV || fail
+echo -e "$PWD1\n$PWD1" | $CRYPTSETUP -q luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
+# convert to LUKS1 and back; LUKS1 does not store length, only offset
+$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
+echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
+$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
+echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
+
if dm_crypt_keyring_flawed; then
prepare "[32a] LUKS2 keyring dm-crypt bug" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail
$CRYPTSETUP close $DEV_NAME || fail
# key must not load in kernel key even when dm-crypt module is missing
- if rmmod dm-crypt > /dev/null 2>&1; then
+ if rmmod dm-crypt >/dev/null 2>&1; then
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "dm-crypt" || fail
$CRYPTSETUP close $DEV_NAME || fail
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail
# check keyring support detection works as expected
- rmmod dm-crypt > /dev/null 2>&1 || true
+ rmmod dm-crypt >/dev/null 2>&1 || true
echo $PWD1 | $CRYPTSETUP open $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
$CRYPTSETUP -q status $DEV_NAME | grep "key location:" | grep -q "keyring" || fail
$CRYPTSETUP close $DEV_NAME || fail
$CRYPTSETUP open --token-only $LOOPDEV --test-passphrase || fail
$CRYPTSETUP open --token-only $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP status $DEV_NAME > /dev/null || fail
+ $CRYPTSETUP luksSuspend $DEV_NAME || fail
+ $CRYPTSETUP luksResume $DEV_NAME <&- || fail
+ $CRYPTSETUP -q status $DEV_NAME | grep -q "(suspended)" && fail
+ $CRYPTSETUP luksSuspend $DEV_NAME || fail
+ $CRYPTSETUP luksResume $DEV_NAME --token-type luks2-keyring <&- || fail
$CRYPTSETUP close $DEV_NAME || fail
+
+ # check --token-type sort of works (TODO: extend tests when native systemd tokens are available)
+ echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 22 || fail
+ # this excludes keyring tokens from unlocking device
+ $CRYPTSETUP open --token-only --token-type some_type $LOOPDEV --test-passphrase && fail
+ $CRYPTSETUP open --token-only --token-type some_type $LOOPDEV $DEV_NAME && fail
+ $CRYPTSETUP status $DEV_NAME > /dev/null && fail
+
$CRYPTSETUP token remove --token-id 3 $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q -e "3: luks2-keyring" && fail
# test we can remove keyslot with token
- echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S4 $FAST_PBKDF_OPT $LOOPDEV || fail
- $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 || fail
+ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S4 $FAST_PBKDF_OPT $LOOPDEV || fail
+ $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN1 --key-slot 4 --token-id 0 || fail
$CRYPTSETUP -q luksKillSlot $LOOPDEV 4 || fail
+ $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail
+
+ # test we can add unassigned token
+ $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 --unbound --token-id 0 || fail
+ $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail
+ $CRYPTSETUP token remove --token-id 0 $LOOPDEV || fail
+
+ # test token unassign works
+ $CRYPTSETUP token add $LOOPDEV --key-description $TEST_TOKEN0 -S0 --token-id 0 || fail
+ $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV || fail
+ $CRYPTSETUP token unassign --token-id 0 $LOOPDEV 2>/dev/null && fail
+ $CRYPTSETUP token unassign -S0 $LOOPDEV 2>/dev/null && fail
+ $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV || fail
+ $CRYPTSETUP open --token-only --token-id 0 --test-passphrase $LOOPDEV && fail
+ $CRYPTSETUP token unassign --token-id 0 -S0 $LOOPDEV 2>/dev/null && fail
+ $CRYPTSETUP token unassign --token-id 0 -S44 $LOOPDEV 2>/dev/null && fail
+ $CRYPTSETUP token unassign --token-id 44 -S0 $LOOPDEV 2>/dev/null && fail
fi
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 10 || fail
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import $LOOPDEV --token-id 11 --json-file - || fail
echo -n "$IMPORT_TOKEN" > $TOKEN_FILE0
$CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 || fail
$CRYPTSETUP token import $LOOPDEV --token-id 12 --json-file $TOKEN_FILE0 2>/dev/null && fail
-$CRYPTSETUP token export $LOOPDEV --token-id 10 | diff --from-file - $TOKEN_FILE0 || fail
-$CRYPTSETUP token export $LOOPDEV --token-id 11 | diff --from-file - $TOKEN_FILE0 || fail
-$CRYPTSETUP token export $LOOPDEV --token-id 12 | diff --from-file - $TOKEN_FILE0 || fail
+$CRYPTSETUP token export $LOOPDEV --token-id 10 >$TOKEN_FILE1 || fail
+diff $TOKEN_FILE0 $TOKEN_FILE1 || fail
+$CRYPTSETUP token export $LOOPDEV --token-id 11 >$TOKEN_FILE1 || fail
+diff $TOKEN_FILE0 $TOKEN_FILE1 || fail
+$CRYPTSETUP token export $LOOPDEV --token-id 12 >$TOKEN_FILE1 || fail
+diff $TOKEN_FILE0 $TOKEN_FILE1 || fail
$CRYPTSETUP token export $LOOPDEV --token-id 12 --json-file $TOKEN_FILE1 || fail
diff $TOKEN_FILE0 $TOKEN_FILE1 || fail
$CRYPTSETUP token export $LOOPDEV --token-id 12 > $TOKEN_FILE1 || fail
prepare "[34] LUKS keyslot priority" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV -S 1 || fail
-echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q $LOOPDEV $FAST_PBKDF_OPT -S 5 || fail
$CRYPTSETUP config $LOOPDEV -S 0 --priority prefer && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority bla >/dev/null 2>&1 && fail
$CRYPTSETUP config $LOOPDEV -S 1 --priority ignore || fail
$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail
$CRYPTSETUP -q luksConvertKey $LOOPDEV -S 5 --key-file $KEY5 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips
$CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || can_fail_fips
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV -S 1 --key-file $KEY5 || fail
$CRYPTSETUP -q luksKillSlot $LOOPDEV 5 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep "PBKDF:" | grep -q "pbkdf2" || fail
echo $PWD1 | $CRYPTSETUP -q luksConvertKey $LOOPDEV -S 1 --pbkdf argon2i -i1 --pbkdf-memory 32 || can_fail_fips
$CRYPTSETUP luksDump $LOOPDEV | grep -q "1: luks2" || can_fail_fips
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 21 --unbound -s 16 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S 21 --unbound -s 72 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksConvertKey --pbkdf-force-iterations 1001 --pbkdf pbkdf2 -S 21 $LOOPDEV || fail
prepare "[38] luksAddKey unbound tests" wipe
$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV $KEY5 --key-slot 5 || fail
# unbound key may have arbitrary size
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 16 $LOOPDEV || fail
-echo $PWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 32 -S 2 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 72 $LOOPDEV || fail
+echo $PWD2 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 72 -S 2 $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" || fail
dd if=/dev/urandom of=$KEY_FILE0 bs=64 count=1 > /dev/null 2>&1 || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --unbound -s 512 -S 3 --master-key-file $KEY_FILE0 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --unbound -s 512 -S 3 --volume-key-file $KEY_FILE0 $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail
# unbound key size is required
echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail
-echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --master-key-file /dev/urandom $LOOPDEV 2> /dev/null && fail
-# do not allow to replace keyslot by unbound slot
+echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --volume-key-file /dev/urandom $LOOPDEV 2> /dev/null && fail
+# do not allow one to replace keyslot by unbound slot
echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $LOOPDEV 2>/dev/null && fail
echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail
-echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail
echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV $DEV_NAME 2> /dev/null && fail
echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV --test-passphrase || fail
echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail
-echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail
# check we're able to change passphrase for unbound keyslot
echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail
-echo $PWD3 | $CRYPTSETUP open --test-passphrase $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP open --test-passphrase -S 2 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP -q open -S 2 $LOOPDEV $DEV_NAME 2> /dev/null && fail
# do not allow adding keyslot by unbound keyslot
echo -e "$PWD3\n$PWD1" | $CRYPTSETUP -q luksAddKey $LOOPDEV 2> /dev/null && fail
# check adding keyslot works when there's unbound keyslot
-echo $PWD1 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT $LOOPDEV --key-file $KEY5 -S8 || fail
echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP close $DEV_NAME || fail
$CRYPTSETUP luksKillSlot -q $LOOPDEV 2
$CRYPTSETUP luksDump $LOOPDEV | grep -q "2: luks2 (unbound)" && fail
-echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 $LOOPDEV 2> /dev/null && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 $LOOPDEV 2> /dev/null && fail
echo $PWD3 | $CRYPTSETUP luksDump --unbound 2> /dev/null $LOOPDEV 2> /dev/null && fail
-echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV > /dev/null || fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV > /dev/null || fail
diff $KEY_FILE0 $KEY_FILE1 || fail
-echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV 2> /dev/null && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV 2> /dev/null && fail
diff $KEY_FILE0 $KEY_FILE1 || fail
rm $KEY_FILE1 || fail
-echo $PWD3 | $CRYPTSETUP luksDump --unbound --master-key-file $KEY_FILE1 -S3 $LOOPDEV | grep -q "Unbound Key:" && fail
+echo $PWD3 | $CRYPTSETUP luksDump --unbound --volume-key-file $KEY_FILE1 -S3 $LOOPDEV | grep -q "Unbound Key:" && fail
echo $PWD3 | $CRYPTSETUP luksDump --unbound -S3 $LOOPDEV | grep -q "Unbound Key:" || fail
$CRYPTSETUP luksKillSlot -q $LOOPDEV 3 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" && fail
echo -n "[$mda KiB]"
echo $PWD4 | $CRYPTSETUP open test_image_$mda $DEV_NAME || fail
$CRYPTSETUP close $DEV_NAME || fail
- echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -S9 $FAST_PBKDF_OPT test_image_$mda || fail
+ echo -e "$PWD4\n$PWD3" | $CRYPTSETUP luksAddKey -q -S9 $FAST_PBKDF_OPT test_image_$mda || fail
echo $PWD4 | $CRYPTSETUP open --test-passphrase test_image_$mda || fail
echo $PWD3 | $CRYPTSETUP open -S9 --test-passphrase test_image_$mda || fail
echo -n "$IMPORT_TOKEN" | $CRYPTSETUP token import test_image_$mda --token-id 10 || fail
- $CRYPTSETUP token export test_image_$mda --token-id 10 | diff --from-file - $TOKEN_FILE0 || fail
+ $CRYPTSETUP token export test_image_$mda --token-id 10 >$TOKEN_FILE1 || fail
+ diff $TOKEN_FILE1 $TOKEN_FILE0 || fail
echo -n "[OK]"
done
echo
$CRYPTSETUP -q luksFormat --type luks2 $LOOPDEV $KEY1 $FAST_PBKDF_OPT --key-slot 0 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 1 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "1: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail
+$CRYPTSETUP luksAddKey -q $LOOPDEV -d $KEY1 $KEY2 $FAST_PBKDF_OPT --key-slot 2 || fail
$CRYPTSETUP luksChangeKey $LOOPDEV $FAST_PBKDF_OPT -d $KEY2 $KEY1 --key-slot 2 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "2: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
# unbound keyslot
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 21 --unbound -s 32 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 21 --unbound -s 72 --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "21: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT --key-slot 22 --unbound -s 32 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --key-slot 22 --unbound -s 72 $LOOPDEV || fail
echo $PWD3 | $CRYPTSETUP luksConvertKey --key-slot 22 $LOOPDEV --keyslot-cipher $KEYSLOT_CIPHER --keyslot-key-size 128 $LOOPDEV || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher:" | sed -e 's/[[:space:]]\+Cipher:\ \+//g')" = $KEYSLOT_CIPHER ] || fail
[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "22: luks2" | grep "Cipher key:"| sed -e 's/[[:space:]]\+Cipher\ key:\ \+//g')" = "128 bits" ] || fail
done
echo
+prepare "[43] New luksAddKey options." wipe
+rm -f $VK_FILE
+echo "$PWD1" | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG || fail
+echo $PWD1 | $CRYPTSETUP luksDump -q $IMG --dump-volume-key --volume-key-file $VK_FILE >/dev/null || fail
+
+# pass pass
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -q -S1 $FAST_PBKDF_OPT $IMG || fail
+echo $PWD2 | $CRYPTSETUP open -q --test-passphrase -S1 $IMG || fail
+
+# pass file
+echo "$PWD2" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S1 --new-key-slot 2 $IMG $KEY1 || fail
+$CRYPTSETUP open --test-passphrase -q -S2 -d $KEY1 $IMG || fail
+
+# file pass
+echo "$PWD3" | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 -d $KEY1 --new-key-slot 3 $IMG || fail
+echo $PWD3 | $CRYPTSETUP open -q --test-passphrase -S3 $IMG || fail
+
+# file file
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 4 -d $KEY1 --new-keyfile $KEY2 $IMG || fail
+$CRYPTSETUP open --test-passphrase -q -S4 -d $KEY2 $IMG || fail
+
+# vk pass
+echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S5 --volume-key-file $VK_FILE $IMG || fail
+echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S5 $IMG || fail
+
+# vk file
+$CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S6 --volume-key-file $VK_FILE --new-keyfile $KEY5 $IMG || fail
+$CRYPTSETUP open --test-passphrase -q -S6 -d $KEY5 $IMG || fail
+
+if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys/kernel/keys ]; then
+ test_and_prepare_keyring
+ load_key user $TEST_TOKEN0 $PWD1 "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
+ load_key user $TEST_TOKEN1 $PWDW "$TEST_KEYRING" || fail "Cannot load 32 byte user key type"
+ $CRYPTSETUP token add $IMG --key-description $TEST_TOKEN0 --token-id 0 -S0 || fail
+ $CRYPTSETUP token add $IMG --key-description $TEST_TOKEN1 --token-id 1 --unbound || fail
+
+ # pass token
+ echo -e "$PWD1" | $CRYPTSETUP luksAddKey -q -S7 --new-token-id 1 $FAST_PBKDF_OPT $IMG || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail
+
+ # file token
+ $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S2 --new-key-slot 7 --new-token-id 1 -d $KEY1 $IMG || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail
+
+ # vk token
+ $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --volume-key-file $VK_FILE --new-token-id 1 $IMG || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 7 || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail
+
+ # token pass
+ echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S7 --token-id 0 $IMG || fail
+ echo $PWD4 | $CRYPTSETUP open -q --test-passphrase -S7 $IMG || fail
+
+ # token file
+ echo $PWD4 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S8 --token-id 0 $IMG $KEY2 || fail
+ $CRYPTSETUP open -q --test-passphrase -S8 --key-file $KEY2 $IMG || fail
+
+ # token token
+ $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S9 --token-id 0 --new-token-id 1 $IMG || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 1 -q $IMG && fail
+
+ # reuse same token
+ $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT -S0 --new-key-slot 9 --token-id 0 --new-token-id 0 $IMG || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail
+
+ # reuse same token
+ $CRYPTSETUP luksAddKey -q $FAST_PBKDF_OPT --token-id 0 --new-token-id 0 $IMG || fail
+ echo $PWD1 | $CRYPTSETUP luksKillSlot $IMG 9 || fail
+ $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail
+fi
+
remove_mapping
exit 0
/*
* cryptsetup crypto backend test vectors
*
- * Copyright (C) 2018-2021 Milan Broz
+ * Copyright (C) 2018-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
+#include <fcntl.h>
-#include "crypto_backend.h"
+#include "crypto_backend/crypto_backend.h"
#ifndef ARRAY_SIZE
# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
fflush(stdout);
}
+static bool fips_mode(void)
+{
+ int fd;
+ char buf = 0;
+
+ fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
+
+ if (fd < 0)
+ return false;
+
+ if (read(fd, &buf, 1) != 1)
+ buf = '0';
+
+ close(fd);
+
+ return (buf == '1');
+}
+
/*
* KDF tests
*/
// "\xd0\x1e\xf0\x45\x2d\x75\xb6\x5e"
// "\xb5\x25\x20\xe9\x6b\x01\xe6\x59", 32
},
+ /* empty password */
+ {
+ "argon2i", NULL, 0, 3, 128, 1,
+ "", 0,
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 16,
+ "\xbb\x1f\xf2\xb9\x9f\xd4\x4a\xd9"
+ "\xdf\x7f\xb9\x54\x55\x9e\xb8\xeb"
+ "\xb5\x9d\xab\xce\x2e\x62\x9f\x9b"
+ "\x89\x09\xfe\xde\x57\xcc\x63\x86", 32
+ },
+ {
+ "argon2id", NULL, 0, 3, 128, 1,
+ "", 0,
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", 16,
+ "\x09\x2f\x38\x35\xac\xb2\x43\x92"
+ "\x93\xeb\xcd\xe8\x04\x16\x6a\x31"
+ "\xce\x14\xd4\x55\xdb\xd8\xf7\xe6"
+ "\xb4\xf5\x9d\x64\x8e\xd0\x3a\xdb", 32
+ },
/* RFC 3962 */
{
"pbkdf2", "sha1", 64, 1, 0, 0,
},
}}};
+/* Base64 test vectors */
+struct base64_test_vector {
+ size_t decoded_len;
+ const char *decoded;
+ const char *encoded;
+};
+
+static struct base64_test_vector base64_test_vectors[] = {
+ { 0, "", "" },
+ { 1, "\x00", "AA==" },
+ { 1, "f", "Zg==" },
+ { 2, "fo", "Zm8=" },
+ { 3, "foo", "Zm9v" },
+ { 4, "foob", "Zm9vYg==" },
+ { 5, "fooba", "Zm9vYmE=" },
+ { 6, "foobar", "Zm9vYmFy" },
+ { 11, "Hello world", "SGVsbG8gd29ybGQ=" },
+ { 22, "\x36\x03\x84\xdc\x4e\x03\x46\xa0\xb5\x2d\x03"
+ "\x6e\xd0\x56\xed\xa0\x37\x02\xac\xc6\x65\xd1",
+ "NgOE3E4DRqC1LQNu0FbtoDcCrMZl0Q==" },
+ { 3, "***", "Kioq" },
+ { 4, "\x01\x02\x03\x04", "AQIDBA==" },
+ { 5, "\xAD\xAD\xAD\xAD\xAD", "ra2tra0=" },
+ { 5, "\xFF\xFF\xFF\xFF\xFF", "//////8=" },
+ { 32, "\x40\xC1\x3F\xBD\x05\x4C\x72\x2A\xA3\xC2\xF2"
+ "\x11\x73\xC0\x69\xEA\x49\x7D\x35\x29\x6B\xCC"
+ "\x24\x65\xF6\xF9\xD0\x41\x08\x7B\xD7\xA9",
+ "QME/vQVMciqjwvIRc8Bp6kl9NSlrzCRl9vnQQQh716k=" },
+ { 7, "\x54\x0f\xdc\xf0\x0f\xaf\x4a", "VA/c8A+vSg==" },
+ {179, "blah blah blah blah blah blah blah blah blah "
+ "blah blah blah blah blah blah blah blah blah "
+ "blah blah blah blah blah blah blah blah blah "
+ "blah blah blah blah blah blah blah blah blah",
+ "YmxhaCBibGFoIGJsYWggYmxhaCBibGFoIGJsYWggYmxh"
+ "aCBibGFoIGJsYWggYmxhaCBibGFoIGJsYWggYmxhaCBi"
+ "bGFoIGJsYWggYmxhaCBibGFoIGJsYWggYmxhaCBibGFo"
+ "IGJsYWggYmxhaCBibGFoIGJsYWggYmxhaCBibGFoIGJs"
+ "YWggYmxhaCBibGFoIGJsYWggYmxhaCBibGFoIGJsYWgg"
+ "YmxhaCBibGFoIGJsYWg=" },
+};
+
+/* UTF8 to UTF16LE test vectors */
+struct utf8_16_test_vector {
+ size_t len8;
+ size_t len16;
+ const char *utf8;
+ const char *utf16;
+};
+
+static struct utf8_16_test_vector utf8_16_test_vectors[] = {
+ { 1, 2, "a", "\x61\x00" },
+ { 16, 32, "0123456789abcdef",
+ "\x30\x00\x31\x00\x32\x00\x33\x00\x34\x00\x35\x00\x36\x00\x37\x00"
+ "\x38\x00\x39\x00\x61\x00\x62\x00\x63\x00\x64\x00\x65\x00\x66\x00" },
+ { 77, 78,
+ "\xf2\xa4\xa5\x94\x49\xf2\xa1\x98\x98\xd8\x8a\xe1\xb4\x88\xea\xa7"
+ "\xaa\xde\x95\xe2\x85\xb1\xe7\xb1\x9a\xf2\xb5\xa1\xae\x37\x2d\xd0"
+ "\xa9\xe1\x9a\x9c\xe8\xb0\xb7\xc8\x95\x0a\xf3\xaa\x92\xba\xf2\x83"
+ "\xb0\x99\xf0\x9b\xbe\x8f\x4f\xc8\x86\x30\xe7\xab\xa0\xda\xb9\xd8"
+ "\x89\xd8\xbc\xd7\x8a\xd9\xbc\xc3\x8f\x33\x62\xda\xb7",
+ "\x52\xda\x54\xdd\x49\x00\x45\xda\x18\xde\x0a\x06\x08\x1d\xea\xa9"
+ "\x95\x07\x71\x21\x5a\x7c\x96\xda\x6e\xdc\x37\x00\x2d\x00\x29\x04"
+ "\x9c\x16\x37\x8c\x15\x02\x0a\x00\x69\xdb\xba\xdc\xcf\xd9\x19\xdc"
+ "\x2f\xd8\x8f\xdf\x4f\x00\x06\x02\x30\x00\xe0\x7a\xb9\x06\x09\x06"
+ "\x3c\x06\xca\x05\x7c\x06\xcf\x00\x33\x00\x62\x00\xb7\x06" },
+};
+
static int pbkdf_test_vectors(void)
{
char result[256];
unsigned int i;
const struct kdf_test_vector *vec;
- for (i = 0; i < (sizeof(kdf_test_vectors) / sizeof(*kdf_test_vectors)); i++) {
+ for (i = 0; i < ARRAY_SIZE(kdf_test_vectors); i++) {
crypt_backend_memzero(result, sizeof(result));
vec = &kdf_test_vectors[i];
printf("PBKDF vector %02d %s ", i, vec->type);
if (!r)
r = crypt_hash_final(h, result, vector->out[j].length);
- crypt_hash_destroy(h);
- if (r)
+ if (r) {
+ crypt_hash_destroy(h);
return EXIT_FAILURE;
+ }
if (memcmp(result, vector->out[j].out, vector->out[j].length)) {
printf("[FAILED]\n");
printhex(" got", result, vector->out[j].length);
printhex("want", vector->out[j].out, vector->out[j].length);
+ crypt_hash_destroy(h);
+ return EXIT_FAILURE;
+ }
+
+ /*
+ * After crypt_hash_final() the context must be reset, repeat
+ */
+ crypt_backend_memzero(result, sizeof(result));
+ r = crypt_hash_write(h, vector->data, vector->data_length);
+ if (!r)
+ r = crypt_hash_final(h, result, vector->out[j].length);
+
+ if (r || memcmp(result, vector->out[j].out, vector->out[j].length)) {
+ printf("[FAILED (RESET CONTEXT)]\n");
+ printhex(" got", result, vector->out[j].length);
+ printhex("want", vector->out[j].out, vector->out[j].length);
+ crypt_hash_destroy(h);
return EXIT_FAILURE;
}
+
+ crypt_hash_destroy(h);
}
printf("\n");
}
if (!r)
r = crypt_hmac_final(hmac, result, vector->out[j].length);
- crypt_hmac_destroy(hmac);
-
- if (r)
+ if (r) {
+ crypt_hmac_destroy(hmac);
return EXIT_FAILURE;
+ }
if (memcmp(result, vector->out[j].out, vector->out[j].length)) {
printf("[FAILED]\n");
printhex(" got", result, vector->out[j].length);
printhex("want", vector->out[j].out, vector->out[j].length);
+ crypt_hmac_destroy(hmac);
+ return EXIT_FAILURE;
+ }
+
+ /*
+ * After crypt_hmac_final() the context must be reset, repeat
+ */
+ crypt_backend_memzero(result, sizeof(result));
+ r = crypt_hmac_write(hmac, vector->data, vector->data_length);
+ if (!r)
+ r = crypt_hmac_final(hmac, result, vector->out[j].length);
+
+ if (r || memcmp(result, vector->out[j].out, vector->out[j].length)) {
+ printf("[FAILED (RESET CONTEXT)]\n");
+ printhex(" got", result, vector->out[j].length);
+ printhex("want", vector->out[j].out, vector->out[j].length);
+ crypt_hmac_destroy(hmac);
return EXIT_FAILURE;
}
+
+ crypt_hmac_destroy(hmac);
}
printf("\n");
}
if (vector->data_length > sizeof(result))
return EXIT_FAILURE;
- snprintf(mode_iv, sizeof(mode_iv)-2, "%s-%s", vector->cipher_mode, vector->iv_name);
+ if (snprintf(mode_iv, sizeof(mode_iv)-2, "%s-%s", vector->cipher_mode, vector->iv_name) < 0)
+ return EXIT_FAILURE;
+
r = crypt_storage_init(&storage, vector->out[j].sector_size, vector->cipher_name, mode_iv,
vector->key, vector->key_length, vector->out[j].large_iv);
if (r == -ENOENT || r == -ENOTSUP) {
return EXIT_SUCCESS;
}
+static int check_hash(const char *hash)
+{
+ struct crypt_hash *h;
+
+ if (crypt_hash_size(hash) < 0)
+ return EXIT_FAILURE;
+
+ if (crypt_hash_init(&h, hash))
+ return EXIT_FAILURE;
+
+ crypt_hash_destroy(h);
+ return EXIT_SUCCESS;
+}
+
+static int base64_test(void)
+{
+ unsigned int i;
+ char *s;
+ size_t s_len;
+
+ for (i = 0; i < ARRAY_SIZE(base64_test_vectors); i++) {
+ printf("BASE64 %02d ", i);
+ s = NULL;
+ s_len = 0;
+ if (crypt_base64_encode(&s, &s_len,
+ base64_test_vectors[i].decoded,
+ base64_test_vectors[i].decoded_len) < 0) {
+ printf("[ENCODE FAILED]\n");
+ return EXIT_FAILURE;
+ } else if (strcmp(s, base64_test_vectors[i].encoded)) {
+ printf("[ENCODE FAILED]\n");
+ free(s);
+ return EXIT_FAILURE;
+ }
+ printf("[encode]");
+ free(s);
+
+ s = NULL;
+ s_len = 0;
+ if (crypt_base64_decode(&s, &s_len,
+ base64_test_vectors[i].encoded,
+ strlen(base64_test_vectors[i].encoded)) < 0) {
+ printf("[DECODE FAILED]\n");
+ return EXIT_FAILURE;
+ } else if (s_len != base64_test_vectors[i].decoded_len ||
+ memcmp(s, base64_test_vectors[i].decoded, s_len)) {
+ printf("[DECODE FAILED]\n");
+ return EXIT_FAILURE;
+ }
+ printf("[decode]\n");
+ free(s);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+static int utf8_16_test(void)
+{
+ unsigned int i;
+ char s8[128], *s;
+ char16_t c16[256], s16[256], *su;
+
+ for (i = 0; i < ARRAY_SIZE(utf8_16_test_vectors); i++) {
+ printf("UTF8/16 %02d ", i);
+ crypt_backend_memzero(s16, sizeof(s16));
+ su = &s16[0];
+ if (crypt_utf8_to_utf16(&su, utf8_16_test_vectors[i].utf8,
+ utf8_16_test_vectors[i].len8) < 0 ||
+ memcmp(utf8_16_test_vectors[i].utf16, s16,
+ utf8_16_test_vectors[i].len16)) {
+ printf("[UTF8_TO_UTF16 FAILED]\n");
+ return EXIT_FAILURE;
+ }
+ printf("[UTF8_TO_UTF16]");
+
+ crypt_backend_memzero(s8, sizeof(s8));
+ s = &s8[0];
+ memcpy(c16, utf8_16_test_vectors[i].utf16, utf8_16_test_vectors[i].len16);
+ if (crypt_utf16_to_utf8(&s, c16, utf8_16_test_vectors[i].len16) < 0 ||
+ utf8_16_test_vectors[i].len8 != strlen(s8) ||
+ memcmp(utf8_16_test_vectors[i].utf8, s8,
+ utf8_16_test_vectors[i].len8)) {
+ printf("[UTF16_TO_UTF8 FAILED]\n");
+ return EXIT_FAILURE;
+ }
+ printf("[UTF16_TO_UTF8]\n");
+ }
+
+ return EXIT_SUCCESS;
+}
+
+static int default_alg_test(void)
+{
+ printf("Defaults: [LUKS1 hash %s] ", DEFAULT_LUKS1_HASH);
+ if (check_hash(DEFAULT_LUKS1_HASH))
+ return EXIT_FAILURE;
+
+ printf("[PLAIN hash %s] ", DEFAULT_PLAIN_HASH);
+ if (check_hash(DEFAULT_PLAIN_HASH))
+ return EXIT_FAILURE;
+
+ printf("[VERITY hash %s] ", DEFAULT_VERITY_HASH);
+ if (check_hash(DEFAULT_VERITY_HASH))
+ return EXIT_FAILURE;
+
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
+static int memcmp_test(void)
+{
+ printf("MEMEQ ");
+ if (!crypt_backend_memeq("aaaaaaaa", "bbbbbbbb", 8))
+ return EXIT_FAILURE;
+ if (crypt_backend_memeq("aaaaaaaa", "aaaaaaaa", 8))
+ return EXIT_FAILURE;
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
static void __attribute__((noreturn)) exit_test(const char *msg, int r)
{
if (msg)
exit(77);
}
- if (crypt_backend_init())
+ if (crypt_backend_init(fips_mode()))
exit_test("Crypto backend init error.", EXIT_FAILURE);
printf("Test vectors using %s crypto backend.\n", crypt_backend_version());
if (cipher_iv_test())
exit_test("IV test failed.", EXIT_FAILURE);
+ if (base64_test())
+ exit_test("BASE64 test failed.", EXIT_FAILURE);
+
+ if (memcmp_test())
+ exit_test("Memcmp test failed.", EXIT_FAILURE);
+
+ if (utf8_16_test())
+ exit_test("UTF8/16 test failed.", EXIT_FAILURE);
+
+ if (default_alg_test()) {
+ if (fips_mode())
+ printf("\nDefault compiled-in algorithms test ignored (FIPS mode on).\n");
+ else
+ exit_test("\nDefault compiled-in algorithms test failed.", EXIT_FAILURE);
+ }
+
exit_test(NULL, EXIT_SUCCESS);
}
-# Suppresion file for valgrind
+# Suppression file for valgrind
# known problem in libgcrypt
{
FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
SKIP_COUNT=0
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
cleanup() {
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
udevadm settle >/dev/null 2>&1
if [ -d "$MNT_DIR" ] ; then
- umount -f $MNT_DIR 2>/dev/null
- rmdir $MNT_DIR 2>/dev/null
+ umount -f $MNT_DIR 2>/dev/null
+ rmdir $MNT_DIR 2>/dev/null
fi
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
}
fail()
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
add_device() {
- modprobe scsi_debug $@ delay=0
+ rmmod scsi_debug >/dev/null 2>&1
+ [ -d /sys/module/scsi_debug ] && skip "Cannot use scsi_debug module (in use or compiled-in)."
+
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
[ $? -ne 0 ] && skip "This kernel seems to not support proper scsi_debug module."
sleep 1
[ -b "/dev/$SCSI_DEV" ] || fail "Cannot find $SCSI_DEV."
}
+add_image()
+{
+ dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
+}
+
function dm_crypt_features()
{
- modprobe dm-crypt || fail "dm-crypt failed to load"
+ modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
[ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
format() # format
{
- dd if=/dev/zero of=$DEV bs=1M count=32 >/dev/null 2>&1
+ add_image
echo $PWD1 | $CRYPTSETUP luksFormat --type $1 $DEV -q $FAST_PBKDF_OPT -c aes-cbc-essiv:sha256
[ $? -ne 0 ] && fail "Format failed."
# test some operation, just in case
- echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
+ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --new-key-slot 1
[ $? -ne 0 ] && fail "Keyslot add failed."
$CRYPTSETUP -q luksKillSlot $DEV 1
fi
}
+check_io()
+{
+ dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M count=32 iflag=direct 2>/dev/null || fail
+ dd if=/dev/zero of=/dev/mapper/$DEV_NAME bs=1M count=32 oflag=direct 2>/dev/null || fail
+}
+
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
skip "You must be root to run this test, test skipped."
fi
echo "[1] Using tmpfs for image"
DEV="$MNT_DIR/test.img"
mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
-format luks1
+add_image
echo "[2] Kernel dmcrypt performance options"
if [ -z "$DM_PERF_CPU" ]; then
echo "TEST SKIPPED: dmcrypt options not available"
echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+ check_io
$CRYPTSETUP close $DEV_NAME || fail
echo -n "allow_discards "
echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+ check_io
$CRYPTSETUP close $DEV_NAME || fail
echo -e "$PWD1" | $CRYPTSETUP open -q --type plain --hash sha256 $DEV $DEV_NAME || fail
echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
echo -e "$PWD1" | $CRYPTSETUP refresh --hash sha256 -q $DEV_NAME --perf-no_read_workqueue --perf-no_write_workqueue || fail
$CRYPTSETUP status $DEV_NAME | grep -q no_read_workqueue || fail
$CRYPTSETUP status $DEV_NAME | grep -q no_write_workqueue || fail
+ check_io
fi
$CRYPTSETUP close $DEV_NAME || fail
echo
+ format luks1
echo -n "LUKS: same_cpu_crypt submit_from_cpus "
echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
echo "[4] Disappeared device test:"
KEY="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"
for F in LUKS1 LUKS2 BITLK TCRYPT; do
- echo -n "$F"
add_device dev_size_mb=1 sector_size=512 num_tgts=1 lbpu=1
+ echo -n "$F"
# Fake CRYPT UUID to force code to parse type-specific path
dmsetup create $DEV_NAME --uuid CRYPT-$F-$DEV_NAME --table "0 1024 crypt aes-xts-plain64 $KEY 16 /dev/$SCSI_DEV 16"
$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 || fail
udevadm settle >/dev/null 2>&1
$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 || fail
dmsetup remove $DEV_NAME --retry || fail
- rmmod scsi_debug
+ rmmod scsi_debug >/dev/null 2>&1
echo -n "[OK] "
done
echo
/*
* cryptsetup file differ check (rewritten Clemens' fileDiffer in Python)
*
- * Copyright (C) 2010-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
DEV=""
PWD1="93R4P4pIqAH8"
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
cleanup() {
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
udevadm settle >/dev/null 2>&1
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
sleep 2
}
exit 100
}
+skip()
+{
+ [ -n "$1" ] && echo "$1"
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
add_device() {
- modprobe scsi_debug $@ delay=0
+ rmmod scsi_debug >/dev/null 2>&1
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 77
return 1
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 77
fi
-modprobe --dry-run scsi_debug || exit 77
modprobe dm-crypt >/dev/null 2>&1
if ! check_version ; then
echo "Probably old kernel, test skipped."
$CRYPTSETUP luksClose $DEV_NAME || fail
echo "[2] Allowing discards for plain device"
-echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail
+echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha256 --allow-discards || fail
$CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
$CRYPTSETUP resize $DEV_NAME --size 100 || fail
$CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
--- /dev/null
+#include <string.h>
+#include <stdlib.h>
+
+/* systemd tpm2-util.h */
+int tpm2_find_device_auto(int log_level, char **ret);
+
+extern int tpm2_find_device_auto(int log_level __attribute__((unused)), char **ret)
+{
+ const char *path = getenv("TPM_PATH");
+
+ if (!path)
+ *ret = NULL;
+ else
+ *ret = strdup(path);
+
+ return 0;
+}
--- /dev/null
+#include <libcryptsetup.h>
+
+const char *crypt_token_external_path(void)
+{
+ return BUILD_DIR;
+}
--- /dev/null
+// Based on https://github.com/llvm-mirror/compiler-rt/blob/master/lib/fuzzer/FuzzerInterface.h
+//
+//===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+// Define the interface between libFuzzer and the library being tested.
+//===----------------------------------------------------------------------===//
+
+// NOTE: the libFuzzer interface is thin and in the majority of cases
+// you should not include this file into your target. In 95% of cases
+// all you need is to define the following function in your file:
+// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// WARNING: keep the interface in C.
+
+#ifndef LLVM_FUZZER_INTERFACE_H
+#define LLVM_FUZZER_INTERFACE_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+// Define FUZZER_INTERFACE_VISIBILITY to set default visibility in a way that
+// doesn't break MSVC.
+#if defined(_WIN32)
+#define FUZZER_INTERFACE_VISIBILITY __declspec(dllexport)
+#else
+#define FUZZER_INTERFACE_VISIBILITY __attribute__((visibility("default")))
+#endif
+
+// Mandatory user-provided target function.
+// Executes the code under test with [Data, Data+Size) as the input.
+// libFuzzer will invoke this function *many* times with different inputs.
+// Must return 0.
+FUZZER_INTERFACE_VISIBILITY int
+LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// Optional user-provided initialization function.
+// If provided, this function will be called by libFuzzer once at startup.
+// It may read and modify argc/argv.
+// Must return 0.
+FUZZER_INTERFACE_VISIBILITY int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+// Optional user-provided custom mutator.
+// Mutates raw data in [Data, Data+Size) inplace.
+// Returns the new size, which is not greater than MaxSize.
+// Given the same Seed produces the same mutation.
+FUZZER_INTERFACE_VISIBILITY size_t
+LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
+ unsigned int Seed);
+
+// Optional user-provided custom cross-over function.
+// Combines pieces of Data1 & Data2 together into Out.
+// Returns the new size, which is not greater than MaxOutSize.
+// Should produce the same mutation given the same Seed.
+FUZZER_INTERFACE_VISIBILITY size_t
+LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
+ const uint8_t *Data2, size_t Size2, uint8_t *Out,
+ size_t MaxOutSize, unsigned int Seed);
+
+// Experimental, may go away in future.
+// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
+// Mutates raw data in [Data, Data+Size) inplace.
+// Returns the new size, which is not greater than MaxSize.
+FUZZER_INTERFACE_VISIBILITY size_t
+LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+
+#undef FUZZER_INTERFACE_VISIBILITY
+
+#ifdef __cplusplus
+} // extern "C"
+#endif // __cplusplus
+
+#endif // LLVM_FUZZER_INTERFACE_H
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+syntax = "proto2";
+
+package LUKS2_proto;
+
+// ---------------------------------------------------------------------------
+// ----------------------------- GENERIC OBJECTS -----------------------------
+// ---------------------------------------------------------------------------
+
+message object_id {
+ oneof id {
+ // int_id will be mapped to range -16 to 16 (mod 33)
+ // this way iy should be easier to generate valid
+ // object cross-references
+ uint32 int_id = 1;
+ string string_id = 2;
+ }
+}
+
+message string_uint64 {
+ required bool negative = 1;
+ oneof number {
+ uint32 uint_num = 2;
+ string string_num = 3;
+ }
+}
+
+enum hash_algorithm {
+ HASH_ALG_SHA1 = 1;
+ HASH_ALG_SHA256 = 2;
+}
+
+
+// ---------------------------------------------------------------------------
+// ----------------------------- BINARY HEADER -------------------------------
+// ---------------------------------------------------------------------------
+
+enum luks2_magic {
+ INVALID = 0;
+ FIRST = 1;
+ SECOND = 2;
+}
+
+enum luks_version {
+ ONE = 1;
+ TWO = 2;
+ THREE = 3;
+}
+
+// we limit the size to 64KiB to make the fuzzing faster
+// because the checksum needs to be calculated for the whole image
+enum hdr_size {
+ size_16_KB = 16384;
+ size_32_KB = 32768;
+ size_64_KB = 65536;
+// size_128_KB = 131072;
+// size_256_KB = 262144;
+// size_512_KB = 524288;
+// size_1_MB = 1048576;
+// size_2_MB = 2097152;
+// size_4_MB = 4194304;
+}
+
+enum seqid_description {
+ PRIMARY_GREATER = 0;
+ SECONDARY_GREATER = 1;
+ EQUAL = 2;
+}
+
+// message luks2_hdr_disk {
+// char magic[LUKS2_MAGIC_L];
+// //uint16_t version; /* Version 2 */
+// uint64_t hdr_size; /* in bytes, including JSON area */
+// uint64_t seqid; /* increased on every update */
+// char label[LUKS2_LABEL_L];
+// char checksum_alg[LUKS2_CHECKSUM_ALG_L];
+// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */
+// char uuid[LUKS2_UUID_L];
+// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
+// uint64_t hdr_offset; /* offset from device start in bytes */
+// char _padding[184];
+// uint8_t csum[LUKS2_CHECKSUM_L];
+// }
+message LUKS2_header {
+ required luks_version version = 1;
+ required luks2_magic magic = 2;
+ required hdr_size hdr_size = 3;
+ required bool use_correct_checksum = 4;
+
+ optional uint64 selected_offset = 5;
+}
+
+message LUKS2_both_headers {
+ required LUKS2_header primary_header = 1;
+ required LUKS2_header secondary_header = 2;
+
+ required seqid_description seqid = 3;
+ required json_area_description json_area = 4;
+}
+
+message json_area_description {
+ optional config_description config = 1;
+ repeated keyslot_description keyslots = 2;
+ repeated digest_description digests = 3;
+ repeated segment_description segments = 4;
+ repeated token_description tokens = 5;
+}
+
+// ---------------------------------------------------------------------------
+// ----------------------------- KEYSLOT OBJECT ------------------------------
+// ---------------------------------------------------------------------------
+
+enum keyslot_type {
+ KEYSLOT_TYPE_LUKS2 = 1;
+ KEYSLOT_TYPE_REENCRYPT = 2;
+ KEYSLOT_TYPE_PLACEHOLDER = 3;
+}
+
+enum reencrypt_keyslot_mode {
+ MODE_REENCRYPT = 1;
+ MODE_ENCRYPT = 2;
+ MODE_DECRYPT = 3;
+}
+
+enum reencrypt_keyslot_direction {
+ DIRECTION_FORWARD = 1;
+ DIRECTION_BACKWARD = 2;
+}
+
+// The area object contains these mandatory fields:
+// - type [string] the area type.
+// - offset [string-uint64] the offset from the device start to the beginning of the binary area (in bytes).
+// - size [string-uint64] the area size (in bytes).
+//
+// Area type raw contains these additional fields:
+// - encryption [string] the area encryption algorithm, in dm-crypt notation (for example aes-xts-plain64).
+// - key_size [integer] the area encryption key size.
+//
+// Area type none and journal (used only for reencryption optional extension) contain only mandatory fields.
+//
+// Area type checksum (used only for reencryption optional extension) contains these additional fields:
+// - hash [string] The hash algorithm for the checksum resilience mode.
+// - sector_size [integer] The data unit size for digest checksum calculated with the hash algorithm.
+//
+// Area type datashift (used only for reencryption optional extension) contains this additional field:
+// - shift_size [string-uint64] The data shift (in bytes) performed during reencryption (shift direction is according to direction field).
+
+enum keyslot_area_type {
+ KEYSLOT_AREA_TYPE_RAW = 1;
+ KEYSLOT_AREA_TYPE_NONE = 2;
+ KEYSLOT_AREA_TYPE_JOURNAL = 3;
+ KEYSLOT_AREA_TYPE_CHECKSUM = 4;
+ KEYSLOT_AREA_TYPE_DATASHIFT = 5;
+}
+
+message keyslot_area_description {
+ // mandatory fields
+ optional keyslot_area_type type = 1;
+ optional string_uint64 offset = 2;
+ optional string_uint64 size = 3;
+
+ // raw type fields
+ optional string encryption = 4;
+ optional int32 key_size = 5;
+
+ // checksum type field
+ optional hash_algorithm hash = 6;
+ optional int32 sector_size = 7;
+
+ // datashift type fields
+ optional string_uint64 shift_size = 8;
+}
+
+// The object describes PBKDF attributes used for the keyslot.
+// The kdf object mandatory fields are:
+// - type [string] the PBKDF type.
+// - salt [base64] the salt for PBKDF (binary data).
+//
+// The pbkdf2 type (compatible with LUKS1) contains these additional fields:
+// - hash [string] the hash algorithm for the PBKDF2 (SHA-256).
+// - iterations [integer] the PBKDF2 iterations count.
+//
+// The argon2i and argon2id type contains these additional fields:
+// - time [integer] the time cost (in fact the iterations count for Argon2).
+// - memory [integer] the memory cost, in kilobytes. If not available, the keyslot cannot be unlocked.
+// - cpus [integer] the required number of threads (CPU cores number cost). If not available, unlocking will be slower.
+
+enum keyslot_kdf_type {
+ KEYSLOT_KDF_TYPE_PBKDF2 = 1;
+ KEYSLOT_KDF_TYPE_ARGON2I = 2;
+ KEYSLOT_KDF_TYPE_ARGON2ID = 3;
+}
+
+message keyslot_kdf_description {
+ optional keyslot_kdf_type type = 1;
+ optional string salt = 2;
+
+ // pbkdf2 type
+ optional hash_algorithm hash = 3;
+ optional int32 iterations = 4;
+
+ // argon2i and argon2id types
+ optional int32 time = 5;
+ optional int32 memory = 6;
+ optional int32 cpus = 7;
+}
+
+enum keyslot_af_type {
+ KEYSLOT_AF_TYPE_LUKS1 = 1;
+}
+
+// The af (anti-forensic splitter) object contains this madatory field:
+// - type [string] the anti-forensic function type.
+// AF type luks1 (compatible with LUKS1 [1]) contains these additional fields:
+// - stripes [integer] the number of stripes, for historical reasons only the 4000 value is supported.
+// - hash [string] the hash algorithm used.
+
+message keyslot_af_description {
+ optional keyslot_af_type type = 1;
+ optional int32 stripes = 2;
+ optional hash_algorithm hash = 3;
+}
+
+// - type [string] the keyslot type.
+// - key_size [integer] the key size (in bytes) stored in keyslot.
+// - priority [integer,optional] the keyslot priority. Here 0 means ignore (the slot should be used only if explicitly stated), 1 means normal priority and 2 means high priority (tried before normal priority).
+
+// REENCRYPT
+// The key size field must be set to 1. The area type must be none, checksum,
+// journal or datashift.
+// The reencrypt object must contain these additional fields:
+// - mode [string] the reencryption mode. reencrypt, encrypt and decrypt
+// - direction [string] the reencryption direction. forward backward
+
+// - area [object] the allocated area in the binary keyslots area.
+// LUKS2 object must contain these additional fields:
+// - kdf [object] the PBKDF type and parameters used.
+// - af [object] the anti-forensic splitter [1] (only the luks1 type is currently
+// used).
+
+message keyslot_description {
+ // type
+ required object_id oid = 1;
+
+ optional keyslot_type type = 2;
+ optional int32 key_size = 3;
+ optional int32 priority = 4;
+
+ // reencrypt extension
+ optional reencrypt_keyslot_mode mode = 5;
+ optional reencrypt_keyslot_direction direction = 6;
+
+ // objects
+ optional keyslot_area_description area = 7;
+ optional keyslot_kdf_description kdf = 8;
+ optional keyslot_af_description af = 9;
+}
+
+// ---------------------------------------------------------------------------
+// ------------------------------ DIGEST OBJECT ------------------------------
+// ---------------------------------------------------------------------------
+
+message digest_description {
+ required object_id oid = 1;
+
+ optional keyslot_kdf_type type = 2;
+ repeated object_id keyslots = 3;
+ repeated object_id segments = 4;
+ optional string salt = 5;
+ optional string digest = 6;
+
+ // pbkdf2 digest fields
+ optional hash_algorithm hash = 7;
+ optional int32 iterations = 8;
+}
+
+// ---------------------------------------------------------------------------
+// ----------------------------- SEGMENT OBJECT ------------------------------
+// ---------------------------------------------------------------------------
+
+enum segment_type {
+ SEGMENT_TYPE_LINEAR = 1;
+ SEGMENT_TYPE_CRYPT = 2;
+}
+
+enum segment_flag {
+ IN_REENCRYPTION = 1;
+ BACKUP_FINAL = 2;
+ BACKUP_PREVIOUS = 3;
+ BACKUP_MOVED_SEGMENT = 4;
+}
+
+message segment_integrity_description {
+ optional string type = 1;
+ optional string journal_encryption = 2;
+ optional string journal_integrity = 3;
+}
+
+message segment_description {
+ required object_id oid = 1;
+ optional segment_type type = 2;
+ optional string_uint64 offset = 3;
+ optional string_uint64 size = 4;
+ repeated segment_flag flags = 5;
+
+ // segment type crypt
+ optional string_uint64 iv_tweak = 6;
+ optional string encryption = 7;
+ optional int32 sector_size = 8;
+ optional segment_integrity_description integrity = 9;
+}
+
+// ---------------------------------------------------------------------------
+// ------------------------------ TOKEN OBJECT -------------------------------
+// ---------------------------------------------------------------------------
+
+message token_description {
+ required object_id oid = 1;
+
+ optional string type = 2;
+ repeated object_id keyslots = 3;
+ optional string key_description = 4;
+}
+
+// ---------------------------------------------------------------------------
+// ------------------------------ CONFIG OBJECT ------------------------------
+// ---------------------------------------------------------------------------
+
+// - allow-discards allows TRIM (discards) on the active device.
+// - same-cpu-crypt compatibility performance flag for dm-crypt [3] to per- form encryption using the same CPU that originated the request.
+// - submit-from-crypt-cpus compatibility performance flag for dm-crypt [3] to disable offloading write requests to a separate thread after encryption.
+// - no-journal disable data journalling for dm-integrity [10].
+// - no-read-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt read workqueue and process read requests synchronously.
+// - no-write-workqueue compatibility performance flag for dm-crypt [3] to bypass dm-crypt write workqueue and process write requests synchronously.
+enum config_flag {
+ CONFIG_FLAG_ALLOW_DISCARDS = 1;
+ CONFIG_FLAG_SAME_CPU_CRYPT = 2;
+ CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS = 3;
+ CONFIG_FLAG_NO_JOURNAL = 4;
+ CONFIG_FLAG_NO_READ_WORKQUEUE = 5;
+ CONFIG_FLAG_NO_WRITE_WORKQUEUE = 6;
+}
+
+enum config_requirement {
+ CONFIG_REQUIREMENT_OFFLINE_REENCRYPT = 1;
+ CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2 = 2;
+}
+
+// - json_size [string-uint64] the JSON area size (in bytes). Must match the binary header.
+// - keyslots_size [string-uint64] the binary keyslot area size (in bytes). Must be aligned to 4096 bytes.
+// - flags [array, optional] the array of string objects with persistent flags for the device.
+// - requirements [array, optional] the array of string objects with additional required features for the LUKS device.
+
+message config_description {
+ required bool use_primary_hdr_size = 2;
+
+ repeated config_flag config_flags = 3;
+ repeated config_requirement requirements = 4;
+}
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+syntax = "proto2";
+
+package json_proto;
+
+// ---------------------------------------------------------------------------
+// ----------------------------- GENERIC OBJECTS -----------------------------
+// ---------------------------------------------------------------------------
+
+message object_id {
+ oneof id {
+ // int_id will be mapped to range -16 to 16 (mod 33)
+ // this way iy should be easier to generate valid
+ // object cross-references
+ uint32 int_id = 1;
+ string string_id = 2;
+ }
+}
+
+message string_uint64 {
+ required bool negative = 1;
+ oneof number {
+ uint32 uint_num = 2;
+ string string_num = 3;
+ }
+}
+
+enum hash_algorithm {
+ HASH_ALG_SHA1 = 1;
+ HASH_ALG_SHA256 = 2;
+}
+
+
+// ---------------------------------------------------------------------------
+// ----------------------------- BINARY HEADER -------------------------------
+// ---------------------------------------------------------------------------
+
+enum luks2_magic {
+ INVALID = 0;
+ FIRST = 1;
+ SECOND = 2;
+}
+
+enum luks_version {
+ ONE = 1;
+ TWO = 2;
+ THREE = 3;
+}
+
+// we limit the size to 64KiB to make the fuzzing faster
+// because the checksum needs to be calculated for the whole image
+enum hdr_size {
+ size_16_KB = 16384;
+ size_32_KB = 32768;
+ size_64_KB = 65536;
+// size_128_KB = 131072;
+// size_256_KB = 262144;
+// size_512_KB = 524288;
+// size_1_MB = 1048576;
+// size_2_MB = 2097152;
+// size_4_MB = 4194304;
+}
+
+enum seqid_description {
+ PRIMARY_GREATER = 0;
+ SECONDARY_GREATER = 1;
+ EQUAL = 2;
+}
+
+// message luks2_hdr_disk {
+// char magic[LUKS2_MAGIC_L];
+// //uint16_t version; /* Version 2 */
+// uint64_t hdr_size; /* in bytes, including JSON area */
+// uint64_t seqid; /* increased on every update */
+// char label[LUKS2_LABEL_L];
+// char checksum_alg[LUKS2_CHECKSUM_ALG_L];
+// uint8_t salt[LUKS2_SALT_L]; /* unique for every header/offset */
+// char uuid[LUKS2_UUID_L];
+// char subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
+// uint64_t hdr_offset; /* offset from device start in bytes */
+// char _padding[184];
+// uint8_t csum[LUKS2_CHECKSUM_L];
+// }
+message LUKS2_header {
+ required luks_version version = 1;
+ required luks2_magic magic = 2;
+ required hdr_size hdr_size = 3;
+ required bool use_correct_checksum = 4;
+
+ optional uint64 selected_offset = 5;
+}
+
+message LUKS2_both_headers {
+ required LUKS2_header primary_header = 1;
+ required LUKS2_header secondary_header = 2;
+
+ required seqid_description seqid = 3;
+ required JsonObject json_area = 4;
+}
+
+message JsonObject {
+ required string name = 1;
+ required JsonValue value = 2;
+}
+
+message JsonValue {
+ oneof value {
+ // Json value types:
+
+ // null: null, will be used when 'oneof' contains nothing
+
+ // object: another json object of any type
+ JsonObject object_value = 1;
+
+ // array: an array of values
+ ArrayValue array_value = 2;
+
+ // number: can be an integer, a float, an exponent
+ NumberValue number_value = 3;
+
+ // string: unicode string
+ StringValue string_value = 4;
+
+ // boolean: true or talse
+ BooleanValue boolean_value = 5;
+ }
+}
+
+message ArrayValue {
+ repeated JsonValue value = 1;
+}
+
+message NumberInteger {
+ required int64 value = 1;
+}
+
+message NumberFloat {
+ required double value = 1;
+}
+
+message NumberExponent {
+ required int32 base = 1;
+ required int32 exponent = 2;
+ required bool use_uppercase = 3;
+}
+
+message NumberExponentFrac {
+ required float base = 1;
+ required int32 exponent = 2;
+ required bool use_uppercase = 3;
+}
+
+message NumberValue {
+ required NumberInteger integer_value = 1;
+
+ // integer_value is used when oneof field below has nothing.
+ oneof value {
+ NumberFloat float_value = 2;
+ NumberExponent exponent_value = 3;
+ NumberExponentFrac exponent_frac_value = 4;
+ }
+}
+
+message StringValue {
+ required string value = 1;
+}
+
+message BooleanValue {
+ required bool value = 1;
+}
--- /dev/null
+EXTRA_DIST = README.md oss-fuzz-build.sh
+dist_noinst_DATA = \
+ LUKS2.proto \
+ LUKS2_plain_JSON.proto \
+ crypt2_load_fuzz.dict \
+ crypt2_load_ondisk_fuzz.dict \
+ crypt2_load_proto_plain_json_fuzz.dict \
+ unpoison-mutated-buffers-from-libfuzzer.patch
+CLEANFILES = \
+ LUKS2.pb.h \
+ LUKS2.pb.cc \
+ LUKS2_plain_JSON.pb.h \
+ LUKS2_plain_JSON.pb.cc
+
+distclean-local:
+ -rm -rf out build
+
+LIB_FUZZING_ENGINE := $(if $(LIB_FUZZING_ENGINE),$(LIB_FUZZING_ENGINE),"-fsanitize=fuzzer")
+SANITIZER := $(if $(SANITIZER),,"-fsanitize=address")
+
+DEPS_PATH := $(top_srcdir)/tests/fuzz/build/static_lib_deps
+
+crypt2_load_fuzz_SOURCES = FuzzerInterface.h crypt2_load_fuzz.cc
+crypt2_load_fuzz_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib
+crypt2_load_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER)
+crypt2_load_fuzz_CXXFLAGS = $(AM_CXXFLAGS) -I$(top_srcdir)/lib -I$(top_srcdir)/tests/fuzz
+
+crypt2_load_ondisk_fuzz_SOURCES = FuzzerInterface.h crypt2_load_ondisk_fuzz.cc
+crypt2_load_ondisk_fuzz_LDADD = ../../libcryptsetup.la -L$(DEPS_PATH)/lib
+crypt2_load_ondisk_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER)
+crypt2_load_ondisk_fuzz_CXXFLAGS = $(AM_CXXFLAGS) -I$(top_srcdir)/lib -I$(top_srcdir)/tests/fuzz
+
+test-environment-m:
+ @ if test ! -d $(DEPS_PATH); then \
+ echo "You need to build static libraries first; use oss-fuzz-build.sh script."; \
+ exit 1; \
+ fi
+test-environment: | test-environment-m $(DEPS_PATH)
+
+LUKS2.pb.h: LUKS2.proto
+ $(DEPS_PATH)/bin/protoc LUKS2.proto --cpp_out=.
+LUKS2.pb.cc: LUKS2.pb.h
+
+LUKS2_plain_JSON.pb.h: LUKS2_plain_JSON.proto
+ $(DEPS_PATH)/bin/protoc LUKS2_plain_JSON.proto --cpp_out=.
+LUKS2_plain_JSON.pb.cc: LUKS2_plain_JSON.pb.h
+
+crypt2_load_proto_fuzz-crypt2_load_proto_fuzz.$(OBJEXT): LUKS2.pb.cc
+crypt2_load_proto_plain_json_fuzz-crypt2_load_proto_plain_json_fuzz.$(OBJEXT): LUKS2_plain_JSON.pb.cc
+
+nodist_crypt2_load_proto_fuzz_SOURCES = LUKS2.pb.h LUKS2.pb.cc
+crypt2_load_proto_fuzz_SOURCES = FuzzerInterface.h \
+ crypt2_load_proto_fuzz.cc \
+ proto_to_luks2_converter.h \
+ proto_to_luks2_converter.cc
+crypt2_load_proto_fuzz_LDADD = \
+ ../../libcryptsetup.la \
+ ../../libcrypto_backend.la \
+ -L$(DEPS_PATH)/lib -lprotobuf-mutator-libfuzzer -lprotobuf-mutator -lprotobuf
+crypt2_load_proto_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER)
+crypt2_load_proto_fuzz_CXXFLAGS = $(AM_CXXFLAGS) \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/tests/fuzz \
+ -I$(DEPS_PATH)/include \
+ -I$(DEPS_PATH)/include/libprotobuf-mutator -I$(DEPS_PATH)/include/libprotobuf-mutator/src
+
+nodist_crypt2_load_proto_plain_json_fuzz_SOURCES = LUKS2_plain_JSON.pb.h LUKS2_plain_JSON.pb.cc
+crypt2_load_proto_plain_json_fuzz_SOURCES = FuzzerInterface.h \
+ crypt2_load_proto_plain_json_fuzz.cc \
+ json_proto_converter.h \
+ json_proto_converter.cc \
+ plain_json_proto_to_luks2_converter.h \
+ plain_json_proto_to_luks2_converter.cc
+crypt2_load_proto_plain_json_fuzz_LDADD = \
+ ../../libcryptsetup.la \
+ ../../libcrypto_backend.la \
+ -L$(DEPS_PATH)/lib -lprotobuf-mutator-libfuzzer -lprotobuf-mutator -lprotobuf
+crypt2_load_proto_plain_json_fuzz_LDFLAGS = $(AM_LDFLAGS) $(LIB_FUZZING_ENGINE) $(SANITIZER)
+crypt2_load_proto_plain_json_fuzz_CXXFLAGS = $(AM_CXXFLAGS) \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/tests/fuzz \
+ -I$(DEPS_PATH)/include \
+ -I$(DEPS_PATH)/include/libprotobuf-mutator -I$(DEPS_PATH)/include/libprotobuf-mutator/src
+
+nodist_proto_to_luks2_SOURCES = LUKS2.pb.h LUKS2.pb.cc
+proto_to_luks2_SOURCES = \
+ proto_to_luks2.cc \
+ proto_to_luks2_converter.h \
+ proto_to_luks2_converter.cc
+proto_to_luks2_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib -lprotobuf
+proto_to_luks2_LDFLAGS = $(AM_LDFLAGS) -fsanitize=fuzzer-no-link $(SANITIZER)
+proto_to_luks2_CXXFLAGS = $(AM_CXXFLAGS) \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/tests/fuzz \
+ -I$(DEPS_PATH)/include
+
+nodist_plain_json_proto_to_luks2_SOURCES = LUKS2_plain_JSON.pb.h LUKS2_plain_JSON.pb.cc
+plain_json_proto_to_luks2_SOURCES = \
+ plain_json_proto_to_luks2.cc \
+ plain_json_proto_to_luks2_converter.h \
+ plain_json_proto_to_luks2_converter.cc \
+ json_proto_converter.h \
+ json_proto_converter.cc
+plain_json_proto_to_luks2_LDADD = ../../libcryptsetup.la ../../libcrypto_backend.la -L$(DEPS_PATH)/lib -lprotobuf
+plain_json_proto_to_luks2_LDFLAGS = $(AM_LDFLAGS) -fsanitize=fuzzer-no-link $(SANITIZER)
+plain_json_proto_to_luks2_CXXFLAGS = $(AM_CXXFLAGS) \
+ -I$(top_srcdir)/lib \
+ -I$(top_srcdir)/tests/fuzz \
+ -I$(DEPS_PATH)/include
+
+if ENABLE_FUZZ_TARGETS
+noinst_PROGRAMS = \
+ crypt2_load_fuzz \
+ crypt2_load_ondisk_fuzz \
+ crypt2_load_proto_fuzz \
+ crypt2_load_proto_plain_json_fuzz \
+ proto_to_luks2 \
+ plain_json_proto_to_luks2
+
+fuzz-targets: test-environment $(noinst_PROGRAMS)
+.PHONY: fuzz-targets
+endif
--- /dev/null
+# Fuzzing target for cryptsetup project
+
+This directory contains experimental targets for fuzzing testing.
+It can be run in the OSS-Fuzz project but also compiled separately.
+
+# Requirements
+
+Fuzzers use address sanitizer. To properly detect problems, all
+important libraries must be compiled statically with sanitizer enabled.
+
+Compilation requires *clang* and *clang++* compilers (gcc is not
+supported yet).
+
+# Standalone build
+
+The script `oss-fuzz-build.sh` can be used to prepare the tree
+with pre-compiled library dependencies.
+We use upstream git for projects, which can clash with locally
+installed versions. The best is to use only basic system installation
+without development packages (script will use custom include, libs,
+and pkg-config paths).
+
+# Build Docker image and fuzzers
+
+You can also run OSS-Fuzz in a Docker image, use these commands
+to prepare fuzzers:
+```
+sudo python3 infra/helper.py build_image cryptsetup
+sudo python3 infra/helper.py build_fuzzers cryptsetup
+```
+On SELinux systems also add (https://github.com/google/oss-fuzz/issues/30):
+```
+sudo chcon -Rt svirt_sandbox_file_t build/
+```
+
+# Run LUKS2 fuzzer
+`FUZZER_NAME` can be one of: `crypt2_load_fuzz`, `crypt2_load_proto_fuzz`, `crypt2_load_proto_plain_json_fuzz`
+```
+FUZZER_NAME="crypt2_load_proto_plain_json_fuzz"
+sudo mkdir -p build/corpus/cryptsetup/$FUZZER_NAME
+sudo python infra/helper.py run_fuzzer --corpus-dir build/corpus/cryptsetup/$FUZZER_NAME/ --sanitizer address cryptsetup $FUZZER_NAME '-jobs=8 -workers=8'
+```
+
+The output of the parallel threads will be written to `fuzz-<N>.log` (where `<N>` is the number of the process).
+You can watch it using e.g.:
+```
+tail -f build/out/cryptsetup/fuzz-*
+```
+
+Optionally, you can use experimental `fork` mode for parallelization and the output will be displayed directly on the terminal:
+```
+sudo python infra/helper.py run_fuzzer --corpus-dir build/corpus/cryptsetup/$FUZZER_NAME/ --sanitizer address cryptsetup $FUZZER_NAME '-fork=8 '
+```
+
+# Rebuild fuzz targets for coverage
+```
+sudo python infra/helper.py build_fuzzers --sanitizer coverage cryptsetup
+```
+
+# Generate coverage report
+```
+sudo python infra/helper.py coverage cryptsetup --no-corpus-download --fuzz-target $FUZZER_NAME
+```
+
+# Further information
+For more details, you can look into the [Using fuzzing for Linux disk encryption tools](https://is.muni.cz/th/bum03/?lang=en) thesis.
--- /dev/null
+/*
+ * cryptsetup LUKS2 fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+extern "C" {
+#define FILESIZE (16777216)
+#include "src/cryptsetup.h"
+#include <err.h>
+#include "luks2/luks2.h"
+#include "crypto_backend/crypto_backend.h"
+#include "FuzzerInterface.h"
+
+static int calculate_checksum(const uint8_t* data, size_t size) {
+ struct crypt_hash *hd = NULL;
+ struct luks2_hdr_disk *hdr = NULL;
+ int hash_size;
+ uint64_t hdr_size1, hdr_size2;
+ int r = 0;
+
+ /* primary header */
+ if (sizeof(struct luks2_hdr_disk) > size)
+ return 0;
+ hdr = CONST_CAST(struct luks2_hdr_disk *) data;
+
+ hdr_size1 = be64_to_cpu(hdr->hdr_size);
+ if (hdr_size1 > size)
+ return 0;
+ memset(&hdr->csum, 0, LUKS2_CHECKSUM_L);
+ if ((r = crypt_hash_init(&hd, "sha256")))
+ goto out;
+ if ((r = crypt_hash_write(hd, CONST_CAST(char*) data, hdr_size1)))
+ goto out;
+ hash_size = crypt_hash_size("sha256");
+ if (hash_size <= 0) {
+ r = 1;
+ goto out;
+ }
+ if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size)))
+ goto out;
+ crypt_hash_destroy(hd);
+
+ /* secondary header */
+ if (hdr_size1 < sizeof(struct luks2_hdr_disk))
+ hdr_size1 = sizeof(struct luks2_hdr_disk);
+
+ if (hdr_size1 + sizeof(struct luks2_hdr_disk) > size)
+ return 0;
+ hdr = CONST_CAST(struct luks2_hdr_disk *) (data + hdr_size1);
+
+ hdr_size2 = be64_to_cpu(hdr->hdr_size);
+ if (hdr_size2 > size || (hdr_size1 + hdr_size2) > size)
+ return 0;
+
+ memset(&hdr->csum, 0, LUKS2_CHECKSUM_L);
+ if ((r = crypt_hash_init(&hd, "sha256")))
+ goto out;
+ if ((r = crypt_hash_write(hd, (char*) hdr, hdr_size2)))
+ goto out;
+ if ((r = crypt_hash_final(hd, (char*)&hdr->csum, (size_t)hash_size)))
+ goto out;
+
+out:
+ if (hd)
+ crypt_hash_destroy(hd);
+ return r;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ int fd;
+ struct crypt_device *cd = NULL;
+ char name[] = "/tmp/test-script-fuzz.XXXXXX";
+
+ if (calculate_checksum(data, size))
+ return 0;
+
+ fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC);
+ if (fd == -1)
+ err(EXIT_FAILURE, "mkostemp() failed");
+
+ /* enlarge header */
+ if (ftruncate(fd, FILESIZE) == -1)
+ goto out;
+
+ if (write_buffer(fd, data, size) != (ssize_t)size)
+ goto out;
+
+ if (crypt_init(&cd, name) == 0)
+ (void)crypt_load(cd, CRYPT_LUKS2, NULL);
+ crypt_free(cd);
+out:
+ close(fd);
+ unlink(name);
+ return 0;
+}
+}
--- /dev/null
+# LUKS2 dictionary based on AFL dictionary for JSON
+# -------------------------------------------------
+# JSON dictionary from https://github.com/google/AFL/blob/master/dictionaries/json.dict
+# Inspired by a dictionary by Jakub Wilk <jwilk@jwilk.net>
+#
+# LUKS2 keywords by Daniel Zatovic
+
+"0"
+",0"
+":0"
+"0:"
+"-1.2e+3"
+
+"true"
+"false"
+"null"
+
+"\"\""
+",\"\""
+":\"\""
+"\"\":"
+
+"{}"
+",{}"
+":{}"
+"{\"\":0}"
+"{{}}"
+
+"[]"
+",[]"
+":[]"
+"[0]"
+"[[]]"
+
+"''"
+"\\"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\u0000"
+"\\x00"
+"\\0"
+"\\uD800\\uDC00"
+"\\uDBFF\\uDFFF"
+
+"\"\":0"
+"//"
+"/**/"
+
+"$ref"
+"type"
+"coordinates"
+"@context"
+"@id"
+
+","
+":"
+
+"1024"
+"2048"
+"4096"
+"512"
+"aegis128-random"
+"aes-cbc:essiv:sha256"
+"aes-xts-plain64"
+"af"
+"allow-discards"
+"area"
+"argon2i"
+"argon2id"
+"backup-final"
+"backup-moved-segment"
+"backup-previous"
+"checksum"
+"config"
+"cpus"
+"crypt"
+"datashift"
+"digest"
+"digests"
+"direction"
+"encryption"
+"flags"
+"hash"
+"in-reencryption"
+"integrity"
+"iterations"
+"iv_tweak"
+"journal"
+"journal_encryption"
+"journal_integrity"
+"json_size"
+"kdf"
+"key_description"
+"key_size"
+"keyslots"
+"keyslots_size"
+"linear"
+"luks2"
+"luks2-keyring"
+"LUKS\xBA\xBE"
+"memory"
+"mode"
+"no-journal"
+"none"
+"no-read-workqueue"
+"no-write-workqueue"
+"offline-reencrypt"
+"offset"
+"online-reencrypt-v2"
+"pbkdf2"
+"priority"
+"raw"
+"reencrypt"
+"requirements"
+"salt"
+"same-cpu-crypt"
+"sector_size"
+"segments"
+"serpent-xts-plain64"
+"shift_size"
+"size"
+"SKUL\xBA\xBE"
+"stripes"
+"submit-from-crypt-cpus"
+"time"
+"tokens"
+"twofish-xts-plain64"
--- /dev/null
+/*
+ * cryptsetup LUKS1, FileVault, BitLocker fuzz target
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+extern "C" {
+#define FILESIZE (16777216)
+#include "src/cryptsetup.h"
+#include <err.h>
+#include "luks1/luks.h"
+#include "crypto_backend/crypto_backend.h"
+#include "FuzzerInterface.h"
+
+void empty_log(int level, const char *msg, void *usrptr) {}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ int fd, r;
+ struct crypt_device *cd = NULL;
+ char name[] = "/tmp/test-script-fuzz.XXXXXX";
+
+ fd = mkostemp(name, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC);
+ if (fd == -1)
+ err(EXIT_FAILURE, "mkostemp() failed");
+
+ /* enlarge header */
+ if (ftruncate(fd, FILESIZE) == -1)
+ goto out;
+
+ if (write_buffer(fd, data, size) != (ssize_t) size)
+ goto out;
+
+ crypt_set_log_callback(NULL, empty_log, NULL);
+
+ if (crypt_init(&cd, name) == 0) {
+ r = crypt_load(cd, CRYPT_LUKS1, NULL);
+ if (r == 0)
+ goto out;
+
+ r = crypt_load(cd, CRYPT_FVAULT2, NULL);
+ if (r == 0)
+ goto out;
+
+ (void) crypt_load(cd, CRYPT_BITLK, NULL);
+ }
+out:
+ crypt_free(cd);
+ close(fd);
+ unlink(name);
+ return 0;
+}
+}
--- /dev/null
+"aegis128-random"
+"aes-cbc:essiv:sha256"
+"aes-xts-plain64"
+"aes-lrv-plain64"
+"twofish-xts-plain64"
+"serpent-xts-plain64"
+"whirpool"
+"sha256"
+"sha1"
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "LUKS2.pb.h"
+#include "proto_to_luks2_converter.h"
+#include "libfuzzer/libfuzzer_macro.h"
+#include "FuzzerInterface.h"
+
+extern "C" {
+#include <libcryptsetup.h>
+#include <err.h>
+#include <fcntl.h>
+#include <unistd.h>
+}
+
+DEFINE_PROTO_FUZZER(const LUKS2_proto::LUKS2_both_headers &headers) {
+ struct crypt_device *cd = NULL;
+ char name[] = "/tmp/test-proto-fuzz.XXXXXX";
+ int fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC);
+
+ if (fd < 0)
+ err(EXIT_FAILURE, "mkostemp() failed");
+
+ LUKS2_proto::LUKS2ProtoConverter converter;
+ converter.convert(headers, fd);
+
+ if (crypt_init(&cd, name) == 0)
+ (void)crypt_load(cd, CRYPT_LUKS2, NULL);
+ crypt_free(cd);
+
+ close(fd);
+ unlink(name);
+}
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "LUKS2_plain_JSON.pb.h"
+#include "plain_json_proto_to_luks2_converter.h"
+#include "libfuzzer/libfuzzer_macro.h"
+#include "FuzzerInterface.h"
+
+extern "C" {
+#include <libcryptsetup.h>
+#include <err.h>
+#include <fcntl.h>
+#include <unistd.h>
+}
+
+DEFINE_PROTO_FUZZER(const json_proto::LUKS2_both_headers &headers) {
+ struct crypt_device *cd = NULL;
+ char name[] = "/tmp/test-proto-fuzz.XXXXXX";
+ int fd = mkostemp(name, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC);
+
+ if (fd < 0)
+ err(EXIT_FAILURE, "mkostemp() failed");
+
+ json_proto::LUKS2ProtoConverter converter;
+ converter.convert(headers, fd);
+
+ if (crypt_init(&cd, name) == 0)
+ (void)crypt_load(cd, CRYPT_LUKS2, NULL);
+ crypt_free(cd);
+
+ close(fd);
+ unlink(name);
+}
--- /dev/null
+# LUKS2 keywords by Daniel Zatovic
+
+"1024"
+"2048"
+"4096"
+"512"
+"aegis128-random"
+"aes-cbc:essiv:sha256"
+"aes-xts-plain64"
+"af"
+"allow-discards"
+"area"
+"argon2i"
+"argon2id"
+"backup-final"
+"backup-moved-segment"
+"backup-previous"
+"checksum"
+"config"
+"cpus"
+"crypt"
+"datashift"
+"digest"
+"digests"
+"direction"
+"encryption"
+"flags"
+"hash"
+"in-reencryption"
+"integrity"
+"iterations"
+"iv_tweak"
+"journal"
+"journal_encryption"
+"journal_integrity"
+"json_size"
+"kdf"
+"key_description"
+"key_size"
+"keyslots"
+"keyslots_size"
+"linear"
+"luks2"
+"luks2-keyring"
+"LUKS\xBA\xBE"
+"memory"
+"mode"
+"no-journal"
+"none"
+"no-read-workqueue"
+"no-write-workqueue"
+"offline-reencrypt"
+"offset"
+"online-reencrypt-v2"
+"pbkdf2"
+"priority"
+"raw"
+"reencrypt"
+"requirements"
+"salt"
+"same-cpu-crypt"
+"sector_size"
+"segments"
+"serpent-xts-plain64"
+"shift_size"
+"size"
+"SKUL\xBA\xBE"
+"stripes"
+"submit-from-crypt-cpus"
+"time"
+"tokens"
+"twofish-xts-plain64"
--- /dev/null
+// Copyright 2020 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "json_proto_converter.h"
+
+namespace json_proto {
+
+void JsonProtoConverter::AppendArray(const ArrayValue& array_value) {
+ data_ << '[';
+ bool need_comma = false;
+ for (const auto& value : array_value.value()) {
+ // Trailing comma inside of an array makes JSON invalid, avoid adding that.
+ if (need_comma)
+ data_ << ',';
+ else
+ need_comma = true;
+
+ AppendValue(value);
+ }
+ data_ << ']';
+}
+
+void JsonProtoConverter::AppendNumber(const NumberValue& number_value) {
+ if (number_value.has_float_value()) {
+ data_ << number_value.float_value().value();
+ } else if (number_value.has_exponent_value()) {
+ auto value = number_value.exponent_value();
+ data_ << value.base();
+ data_ << (value.use_uppercase() ? 'E' : 'e');
+ data_ << value.exponent();
+ } else if (number_value.has_exponent_frac_value()) {
+ auto value = number_value.exponent_value();
+ data_ << value.base();
+ data_ << (value.use_uppercase() ? 'E' : 'e');
+ data_ << value.exponent();
+ } else {
+ data_ << number_value.integer_value().value();
+ }
+}
+
+void JsonProtoConverter::AppendObject(const JsonObject& json_object) {
+ data_ << '{' << '"' << json_object.name() << '"' << ':';
+ AppendValue(json_object.value());
+ data_ << '}';
+}
+
+void JsonProtoConverter::AppendValue(const JsonValue& json_value) {
+ if (json_value.has_object_value()) {
+ AppendObject(json_value.object_value());
+ } else if (json_value.has_array_value()) {
+ AppendArray(json_value.array_value());
+ } else if (json_value.has_number_value()) {
+ AppendNumber(json_value.number_value());
+ } else if (json_value.has_string_value()) {
+ data_ << '"' << json_value.string_value().value() << '"';
+ } else if (json_value.has_boolean_value()) {
+ data_ << (json_value.boolean_value().value() ? "true" : "false");
+ } else {
+ data_ << "null";
+ }
+}
+
+std::string JsonProtoConverter::Convert(const JsonObject& json_object) {
+ AppendObject(json_object);
+ return data_.str();
+}
+
+std::string JsonProtoConverter::Convert(
+ const json_proto::ArrayValue& json_array) {
+ AppendArray(json_array);
+ return data_.str();
+}
+
+} // namespace json_proto
--- /dev/null
+// Copyright 2020 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef JSON_PROTO_CONVERTER_H_
+#define JSON_PROTO_CONVERTER_H_
+
+#include <sstream>
+#include <string>
+
+#include "LUKS2_plain_JSON.pb.h"
+
+namespace json_proto {
+
+class JsonProtoConverter {
+ public:
+ std::string Convert(const json_proto::JsonObject&);
+ std::string Convert(const json_proto::ArrayValue&);
+
+ private:
+ std::stringstream data_;
+
+ void AppendArray(const json_proto::ArrayValue&);
+ void AppendNumber(const json_proto::NumberValue&);
+ void AppendObject(const json_proto::JsonObject&);
+ void AppendValue(const json_proto::JsonValue&);
+};
+
+} // namespace json_proto
+
+#endif // TESTING_LIBFUZZER_PROTO_JSON_PROTO_CONVERTER_H_
--- /dev/null
+#!/usr/bin/env bash
+
+function in_oss_fuzz()
+{
+ test -n "$FUZZING_ENGINE"
+}
+
+echo "Running cryptsetup OSS-Fuzz build script."
+env
+set -ex
+PWD=$(pwd)
+
+export LC_CTYPE=C.UTF-8
+
+export SRC=${SRC:-$PWD/build}
+export OUT="${OUT:-$PWD/out}"
+export DEPS_PATH=$SRC/static_lib_deps
+
+export PKG_CONFIG_PATH="$DEPS_PATH"/lib/pkgconfig
+
+export CC=${CC:-clang}
+export CXX=${CXX:-clang++}
+export LIB_FUZZING_ENGINE="${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}"
+
+SANITIZER="${SANITIZER:-address -fsanitize-address-use-after-scope}"
+flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
+
+export CFLAGS="${CFLAGS:-$flags} -I$DEPS_PATH/include"
+export CXXFLAGS="${CXXFLAGS:-$flags} -I$DEPS_PATH/include"
+export LDFLAGS="${LDFLAGS-} -L$DEPS_PATH/lib"
+
+ENABLED_FUZZERS=${ENABLED_FUZZERS:-crypt2_load_fuzz crypt2_load_ondisk_fuzz crypt2_load_proto_plain_json_fuzz}
+
+mkdir -p $SRC
+mkdir -p $OUT
+mkdir -p $DEPS_PATH
+cd $SRC
+
+LIBFUZZER_PATCH="$PWD/unpoison-mutated-buffers-from-libfuzzer.patch"
+in_oss_fuzz && LIBFUZZER_PATCH="$PWD/cryptsetup/tests/fuzz/unpoison-mutated-buffers-from-libfuzzer.patch"
+
+in_oss_fuzz && apt-get update && apt-get install -y \
+ make autoconf automake autopoint libtool pkg-config \
+ sharutils gettext expect keyutils ninja-build \
+ bison
+
+[ ! -d zlib ] && git clone --depth 1 https://github.com/madler/zlib.git
+[ ! -d xz ] && git clone https://git.tukaani.org/xz.git
+[ ! -d json-c ] && git clone --depth 1 https://github.com/json-c/json-c.git
+[ ! -d lvm2 ] && git clone --depth 1 https://sourceware.org/git/lvm2.git
+[ ! -d popt ] && git clone --depth 1 https://github.com/rpm-software-management/popt.git
+[ ! -d libprotobuf-mutator ] && git clone --depth 1 https://github.com/google/libprotobuf-mutator.git \
+ && [ "$SANITIZER" == "memory" ] && ( cd libprotobuf-mutator; patch -p1 < $LIBFUZZER_PATCH )
+[ ! -d openssl ] && git clone --depth 1 https://github.com/openssl/openssl
+[ ! -d util-linux ] && git clone --depth 1 https://github.com/util-linux/util-linux
+[ ! -d cryptsetup_fuzzing ] && git clone --depth 1 https://gitlab.com/cryptsetup/cryptsetup_fuzzing.git
+
+cd openssl
+./Configure --prefix="$DEPS_PATH" --libdir=lib no-shared no-module no-asm
+make build_generated
+make -j libcrypto.a
+make install_dev
+cd ..
+
+cd util-linux
+./autogen.sh
+./configure --prefix="$DEPS_PATH" --enable-static --disable-shared -disable-all-programs --enable-libuuid --enable-libblkid
+make -j
+make install
+cd ..
+
+cd zlib
+./configure --prefix="$DEPS_PATH" --static
+make -j
+make install
+cd ..
+
+cd xz
+./autogen.sh --no-po4a
+./configure --prefix="$DEPS_PATH" --enable-static --disable-shared
+make -j
+make install
+cd ..
+
+cd json-c
+mkdir -p build
+rm -fr build/*
+cd build
+cmake .. -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=ON
+make -j
+make install
+cd ../..
+
+cd lvm2
+./configure --prefix="$DEPS_PATH" --enable-static_link --disable-udev_sync --enable-pkgconfig --disable-selinux
+make -j libdm.device-mapper
+# build of dmsetup.static is broken
+# make install_device-mapper
+cp ./libdm/ioctl/libdevmapper.a "$DEPS_PATH"/lib/
+cp ./libdm/libdevmapper.h "$DEPS_PATH"/include/
+cp ./libdm/libdevmapper.pc "$PKG_CONFIG_PATH"
+cd ..
+
+cd popt
+# --no-undefined is incompatible with sanitizers
+sed -i -e 's/-Wl,--no-undefined //' src/CMakeLists.txt
+mkdir -p build
+rm -fr build/*
+cd build
+cmake .. -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" -DBUILD_SHARED_LIBS=OFF
+make -j
+make install
+cd ../..
+
+cd libprotobuf-mutator
+mkdir -p build
+rm -fr build/*
+cd build
+cmake .. -GNinja \
+ -DCMAKE_INSTALL_PREFIX="$DEPS_PATH" \
+ -DPKG_CONFIG_PATH="$PKG_CONFIG_PATH" \
+ -DLIB_PROTO_MUTATOR_TESTING=OFF \
+ -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON
+ninja
+ninja install
+cd external.protobuf;
+cp -Rf bin lib include "$DEPS_PATH";
+cd ../../..
+
+if in_oss_fuzz; then
+ mkdir -p cryptsetup/tests/fuzz/build
+ ln -s ../../../../static_lib_deps cryptsetup/tests/fuzz/build/static_lib_deps
+ cd cryptsetup
+else
+ cd ../../..
+fi
+./autogen.sh
+./configure --enable-static --disable-asciidoc --disable-ssh-token --disable-udev --disable-selinux --with-crypto_backend=openssl --disable-shared --enable-fuzz-targets
+make clean
+make -j fuzz-targets
+
+for fuzzer in $ENABLED_FUZZERS; do
+ cp tests/fuzz/$fuzzer $OUT
+ cp $SRC/cryptsetup_fuzzing/${fuzzer}_seed_corpus.zip $OUT
+
+ # optionally copy the dictionary if it exists
+ if [ -e tests/fuzz/${fuzzer}.dict ]; then
+ cp tests/fuzz/${fuzzer}.dict $OUT
+ fi
+done
+
+cd $PWD
--- /dev/null
+/*
+ * cryptsetup LUKS2 protobuf to image converter
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <iostream>
+#include <string>
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <google/protobuf/text_format.h>
+#include <google/protobuf/io/zero_copy_stream_impl.h>
+
+#include "plain_json_proto_to_luks2_converter.h"
+
+using namespace json_proto;
+
+int main(int argc, char *argv[]) {
+ LUKS2_both_headers headers;
+ LUKS2ProtoConverter converter;
+ int fd;
+
+ std::string out_img_name;
+
+ if (argc != 2) {
+ std::cerr << "Usage: " << argv[0] << " <LUKS2 proto>\n";
+ return EXIT_FAILURE;
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ std::cerr << "Failed to open " << argv[1] << std::endl;
+ return EXIT_FAILURE;
+ }
+
+ google::protobuf::io::FileInputStream fileInput(fd);
+
+ if (!google::protobuf::TextFormat::Parse(&fileInput, &headers)) {
+ std::cerr << "Failed to parse protobuf " << argv[1] << std::endl;
+ close(fd);
+ return EXIT_FAILURE;
+ }
+ close(fd);
+
+ out_img_name = argv[1];
+ out_img_name += ".img";
+
+ fd = open(out_img_name.c_str(), O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_TRUNC, 0644);
+ if (fd < 0) {
+ std::cerr << "Failed to open output file " << out_img_name << std::endl;
+ return EXIT_FAILURE;
+ }
+ converter.set_write_headers_only(false);
+ converter.convert(headers, fd);
+
+ close(fd);
+ return EXIT_SUCCESS;
+}
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "plain_json_proto_to_luks2_converter.h"
+#include "json_proto_converter.h"
+
+extern "C" {
+#include "src/cryptsetup.h"
+#include "luks2/luks2.h"
+#include <err.h>
+}
+
+namespace json_proto {
+
+void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid, const std::string &json_text) {
+ struct luks2_hdr_disk hdr = {};
+ int r;
+
+ if (hd)
+ crypt_hash_destroy(hd);
+ if (crypt_hash_init(&hd, "sha256"))
+ err(EXIT_FAILURE, "crypt_hash_init failed");
+
+
+ r = lseek(fd, offset, SEEK_SET);
+ if (r == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ switch (header_proto.magic()) {
+ case INVALID:
+ memset(&hdr.magic, 0, LUKS2_MAGIC_L);
+ break;
+ case FIRST:
+ memcpy(&hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L);
+ break;
+ case SECOND:
+ memcpy(&hdr.magic, LUKS2_MAGIC_2ND, LUKS2_MAGIC_L);
+ break;
+ }
+ hdr.version = cpu_to_be16(header_proto.version());
+ hdr.hdr_size = cpu_to_be64(header_proto.hdr_size());
+ hdr.seqid = cpu_to_be64(seqid);
+ strncpy(hdr.checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
+ hdr.checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0';
+ strncpy(hdr.uuid, "af7f64ea-3233-4581-946b-6187d812841e", LUKS2_UUID_L);
+ memset(hdr.salt, 1, LUKS2_SALT_L);
+
+
+ if (header_proto.has_selected_offset())
+ hdr.hdr_offset = cpu_to_be64(header_proto.selected_offset());
+ else
+ hdr.hdr_offset = cpu_to_be64(offset);
+
+ if (write_buffer(fd, &hdr, LUKS2_HDR_BIN_LEN) != LUKS2_HDR_BIN_LEN)
+ err(EXIT_FAILURE, "write_buffer failed");
+ if (crypt_hash_write(hd, (char*)&hdr, LUKS2_HDR_BIN_LEN))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+
+ size_t hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN;
+ uint8_t csum[LUKS2_CHECKSUM_L];
+
+ size_t write_size = json_text.length() > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text.length();
+ if (write_buffer(fd, json_text.c_str(), write_size) != (ssize_t)write_size)
+ err(EXIT_FAILURE, "write_buffer failed");
+ if (crypt_hash_write(hd, json_text.c_str(), write_size))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+
+ for (size_t i = 0; i < (hdr_json_area_len - write_size); i++) {
+ if (crypt_hash_write(hd, "\0", 1))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+ }
+
+ if (header_proto.use_correct_checksum()) {
+ if (lseek(fd, offset + offsetof(luks2_hdr_disk, csum), SEEK_SET) == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ int hash_size = crypt_hash_size("sha256");
+ if (hash_size <= 0)
+ err(EXIT_FAILURE, "crypt_hash_size failed");
+
+ if (crypt_hash_final(hd, (char*)csum, (size_t)hash_size))
+ err(EXIT_FAILURE, "crypt_hash_final failed");
+ if (write_buffer(fd, csum, hash_size) != hash_size)
+ err(EXIT_FAILURE, "write_buffer failed");
+ }
+}
+
+void LUKS2ProtoConverter::set_write_headers_only(bool headers_only) {
+ write_headers_only = headers_only;
+}
+
+void LUKS2ProtoConverter::convert(const LUKS2_both_headers &headers, int fd) {
+ uint64_t primary_seqid, secondary_seqid;
+ int result;
+
+ size_t out_size = headers.primary_header().hdr_size() + headers.secondary_header().hdr_size();
+
+ if (!write_headers_only)
+ out_size += KEYSLOTS_SIZE + DATA_SIZE;
+
+ result = ftruncate(fd, out_size);
+ if (result == -1)
+ err(EXIT_FAILURE, "truncate failed");
+
+ result = lseek(fd, 0, SEEK_SET);
+ if (result == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ switch (headers.seqid()) {
+ case EQUAL:
+ primary_seqid = 1;
+ secondary_seqid = 1;
+ break;
+ case PRIMARY_GREATER:
+ primary_seqid = 2;
+ secondary_seqid = 1;
+ break;
+ case SECONDARY_GREATER:
+ primary_seqid = 1;
+ secondary_seqid = 2;
+ break;
+ }
+
+ JsonProtoConverter converter;
+ std::string json_text = converter.Convert(headers.json_area());
+
+ emit_luks2_binary_header(headers.primary_header(), fd, 0, primary_seqid, json_text);
+ emit_luks2_binary_header(headers.secondary_header(), fd, headers.primary_header().hdr_size(), secondary_seqid, json_text);
+}
+
+LUKS2ProtoConverter::~LUKS2ProtoConverter() {
+ if (hd)
+ crypt_hash_destroy(hd);
+}
+} // namespace LUKS2_proto
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef LUKS2_PROTO_CONVERTER_H_
+#define LUKS2_PROTO_CONVERTER_H_
+
+#include <sstream>
+#include <string>
+#include <json-c/json.h>
+
+#include "LUKS2_plain_JSON.pb.h"
+extern "C" {
+#include "crypto_backend/crypto_backend.h"
+}
+
+namespace json_proto {
+
+class LUKS2ProtoConverter {
+ public:
+ ~LUKS2ProtoConverter();
+ void create_jobj(const LUKS2_both_headers &headers, uint64_t hdr_size);
+ void convert(const LUKS2_both_headers &headers, int fd);
+ void create_jobj(const LUKS2_both_headers &headers);
+ void emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid, const std::string &json_text);
+
+ void set_write_headers_only(bool headers_only);
+
+ const uint8_t *get_out_buffer();
+ size_t get_out_size();
+
+ static const uint64_t KEYSLOTS_SIZE = 3 * 1024 * 1024;
+ static const uint64_t DATA_SIZE = 16 * 1024 * 1024;
+ private:
+ bool write_headers_only = false;
+ struct crypt_hash *hd = NULL;
+};
+
+} // namespace LUKS2_proto
+
+#endif // LUKS2_PROTO_CONVERTER_H_
--- /dev/null
+/*
+ * cryptsetup LUKS2 protobuf to image converter
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <iostream>
+#include <string>
+
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <google/protobuf/text_format.h>
+#include <google/protobuf/io/zero_copy_stream_impl.h>
+
+#include "proto_to_luks2_converter.h"
+
+using namespace LUKS2_proto;
+
+int main(int argc, char *argv[]) {
+ LUKS2_both_headers headers;
+ LUKS2ProtoConverter converter;
+ int fd;
+
+ std::string out_img_name;
+
+ if (argc != 2) {
+ std::cerr << "Usage: " << argv[0] << " <LUKS2 proto>\n";
+ return EXIT_FAILURE;
+ }
+
+ fd = open(argv[1], O_RDONLY);
+ if (fd < 0) {
+ std::cerr << "Failed to open " << argv[1] << std::endl;
+ return EXIT_FAILURE;
+ }
+
+ google::protobuf::io::FileInputStream fileInput(fd);
+
+ if (!google::protobuf::TextFormat::Parse(&fileInput, &headers)) {
+ std::cerr << "Failed to parse protobuf " << argv[1] << std::endl;
+ close(fd);
+ return EXIT_FAILURE;
+ }
+ close(fd);
+
+ out_img_name = argv[1];
+ out_img_name += ".img";
+
+ fd = open(out_img_name.c_str(), O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC|O_TRUNC, 0644);
+ if (fd < 0) {
+ std::cerr << "Failed to open output file " << out_img_name << std::endl;
+ return EXIT_FAILURE;
+ }
+ converter.set_write_headers_only(false);
+ converter.convert(headers, fd);
+
+ close(fd);
+ return EXIT_SUCCESS;
+}
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "proto_to_luks2_converter.h"
+#include <iostream>
+
+extern "C" {
+#include "src/cryptsetup.h"
+#include "luks2/luks2.h"
+#include <err.h>
+}
+
+namespace LUKS2_proto {
+
+std::string LUKS2ProtoConverter::string_uint64_to_string(const string_uint64 &str_u64) {
+ std::ostringstream os;
+
+ if (str_u64.negative())
+ os << "-";
+
+ if (str_u64.has_uint_num())
+ os << str_u64.uint_num();
+ else if (str_u64.has_string_num())
+ os << str_u64.string_num();
+
+ return os.str();
+}
+
+std::string LUKS2ProtoConverter::object_id_to_string(const object_id &oid) {
+ std::ostringstream os;
+
+ if (oid.has_int_id()) {
+ os << (oid.int_id() % 33) - 16;
+ } else if (oid.has_string_id()) {
+ os << oid.string_id();
+ }
+
+ return os.str();
+}
+
+std::string LUKS2ProtoConverter::hash_algorithm_to_string(const hash_algorithm type) {
+ switch (type) {
+ case HASH_ALG_SHA1:
+ return "sha1";
+ case HASH_ALG_SHA256:
+ return "sha256";
+ }
+}
+
+std::string LUKS2ProtoConverter::keyslot_area_type_to_string(const keyslot_area_type type) {
+ switch (type) {
+ case KEYSLOT_AREA_TYPE_RAW:
+ return "raw";
+ case KEYSLOT_AREA_TYPE_NONE:
+ return "none";
+ case KEYSLOT_AREA_TYPE_JOURNAL:
+ return "journal";
+ case KEYSLOT_AREA_TYPE_CHECKSUM:
+ return "checksum";
+ case KEYSLOT_AREA_TYPE_DATASHIFT:
+ return "datashift";
+ }
+}
+
+void LUKS2ProtoConverter::generate_keyslot_area(struct json_object *jobj_area, const keyslot_area_description &keyslot_area_desc) {
+ // mandatory fields
+ if (keyslot_area_desc.has_type())
+ json_object_object_add(jobj_area, "type", json_object_new_string(keyslot_area_type_to_string(keyslot_area_desc.type()).c_str()));
+ if (keyslot_area_desc.has_offset())
+ json_object_object_add(jobj_area, "offset", json_object_new_string(string_uint64_to_string(keyslot_area_desc.offset()).c_str()));
+ if (keyslot_area_desc.has_size())
+ json_object_object_add(jobj_area, "size", json_object_new_string(string_uint64_to_string(keyslot_area_desc.size()).c_str()));
+
+ // raw type fields
+ if (keyslot_area_desc.has_encryption())
+ json_object_object_add(jobj_area, "encryption", json_object_new_string(keyslot_area_desc.encryption().c_str()));
+ if (keyslot_area_desc.has_key_size())
+ json_object_object_add(jobj_area, "key_size", json_object_new_int(keyslot_area_desc.key_size()));
+
+ // checksum type fields
+ if (keyslot_area_desc.has_hash())
+ json_object_object_add(jobj_area, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_area_desc.hash()).c_str()));
+ if (keyslot_area_desc.has_sector_size())
+ json_object_object_add(jobj_area, "sector_size", json_object_new_int(keyslot_area_desc.sector_size()));
+
+ // datashift type fields
+ if (keyslot_area_desc.has_shift_size())
+ json_object_object_add(jobj_area, "shift_size", json_object_new_string(string_uint64_to_string(keyslot_area_desc.shift_size()).c_str()));
+}
+
+std::string LUKS2ProtoConverter::keyslot_kdf_type_to_string(const keyslot_kdf_type type) {
+ switch (type) {
+ case KEYSLOT_KDF_TYPE_PBKDF2:
+ return "pbkdf2";
+ case KEYSLOT_KDF_TYPE_ARGON2I:
+ return "argon2i";
+ case KEYSLOT_KDF_TYPE_ARGON2ID:
+ return "argon2id";
+ }
+}
+
+void LUKS2ProtoConverter::generate_keyslot_kdf(struct json_object *jobj_kdf, const keyslot_kdf_description &keyslot_kdf_desc) {
+ // mandatory fields
+ if (keyslot_kdf_desc.has_type())
+ json_object_object_add(jobj_kdf, "type", json_object_new_string(keyslot_kdf_type_to_string(keyslot_kdf_desc.type()).c_str()));
+
+ if (keyslot_kdf_desc.has_salt())
+ json_object_object_add(jobj_kdf, "salt", json_object_new_string(keyslot_kdf_desc.salt().c_str()));
+ else
+ json_object_object_add(jobj_kdf, "salt", json_object_new_string("6vz4xK7cjan92rDA5JF8O6Jk2HouV0O8DMB6GlztVk="));
+
+ // pbkdf2 type
+ if (keyslot_kdf_desc.has_hash())
+ json_object_object_add(jobj_kdf, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_kdf_desc.hash()).c_str()));
+ if (keyslot_kdf_desc.has_iterations())
+ json_object_object_add(jobj_kdf, "iterations", json_object_new_int(keyslot_kdf_desc.iterations()));
+
+ // argon2i and argon2id types
+ if (keyslot_kdf_desc.has_time())
+ json_object_object_add(jobj_kdf, "time", json_object_new_int(keyslot_kdf_desc.time()));
+ if (keyslot_kdf_desc.has_memory())
+ json_object_object_add(jobj_kdf, "memory", json_object_new_int(keyslot_kdf_desc.memory()));
+ if (keyslot_kdf_desc.has_cpus())
+ json_object_object_add(jobj_kdf, "cpus", json_object_new_int(keyslot_kdf_desc.cpus()));
+}
+
+std::string LUKS2ProtoConverter::keyslot_af_type_to_string(const keyslot_af_type type) {
+ switch (type) {
+ case KEYSLOT_AF_TYPE_LUKS1:
+ return "luks1";
+ }
+}
+
+void LUKS2ProtoConverter::generate_keyslot_af(struct json_object *jobj_af, const keyslot_af_description &keyslot_af_desc) {
+ if (keyslot_af_desc.has_type())
+ json_object_object_add(jobj_af, "type", json_object_new_string(keyslot_af_type_to_string(keyslot_af_desc.type()).c_str()));
+ if (keyslot_af_desc.has_stripes())
+ json_object_object_add(jobj_af, "stripes", json_object_new_int(keyslot_af_desc.stripes()));
+ if (keyslot_af_desc.has_hash())
+ json_object_object_add(jobj_af, "hash", json_object_new_string(hash_algorithm_to_string(keyslot_af_desc.hash()).c_str()));
+}
+
+std::string LUKS2ProtoConverter::keyslot_type_to_string(const keyslot_type type) {
+ switch (type) {
+ case KEYSLOT_TYPE_LUKS2:
+ return "luks2";
+ case KEYSLOT_TYPE_REENCRYPT:
+ return "reencrypt";
+ case KEYSLOT_TYPE_PLACEHOLDER:
+ return "placeholder";
+ }
+}
+
+std::string LUKS2ProtoConverter::reencrypt_keyslot_mode_to_string(const reencrypt_keyslot_mode mode) {
+ switch (mode) {
+ case MODE_REENCRYPT:
+ return "reencrypt";
+ case MODE_ENCRYPT:
+ return "encrypt";
+ case MODE_DECRYPT:
+ return "decrypt";
+ }
+}
+
+std::string LUKS2ProtoConverter::reencrypt_keyslot_direction_to_string(const reencrypt_keyslot_direction direction) {
+ switch (direction) {
+ case DIRECTION_FORWARD:
+ return "forward";
+ case DIRECTION_BACKWARD:
+ return "backward";
+ }
+}
+
+void LUKS2ProtoConverter::generate_keyslot(struct json_object *jobj_keyslots, const keyslot_description &keyslot_desc) {
+ struct json_object *jobj_keyslot, *jobj_area, *jobj_kdf, *jobj_af;
+
+ jobj_keyslot = json_object_new_object();
+ if (keyslot_desc.has_type())
+ json_object_object_add(jobj_keyslot, "type", json_object_new_string(keyslot_type_to_string(keyslot_desc.type()).c_str()));
+ if (keyslot_desc.has_key_size())
+ json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(keyslot_desc.key_size()));
+ if (keyslot_desc.has_priority())
+ json_object_object_add(jobj_keyslot, "priority", json_object_new_int(keyslot_desc.priority()));
+ if (keyslot_desc.has_mode())
+ json_object_object_add(jobj_keyslot, "mode", json_object_new_int(keyslot_desc.mode()));
+ if (keyslot_desc.has_direction())
+ json_object_object_add(jobj_keyslot, "direction", json_object_new_int(keyslot_desc.direction()));
+
+ /* Area object */
+ if (keyslot_desc.has_area()) {
+ jobj_area = json_object_new_object();
+ generate_keyslot_area(jobj_area, keyslot_desc.area());
+ json_object_object_add(jobj_keyslot, "area", jobj_area);
+ }
+
+ /* KDF object */
+ if (keyslot_desc.has_kdf()) {
+ jobj_kdf = json_object_new_object();
+ generate_keyslot_kdf(jobj_kdf, keyslot_desc.kdf());
+ json_object_object_add(jobj_keyslot, "kdf", jobj_kdf);
+ }
+
+ /* AF object */
+ if (keyslot_desc.has_af()) {
+ jobj_af = json_object_new_object();
+ generate_keyslot_af(jobj_af, keyslot_desc.af());
+ json_object_object_add(jobj_keyslot, "af", jobj_af);
+ }
+
+ json_object_object_add(jobj_keyslots, object_id_to_string(keyslot_desc.oid()).c_str(), jobj_keyslot);
+}
+
+void LUKS2ProtoConverter::generate_token(struct json_object *jobj_tokens, const token_description &token_desc) {
+ struct json_object *jobj_token, *jobj_keyslots;
+ jobj_token = json_object_new_object();
+
+ if (token_desc.has_type())
+ json_object_object_add(jobj_token, "type", json_object_new_string(token_desc.type().c_str()));
+
+ if (token_desc.has_key_description())
+ json_object_object_add(jobj_token, "key_description", json_object_new_string(token_desc.key_description().c_str()));
+
+ if (!token_desc.keyslots().empty()) {
+ jobj_keyslots = json_object_new_array();
+
+ for (const object_id& oid : token_desc.keyslots()) {
+ json_object_array_add(jobj_keyslots,
+ json_object_new_string(object_id_to_string(oid).c_str()));
+ }
+
+ /* Replace or add new keyslots array */
+ json_object_object_add(jobj_token, "keyslots", jobj_keyslots);
+ }
+
+ json_object_object_add(jobj_tokens, object_id_to_string(token_desc.oid()).c_str(), jobj_token);
+}
+
+void LUKS2ProtoConverter::generate_digest(struct json_object *jobj_digests, const digest_description &digest_desc) {
+ struct json_object *jobj_digest, *jobj_keyslots, *jobj_segments;
+
+ jobj_digest = json_object_new_object();
+
+ if (digest_desc.has_type())
+ json_object_object_add(jobj_digest, "type", json_object_new_string(keyslot_kdf_type_to_string(digest_desc.type()).c_str()));
+
+ if (!digest_desc.keyslots().empty()) {
+ jobj_keyslots = json_object_new_array();
+
+ for (const object_id& oid : digest_desc.keyslots()) {
+ json_object_array_add(jobj_keyslots,
+ json_object_new_string(object_id_to_string(oid).c_str()));
+ }
+
+ /* Replace or add new keyslots array */
+ json_object_object_add(jobj_digest, "keyslots", jobj_keyslots);
+ }
+
+ if (!digest_desc.segments().empty()) {
+ jobj_segments = json_object_new_array();
+
+ for (const object_id& oid : digest_desc.segments()) {
+ json_object_array_add(jobj_segments,
+ json_object_new_string(object_id_to_string(oid).c_str()));
+ }
+
+ /* Replace or add new segments array */
+ json_object_object_add(jobj_digest, "segments", jobj_segments);
+ }
+
+ if (digest_desc.has_salt())
+ json_object_object_add(jobj_digest, "salt", json_object_new_string(digest_desc.salt().c_str()));
+ if (digest_desc.has_digest())
+ json_object_object_add(jobj_digest, "digest", json_object_new_string(digest_desc.digest().c_str()));
+ if (digest_desc.has_hash())
+ json_object_object_add(jobj_digest, "hash", json_object_new_string(hash_algorithm_to_string(digest_desc.hash()).c_str()));
+ if (digest_desc.has_iterations())
+ json_object_object_add(jobj_digest, "iterations", json_object_new_int(digest_desc.iterations()));
+
+ json_object_object_add(jobj_digests, object_id_to_string(digest_desc.oid()).c_str(), jobj_digest);
+}
+
+std::string LUKS2ProtoConverter::segment_type_to_string(segment_type type) {
+ switch (type) {
+ case SEGMENT_TYPE_LINEAR:
+ return "linear";
+ case SEGMENT_TYPE_CRYPT:
+ return "crypt";
+ }
+}
+
+std::string LUKS2ProtoConverter::segment_flag_to_string(segment_flag flag) {
+ switch (flag) {
+ case IN_REENCRYPTION:
+ return "in-reencryption";
+ case BACKUP_FINAL:
+ return "backup-final";
+ case BACKUP_PREVIOUS:
+ return "backup-previous";
+ case BACKUP_MOVED_SEGMENT:
+ return "backup-moved-segment";
+ }
+}
+
+void LUKS2ProtoConverter::generate_segment_integrity(struct json_object *jobj_integrity, const segment_integrity_description &segment_integrity_desc) {
+ if (segment_integrity_desc.has_type())
+ json_object_object_add(jobj_integrity, "type", json_object_new_string(segment_integrity_desc.type().c_str()));
+ if (segment_integrity_desc.has_journal_encryption())
+ json_object_object_add(jobj_integrity, "journal_encryption", json_object_new_string(segment_integrity_desc.journal_encryption().c_str()));
+ if (segment_integrity_desc.has_journal_integrity())
+ json_object_object_add(jobj_integrity, "journal_integrity", json_object_new_string(segment_integrity_desc.journal_integrity().c_str()));
+}
+
+void LUKS2ProtoConverter::generate_segment(struct json_object *jobj_segments, const segment_description &segment_desc) {
+ json_object *jobj_flags, *jobj_integrity;
+ json_object *jobj_segment = json_object_new_object();
+
+ if (segment_desc.has_type())
+ json_object_object_add(jobj_segment, "type", json_object_new_string(segment_type_to_string(segment_desc.type()).c_str()));
+
+ if (segment_desc.has_offset())
+ json_object_object_add(jobj_segment, "offset", json_object_new_string(string_uint64_to_string(segment_desc.offset()).c_str()));
+ if (segment_desc.has_size())
+ json_object_object_add(jobj_segment, "size", json_object_new_string(string_uint64_to_string(segment_desc.size()).c_str()));
+
+ if (!segment_desc.flags().empty()) {
+ jobj_flags = json_object_new_array();
+
+ for (const int flag : segment_desc.flags()) {
+ json_object_array_add(jobj_flags,
+ json_object_new_string(segment_flag_to_string(segment_flag(flag)).c_str()));
+ }
+
+ /* Replace or add new flags array */
+ json_object_object_add(jobj_segment, "flags", jobj_flags);
+ }
+
+ if (segment_desc.has_iv_tweak())
+ json_object_object_add(jobj_segment, "iv_tweak", json_object_new_string(string_uint64_to_string(segment_desc.iv_tweak()).c_str()));
+ if (segment_desc.has_encryption())
+ json_object_object_add(jobj_segment, "encryption", json_object_new_string(segment_desc.encryption().c_str()));
+ if (segment_desc.has_sector_size())
+ json_object_object_add(jobj_segment, "sector_size", json_object_new_int(segment_desc.sector_size()));
+
+ if (segment_desc.has_integrity()) {
+ jobj_integrity = json_object_new_object();
+ generate_segment_integrity(jobj_integrity, segment_desc.integrity());
+ json_object_object_add(jobj_segment, "integrity", jobj_integrity);
+ }
+
+ json_object_object_add(jobj_segments, object_id_to_string(segment_desc.oid()).c_str(), jobj_segment);
+}
+
+void LUKS2ProtoConverter::create_jobj(const LUKS2_both_headers &headers) {
+ json_object *jobj_keyslots = NULL;
+ json_object *jobj_digests = NULL;
+ json_object *jobj_segments = NULL;
+ json_object *jobj_tokens = NULL;
+
+ const json_area_description &json_desc = headers.json_area();
+
+ jobj = json_object_new_object();
+ if (!jobj)
+ return;
+
+ jobj_keyslots = json_object_new_object();
+ for (const keyslot_description &keyslot_desc : json_desc.keyslots()) {
+ generate_keyslot(jobj_keyslots, keyslot_desc);
+ }
+ json_object_object_add(jobj, "keyslots", jobj_keyslots);
+
+ jobj_digests = json_object_new_object();
+ for (const digest_description &digest_desc : json_desc.digests()) {
+ generate_digest(jobj_digests, digest_desc);
+ }
+ json_object_object_add(jobj, "digests", jobj_digests);
+
+ jobj_segments = json_object_new_object();
+ for (const segment_description &segment_desc : json_desc.segments()) {
+ generate_segment(jobj_segments, segment_desc);
+ }
+ json_object_object_add(jobj, "segments", jobj_segments);
+
+ jobj_tokens = json_object_new_object();
+ for (const token_description &token_desc : json_desc.tokens()) {
+ generate_token(jobj_tokens, token_desc);
+ }
+ json_object_object_add(jobj, "tokens", jobj_tokens);
+
+ if (json_desc.has_config()) {
+ uint64_t hdr_size = json_desc.config().use_primary_hdr_size() ? headers.primary_header().hdr_size() : headers.secondary_header().hdr_size();
+ generate_config(json_desc.config(), hdr_size - LUKS2_HDR_BIN_LEN, KEYSLOTS_SIZE);
+ }
+}
+
+void LUKS2ProtoConverter::emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid) {
+ struct luks2_hdr_disk hdr = {};
+ int r;
+
+ if (hd)
+ crypt_hash_destroy(hd);
+ if (crypt_hash_init(&hd, "sha256"))
+ err(EXIT_FAILURE, "crypt_hash_init failed");
+
+
+ r = lseek(fd, offset, SEEK_SET);
+ if (r == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ switch (header_proto.magic()) {
+ case INVALID:
+ memset(&hdr.magic, 0, LUKS2_MAGIC_L);
+ break;
+ case FIRST:
+ memcpy(&hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L);
+ break;
+ case SECOND:
+ memcpy(&hdr.magic, LUKS2_MAGIC_2ND, LUKS2_MAGIC_L);
+ break;
+ }
+ hdr.version = cpu_to_be16(header_proto.version());
+ hdr.hdr_size = cpu_to_be64(header_proto.hdr_size());
+ hdr.seqid = cpu_to_be64(seqid);
+ strncpy(hdr.checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
+ hdr.checksum_alg[LUKS2_CHECKSUM_ALG_L - 1] = '\0';
+ strncpy(hdr.uuid, "af7f64ea-3233-4581-946b-6187d812841e", LUKS2_UUID_L);
+ memset(hdr.salt, 1, LUKS2_SALT_L);
+
+
+ if (header_proto.has_selected_offset())
+ hdr.hdr_offset = cpu_to_be64(header_proto.selected_offset());
+ else
+ hdr.hdr_offset = cpu_to_be64(offset);
+
+ if (write_buffer(fd, &hdr, LUKS2_HDR_BIN_LEN) != LUKS2_HDR_BIN_LEN)
+ err(EXIT_FAILURE, "write_buffer failed");
+ if (crypt_hash_write(hd, (char*)&hdr, LUKS2_HDR_BIN_LEN))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+
+ size_t hdr_json_area_len = header_proto.hdr_size() - LUKS2_HDR_BIN_LEN;
+ size_t json_text_len;
+ const char *json_text;
+ uint8_t csum[LUKS2_CHECKSUM_L];
+
+ if (jobj) {
+ json_text = json_object_to_json_string_ext((struct json_object *)jobj, JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
+ if (!json_text || !*json_text)
+ err(EXIT_FAILURE, "json_object_to_json_string_ext failed");
+
+ json_text_len = strlen(json_text);
+
+ size_t write_size = json_text_len > hdr_json_area_len - 1 ? hdr_json_area_len - 1 : json_text_len;
+ if (write_buffer(fd, json_text, write_size) != (ssize_t)write_size)
+ err(EXIT_FAILURE, "write_buffer failed");
+ if (crypt_hash_write(hd, json_text, write_size))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+
+ for (size_t i = 0; i < (hdr_json_area_len - write_size); i++) {
+ if (crypt_hash_write(hd, "\0", 1))
+ err(EXIT_FAILURE, "crypt_hash_write failed");
+ }
+ }
+
+ if (header_proto.use_correct_checksum()) {
+ if (lseek(fd, offset + offsetof(luks2_hdr_disk, csum), SEEK_SET) == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ int hash_size = crypt_hash_size("sha256");
+ if (hash_size <= 0)
+ err(EXIT_FAILURE, "crypt_hash_size failed");
+
+ if (crypt_hash_final(hd, (char*)csum, (size_t)hash_size))
+ err(EXIT_FAILURE, "crypt_hash_final failed");
+ if (write_buffer(fd, csum, hash_size) != hash_size)
+ err(EXIT_FAILURE, "write_buffer failed");
+ }
+}
+
+void LUKS2ProtoConverter::set_write_headers_only(bool headers_only) {
+ write_headers_only = headers_only;
+}
+
+void LUKS2ProtoConverter::convert(const LUKS2_both_headers &headers, int fd) {
+ uint64_t primary_seqid, secondary_seqid;
+ int result;
+
+ size_t out_size = headers.primary_header().hdr_size() + headers.secondary_header().hdr_size();
+
+ if (!write_headers_only)
+ out_size += KEYSLOTS_SIZE + DATA_SIZE;
+
+ result = ftruncate(fd, out_size);
+ if (result == -1)
+ err(EXIT_FAILURE, "truncate failed");
+
+ result = lseek(fd, 0, SEEK_SET);
+ if (result == -1)
+ err(EXIT_FAILURE, "lseek failed");
+
+ switch (headers.seqid()) {
+ case EQUAL:
+ primary_seqid = 1;
+ secondary_seqid = 1;
+ break;
+ case PRIMARY_GREATER:
+ primary_seqid = 2;
+ secondary_seqid = 1;
+ break;
+ case SECONDARY_GREATER:
+ primary_seqid = 1;
+ secondary_seqid = 2;
+ break;
+ }
+
+ create_jobj(headers);
+ emit_luks2_binary_header(headers.primary_header(), fd, 0, primary_seqid);
+ emit_luks2_binary_header(headers.secondary_header(), fd, headers.primary_header().hdr_size(), secondary_seqid);
+}
+
+std::string LUKS2ProtoConverter::config_flag_to_string(config_flag flag) {
+ switch (flag) {
+ case CONFIG_FLAG_ALLOW_DISCARDS:
+ return "allow-discards";
+ case CONFIG_FLAG_SAME_CPU_CRYPT:
+ return "same-cpu-crypt";
+ case CONFIG_FLAG_SUBMIT_FROM_CRYPT_CPUS:
+ return "submit-from-crypt-cpus";
+ case CONFIG_FLAG_NO_JOURNAL:
+ return "no-journal";
+ case CONFIG_FLAG_NO_READ_WORKQUEUE:
+ return "no-read-workqueue";
+ case CONFIG_FLAG_NO_WRITE_WORKQUEUE:
+ return "no-write-workqueue";
+ }
+}
+
+std::string LUKS2ProtoConverter::config_requirement_to_string(config_requirement requirement) {
+ switch (requirement) {
+ case CONFIG_REQUIREMENT_OFFLINE_REENCRYPT:
+ return "offline-reencrypt";
+ case CONFIG_REQUIREMENT_ONLINE_REENCRYPT_V2:
+ return "online-reencrypt-v2";
+ }
+}
+
+void LUKS2ProtoConverter::generate_config(const config_description &config_desc, uint64_t json_size, uint64_t keyslots_size) {
+ json_object *jobj_config, *jobj_flags, *jobj_requirements, *jobj_mandatory;
+ jobj_config = json_object_new_object();
+
+ json_object_object_add(jobj_config, "json_size", json_object_new_string(std::to_string(json_size).c_str()));
+ json_object_object_add(jobj_config, "keyslots_size", json_object_new_string(std::to_string(keyslots_size).c_str()));
+
+ if (!config_desc.config_flags().empty()) {
+ jobj_flags = json_object_new_array();
+
+ for (const int flag : config_desc.config_flags()) {
+ json_object_array_add(jobj_flags,
+ json_object_new_string(config_flag_to_string(config_flag(flag)).c_str()));
+ }
+
+ /* Replace or add new flags array */
+ json_object_object_add(jobj_config, "flags", jobj_flags);
+ }
+
+ if (!config_desc.requirements().empty()) {
+ jobj_requirements = json_object_new_object();
+ jobj_mandatory = json_object_new_array();
+
+ for (const int requirement : config_desc.requirements()) {
+ json_object_array_add(jobj_mandatory,
+ json_object_new_string(config_requirement_to_string(config_requirement(requirement)).c_str()));
+ }
+
+ /* Replace or add new requirements array */
+ json_object_object_add(jobj_requirements, "mandatory", jobj_mandatory);
+ json_object_object_add(jobj_config, "requirements", jobj_requirements);
+ }
+
+ json_object_object_add(jobj, "config", jobj_config);
+}
+
+LUKS2ProtoConverter::~LUKS2ProtoConverter() {
+ json_object_put(jobj);
+ if (hd)
+ crypt_hash_destroy(hd);
+}
+} // namespace LUKS2_proto
--- /dev/null
+/*
+ * cryptsetup LUKS2 custom mutator fuzz target
+ *
+ * Copyright (C) 2022-2023 Daniel Zatovic <daniel.zatovic@gmail.com>
+ * Copyright (C) 2022-2023 Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef LUKS2_PROTO_CONVERTER_H_
+#define LUKS2_PROTO_CONVERTER_H_
+
+#include <sstream>
+#include <string>
+#include <json-c/json.h>
+
+#include "LUKS2.pb.h"
+extern "C" {
+#include "crypto_backend/crypto_backend.h"
+}
+
+namespace LUKS2_proto {
+
+class LUKS2ProtoConverter {
+ public:
+ ~LUKS2ProtoConverter();
+ std::string string_uint64_to_string(const string_uint64 &str_u64);
+ std::string hash_algorithm_to_string(const hash_algorithm type);
+ std::string object_id_to_string(const object_id &oid);
+
+ std::string keyslot_area_type_to_string(const keyslot_area_type type);
+ std::string keyslot_kdf_type_to_string(const keyslot_kdf_type type);
+ std::string reencrypt_keyslot_mode_to_string(const reencrypt_keyslot_mode mode);
+ std::string keyslot_type_to_string(const keyslot_type type);
+ std::string reencrypt_keyslot_direction_to_string(const reencrypt_keyslot_direction direction);
+ std::string keyslot_af_type_to_string(const keyslot_af_type type);
+
+ std::string config_flag_to_string(config_flag flag);
+ std::string config_requirement_to_string(config_requirement requirements);
+
+ std::string segment_type_to_string(segment_type type);
+ std::string segment_flag_to_string(segment_flag flag);
+
+ void generate_keyslot(struct json_object *jobj_keyslots, const keyslot_description &keyslot_desc);
+ void generate_keyslot_area(struct json_object *jobj_area, const keyslot_area_description &keyslot_area_desc);
+ void generate_keyslot_kdf(struct json_object *jobj_kdf, const keyslot_kdf_description &keyslot_kdf_desc);
+ void generate_keyslot_af(struct json_object *jobj_af, const keyslot_af_description &keyslot_af_desc);
+
+ void generate_token(struct json_object *jobj_tokens, const token_description &token_desc);
+
+ void generate_digest(struct json_object *jobj_digests, const digest_description &digest_desc);
+
+ void generate_segment_integrity(struct json_object *jobj_integrity, const segment_integrity_description &segment_integrity_desc);
+ void generate_segment(struct json_object *jobj_segments, const segment_description &segment_desc);
+
+ void generate_config(const config_description &config_desc, uint64_t json_size, uint64_t keyslots_size);
+
+ void create_jobj(const LUKS2_both_headers &headers, uint64_t hdr_size);
+ void emit_luks2_binary_header(uint64_t offset, uint64_t seqid, bool is_primary, uint64_t hdr_size);
+ void convert(const LUKS2_both_headers &headers, int fd);
+ void create_jobj(const LUKS2_both_headers &headers);
+ void emit_luks2_binary_header(const LUKS2_header &header_proto, int fd, uint64_t offset, uint64_t seqid);
+
+ void set_write_headers_only(bool headers_only);
+
+ const uint8_t *get_out_buffer();
+ size_t get_out_size();
+
+ static const uint64_t KEYSLOTS_SIZE = 3 * 1024 * 1024;
+ static const uint64_t DATA_SIZE = 16 * 1024 * 1024;
+ private:
+ bool write_headers_only = false;
+ struct crypt_hash *hd = NULL;
+ struct ::json_object *jobj = NULL;
+};
+
+} // namespace LUKS2_proto
+
+#endif // LUKS2_PROTO_CONVERTER_H_
--- /dev/null
+diff --git a/src/libfuzzer/libfuzzer_mutator.cc b/src/libfuzzer/libfuzzer_mutator.cc
+index 34d144c..b671fd4 100644
+--- a/src/libfuzzer/libfuzzer_mutator.cc
++++ b/src/libfuzzer/libfuzzer_mutator.cc
+@@ -14,6 +14,8 @@
+
+ #include "src/libfuzzer/libfuzzer_mutator.h"
+
++#include <sanitizer/msan_interface.h>
++
+ #include <string.h>
+
+ #include <algorithm>
+@@ -64,6 +66,7 @@ template <class T>
+ T MutateValue(T v) {
+ size_t size =
+ LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&v), sizeof(v), sizeof(v));
++ __msan_unpoison(reinterpret_cast<uint8_t*>(&v), size);
+ memset(reinterpret_cast<uint8_t*>(&v) + size, 0, sizeof(v) - size);
+ return v;
+ }
+@@ -93,6 +96,7 @@ std::string Mutator::MutateString(const std::string& value,
+ result.resize(std::max(1, new_size));
+ result.resize(LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&result[0]),
+ value.size(), result.size()));
++ __msan_unpoison(reinterpret_cast<uint8_t*>(&result[0]), result.size());
+ return result;
+ }
+
--- /dev/null
+#!/bin/bash
+
+[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+MAP=fvault2test
+TST_DIR=fvault2-images
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+[ -z "$srcdir" ] && srcdir="."
+
+function create_mapping()
+{
+ local image=$1
+ local passphrase=$2
+ echo -n "$passphrase" | "$CRYPTSETUP" open --type fvault2 --key-file - \
+ "$image" "$MAP"
+}
+
+function remove_mapping()
+{
+ [ -b "/dev/mapper/$MAP" ] && dmsetup remove --retry "$MAP"
+ rm -rf $TST_DIR
+}
+
+function fail()
+{
+ [ -n "$1" ] && echo "$1"
+ echo " [FAILED]"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ remove_mapping
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ echo "Test skipped."
+ remove_mapping
+ exit 77
+}
+
+function produce_dump()
+{
+ "$CRYPTSETUP" fvault2Dump "$1" || fail
+}
+
+function produce_dump_key()
+{
+ echo "$2" | "$CRYPTSETUP" fvault2Dump "$1" --dump-volume-key || fail
+}
+
+function check_dump()
+{
+ local dump=$1
+ local key=$2
+ local exp_value=$3
+ local regex="$key:\s*\(.*\)"
+ local value=$(echo "$dump" | sed -n "s|$regex|\1|p" | sed 's|\s*$||')
+ [ "$value" = "$exp_value" ] || fail \
+ "$key check failed: expected \"$exp_value\", got \"$value\""
+}
+
+function check_uuid()
+{
+ local exp_uuid=$1
+ local uuid=$(blkid -po value -s UUID "/dev/mapper/$MAP")
+ [ "$uuid" = "$exp_uuid" ] || fail \
+ "UUID check failed: expected \"$exp_uuid\", got \"$uuid\""
+}
+
+function check_sha256()
+{
+ local exp_sum=$1
+ local sum=$(sha256sum /dev/mapper/$MAP | head -c 64)
+ [ "$sum" = "$exp_sum" ] || fail \
+ "SHA256 sum check failed: expected \"$exp_sum\", got \"$sum\""
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+export LANG=C
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+
+if [ ! -d $TST_DIR ]; then
+ tar xJSf $srcdir/fvault2-images.tar.xz --no-same-owner 2>/dev/null || skip "Incompatible tar."
+fi
+
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+
+echo "HEADER CHECK"
+IMG="$TST_DIR/small"
+PWD="heslo123"
+
+echo -n " $IMG"
+dump=$(produce_dump $IMG)
+check_dump "$dump" 'Physical volume UUID' fc52bfae-5a1f-4f9b-b3a6-f33303a0e401
+check_dump "$dump" 'Family UUID' 33a76caa-1481-4bc5-8d04-1ac1707c19c0
+check_dump "$dump" 'Logical volume offset' '67108864 [bytes]'
+check_dump "$dump" 'Logical volume size' '167772160 [bytes]'
+check_dump "$dump" 'PBKDF2 iterations' 204222
+check_dump "$dump" 'PBKDF2 salt' '2c 24 9e db 66 63 d6 fb cc 79 05 b7 a4 d7 27 52'
+dump=$(produce_dump_key $IMG heslo123)
+check_dump "$dump" 'Volume key' '20 73 4d 33 89 21 27 74 d7 61 0c 29 d7 32 88 09 16 f3 be 14 c4 b1 2a c7 aa f0 7e 5c cc 77 b3 19'
+echo $PWD | $CRYPTSETUP open --type fvault2 --test-passphrase $IMG || fail
+echo " [OK]"
+
+if [ $(id -u) != 0 ]; then
+ echo "WARNING: You must be root to run activation part of test, test skipped."
+ remove_mapping
+ exit 0
+fi
+
+echo "ACTIVATION CHECK"
+echo -n " $IMG"
+create_mapping $IMG heslo123
+check_uuid de124d8a-2164-394e-924f-8e28db0a09cb
+check_sha256 2c662e36c0f7e2f5583e6a939bbcbdc660805692d0fccaa45ad4052beb3b8e18
+echo " [OK]"
+
+remove_mapping
+exit 0
--- /dev/null
+#!/bin/bash
+
+function fail()
+{
+ [ -n "$1" ] && echo "$1"
+ exit 2
+}
+
+function generate() {
+ local ver=
+
+ while IFS= read -r line; do
+ local len=${#line}
+
+
+ if [ "${line:0:11}" = "CRYPTSETUP_" ]; then
+ local i=12
+ while [ $i -lt $len ]; do
+ if [ "${line:$i:1}" = "{" ]; then
+ ver=${line:0:$i}
+ break
+ fi
+ i=$((i+1))
+ done
+ elif [ "${line:0:6}" = "crypt_" -a -n "$ver" ]; then
+ printf 'CHECK_SYMBOL(%s, %s)\n' $line $ver
+ fi
+ done < <(tr -d '[:blank:];' < $1)
+}
+
+test $# -ge 1 || fail "usage: $0 <symbol_file>"
+
+test -f $1 || fail "$1 is not a file."
+
+generate $1
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# make area 7 access the luks2 header space
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c --arg off $OFFS --arg len $LEN \
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# add keyslot 1 to second digest
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_obj_len=$(jq -c -M '.keyslots."1".kdf | length' $TMPDIR/json_res0)
test $((obj_len+2)) -eq $new_obj_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
PATTERN="\"config\":{"
KEY="\"config_key\":\""
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf $format_str $KEY $fill ${json_str:$offset} | _dd of=$TMPDIR/json0 bs=1 seek=$offset conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
#json_str_res0=$(< $TMPDIR/json_res0)
read -r json_str_res0 < $TMPDIR/json_res0
test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512-1)) || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf "%s" $json_new_str | _dd of=$TMPDIR/json0 bs=512 count=$LUKS2_JSON_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
+ lib_mangle_json_hdr0
}
function check()
{
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
+ lib_hdr0_checksum || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
read -r json_str_res0 < $TMPDIR/json_res0
test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512)) || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json1 $TGT_IMG $TMPDIR/json1
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json1
printf "%s" $json_new_str | _dd of=$TMPDIR/json1 bs=512 count=$LUKS2_JSON_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json1 $TMPDIR/area1
- erase_checksum $TMPDIR/area1
- chks1=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks1 $TMPDIR/area1
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG
+ lib_mangle_json_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- chks_res1=$(read_sha256_checksum $TMPDIR/hdr_res1)
- test "$chks1" = "$chks_res1" || exit 2
+ lib_hdr1_checksum || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1
read -r json_str_res1 < $TMPDIR/json_res1
test ${#json_str_res1} -eq $((LUKS2_JSON_SIZE*512)) || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
- chks0=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
- chks1=$(echo "D'oh!: arbitrary chosen string" | calc_sha256_checksum_stdin)
- write_checksum $chks0 $TGT_IMG
- write_checksum $chks1 $TMPDIR/hdr1
+ CHKS0=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
+ CHKS1=$(echo "D'oh!: arbitrary chosen string" | calc_sha256_checksum_stdin)
+ write_checksum $CHKS0 $TGT_IMG
+ write_checksum $CHKS1 $TMPDIR/hdr1
write_luks2_bin_hdr1 $TMPDIR/hdr1 $TGT_IMG
}
function check()
{
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- chks_res1=$(read_sha256_checksum $TMPDIR/hdr1)
- test "$chks0" = "$chks_res0" || exit 2
- test "$chks1" = "$chks_res1" || exit 2
-}
-
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
}
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# 1 full target dir
# 2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
-}
-
function generate()
{
- chks=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
- write_checksum $chks $TGT_IMG
+ CHKS0=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
+ write_checksum $CHKS0 $TGT_IMG
}
function check()
{
- chks_res=$(read_sha256_checksum $TGT_IMG)
- test "$chks" = "$chks_res" || exit 2
+ lib_hdr0_checksum || exit 2
}
-#function cleanup()
-#{
-#}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-#cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
- chks=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
- write_checksum $chks $TMPDIR/hdr1
+ CHKS1=$(echo "Arbitrary chosen string: D'oh!" | calc_sha256_checksum_stdin)
+ write_checksum $CHKS1 $TMPDIR/hdr1
write_luks2_bin_hdr1 $TMPDIR/hdr1 $TGT_IMG
}
function check()
{
- chks_res=$(read_sha256_checksum $TMPDIR/hdr1)
- test "$chks" = "$chks_res" || exit 2
-}
-
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
+ lib_hdr1_checksum || exit 2
}
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512+4096))
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c --arg js $JS 'if .config.json_size != ($js | tostring )
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512-4096))
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c --arg js $JS 'if .config.json_size != ($js | tostring )
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
JS=$(((LUKS2_HDR_SIZE-LUKS2_BIN_HDR_SIZE)*512))
json_str=$(jq -c '.' $TMPDIR/json0)
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# make area 7 being included in area 6
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c --arg off $OFFS 'if .config.keyslots_size != ( .segments."0".offset | tonumber - ($off | tonumber) + 4096 | tostring )
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
json_str=$(jq -c '.config.keyslots_size = (.config.keyslots_size | tonumber - 1 | tostring)' $TMPDIR/json0)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if (.config.keyslots_size | tonumber % 4096) == 0
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
json_str=$(jq '.config.keyslots_size = ([.keyslots[].area.size] | map(tonumber) | add - 4096 | tostring )' $TMPDIR/json0)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .config.keyslots_size != ([.keyslots[].area.size ] | map(tonumber) | add - 4096 | tostring)
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf "%s" "$json_str" | _dd of=$TMPDIR/json0 bs=1 conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
read -r json_str_res0 < $TMPDIR/json_res0
test "$json_str" = "$json_str_res0" || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf "%s" "$json_str" | _dd of=$TMPDIR/json0 bs=1 conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
IFS= read -r json_str_res0 < $TMPDIR/json_res0
test "$json_str" = "$json_str_res0" || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where keyslot is not of type object.
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c 'del(.tokens) | .tokens = 42' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if .tokens != 42
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where multiple top objects are not of type object.
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c 'del(.tokens) | .tokens = 42 |
+ del(.digests) | .digests = 42 |
+ del(.keyslots) | .keyslots = [] |
+ del(.segments) | .segments = "hi"' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if (.tokens != 42) or (.digests != 42) or (.keyslots != []) or (.segments != "hi")
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where keyslot AF type is invalid.
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c 'del(.keyslots."0".af.type) | .keyslots."0".af.type = 42' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if (.keyslots."0".af.type != 42)
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where keyslot area object size is UINT64_MAX and will overflow with added length
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c '.keyslots."0"."area".size = "18446744073709551615"' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if (.keyslots."0"."area".size != "18446744073709551615")
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where keyslot area object is not of type object.
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c 'del(.keyslots."0".area) | .keyslots."0".area = 42' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if (.keyslots."0".area != 42)
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate header with well-formed json format
+# where multiple keyslots objects are not of type object.
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ json_str=$(jq -c 'del(.keyslots."0".kdf) | .keyslots."0".kdf = 42 |
+ del(.keyslots."0".af) | .keyslots."0".af = 42' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+ write_luks2_json "$json_str" $TMPDIR/json1
+
+ lib_mangle_json_hdr0
+ lib_mangle_json_hdr1
+}
+
+function check()
+{
+ lib_hdr0_checksum || exit 2
+ lib_hdr1_checksum || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if (.keyslots."0".kdf != 42) or (.keyslots."0".af != 42)
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str_orig < $TMPDIR/json0
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json_res0)
test $((arr_len-1)) -eq $new_arr_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# add keyslot 1 to second digest
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_arr_len=$(jq -c -M '.digests."1".keyslots | length' $TMPDIR/json_res0)
test 1 -eq $new_arr_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 128 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 128KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 16 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 1 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 1 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 256 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
function generate()
{
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 2 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 2 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 32 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 32KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 4 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 4 MiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 512 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 512KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 64KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 64KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
# .keyslots.7.area.offset = ( ((.config.keyslots_size | tonumber) + ($mda | tonumber) - (.keyslots.7.area.size | tonumber) + 1) | tostring ) |
jq -c --arg mda $((2*TEST_MDA_SIZE_BYTES)) --arg jsize $JSON_SIZE \
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 64KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE --arg off $DATA_OFFSET --arg mda $((2*TEST_MDA_SIZE_BYTES)) \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 64 KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area0
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
}
function check()
{
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $TEST_MDA_SIZE
- local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
- test "$str_res0" = "VACUUM" || exit 2
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# 64KiB metadata
test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $TEST_JSN_SIZE
- merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json0 $TMPDIR/area1 $TEST_JSN_SIZE
-
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
-
- erase_checksum $TMPDIR/area1
- chks0=$(calc_sha256_checksum_file $TMPDIR/area1)
- write_checksum $chks0 $TMPDIR/area1
-
- kill_bin_hdr $TMPDIR/area1
-
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $TEST_MDA_SIZE
- write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $TEST_MDA_SIZE
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $TEST_MDA_SIZE
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate primary with predefined json_size. There's only limited
+# set of values allowed as json size in config section of LUKS2
+# metadata
+#
+# secondary header is corrupted on purpose as well
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M
+
+ TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512))
+ TEST_MDA_SIZE_BOGUS_BYTES=$((TEST_MDA_SIZE*512*2*1024))
+ TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE))
+ KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024))
+ JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024))
+ JSON_SIZE=$((TEST_JSN_SIZE*512))
+ DATA_OFFSET=16777216
+
+ json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \
+ '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) |
+ .config.json_size = $jsize |
+ .segments."0".offset = $off' $TMPDIR/json0)
+ test -n "$json_str" || exit 2
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
+
+ write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BYTES
+ write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BOGUS_BYTES
+
+ write_bin_hdr_offset $TMPDIR/hdr1 $TEST_MDA_SIZE_BYTES
+
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE
+}
+
+function check()
+{
+ lib_hdr0_killed $TEST_MDA_SIZE || exit 2
+
+ read_luks2_json1 $TGT_IMG $TMPDIR/json_res1 $TEST_JSN_SIZE
+ jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
+ 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
+ (.config.json_size != $jsize)
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res1 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate primary with predefined json_size. There's only limited
+# set of values allowed as json size in config section of LUKS2
+# metadata
+#
+# secondary header is corrupted on purpose as well
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ TEST_MDA_SIZE=$LUKS2_HDR_SIZE_1M
+
+ TEST_MDA_SIZE_BYTES=$((TEST_MDA_SIZE*512))
+ TEST_MDA_SIZE_BOGUS_BYTES=$((TEST_MDA_SIZE*512*2*1024))
+ TEST_JSN_SIZE=$((TEST_MDA_SIZE-LUKS2_BIN_HDR_SIZE))
+ KEYSLOTS_OFFSET=$((TEST_MDA_SIZE*1024))
+ JSON_DIFF=$(((TEST_MDA_SIZE-LUKS2_HDR_SIZE)*1024))
+ JSON_SIZE=$((TEST_JSN_SIZE*512))
+ DATA_OFFSET=16777216
+
+ json_str=$(jq -c --arg jdiff $JSON_DIFF --arg jsize $JSON_SIZE --arg off $DATA_OFFSET \
+ '.keyslots[].area.offset |= ( . | tonumber + ($jdiff | tonumber) | tostring) |
+ .config.json_size = $jsize |
+ .segments."0".offset = $off' $TMPDIR/json0)
+ test -n "$json_str" || exit 2
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0 $TEST_JSN_SIZE
+ write_luks2_json "$json_str" $TMPDIR/json1 $TEST_JSN_SIZE
+
+ write_bin_hdr_size $TMPDIR/hdr0 $TEST_MDA_SIZE_BOGUS_BYTES
+ write_bin_hdr_size $TMPDIR/hdr1 $TEST_MDA_SIZE_BOGUS_BYTES
+
+ lib_mangle_json_hdr0 $TEST_MDA_SIZE $TEST_JSN_SIZE
+ lib_mangle_json_hdr1 $TEST_MDA_SIZE $TEST_JSN_SIZE kill
+}
+
+function check()
+{
+ lib_hdr1_killed $TEST_MDA_SIZE || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0 $TEST_JSN_SIZE
+ jq -c --arg koff $KEYSLOTS_OFFSET --arg jsize $JSON_SIZE \
+ 'if ([.keyslots[].area.offset] | map(tonumber) | min | tostring != $koff) or
+ (.config.json_size != $jsize)
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str_orig < $TMPDIR/json0
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_arr_len=$(jq -c -M '.digests."0".keyslots | length' $TMPDIR/json_res0)
test $((arr_len+1)) -eq $new_arr_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str_orig < $TMPDIR/json0
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_arr_len=$(jq -c -M '.tokens."0".keyslots | length' $TMPDIR/json_res0)
test $new_arr_len -eq 2 || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str_orig < $TMPDIR/json0
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_arr_len=$(jq -c -M '.digests."0".segments | length' $TMPDIR/json_res0)
test $((arr_len+1)) -eq $new_arr_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
PATTERN="\"config\":{"
KEY="\"config_key\":\""
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf $format_str $KEY $fill ${json_str:$offset} | _dd of=$TMPDIR/json0 bs=1 seek=$offset conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
read -r json_str_res0 < $TMPDIR/json_res0
test ${#json_str_res0} -eq $((LUKS2_JSON_SIZE*512)) || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf '%s' $json_str | _dd of=$TMPDIR/json0 bs=1 conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
read -r json_str_res0 < $TMPDIR/json_res0
local len=${#json_str_res0}
len=$((len-1))
test ${json_str_res0:len:1} = "X" || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
QUOTE="[Homer J. Simpson]: Keep looking shocked and move slowly towards the cake."
SPACE=20
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
read -r json_str < $TMPDIR/json0
printf '%s' "$QUOTE" | _dd of=$TMPDIR/json0 seek=$((json_len_orig+SPACE)) bs=1 conv=notrunc
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
_dd if=$TMPDIR/json_res0 of=$TMPDIR/quote skip=$((json_len_orig+SPACE)) count=${#QUOTE} bs=1
json_str_res0=$(head -c ${#QUOTE} $TMPDIR/quote)
test "$json_str_res0" = "$QUOTE" || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# copy area 6 offset and length into area 7
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if (.keyslots."6".area.offset != .keyslots."7".area.offset) or (.keyslots."6".area.size != .keyslots."7".area.size)
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# make area 7 being included in area 6
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if (.keyslots."7".area.offset != (.keyslots."6".area.offset | tonumber + 1 | tostring)) or
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# make area 7 being included in area 6
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .keyslots."7".area.offset != ([.keyslots."6".area.offset, .keyslots."6".area.size ] | map(tonumber) | add - 1 | tostring)
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# add keyslot 1 to second digest
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json_res0)
test $((obj_len+2)) -eq $new_obj_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# add keyslot 1 to second digest
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
+ lib_hdr0_checksum || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
- chks_res0=$(read_sha256_checksum $TGT_IMG)
- test "$chks0" = "$chks_res0" || exit 2
new_obj_len=$(jq -c -M '.keyslots."2".kdf | length' $TMPDIR/json_res0)
test $((obj_len+2)) -eq $new_obj_len || exit 2
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
--- /dev/null
+#!/bin/bash
+
+. lib.sh
+
+#
+# *** Description ***
+#
+# generate primary header with segment empty encryption field
+#
+# secondary header is corrupted on purpose as well
+#
+
+# $1 full target dir
+# $2 full source luks2 image
+
+function generate()
+{
+ # remove mandatory encryption field
+ json_str=$(jq -c '.segments."0".encryption = ""' $TMPDIR/json0)
+ test ${#json_str} -lt $((LUKS2_JSON_SIZE*512)) || exit 2
+
+ write_luks2_json "$json_str" $TMPDIR/json0
+
+ lib_mangle_json_hdr0_kill_hdr1
+}
+
+function check()
+{
+ lib_hdr1_killed || exit 2
+
+ read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
+ jq -c 'if .segments."0".encryption != ""
+ then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
+}
+
+lib_prepare $@
+generate
+check
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".encryption
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".iv_tweak
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".sector_size
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".encryption | type != "object"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".iv_tweak != "dynamic"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".sector_size != 1023
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".sector_size != "4096"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".sector_size != -1024
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".offset
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".type
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."1" | type != "object"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".type != "some_type"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# create illegal backup segment key (used to be bug in 32bit implementations)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments | length < 2
then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# create illegal backup segment key (used to be bug in 32bit implementations)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments | length < 64
then error("Unexpected segments count") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".flags != [ "hello", 1 ]
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".flags != "hello"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".offset != "-42"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != 4096
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != "automatic"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != "511"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# remove mandatory encryption field
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".type != 42
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# UINT64_MAX - 511 (so that it's sector aligned)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != "18446744073709551104"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
json_str=$(jq -c '.segments."0".size = "18446744073709551616"' $TMPDIR/json0)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != "18446744073709551616"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
# $1 full target dir
# $2 full source luks2 image
-function prepare()
-{
- cp $SRC_IMG $TGT_IMG
- test -d $TMPDIR || mkdir $TMPDIR
- read_luks2_json0 $TGT_IMG $TMPDIR/json0
- read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
-}
-
function generate()
{
# UINT64_MAX + 1 (it's 512 sector aligned)
write_luks2_json "$json_str" $TMPDIR/json0
- merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0
- erase_checksum $TMPDIR/area0
- chks0=$(calc_sha256_checksum_file $TMPDIR/area0)
- write_checksum $chks0 $TMPDIR/area0
- write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG
- kill_bin_hdr $TMPDIR/hdr1
- write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+ lib_mangle_json_hdr0_kill_hdr1
}
function check()
{
- read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
- local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
- test "$str_res1" = "VACUUM" || exit 2
+ lib_hdr1_killed || exit 2
read_luks2_json0 $TGT_IMG $TMPDIR/json_res0
jq -c 'if .segments."0".size != "-512"
then error("Unexpected value in result json") else empty end' $TMPDIR/json_res0 || exit 5
}
-function cleanup()
-{
- rm -f $TMPDIR/*
- rm -fd $TMPDIR
-}
-
-test $# -eq 2 || exit 1
-
-TGT_IMG=$1/$(test_img_name $0)
-SRC_IMG=$2
-
-prepare
+lib_prepare $@
generate
check
-cleanup
+lib_cleanup
[ -z "$srcdir" ] && srcdir="."
TMPDIR=$srcdir/tmp
+# to be set by individual generator
+TGT_IMG=""
+SRC_IMG=""
+
repeat_str() {
printf "$1"'%.0s' $(eval "echo {1.."$(($2))"}");
}
}
function write_bin_hdr_size() {
- printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=1 conv=notrunc
+ printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=1 conv=notrunc
}
function write_bin_hdr_offset() {
- printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=32 conv=notrunc
+ printf '%016x' $2 | xxd -r -p -l 16 | _dd of=$1 bs=8 count=1 seek=32 conv=notrunc
+}
+
+# generic header helpers
+# $TMPDIR/json0 - JSON hdr1
+# $TMPDIR/json1 - JSON hdr2
+# $TMPDIR/hdr0 - bin hdr1
+# $TMPDIR/hdr1 - bin hdr2
+
+# 1:target_dir 2:source_image
+function lib_prepare()
+{
+ test $# -eq 2 || exit 1
+
+ TGT_IMG=$1/$(test_img_name $0)
+ SRC_IMG=$2
+
+ # wipe checksums
+ CHKS0=0
+ CHKS1=0
+
+ cp $SRC_IMG $TGT_IMG
+ test -d $TMPDIR || mkdir $TMPDIR
+ read_luks2_json0 $TGT_IMG $TMPDIR/json0
+ read_luks2_json1 $TGT_IMG $TMPDIR/json1
+ read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr0
+ read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr1
+}
+
+function lib_cleanup()
+{
+ rm -f $TMPDIR/*
+ rm -fd $TMPDIR
+}
+
+function lib_mangle_json_hdr0()
+{
+ local mda_sz=${1:-}
+ local jsn_sz=${2:-}
+ local kill_hdr=${3:-}
+
+ merge_bin_hdr_with_json $TMPDIR/hdr0 $TMPDIR/json0 $TMPDIR/area0 $jsn_sz
+ erase_checksum $TMPDIR/area0
+ CHKS0=$(calc_sha256_checksum_file $TMPDIR/area0)
+ write_checksum $CHKS0 $TMPDIR/area0
+ test -n "$kill_hdr" && kill_bin_hdr $TMPDIR/area0
+ write_luks2_hdr0 $TMPDIR/area0 $TGT_IMG $mda_sz
+}
+
+function lib_mangle_json_hdr1()
+{
+ local mda_sz=${1:-}
+ local jsn_sz=${2:-}
+ local kill_hdr=${3:-}
+
+ merge_bin_hdr_with_json $TMPDIR/hdr1 $TMPDIR/json1 $TMPDIR/area1 $jsn_sz
+ erase_checksum $TMPDIR/area1
+ CHKS1=$(calc_sha256_checksum_file $TMPDIR/area1)
+ write_checksum $CHKS1 $TMPDIR/area1
+ test -n "$kill_hdr" && kill_bin_hdr $TMPDIR/area1
+ write_luks2_hdr1 $TMPDIR/area1 $TGT_IMG $mda_sz
+}
+
+function lib_mangle_json_hdr0_kill_hdr1()
+{
+ lib_mangle_json_hdr0
+
+ kill_bin_hdr $TMPDIR/hdr1
+ write_luks2_hdr1 $TMPDIR/hdr1 $TGT_IMG
+}
+
+function lib_hdr0_killed()
+{
+ local mda_sz=${1:-}
+
+ read_luks2_bin_hdr0 $TGT_IMG $TMPDIR/hdr_res0 $mda_sz
+ local str_res0=$(head -c 6 $TMPDIR/hdr_res0)
+ test "$str_res0" = "VACUUM"
+}
+
+function lib_hdr1_killed()
+{
+ local mda_sz=${1:-}
+
+ read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1 $mda_sz
+ local str_res1=$(head -c 6 $TMPDIR/hdr_res1)
+ test "$str_res1" = "VACUUM"
+}
+
+function lib_hdr0_checksum()
+{
+ local chks_res0=$(read_sha256_checksum $TGT_IMG)
+ test "$CHKS0" = "$chks_res0"
+}
+
+function lib_hdr1_checksum()
+{
+ read_luks2_bin_hdr1 $TGT_IMG $TMPDIR/hdr_res1
+ local chks_res1=$(read_sha256_checksum $TMPDIR/hdr_res1)
+ test "$CHKS1" = "$chks_res1"
}
INTSETUP_LIB_VALGRIND=../.libs
DEV_NAME=dmc_test
-DEV_NAME_BIG=dmc_fake
+DEV_NAME2=dmc_fake
DEV_LOOP=""
DEV=test123.img
DEV2=test124.img
cleanup() {
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
- [ -b /dev/mapper/$DEV_NAME_BIG ] && dmremove $DEV_NAME_BIG
+ [ -b /dev/mapper/$DEV_NAME2 ] && dmremove $DEV_NAME2
[ -n "$DEV_LOOP" ] && losetup -d "$DEV_LOOP"
DEV_LOOP=""
rm -f $DEV $DEV2 $KEY_FILE $KEY_FILE2 >/dev/null 2>&1
[ $VER_MIN -gt 2 ] && {
DM_INTEGRITY_BITMAP=1
}
+ [ $VER_MIN -gt 5 ] && {
+ DM_INTEGRITY_RESIZE_SUPPORTED=1
+ }
[ $VER_MIN -gt 6 ] && {
DM_INTEGRITY_HMAC_FIX=1
}
+ [ $VER_MIN -gt 7 ] && {
+ DM_INTEGRITY_RESET=1
+ }
}
add_device() {
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
- [ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
- export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $INTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$INTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
function valgrind_run()
{
- INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${INTSETUP_VALGRIND} "$@"
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${INTSETUP_VALGRIND} "$@"
}
int_check_sum_only() # checksum
echo -n "[FORMAT]"
$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1
if [ $? -ne 0 ] ; then
- ALG=$(echo $1 | sed -e 's/hmac-//')
- if ! grep -q $ALG /proc/crypto ; then
- echo "[N/A]"
- return
+ if [[ $1 =~ "sha2" || $1 =~ "crc" ]] ; then
+ fail "Cannot format device."
fi
- fail "Cannot format device."
+ echo "[N/A]"
+ return
fi
dump_check "tag_size" $4
echo -n "[INTEGRITY:$1:$2:$4:$5]"
echo -n "[FORMAT]"
- $INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null || fail "Cannot format device."
+ $INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ if [[ $2 =~ "sha2" || $2 =~ "crc" ]] ; then
+ fail "Cannot format device."
+ fi
+ echo "[N/A]"
+ return
+ fi
echo -n "[ACTIVATE]"
$INTSETUP open $DEV $DEV_NAME --integrity $2 --integrity-no-journal $KEY_PARAMS $INT_MODE || fail "Cannot activate device."
int_journal() # 1 alg, 2 tagsize, 3 sector_size, 4 watermark, 5 commit_time, 6 journal_integrity, 7 key-file, 8 key-size, 9 journal_integrity_out
{
- echo -n "[INTEGRITY JOURNAL:$6:${4}%:${5}ms:$8]"
- echo -n "[FORMAT]"
- ARGS="--integrity $1 --journal-watermark $4 --journal-commit-time $5 --journal-integrity $6 --journal-integrity-key-file $7 --journal-integrity-key-size $8"
- $INTSETUP format -q --tag-size $2 --sector-size $3 $ARGS $DEV || fail "Cannot format device."
+ echo -n "[INTEGRITY JOURNAL:$6:${4}%:${5}ms:$8]"
+ echo -n "[FORMAT]"
+ ARGS="--integrity $1 --journal-watermark $4 --journal-commit-time $5 --journal-integrity $6 --journal-integrity-key-file $7 --journal-integrity-key-size $8"
+ $INTSETUP format -q --tag-size $2 --sector-size $3 $ARGS $DEV || fail "Cannot format device."
- echo -n "[ACTIVATE]"
+ echo -n "[ACTIVATE]"
- $INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device."
+ $INTSETUP open $DEV $DEV_NAME $ARGS || fail "Cannot activate device."
- echo -n "[KEYED HASH]"
- KEY_HEX=$(xxd -c 4096 -l $8 -p $7)
- [ -z "$KEY_HEX" ] && fail "Cannot decode key."
- dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch."
+ echo -n "[KEYED HASH]"
+ KEY_HEX=$(xxd -c 4096 -l $8 -p $7)
+ [ -z "$KEY_HEX" ] && fail "Cannot decode key."
+ dmsetup table --showkeys $DEV_NAME | grep -q $KEY_HEX || fail "Key mismatch."
- status_check "journal watermark" "${4}%"
- status_check "journal commit time" "${5} ms"
- status_check "journal integrity MAC" $9
+ status_check "journal watermark" "${4}%"
+ status_check "journal commit time" "${5} ms"
+ status_check "journal integrity MAC" $9
- echo -n "[REMOVE]"
- $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
- echo "[OK]"
+ echo -n "[REMOVE]"
+ $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
+ echo "[OK]"
}
echo "[OK]"
}
+check_device_size() # device_name expected_size error_message
+{
+ CURRENT_SIZE=$(dmsetup table | grep $1 | cut -d' ' -f 3)
+ [ $CURRENT_SIZE -eq $2 ] || fail "$3: expected $1 to be of size $2, but is $CURRENT_SIZE"
+}
+
+test_resize() # description detached_metadata wipe args
+{
+ echo -n "$1"
+ if [ -z "$DM_INTEGRITY_RESIZE_SUPPORTED" ] ; then
+ echo "[N/A]"
+ return
+ fi
+
+ args="$4"
+ if [ $2 -ne 0 ] ; then
+ echo -n "[DETACHED]"
+ else
+ echo -n "[INTERLEAVE]"
+ fi
+ if [ $3 -ne 0 ] ; then
+ wipe_flag="--wipe"
+ echo -n "[WIPE]"
+ else
+ wipe_flag=""
+ echo -n "[RECALCULATE]"
+ fi
+
+ add_device
+ if [ $2 -ne 0 ] ; then
+ echo -n "[FORMAT]"
+ $INTSETUP format -q $args $DEV2 --data-device $DEV >/dev/null 2>&1 || fail "Cannot format device."
+ echo -n "[ACTIVATE]"
+ $INTSETUP open -q $args $DEV2 $DEV_NAME --data-device $DEV >/dev/null 2>&1 || fail "Cannot activate device."
+ else
+ echo -n "[FORMAT]"
+ $INTSETUP format -q $args $DEV >/dev/null 2>&1 || fail "Cannot format device."
+ echo -n "[ACTIVATE]"
+ $INTSETUP open -q $args $DEV $DEV_NAME >/dev/null 2>&1 || fail "Cannot activate device."
+ fi
+
+ if [ $2 -ne 0 ] ; then
+ # the whole device has 32MiB, if metadata is detached
+ WHOLE_DISK_SIZE=65536
+ else
+ WHOLE_DISK_SIZE=$(dmsetup table | grep $DEV_NAME | cut -d' ' -f 3)
+ fi
+
+ echo -n "[SHRINK]"
+ $INTSETUP resize -q $wipe_flag $DEV_NAME --device-size 1MiB || fail "Failed to resize the device to 1MiB."
+ dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Errors detected after shrink."
+ check_device_size $DEV_NAME $(( 1024*1024 / 512 )) "Shrinking device failed"
+
+ echo -n "[FILL]"
+ $INTSETUP resize -q $wipe_flag $DEV_NAME --device-size 0 || fail "Failed to resize the device to maximum size."
+ dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Errors detected after resize to maximum size."
+ check_device_size $DEV_NAME $WHOLE_DISK_SIZE "Resizing disk to maximum size failed"
+
+ echo -n "[EXPAND FIXED]"
+ fallocate $DEV --len 64M
+ $INTSETUP resize -q $wipe_flag $DEV_NAME --device-size 40MiB || fail "Failed to expand the device to a fixed size."
+ dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Errors detected after expanding to a fixed size."
+ check_device_size $DEV_NAME $(( 40*1024*1024 / 512 )) "Resizing disk after expanding to a fixed size failed"
+
+ echo -n "[FILL]"
+ $INTSETUP resize -q $wipe_flag $DEV_NAME --device-size 0 >/dev/null 2>&1 || fail "Failed to resize the device to maximum size after increasing image size."
+ dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Error detection failed after increasing image size."
+ CURRENT_SIZE=$(dmsetup table | grep $DEV_NAME | cut -d' ' -f 3)
+ [ $CURRENT_SIZE -ge $(( 40*1024*1024 / 512 )) ] || fail "Growing integrity device failed $CURRENT_SIZE is not greater than 40MB ($(( 40*1024*1024 / 512 )) blocks)."
+ if [ $2 -ne 0 ] ; then
+ [ $CURRENT_SIZE -eq 131072 ] || fail "Growing integrity device failed $CURRENT_SIZE is not equal to 64MB (131072 blocks)."
+ fi
+
+ echo -n "[REMOVE]"
+ $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
+ echo "[OK]"
+}
+
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ ! -x "$INTSETUP" ] && skip "Cannot find $INTSETUP, test skipped."
-which blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped."
+command -v blockdev >/dev/null || skip "Cannot find blockdev utility, test skipped."
[ -n "$VALG" ] && valgrind_setup && INTSETUP=valgrind_run
-which hexdump >/dev/null 2>&1 || skip "WARNING: hexdump tool required."
+command -v hexdump >/dev/null || skip "WARNING: hexdump tool required."
+command -v xxd >/dev/null || skip "WARNING: xxd tool required."
modprobe dm-integrity >/dev/null 2>&1
dm_integrity_features
intformat blake2b-256 blake2b-256 32 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
intformat crc32c crc32c 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
intformat crc32 crc32 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
+intformat xxhash64 xxhash64 0 8 512 6ff6bb889a8485f1fb26aa82671ff5da64f60381fc469e31d7be6094241eee09
intformat sha1 sha1 0 20 512 6eedd6344dab8875cd185fcd6565dfc869ab36bc57e577f40c685290b1fa7fe7
intformat sha1 sha1 16 16 4096 e152ec88227b539cd9cafd8bdb587a1072d720cd6bcebe1398d4136c9e7f337b
intformat sha256 sha256 0 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
intformat hmac-sha256 hmac\(sha256\) 0 32 4096 33f7dfa5163ca9f740383fb8b0919574e38a7b20a94a4170fde4238196b7c4b4 $KEY_FILE 4096
echo "Error detection tests:"
-int_error_detection J crc32c 0 4 512
-int_error_detection J crc32c 0 4 4096
-int_error_detection J crc32 0 4 512
-int_error_detection J crc32 0 4 4096
-int_error_detection J sha1 0 20 512
-int_error_detection J sha1 16 16 512
-int_error_detection J sha1 0 20 4096
-int_error_detection J sha256 0 32 512
-int_error_detection J sha256 0 32 4096
-
-which xxd >/dev/null 2>&1 || skip "WARNING: xxd tool required."
+int_error_detection J crc32c 0 4 512
+int_error_detection J crc32c 0 4 4096
+int_error_detection J crc32 0 4 512
+int_error_detection J crc32 0 4 4096
+int_error_detection J xxhash64 0 8 512
+int_error_detection J xxhash64 0 8 4096
+int_error_detection J sha1 0 20 512
+int_error_detection J sha1 16 16 512
+int_error_detection J sha1 0 20 4096
+int_error_detection J sha256 0 32 512
+int_error_detection J sha256 0 32 4096
+
+command -v xxd >/dev/null || skip "WARNING: xxd tool required."
int_error_detection J hmac-sha256 0 32 512 $KEY_FILE 32
int_error_detection J hmac-sha256 0 32 4096 $KEY_FILE 32
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Cannot recalculate tags in-kernel"
int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
$INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
- echo "[OK]"
+ echo -n "[OK]"
+ if [ -n "$DM_INTEGRITY_RESET" ] ; then
+ $INTSETUP open $DEV $DEV_NAME -I sha256 --integrity-recalculate-reset || fail "Cannot activate device."
+ dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=1M 2>/dev/null || fail "Cannot reset recalculate tags in-kernel"
+ int_check_sum_only 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
+ $INTSETUP close $DEV_NAME || fail "Cannot deactivate device."
+ echo "[RESET OK]"
+ else
+ echo "[RESET N/A]"
+ fi
else
echo "[N/A]"
fi
add_device
DEV_LOOP=$(losetup -f $DEV --show)
if [ -n "$DEV_LOOP" ] ; then
-dmsetup create $DEV_NAME_BIG <<EOF
+dmsetup create $DEV_NAME2 <<EOF
0 16284 linear $DEV_LOOP 0
16284 80000000000 zero
EOF
- [ ! -b /dev/mapper/$DEV_NAME_BIG ] && fail
- $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME_BIG
- $INTSETUP open /dev/mapper/$DEV_NAME_BIG $DEV_NAME || fail
- D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME_BIG | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
+ [ ! -b /dev/mapper/$DEV_NAME2 ] && fail
+ $INTSETUP format -q -s 512 --no-wipe /dev/mapper/$DEV_NAME2
+ $INTSETUP open /dev/mapper/$DEV_NAME2 $DEV_NAME || fail
+ D_SIZE=$($INTSETUP dump /dev/mapper/$DEV_NAME2 | grep provided_data_sectors | sed -e 's/.*provided_data_sectors\ \+//g')
A_SIZE=$(blockdev --getsz /dev/mapper/$DEV_NAME)
# Compare strings (to avoid 64bit integers), not integers
[ -n "$A_SIZE" -a "$D_SIZE" != "$A_SIZE" ] && fail
echo "[N/A]"
fi
+echo -n "Deferred removal of device:"
+add_device
+$INTSETUP format -q $DEV || fail "Cannot format device."
+$INTSETUP open $DEV $DEV_NAME || fail "Cannot activate device."
+dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0"
+[ ! -b /dev/mapper/$DEV_NAME2 ] && fail
+$INTSETUP close $DEV_NAME >/dev/null 2>&1 && fail
+$INTSETUP -q status $DEV_NAME >/dev/null 2>&1 || fail
+$INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
+if [ $? -eq 0 ] ; then
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
+ $INTSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
+ $INTSETUP close --deferred $DEV_NAME >/dev/null 2>&1
+ dmsetup remove $DEV_NAME2 || fail
+ $INTSETUP -q status $DEV_NAME >/dev/null 2>&1 && fail
+ echo "[OK]"
+else
+ dmsetup remove $DEV_NAME2 >/dev/null 2>&1
+ $INTSETUP close $DEV_NAME >/dev/null 2>&1
+ echo "[N/A]"
+fi
+
echo -n "Fixed HMAC and legacy flags:"
if [ -n "$DM_INTEGRITY_HMAC_FIX" ] ; then
add_device
echo "[N/A]"
fi
+# shrinking the mapping should also work on older kernels
+echo -n "[INTEGRITY BASIC RESIZE NOKEY]"
+add_device
+ARGS="--integrity crc32"
+
+echo -n "[FORMAT]"
+$INTSETUP format -q $DEV $ARGS || fail "Cannot format device."
+echo -n "[ACTIVATE]"
+$INTSETUP open -q $DEV $DEV_NAME $ARGS >/dev/null 2>&1 || fail "Cannot activate device."
+echo -n "[SHRINK]"
+$INTSETUP resize $DEV_NAME --device-size 1MiB >/dev/null 2>&1 || fail "Failed to resize the device to 1MiB."
+check_device_size $DEV_NAME $(( 1024*1024 / 512 )) "Shrinking device failed"
+dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Errors detectied after resize."
+echo "[OK]"
+
+echo -n "[INTEGRITY BASIC RESIZE KEY]"
+add_device
+
+ARGS="--integrity hmac-sha256 --integrity-key-size 128 --integrity-key-file $KEY_FILE --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE --journal-integrity-key-size 128 --journal-crypt ctr-aes --journal-crypt-key-size 16 --journal-crypt-key-file $KEY_FILE"
+
+echo -n "[FORMAT]"
+$INTSETUP format -q $DEV $ARGS || fail "Cannot format device."
+echo -n "[ACTIVATE]"
+$INTSETUP open -q $DEV $DEV_NAME $ARGS >/dev/null 2>&1 || fail "Cannot activate device."
+echo -n "[SHRINK]"
+$INTSETUP resize $DEV_NAME --device-size 1MiB >/dev/null 2>&1 || fail "Failed to resize the device to 1MiB."
+check_device_size $DEV_NAME $(( 1024*1024 / 512 )) "Shrinking device failed"
+dd if=/dev/mapper/$DEV_NAME >/dev/null 2>&1 || fail "Errors detectied after resize."
+echo "[OK]"
+
+test_resize "[INTEGRITY RESIZE NOKEY]" 0 0 "--integrity crc32"
+test_resize "[INTEGRITY RESIZE NOKEY]" 0 1 "--integrity crc32"
+test_resize "[INTEGRITY RESIZE NOKEY DETACHED]" 1 0 "--integrity crc32"
+test_resize "[INTEGRITY RESIZE NOKEY DETACHED]" 1 1 "--integrity crc32"
+if [ -n "$DM_INTEGRITY_HMAC_FIX" ] ; then
+ test_resize "[INTEGRITY RESIZE KEY]" 0 0 "--integrity hmac-sha256 --integrity-key-size 128 --integrity-key-file $KEY_FILE --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE --journal-integrity-key-size 128 --journal-crypt ctr-aes --journal-crypt-key-size 16 --journal-crypt-key-file $KEY_FILE"
+ test_resize "[INTEGRITY RESIZE KEY]" 0 1 "--integrity hmac-sha256 --integrity-key-size 128 --integrity-key-file $KEY_FILE --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE --journal-integrity-key-size 128 --journal-crypt ctr-aes --journal-crypt-key-size 16 --journal-crypt-key-file $KEY_FILE"
+ test_resize "[INTEGRITY RESIZE KEY DETACHED]" 1 0 "--integrity hmac-sha256 --integrity-key-size 128 --integrity-key-file $KEY_FILE --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE --journal-integrity-key-size 128 --journal-crypt ctr-aes --journal-crypt-key-size 16 --journal-crypt-key-file $KEY_FILE"
+ test_resize "[INTEGRITY RESIZE KEY DETACHED]" 1 1 "--integrity hmac-sha256 --integrity-key-size 128 --integrity-key-file $KEY_FILE --journal-integrity hmac-sha256 --journal-integrity-key-file $KEY_FILE --journal-integrity-key-size 128 --journal-crypt ctr-aes --journal-crypt-key-size 16 --journal-crypt-key-file $KEY_FILE"
+fi
+
cleanup
CHKS_DMCRYPT=vk_in_dmcrypt.chk
CHKS_KEYRING=vk_in_keyring.chk
-PWD="aaa"
+PWD="aaablabl"
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
function remove_mapping()
{
# unlink whole test keyring
[ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
rm -f $CHKS_DMCRYPT $CHKS_KEYRING
}
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
function fail()
{
[ -n "$1" ] && echo "$1"
function fips_mode()
{
- [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
+ [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
}
add_device() {
- modprobe scsi_debug $@ delay=0
+ rmmod scsi_debug >/dev/null 2>&1
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "This kernel seems to not support proper scsi_debug module, test skipped."
exit 77
[ -b $DEV ] || fail "Cannot find $DEV."
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
-which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
-which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped"
-which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped"
-modprobe dm-crypt || fail "dm-crypt failed to load"
+command -v dmsetup >/dev/null || skip "Cannot find dmsetup, test skipped"
+command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped"
+command -v xxd >/dev/null || skip "Cannot find xxd, test skipped"
+command -v sha256sum >/dev/null || skip "Cannot find sha256sum, test skipped"
+modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
test_and_prepare_keyring
#test aes cipher with xts mode, plain IV
echo -n "Testing $CIPHER_XTS_PLAIN..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_32" logon $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
#test aes cipher, xts mode, essiv IV
echo -n "Testing $CIPHER_CBC_ESSIV..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_16" logon $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
fips_mode || {
echo -n "Testing $CIPHER_CBC_TCW..."
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
load_key "$HEXKEY_64" logon $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
# same test using message
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
dmsetup remove --retry $NAME || fail
dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
dmsetup suspend $NAME || fail
dmsetup message $NAME 0 key wipe || fail
dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail
dmsetup resume $NAME || fail
-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
dmsetup remove --retry $NAME || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
echo "OK"
echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_KEYRING || fail
echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
$CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
+dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_DMCRYPT || fail
diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
echo "OK"
}
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
-which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
-modprobe dm-crypt || fail "dm-crypt failed to load"
+command -v dmsetup >/dev/null || skip "Cannot find dmsetup, test skipped"
+command -v keyctl >/dev/null || skip "Cannot find keyctl, test skipped"
+modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
test_and_prepare_keyring
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
# try to validate using loop-AES losetup/kernel if available
LOSETUP_AES=/losetup-aes.old
function skip()
{
+ remove_mapping
[ -n "$1" ] && echo "$1"
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
function prepare()
{
remove_mapping
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
-which uuencode >/dev/null 2>&1 || skip "WARNING: test require uuencode binary, test skipped."
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+command -v uuencode >/dev/null || skip "WARNING: test require uuencode binary, test skipped."
check_version || skip "Probably old kernel, test skipped."
# loop-AES tests
#!/bin/bash
-# check luks1 images parsing
-
-# NOTE: if image with whirlpool hash fails, check
-# that you are not using old gcrypt with flawed whirlpool
-# (see cryptsetup debug output)
-
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
TST_DIR=luks1-images
MAP=luks1tst
KEYFILE=keyfile1
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
[ -z "$srcdir" ] && srcdir="."
function remove_mapping()
{
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
+ rm -rf $TST_DIR
}
function fail()
function skip()
{
[ -n "$1" ] && echo "$1"
- echo "Test skipped."
+ remove_mapping
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+function remove_imgs()
+{
+ echo "WARNING: $1 not available, not testing some images."
+ rm $(ls $TST_DIR/*$1*.img)
+}
+
function test_one()
{
- $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
+ $CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || remove_imgs $1
}
function test_required()
{
- which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
-
echo "REQUIRED KDF TEST"
- $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
+ $CRYPTSETUP benchmark -h whirlpool | grep "N/A" && remove_imgs whirlpool
echo "REQUIRED CIPHERS TEST"
echo "# Algorithm | Key | Encryption | Decryption"
}
export LANG=C
-
-test_required
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+command -v blkid >/dev/null || skip "blkid tool required, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
[ ! -d $TST_DIR ] && tar xJf $srcdir/luks1-images.tar.xz --no-same-owner
+test_required
echo "PASSPHRASE CHECK"
for file in $(ls $TST_DIR/luks1_*) ; do
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run activation part of test, test skipped."
+ remove_mapping
exit 0
fi
[ $ret -ne 0 ] && fail
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
- UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
$CRYPTSETUP remove $MAP || fail
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
echo " [OK]"
done
+
+remove_mapping
+exit 0
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
DEV_NAME=dmi_test
DEV=mode-test.img
+HEADER_IMG=mode-test-detached.img
PWD1=nHjJHjI23JK
KEY_FILE=key.img
FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
dmremove() { # device
udevadm settle >/dev/null 2>&1
dmsetup remove $1 >/dev/null 2>&1
cleanup() {
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
[ -b /dev/mapper/"$DEV_NAME"_dif ] && dmremove "$DEV_NAME"_dif
- rm -f $DEV $KEY_FILE >/dev/null 2>&1
+ rm -f $DEV $KEY_FILE $HEADER_IMG >/dev/null 2>&1
}
fail()
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
add_device() {
cleanup
dd if=/dev/urandom of=$KEY_FILE bs=1 count=512 >/dev/null 2>&1
sync
}
-status_check() # name value
+status_check() # name value [detached]
{
- #$CRYPTSETUP status $DEV_NAME
- X=$($CRYPTSETUP status $DEV_NAME | grep -m1 "$1" | sed -e 's/.*:[ \t]\+//' | cut -d' ' -f1)
+ if [ -n "$3" ]; then
+ PARAMS="$DEV_NAME --header $HEADER_IMG"
+ else
+ PARAMS="$DEV_NAME"
+ fi
+ X=$($CRYPTSETUP status $PARAMS | grep -m1 "$1" | sed -e 's/.*:[ \t]\+//' | cut -d' ' -f1)
if [ "$X" != "$2" ] ; then
echo "[status FAIL]"
echo " Expecting $1:$2 got \"$X\"."
dump_check() # name value
{
- #$CRYPTSETUP luksDump $DEV
X=$($CRYPTSETUP luksDump $DEV | grep -m1 "$1" | sed -e 's/.*:[ \t]\+//' | cut -d' ' -f1)
if [ "$X" != "$2" ] ; then
echo "[dump FAIL]"
int_error_detection() # alg int sector_size
{
- # FIXME: this is just a trivial failure
echo -n "[DETECT_CORRUPTION]"
echo -n "XXXXX" | dd of=$DEV bs=1M seek=28 count=1 conv=notrunc >/dev/null 2>&1 || fail "Cannot write to device."
$CRYPTSETUP open -d $KEY_FILE $DEV $DEV_NAME || fail "Cannot activate device."
$CRYPTSETUP close $DEV_NAME || fail "Cannot deactivate device."
}
-intformat() # alg integrity integrity_out key_size int_key_size sector_size csum
+intformat() # alg integrity integrity_out key_size int_key_size sector_size csum [test_hdr]
{
echo -n "[$1:$2:$4:$6]"
echo -n "[FORMAT]"
int_check_sum $1 $7
echo -n "[REMOVE]"
$CRYPTSETUP close $DEV_NAME || fail "Cannot deactivate device."
+
+ # check detached header activation
+ if [ -n "$8" ] ; then
+ echo -n "[DETACHED_HDR]"
+ $CRYPTSETUP luksHeaderBackup -q --header-backup-file $HEADER_IMG $DEV || fail
+ wipefs -a $DEV >/dev/null 2>&1 || fail
+ $CRYPTSETUP open --header $HEADER_IMG -d $KEY_FILE $DEV $DEV_NAME || fail "Cannot activate device."
+ status_check "cipher" $1 1
+ status_check "sector size" $6 1
+ status_check "integrity:" $3 1
+ status_check "keysize:" $(($4 + $5)) 1
+ [ $5 -gt 0 ] && status_check "integrity keysize:" $5 1
+ int_check_sum $1 $7
+ $CRYPTSETUP close $DEV_NAME || fail "Cannot deactivate device."
+ $CRYPTSETUP luksHeaderRestore -q --header-backup-file $HEADER_IMG $DEV || fail
+ rm -f $HEADER_IMG
+ fi
+
int_error_detection
echo "[OK]"
}
-
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
modprobe dm-integrity >/dev/null 2>&1
dmsetup targets | grep integrity >/dev/null 2>&1 || skip "Cannot find dm-integrity target, test skipped."
+command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped."
add_device
-intformat aes-cbc-essiv:sha256 hmac-sha256 hmac\(sha256\) 128 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
-intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 256 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
+intformat aes-cbc-essiv:sha256 hmac-sha256 hmac\(sha256\) 128 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c 1
+intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 256 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c 1
intformat aes-xts-random hmac-sha256 hmac\(sha256\) 256 256 512 492c2d1cc9e222a850c399bfef4ed5a86bf5afc59e54f0f0c7ba8e2a64548323
intformat aes-cbc-essiv:sha256 hmac-sha256 hmac\(sha256\) 256 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
intformat aes-xts-plain64 hmac-sha256 hmac\(sha256\) 512 256 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
intformat chacha20-plain64 poly1305 poly1305 256 0 4096 7370c66a92708fb71b186931468be6aa9b26f4f88373b00b1c57360b9ee1304e
intformat chacha20-random poly1305 poly1305 256 0 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b
-intformat aegis128-random aead aead 128 0 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c
-intformat aegis128-random aead aead 128 0 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b
+intformat aegis128-random aead aead 128 0 512 ee501705a084cd0ab6f4a28014bcf62b8bfa3434de00b82743c50b3abf06232c 1
+intformat aegis128-random aead aead 128 0 4096 358d6beceddf593aff6b22c31684e0df9c226330aff5812e060950215217d21b 1
cleanup
CRYPTSETUP_LIB_VALGRIND=../.libs
IMG=reenc-mangle-data
IMG_HDR=$IMG.hdr
+IMG_HDR_BCP=$IMG_HDR.bcp
IMG_JSON=$IMG.json
KEY1=key1
DEV_NAME=reenc3492834
function remove_mapping()
{
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
- rm -f $IMG $IMG_HDR $IMG_JSON $KEY1 >/dev/null 2>&1
+ rm -f $IMG $IMG_HDR $IMG_HDR_BCP $IMG_JSON $KEY1 >/dev/null 2>&1
}
function fail()
function bin_check()
{
- which $1 >/dev/null 2>&1 || skip "WARNING: test require $1 binary, test skipped."
+ command -v $1 >/dev/null || skip "WARNING: test require $1 binary, test skipped."
}
function img_json_save()
{
+ local _hdr=$IMG
+ [ -z "$1" ] || _hdr="$1"
# FIXME: why --json-file cannot be used?
- #$CRYPTSETUP luksDump --dump-json-metadata $IMG | jq -c -M | tr -d '\n' >$IMG_JSON
- local LUKS2_JSON_SIZE=$(($JSON_MSIZE - 4096))
- _dd if=$IMG count=$LUKS2_JSON_SIZE skip=4096 | jq -c -M . | tr -d '\n' >$IMG_JSON
+ $CRYPTSETUP luksDump --dump-json-metadata $_hdr | jq -c -M . | tr -d '\n' >$IMG_JSON
}
function img_json_dump()
function img_prepare() # $1 options
{
img_prepare_raw
- # FIXME: resilience is not saved here (always none)?
$CRYPTSETUP reencrypt $IMG $CS_PARAMS -q --init-only --resilience none $1 >/dev/null 2>&1
[ $? -ne 0 ] && skip "Reencryption unsupported, test skipped."
img_json_save
# header mangle functions
function img_update_json()
{
+ local _hdr="$IMG"
local LUKS2_BIN1_OFFSET=448
local LUKS2_BIN2_OFFSET=$((LUKS2_BIN1_OFFSET + $JSON_MSIZE))
local LUKS2_JSON_SIZE=$(($JSON_MSIZE - 4096))
echo $JSON | tr -d '\n' >$IMG_JSON || fail
fi
+ [ -z "$2" ] || _hdr="$2"
+
# wipe JSON areas
- _dd if=/dev/zero of=$IMG count=$LUKS2_JSON_SIZE seek=4096
- _dd if=/dev/zero of=$IMG count=$LUKS2_JSON_SIZE seek=$(($JSON_MSIZE + 4096))
+ _dd if=/dev/zero of=$_hdr count=$LUKS2_JSON_SIZE seek=4096
+ _dd if=/dev/zero of=$_hdr count=$LUKS2_JSON_SIZE seek=$(($JSON_MSIZE + 4096))
# write JSON data
- _dd if=$IMG_JSON of=$IMG count=$LUKS2_JSON_SIZE seek=4096
- _dd if=$IMG_JSON of=$IMG count=$LUKS2_JSON_SIZE seek=$(($JSON_MSIZE + 4096))
+ _dd if=$IMG_JSON of=$_hdr count=$LUKS2_JSON_SIZE seek=4096
+ _dd if=$IMG_JSON of=$_hdr count=$LUKS2_JSON_SIZE seek=$(($JSON_MSIZE + 4096))
# erase sha256 checksums
- _dd if=/dev/zero of=$IMG count=64 seek=$LUKS2_BIN1_OFFSET
- _dd if=/dev/zero of=$IMG count=64 seek=$LUKS2_BIN2_OFFSET
+ _dd if=/dev/zero of=$_hdr count=64 seek=$LUKS2_BIN1_OFFSET
+ _dd if=/dev/zero of=$_hdr count=64 seek=$LUKS2_BIN2_OFFSET
# calculate sha256 and write chexksums
- local SUM1_HEX=$(_dd if=$IMG count=$JSON_MSIZE | sha256sum | cut -d ' ' -f 1)
- echo $SUM1_HEX | xxd -r -p | _dd of=$IMG seek=$LUKS2_BIN1_OFFSET count=64 || fail
+ local SUM1_HEX=$(_dd if=$_hdr count=$JSON_MSIZE | sha256sum | cut -d ' ' -f 1)
+ echo $SUM1_HEX | xxd -r -p | _dd of=$_hdr seek=$LUKS2_BIN1_OFFSET count=64 || fail
- local SUM2_HEX=$(_dd if=$IMG skip=$JSON_MSIZE count=$JSON_MSIZE | sha256sum | cut -d ' ' -f 1)
- echo $SUM2_HEX | xxd -r -p | _dd of=$IMG seek=$LUKS2_BIN2_OFFSET count=64 || fail
+ local SUM2_HEX=$(_dd if=$_hdr skip=$JSON_MSIZE count=$JSON_MSIZE | sha256sum | cut -d ' ' -f 1)
+ echo $SUM2_HEX | xxd -r -p | _dd of=$_hdr seek=$LUKS2_BIN2_OFFSET count=64 || fail
img_hash_save
}
$CRYPTSETUP repair $IMG $CS_PARAMS || fail
}
+function img_check_dump_ok()
+{
+ $CRYPTSETUP luksDump $IMG >/dev/null || fail
+ img_check_fail
+}
+
function img_check_fail()
{
if [ $(id -u) == 0 ]; then
function img_run_reenc_ok()
{
-local EXPECT_TIMEOUT=5
-[ -n "$VALG" ] && EXPECT_TIMEOUT=60
-# For now, we cannot run reencryption in batch mode for non-block device. Just fake the terminal here.
-expect_run - >/dev/null <<EOF
-proc abort {} { send_error "Timeout. "; exit 2 }
-set timeout $EXPECT_TIMEOUT
-eval spawn $CRYPTSETUP_RAW reencrypt $IMG $CS_PWPARAMS --disable-locks --resilience none
-expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
-send "YES\n"
-expect timeout abort eof
-exit
-EOF
-[ $? -eq 0 ] || fail "Expect script failed."
+ $CRYPTSETUP_RAW reencrypt $IMG $CS_PWPARAMS -q --disable-locks --force-offline-reencrypt --resilience none || fail
+}
+
+function img_run_reenc_ok_data_shift()
+{
+ $CRYPTSETUP_RAW reencrypt $IMG $CS_PWPARAMS -q --disable-locks --force-offline-reencrypt || fail
}
function img_run_reenc_fail()
{
-local EXPECT_TIMEOUT=5
-[ -n "$VALG" ] && EXPECT_TIMEOUT=60
-# For now, we cannot run reencryption in batch mode for non-block device. Just fake the terminal here.
-expect_run - >/dev/null <<EOF
-proc abort {} { send_error "Timeout. "; exit 42 }
-set timeout $EXPECT_TIMEOUT
-eval spawn $CRYPTSETUP_RAW reencrypt $IMG $CS_PWPARAMS --disable-locks
-expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
-send "YES\n"
-expect timeout abort eof
-catch wait result
-exit [lindex \$result 3]
-EOF
-local ret=$?
-[ $ret -eq 0 ] && fail "Reencryption passed (should have failed)."
-[ $ret -eq 42 ] && fail "Expect script failed."
+$CRYPTSETUP_RAW reencrypt $IMG $CS_PWPARAMS --force-offline-reencrypt --disable-locks -q 2>/dev/null && fail "Reencryption passed (should have failed)."
img_hash_unchanged
}
-function img_check_fail_repair_ok()
+function img_check_fail_repair()
{
if [ $(id -u) == 0 ]; then
$CRYPTSETUP open $CS_PWPARAMS $IMG $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP repair $IMG $CS_PARAMS || fail
img_check_ok
+}
+
+function img_check_fail_repair_ok()
+{
+ img_check_fail_repair
img_run_reenc_ok
}
+function img_check_fail_repair_ok_data_shift()
+{
+ img_check_fail_repair
+ img_run_reenc_ok_data_shift
+}
+
function valgrind_setup()
{
bin_check valgrind
function valgrind_run()
{
- INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+ export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
+ $CRYPTSETUP_RAW "$@"
}
-function expect_run()
-{
- export INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}"
- expect "$@"
-}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
bin_check jq
bin_check sha256sum
bin_check xxd
-bin_check expect
export LANG=C
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
-#while false; do
-
echo "[1] Reencryption with old flag is rejected"
img_prepare
img_update_json '.config.requirements.mandatory = ["online-reencryptx"]'
img_update_json 'del(.digests."2") | .config.requirements.mandatory = ["online-reencrypt"]'
img_check_fail_repair_ok
+# Simulate future version of reencrypt flag (should pass luksDump)
+img_prepare
+img_update_json '.config.requirements.mandatory = ["online-reencrypt-v999"]'
+img_check_dump_ok
+
+# Multiple reencrypt requirement flags makes LUKS2 invalid
+img_prepare
+img_update_json '.config.requirements.mandatory = .config.requirements.mandatory + ["online-reencrypt-v999"]'
+img_check_fail
+
+img_prepare
+img_update_json '.config.requirements.mandatory = .config.requirements.mandatory + ["online-reencrypt"]'
+img_check_fail
+
+# just regular unknown requirement
+img_prepare
+img_update_json '.config.requirements.mandatory = .config.requirements.mandatory + ["online-reencrypt-v3X"]'
+img_check_dump_ok
+
# This must fail for new releases
echo "[2] Old reencryption in-progress (journal)"
img_prepare
.digests."0".segments = ["0","2"] |
.digests."1".segments = ["1","3"] |
.config.requirements.mandatory = ["online-reencrypt"]'
-img_check_fail_repair_ok
+img_check_fail_repair_ok_data_shift
#
# NEW metadata (with reenc digest)
img_update_json '.keyslots."2".area.shift_size = ((.keyslots."2".area.shift_size|tonumber / 2)|tostring)'
img_check_fail
-#FIXME: cannot check with correct digest for now (--init-only does not store area type)
img_prepare
img_update_json '
.keyslots."2".area.type = "checksum" |
}'
$CRYPTSETUP reencrypt $IMG $CS_PARAMS >/dev/null 2>&1 && fail
+echo "[9] Decryption with datashift"
+img_prepare_raw
+$CRYPTSETUP reencrypt $CS_PARAMS --decrypt --init-only --force-offline-reencrypt --resilience checksum --header $IMG_HDR $IMG || fail
+cp $IMG_HDR $IMG_HDR_BCP
+
+# change hash
+img_json_save $IMG_HDR_BCP
+img_update_json '.keyslots."1".area.hash = "sha12345"' $IMG_HDR
+$CRYPTSETUP reencrypt --header $IMG_HDR $IMG $CS_PARAMS --force-offline-reencrypt 2>/dev/null && fail
+
+# change sector size
+img_json_save $IMG_HDR_BCP
+img_update_json '.keyslots."1".area.sector_size = 1024' $IMG_HDR
+$CRYPTSETUP reencrypt --header $IMG_HDR $IMG $CS_PARAMS --force-offline-reencrypt 2>/dev/null && fail
+
+# replace with new resilience mode
+img_json_save $IMG_HDR_BCP
+img_update_json 'del(.keyslots."1".area.hash) |
+ del(.keyslots."1".sector_size) |
+ .keyslots."1".area.type = "datashift-journal"' $IMG_HDR
+$CRYPTSETUP reencrypt --header $IMG_HDR $IMG $CS_PARAMS --force-offline-reencrypt 2>/dev/null && fail
+
+# downgrade reencryption requirement
+img_json_save $IMG_HDR_BCP
+img_update_json '.config.requirements.mandatory = ["online-reencrypt-v2"]' $IMG_HDR
+$CRYPTSETUP reencrypt --header $IMG_HDR $IMG $CS_PARAMS --force-offline-reencrypt 2>/dev/null && fail
+
+# change datashift value
+img_json_save $IMG_HDR_BCP
+img_update_json '.keyslots."1".area.shift_size = (((.keyslots."1".area.shift_size | tonumber) - 4096) | tostring)' $IMG_HDR
+$CRYPTSETUP reencrypt --header $IMG_HDR $IMG $CS_PARAMS --force-offline-reencrypt 2>/dev/null && fail
+
remove_mapping
exit 0
#!/bin/bash
-PS4='$LINENO:'
+#PS4='$LINENO:'
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
DEV_NAME=reenc9768
DEV_NAME2=reenc97682
IMG=reenc-data
-IMG_HDR=/tmp/$IMG.hdr
+IMG_HDR=$IMG.hdr
+HEADER_LUKS2_PV=blkid-luks2-pv.img
+IMG_FS=xfs_512_block_size.img
KEY1=key1
VKEY1=vkey1
PWD1="93R4P4pIqAH8"
PWD2="1cND4319812f"
PWD3="1-9Qu5Ejfnqv"
+DEV_LINK="reenc-test-link"
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
function dm_crypt_features()
{
[ $VER_MIN -lt 14 ] && return
DM_PERF_CPU=1
- if [ $VER_MIN -ge 17 -o \( $VER_MIN -eq 14 -a $VER_PTC -ge 5 \) ]; then
+ if [ $VER_MIN -ge 17 ]; then
DM_SECTOR_SIZE=1
fi
}
local _tries=15;
while [ -b "$1" -a $_tries -gt 0 ]; do
- rmmod scsi_debug 2> /dev/null
+ rmmod scsi_debug >/dev/null 2>&1
if [ -b "$1" ]; then
sleep .1
_tries=$((_tries-1))
fi
done
- test ! -b "$1" || rmmod scsi_debug 2> /dev/null
+ test ! -b "$1" || rmmod scsi_debug >/dev/null 2>&1
}
function remove_mapping()
[ -b /dev/mapper/$OVRDEV-err ] && dmsetup remove --retry $OVRDEV-err 2>/dev/null
[ -n "$LOOPDEV" ] && losetup -d $LOOPDEV
unset LOOPDEV
- rm -f $IMG $IMG_HDR $KEY1 $VKEY1 $DEVBIG >/dev/null 2>&1
- rmmod scsi_debug 2> /dev/null
+ rm -f $IMG $IMG_HDR $KEY1 $VKEY1 $DEVBIG $DEV_LINK $HEADER_LUKS2_PV $IMG_FS >/dev/null 2>&1
+ rmmod scsi_debug >/dev/null 2>&1
scsi_debug_teardown $DEV
}
function add_scsi_device() {
scsi_debug_teardown $DEV
- modprobe scsi_debug $@ delay=0
- if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
- fi
-
- sleep 1
- DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
- [ -b $DEV ] || fail "Cannot find $DEV."
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "This kernel seems to not support proper scsi_debug module, test skipped."
+ exit 77
+ fi
+
+ sleep 1
+ DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+ [ -b $DEV ] || fail "Cannot find $DEV."
}
function open_crypt() # $1 pwd, $2 hdr
fi
}
+function wipe_dev_head() # $1 dev, $2 length (in MiBs)
+{
+ dd if=/dev/zero of=$1 bs=1M count=$2 conv=notrunc >/dev/null 2>&1
+}
+
function wipe_dev() # $1 dev
{
if [ -b $1 ] ; then
blkdiscard --zeroout $1 2>/dev/null || dd if=/dev/zero of=$1 bs=1M conv=notrunc >/dev/null 2>&1
+ if [ $# -gt 2 ]; then
+ dd if=/dev/urandom of=$1 bs=1M seek=$2 conv=notrunc >/dev/null 2>&1
+ fi
else
local size=$(stat --printf="%s" $1)
truncate -s 0 $1
- truncate -s $size $1
+ if [ $# -gt 2 ]; then
+ local diff=$((size-$2*1024*1024))
+ echo "size: $size, diff: $diff"
+ truncate -s $diff $1
+ # wipe_dev_head $1 $((diff/(1024*1024)))
+ dd if=/dev/urandom of=$1 bs=1M seek=$2 size=$((diff/(1024*1024))) conv=notrunc >/dev/null 2>&1
+ else
+ truncate -s $size $1
+ fi
fi
}
function check_hash_dev() # $1 dev, $2 hash
{
- HASH=$(sha256sum $1 | cut -d' ' -f 1)
+ HASH=$(sha1sum $1 | cut -d' ' -f 1)
[ $HASH != "$2" ] && fail "HASH differs (expected: $2) (result $HASH)"
}
$CRYPTSETUP remove $DEV_NAME || fail
}
+function check_hash_dev_head() # $1 dev, $2 len, $3 hash
+{
+ local hash=$(dd if=$1 bs=512 count=$2 2>/dev/null | sha1sum | cut -d' ' -f1)
+ [ $hash != "$3" ] && fail "HASH differs (expected: $3) (result $hash)"
+}
+
function check_hash_head() # $1 pwd, $2 len, $3 hash, $4 hdr
{
open_crypt $1 $4
- if [ -n "$4" ]; then
- echo $1 | $CRYPTSETUP resize $DEV_NAME --size $2 --header $4 || fail
- else
- echo $1 | $CRYPTSETUP resize $DEV_NAME --size $2 || fail
- fi
- check_hash_dev /dev/mapper/$DEV_NAME $3
+ check_hash_dev_head /dev/mapper/$DEV_NAME $2 $3
$CRYPTSETUP remove $DEV_NAME || fail
}
test -z "$4" || _hdr="--header $4"
error_writes $OVRDEV $OLD_DEV $ERROFFSET $ERRLENGTH
- echo $PWD1 | $CRYPTSETUP reencrypt $DEV $_hdr --hotzone-size 1M --resilience $2 --sector-size $1 -q $FAST_PBKDF_ARGON >/dev/null 2>&1 && fail
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV $_hdr --hotzone-size 1M --resilience $2 --sector-size $1 --force-offline-reencrypt -q $FAST_PBKDF_ARGON >/dev/null 2>&1 && fail
fix_writes $OVRDEV $OLD_DEV
echo $PWD1 | $CRYPTSETUP -q repair $DEV $_hdr || fail
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $4 --resilience $2 --sector-size $1 -q $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $3 $4
+ [ -f $4 ] && rm -f $4
+
echo "[OK]"
}
$CRYPTSETUP close $DEV_NAME || fail
+ [ -f $4 ] && rm -f $4
+
echo "[OK]"
}
check_hash_dev $DEV $3
+ [ -f $4 ] && rm -f $4
+
echo "[OK]"
}
$CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
check_hash_dev $DEV $3
+ [ -f $4 ] && rm -f $4
+
echo "[OK]"
}
+function decrypt_recover() { # $1 hash, $2 hdr, $3 dev size, $4 resilience, $5 hotzone size
+ local _res=""
+ local _maxhz=""
+ test -z "$4" || _res="--resilience $4"
+ test -z "$5" || _maxhz="--hotzone-size $5"
+ echo -n "[${4:-default}]"
+
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --decrypt --header $2 --init-only $_maxhz >/dev/null || fail
+
+ error_writes $OVRDEV $OLD_DEV $ERROFFSET $ERRLENGTH
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $2 -q $_res >/dev/null 2>&1 && fail
+ fix_writes $OVRDEV $OLD_DEV
+
+ echo $PWD1 | $CRYPTSETUP -q repair $DEV --header $2 || fail
+
+ $CRYPTSETUP luksDump $2 | grep -q "online-reencrypt"
+ if [ $? -eq 0 ]; then
+ check_hash $PWD1 $1 $2
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $2 $_res -q $FAST_PBKDF_ARGON || fail
+ fi
+
+ check_hash_dev_head $DEV $3 $1
+
+ [ -f $2 ] && rm -f $2
+
+ echo -n "[OK]"
+}
+
+function decrypt_recover_online() { # $1 hash, $2 hdr, $3 dev size
+ local _res=""
+ local _maxhz=""
+ test -z "$4" || _res="--resilience $4"
+ test -z "$5" || _maxhz="--hotzone-size $5"
+ echo -n "[${4:-default}]"
+
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --decrypt --header $2 $_maxhz --init-only >/dev/null 2>&1 || fail
+
+ error_writes $OVRDEV $OLD_DEV $ERROFFSET $ERRLENGTH
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $2 -q $_res >/dev/null 2>&1 && fail
+ $CRYPTSETUP status $DEV_NAME --header $2 | grep -q "reencryption: in-progress" || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ fix_writes $OVRDEV $OLD_DEV
+
+ # recovery during activation
+ echo $PWD1 | $CRYPTSETUP open $DEV --header $2 $DEV_NAME || fail
+
+ check_hash_dev /dev/mapper/$DEV_NAME $1
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $2 -q || fail
+
+ $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
+ check_hash_dev_head $DEV $3 $1
+
+ [ -f $2 ] && rm -f $2
+
+ echo -n "[OK]"
+}
+
+function decrypt_recover_online_moved() { # $1 hash, $2 hdr, $3 dev size
+ local _res=""
+ local _maxhz=""
+ test -z "$4" || _res="--resilience $4"
+ test -z "$5" || _maxhz="--hotzone-size $5"
+ echo -n "[${4:-default}]"
+
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --decrypt --header $2 $_maxhz $_res --init-only >/dev/null 2>&1 || fail
+
+ error_writes $OVRDEV $OLD_DEV $ERROFFSET $ERRLENGTH
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV --header $2 -q $_res >/dev/null 2>&1 && fail
+ $CRYPTSETUP status $DEV_NAME --header $2 | grep -q "reencryption: in-progress" || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ fix_writes $OVRDEV $OLD_DEV
+
+ # recovery but activation fails due to last segment recovery makes it plaintext device
+ echo $PWD1 | $CRYPTSETUP open $DEV --header $2 $DEV_NAME 2>/dev/null && fail
+
+ $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
+ check_hash_dev_head $DEV $3 $1
+
+ [ -f $2 ] && rm -f $2
+
+ echo -n "[OK]"
+}
+
# sector size (bytes)
# reenc dev size (sectors)
# reenc dev digest
function reencrypt_offline_fixed_size() {
local _esz=$(($1>>9))
local _hdr=""
+ # round-up fixed size to megabytes
+ local _mbs=$((($2>>11)+1))
test -z "$7" || _hdr="--header $7"
+ if [ -z "$7" ]; then
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --offset 16384 $FAST_PBKDF_ARGON $DEV || fail
+ else
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $7 $FAST_PBKDF_ARGON $DEV || fail
+ fi
+ echo $PWD1 | $CRYPTSETUP open $_hdr $DEV $DEV_NAME || fail
+ wipe_dev_head /dev/mapper/$DEV_NAME $_mbs
+ $CRYPTSETUP close $DEV_NAME || fail
+
# reencrypt with fixed device size
- echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV $_hdr --sector-size $1 --device-size $2s --resilience $4 || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV $_hdr --sector-size $1 --device-size $2s --resilience $4 --force-offline-reencrypt || fail
+
check_hash_head $PWD1 $2 $3 $7
wipe $PWD1 $7
# try to reencrypt device size + 1 encryption sector size
- echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV $_hdr --sector-size $1 --init-only || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV $_hdr --sector-size $1 --init-only --force-offline-reencrypt || fail
echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV $_hdr --device-size $(($5+_esz))s --resilience $4 2>/dev/null && fail
check_hash $PWD1 $6 $7
wipe_dev $DEV
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt -q $FAST_PBKDF_ARGON $DEV --header $7 --sector-size $1 --device-size $2s --resilience $4 || fail
check_hash_head $PWD1 $2 $3 $7
+ [ -f $7 ] && rm -f $7
# try to reencrypt device size + 1 encryption sector size
wipe_dev $DEV
# misaligned reencryption size
if [ $_esz -gt 1 ]; then
+ [ -f $7 ] && rm -f $7
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt -q $FAST_PBKDF_ARGON $DEV --header $7 --sector-size $1 --init-only || fail
echo $PWD1 | $CRYPTSETUP reencrypt -q $DEV --header $7 --device-size $(($2+_esz-1))s --resilience $4 2>/dev/null && fail
$CRYPTSETUP luksDump $7 | grep -q "2: crypt" || fail
$CRYPTSETUP luksDump $7 | grep -q "3: crypt" && fail
check_hash $PWD1 $6 $7
fi
+
+ [ -f $7 ] && rm -f $7
}
# sector size (bytes)
$CRYPTSETUP close $DEV_NAME || fail
check_hash $PWD1 $6 $7
fi
+
+ [ -n "$7" -a -f "$7" ] && rm -f $7
}
function setup_luks2_env() {
$CRYPTSETUP close $DEV_NAME || fail
}
+function check_blkid() {
+ bin_check blkid
+ xz -dkf $HEADER_LUKS2_PV.xz
+ if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
+ HAVE_BLKID=0
+ elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
+ HAVE_BLKID=1
+ xz -dkf $IMG_FS.xz
+ blkid $IMG_FS | grep -q BLOCK_SIZE && BLKID_BLOCK_SIZE_SUPPORT=1
+ else
+ HAVE_BLKID=0
+ fi
+}
+
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
+function bin_check()
+{
+ command -v $1 >/dev/null || skip "WARNING: test require $1 binary, test skipped."
+}
+
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
fips_mode && skip "This test cannot be run in FIPS mode."
-modprobe --dry-run scsi_debug || exit 77
-modprobe dm-crypt || fail "dm-crypt failed to load"
+modprobe --dry-run scsi_debug >/dev/null 2>&1 || skip "This kernel seems to not support proper scsi_debug module, test skipped."
+modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
modprobe dm-delay > /dev/null 2>&1
dm_crypt_features
# REENCRYPTION tests
# 28 MiBs of zeros (32MiBs - 4MiB LUKS2 header)
-HASH1=f8280c81b347b01405277bf9e8bf0685ae8be863ff104797c65b7169f8203fd2
+HASH1=4da90c0638bd7d29ce3d0ace3df5ee99706c23da
# 1 MiB of zeros
-HASH2=30e14955ebf1352266dc2ff8067e68104607e750abb9d3b36582b8af909fcb58
+HASH2=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3
# 256 MiBs of zeros
-HASH3=a6d72ac7690f53be6ae46ba88506bd97302a093f7108472bd9efc3cefda06484
+HASH3=7b91dbdc56c5781edf6c8847b4aa6965566c5c75
# 64 MiBs of zeroes
-HASH4=3b6a07d0d404fab4e23b6d34bc6696a6a312dd92821332385e5af7c01c421351
+HASH4=44fac4bedde4df04b9572ac665d3ac2c5cd00c7d
# 56 MiBs of zeroes
-HASH5=8afcb7e7189ce4d112fd245eaa60c3cfcf5a5d5e1d6bf4eb85941d73ef8cfbd5
+HASH5=bcd8ce9b30a43b2dacdf479493c93e167ef60946
# 43 MiBs of zeroes
-HASH6=39f7c6d38af574fe2c90ef400dfaba8ef8edccd11bdac998a3f8143a86837331
+HASH6=2cf8a5f40a2ab5373c5425d6071da480f1ce08e8
# 31 MiBs of zeroes
-HASH7=18a393d1a505e22ccf3e29effe3005ea8627e4c36b7cca0e53f58121f49b67e1
+HASH7=7ed56dd14d2841cf169fe503d097be04192666bd
# 60 MiBs of zeroes
-HASH8=cf5ac69ca412f9b3b1a8b8de27d368c5c05ed4b1b6aa40e6c38d9cbf23711342
+HASH8=233ba936226a3ac499e67babaebd0d4aafb9761a
+# 240 MiBs of zeroes (256MiBs - 16MiBs default LUKS2 header size)
+HASH9=045eebed703cce308e049deb019b877f0445862f
+# 16 MiBs of zeroes
+HASH10=3b4417fc421cee30a9ad0fd9319220a8dae32da2
prepare dev_size_mb=32
setup_luks2_env
+# Check that we can use other ciphers than AES in userspace backend.
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c twofish-xts-plain64 $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON 2>/dev/null || skip "Cannot use Twofish cipher, test skipped"
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c serpent-xts-plain64 $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON 2>/dev/null || skip "Cannot use Serpent cipher, test skipped."
+wipe_dev $DEV
+
echo "[1] Reencryption"
echo -n "[512 sector]"
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-essiv:sha256 --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
prepare sector_size=4096 dev_size_mb=32
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-essiv:sha256 --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $HASH1
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -s 256 -c twofish-cbc-essiv:sha256 --resilience journal $FAST_PBKDF_ARGON || fail
prepare sector_size=512 physblk_exp=3 dev_size_mb=32
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-essiv:sha256 --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $HASH1
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -s 256 -c twofish-cbc-essiv:sha256 --resilience journal $FAST_PBKDF_ARGON || fail
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -s 128 -c aes-cbc-essiv:sha256 --resilience checksum $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $HASH2
if [ -n "$DM_SECTOR_SIZE" ]; then
- echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON --sector-size 4096 || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q $FAST_PBKDF_ARGON --sector-size 4096 --force-offline-reencrypt || fail
check_hash $PWD1 $HASH2
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -s 256 -c twofish-cbc-essiv:sha256 --resilience journal --sector-size 2048 $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $HASH2
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt -c aes-cbc-essiv:sha256 -s 128 --reduce-device-size 8M -q $FAST_PBKDF_ARGON || fail
check_hash_head $PWD1 $((56*1024*2)) $HASH5
wipe_dev $DEV
-check_hash_dev $DEV $HASH4
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt -c twofish-cbc-essiv:sha256 -s 128 --reduce-device-size 21M -q $FAST_PBKDF_ARGON || fail
check_hash_head $PWD1 $((43*1024*2)) $HASH6
wipe_dev $DEV
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt --reduce-device-size 64M -q $FAST_PBKDF_ARGON > /dev/null 2>&1 && fail
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 8M --init-only -q $FAST_PBKDF_ARGON $DEV || fail
resize_file $DEVBIG -512
-echo $PWD1 | $CRYPTSETUP reencrypt $DEV 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q $DEV 2> /dev/null && fail
resize_file $DEVBIG 512
wipe_dev $DEV
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt -c aes-cbc-essiv:sha256 -s 128 --offset 32760 --reduce-device-size 8M -q $FAST_PBKDF_ARGON --init-only >/dev/null 2>&1 && fail
$CRYPTSETUP close $DEV_NAME
echo $PWD1 | $CRYPTSETUP open $DEV --test-passphrase || fail
+# Small device encryption test
+preparebig 65
+# wipe only 1st MiB (final data size after encryption)
+wipe_dev $DEV 1
+check_hash_dev_head $DEV 2048 $HASH2
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt --reduce-device-size 64M -q $FAST_PBKDF_ARGON || fail
+check_hash_head $PWD1 2048 $HASH2
+
+wipe_dev_head $DEV 1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt --reduce-device-size 64M --init-only -q $FAST_PBKDF_ARGON $DEV_NAME >/dev/null || fail
+check_hash_dev_head /dev/mapper/$DEV_NAME 2048 $HASH2
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q || fail
+check_hash_dev_head /dev/mapper/$DEV_NAME 2048 $HASH2
+
echo "[3] Encryption with detached header"
preparebig 256
wipe_dev $DEV
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
check_hash $PWD1 $HASH3 $IMG_HDR
wipe_dev $DEV
+rm -f $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --resilience journal --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
check_hash $PWD1 $HASH3 $IMG_HDR
wipe_dev $DEV
+rm -f $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt -c twofish-cbc-essiv:sha256 -s 128 --resilience none --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
check_hash $PWD1 $HASH3 $IMG_HDR
wipe_dev $DEV
+rm -f $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt --encrypt -c serpent-xts-plain --resilience checksum --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
check_hash $PWD1 $HASH3 $IMG_HDR
+rm -f $IMG_HDR
# Device activation after encryption initialization
wipe_dev $DEV
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --encrypt -c aes-cbc-essiv:sha256 -s 128 --reduce-device-size 8M -q $FAST_PBKDF_ARGON $DEV_NAME 2>/dev/null && fail
$CRYPTSETUP close $DEV_NAME
check_hash $PWD1 $HASH3 $IMG_HDR
+rm -f $IMG_HDR
+
+# Device encryption with data offset set in detached header
+wipe_dev $DEV
+dd if=/dev/urandom of=$DEV bs=512 count=32768 >/dev/null 2>&1
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR --offset 32768 -q $FAST_PBKDF_ARGON $DEV || fail
+check_hash $PWD1 $HASH9 $IMG_HDR
+rm -f $IMG_HDR
# Device activation using key file
wipe_dev $DEV
$CRYPTSETUP close $DEV_NAME
echo $PWD1 | $CRYPTSETUP open --header $IMG_HDR $DEV --test-passphrase || fail
+# Encrypt without size reduction must not allow header device same as data device
+wipe_dev_head $DEV 1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV --type luks2 --encrypt --header $DEV -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $DEV 2>/dev/null && fail
+ln -s $DEV $DEV_LINK || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV --type luks2 --encrypt --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $DEV 2>/dev/null && fail
+rm -f $DEV_LINK || fail
+
+dd if=/dev/zero of=$IMG bs=4k count=1 >/dev/null 2>&1
+echo $PWD1 | $CRYPTSETUP reencrypt $IMG --type luks2 --encrypt --header $IMG -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail
+ln -s $IMG $DEV_LINK || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $IMG --type luks2 --encrypt --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail
+
echo "[4] Reencryption with detached header"
wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
$CRYPTSETUP close $DEV_NAME2 || fail
echo "[5] Decryption with detached header"
-echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --sector-size 512 -c aes-cbc-essiv:sha256 -s 128 --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --header $IMG_HDR $DEV || fail
check_hash_dev $DEV $HASH3
check_hash_dev $DEV $HASH3
# check deferred remove works as expected after decryption
-echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 --sector-size 512 -c serpent-xts-plain --header $IMG_HDR -q $FAST_PBKDF_ARGON $DEV || fail
open_crypt $PWD1 $IMG_HDR
dmsetup create $DEV_NAME2 --table "0 1 linear /dev/mapper/$DEV_NAME 0" || fail
echo $PWD1 | $CRYPTSETUP reencrypt -q --decrypt --resilience checksum --header $IMG_HDR --active-name $DEV_NAME || fail
# check tool can block some funny user ideas
preparebig 64
+ln -s $DEV $DEV_LINK || fail
echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 -c serpent-xts-plain -q $FAST_PBKDF_ARGON $DEV || fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $DEV -q 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $DEV_LINK -q 2>/dev/null && fail
open_crypt $PWD1
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME -q 2>/dev/null && fail
echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $DEV -q 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $DEV_LINK -q 2>/dev/null && fail
$CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail
$CRYPTSETUP close $DEV_NAME
+# yet another funny idea
+rm -f $IMG_HDR
+$CRYPTSETUP luksHeaderBackup --header-backup-file $IMG_HDR $DEV || fail
+chmod +w $IMG_HDR || fail
+command -v wipefs >/dev/null && {
+ wipefs -a $DEV >/dev/null 2>&1 || fail
+}
+open_crypt $PWD1 $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME --decrypt --header $IMG_HDR -q 2>/dev/null && fail
+$CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail
+$CRYPTSETUP close $DEV_NAME || fail
+
if ! dm_delay_features; then
echo "dm-delay target is missing, skipping recovery tests."
remove_mapping
get_error_offsets 32 $OFFSET
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 512 checksum $HASH1
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH1
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
reencrypt_recover 4096 journal $HASH1
echo "sector size 4096->4096"
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 --sector-size 4096 -c aes-cbc-essiv:sha256 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH1
get_error_offsets 32 $OFFSET
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 512 checksum $HASH1
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH1
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
reencrypt_recover_online 4096 journal $HASH1
echo "sector size 4096->4096"
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 --sector-size 4096 -c aes-cbc-essiv:sha256 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH1
get_error_offsets 31 0 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH7 $IMG_HDR
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
reencrypt_recover 4096 journal $HASH7 $IMG_HDR
echo "sector size 4096->4096"
get_error_offsets 31 0 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH7 $IMG_HDR
get_error_offsets 31 0
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
-check_hash $PWD1 $HASH7 $IMG_HDR
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 512 checksum $HASH7 $IMG_HDR
get_error_offsets 31 0 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH7 $IMG_HDR
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
reencrypt_recover_online 4096 journal $HASH7 $IMG_HDR
echo "sector size 4096->4096"
get_error_offsets 31 0 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1 $IMG_HDR
- check_hash $PWD1 $HASH7 $IMG_HDR
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH7 $IMG_HDR
echo "[16] Offline reencryption with fixed device size."
preparebig 68
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --offset 16384 $FAST_PBKDF_ARGON $DEV || fail
-wipe $PWD1
-check_hash $PWD1 $HASH8
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- reencrypt_offline_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8
- reencrypt_offline_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8
- reencrypt_offline_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8
+ reencrypt_offline_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8
+ reencrypt_offline_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8
+ reencrypt_offline_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8
echo -n "[OK]"
done
echo ""
done
echo "[17] Online reencryption with fixed device size."
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- reencrypt_online_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8
- reencrypt_online_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8
- reencrypt_online_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8
+ reencrypt_online_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8
+ reencrypt_online_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8
+ reencrypt_online_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8
echo -n "[OK]"
done
echo ""
echo "[18] Offline reencryption with fixed device size (detached header)."
preparebig 60
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
-wipe $PWD1 $IMG_HDR
-check_hash $PWD1 $HASH8 $IMG_HDR
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- reencrypt_offline_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- reencrypt_offline_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- reencrypt_offline_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_offline_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_offline_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_offline_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
echo -n "[OK]"
done
echo ""
done
echo "[19] Online reencryption with fixed device size (detached header)."
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- reencrypt_online_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- reencrypt_online_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- reencrypt_online_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_online_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_online_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ reencrypt_online_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
echo -n "[OK]"
done
echo ""
done
echo "[20] Offline encryption with fixed device size (detached header)."
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- encrypt_offline_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- encrypt_offline_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- encrypt_offline_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ encrypt_offline_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ encrypt_offline_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ encrypt_offline_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
echo -n "[OK]"
done
echo ""
echo "[21] Offline decryption with fixed device size (detached header)."
prepare_linear_dev 60
-for test_ss in $TEST_SECTORS; do
-printf "sector size %4s: " $test_ss
+for test_sector_size in $TEST_SECTORS; do
+printf "sector size %4s: " $test_sector_size
for test_res in checksum journal none; do
echo -n "[$test_res]"
- decrypt_offline_fixed_size $test_ss 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- decrypt_offline_fixed_size $test_ss $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
- decrypt_offline_fixed_size $test_ss $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ decrypt_offline_fixed_size $test_sector_size 2048 $HASH2 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ decrypt_offline_fixed_size $test_sector_size $((28*1024*2)) $HASH1 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
+ decrypt_offline_fixed_size $test_sector_size $((31*1024*2)) $HASH7 $test_res $((60*1024*2)) $HASH8 $IMG_HDR
echo -n "[OK]"
done
echo ""
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF2 $DEV || fail
echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH2
echo -e "$PWD1\n$PWD2\n$PWD3" | $CRYPTSETUP reencrypt $DEV -q || fail
check_hash $PWD1 $HASH2
echo $PWD1 | $CRYPTSETUP reencrypt $DEV --resume-only -q 2>/dev/null && fail
echo -e "$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1\n$PWD1" | $CRYPTSETUP reencrypt $DEV -q || fail
+#test error path behaves as expected for initialization with not enough space in binary area
+# create LUKS2 header with keyslots binary space for exactly 4 keyslots
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --luks2-keyslots-size $((4*258048)) -S0 -s512 --cipher aes-xts-plain64 $FAST_PBKDF_ARGON $DEV >/dev/null || fail
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S1 $DEV -q $FAST_PBKDF_ARGON || fail
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S2 $DEV -q $FAST_PBKDF_ARGON || fail
+# there is not enough space in binary area for keyslot id 4 (replacement for id 2)
+echo -e "$PWD1\n$PWD2\n$PWD2" | $CRYPTSETUP reencrypt $DEV --init-only -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+# check cli removed all unbound keyslots created in-before reencryption initialization
+$CRYPTSETUP luksDump $DEV | grep -q "unbound" && fail
+
+echo $PWD1 | $CRYPTSETUP luksKillSlot $DEV 2 || fail
+# there is not enough space in binary area for reencryption keyslot
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP reencrypt $DEV --init-only -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+# check cli removed all unbound keyslots created in-before reencryption initialization
+$CRYPTSETUP luksDump $DEV | grep -q "unbound" && fail
+
echo "[23] Reencryption with specified new volume key"
prepare dev_size_mb=32
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 256 -c aes-cbc-essiv:sha256 --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
-echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -S0 $FAST_PBKDF_ARGON --master-key-file $VKEY1 -s 128 || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q -S0 $FAST_PBKDF_ARGON --volume-key-file $VKEY1 -s 128 || fail
check_hash $PWD1 $HASH1
$CRYPTSETUP luksErase -q $DEV || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_ARGON --master-key-file $VKEY1 -s 128 $DEV || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -q $FAST_PBKDF_ARGON --volume-key-file $VKEY1 -s 128 $DEV || fail
check_hash $PWD1 $HASH1
echo "[24] Reencryption with initial cipher_null"
prepare dev_size_mb=32
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c cipher_null-ecb --offset 8192 $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo $PWD1 | $CRYPTSETUP reencrypt $DEV -c aes-xts-plain64 -q $FAST_PBKDF_ARGON || fail
check_hash $PWD1 $HASH1
get_error_offsets 32 $OFFSET
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 512 checksum $HASH1
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH1
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
reencrypt_recover 4096 journal $HASH1
echo "sector size 4096->4096"
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover 4096 checksum $HASH1
get_error_offsets 32 $OFFSET
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 -c null --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
-check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 512 checksum $HASH1
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH1
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
reencrypt_recover_online 4096 journal $HASH1
echo "sector size 4096->4096"
get_error_offsets 32 $OFFSET 4096
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c null --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
wipe $PWD1
- check_hash $PWD1 $HASH1
echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
reencrypt_recover_online 4096 checksum $HASH1
reencrypt_recover_online 4096 journal $HASH1
fi
+echo "[27] Verify test passphrase mode works with reencryption metadata"
+echo $PWD1 | $CRYPTSETUP -S5 -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV || fail
+echo -e "$PWD1\n$PWD1" | $CRYPTSETUP luksAddKey --unbound -s80 -S0 $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --init-only $DEV || fail
+echo $PWD1 | $CRYPTSETUP open --test-passphrase $DEV || fail
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat -S5 --header $IMG_HDR --type luks2 $FAST_PBKDF_ARGON $DEV || fail
+echo -e "$PWD1\n$PWD1" | $CRYPTSETUP luksAddKey --unbound -s80 -S0 $FAST_PBKDF_ARGON $IMG_HDR || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --init-only --header $IMG_HDR $DEV || fail
+echo $PWD1 | $CRYPTSETUP open --test-passphrase $IMG_HDR || fail
+rm -f $IMG_HDR
+wipe_dev_head $DEV 1
+
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --init-only --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP open --test-passphrase $IMG_HDR || fail
+
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 8M $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP open --test-passphrase $DEV || fail
+
+echo "[28] Prevent nested encryption"
+prepare_linear_dev 32 opt_blks=64 $OPT_XFERLEN_EXP
+
+#device already LUKS2
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail
+
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --reduce-device-size 2m $FAST_PBKDF2 $DEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+test -f $IMG_HDR && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --reduce-device-size 2m $FAST_PBKDF2 $DEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+test -f $IMG_HDR && fail
+#type mismatch
+echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 $DEV 2>/dev/null && fail
+wipe_dev $DEV
+
+#detached header already LUKS2
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
+
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 --header $IMG_HDR $DEV 2>/dev/null && fail
+rm -f $IMG_HDR
+
+#data device already in reencryption
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --init-only $FAST_PBKDF_ARGON $DEV || fail
+
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+test -f $IMG_HDR && fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+test -f $IMG_HDR && fail
+#type mismatch
+echo $PWD1 | $CRYPTSETUP reencrypt -q --type luks1 $DEV 2>/dev/null && fail
+wipe_dev $DEV
+rm -f $IMG_HDR
+
+#header in reencryption (type mismatch)
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --type luks1 --header $IMG_HDR $FAST_PBKDF2 $DEV 2>/dev/null && fail
+
+echo "[29] Conflicting reencryption parameters"
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --init-only $FAST_PBKDF_ARGON || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --reduce-device-size 4M $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-checksum 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-journal 2> /dev/null && fail
+wipe_dev_head $DEV 1
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 16M $DEV -q $FAST_PBKDF_ARGON 2> /dev/null || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience journal 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-checksum 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --resilience datashift-journal 2> /dev/null && fail
+wipe_dev_head $DEV 1
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --resilience datashift-checksum 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --resilience datashift-journal 2>/dev/null && fail
+rm -f $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --encrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --header $IMG_HDR $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only $FAST_PBKDF_ARGON || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --header $IMG_HDR $DEV -q $FAST_PBKDF_ARGON 2> /dev/null && fail
+rm -f $IMG_HDR
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF2 $DEV || fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience datashift 2> /dev/null && fail
+test -f $IMG_HDR && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience none 2> /dev/null && fail
+test -f $IMG_HDR && fail
+$CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --init-only $FAST_PBKDF_ARGON --resilience checksum --hotzone-size 4m || fail
+$CRYPTSETUP isLuks $DEV -q && fail
+# $CRYPTSETUP luksDump $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience datashift 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience none 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt $DEV --header $IMG_HDR -q --resilience journal || fail
+rm -f $IMG_HDR
+
+check_blkid
+if [ "$HAVE_BLKID" -gt 0 ]; then
+ echo "[30] Prevent nested encryption of broken LUKS device"
+ rm -f $IMG_HDR
+ xz -dkf $HEADER_LUKS2_PV.xz
+ wipe_dev $DEV
+
+ # broken header
+ echo $PWD1 | $CRYPTSETUP reencrypt -q --header $HEADER_LUKS2_PV $DEV $FAST_PBKDF_ARGON --encrypt --type luks2 2>/dev/null && fail
+ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+ # broken device
+ echo $PWD1 | $CRYPTSETUP reencrypt -q $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 --reduce-device-size 8m 2>/dev/null && fail
+ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+ # broken data device only
+ echo $PWD1 | $CRYPTSETUP reencrypt -q --header $IMG_HDR $HEADER_LUKS2_PV $FAST_PBKDF_ARGON --encrypt --force-offline-reencrypt --type luks2 2>/dev/null && fail
+ test -f $IMG_HDR && fail
+fi
+
+if [ -n "$DM_SECTOR_SIZE" -a $HAVE_BLKID -gt 0 ]; then
+ echo "[31] Prevent dangerous sector size increase"
+ preparebig 64
+ echo $PWD1 | $CRYPTSETUP luksFormat -q --sector-size 512 --type luks2 $FAST_PBKDF_ARGON $DEV || fail
+
+ # block encryption sector size increase on offline device
+ echo $PWD1 | $CRYPTSETUP reencrypt --init-only -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV 2>/dev/null && fail
+ $CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+ echo $PWD1 | $CRYPTSETUP reencrypt -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV 2>/dev/null && fail
+ $CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
+ $CRYPTSETUP luksDump $DEV | grep -q "sector: 1024" && fail
+
+ # --force-offline-reencrypt can bypass the constraint
+ echo $PWD1 | $CRYPTSETUP reencrypt --force-offline-reencrypt --init-only -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV || fail
+ # resume must work
+ echo $PWD1 | $CRYPTSETUP reencrypt -q $FAST_PBKDF_ARGON $DEV || fail
+
+ # online with no superblock is fine
+ echo $PWD1 | $CRYPTSETUP open -q $DEV $DEV_NAME || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt --init-only -q --sector-size 4096 $FAST_PBKDF_ARGON $DEV || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+
+ # sector size decrease is ok
+ echo $PWD1 | $CRYPTSETUP luksFormat -q --sector-size 4096 --type luks2 $FAST_PBKDF_ARGON $DEV || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt --init-only -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV || fail
+
+ if [ -n "$BLKID_BLOCK_SIZE_SUPPORT" ]; then
+ xz -dkf $IMG_FS.xz
+ # encryption checks must work in offline mode
+ echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail
+ test -f $IMG_HDR && fail
+
+ echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --header $IMG_HDR $IMG_FS $FAST_PBKDF_ARGON --type luks2 2>/dev/null && fail
+ test -f $IMG_HDR && fail
+
+ echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --reduce-device-size 8m $IMG_FS $FAST_PBKDF_ARGON --init-only --type luks2 2>/dev/null && fail
+ $CRYPTSETUP isLuks $IMG_FS && fail
+ echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --force-offline-reencrypt --sector-size 1024 -q --reduce-device-size 8m $IMG_FS $FAST_PBKDF_ARGON --type luks2 2>/dev/null && fail
+ $CRYPTSETUP isLuks $IMG_FS && fail
+
+ echo $PWD1 | $CRYPTSETUP luksFormat -q --sector-size 512 --type luks2 $FAST_PBKDF_ARGON $DEV || fail
+ echo $PWD1 | $CRYPTSETUP open -q $DEV $DEV_NAME || fail
+ dd if=$IMG_FS of=/dev/mapper/$DEV_NAME bs=1M >/dev/null 2>&1
+
+ echo $PWD1 | $CRYPTSETUP reencrypt --init-only -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV 2>/dev/null && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail
+ echo $PWD1 | $CRYPTSETUP reencrypt --init-only -q --sector-size 1024 --active-name $DEV_NAME $FAST_PBKDF_ARGON 2>/dev/null && fail
+ $CRYPTSETUP status $DEV_NAME | grep -q "reencryption: in-progress" && fail
+ echo $PWD1 | $CRYPTSETUP reencrypt -q --sector-size 1024 $FAST_PBKDF_ARGON $DEV 2>/dev/null && fail
+ $CRYPTSETUP luksDump $DEV | grep -q "sector: 512" || fail
+ echo $PWD1 | $CRYPTSETUP reencrypt -q --sector-size 1024 --active-name $DEV_NAME $FAST_PBKDF_ARGON 2>/dev/null && fail
+ $CRYPTSETUP luksDump $DEV | grep -q "sector: 512" || fail
+ fi
+fi
+
+echo "[32] Removal of encryption (LUKS2 legacy cryptsetup-reencrypt test)."
+prepare dev_size_mb=32
+OFFSET=8192
+
+# offline decryption with shift
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 57344 $HASH1
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+# online decryption with shift
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 57344 $HASH1
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+# offline decryption (separate initialization and decryption steps)
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only || fail
+check_hash $PWD1 $HASH1 $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 57344 $HASH1
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+# online decryption with shift
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only || fail
+check_hash_dev /dev/mapper/$DEV_NAME $HASH1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 57344 $HASH1
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+# same tests just with date size == LUKS2 header size
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 32768 || fail
+wipe $PWD1
+check_hash $PWD1 $HASH10
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 32768 $HASH10
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 32768 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 32768 $HASH10
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 32768 || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only || fail
+check_hash $PWD1 $HASH10 $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 32768 $HASH10
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 32768 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only || fail
+check_hash_dev /dev/mapper/$DEV_NAME $HASH10
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 32768 $HASH10
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+# 1MiB data size
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 63488 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+# --hotzone-size larger than data expected to get auto corrected by library
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --init-only --hotzone-size 4M || fail
+check_hash_dev /dev/mapper/$DEV_NAME $HASH2
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 2048 $HASH2
+rm -f $IMG_HDR
+
+# small device (less than header size)
+prepare dev_size_mb=5
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -S5 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 2048 $HASH2
+# FIXME: Should not reencryption remove it automatically?
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -S5 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR || fail
+check_hash_dev_head $DEV 2048 $HASH2
+rm -f $IMG_HDR
+
+# initialization by --active-name parameter
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --active-name $DEV_NAME || fail
+check_hash_dev_head $DEV 2048 $HASH2
+rm -f $IMG_HDR
+
+# initialization and resume by --active-name parameter
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV --offset 8192 || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --decrypt --header $IMG_HDR --active-name $DEV_NAME --init-only || fail
+check_hash_dev /dev/mapper/$DEV_NAME $HASH2
+echo $PWD1 | $CRYPTSETUP reencrypt $DEV -q --header $IMG_HDR --active-name $DEV_NAME || fail
+check_hash_dev_head $DEV 2048 $HASH2
+rm -f $IMG_HDR
+
+echo "[33] Decryption with datashift recovery (error in shift area)."
+prepare_linear_dev 32
+echo "sector size 512"
+
+# avoid error in moved segment area on purpose
+# Also do not create write error in last segment because
+# that would not trigger reencryption crash (read would pass)
+get_error_offsets 32 $OFFSET 512 $((32-1024*2-$OFFSET))
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+wipe $PWD1
+
+echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+echo -n "resilience:"
+decrypt_recover $HASH1 $IMG_HDR $((32*1024*2-$OFFSET))
+
+if [ -n "$DM_SECTOR_SIZE" ]; then
+ echo -e "\nsector size 4096"
+
+ get_error_offsets 32 $OFFSET 4096 $((32-1024*2-$OFFSET))
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ wipe $PWD1
+
+ echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+ echo -n "resilience:"
+ decrypt_recover $HASH1 $IMG_HDR $((32*1024*2-$OFFSET))
+fi
+echo ""
+
+echo "[34] Decryption with datashift recovery (error in moved segment)."
+echo "sector size 512"
+
+HZ_SIZE=$((3*1024*2))
+
+# move injected error in moved segment area
+get_error_offsets 32 0 512 $HZ_SIZE
+echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+
+echo -n "resilience:"
+for res in datashift-journal datashift-checksum; do
+
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ wipe $PWD1
+
+ decrypt_recover $HASH1 $IMG_HDR $((32*1024*2-$OFFSET)) $res $(($HZ_SIZE*512))
+done
+
+if [ -n "$DM_SECTOR_SIZE" ]; then
+ echo -e "\nsector size 4096"
+
+ # move injected error in moved segment area
+ get_error_offsets 32 0 4096 $HZ_SIZE
+ echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+
+ echo -n "resilience:"
+ for res in datashift-journal datashift-checksum; do
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ wipe $PWD1
+
+ decrypt_recover $HASH1 $IMG_HDR $((32*1024*2-$OFFSET)) $res $(($HZ_SIZE*512))
+ done
+fi
+echo ""
+
+echo "[35] Decryption with datashift recovery (online i/o error in shift area)."
+echo "sector size 512"
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+wipe_dev /dev/mapper/$DEV_NAME
+
+# avoid error in moved segment area on purpose
+# Also do not create write error in last segment because
+# that would not trigger reencryption crash (read would pass)
+get_error_offsets 32 $OFFSET 512 $((32-1024*2-$OFFSET))
+echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+
+echo -n "resilience:"
+decrypt_recover_online $HASH1 $IMG_HDR $((32*1024*2-$OFFSET))
+
+if [ -n "$DM_SECTOR_SIZE" ]; then
+ echo -e "\nsector size 4096"
+
+ get_error_offsets 32 $OFFSET 4096 $((32-1024*2-$OFFSET))
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ wipe_dev /dev/mapper/$DEV_NAME
+
+ echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+ echo -n "resilience:"
+ decrypt_recover_online $HASH1 $IMG_HDR $((32*1024*2-$OFFSET))
+fi
+echo ""
+
+echo "[36] Decryption with datashift recovery (online i/o error in moved segment)."
+echo "sector size 512"
+
+# move injected error in moved segment area
+get_error_offsets 32 0 512 $HZ_SIZE
+echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+
+echo -n "resilience:"
+for res in datashift-journal datashift-checksum; do
+
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ wipe_dev /dev/mapper/$DEV_NAME
+
+ decrypt_recover_online_moved $HASH1 $IMG_HDR $((32*1024*2-$OFFSET)) $res $(($HZ_SIZE*512))
+done
+
+if [ -n "$DM_SECTOR_SIZE" ]; then
+ echo -e "\nsector size 4096"
+
+ get_error_offsets 32 0 4096 $HZ_SIZE
+ echo "ERR writes to sectors [$ERROFFSET,$(($ERROFFSET+$ERRLENGTH-1))]"
+
+ echo -n "resilience:"
+ for res in datashift-journal datashift-checksum; do
+
+ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 4096 --offset $OFFSET $FAST_PBKDF_ARGON $DEV || fail
+ echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME || fail
+ wipe_dev /dev/mapper/$DEV_NAME
+
+ decrypt_recover_online_moved $HASH1 $IMG_HDR $((32*1024*2-$OFFSET)) $res $(($HZ_SIZE*512))
+ done
+fi
+echo ""
+
+echo "[37] Decryption with datashift (large data offsets)"
+prepare_linear_dev 512
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset 1015808 --luks2-keyslots-size 16M $FAST_PBKDF_ARGON $DEV || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q || fail
+check_hash_dev_head $DEV $((16*1024*2)) $HASH10
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset 1015808 --luks2-keyslots-size 16M $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q || fail
+check_hash_dev_head $DEV $((16*1024*2)) $HASH10
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset 1046528 --luks2-keyslots-size 16M $FAST_PBKDF_ARGON $DEV || fail
+wipe $PWD1
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q || fail
+check_hash_dev_head $DEV 2048 $HASH2
+rm -f $IMG_HDR
+
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 --sector-size 512 --offset 1046528 --luks2-keyslots-size 16M $FAST_PBKDF_ARGON $DEV || fail
+echo $PWD1 | $CRYPTSETUP open $DEV $DEV_NAME
+wipe_dev /dev/mapper/$DEV_NAME
+echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --header $IMG_HDR $DEV -q || fail
+check_hash_dev_head $DEV 2048 $HASH2
+
remove_mapping
exit 0
else
$CRYPTSETUP luksDump $_debug $IMG > /dev/null 2>&1
fi
- test $? -ne 0 || return 1
+ ret=$?
+ test $ret -ne 0 || return 1
+ test $ret -ne 139 || return 1
;;
*)
fail "Internal test error"
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
-which jq >/dev/null 2>&1 || skip "Cannot find jq, test skipped."
+command -v jq >/dev/null || skip "Cannot find jq, test skipped."
prepare
echo "[1] Test basic auto-recovery"
RUN luks2-invalid-checksum-hdr0.img "R" "Failed to recover from trivial header corruption at offset 0"
-# TODO: check epoch is incresed after recovery
+# TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
RUN luks2-invalid-checksum-hdr1.img "R" "Failed to recover from trivial header corruption at offset 16384"
-# TODO: check epoch is incresed after recovery
+# TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
RUN luks2-invalid-checksum-both-hdrs.img "F" "Failed to recognise corrupted header beyond repair"
echo "[2] Test ability to auto-correct mallformed json area"
RUN luks2-corrupted-hdr0-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 512"
-# TODO: check epoch is incresed after recovery
+# TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 0 are written (dmstats tool/differ.c)
RUN luks2-corrupted-hdr1-with-correct-chks.img "R" "Failed to auto correct malformed json area at offset 16896"
-# TODO: check epoch is incresed after recovery
+# TODO: check epoch is increased after recovery
# TODO: check only sectors related to corrupted hdr at offset 16384 are written (dmstats tool/differ.c)
RUN luks2-correct-full-json0.img "R" "Failed to parse full and correct json area"
# TODO: detect noop (norecovery, epoch untouched)
-# TODO: check epoch is NOT incresed after recovery of secondary header
+# TODO: check epoch is NOT increased after recovery of secondary header
# these tests auto-correct json in-memory only. It'll get fixed on-disk after write operation
RUN luks2-argon2-leftover-params.img "R" "Failed to repair keyslot with old argon2 parameters."
RUN luks2-segment-wrong-flags-element.img "F" "Failed to detect invalid flags content"
RUN luks2-segment-wrong-backup-key-0.img "F" "Failed to detect gap in backup segments"
RUN luks2-segment-wrong-backup-key-1.img "F" "Failed to detect gap in backup segments"
+RUN luks2-segment-crypt-empty-encryption.img "F" "Failed to detect empty encryption field"
echo "[6] Test metadata size and keyslots size (config section)"
RUN luks2-invalid-keyslots-size-c0.img "F" "Failed to detect too large keyslots_size in config section"
RUN luks2-metadata-size-1m-secondary.img "R" "Valid 1MiB metadata size in secondary hdr failed to validate"
RUN luks2-metadata-size-2m-secondary.img "R" "Valid 2MiB metadata size in secondary hdr failed to validate"
RUN luks2-metadata-size-4m-secondary.img "R" "Valid 4MiB metadata size in secondary hdr failed to validate"
+RUN luks2-metadata-size-invalid.img "F" "Invalid metadata size in secondary hdr not rejected"
+RUN luks2-metadata-size-invalid-secondary.img "F" "Invalid metadata size in secondary hdr not rejected"
+
+echo "[7] Test invalid metadata object property"
+RUN luks2-invalid-tokens.img "F" "Invalid tokens objects not rejected"
+RUN luks2-invalid-top-objects.img "F" "Invalid top-level objects not rejected"
+RUN luks2-keyslot-invalid-area.img "F" "Invalid keyslot area object not rejected"
+RUN luks2-keyslot-invalid-area-size.img "F" "Invalid keyslot area size that can overflow not rejected"
+RUN luks2-keyslot-invalid-objects.img "F" "Invalid keyslot objects not rejected"
+RUN luks2-keyslot-invalid-af.img "F" "Invalid keyslot objects types not rejected"
remove_mapping
HEADER_IMG=mode-test.img
PASSWORD=3xrododenron
PASSWORD1=$PASSWORD
+FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
# cipher-chainmode-ivopts:ivmode
CIPHERS="aes twofish serpent"
LOOPDEV=$(losetup -f 2>/dev/null)
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
dmremove() { # device
udevadm settle >/dev/null 2>&1
dmsetup remove --retry $1 >/dev/null 2>&1
}
cleanup() {
- for dev in $(dmsetup status --target crypt | sed s/\:\ .*// | grep "^$DEV_NAME"_); do
- dmremove $dev
- sleep 2
- done
+ [ -b /dev/mapper/"$DEV_NAME"_tstdev ] && dmremove "$DEV_NAME"_tstdev
[ -b /dev/mapper/$DEV_NAME ] && dmremove $DEV_NAME
losetup -d $LOOPDEV >/dev/null 2>&1
rm -f $HEADER_IMG >/dev/null 2>&1
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+
add_device() {
cleanup
dd if=/dev/zero of=$HEADER_IMG bs=1M count=6 >/dev/null 2>&1
echo -n "[n/a]"
fi
- echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 -i 1 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP luksFormat --type luks1 $FAST_PBKDF2 -c $1 -s 256 /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e " LUKS1:"
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
dmcrypt_check "$DEV_NAME"_tstdev $OUT
fi
- echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 -i 1 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
+ echo $PASSWORD | $CRYPTSETUP luksFormat --type luks2 --pbkdf pbkdf2 $FAST_PBKDF2 -c $1 -s 256 --offset 8192 /dev/mapper/$DEV_NAME >/dev/null 2>&1
if [ $? -eq 0 ] ; then
echo -n -e " LUKS2:"
echo $PASSWORD | $CRYPTSETUP luksOpen /dev/mapper/$DEV_NAME "$DEV_NAME"_tstdev >/dev/null 2>&1 || fail
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
add_device
DEV2=$DEV_NAME"_x"
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
dmremove() { # device
udevadm settle >/dev/null 2>&1
dmsetup remove --retry $1 >/dev/null 2>&1
function fail()
{
- echo " $1 [FAILED]"
+ echo " $1 [FAILED]"
echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done
cleanup 2
}
+skip()
+{
+ echo "TEST SKIPPED: $1"
+ cleanup 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
{
DEV2=$DEV_NAME"_x"
esac
# ignore these cases, not all libs/kernel supports it
- if [ "$1" != "sha1" -a "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
+ if [ "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
if [ $ret -ne 0 ] ; then
echo " [N/A] ($ret, SKIPPED)"
return
dmremove $DEV2
}
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run this test, test skipped."
exit 77
[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
-REENC=$CRYPTSETUP_PATH/cryptsetup-reencrypt
-FAST_PBKDF="--pbkdf-force-iterations 1000"
+REENC_BIN=$CRYPTSETUP
+REENC="$REENC_BIN reencrypt"
+FAST_PBKDF="--pbkdf-force-iterations 1000 --pbkdf pbkdf2"
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
DEV_NAME=reenc9768
DEV_NAME2=reenc1273
IMG=reenc-data
IMG_HDR=$IMG.hdr
+HEADER_LUKS2_PV=blkid-luks2-pv.img
ORIG_IMG=reenc-data-orig
+DEV_LINK="reenc-test-link"
KEY1=key1
PWD1="93R4P4pIqAH8"
PWD2="1cND4319812f"
MNT_DIR=./mnt_luks
START_DIR=$(pwd)
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
+
+function fips_mode()
+{
+ [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
+}
function del_scsi_device()
{
- rmmod scsi_debug 2>/dev/null
+ rmmod scsi_debug >/dev/null 2>&1
sleep 2
}
[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
[ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
- rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 >/dev/null 2>&1
+ rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 $HEADER_LUKS2_PV $DEV_LINK >/dev/null 2>&1
umount $MNT_DIR > /dev/null 2>&1
rmdir $MNT_DIR > /dev/null 2>&1
LOOPDEV1=""
exit 77
}
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
function add_scsi_device() {
del_scsi_device
- modprobe scsi_debug $@ delay=0
- if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
- fi
-
- sleep 2
- SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
- [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV."
+ if [ -d /sys/module/scsi_debug ] ; then
+ echo "Cannot use scsi_debug module (in use or compiled-in), test skipped."
+ exit 77
+ fi
+ modprobe scsi_debug $@ delay=0 >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ echo "This kernel seems to not support proper scsi_debug module, test skipped."
+ exit 77
+ fi
+
+ sleep 2
+ SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+ [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV."
}
function open_crypt() # $1 pwd, $2 hdr
echo
}
+function check_blkid() {
+ xz -dkf $HEADER_LUKS2_PV.xz
+ if ! $($CRYPTSETUP --version | grep -q "BLKID"); then
+ HAVE_BLKID=0
+ elif $(blkid -p -n crypto_LUKS $HEADER_LUKS2_PV >/dev/null 2>&1); then
+ HAVE_BLKID=1
+ else
+ HAVE_BLKID=0
+ fi
+}
+
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-[ ! -x "$REENC" ] && skip "Cannot find $REENC, test skipped."
-which wipefs >/dev/null 2>&1 || skip "Cannot find wipefs, test skipped."
+[ ! -x "$REENC_BIN" ] && skip "Cannot find $REENC_BIN, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+command -v wipefs >/dev/null || skip "Cannot find wipefs, test skipped."
# REENCRYPTION tests
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 -s 128 -c aes-cbc-plain $FAST_PBKDF --align-payload 4096 $LOOPDEV1 || fail
wipe $PWD1
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256 $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256 $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q --use-directio $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q --use-directio $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q --master-key-file /dev/urandom $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q --volume-key-file /dev/urandom $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q -s 512 --master-key-file /dev/urandom $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 512 --volume-key-file /dev/urandom $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
$CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
# FIXME echo $PWD1 | $REENC ...
echo "[4] Encryption of not yet encrypted device"
+# Encrypt without size reduction must not allow header device same as data device
+wipe_dev $LOOPDEV1
+echo $PWD1 | $REENC $LOOPDEV1 --type luks1 --new --header $LOOPDEV1 -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $LOOPDEV1 2>/dev/null && fail
+ln -s $LOOPDEV1 $DEV_LINK || fail
+echo $PWD1 | $REENC $LOOPDEV1 --type luks1 --new --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $LOOPDEV1 2>/dev/null && fail
+rm -f $DEV_LINK || fail
+echo $PWD1 | $REENC $IMG --type luks1 --new --header $IMG -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail
+ln -s $IMG $DEV_LINK || fail
+echo $PWD1 | $REENC $IMG --type luks1 --new --header $DEV_LINK -q $FAST_PBKDF_ARGON 2>/dev/null && fail
+$CRYPTSETUP isLUKS $IMG 2>/dev/null && fail
+
+if [ ! fips_mode ]; then
# well, movin' zeroes :-)
OFFSET=2048
SIZE=$(blockdev --getsz $LOOPDEV1)
-wipe_dev $LOOPDEV1
dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3
dmsetup remove --retry $DEV_NAME2 || fail
echo fake | $REENC $LOOPDEV1 -d $KEY1 --new --type luks1 --reduce-device-size "$OFFSET"S -q $FAST_PBKDF || fail
$CRYPTSETUP open --test-passphrase $LOOPDEV1 -d $KEY1 || fail
wipe_dev $LOOPDEV1
+fi
echo "[5] Reencryption using specific keyslot"
echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
echo "[OK]"
echo "[8] Header only reencryption (hash and iteration time)"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha1 $FAST_PBKDF $LOOPDEV1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha512 $FAST_PBKDF $LOOPDEV1 || fail
wipe $PWD1
check_hash $PWD1 $HASH1
echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key || fail
check_hash $PWD1 $HASH1
echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --pbkdf-force-iterations 999 2>/dev/null && fail
check_hash $PWD1 $HASH1
-echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha256 --pbkdf-force-iterations 1001
+echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha256 --pbkdf-force-iterations 1001 || fail
check_hash $PWD1 $HASH1
[ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1001 ] || fail
[ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -m1 "Hash spec:" | cut -f2)" = "sha256" ] || fail
-echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha512 $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key --hash sha512 $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
[ "$($CRYPTSETUP luksDump $LOOPDEV1 | grep -A1 -m1 "Key Slot 0" | grep Iterations: | sed -e 's/[[:space:]]\+Iterations:\ \+//g')" -eq 1000 ] || fail
-echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key $FAST_PBKDF
+echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key $FAST_PBKDF || fail
check_hash $PWD1 $HASH1
$CRYPTSETUP --type luks1 luksDump $LOOPDEV1 > /dev/null || fail
test_logging "[4096/512 sector]" || fail
test_logging_tmpfs || fail
+if [ ! fips_mode ]; then
echo "[10] Removal of encryption"
prepare 8192
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
check_hash_dev $IMG $HASH4
echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR --new --type luks1
check_hash $PWD1 $HASH4 $IMG_HDR
-echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --header $IMG_HDR || fail
check_hash $PWD1 $HASH4 $IMG_HDR
-echo $PWD1 | $REENC $LOOPDEV1 -q --header $IMG_HDR --decrypt
+echo $PWD1 | $REENC $LOOPDEV1 -q --header $IMG_HDR --decrypt || fail
check_hash_dev $IMG $HASH4
# existing header of zero size
cat /dev/null >$IMG_HDR
$CRYPTSETUP isLuks $LOOPDEV1 && fail
$CRYPTSETUP isLuks $IMG_HDR || fail
+echo "[12] Prevent nested encryption"
+prepare 8192
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF $LOOPDEV1 || fail
+
+#data device is already LUKS device (prevent nested encryption)
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --reduce-device-size 1024S 2>/dev/null && fail
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail
+test -f $IMG_HDR && fail
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --reduce-device-size 2048S 2>/dev/null && fail
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail
+test -f $IMG_HDR && fail
+
+wipe_dev $LOOPDEV1
+echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --header $IMG_HDR $FAST_PBKDF $LOOPDEV1 || fail
+
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 --header $IMG_HDR 2>/dev/null && fail
+echo $PWD1 | $REENC $LOOPDEV1 -q $FAST_PBKDF --new --type luks2 --header $IMG_HDR 2>/dev/null && fail
+
+check_blkid
+if [ "$HAVE_BLKID" -gt 0 ]; then
+ echo "[13] Prevent nested encryption of broken LUKS device"
+ rm -f $IMG_HDR
+ wipe_dev $LOOPDEV1
+ xz -dkf $HEADER_LUKS2_PV.xz
+ # broken header
+ echo $PWD1 | $REENC --header $HEADER_LUKS2_PV $LOOPDEV1 -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
+ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+ # broken device
+ echo $PWD1 | $REENC $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 --reduce-device-size 1024S 2>/dev/null && fail
+ $CRYPTSETUP isLuks $HEADER_LUKS2_PV && fail
+ # broken data device only
+ echo $PWD1 | $REENC --header $IMG_HDR $HEADER_LUKS2_PV -q $FAST_PBKDF --new --type luks1 2>/dev/null && fail
+ test -f $IMG_HDR && fail
+fi
+fi # if [ ! fips_mode ]
+
remove_mapping
exit 0
+++ /dev/null
-#!/bin/bash
-
-[ -z "$CRYPTSETUP_PATH" ] && CRYPTSETUP_PATH=".."
-CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
-REENC=$CRYPTSETUP_PATH/cryptsetup-reencrypt
-FAST_PBKDF_ARGON="--pbkdf-force-iterations 4 --pbkdf-memory 32 --pbkdf-parallel 1"
-FAST_PBKDF_PBKDF2="--pbkdf-force-iterations 1000 --pbkdf pbkdf2"
-DEFAULT_ARGON="argon2i"
-
-DEV_NAME=reenc9768
-DEV_NAME2=reenc1273
-IMG=reenc-data
-IMG_HDR=$IMG.hdr
-ORIG_IMG=reenc-data-orig
-KEY1=key1
-PWD1="93R4P4pIqAH8"
-PWD2="1cND4319812f"
-PWD3="1-9Qu5Ejfnqv"
-
-MNT_DIR=./mnt_luks
-START_DIR=$(pwd)
-[ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
-
-function fips_mode()
-{
- [ -n "$FIPS_MODE" ] && [ "$FIPS_MODE" -gt 0 ]
-}
-
-function dm_crypt_features()
-{
- local VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
- [ -z "$VER_STR" ] && fail "Failed to parse dm-crypt version."
-
- local VER_MAJ=$(echo $VER_STR | cut -f 1 -d.)
- local VER_MIN=$(echo $VER_STR | cut -f 2 -d.)
-
- [ $VER_MAJ -lt 1 ] && return
- [ $VER_MAJ -eq 1 -a $VER_MIN -lt 11 ] && return
- ALLOW_DISCARDS=--allow-discards
- [ $VER_MAJ -eq 1 -a $VER_MIN -lt 14 ] && return
- PERF_CPU=--perf-same_cpu_crypt
-}
-
-function del_scsi_device()
-{
- rmmod scsi_debug 2>/dev/null
- sleep 2
-}
-
-function remove_mapping()
-{
- [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2
- [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME
- rm -f $IMG $IMG_HDR $ORIG_IMG $KEY1 >/dev/null 2>&1
- umount $MNT_DIR > /dev/null 2>&1
- rmdir $MNT_DIR > /dev/null 2>&1
- del_scsi_device
-}
-
-function fail()
-{
- [ -n "$1" ] && echo "$1"
- echo "FAILED backtrace:"
- while caller $frame; do ((frame++)); done
- cd $START_DIR
- remove_mapping
- exit 2
-}
-
-function skip()
-{
- [ -n "$1" ] && echo "$1"
- exit 77
-}
-
-function add_scsi_device() {
- del_scsi_device
- modprobe scsi_debug $@ delay=0
- if [ $? -ne 0 ] ; then
- echo "This kernel seems to not support proper scsi_debug module, test skipped."
- exit 77
- fi
-
- sleep 2
- SCSI_DEV="/dev/"$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
- [ -b $SCSI_DEV ] || fail "Cannot find $SCSI_DEV."
-}
-
-function open_crypt() # $1 pwd, $2 hdr
-{
- if [ -n "$2" ] ; then
- echo "$1" | $CRYPTSETUP luksOpen $IMG $DEV_NAME --header $2 || fail
- elif [ -n "$1" ] ; then
- echo "$1" | $CRYPTSETUP luksOpen $IMG $DEV_NAME || fail
- else
- $CRYPTSETUP luksOpen -d $KEY1 $IMG $DEV_NAME || fail
- fi
-}
-
-function wipe_dev() # $1 dev
-{
- dd if=/dev/zero of=$1 bs=256k conv=notrunc >/dev/null 2>&1
-}
-
-function wipe() # $1 pass
-{
- open_crypt $1
- wipe_dev /dev/mapper/$DEV_NAME
- udevadm settle >/dev/null 2>&1
- $CRYPTSETUP luksClose $DEV_NAME || fail
-}
-
-function prepare() # $1 dev1_siz
-{
- remove_mapping
-
- dd if=/dev/zero of=$IMG bs=1k count=$1 >/dev/null 2>&1
-
- if [ ! -e $KEY1 ]; then
- dd if=/dev/urandom of=$KEY1 count=1 bs=32 >/dev/null 2>&1
- fi
-}
-
-function check_hash_dev() # $1 dev, $2 hash, $3 size
-{
- if [ -n "$3" ]; then
- HASH=$(head -c $3 $1 | sha256sum | cut -d' ' -f 1)
- else
- HASH=$(sha256sum $1 | cut -d' ' -f 1)
- fi
- [ $HASH != "$2" ] && fail "HASH differs ($HASH)"
-}
-
-function check_hash() # $1 pwd, $2 hash, $3 hdr
-{
- open_crypt $1 $3
- check_hash_dev /dev/mapper/$DEV_NAME $2
- $CRYPTSETUP remove $DEV_NAME || fail
-}
-
-function backup_orig()
-{
- sync
- cp $IMG $ORIG_IMG
-}
-
-function rollback()
-{
- sync
- cp $ORIG_IMG $IMG
-}
-
-function check_slot() #space separated list of active key slots
-{
- local _out=$($CRYPTSETUP luksDump $IMG | grep -e ": luks2" | sed -e 's/[[:space:]]*\([0-9]\+\):.*/\1/g')
-
- local _req
- local _hdr
- local _j
-
- for _i in $*; do
- _j=$((_i))
- _req="$_req $_j"
- done
-
- for _i in $_out; do
- _j=$((_i))
- _hdr="$_hdr $_j"
- done
-
- test "$_req" = "$_hdr"
-}
-
-function simple_scsi_reenc()
-{
- echo -n "$1"
- echo $PWD1 | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_ARGON $SCSI_DEV || fail
-
- echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail
- HASH=$(sha256sum /dev/mapper/$DEV_NAME | cut -d' ' -f 1)
- $CRYPTSETUP luksClose $DEV_NAME || fail
-
- echo $PWD1 | $REENC -q $FAST_PBKDF_ARGON $SCSI_DEV || fail
-
- echo $PWD1 | $CRYPTSETUP luksOpen $SCSI_DEV $DEV_NAME || fail
- check_hash_dev /dev/mapper/$DEV_NAME $HASH
- $CRYPTSETUP luksClose $DEV_NAME || fail
-}
-
-function mount_and_test() {
- test -d $MNT_DIR || mkdir -p $MNT_DIR
- mount $@ $MNT_DIR 2>/dev/null || {
- echo -n "failed to mount [SKIP]"
- return 0
- }
- rm $MNT_DIR/* 2>/dev/null
- cd $MNT_DIR
-
- if [ "${REENC:0:1}" != "/" ] ; then
- MNT_REENC=$START_DIR/$REENC
- else
- MNT_REENC=$REENC
- fi
- echo $PWD2 | $MNT_REENC $START_DIR/$IMG -q --use-fsync --use-directio --write-log $FAST_PBKDF_ARGON || return 1
- cd $START_DIR
- umount $MNT_DIR
- echo -n [OK]
-}
-
-function test_logging_tmpfs() {
- echo -n "[tmpfs]"
- mount_and_test -t tmpfs none -o size=$[25*1024*1024] || return 1
- echo
-}
-
-function test_logging() {
- echo -n "$1:"
- for img in $(ls img_fs*img.xz) ; do
- wipefs -a $SCSI_DEV > /dev/null
- echo -n "[${img%.img.xz}]"
- xz -d -c $img | dd of=$SCSI_DEV bs=4k >/dev/null 2>&1
- mount_and_test $SCSI_DEV || return 1
- done
- echo
-}
-
-[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-[ ! -x "$REENC" ] && skip "Cannot find $REENC, test skipped."
-which wipefs >/dev/null || skip "Cannot find wipefs, test skipped."
-fips_mode && skip "This test cannot be run in FIPS mode."
-
-# REENCRYPTION tests
-
-HASH1=b69dae56a14d1a8314ed40664c4033ea0a550eea2673e04df42a66ac6b9faf2c
-HASH4=2daeb1f36095b44b318410b3f4e8b5d989dcc7bb023d1426c492dab0a3053e74
-HASH5=bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
-HASH6=4d9cbaf3aa0935a8c113f139691b3daf9c94c8d6c278aedc8eec66a4b9f6c8ae
-HASH7=5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
-
-echo "[1] Reencryption"
-prepare 8192
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q -s 256 $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q -s 256 -c aes-xts-plain64 -h sha256 $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --use-directio $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --master-key-file /dev/urandom $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q -s 512 --master-key-file /dev/urandom $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 --luks2-metadata-size 128k -c aes-cbc-plain $FAST_PBKDF_ARGON --offset 8192 $IMG > /dev/null || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_ARGON > /dev/null || fail
-check_hash $PWD1 $HASH5
-MDA_SIZE=$($CRYPTSETUP luksDump $IMG | grep "Metadata area: " | cut -f 3 -d ' ')
-test "$MDA_SIZE" -eq 131072 || fail "Unexpected Metadata area size $MDA_SIZE"
-
-echo "[2] Reencryption with data shift"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
-wipe $PWD1
-echo $PWD1 | $REENC $IMG -q -s 256 --reduce-device-size 1024S $FAST_PBKDF_ARGON || fail
-check_hash $PWD1 $HASH6
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_ARGON || fail
-check_hash $PWD1 $HASH6
-$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
-
-echo "[3] Reencryption with keyfile"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -d $KEY1 -c aes-cbc-essiv:sha256 -s 128 $FAST_PBKDF_ARGON --offset 8192 $IMG || fail
-wipe
-check_hash "" $HASH5
-echo $PWD1 | $CRYPTSETUP -q luksAddKey -d $KEY1 $IMG $FAST_PBKDF_ARGON || fail
-$REENC $IMG -d $KEY1 $FAST_PBKDF_ARGON -q 2>/dev/null && fail
-$REENC $IMG -d $KEY1 -S 0 $FAST_PBKDF_ARGON -q || fail
-check_hash "" $HASH5
-check_slot 0 || fail "Only keyslot 0 expected to be enabled"
-$REENC $IMG -d $KEY1 $FAST_PBKDF_ARGON -q || fail
-$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
-# FIXME echo $PWD1 | $REENC ...
-
-echo "[4] Encryption of not yet encrypted device"
-# well, movin' zeroes :-)
-OFFSET=8192 # default LUKS2 header size
-prepare 8192
-check_hash_dev $IMG $HASH4
-echo $PWD1 | $REENC --type luks2 $IMG -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q $FAST_PBKDF_ARGON || fail
-check_hash $PWD1 $HASH5
-$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
-# 64MiB + 1 KiB
-prepare 65537
-OFFSET=131072
-check_hash_dev $IMG $HASH7 1024
-echo $PWD1 | $REENC --type luks2 $IMG -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q $FAST_PBKDF_ARGON || fail
-check_hash $PWD1 $HASH7
-$CRYPTSETUP --type luks2 luksDump $IMG > /dev/null || fail
-prepare 8192
-
-echo "[5] Reencryption using specific keyslot"
-echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 1 $IMG || fail
-echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 2 $IMG || fail
-echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 3 $IMG || fail
-echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 4 $IMG || fail
-echo -e "$PWD2\n$PWD1" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 5 $IMG || fail
-echo -e "$PWD2\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 6 $IMG || fail
-echo -e "$PWD2\n$PWD3" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_ARGON -S 22 $IMG || fail
-backup_orig
-echo $PWD2 | $REENC $FAST_PBKDF_ARGON -S 0 -q $IMG || fail
-check_slot 0 || fail "Only keyslot 0 expected to be enabled"
-wipe $PWD2
-rollback
-echo $PWD1 | $REENC $FAST_PBKDF_ARGON -S 1 -q $IMG || fail
-check_slot 1 || fail "Only keyslot 1 expected to be enabled"
-wipe $PWD1
-rollback
-echo $PWD2 | $REENC $FAST_PBKDF_ARGON -S 6 -q $IMG || fail
-check_slot 6 || fail "Only keyslot 6 expected to be enabled"
-wipe $PWD2
-rollback
-echo $PWD3 | $REENC $FAST_PBKDF_ARGON -S 22 -q $IMG || fail
-check_slot 22 || fail "Only keyslot 22 expected to be enabled"
-wipe $PWD3
-rollback
-
-echo "[6] Reencryption using all active keyslots"
-echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $IMG $FAST_PBKDF_ARGON || fail
-check_slot 0 1 2 3 4 5 6 22 || fail "All keyslots expected to be enabled"
-
-echo "[7] Reencryption of block devices with different block size"
-add_scsi_device sector_size=512 dev_size_mb=32
-simple_scsi_reenc "[512 sector]"
-add_scsi_device sector_size=4096 dev_size_mb=32
-simple_scsi_reenc "[4096 sector]"
-add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=32
-simple_scsi_reenc "[4096/512 sector]"
-echo "[OK]"
-
-echo "[8] Header only reencryption (hash and iteration time)"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --keep-key || fail
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --keep-key --pbkdf pbkdf2 --pbkdf-force-iterations 999 2>/dev/null && fail
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --keep-key --pbkdf-force-iterations 3 2>/dev/null && fail
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --keep-key --pbkdf-force-iterations 4 --pbkdf-memory 31 2>/dev/null && fail
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --keep-key --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --hash sha512
-check_hash $PWD1 $HASH5
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep PBKDF: | sed -e 's/[[:space:]]\+PBKDF:\ \+//g')" = "pbkdf2" ] || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep Hash: | sed -e 's/[[:space:]]\+Hash:\ \+//g')" = "sha512" ] || fail
-echo $PWD1 | $REENC $IMG -q --keep-key $FAST_PBKDF_ARGON
-check_hash $PWD1 $HASH5
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep PBKDF: | sed -e 's/[[:space:]]\+PBKDF:\ \+//g')" = $DEFAULT_ARGON ] || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep "Time cost" | sed -e 's/[[:space:]]\+Time\ cost:\ \+//g')" -eq 4 ] || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep Memory | sed -e 's/[[[:space:]]\+Memory:\ \+//g')" -eq 32 ] || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A8 -m1 "0: luks2" | grep Threads | sed -e 's/[[[:space:]]\+Threads:\ \+//g')" -eq 1 ] || fail
-echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey -S21 $FAST_PBKDF_ARGON $IMG || fail
-echo $PWD2 | $REENC -S21 -q --keep-key --pbkdf pbkdf2 --pbkdf-force-iterations 1000 $IMG || fail
-check_hash $PWD2 $HASH5
-check_slot 21 || fail "Only keyslot 21 expected to be enabled"
-$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
-
-echo "[9] Test log I/Os on various underlying block devices"
-echo $PWD2 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-add_scsi_device sector_size=512 dev_size_mb=32
-test_logging "[512 sector]" || fail
-add_scsi_device sector_size=4096 dev_size_mb=32
-test_logging "[4096 sector]" || fail
-add_scsi_device sector_size=512 dev_size_mb=32 physblk_exp=3
-test_logging "[4096/512 sector]" || fail
-test_logging_tmpfs || fail
-
-echo "[10] Removal of encryption"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --decrypt || fail
-check_hash_dev $IMG $HASH4
-
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -S5 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $REENC $IMG -q --decrypt || fail
-check_hash_dev $IMG $HASH4
-
-echo "[11] Reencryption with tokens"
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey -S23 $FAST_PBKDF_ARGON $IMG || fail
-echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey -S1 $FAST_PBKDF_ARGON $IMG || fail
-echo -e "$PWD1\n$PWD3" | $CRYPTSETUP -q luksAddKey -S3 $FAST_PBKDF_ARGON $IMG || fai
-$CRYPTSETUP token add --key-description key-name0 --key-slot 23 --token-id 0 $IMG
-$CRYPTSETUP token add --key-description key-name2 --key-slot 1 --token-id 2 $IMG
-$CRYPTSETUP token add --key-description key-name31 --token-id 31 $IMG
-echo $PWD1 | $CRYPTSETUP -q luksKillSlot $IMG 3 || fail
-echo $PWD2 | $REENC $FAST_PBKDF_ARGON -S 23 -q $IMG || fail
-$CRYPTSETUP luksDump $IMG | grep "0: luks2-keyring" >/dev/null || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A2 -m1 "0: luks2-keyring" | grep Keyslot: | sed -e 's/[[[:space:]]\+Keyslot:\ \+//g')" -eq 23 ] || fail
-$CRYPTSETUP luksDump $IMG | grep "2: luks2-keyring" >/dev/null || fail
-$CRYPTSETUP luksDump $IMG | grep "31: luks2-keyring" >/dev/null || fail
-[ "$($CRYPTSETUP luksDump $IMG | grep -A2 -m1 "31: luks2-keyring" | grep Keyslot: | sed -e 's/[[[:space:]]\+Keyslot:\ \+//g')" -eq 23 ] || fail
-
-echo "[12] Reencryption with persistent flags"
-dm_crypt_features
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-echo $PWD1 | $CRYPTSETUP open $IMG $DEV_NAME $ALLOW_DISCARDS $PERF_CPU --persistent || fail
-$CRYPTSETUP close $DEV_NAME || fail
-echo $PWD1 | $REENC $FAST_PBKDF_ARGON -q $IMG || fail
-if [ -n "$PERF_CPU" ]; then
- $CRYPTSETUP luksDump $IMG | grep -m1 Flags: | grep same-cpu-crypt > /dev/null || fail
-fi
-if [ -n "$ALLOW_DISCARDS" ]; then
- $CRYPTSETUP luksDump $IMG | grep -m1 Flags: | grep allow-discards > /dev/null || fail
-fi
-
-echo "[13] Detached header - adding encryption/reencryption/decryption"
-prepare 8192
-check_hash_dev $IMG $HASH4
-echo $PWD1 | $REENC --type luks2 $IMG -q $FAST_PBKDF_ARGON --header $IMG_HDR --new
-check_hash $PWD1 $HASH4 $IMG_HDR
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_ARGON --header $IMG_HDR
-check_hash $PWD1 $HASH4 $IMG_HDR
-echo $PWD1 | $REENC $IMG -q --header $IMG_HDR --decrypt
-check_hash_dev $IMG $HASH4
-# existing header of zero size
-cat /dev/null >$IMG_HDR
-echo $PWD1 | $REENC --type luks2 $IMG -q $FAST_PBKDF_ARGON --header $IMG_HDR --new
-check_hash $PWD1 $HASH4 $IMG_HDR
-$CRYPTSETUP isLuks $IMG && fail
-$CRYPTSETUP isLuks $IMG_HDR || fail
-$CRYPTSETUP luksDump $IMG_HDR | grep -q "0: luks2" || fail
-
-echo "[14] Reencryption with unbound keyslot"
-prepare 8192
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG --offset 8192 || fail
-echo $PWD2 | $CRYPTSETUP -q luksAddKey -S 3 --unbound --key-size 64 $FAST_PBKDF_ARGON $IMG || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-$CRYPTSETUP luksDump $IMG | grep -q "3: luks2 (unbound)" || fail
-echo $PWD2 | $REENC $IMG -q $FAST_PBKDF_ARGON 2>/dev/null && fail
-echo -e "$PWD1\n$PWD2" | $REENC $IMG -q $FAST_PBKDF_ARGON || fail
-$CRYPTSETUP luksDump $IMG | grep -q "3: luks2 (unbound)" || fail
-
-echo "[15] Reencryption after conversion"
-prepare 8192
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_PBKDF2 $IMG --offset 4096 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH1
-$CRYPTSETUP -q convert --type luks2 $IMG || fail
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail
-check_hash $PWD1 $HASH1
-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG --offset 8192 || fail
-wipe $PWD1
-check_hash $PWD1 $HASH5
-$CRYPTSETUP -q convert --type luks1 $IMG || fail
-echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail
-check_hash $PWD1 $HASH5
-
-remove_mapping
-exit 0
--- /dev/null
+#!/bin/bash
+
+DIR=../.libs
+FILE=$DIR/libcryptsetup.so
+
+function fail()
+{
+ [ -n "$1" ] && echo "$1"
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ exit 77
+}
+
+test -d $DIR || fail "Directory $DIR is missing."
+test -f $FILE || skip "WARNING: Shared $FILE is missing, test skipped."
+
+./all-symbols-test $FILE $@
--- /dev/null
+#!/bin/bash
+
+[ -z "$CRYPTSETUP_PATH" ] && {
+ TOKEN_PATH="./fake_token_path.so"
+ [ ! -f $TOKEN_PATH ] && { echo "Please compile $TOKEN_PATH."; exit 77; }
+ export LD_PRELOAD=$TOKEN_PATH
+ CRYPTSETUP_PATH=".."
+}
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+CRYPTSETUP_SSH=$CRYPTSETUP_PATH/cryptsetup-ssh
+IMG="ssh_test.img"
+MAP="sshtest"
+USER="sshtest"
+PASSWD="sshtest1"
+PASSWD2="sshtest2"
+SSH_OPTIONS="-o StrictHostKeyChecking=no"
+
+SSH_SERVER="localhost"
+SSH_PATH="/home/$USER/keyfile"
+SSH_KEY_PATH="$HOME/sshtest-key"
+
+FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
+
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_SSH_VALGRIND=../.libs/cryptsetup-ssh
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
+[ -z "$srcdir" ] && srcdir="."
+
+function remove_mapping()
+{
+ [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
+ rm -f $IMG >/dev/null 2>&1
+}
+
+function remove_user()
+{
+ id -u $USER >/dev/null 2>&1 && userdel -r -f $USER >/dev/null 2>&1
+ rm -f $SSH_KEY_PATH "$SSH_KEY_PATH.pub" >/dev/null 2>&1
+}
+
+function create_user()
+{
+ id -u $USER >/dev/null 2>&1
+ [ $? -eq 0 ] && skip "User account $USER exists, aborting."
+ [ -f $SSH_KEY_PATH ] && skip "SSH key $SSH_KEY_PATH already exists, aborting."
+
+ useradd -m $USER -p $(openssl passwd $PASSWD) || skip "Failed to add user for SSH plugin test."
+
+ ssh-keygen -f $SSH_KEY_PATH -q -N "" >/dev/null 2>&1
+ [ $? -ne 0 ] && remove_user && skip "Failed to create SSH key."
+}
+
+function ssh_check()
+{
+ # try to use netcat to check port 22
+ nc -zv $SSH_SERVER 22 >/dev/null 2>&1 || skip "SSH server does not seem to be running, skipping."
+}
+
+function bin_check()
+{
+ command -v $1 >/dev/null || skip "WARNING: test require $1 binary, test skipped."
+}
+
+function ssh_setup()
+{
+ # copy the ssh key
+ [ -d "/home/$USER/.ssh" ] || mkdir /home/$USER/.ssh
+ touch /home/$USER/.ssh/authorized_keys
+
+ cat $SSH_KEY_PATH.pub >> /home/$USER/.ssh/authorized_keys
+ [ $? -ne 0 ] && remove_user && fail "Failed to copy SSH key."
+
+ # make sure /home/sshtest/.ssh and /home/sshtest/.ssh/authorized_keys have correct permissions
+ chown -R $USER:$USER /home/$USER/.ssh
+ chmod 700 /home/$USER/.ssh
+ chmod 644 /home/$USER/.ssh/authorized_keys
+
+ # try to ssh and also create keyfile
+ ssh -i $SSH_KEY_PATH $SSH_OPTIONS -o BatchMode=yes -n $USER@$SSH_SERVER "echo -n $PASSWD > $SSH_PATH" >/dev/null 2>&1
+ [ $? -ne 0 ] && remove_user && fail "Failed to connect using SSH."
+}
+
+function fail()
+{
+ echo "[FAILED]"
+ [ -n "$1" ] && echo "$1"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ remove_mapping
+ remove_user
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ remove_mapping
+ exit 77
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ [ ! -f $CRYPTSETUP_SSH_VALGRIND ] && fail "Unable to get location of cryptsetup-ssh executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
+}
+
+function valgrind_run_ssh()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_SSH_VALGRIND} "$@"
+}
+
+format()
+{
+ dd if=/dev/zero of=$IMG bs=1M count=32 >/dev/null 2>&1
+
+ echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force-password -q
+ [ $? -ne 0 ] && fail "Format failed."
+
+ echo -e "$PASSWD\n$PASSWD2" | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG -q
+ [ $? -ne 0 ] && fail "Add key failed."
+}
+
+check_dump()
+{
+ dump=$1
+ keyslot=$2
+
+ token=$(echo "$dump" | grep Tokens -A 1 | tail -1 | cut -d: -f2 | tr -d "\t\n ")
+ [ "$token" = "ssh" ] || fail " token check from dump failed."
+
+ server=$(echo "$dump" | grep ssh_server | cut -d: -f2 | tr -d "\t\n ")
+ [ "$server" = $SSH_SERVER ] || fail " server check from dump failed."
+
+ user=$(echo "$dump" | grep ssh_user | cut -d: -f2 | tr -d "\t\n ")
+ [ "$user" = "$USER" ] || fail " user check from dump failed."
+
+ path=$(echo "$dump" | grep ssh_path | cut -d: -f2 | tr -d "\t\n ")
+ [ "$path" = "$SSH_PATH" ] || fail " path check from dump failed."
+
+ key_path=$(echo "$dump" | grep ssh_key_path | cut -d: -f2 | tr -d "\t\n ")
+ [ "$key_path" = "$SSH_KEY_PATH" ] || fail " key_path check from dump failed."
+
+ keyslot_dump=$(echo "$dump" | grep Keyslot: | cut -d: -f2 | tr -d "\t\n ")
+ [ "$keyslot_dump" = "$keyslot" ] || fail " keyslot check from dump failed."
+}
+
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run && CRYPTSETUP_SSH=valgrind_run_ssh
+[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
+
+# Prevent running dangerous useradd operation by default
+[ -z "$RUN_SSH_PLUGIN_TEST" ] && skip "WARNING: Variable RUN_SSH_PLUGIN_TEST must be defined, test skipped."
+
+bin_check nc
+bin_check useradd
+bin_check ssh
+bin_check ssh-keygen
+bin_check sshpass
+bin_check openssl
+
+format
+
+echo -n "Adding SSH token: "
+
+ssh_check
+create_user
+ssh_setup
+
+$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH
+[ $? -ne 0 ] && fail "Failed to add SSH token to $IMG"
+
+out=$($CRYPTSETUP luksDump $IMG)
+check_dump "$out" 0
+echo "[OK]"
+
+echo -n "Activating using SSH token: "
+
+$CRYPTSETUP luksOpen --token-only --disable-external-tokens -r $IMG $MAP && fail "Tokens should be disabled"
+$CRYPTSETUP luksOpen -r $IMG $MAP -q >/dev/null 2>&1 <&-
+[ $? -ne 0 ] && fail "Failed to open $IMG using SSH token"
+echo "[OK]"
+
+# Remove the newly added token and test adding with --key-slot
+$CRYPTSETUP token remove --token-id 0 $IMG || fail "Failed to remove token"
+
+echo -n "Adding SSH token with --key-slot: "
+
+$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1
+[ $? -ne 0 ] && fail "Failed to add SSH token to $IMG"
+
+out=$($CRYPTSETUP luksDump $IMG)
+check_dump "$out" 1
+echo "[OK]"
+
+remove_mapping
+remove_user
--- /dev/null
+#!/bin/bash
+
+CC="cc"
+
+PASSWD="tpm2_test"
+PASSWD2="tpm2_test2"
+FAST_PBKDF_OPT="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
+IMG=systemd_token_test.img
+MAP="systemd_tpm2_test"
+
+function bin_check()
+{
+ command -v $1 >/dev/null || skip "WARNING: test require $1 binary, test skipped."
+}
+
+function cleanup() {
+ [ -S $SWTPM_STATE_DIR/ctrl.sock ] && {
+ # shutdown TPM via control socket
+ swtpm_ioctl -s --unix $SWTPM_STATE_DIR/ctrl.sock
+ sleep 1
+ }
+
+ # if graceful shutdown was successful, pidfile should be deleted
+ # if it is still present, we forcefully kill the process
+ [ -f "$SWTPM_PIDFILE" ] && {
+ kill -9 $(cat $SWTPM_PIDFILE) >/dev/null 2>&1
+ }
+
+ [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
+
+ rm -f $SWTPM_PIDFILE >/dev/null 2>&1
+ rm -rf $SWTPM_STATE_DIR >/dev/null 2>&1
+ rm -f $IMG >/dev/null 2>&1
+}
+
+function fail()
+{
+ echo "[FAILED]"
+ [ -n "$1" ] && echo "$1"
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ cleanup
+ exit 2
+}
+
+function skip()
+{
+ [ -n "$1" ] && echo "$1"
+ cleanup
+ exit 77
+}
+
+# Prevent downloading and compiling systemd by default
+[ -z "$RUN_SYSTEMD_PLUGIN_TEST" ] && skip "WARNING: Variable RUN_SYSTEMD_PLUGIN_TEST must be defined, test skipped."
+
+[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
+bin_check swtpm
+bin_check swtpm_ioctl
+
+CRYPTENROLL_LD_PRELOAD=""
+
+# if CRYPTSETUP_PATH is defined, we run against installed binaries,
+# otherwise we compile systemd tokens from source
+[ -z "$CRYPTSETUP_PATH" ] && {
+ bin_check git
+ bin_check meson
+ bin_check ninja
+ bin_check pkgconf
+
+ TOKEN_PATH=fake_token_path.so
+ [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH."
+ INSTALL_PATH=$(pwd)/external-tokens/install
+ make -C .. install DESTDIR=$INSTALL_PATH
+ PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')"
+ sed -i "s/^prefix=/prefix=${INSTALL_PATH//\//\\\/}/g" "$PC_FILE"
+ export PKG_CONFIG_PATH=$(dirname $PC_FILE)
+
+ # systemd build system misses libcryptsetup.h if it is installed in non-default path
+ export CFLAGS="${CFLAGS:-} $(pkgconf --cflags libcryptsetup)"
+
+ SYSTEMD_PATH=$(pwd)/external-tokens/systemd
+ CRYPTSETUP_PATH=$(pwd)/..
+ SYSTEMD_CRYPTENROLL=$SYSTEMD_PATH/build/systemd-cryptenroll
+
+ mkdir -p $SYSTEMD_PATH
+ [ "$(ls -A $SYSTEMD_PATH)" ] || git clone --depth=1 https://github.com/systemd/systemd.git $SYSTEMD_PATH
+ cd $SYSTEMD_PATH
+ meson -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true build/ || skip "Failed to configure systemd via meson, some dependencies are probably missing."
+ ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd."
+
+ cd $CRYPTSETUP_PATH/tests
+ cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so ../.libs/
+ cp $SYSTEMD_PATH/build/src/shared/*.so ../.libs/
+
+ export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/tests/$TOKEN_PATH"
+ CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/.libs/libcryptsetup.so"
+}
+CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
+
+[ -z "$SYSTEMD_CRYPTENROLL" ] && {
+ bin_check systemd-cryptenroll
+ SYSTEMD_CRYPTENROLL="systemd-cryptenroll"
+}
+
+[ -z "$TPM_PATH" ] && {
+ echo "Setting up virtual TPM using swtpm..."
+ SWTPM_PIDFILE=$(mktemp /tmp/systemd_swtpm_pid.XXXXXX)
+ SWTPM_STATE_DIR=$(mktemp -d /tmp/systemd_swtpm_state.XXXXXX)
+ modprobe tpm_vtpm_proxy || skip "Failed to load tpm_vtpm_proxy kernel module, required for emulated TPM."
+ SWTPM_LOG=$(swtpm chardev --vtpm-proxy --tpm2 --tpmstate dir=$SWTPM_STATE_DIR -d --pid file=$SWTPM_PIDFILE --ctrl type=unixio,path=$SWTPM_STATE_DIR/ctrl.sock)
+ TPM_PATH=$(echo $SWTPM_LOG | grep -Eo '/dev/tpm([0-9])+' | sed 's/tpm/tpmrm/')
+ [ -z "$TPM_PATH" ] && skip "No TPM_PATH set and swtpm failed, test skipped."
+ sleep 1
+ echo "Virtual TPM set up at $TPM_PATH"
+}
+
+FAKE_TPM_PATH="$(pwd)/fake_systemd_tpm_path.so"
+[ -f $FAKE_TPM_PATH ] || skip "Please compile $FAKE_TPM_PATH."
+export LD_PRELOAD="$LD_PRELOAD:$FAKE_TPM_PATH"
+
+export TPM_PATH=$TPM_PATH
+echo "TPM path is $TPM_PATH"
+
+dd if=/dev/zero of=$IMG bs=1M count=32 >/dev/null 2>&1
+echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force-password -q
+
+echo "Enrolling the device to TPM 2 using systemd-cryptenroll.."
+LD_PRELOAD="$LD_PRELOAD:$CRYPTENROLL_LD_PRELOAD" PASSWORD="$PASSWD" $SYSTEMD_CRYPTENROLL $IMG --tpm2-device=$TPM_PATH >/dev/null 2>&1
+
+$CRYPTSETUP luksDump $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)."
+echo "Activating the device via TPM2 external token.."
+$CRYPTSETUP open --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token."
+$CRYPTSETUP close $MAP >/dev/null 2>&1 || fail "Failed to close $MAP."
+
+echo "Adding passphrase via TPM2 token.."
+echo $PASSWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token."
+echo $PASSWD2 | $CRYPTSETUP open $IMG --test-passphrase --disable-external-tokens >/dev/null 2>&1 || fail "Failed to test passphrase added by tpm2 token."
+
+echo "Exporting and removing TPM2 token.."
+EXPORTED_TOKEN=$($CRYPTSETUP token export $IMG --token-id 0)
+$CRYPTSETUP token remove $IMG --token-id 0
+$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal."
+
+echo "Re-importing TPM2 token.."
+echo $EXPORTED_TOKEN | $CRYPTSETUP token import $IMG --token-id 0 || fail "Failed to re-import deleted token."
+$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token."
+
+cleanup
+exit 0
PASSWORD_72C="aaaaaaaaaaaabbbbbbbbbbbbccccccccccccddddddddddddeeeeeeeeeeeeffffffffffff"
PIM=1234
+CRYPTSETUP_VALGRIND=../.libs/cryptsetup
+CRYPTSETUP_LIB_VALGRIND=../.libs
+
[ -z "$srcdir" ] && srcdir="."
function remove_mapping()
[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove --retry "$MAP"_1
[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove --retry "$MAP"_2
+ rm -rf $TST_DIR
}
function fail()
function skip()
{
[ -n "$1" ] && echo "$1"
- echo "Test skipped."
+ remove_mapping
exit 77
}
fi
}
+function get_HASH_CIPHER() # filename
+{
+ # speed up the test by limiting options for hash and (first) cipher
+ HASH=$(echo $file | cut -d'-' -f3)
+ CIPHER=$(echo $file | cut -d'-' -f5)
+}
+
function test_required()
{
- which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
+ command -v blkid >/dev/null || skip "blkid tool required, test skipped."
echo "REQUIRED KDF TEST"
test_kdf sha256
test_one camellia xts 512 camellia
test_one kuznyechik xts 512 kuznyechik
- ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images."
+ ls $TST_DIR/[tv]c* >/dev/null 2>&1 || skip "No remaining images, test skipped."
+}
+
+function valgrind_setup()
+{
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
+ [ ! -f $CRYPTSETUP_VALGRIND ] && fail "Unable to get location of cryptsetup executable."
+ export LD_LIBRARY_PATH="$CRYPTSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
+}
+
+function valgrind_run()
+{
+ INFOSTRING="$(basename ${BASH_SOURCE[1]})-line-${BASH_LINENO[0]}" ./valg.sh ${CRYPTSETUP_VALGRIND} "$@"
}
export LANG=C
+[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
[ ! -d $TST_DIR ] && tar xJf $srcdir/tcrypt-images.tar.xz --no-same-owner
+
+[ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run
+
test_required
echo "HEADER CHECK"
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
SYS_OPT=""
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
- echo $PASSWORD | $CRYPTSETUP tcryptDump --veracrypt $SYS_OPT $PIM_OPT $file >/dev/null || fail
+ get_HASH_CIPHER $file
+ echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null || fail
+ if [[ $file =~ .*-sha512-xts-aes$ ]] ; then
+ echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c aes $file >/dev/null || fail
+ echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h xxxx $file 2>/dev/null && fail
+ echo $PASSWORD | $CRYPTSETUP tcryptDump $SYS_OPT $PIM_OPT -h sha512 -c xxx $file 2>/dev/null && fail
+ fi
+ echo " [OK]"
+done
+
+echo "HEADER CHECK (TCRYPT only)"
+for file in $(ls $TST_DIR/vc_* $TST_DIR/vcpim_*) ; do
+ echo -n " $file"
+ PIM_OPT=""
+ [[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
+ get_HASH_CIPHER $file
+ echo $PASSWORD | $CRYPTSETUP tcryptDump --disable-veracrypt $PIM_OPT -h $HASH -c $CIPHER $file >/dev/null 2>&1 && fail
echo " [OK]"
done
echo "HEADER CHECK (HIDDEN)"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
echo -n " $file (hidden)"
- echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden --veracrypt $file >/dev/null || fail
+ get_HASH_CIPHER $file
+ echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden -h $HASH -c $CIPHER $file >/dev/null || fail
echo " [OK]"
done
PWD=$PASSWORD
[[ $file =~ vck_1_nopw.* ]] && PWD=""
[[ $file =~ vck_1_pw72.* ]] && PWD=$PASSWORD_72C
- echo $PWD | $CRYPTSETUP tcryptDump --veracrypt -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
+ get_HASH_CIPHER $file
+ echo $PWD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 -h $HASH -c $CIPHER $file >/dev/null || fail
echo " [OK]"
done
if [ $(id -u) != 0 ]; then
echo "WARNING: You must be root to run activation part of test, test skipped."
+ remove_mapping
exit 0
fi
[[ $file =~ vcpim.* ]] && PIM_OPT="--veracrypt-pim $PIM"
SYS_OPT=""
[[ $file =~ sys_.* ]] && SYS_OPT="--tcrypt-system"
- out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen --veracrypt $SYS_OPT $PIM_OPT -r $file $MAP 2>&1)
+ get_HASH_CIPHER $file
+ out=$(echo $PASSWORD | $CRYPTSETUP tcryptOpen $SYS_OPT $PIM_OPT -r -h $HASH -c $CIPHER $file $MAP 2>&1)
ret=$?
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
[ $ret -ne 0 ] && fail
$CRYPTSETUP status $MAP >/dev/null || fail
$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
- UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
$CRYPTSETUP remove $MAP || fail
[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
echo " [OK]"
echo "ACTIVATION FS UUID (HIDDEN) CHECK"
for file in $(ls $TST_DIR/[tv]c_*-hidden) ; do
echo -n " $file"
- out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen --veracrypt -r $file $MAP --tcrypt-hidden 2>&1)
+ get_HASH_CIPHER $file
+ out=$(echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r -h $HASH -c $CIPHER $file $MAP --tcrypt-hidden 2>&1)
ret=$?
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT legacy mode" ) && echo " [N/A]" && continue
[ $ret -eq 1 ] && ( echo "$out" | grep -q -e "TCRYPT compatible mapping" ) && echo " [N/A]" && continue
[ $ret -ne 0 ] && fail
- UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+ UUID=$(blkid -p -o value -s UUID /dev/mapper/$MAP)
$CRYPTSETUP remove $MAP || fail
[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
echo " [OK]"
done
+
+remove_mapping
+exit 0
/*
* cryptsetup library API test utilities
*
- * Copyright (C) 2009-2021 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2021 Milan Broz
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <inttypes.h>
#include "api_test.h"
#include "libcryptsetup.h"
+#ifndef LOOP_CONFIGURE
+#define LOOP_CONFIGURE 0x4C0A
+struct loop_config {
+ __u32 fd;
+ __u32 block_size;
+ struct loop_info64 info;
+ __u64 __reserved[8];
+};
+#endif
+
static char last_error[256];
static char global_log[4096];
static uint32_t t_dm_crypt_flags = 0;
return r;
}
+int t_set_readahead(const char *device, unsigned value)
+{
+ int devfd, r = 0;
+
+ devfd = open(device, O_RDONLY);
+ if(devfd == -1)
+ return -EINVAL;
+
+ if (ioctl(devfd, BLKRASET, value) < 0)
+ r = -EINVAL;
+ close(devfd);
+ return r;
+}
+
int fips_mode(void)
{
int fd;
printf("No enough space on backing loop device\n.");
return -2;
}
- snprintf(cmd, sizeof(cmd),
- "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
- dm_name, size, THE_LOOP_DEV, t_dev_offset);
+ r = snprintf(cmd, sizeof(cmd),
+ "dmsetup create %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
+ dm_name, size, THE_LOOP_DEV, t_dev_offset);
+ if (r < 0 || (size_t)r >= sizeof(cmd))
+ return -3;
+
if (!(r = _system(cmd, 1)))
t_dev_offset += size;
return r;
}
+__attribute__((format(printf, 3, 4)))
+static int _snprintf(char **r_ptr, size_t *r_remains, const char *format, ...)
+{
+ int len, r = 0;
+ va_list argp;
+
+ assert(r_remains);
+ assert(r_ptr);
+
+ va_start(argp, format);
+
+ len = vsnprintf(*r_ptr, *r_remains, format, argp);
+ if (len < 0 || (size_t)len >= *r_remains) {
+ r = -EINVAL;
+ } else {
+ *r_ptr += len;
+ *r_remains -= len;
+ }
+
+ va_end(argp);
+
+ return r;
+}
+
+int dmdevice_error_io(const char *dm_name,
+ const char *dm_device,
+ const char *error_device,
+ uint64_t data_offset,
+ uint64_t offset,
+ uint64_t length,
+ error_io_info ei)
+{
+ char str[256], cmd[384];
+ int r;
+ uint64_t dev_size;
+ size_t remains;
+ char *ptr;
+
+ if (t_device_size(dm_device, &dev_size) < 0 || !length)
+ return -1;
+
+ dev_size >>= TST_SECTOR_SHIFT;
+
+ if (dev_size <= offset)
+ return -1;
+
+ if (ei == ERR_REMOVE) {
+ r = snprintf(cmd, sizeof(cmd),
+ "dmsetup load %s --table \"0 %" PRIu64 " linear %s %" PRIu64 "\"",
+ dm_name, dev_size, THE_LOOP_DEV, data_offset);
+ if (r < 0 || (size_t)r >= sizeof(str))
+ return -3;
+
+ if ((r = _system(cmd, 1)))
+ return r;
+
+ r = snprintf(cmd, sizeof(cmd), "dmsetup resume %s", dm_name);
+ if (r < 0 || (size_t)r >= sizeof(cmd))
+ return -3;
+
+ return _system(cmd, 1);
+ }
+
+ if ((dev_size - offset) < length) {
+ printf("Not enough space on target device\n.");
+ return -2;
+ }
+
+ remains = sizeof(str);
+ ptr = str;
+
+ if (offset) {
+ r = _snprintf(&ptr, &remains,
+ "0 %" PRIu64 " linear %s %" PRIu64 "\n",
+ offset, THE_LOOP_DEV, data_offset);
+ if (r < 0)
+ return r;
+ }
+ r = _snprintf(&ptr, &remains, "%" PRIu64 " %" PRIu64 " delay ",
+ offset, length);
+ if (r < 0)
+ return r;
+
+ if (ei == ERR_RW || ei == ERR_RD) {
+ r = _snprintf(&ptr, &remains, "%s 0 0",
+ error_device);
+ if (r < 0)
+ return r;
+ if (ei == ERR_RD) {
+ r = _snprintf(&ptr, &remains, " %s %" PRIu64 " 0",
+ THE_LOOP_DEV, data_offset + offset);
+ if (r < 0)
+ return r;
+ }
+ } else if (ei == ERR_WR) {
+ r = _snprintf(&ptr, &remains, "%s %" PRIu64 " 0 %s 0 0",
+ THE_LOOP_DEV, data_offset + offset, error_device);
+ if (r < 0)
+ return r;
+ }
+
+ if (dev_size > (offset + length)) {
+ r = _snprintf(&ptr, &remains,
+ "\n%" PRIu64 " %" PRIu64 " linear %s %" PRIu64,
+ offset + length, dev_size - offset - length, THE_LOOP_DEV,
+ data_offset + offset + length);
+ if (r < 0)
+ return r;
+ }
+
+ /*
+ * Hello darkness, my old friend...
+ *
+ * On few old distributions there's issue with
+ * processing multiline tables via dmsetup load --table.
+ * This workaround passes on all systems we run tests on.
+ */
+ r = snprintf(cmd, sizeof(cmd), "dmsetup load %s <<EOF\n%s\nEOF", dm_name, str);
+ if (r < 0 || (size_t)r >= sizeof(cmd))
+ return -3;
+
+ if ((r = _system(cmd, 1)))
+ return r;
+
+ r = snprintf(cmd, sizeof(cmd), "dmsetup resume %s", dm_name);
+ if (r < 0 || (size_t)r >= sizeof(cmd))
+ return -3;
+
+ if ((r = _system(cmd, 1)))
+ return r;
+
+ return t_set_readahead(dm_device, 0);
+}
+
// Get key from kernel dm mapping table using dm-ioctl
int get_key_dm(const char *name, char *buffer, unsigned int buffer_size)
{
struct dm_info dmi;
uint64_t start, length;
char *target_type, *key, *params;
- void *next = NULL;
int r = -EINVAL;
if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
if (!dmi.exists)
goto out;
- next = dm_get_next_target(dmt, next, &start, &length, &target_type, ¶ms);
+ dm_get_next_target(dmt, NULL, &start, &length, &target_type, ¶ms);
if (!target_type || strcmp(target_type, "crypt") != 0)
goto out;
return 0;
}
-void global_log_callback(int level, const char *msg, void *usrptr)
+void global_log_callback(int level, const char *msg, void *usrptr __attribute__((unused)))
{
size_t len;
return r;
}
-static int keyring_check(void)
+static int _keyring_check(void)
{
#ifdef KERNEL_KEYRING
return syscall(__NR_request_key, "logon", "dummy", NULL, 0) == -1l && errno != ENOSYS;
t_dm_crypt_flags |= T_DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED;
}
- if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch) && keyring_check())
+ if (t_dm_satisfies_version(1, 18, 1, crypt_maj, crypt_min, crypt_patch) && _keyring_check())
t_dm_crypt_flags |= T_DM_KERNEL_KEYRING_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 17, 0, crypt_maj, crypt_min, crypt_patch)) {
+ t_dm_crypt_flags |= T_DM_SECTOR_SIZE_SUPPORTED;
+ t_dm_crypt_flags |= T_DM_CAPI_STRING_SUPPORTED;
+ }
+
+ if (t_dm_satisfies_version(1, 19, 0, crypt_maj, crypt_min, crypt_patch))
+ t_dm_crypt_flags |= T_DM_BITLK_EBOIV_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 20, 0, crypt_maj, crypt_min, crypt_patch))
+ t_dm_crypt_flags |= T_DM_BITLK_ELEPHANT_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 22, 0, crypt_maj, crypt_min, crypt_patch))
+ t_dm_crypt_flags |= T_DM_CRYPT_NO_WORKQUEUE_SUPPORTED;
}
-static void t_dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
- unsigned verity_min, unsigned verity_patch)
+static void t_dm_set_verity_compat(const char *dm_version __attribute__((unused)),
+ unsigned verity_maj,
+ unsigned verity_min,
+ unsigned verity_patch __attribute__((unused)))
{
if (verity_maj > 0)
t_dm_crypt_flags |= T_DM_VERITY_SUPPORTED;
t_dm_crypt_flags |= T_DM_VERITY_ON_CORRUPTION_SUPPORTED;
t_dm_crypt_flags |= T_DM_VERITY_FEC_SUPPORTED;
}
+
+ if (t_dm_satisfies_version(1, 5, 0, verity_maj, verity_min, verity_patch))
+ t_dm_crypt_flags |= T_DM_VERITY_SIGNATURE_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 7, 0, verity_maj, verity_min, verity_patch))
+ t_dm_crypt_flags |= T_DM_VERITY_PANIC_CORRUPTION_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 9, 0, verity_maj, verity_min, verity_patch))
+ t_dm_crypt_flags |= T_DM_VERITY_TASKLETS_SUPPORTED;
}
-static void t_dm_set_integrity_compat(const char *dm_version, unsigned integrity_maj,
- unsigned integrity_min, unsigned integrity_patch)
+static void t_dm_set_integrity_compat(const char *dm_version __attribute__((unused)),
+ unsigned integrity_maj __attribute__((unused)),
+ unsigned integrity_min __attribute__((unused)),
+ unsigned integrity_patch __attribute__((unused)))
{
if (integrity_maj > 0)
t_dm_crypt_flags |= T_DM_INTEGRITY_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 2, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_RECALC_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 3, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_BITMAP_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 4, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_PADDING_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 6, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_DISCARDS_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 7, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_FIX_HMAC_SUPPORTED;
+
+ if (t_dm_satisfies_version(1, 8, 0, integrity_maj, integrity_min, integrity_patch))
+ t_dm_crypt_flags |= T_DM_INTEGRITY_RESET_RECALC_SUPPORTED;
}
int t_dm_check_versions(void)
(unsigned)target->version[1],
(unsigned)target->version[2]);
}
- target = (struct dm_versions *)((char *) target + target->next);
+ target = VOIDP_CAST(struct dm_versions *)((char *) target + target->next);
} while (last_target != target);
r = 0;
return t_dm_crypt_flags & T_DM_DISCARDS_SUPPORTED;
}
+int t_dm_integrity_resize_support(void)
+{
+ return t_dm_crypt_flags & T_DM_INTEGRITY_RESIZE_SUPPORTED;
+}
+
+int t_dm_integrity_recalculate_support(void)
+{
+ return t_dm_crypt_flags & T_DM_INTEGRITY_RECALC_SUPPORTED;
+}
+
+int t_dm_capi_string_supported(void)
+{
+ return t_dm_crypt_flags & T_DM_CAPI_STRING_SUPPORTED;
+}
+
/* loop helpers */
#define LOOP_DEV_MAJOR 7
static char *crypt_loop_get_device_old(void)
{
- char dev[20];
+ char dev[64];
int i, loop_fd;
struct loop_info64 lo64 = {0};
int loop_attach(char **loop, const char *file, int offset,
int autoclear, int *readonly)
{
- struct loop_info64 lo64 = {0};
+ struct loop_config config = {0};
char *lo_file_name;
int loop_fd = -1, file_fd = -1, r = 1;
+ int fallback = 0;
*loop = NULL;
if (file_fd < 0)
goto out;
+ config.fd = file_fd;
+
+ lo_file_name = (char*)config.info.lo_file_name;
+ lo_file_name[LO_NAME_SIZE-1] = '\0';
+ strncpy(lo_file_name, file, LO_NAME_SIZE-1);
+ config.info.lo_offset = offset;
+ if (autoclear)
+ config.info.lo_flags |= LO_FLAGS_AUTOCLEAR;
+
while (loop_fd < 0) {
*loop = crypt_loop_get_device();
if (!*loop)
loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
if (loop_fd < 0)
goto out;
-
- if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
+ if (ioctl(loop_fd, LOOP_CONFIGURE, &config) < 0) {
+ if (errno == EINVAL || errno == ENOTTY) {
+ free(*loop);
+ *loop = NULL;
+
+ close(loop_fd);
+ loop_fd = -1;
+
+ /* kernel doesn't support LOOP_CONFIGURE */
+ fallback = 1;
+ break;
+ }
if (errno != EBUSY)
goto out;
free(*loop);
}
}
- lo_file_name = (char*)lo64.lo_file_name;
- lo_file_name[LO_NAME_SIZE-1] = '\0';
- strncpy(lo_file_name, file, LO_NAME_SIZE-1);
- lo64.lo_offset = offset;
- if (autoclear)
- lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;
+ if (fallback)
+ {
+ while (loop_fd < 0) {
+ *loop = crypt_loop_get_device();
+ if (!*loop)
+ goto out;
- if (ioctl(loop_fd, LOOP_SET_STATUS64, &lo64) < 0) {
- (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
- goto out;
+ loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
+ if (loop_fd < 0)
+ goto out;
+ if (ioctl(loop_fd, LOOP_SET_FD, file_fd) < 0) {
+ if (errno != EBUSY)
+ goto out;
+ free(*loop);
+ *loop = NULL;
+
+ close(loop_fd);
+ loop_fd = -1;
+ }
+ }
+
+ if (ioctl(loop_fd, LOOP_SET_STATUS64, &config.info) < 0) {
+ (void)ioctl(loop_fd, LOOP_CLR_FD, 0);
+ goto out;
+ }
}
/* Verify that autoclear is really set */
if (autoclear) {
- memset(&lo64, 0, sizeof(lo64));
- if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) < 0 ||
- !(lo64.lo_flags & LO_FLAGS_AUTOCLEAR)) {
+ memset(&config.info, 0, sizeof(config.info));
+ if (ioctl(loop_fd, LOOP_GET_STATUS64, &config.info) < 0 ||
+ !(config.info.lo_flags & LO_FLAGS_AUTOCLEAR)) {
(void)ioctl(loop_fd, LOOP_CLR_FD, 0);
goto out;
}
close(loop_fd);
return r;
}
+
+int t_get_devno(const char *name, dev_t *devno)
+{
+ char path[PATH_MAX];
+ int r;
+ struct stat st;
+
+ r = snprintf(path, sizeof(path), DMDIR "%s", name);
+ if (r < 0 || (size_t)r >= sizeof(path))
+ return 1;
+
+ if (stat(path, &st) || !S_ISBLK(st.st_mode))
+ return 1;
+
+ *devno = st.st_rdev;
+
+ return 0;
+}
+
+static int _read_uint64(const char *sysfs_path, uint64_t *value)
+{
+ char tmp[64] = {0};
+ int fd, r;
+
+ if ((fd = open(sysfs_path, O_RDONLY)) < 0)
+ return 0;
+ r = read(fd, tmp, sizeof(tmp));
+ close(fd);
+
+ if (r <= 0)
+ return 0;
+
+ if (sscanf(tmp, "%" PRIu64, value) != 1)
+ return 0;
+
+ return 1;
+}
+
+static int _sysfs_get_uint64(int major, int minor, uint64_t *value, const char *attr)
+{
+ char path[PATH_MAX];
+
+ if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d/%s",
+ major, minor, attr) < 0)
+ return 0;
+
+ return _read_uint64(path, value);
+}
+
+int t_device_size_by_devno(dev_t devno, uint64_t *retval)
+{
+ if (!_sysfs_get_uint64(major(devno), minor(devno), retval, "size"))
+ return 1;
+
+ *retval *= 512;
+ return 0;
+}
--- /dev/null
+/*
+ * cryptsetup crypto name and hex conversion helper test vectors
+ *
+ * Copyright (C) 2022-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "utils_crypt.h"
+#include "libcryptsetup.h"
+
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
+#endif
+
+/*
+ * Cryptsetup/dm-crypt algorithm naming conversion test
+ */
+struct mode_test_vector {
+ const char *input;
+ const char *cipher;
+ const char *mode;
+ int keys;
+};
+static struct mode_test_vector mode_test_vectors[] = {
+ { "aes-xts-plain", "aes", "xts-plain", 1 },
+ { "aes-xts-plain64", "aes", "xts-plain64", 1 },
+ { "aes-cbc-plain", "aes", "cbc-plain", 1 },
+ { "aes-cbc-plain64", "aes", "cbc-plain64", 1 },
+ { "aes-cbc-essiv:sha256", "aes", "cbc-essiv:sha256", 1 },
+ { "aes", "aes", "cbc-plain", 1 },
+ { "twofish", "twofish", "cbc-plain", 1 },
+ { "cipher_null", "cipher_null", "ecb", 0 },
+ { "null", "cipher_null", "ecb", 0 },
+ { "xchacha12,aes-adiantum-plain64", "xchacha12,aes", "adiantum-plain64", 1 },
+ { "xchacha20,aes-adiantum-plain64", "xchacha20,aes", "adiantum-plain64", 1 },
+ { "aes:64-cbc-lmk", "aes:64", "cbc-lmk", 64 },
+ { "des3_ede-cbc-tcw", "des3_ede" ,"cbc-tcw", 1 },
+ { "aes-lrw-benbi", "aes","lrw-benbi", 1 },
+};
+
+static int test_parse_mode(void)
+{
+ char cipher[MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN];
+ unsigned int i;
+ int keys;
+
+ printf("MODECONV:");
+ for (i = 0; i < ARRAY_SIZE(mode_test_vectors); i++) {
+ if (i && !(i % 8))
+ printf("\n");
+ keys = -1;
+ memset(cipher, 0, sizeof(cipher));
+ memset(mode, 0, sizeof(mode));
+ printf("[%s]", mode_test_vectors[i].input ?: "NULL");
+ if (crypt_parse_name_and_mode(mode_test_vectors[i].input, cipher, &keys, mode) < 0 ||
+ strcmp(mode_test_vectors[i].cipher, cipher) ||
+ strcmp(mode_test_vectors[i].mode, mode) ||
+ mode_test_vectors[i].keys != keys) {
+ printf("[FAILED (%s / %s / %i)]\n", cipher, mode, keys);
+ return EXIT_FAILURE;
+ }
+ }
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
+/*
+ * Cryptsetup/dm-crypt/dm-integrity algorithm naming conversion test
+ */
+struct integrity_test_vector {
+ bool int_mode; /* non-null if it is supported as integrity mode for LUKS2 */
+ const char *input;
+ const char *integrity;
+ int key_size;
+};
+static struct integrity_test_vector integrity_test_vectors[] = {
+ { true, "aead", "aead", 0 },
+ { true, "poly1305", "poly1305", 0 },
+ { true, "none", "none", 0 },
+ { false, "crc32", "crc32", 0 },
+ { true, "hmac-sha1", "hmac(sha1)", 20 },
+ { true, "hmac-sha256", "hmac(sha256)", 32 },
+ { true, "hmac-sha512", "hmac(sha512)", 64 },
+ { true, "cmac-aes", "cmac(aes)", 16 },
+ { false, "blake2b-256", "blake2b-256", 0 },
+};
+
+static int test_parse_integrity_mode(void)
+{
+ char integrity[MAX_CIPHER_LEN];
+ unsigned int i;
+ int key_size;
+
+ printf("INTEGRITYCONV:");
+ for (i = 0; i < ARRAY_SIZE(integrity_test_vectors); i++) {
+ memset(integrity, 0, sizeof(integrity));
+ printf("[%s,%i]", integrity_test_vectors[i].input ?: "NULL", integrity_test_vectors[i].key_size);
+ if (crypt_parse_hash_integrity_mode(integrity_test_vectors[i].input, integrity) < 0 ||
+ strcmp(integrity_test_vectors[i].integrity, integrity)) {
+ printf("[FAILED (%s)]\n", integrity);
+ return EXIT_FAILURE;
+ }
+ key_size = -1;
+ memset(integrity, 0, sizeof(integrity));
+ if (integrity_test_vectors[i].int_mode &&
+ (crypt_parse_integrity_mode(integrity_test_vectors[i].input, integrity, &key_size) < 0 ||
+ strcmp(integrity_test_vectors[i].integrity, integrity) ||
+ integrity_test_vectors[i].key_size != key_size)) {
+ printf("[FAILED (%s / %i)]\n", integrity, key_size);
+ return EXIT_FAILURE;
+ }
+ }
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
+/*
+ * Cryptsetup null cipher bypass algorithm name
+ */
+struct null_test_vector {
+ const char *cipher;
+ bool ok;
+};
+static struct null_test_vector null_test_vectors[] = {
+ { "cipher_null-ecb", true },
+ { "cipher_null", true },
+ { "null", true },
+ { "cipher-null", false },
+ { "aes-ecb", false },
+ { NULL, false },
+};
+
+static int test_cipher_null(void)
+{
+ unsigned int i;
+
+ printf("NULLCONV:");
+ for (i = 0; i < ARRAY_SIZE(null_test_vectors); i++) {
+ printf("[%s]", null_test_vectors[i].cipher ?: "NULL");
+ if (crypt_is_cipher_null(null_test_vectors[i].cipher) !=
+ null_test_vectors[i].ok) {
+ printf("[FAILED]\n");
+ return EXIT_FAILURE;
+ }
+ }
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
+struct hex_test_vector {
+ const char *hex;
+ const char *bytes;
+ ssize_t bytes_size;
+ bool ok;
+};
+static struct hex_test_vector hex_test_vectors[] = {
+ { "0000000000000000", "\x00\x00\x00\x00\x00\x00\x00\x00", 8, true },
+ { "abcdef0123456789", "\xab\xcd\xef\x01\x23\x45\x67\x89", 8, true },
+ { "aBCDef0123456789", "\xab\xcd\xef\x01\x23\x45\x67\x89", 8, true },
+ { "ff", "\xff", 1, true },
+ { "f", NULL , 1, false },
+ { "a-cde", NULL, 2, false },
+ { "FAKE", NULL, 2, false },
+ { "\x01\x02\xff", NULL, 3, false },
+ { NULL, NULL, 1, false },
+ { "fff", NULL, 2, false },
+ { "fg", NULL, 1, false },
+};
+
+/*
+ * Hexa conversion test (also should be constant time)
+ */
+static int test_hex_conversion(void)
+{
+ char *bytes, *hex;
+ ssize_t len;
+ unsigned int i;
+
+ printf("HEXCONV:");
+ for (i = 0; i < ARRAY_SIZE(hex_test_vectors); i++) {
+ bytes = NULL;
+ hex = NULL;
+ if (hex_test_vectors[i].hex && *hex_test_vectors[i].hex >= '0')
+ printf("[%s]", hex_test_vectors[i].hex);
+ else
+ printf("[INV:%i]", i);
+ len = crypt_hex_to_bytes(hex_test_vectors[i].hex, &bytes, 1);
+ if ((hex_test_vectors[i].ok && len != hex_test_vectors[i].bytes_size) ||
+ (!hex_test_vectors[i].ok && len >= 0)) {
+ printf("[FAILED]\n");
+ crypt_safe_free(bytes);
+ return EXIT_FAILURE;
+ }
+ crypt_safe_free(bytes);
+ hex = crypt_bytes_to_hex(hex_test_vectors[i].bytes_size, hex_test_vectors[i].bytes);
+ if ((hex_test_vectors[i].ok && strcasecmp(hex, hex_test_vectors[i].hex)) ||
+ (!hex_test_vectors[i].ok && hex)) {
+ printf("[FAILED]\n");
+ crypt_safe_free(hex);
+ return EXIT_FAILURE;
+ }
+ crypt_safe_free(hex);
+ }
+ printf("[OK]\n");
+
+ return EXIT_SUCCESS;
+}
+
+static void __attribute__((noreturn)) exit_test(const char *msg, int r)
+{
+ if (msg)
+ printf("%s\n", msg);
+ exit(r);
+}
+
+int main(__attribute__ ((unused)) int argc, __attribute__ ((unused))char *argv[])
+{
+ setvbuf(stdout, NULL, _IONBF, 0);
+
+#ifndef NO_CRYPTSETUP_PATH
+ if (getenv("CRYPTSETUP_PATH")) {
+ printf("Cannot run this test with CRYPTSETUP_PATH set.\n");
+ exit(77);
+ }
+#endif
+ if (test_parse_mode())
+ exit_test("Parse mode test failed.", EXIT_FAILURE);
+
+ if (test_parse_integrity_mode())
+ exit_test("Parse integrity mode test failed.", EXIT_FAILURE);
+
+ if (test_cipher_null())
+ exit_test("CIPHER null test failed.", EXIT_FAILURE);
+
+ if (test_hex_conversion())
+ exit_test("HEX conversion test failed.", EXIT_FAILURE);
+
+ exit_test(NULL, EXIT_SUCCESS);
+}
/*
* simple unit test for utils_io.c (blockwise low level functions)
*
- * Copyright (C) 2018-2021 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2023 Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
long ps;
int r = EXIT_FAILURE;
+#ifndef NO_CRYPTSETUP_PATH
+ if (getenv("CRYPTSETUP_PATH")) {
+ printf("Cannot run this test with CRYPTSETUP_PATH set.\n");
+ exit(77);
+ }
+#endif
if (parse_input_params(argc, argv))
return r;
--- /dev/null
+#!/bin/bash
+
+WIPE_UNIT=./unit-wipe
+FILE=./wipe_localfile
+FILE_RAND=./wipe_random_localfile
+MB_BYTES=$((1024*1024))
+DEVSIZEMB=8
+DEVSIZE=$((DEVSIZEMB*$MB_BYTES))
+
+HASH_EMPTY=2daeb1f36095b44b318410b3f4e8b5d989dcc7bb023d1426c492dab0a3053e74
+
+function cleanup() {
+ rm -f $FILE $FILE_RAND 2> /dev/null
+ sleep 1
+ rmmod scsi_debug >/dev/null 2>&1
+}
+
+function fail()
+{
+ if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi
+ echo "FAILED backtrace:"
+ while caller $frame; do ((frame++)); done
+ cleanup
+ exit 100
+}
+
+function skip()
+{
+ echo "TEST SKIPPED: $1"
+ cleanup
+ exit 77
+}
+
+function add_device()
+{
+ rmmod scsi_debug >/dev/null 2>&1
+ if [ -d /sys/module/scsi_debug ] ; then
+ skip "Cannot use scsi_debug module (in use or compiled-in)."
+ fi
+ modprobe scsi_debug dev_size_mb=$DEVSIZEMB num_tgts=1 delay=0 >/dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ skip "This kernel seems to not support proper scsi_debug module."
+ fi
+ grep -q scsi_debug /sys/block/*/device/model || sleep 2
+ DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+ DEV="/dev/$DEV"
+ [ -b $DEV ] || fail "Cannot find $DEV."
+}
+
+function check_hash() # $1 dev, $2 hash
+{
+ local HASH=$(sha256sum $1 | cut -d' ' -f 1)
+ [ $HASH == "$2" ]
+}
+
+function init_hash_dd() # $1 dev, $dev orig
+{
+ dd if=/dev/urandom of=$2 bs=1M count=$DEVSIZEMB conv=notrunc 2> /dev/null
+ dd if=$2 of=$1 bs=1M conv=notrunc 2> /dev/null
+ HASH_0=$(sha256sum $1 | cut -d' ' -f 1)
+ # second MB wiped
+ dd if=/dev/zero of=$1 bs=1M seek=1 count=1 conv=notrunc 2> /dev/null
+ HASH_1=$(sha256sum $1 | cut -d' ' -f 1)
+ # 4,5,6 MB wiped
+ dd if=/dev/zero of=$1 bs=1M seek=4 count=3 conv=notrunc 2> /dev/null
+ HASH_2=$(sha256sum $1 | cut -d' ' -f 1)
+ dd if=$2 of=$1 bs=1M conv=notrunc 2> /dev/null
+}
+
+function add_file()
+{
+ dd if=/dev/zero of=$FILE bs=1M count=$DEVSIZEMB 2> /dev/null || fail
+ dd if=/dev/zero of=$FILE_RAND bs=1M count=$DEVSIZEMB 2> /dev/null || fail
+ check_hash $FILE $HASH_EMPTY || fail
+ check_hash $FILE_RAND $HASH_EMPTY || fail
+ dd if=$FILE of=/dev/null bs=4096 count=1 iflag=direct >/dev/null 2>&1 || FILE_NODIO=1
+}
+
+function test_wipe_full() # $1 dev, $2 block size, [$3 flags]
+{
+ # wipe random and back to zero
+ $WIPE_UNIT $1 random 0 $DEVSIZE $2 $3 || fail
+ check_hash $1 $HASH_EMPTY && fail "Failed random wipe"
+ $WIPE_UNIT $1 zero 0 $DEVSIZE $2 $3 || fail
+ check_hash $1 $HASH_EMPTY || fail "Failed zero wipe"
+}
+
+# wipe MB blocks, with zero, random and special and back to original
+function test_wipe_blocks() # $1 dev $2 block sizem [$3 flags]
+{
+ init_hash_dd $1 $FILE_RAND
+ check_hash $1 $HASH_0 || fail
+
+ $WIPE_UNIT $1 zero $((1*$MB_BYTES)) $((1*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_1 || fail
+ $WIPE_UNIT $1 random $((1*$MB_BYTES)) $((1*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_1 && fail
+ $WIPE_UNIT $1 special $((1*$MB_BYTES)) $((1*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_1 && fail
+ $WIPE_UNIT $1 zero $((1*$MB_BYTES)) $((1*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_1 || fail
+
+ $WIPE_UNIT $1 zero $((4*$MB_BYTES)) $((3*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_2 || fail
+ $WIPE_UNIT $1 random $((4*$MB_BYTES)) $((3*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_2 && fail
+ $WIPE_UNIT $1 special $((4*$MB_BYTES)) $((3*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_2 && fail
+ $WIPE_UNIT $1 zero $((4*$MB_BYTES)) $((3*$MB_BYTES)) $2 $3 || fail
+ check_hash $1 $HASH_2 || fail
+}
+
+test -x $WIPE_UNIT || skip "Run \"make `basename $WIPE_UNIT`\" first"
+
+cleanup
+add_file
+
+echo -n "[1] Wipe full file "
+for bs in 0 $MB_BYTES $((4*$MB_BYTES)); do
+ if [ -n "$FILE_NODIO" ]; then
+ echo -n [$bs/DIO N/A]
+ else
+ echo -n [$bs/DIO]
+ test_wipe_full $FILE $bs
+ fi
+ echo -n [$bs]
+ test_wipe_full $FILE $bs no-dio
+done
+echo "[OK]"
+
+echo -n "[2] Wipe blocks in file "
+for bs in 0 $MB_BYTES $((4*$MB_BYTES)); do
+ if [ -n "$FILE_NODIO" ]; then
+ echo -n [$bs/DIO N/A]
+ else
+ echo -n [$bs/DIO]
+ test_wipe_blocks $FILE $bs
+ fi
+ echo -n [$bs]
+ test_wipe_blocks $FILE $bs no-dio
+done
+echo "[OK]"
+
+[ $(id -u) -eq 0 ] || {
+ echo "WARNING: You must be root to run remaining tests."
+ cleanup
+ exit 0
+}
+
+add_device
+
+echo -n "[3] Wipe full block device "
+for bs in 0 $MB_BYTES $((4*$MB_BYTES)); do
+ echo -n [$bs/DIO]
+ test_wipe_full $DEV $bs
+ echo -n [$bs]
+ test_wipe_full $DEV $bs no-dio
+done
+echo "[OK]"
+
+echo -n "[4] Wipe blocks in block device "
+for bs in 0 $MB_BYTES $((4*$MB_BYTES)); do
+ echo -n [$bs/DIO]
+ test_wipe_blocks $DEV $bs
+ echo -n [$bs]
+ test_wipe_blocks $DEV $bs no-dio
+done
+echo "[OK]"
+
+cleanup
--- /dev/null
+/*
+ * unit test helper for crypt_wipe API call
+ *
+ * Copyright (C) 2022-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "libcryptsetup.h"
+
+const char *test_file;
+uint64_t test_offset, test_length, test_block;
+uint32_t flags;
+crypt_wipe_pattern pattern;
+
+static void usage(void)
+{
+ fprintf(stderr, "Use:\tunit-wipe file/device zero|random|special offset length bsize [no-dio].\n");
+}
+
+static bool parse_u64(const char *arg, uint64_t *u64)
+{
+ unsigned long long ull;
+ char *end;
+
+ ull = strtoull(arg, &end, 10);
+ if (*end || !*arg || errno == ERANGE)
+ return false;
+
+ if (ull % 512)
+ return false;
+
+ *u64 = ull;
+ return true;
+}
+
+static bool parse_input_params(int argc, char **argv)
+{
+ struct stat st;
+
+ if (argc < 6 || argc > 7) {
+ usage();
+ return false;
+ }
+
+ if (stat(argv[1], &st)) {
+ fprintf(stderr, "File/device %s is missing?\n", argv[1]);
+ return false;
+ }
+ test_file = argv[1];
+
+ if (!strcmp(argv[2], "random"))
+ pattern = CRYPT_WIPE_RANDOM;
+ else if (!strcmp(argv[2], "zero"))
+ pattern = CRYPT_WIPE_ZERO;
+ else if (!strcmp(argv[2], "special"))
+ pattern = CRYPT_WIPE_SPECIAL;
+ else {
+ fprintf(stderr, "Wrong pattern specification.\n");
+ return false;
+ }
+
+ if (!parse_u64(argv[3], &test_offset)) {
+ fprintf(stderr, "Wrong offset specification.\n");
+ return false;
+ }
+
+ if (!parse_u64(argv[4], &test_length)) {
+ fprintf(stderr, "Wrong length specification.\n");
+ return false;
+ }
+
+ if (!parse_u64(argv[5], &test_block)) {
+ fprintf(stderr, "Wrong block length specification.\n");
+ return false;
+ }
+
+ if (argc > 6) {
+ if (!strcmp(argv[6], "no-dio"))
+ flags = CRYPT_WIPE_NO_DIRECT_IO;
+ else {
+ fprintf(stderr, "Wrong flags specification.\n");
+ return false;
+ }
+ }
+
+ return true;
+}
+
+int main(int argc, char **argv)
+{
+ struct crypt_device *cd;
+ int r;
+
+#ifndef NO_CRYPTSETUP_PATH
+ if (getenv("CRYPTSETUP_PATH")) {
+ printf("Cannot run this test with CRYPTSETUP_PATH set.\n");
+ exit(77);
+ }
+#endif
+
+ if (!parse_input_params(argc, argv))
+ return EXIT_FAILURE;
+
+ r = crypt_init(&cd, NULL);
+ if (r < 0) {
+ fprintf(stderr, "Context init failure %i.\n", r);
+ return EXIT_FAILURE;
+ }
+
+ r = crypt_wipe(cd, test_file, pattern, test_offset, test_length,
+ test_block, flags, NULL, NULL);
+ crypt_free(cd);
+
+ if (r)
+ fprintf(stderr, "Failure %i\n", r);
+
+ return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
FREE="--free-fill=21"
STACK="--max-stackframe=300000"
EXTRAS="--read-var-info=yes --show-reachable=yes"
-LOGFILE="--log-file=./valglog.$(date +%H:%M:%S:%N)_${INFOSTRING}"
+LOGFILE="--log-file=./valglog.$(date +%j:%H:%M:%S:%N)_${INFOSTRING}"
LEAKCHECK="--leak-check=full --track-origins=yes"
exec valgrind $SUP $GETSUP $CHILD $MALLOC $FREE $STACK $EXTRAS $LOGFILE $LEAKCHECK "$@"
FREE="--free-fill=21"
STACK="--max-stackframe=2000000"
EXTRAS="--read-var-info=yes --show-reachable=yes"
-LOGFILE="--log-file=./valglog.$(date +%H:%M:%S:%N)_${INFOSTRING}"
+LOGFILE="--log-file=./valglog.$(date +%j:%H:%M:%S:%N)_${INFOSTRING}"
LEAKCHECK="--leak-check=full --track-origins=yes"
exec valgrind $SUP $GETSUP $CHILD $MALLOC $FREE $STACK $EXTRAS $LOGFILE $LEAKCHECK "$@"
VERITYSETUP_LIB_VALGRIND=../.libs
DEV_NAME=verity3273
+DEV_NAME2=verity3273x
DEV_OUT="$DEV_NAME.out"
IMG=verity-data
IMG_HASH=verity-hash
function remove_mapping()
{
+ [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2 >/dev/null 2>&1
[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME >/dev/null 2>&1
[ ! -z "$LOOPDEV1" ] && losetup -d $LOOPDEV1 >/dev/null 2>&1
- rm -f $IMG $IMG_HASH $DEV_OUT $FEC_DEV $IMG_TMP >/dev/null 2>&1
+ rm -f $IMG $IMG.roothash $IMG_HASH $DEV_OUT $FEC_DEV $IMG_TMP >/dev/null 2>&1
LOOPDEV1=""
LOOPDEV2=""
}
function check_root_hash_fail()
{
echo -n "Root hash check "
- ARR=(`$VERITYSETUP format $IMG $IMG_HASH --fec-device $FEC_DEV --fec-roots 2 -h sha256`)
- ROOT_HASH=${ARR[28]}
+ ROOT_HASH=$($VERITYSETUP format $IMG $IMG_HASH --fec-device $FEC_DEV --fec-roots 2 -h sha256 | grep -e "Root hash" | cut -d: -f2 | tr -d "\t\n ")
ROOT_HASH_BAD=abcdef0000000000000000000000000000000000000000000000000000000000
$VERITYSETUP verify $IMG $IMG_HASH $ROOT_HASH || fail
$VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH || fail
check_exists
+ dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=4096 count=1 >/dev/null 2>&1
dmsetup status $DEV_NAME | grep "verity V" >/dev/null || fail
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
$VERITYSETUP open $IMG $DEV_NAME $IMG_HASH $ROOT_HASH_BAD >/dev/null 2>&1 || fail
check_exists
+ dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=4096 count=1 >/dev/null 2>&1
dmsetup status $DEV_NAME | grep "verity C" >/dev/null || fail
$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
function check_root_hash() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, [$6 offset]
{
+ local FORMAT_PARAMS
+ local VERIFY_PARAMS
+ local ROOT_HASH
+
if [ -z "$LOOPDEV2" ] ; then
BLOCKS=$(($6 / $1))
DEV_PARAMS="$LOOPDEV1 $LOOPDEV1 \
DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
fi
+ for root_hash_as_file in yes no; do
for sb in yes no; do
FORMAT_PARAMS="--format=$4 --data-block-size=$1 --hash-block-size=$1 --hash=$5 --salt=$3"
if [ $sb == yes ] ; then
FORMAT_PARAMS="$FORMAT_PARAMS --no-superblock"
VERIFY_PARAMS=$FORMAT_PARAMS
fi
+ if [ $root_hash_as_file == yes ] ; then
+ echo -n $2 > $IMG.roothash
+ FORMAT_PARAMS="$FORMAT_PARAMS --root-hash-file=$IMG.roothash"
+ VERIFY_PARAMS="$VERIFY_PARAMS --root-hash-file=$IMG.roothash"
+ ROOT_HASH=""
+ else
+ ROOT_HASH="$2"
+ fi
for fail in data hash; do
wipe
- echo -n "V$4(sb=$sb) $5 block size $1: "
- $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
+ echo -n "V$4(sb=$sb root_hash_as_file=$root_hash_as_file) $5 block size $1: "
+ $VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT
+ if [ $? -ne 0 ] ; then
+ if [[ $1 =~ "sha2" ]] ; then
+ fail "Cannot format device."
+ fi
+ return
+ fi
echo -n "[root hash]"
compare_out "root hash" $2
compare_out "salt" "$3"
- $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || fail
+ $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || fail
echo -n "[verify]"
- $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || fail
+ $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || fail
check_exists
echo -n "[activate]"
;;
esac
- $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 && \
+ $VERITYSETUP verify $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 && \
fail "userspace check for $TXT corruption"
- $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $2 >>$DEV_OUT 2>&1 || \
+ $VERITYSETUP create $DEV_NAME $DEV_PARAMS $VERIFY_PARAMS $ROOT_HASH >>$DEV_OUT 2>&1 || \
fail "activation"
dd if=/dev/mapper/$DEV_NAME of=/dev/null bs=$1 2>/dev/null
dmsetup status $DEV_NAME | grep "verity V" >/dev/null && \
echo "[$TXT corruption]"
done
done
+ done
}
function corrupt_device() # $1 device, $2 device_size(in bytes), $3 #{corrupted_bytes}
if [ "${11}" == "n" ]; then
INDEX=24
echo -n "[no-superblock]"
- PARAMS="$PARAMS --no-superblock -s=${12}"
+ PARAMS="$PARAMS --no-superblock --salt=${12}"
elif [ -n "${12}" ]; then
- PARAMS="$PARAMS -s=${12}"
+ PARAMS="$PARAMS --salt=${12}"
fi
if [[ "$1" == "$2" && "$1" == "$3" ]]; then
echo -n "[one_device_test]"
dd if=/dev/zero of=$IMG_TMP bs=$4 count=$5 > /dev/null 2>&1
- ARR=(`sha256sum $IMG_TMP`)
- HASH_ORIG=${ARR[0]}
+ HASH_ORIG=$(sha256sum $IMG_TMP | cut -d' ' -f 1)
else
- ARR=(`sha256sum $1`)
- HASH_ORIG=${ARR[0]}
+ HASH_ORIG=$(sha256sum $1 | cut -d' ' -f 1)
fi
- ARR=(`$VERITYSETUP format $1 $2 --fec-device=$3 $PARAMS`)
- SALT=${ARR[$INDEX]}
- ROOT_HASH=${ARR[$(($INDEX+3))]}
+ ROOT_HASH=$($VERITYSETUP format $1 $2 --fec-device=$3 $PARAMS | grep -e "Root hash" | cut -d: -f2 | tr -d "\t\n ")
corrupt_device $1 $(($5 * $4)) ${10}
return 3
fi
- udevadm settle
+ udevadm settle > /dev/null 2>&1
dd if=/dev/mapper/$DEV_NAME of=$IMG_TMP > /dev/null 2>&1
- ARR=(`sha256sum $IMG_TMP`)
-
- HASH_REPAIRED=${ARR[0]}
+ HASH_REPAIRED=$(sha256sum $IMG_TMP | cut -d' ' -f 1)
$VERITYSETUP close $DEV_NAME
else
echo -n "[repaired in kernel]"
$VERITYSETUP verify $1 $2 $ROOT_HASH --fec-device=$3 $PARAMS >/dev/null 2>&1 || fail "Userspace verify failed"
- echo "[userspace verify][OK]"
- RET=0
- fi
+ echo "[userspace verify][OK]"
+ RET=0
+ fi
rm $1 $2 $3 $IMG_TMP > /dev/null 2>&1
- return $RET
+ return $RET
}
function check_option() # $1 size, $2 hash, $3 salt, $4 version, $5 hash, $6 CLI option, $7 status option
function valgrind_setup()
{
- which valgrind >/dev/null 2>&1 || fail "Cannot find valgrind."
+ command -v valgrind >/dev/null || fail "Cannot find valgrind."
[ ! -f $VERITYSETUP_VALGRIND ] && fail "Unable to get location of veritysetup executable."
export LD_LIBRARY_PATH="$VERITYSETUP_LIB_VALGRIND:$LD_LIBRARY_PATH"
}
echo -n "[nroots::$3]"
- ARR=(`$VERITYSETUP format $IMG $HASH_DEV --fec-device $FEC $PARAMS --salt=$DEV_SALT --uuid=$DEV_UUID`)
- ROOT_HASH=${ARR[28]}
+ ROOT_HASH=$($VERITYSETUP format $IMG $HASH_DEV --fec-device $FEC $PARAMS --salt=$DEV_SALT --uuid=$DEV_UUID | grep -e "Root hash" | cut -d: -f2 | tr -d "\t\n ")
echo -n "[Errors can be corrected]"
corrupt_device $IMG $(($BS*$COUNT)) $7
echo "[OK]"
}
+function check_concurrent() # $1 hash
+{
+ DEV_PARAMS="$LOOPDEV1 $LOOPDEV2"
+
+ # First check that with two sequential opens, we are returning the expected -EEXIST
+ $VERITYSETUP format $DEV_PARAMS >/dev/null 2>&1 || fail
+ $VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 >/dev/null 2>&1 || fail
+ check_exists
+ $VERITYSETUP create $DEV_NAME $DEV_PARAMS $1 2>&1 >/dev/null | grep -q "Device $DEV_NAME already exists" || fail
+ $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
+
+ # Then do two concurrent opens, and check that libdevmapper did not return -EINVAL, which is
+ # not gracefully recoverable. Either could fail depending on scheduling, so just check that
+ # the libdevmapper error does not appear in either of the outputs.
+ cat /dev/null >$DEV_OUT
+ $VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 &
+ $VERITYSETUP create -v $DEV_NAME $DEV_PARAMS $1 >>$DEV_OUT 2>&1 &
+ wait
+ grep -q "Command failed with code .* (wrong or missing parameters)" $DEV_OUT && fail
+ check_exists
+ rm $DEV_OUT
+ $VERITYSETUP close $DEV_NAME >/dev/null 2>&1 || fail
+
+ echo "[OK]"
+}
+
+export LANG=C
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
[ ! -x "$VERITYSETUP" ] && skip "Cannot find $VERITYSETUP, test skipped."
if check_version 1 7; then
check_option 512 $HASH $SALT 1 sha256 "--panic-on-corruption" "panic_on_corruption"
fi
+
+ if check_version 1 9; then
+ echo "Verity data performance options test."
+ check_option 512 $HASH $SALT 1 sha256 "--use-tasklets" "try_verify_in_tasklet"
+ fi
fi
echo "Veritysetup [hash-offset bigger than 2G works] "
checkUserSpaceRepair 400 4096 2 2048000 0 2 1
checkUserSpaceRepair 500 4096 2 2457600 4915200 1 2
+echo -n "Verity concurrent opening tests:"
+prepare 8192 1024
+check_concurrent 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174
+
+echo -n "Deferred removal of device:"
+prepare 8192 1024
+$VERITYSETUP format $LOOPDEV1 $IMG_HASH --format=1 --data-block-size=512 --hash-block-size=512 --hash=sha256 --salt=$SALT >/dev/null 2>&1 || fail "Cannot format device."
+$VERITYSETUP open $LOOPDEV1 $DEV_NAME $DEV $IMG_HASH 9de18652fe74edfb9b805aaed72ae2aa48f94333f1ba5c452ac33b1c39325174 || fail "Cannot activate device."
+dmsetup create $DEV_NAME2 --table "0 8 linear /dev/mapper/$DEV_NAME 0"
+[ ! -b /dev/mapper/$DEV_NAME2 ] && fail
+$VERITYSETUP close $DEV_NAME >/dev/null 2>&1 && fail
+$VERITYSETUP status $DEV_NAME >/dev/null 2>&1 || fail
+$VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
+if [ $? -eq 0 ] ; then
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" || fail
+ $VERITYSETUP close --cancel-deferred $DEV_NAME >/dev/null 2>&1
+ dmsetup info $DEV_NAME | grep -q "DEFERRED REMOVE" >/dev/null 2>&1 && fail
+ $VERITYSETUP close --deferred $DEV_NAME >/dev/null 2>&1
+ dmsetup remove $DEV_NAME2 || fail
+ $VERITYSETUP status $DEV_NAME >/dev/null 2>&1 && fail
+ echo "[OK]"
+else
+ dmsetup remove $DEV_NAME2 >/dev/null 2>&1
+ $VERITYSETUP close $DEV_NAME >/dev/null 2>&1
+ echo "[N/A]"
+fi
+
remove_mapping
exit 0
--- /dev/null
+EXTRA_DIST += tokens/libcryptsetup-token.sym
+
+TOKENS_LDFLAGS = $(AM_LDFLAGS) -no-undefined -avoid-version \
+ -Wl,--version-script=$(top_srcdir)/tokens/libcryptsetup-token.sym
+
+tokendir = ${EXTERNAL_LUKS2_TOKENS_PATH}
+
+if SSHPLUGIN_TOKEN
+libcryptsetup_token_ssh_la_LDFLAGS = $(TOKENS_LDFLAGS)
+libcryptsetup_token_ssh_la_SOURCES = tokens/ssh/libcryptsetup-token-ssh.c \
+ tokens/ssh/ssh-utils.c \
+ tokens/ssh/ssh-utils.h
+libcryptsetup_token_ssh_la_LIBADD = libcryptsetup.la @LIBSSH_LIBS@ @JSON_C_LIBS@
+token_LTLIBRARIES = libcryptsetup-token-ssh.la
+
+cryptsetup_ssh_SOURCES = tokens/ssh/cryptsetup-ssh.c \
+ tokens/ssh/ssh-utils.c \
+ tokens/ssh/ssh-utils.h \
+ src/utils_tools.c \
+ src/utils_password.c \
+ lib/utils_io.c \
+ lib/utils_loop.c
+cryptsetup_ssh_LDADD = -lm libcryptsetup.la @LIBSSH_LIBS@ @JSON_C_LIBS@ @POPT_LIBS@ \
+ @PWQUALITY_LIBS@ @PASSWDQC_LIBS@ @ARGP_LIBS@
+
+cryptsetup_ssh_CFLAGS = $(AM_CFLAGS)
+
+sbin_PROGRAMS += cryptsetup-ssh
+endif
--- /dev/null
+CRYPTSETUP_TOKEN_1.0 {
+ global: cryptsetup_token_open;
+ cryptsetup_token_open_pin;
+ cryptsetup_token_buffer_free;
+ cryptsetup_token_validate;
+ cryptsetup_token_dump;
+ cryptsetup_token_version;
+ local: *;
+};
--- /dev/null
+/*
+ * Example of LUKS2 token storing third party metadata (EXPERIMENTAL EXAMPLE)
+ *
+ * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2021-2023 Vojtech Trefny
+ *
+ * Use:
+ * - generate ssh example token
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <argp.h>
+#include <json-c/json.h>
+#include <termios.h>
+#include <stdbool.h>
+#include "libcryptsetup.h"
+#include "ssh-utils.h"
+#include "../src/cryptsetup.h"
+
+#define TOKEN_NAME "ssh"
+
+#define l_err(cd, x...) crypt_logf(cd, CRYPT_LOG_ERROR, x)
+#define l_dbg(cd, x...) crypt_logf(cd, CRYPT_LOG_DEBUG, x)
+
+#define OPT_SSH_SERVER 1
+#define OPT_SSH_USER 2
+#define OPT_SSH_PATH 3
+#define OPT_KEY_PATH 4
+#define OPT_DEBUG 5
+#define OPT_DEBUG_JSON 6
+#define OPT_KEY_SLOT 7
+
+void tools_cleanup(void)
+{
+}
+
+
+static int token_add(
+ const char *device,
+ const char *server,
+ const char *user,
+ const char *path,
+ const char *keypath,
+ int keyslot)
+
+{
+ struct crypt_device *cd;
+ json_object *jobj = NULL;
+ json_object *jobj_keyslots = NULL;
+ const char *string_token;
+ int r, token;
+
+ r = crypt_init(&cd, device);
+ if (r)
+ return r;
+
+ r = crypt_load(cd, CRYPT_LUKS2, NULL);
+ if (r) {
+ l_err(cd, _("Device %s is not a valid LUKS device."), device);
+ goto out;
+ }
+
+ r = -EINVAL;
+ jobj = json_object_new_object();
+ if (!jobj)
+ goto out;
+
+ /* type is mandatory field in all tokens and must match handler name member */
+ json_object_object_add(jobj, "type", json_object_new_string(TOKEN_NAME));
+
+ jobj_keyslots = json_object_new_array();
+
+ /* mandatory array field (may be empty and assigned later */
+ json_object_object_add(jobj, "keyslots", jobj_keyslots);
+
+ /* custom metadata */
+ json_object_object_add(jobj, "ssh_server", json_object_new_string(server));
+ json_object_object_add(jobj, "ssh_user", json_object_new_string(user));
+ json_object_object_add(jobj, "ssh_path", json_object_new_string(path));
+ json_object_object_add(jobj, "ssh_keypath", json_object_new_string(keypath));
+
+ string_token = json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PLAIN);
+ if (!string_token) {
+ r = -EINVAL;
+ goto out;
+ }
+
+ l_dbg(cd, "Token JSON: %s", string_token);
+
+ r = crypt_token_json_set(cd, CRYPT_ANY_TOKEN, string_token);
+ if (r < 0) {
+ l_err(cd, _("Failed to write ssh token json."));
+ goto out;
+ }
+
+ token = r;
+ r = crypt_token_assign_keyslot(cd, token, keyslot);
+ if (r != token) {
+ crypt_token_json_set(cd, token, NULL);
+ r = -EINVAL;
+ }
+out:
+ json_object_put(jobj);
+ crypt_free(cd);
+ return r;
+}
+
+const char *argp_program_version = "cryptsetup-ssh " PACKAGE_VERSION;
+
+static char doc[] = N_("Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected " \
+ "to an SSH server\v" \
+ "This plugin currently allows only adding a token to an existing key slot.\n\n" \
+ "Specified SSH server must contain a key file on the specified path with " \
+ "a passphrase for an existing key slot on the device.\n" \
+ "Provided credentials will be used by cryptsetup to get the password when " \
+ "opening the device using the token.\n\n" \
+ "Note: The information provided when adding the token (SSH server address, user and paths) " \
+ "will be stored in the LUKS2 header in plaintext.");
+
+static char args_doc[] = N_("<action> <device>");
+
+static struct argp_option options[] = {
+ {0, 0, 0, 0, N_("Options for the 'add' action:")},
+ {"ssh-server", OPT_SSH_SERVER, "STRING", 0, N_("IP address/URL of the remote server for this token")},
+ {"ssh-user", OPT_SSH_USER, "STRING", 0, N_("Username used for the remote server")},
+ {"ssh-path", OPT_SSH_PATH, "STRING", 0, N_("Path to the key file on the remote server")},
+ {"ssh-keypath", OPT_KEY_PATH, "STRING", 0, N_("Path to the SSH key for connecting to the remote server")},
+ {"key-slot", OPT_KEY_SLOT, "NUM", 0, N_("Keyslot to assign the token to. If not specified, token will "\
+ "be assigned to the first keyslot matching provided passphrase.")},
+ {0, 0, 0, 0, N_("Generic options:")},
+ {"verbose", 'v', 0, 0, N_("Shows more detailed error messages")},
+ {"debug", OPT_DEBUG, 0, 0, N_("Show debug messages")},
+ {"debug-json", OPT_DEBUG_JSON, 0, 0, N_("Show debug messages including JSON metadata")},
+ { NULL, 0, 0, 0, NULL }
+};
+
+struct arguments {
+ char *device;
+ char *action;
+ char *ssh_server;
+ char *ssh_user;
+ char *ssh_path;
+ char *ssh_keypath;
+ int keyslot;
+ int verbose;
+ int debug;
+ int debug_json;
+};
+
+static error_t
+parse_opt (int key, char *arg, struct argp_state *state) {
+ struct arguments *arguments = state->input;
+
+ switch (key) {
+ case OPT_SSH_SERVER:
+ arguments->ssh_server = arg;
+ break;
+ case OPT_SSH_USER:
+ arguments->ssh_user = arg;
+ break;
+ case OPT_SSH_PATH:
+ arguments->ssh_path = arg;
+ break;
+ case OPT_KEY_PATH:
+ arguments->ssh_keypath = arg;
+ break;
+ case OPT_KEY_SLOT:
+ arguments->keyslot = atoi(arg);
+ break;
+ case 'v':
+ arguments->verbose = 1;
+ break;
+ case OPT_DEBUG:
+ arguments->debug = 1;
+ break;
+ case OPT_DEBUG_JSON:
+ arguments->debug = 1;
+ arguments->debug_json = 1;
+ break;
+ case ARGP_KEY_NO_ARGS:
+ argp_usage(state);
+ break;
+ case ARGP_KEY_ARG:
+ arguments->action = arg;
+ arguments->device = state->argv[state->next];
+ state->next = state->argc;
+ break;
+ default:
+ return ARGP_ERR_UNKNOWN;
+ }
+
+ return 0;
+}
+
+static struct argp argp = { options, parse_opt, args_doc, doc };
+
+
+static void _log(int level, const char *msg, void *usrptr)
+{
+ struct arguments *arguments = (struct arguments *)usrptr;
+
+ switch (level) {
+ case CRYPT_LOG_NORMAL:
+ fprintf(stdout, "%s", msg);
+ break;
+ case CRYPT_LOG_VERBOSE:
+ if (arguments && arguments->verbose)
+ fprintf(stdout, "%s", msg);
+ break;
+ case CRYPT_LOG_ERROR:
+ fprintf(stderr, "%s", msg);
+ break;
+ case CRYPT_LOG_DEBUG_JSON:
+ if (arguments && arguments->debug_json)
+ fprintf(stdout, "# %s", msg);
+ break;
+ case CRYPT_LOG_DEBUG:
+ if (arguments && arguments->debug)
+ fprintf(stdout, "# %s", msg);
+ break;
+ }
+}
+
+static int get_keyslot_for_passphrase(struct arguments *arguments, const char *pin)
+{
+ int r = 0;
+ ssh_key pkey;
+ ssh_session ssh;
+ char *password = NULL;
+ size_t password_len = 0;
+ struct crypt_device *cd = NULL;
+ char *ssh_pass = NULL;
+ size_t key_size = 0;
+ char *prompt = NULL;
+
+ r = crypt_init(&cd, arguments->device);
+ if (r < 0)
+ return r;
+ crypt_set_log_callback(cd, &_log, arguments);
+
+ r = ssh_pki_import_privkey_file(arguments->ssh_keypath, pin, NULL, NULL, &pkey);
+ if (r != SSH_OK) {
+ if (r == SSH_EOF) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Failed to open and import private key:\n"));
+ crypt_free(cd);
+ return -EINVAL;
+ } else {
+ _log(CRYPT_LOG_ERROR, _("Failed to import private key (password protected?).\n"), NULL);
+ /* TRANSLATORS: SSH credentials prompt, e.g. "user@server's password: " */
+ r = asprintf(&prompt, _("%s@%s's password: "), arguments->ssh_user, arguments->ssh_server);
+ if (r < 0) {
+ crypt_safe_free(ssh_pass);
+ crypt_free(cd);
+ return -EINVAL;
+ }
+
+ r = tools_get_key(prompt, &ssh_pass, &key_size, 0, 0, NULL, 0, 0, 0, cd);
+ if (r < 0) {
+ free(prompt);
+ crypt_safe_free(ssh_pass);
+ crypt_free(cd);
+ return -EINVAL;
+ }
+
+ /* now try again with the password */
+ r = get_keyslot_for_passphrase(arguments, ssh_pass);
+
+ crypt_safe_free(ssh_pass);
+ crypt_free(cd);
+ free(prompt);
+
+ return r;
+ }
+ }
+
+ ssh = sshplugin_session_init(cd, arguments->ssh_server, arguments->ssh_user);
+ if (!ssh) {
+ ssh_key_free(pkey);
+ crypt_free(cd);
+ return -EINVAL;
+ }
+
+ r = sshplugin_public_key_auth(cd, ssh, pkey);
+ ssh_key_free(pkey);
+
+ if (r != SSH_AUTH_SUCCESS) {
+ crypt_free(cd);
+ return r;
+ }
+
+ r = sshplugin_download_password(cd, ssh, arguments->ssh_path, &password, &password_len);
+ if (r < 0) {
+ ssh_disconnect(ssh);
+ ssh_free(ssh);
+ crypt_free(cd);
+ return r;
+ }
+
+ ssh_disconnect(ssh);
+ ssh_free(ssh);
+
+ r = crypt_load(cd, CRYPT_LUKS2, NULL);
+ if (r < 0) {
+ crypt_safe_memzero(password, password_len);
+ free(password);
+ crypt_free(cd);
+ return r;
+ }
+
+ r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, password, password_len, 0);
+ if (r < 0) {
+ crypt_safe_memzero(password, password_len);
+ free(password);
+ crypt_free(cd);
+ return r;
+ }
+
+ arguments->keyslot = r;
+
+ crypt_safe_memzero(password, password_len);
+ free(password);
+ crypt_free(cd);
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 0;
+ struct arguments arguments = { 0 };
+ arguments.keyslot = CRYPT_ANY_SLOT;
+
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
+
+ ret = argp_parse (&argp, argc, argv, 0, 0, &arguments);
+ if (ret != 0) {
+ printf(_("Failed to parse arguments.\n"));
+ return EXIT_FAILURE;
+ }
+
+ crypt_set_log_callback(NULL, _log, &arguments);
+ if (arguments.debug)
+ crypt_set_debug_level(CRYPT_DEBUG_ALL);
+ if (arguments.debug_json)
+ crypt_set_debug_level(CRYPT_DEBUG_JSON);
+
+ if (arguments.action == NULL) {
+ printf(_("An action must be specified\n"));
+ return EXIT_FAILURE;
+ }
+
+ if (strcmp("add", arguments.action) == 0) {
+ if (!arguments.device) {
+ printf(_("Device must be specified for '%s' action.\n"), arguments.action);
+ return EXIT_FAILURE;
+ }
+
+ if (!arguments.ssh_server) {
+ printf(_("SSH server must be specified for '%s' action.\n"), arguments.action);
+ return EXIT_FAILURE;
+ }
+
+ if (!arguments.ssh_user) {
+ printf(_("SSH user must be specified for '%s' action.\n"), arguments.action);
+ return EXIT_FAILURE;
+ }
+
+ if (!arguments.ssh_path) {
+ printf(_("SSH path must be specified for '%s' action.\n"), arguments.action);
+ return EXIT_FAILURE;
+ }
+
+ if (!arguments.ssh_keypath) {
+ printf(_("SSH key path must be specified for '%s' action.\n"), arguments.action);
+ return EXIT_FAILURE;
+ }
+
+ if (arguments.keyslot == CRYPT_ANY_SLOT) {
+ ret = get_keyslot_for_passphrase(&arguments, NULL);
+ if (ret != 0) {
+ printf(_("Failed open %s using provided credentials.\n"), arguments.device);
+ return EXIT_FAILURE;
+ }
+ }
+
+ ret = token_add(arguments.device,
+ arguments.ssh_server,
+ arguments.ssh_user,
+ arguments.ssh_path,
+ arguments.ssh_keypath,
+ arguments.keyslot);
+ if (ret < 0)
+ return EXIT_FAILURE;
+ else
+ return EXIT_SUCCESS;
+ } else {
+ printf(_("Only 'add' action is currently supported by this plugin.\n"));
+ return EXIT_FAILURE;
+ }
+}
--- /dev/null
+/*
+ * Example of LUKS2 ssh token handler (EXPERIMENTAL)
+ *
+ * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2020-2023 Vojtech Trefny
+ *
+ * Use:
+ * - generate LUKS device
+ * - store passphrase used in previous step remotely (single line w/o \r\n)
+ * - add new token using this example
+ * - activate device by token
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <json-c/json.h>
+#include "libcryptsetup.h"
+#include "ssh-utils.h"
+
+#define TOKEN_NAME "ssh"
+#define TOKEN_VERSION_MAJOR "1"
+#define TOKEN_VERSION_MINOR "0"
+
+#define SERVER_ARG "plugin-ssh-server"
+#define USER_ARG "plugin-ssh-user"
+#define PATH_ARG "plugin-ssh-path"
+#define KEYPATH_ARG "plugin-ssh-keypath"
+
+#define l_dbg(cd, x...) crypt_logf(cd, CRYPT_LOG_DEBUG, x)
+
+
+const char *cryptsetup_token_version(void);
+int cryptsetup_token_open_pin(struct crypt_device *cd, int token, const char *pin,
+ size_t pin_size, char **password, size_t *password_len, void *usrptr);
+int cryptsetup_token_open(struct crypt_device *cd, int token,
+ char **password, size_t *password_len, void *usrptr);
+void cryptsetup_token_dump(struct crypt_device *cd, const char *json);
+int cryptsetup_token_validate(struct crypt_device *cd, const char *json);
+
+
+const char *cryptsetup_token_version(void)
+{
+ return TOKEN_VERSION_MAJOR "." TOKEN_VERSION_MINOR;
+}
+
+static json_object *get_token_jobj(struct crypt_device *cd, int token)
+{
+ const char *json_slot;
+
+ /* libcryptsetup API call */
+ if (crypt_token_json_get(cd, token, &json_slot))
+ return NULL;
+
+ return json_tokener_parse(json_slot);
+}
+
+int cryptsetup_token_open_pin(struct crypt_device *cd, int token, const char *pin,
+ size_t pin_size __attribute__((unused)), char **password, size_t *password_len,
+ void *usrptr __attribute__((unused)))
+{
+ int r;
+ json_object *jobj_server, *jobj_user, *jobj_path, *jobj_token, *jobj_keypath;
+ ssh_key pkey;
+ ssh_session ssh;
+
+ jobj_token = get_token_jobj(cd, token);
+ if (!jobj_token)
+ return -ENOMEM;
+
+ json_object_object_get_ex(jobj_token, "ssh_server", &jobj_server);
+ json_object_object_get_ex(jobj_token, "ssh_user", &jobj_user);
+ json_object_object_get_ex(jobj_token, "ssh_path", &jobj_path);
+ json_object_object_get_ex(jobj_token, "ssh_keypath",&jobj_keypath);
+
+ r = ssh_pki_import_privkey_file(json_object_get_string(jobj_keypath), pin, NULL, NULL, &pkey);
+ if (r != SSH_OK) {
+ json_object_put(jobj_token);
+ if (r == SSH_EOF) {
+ crypt_log(cd, CRYPT_LOG_ERROR, "Failed to open and import private key.\n");
+ return -EINVAL;
+ }
+ crypt_log(cd, CRYPT_LOG_ERROR, "Failed to import private key (password protected?).\n");
+ return -EAGAIN;
+ }
+
+ ssh = sshplugin_session_init(cd, json_object_get_string(jobj_server),
+ json_object_get_string(jobj_user));
+ if (!ssh) {
+ json_object_put(jobj_token);
+ ssh_key_free(pkey);
+ return -EINVAL;
+ }
+
+ r = sshplugin_public_key_auth(cd, ssh, pkey);
+ ssh_key_free(pkey);
+
+ if (r == SSH_AUTH_SUCCESS)
+ r = sshplugin_download_password(cd, ssh, json_object_get_string(jobj_path),
+ password, password_len);
+
+ ssh_disconnect(ssh);
+ ssh_free(ssh);
+ json_object_put(jobj_token);
+
+ return r ? -EINVAL : r;
+}
+
+int cryptsetup_token_open(struct crypt_device *cd, int token,
+ char **password, size_t *password_len, void *usrptr)
+{
+ return cryptsetup_token_open_pin(cd, token, NULL, 0, password, password_len, usrptr);
+}
+
+void cryptsetup_token_dump(struct crypt_device *cd, const char *json)
+{
+ json_object *jobj_token, *jobj_server, *jobj_user, *jobj_path, *jobj_keypath;
+ char buf[4096];
+
+ jobj_token = json_tokener_parse(json);
+ if (!jobj_token)
+ return;
+
+ json_object_object_get_ex(jobj_token, "ssh_server", &jobj_server);
+ json_object_object_get_ex(jobj_token, "ssh_user", &jobj_user);
+ json_object_object_get_ex(jobj_token, "ssh_path", &jobj_path);
+ json_object_object_get_ex(jobj_token, "ssh_keypath",&jobj_keypath);
+
+ if (snprintf(buf, sizeof(buf) - 1, "\tssh_server: %s\n\tssh_user: %s\n"
+ "\tssh_path: %s\n\tssh_key_path: %s\n",
+ json_object_get_string(jobj_server),
+ json_object_get_string(jobj_user),
+ json_object_get_string(jobj_path),
+ json_object_get_string(jobj_keypath)) > 0)
+ crypt_log(cd, CRYPT_LOG_NORMAL, buf);
+
+ json_object_put(jobj_token);
+}
+
+int cryptsetup_token_validate(struct crypt_device *cd, const char *json)
+{
+ enum json_tokener_error jerr;
+ json_object *jobj_token, *jobj;
+ int r = -EINVAL;
+
+ jobj_token = json_tokener_parse_verbose(json, &jerr);
+ if (!jobj_token)
+ return -EINVAL;
+
+ if (!json_object_object_get_ex(jobj_token, "ssh_server", &jobj) ||
+ !json_object_is_type(jobj, json_type_string)) {
+ l_dbg(cd, "ssh_server element is missing or not string.");
+ goto out;
+ }
+
+ if (!json_object_object_get_ex(jobj_token, "ssh_user", &jobj) ||
+ !json_object_is_type(jobj, json_type_string)) {
+ l_dbg(cd, "ssh_user element is missing or not string.");
+ goto out;
+ }
+
+ if (!json_object_object_get_ex(jobj_token, "ssh_path", &jobj) ||
+ !json_object_is_type(jobj, json_type_string)) {
+ l_dbg(cd, "ssh_path element is missing or not string.");
+ goto out;
+ }
+
+ if (!json_object_object_get_ex(jobj_token, "ssh_keypath", &jobj) ||
+ !json_object_is_type(jobj, json_type_string)) {
+ l_dbg(cd, "ssh_keypath element is missing or not string.");
+ goto out;
+ }
+
+ r = 0;
+out:
+ json_object_put(jobj_token);
+ return r;
+}
--- /dev/null
+/*
+ * ssh plugin utilities
+ *
+ * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2020-2023 Vojtech Trefny
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <libssh/libssh.h>
+#include <libssh/sftp.h>
+#include <fcntl.h>
+#include <libcryptsetup.h>
+#include "ssh-utils.h"
+#include "../lib/nls.h"
+
+#define KEYFILE_LENGTH_MAX 8192
+
+int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
+ const char *path, char **password, size_t *password_len)
+{
+ char *pass = NULL;
+ size_t pass_len;
+ int r;
+ sftp_attributes sftp_attr = NULL;
+ sftp_session sftp = NULL;
+ sftp_file file = NULL;
+
+ sftp = sftp_new(ssh);
+ if (!sftp) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot create sftp session: "));
+ r = SSH_FX_FAILURE;
+ goto out;
+ }
+
+ r = sftp_init(sftp);
+ if (r != SSH_OK) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot init sftp session: "));
+ goto out;
+ }
+
+ file = sftp_open(sftp, path, O_RDONLY, 0);
+ if (!file) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot open sftp session: "));
+ r = SSH_FX_FAILURE;
+ goto out;
+ }
+
+ sftp_attr = sftp_fstat(file);
+ if (!sftp_attr) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot stat sftp file: "));
+ r = SSH_FX_FAILURE;
+ goto out;
+ }
+
+ pass_len = sftp_attr->size > KEYFILE_LENGTH_MAX ? KEYFILE_LENGTH_MAX : sftp_attr->size;
+ pass = malloc(pass_len);
+ if (!pass) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Not enough memory.\n"));
+ r = SSH_FX_FAILURE;
+ goto out;
+ }
+
+ r = sftp_read(file, pass, pass_len);
+ if (r < 0 || (size_t)r != pass_len) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot read remote key: "));
+ r = SSH_FX_FAILURE;
+ goto out;
+ }
+
+ *password = pass;
+ *password_len = pass_len;
+
+ r = SSH_OK;
+out:
+ if (r != SSH_OK) {
+ crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
+ crypt_log(cd, CRYPT_LOG_ERROR, "\n");
+ free(pass);
+ }
+
+ if (sftp_attr)
+ sftp_attributes_free(sftp_attr);
+
+ if (file)
+ sftp_close(file);
+ if (sftp)
+ sftp_free(sftp);
+ return r == SSH_OK ? 0 : -EINVAL;
+}
+
+ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user)
+{
+ int r, port = 22;
+ ssh_session ssh = ssh_new();
+ if (!ssh)
+ return NULL;
+
+ ssh_options_set(ssh, SSH_OPTIONS_HOST, host);
+ ssh_options_set(ssh, SSH_OPTIONS_USER, user);
+ ssh_options_set(ssh, SSH_OPTIONS_PORT, &port);
+
+ crypt_log(cd, CRYPT_LOG_NORMAL, "SSH token initiating ssh session.\n");
+
+ r = ssh_connect(ssh);
+ if (r != SSH_OK) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Connection failed: "));
+ goto out;
+ }
+
+#if HAVE_DECL_SSH_SESSION_IS_KNOWN_SERVER
+ r = ssh_session_is_known_server(ssh);
+#else
+ r = ssh_is_server_known(ssh);
+#endif
+ if (r != SSH_SERVER_KNOWN_OK) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Server not known: "));
+ r = SSH_AUTH_ERROR;
+ goto out;
+ }
+
+ r = SSH_OK;
+
+ /* initialise list of authentication methods. yes, according to official libssh docs... */
+ ssh_userauth_none(ssh, NULL);
+out:
+ if (r != SSH_OK) {
+ crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
+ crypt_log(cd, CRYPT_LOG_ERROR, "\n");
+ ssh_disconnect(ssh);
+ ssh_free(ssh);
+ ssh = NULL;
+ }
+
+ return ssh;
+}
+
+int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey)
+{
+ int r;
+
+ crypt_log(cd, CRYPT_LOG_DEBUG, "Trying public key authentication method.\n");
+
+ if (!(ssh_userauth_list(ssh, NULL) & SSH_AUTH_METHOD_PUBLICKEY)) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Public key auth method not allowed on host.\n"));
+ return SSH_AUTH_ERROR;
+ }
+
+ r = ssh_userauth_try_publickey(ssh, NULL, pkey);
+ if (r == SSH_AUTH_SUCCESS) {
+ crypt_log(cd, CRYPT_LOG_DEBUG, "Public key method accepted.\n");
+ r = ssh_userauth_publickey(ssh, NULL, pkey);
+ }
+
+ if (r != SSH_AUTH_SUCCESS) {
+ crypt_log(cd, CRYPT_LOG_ERROR, _("Public key authentication error: "));
+ crypt_log(cd, CRYPT_LOG_ERROR, ssh_get_error(ssh));
+ crypt_log(cd, CRYPT_LOG_ERROR, "\n");
+ }
+
+ return r;
+}
--- /dev/null
+/*
+ * ssh plugin utilities
+ *
+ * Copyright (C) 2016-2023 Milan Broz
+ * Copyright (C) 2020-2023 Vojtech Trefny
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <libssh/libssh.h>
+#include <libssh/sftp.h>
+#include <libcryptsetup.h>
+
+int sshplugin_download_password(struct crypt_device *cd, ssh_session ssh,
+ const char *path, char **password, size_t *password_len);
+ssh_session sshplugin_session_init(struct crypt_device *cd, const char *host, const char *user);
+int sshplugin_public_key_auth(struct crypt_device *cd, ssh_session ssh, const ssh_key pkey);
projects / platform / upstream / cryptsetup.git / commitdiff